http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/1add7560/version3/c/benchtest_all.c ---------------------------------------------------------------------- diff --git a/version3/c/benchtest_all.c b/version3/c/benchtest_all.c deleted file mode 100644 index 0acc6dd..0000000 --- a/version3/c/benchtest_all.c +++ /dev/null @@ -1,1019 +0,0 @@ -/* Test and benchmark elliptic curve and RSA functions - First build amcl.a from build_ec batch file - gcc -O3 benchtest_ec.c amcl.a -o benchtest_ec.exe -*/ - -#include <stdio.h> -#include <stdlib.h> -#include <time.h> - -#include "rsa_2048.h" -#include "ecp_ED25519.h" -#include "pair_BN254.h" - - -#if CHUNK==32 || CHUNK==64 -#include "ecp_NIST256.h" -#include "ecp_GOLDILOCKS.h" -#include "pair_BLS383.h" -#include "pair192_BLS24.h" -#include "pair256_BLS48.h" -#endif - -#define MIN_TIME 10.0 -#define MIN_ITERS 10 - -#if CHUNK==16 - -#define BIG_ED BIG_256_13 -#define BIG_ED_rcopy BIG_256_13_rcopy -#define BIG_ED_randomnum BIG_256_13_randomnum - -#define BIG_BN BIG_256_13 -#define BIG_BN_rcopy BIG_256_13_rcopy -#define BIG_BN_randomnum BIG_256_13_randomnum - -#endif - -#if CHUNK==32 - -#define BIG_ED BIG_256_29 -#define BIG_ED_rcopy BIG_256_29_rcopy -#define BIG_ED_randomnum BIG_256_29_randomnum - -#define BIG_NT BIG_256_28 -#define BIG_NT_rcopy BIG_256_28_rcopy -#define BIG_NT_randomnum BIG_256_28_randomnum - -#define BIG_GL BIG_448_29 -#define BIG_GL_rcopy BIG_448_29_rcopy -#define BIG_GL_randomnum BIG_448_29_randomnum - -#define BIG_BN BIG_256_28 -#define BIG_BN_rcopy BIG_256_28_rcopy -#define BIG_BN_randomnum BIG_256_28_randomnum - -#define BIG_BLS12 BIG_384_29 -#define BIG_BLS12_rcopy BIG_384_29_rcopy -#define BIG_BLS12_randomnum BIG_384_29_randomnum - -#define BIG_BLS24 BIG_480_29 -#define BIG_BLS24_rcopy BIG_480_29_rcopy -#define BIG_BLS24_randomnum BIG_480_29_randomnum - -#define BIG_BLS48 BIG_560_29 -#define BIG_BLS48_rcopy BIG_560_29_rcopy -#define BIG_BLS48_randomnum BIG_560_29_randomnum - -#endif - -#if CHUNK==64 - -#define BIG_ED BIG_256_56 -#define BIG_ED_rcopy BIG_256_56_rcopy -#define BIG_ED_randomnum BIG_256_56_randomnum - -#define BIG_NT BIG_256_56 -#define BIG_NT_rcopy BIG_256_56_rcopy -#define BIG_NT_randomnum BIG_256_56_randomnum - -#define BIG_GL BIG_448_58 -#define BIG_GL_rcopy BIG_448_58_rcopy -#define BIG_GL_randomnum BIG_448_58_randomnum - -#define BIG_BN BIG_256_56 -#define BIG_BN_rcopy BIG_256_56_rcopy -#define BIG_BN_randomnum BIG_256_56_randomnum - -#define BIG_BLS12 BIG_384_58 -#define BIG_BLS12_rcopy BIG_384_58_rcopy -#define BIG_BLS12_randomnum BIG_384_58_randomnum - -#define BIG_BLS24 BIG_480_56 -#define BIG_BLS24_rcopy BIG_480_56_rcopy -#define BIG_BLS24_randomnum BIG_480_56_randomnum - -#define BIG_BLS48 BIG_560_58 -#define BIG_BLS48_rcopy BIG_560_58_rcopy -#define BIG_BLS48_randomnum BIG_560_58_randomnum - -#endif - -int ED_25519(csprng *RNG) -{ - int i,iterations; - clock_t start; - double elapsed; - ECP_ED25519 EP,EG; - BIG_ED s,r,x,y; - printf("Testing/Timing ED25519 ECC\n"); - -#if CURVETYPE_ED25519==WEIERSTRASS - printf("Weierstrass parameterization\n"); -#endif -#if CURVETYPE_ED25519==EDWARDS - printf("Edwards parameterization\n"); -#endif -#if CURVETYPE_ED25519==MONTGOMERY - printf("Montgomery parameterization\n"); -#endif - -#if CHUNK==16 - printf("16-bit Build\n"); -#endif -#if CHUNK==32 - printf("32-bit Build\n"); -#endif -#if CHUNK==64 - printf("64-bit Build\n"); -#endif - - ECP_ED25519_generator(&EG); - - BIG_ED_rcopy(r,CURVE_Order_ED25519); - BIG_ED_randomnum(s,r,RNG); - ECP_ED25519_copy(&EP,&EG); - ECP_ED25519_mul(&EP,r); - - if (!ECP_ED25519_isinf(&EP)) - { - printf("FAILURE - rG!=O\n"); - return 0; - } - - iterations=0; - start=clock(); - do { - ECP_ED25519_copy(&EP,&EG); - ECP_ED25519_mul(&EP,s); - - iterations++; - elapsed=(clock()-start)/(double)CLOCKS_PER_SEC; - } while (elapsed<MIN_TIME || iterations<MIN_ITERS); - elapsed=1000.0*elapsed/iterations; - printf("EC mul - %8d iterations ",iterations); - printf(" %8.2lf ms per iteration\n",elapsed); - - return 0; -} - -#if CHUNK==32 || CHUNK==64 - -int NIST_256(csprng *RNG) -{ - int i,iterations; - clock_t start; - double elapsed; - ECP_NIST256 EP,EG; - BIG_NT s,r,x,y; - printf("Testing/Timing NIST256 ECC\n"); - -#if CURVETYPE_NIST256==WEIERSTRASS - printf("Weierstrass parameterization\n"); -#endif -#if CURVETYPE_NIST256==EDWARDS - printf("Edwards parameterization\n"); -#endif -#if CURVETYPE_NIST256==MONTGOMERY - printf("Montgomery parameterization\n"); -#endif - -#if CHUNK==16 - printf("16-bit Build\n"); -#endif -#if CHUNK==32 - printf("32-bit Build\n"); -#endif -#if CHUNK==64 - printf("64-bit Build\n"); -#endif - - ECP_NIST256_generator(&EG); - - BIG_NT_rcopy(r,CURVE_Order_NIST256); - BIG_NT_randomnum(s,r,RNG); - ECP_NIST256_copy(&EP,&EG); - ECP_NIST256_mul(&EP,r); - - if (!ECP_NIST256_isinf(&EP)) - { - printf("FAILURE - rG!=O\n"); - return 0; - } - - iterations=0; - start=clock(); - do { - ECP_NIST256_copy(&EP,&EG); - ECP_NIST256_mul(&EP,s); - - iterations++; - elapsed=(clock()-start)/(double)CLOCKS_PER_SEC; - } while (elapsed<MIN_TIME || iterations<MIN_ITERS); - elapsed=1000.0*elapsed/iterations; - printf("EC mul - %8d iterations ",iterations); - printf(" %8.2lf ms per iteration\n",elapsed); - - return 0; -} - -int GOLD_LOCKS(csprng *RNG) -{ - int i,iterations; - clock_t start; - double elapsed; - ECP_GOLDILOCKS EP,EG; - BIG_GL s,r,x,y; - printf("Testing/Timing GOLDILOCKS ECC\n"); - -#if CURVETYPE_GOLDILOCKS==WEIERSTRASS - printf("Weierstrass parameterization\n"); -#endif -#if CURVETYPE_GOLDILOCKS==EDWARDS - printf("Edwards parameterization\n"); -#endif -#if CURVETYPE_GOLDILOCKS==MONTGOMERY - printf("Montgomery parameterization\n"); -#endif - -#if CHUNK==16 - printf("16-bit Build\n"); -#endif -#if CHUNK==32 - printf("32-bit Build\n"); -#endif -#if CHUNK==64 - printf("64-bit Build\n"); -#endif - - ECP_GOLDILOCKS_generator(&EG); - - BIG_GL_rcopy(r,CURVE_Order_GOLDILOCKS); - BIG_GL_randomnum(s,r,RNG); - ECP_GOLDILOCKS_copy(&EP,&EG); - ECP_GOLDILOCKS_mul(&EP,r); - - if (!ECP_GOLDILOCKS_isinf(&EP)) - { - printf("FAILURE - rG!=O\n"); - return 0; - } - - iterations=0; - start=clock(); - do { - ECP_GOLDILOCKS_copy(&EP,&EG); - ECP_GOLDILOCKS_mul(&EP,s); - - iterations++; - elapsed=(clock()-start)/(double)CLOCKS_PER_SEC; - } while (elapsed<MIN_TIME || iterations<MIN_ITERS); - elapsed=1000.0*elapsed/iterations; - printf("EC mul - %8d iterations ",iterations); - printf(" %8.2lf ms per iteration\n",elapsed); - - return 0; -} -#endif - -int BN_254(csprng *RNG) -{ - int i,iterations; - clock_t start; - double elapsed; - - ECP_BN254 P,G; - ECP2_BN254 Q,W; - FP12_BN254 g,w; - FP4_BN254 cm; - - BIG_BN s,r,x,y; - printf("\nTesting/Timing BN254 Pairings\n"); - - ECP_BN254_generator(&G); - - - BIG_BN_rcopy(r,CURVE_Order_BN254); - BIG_BN_randomnum(s,r,RNG); - ECP_BN254_copy(&P,&G); - PAIR_BN254_G1mul(&P,r); - - if (!ECP_BN254_isinf(&P)) - { - printf("FAILURE - rG!=O\n"); - return 0; - } - - iterations=0; - start=clock(); - do { - ECP_BN254_copy(&P,&G); - PAIR_BN254_G1mul(&P,s); - - iterations++; - elapsed=(clock()-start)/(double)CLOCKS_PER_SEC; - } while (elapsed<MIN_TIME || iterations<MIN_ITERS); - elapsed=1000.0*elapsed/iterations; - printf("G1 mul - %8d iterations ",iterations); - printf(" %8.2lf ms per iteration\n",elapsed); - - ECP2_BN254_generator(&W); - - ECP2_BN254_copy(&Q,&W); - ECP2_BN254_mul(&Q,r); - - if (!ECP2_BN254_isinf(&Q)) - { - printf("FAILURE - rQ!=O\n"); - return 0; - } - - iterations=0; - start=clock(); - do { - ECP2_BN254_copy(&Q,&W); - PAIR_BN254_G2mul(&Q,s); - - iterations++; - elapsed=(clock()-start)/(double)CLOCKS_PER_SEC; - } while (elapsed<MIN_TIME || iterations<MIN_ITERS); - elapsed=1000.0*elapsed/iterations; - printf("G2 mul - %8d iterations ",iterations); - printf(" %8.2lf ms per iteration\n",elapsed); - - PAIR_BN254_ate(&w,&Q,&P); - PAIR_BN254_fexp(&w); - - FP12_BN254_copy(&g,&w); - - PAIR_BN254_GTpow(&g,r); - - if (!FP12_BN254_isunity(&g)) - { - printf("FAILURE - g^r!=1\n"); - return 0; - } - - iterations=0; - start=clock(); - do { - FP12_BN254_copy(&g,&w); - PAIR_BN254_GTpow(&g,s); - - iterations++; - elapsed=(clock()-start)/(double)CLOCKS_PER_SEC; - } while (elapsed<MIN_TIME || iterations<MIN_ITERS); - elapsed=1000.0*elapsed/iterations; - printf("GT pow - %8d iterations ",iterations); - printf(" %8.2lf ms per iteration\n",elapsed); - - FP12_BN254_copy(&g,&w); - - iterations=0; - start=clock(); - do { - FP12_BN254_compow(&cm,&g,s,r); - iterations++; - elapsed=(clock()-start)/(double)CLOCKS_PER_SEC; - } while (elapsed<MIN_TIME || iterations<MIN_ITERS); - elapsed=1000.0*elapsed/iterations; - printf("GT pow (compressed) - %8d iterations ",iterations); - printf(" %8.2lf ms per iteration\n",elapsed); - - iterations=0; - start=clock(); - do { - PAIR_BN254_ate(&w,&Q,&P); - iterations++; - elapsed=(clock()-start)/(double)CLOCKS_PER_SEC; - } while (elapsed<MIN_TIME || iterations<MIN_ITERS); - elapsed=1000.0*elapsed/iterations; - printf("PAIRing ATE - %8d iterations ",iterations); - printf(" %8.2lf ms per iteration\n",elapsed); - - iterations=0; - start=clock(); - do { - FP12_BN254_copy(&g,&w); - PAIR_BN254_fexp(&g); - iterations++; - elapsed=(clock()-start)/(double)CLOCKS_PER_SEC; - } while (elapsed<MIN_TIME || iterations<MIN_ITERS); - elapsed=1000.0*elapsed/iterations; - printf("PAIRing FEXP - %8d iterations ",iterations); - printf(" %8.2lf ms per iteration\n",elapsed); - - ECP_BN254_copy(&P,&G); - ECP2_BN254_copy(&Q,&W); - - PAIR_BN254_G1mul(&P,s); - PAIR_BN254_ate(&g,&Q,&P); - PAIR_BN254_fexp(&g); - - ECP_BN254_copy(&P,&G); - - PAIR_BN254_G2mul(&Q,s); - PAIR_BN254_ate(&w,&Q,&P); - PAIR_BN254_fexp(&w); - - if (!FP12_BN254_equals(&g,&w)) - { - printf("FAILURE - e(sQ,p)!=e(Q,sP) \n"); - return 0; - } - - ECP2_BN254_copy(&Q,&W); - PAIR_BN254_ate(&g,&Q,&P); - PAIR_BN254_fexp(&g); - - PAIR_BN254_GTpow(&g,s); - - if (!FP12_BN254_equals(&g,&w)) - { - printf("FAILURE - e(sQ,p)!=e(Q,P)^s \n"); - return 0; - } - return 0; -} - -#if CHUNK==32 || CHUNK==64 - -int BLS_383(csprng *RNG) -{ - int i,iterations; - clock_t start; - double elapsed; - - ECP_BLS383 P,G; - ECP2_BLS383 Q,W; - FP12_BLS383 g,w; - FP4_BLS383 cm; - - BIG_BLS12 s,r,x,y; - printf("\nTesting/Timing BLS383 Pairings\n"); - - ECP_BLS383_generator(&G); - - - BIG_BLS12_rcopy(r,CURVE_Order_BLS383); - BIG_BLS12_randomnum(s,r,RNG); - ECP_BLS383_copy(&P,&G); - PAIR_BLS383_G1mul(&P,r); - - if (!ECP_BLS383_isinf(&P)) - { - printf("FAILURE - rG!=O\n"); - return 0; - } - - iterations=0; - start=clock(); - do { - ECP_BLS383_copy(&P,&G); - PAIR_BLS383_G1mul(&P,s); - - iterations++; - elapsed=(clock()-start)/(double)CLOCKS_PER_SEC; - } while (elapsed<MIN_TIME || iterations<MIN_ITERS); - elapsed=1000.0*elapsed/iterations; - printf("G1 mul - %8d iterations ",iterations); - printf(" %8.2lf ms per iteration\n",elapsed); - - ECP2_BLS383_generator(&W); - - ECP2_BLS383_copy(&Q,&W); - ECP2_BLS383_mul(&Q,r); - - if (!ECP2_BLS383_isinf(&Q)) - { - printf("FAILURE - rQ!=O\n"); - return 0; - } - - iterations=0; - start=clock(); - do { - ECP2_BLS383_copy(&Q,&W); - PAIR_BLS383_G2mul(&Q,s); - - iterations++; - elapsed=(clock()-start)/(double)CLOCKS_PER_SEC; - } while (elapsed<MIN_TIME || iterations<MIN_ITERS); - elapsed=1000.0*elapsed/iterations; - printf("G2 mul - %8d iterations ",iterations); - printf(" %8.2lf ms per iteration\n",elapsed); - - PAIR_BLS383_ate(&w,&Q,&P); - PAIR_BLS383_fexp(&w); - - FP12_BLS383_copy(&g,&w); - - PAIR_BLS383_GTpow(&g,r); - - if (!FP12_BLS383_isunity(&g)) - { - printf("FAILURE - g^r!=1\n"); - return 0; - } - - iterations=0; - start=clock(); - do { - FP12_BLS383_copy(&g,&w); - PAIR_BLS383_GTpow(&g,s); - - iterations++; - elapsed=(clock()-start)/(double)CLOCKS_PER_SEC; - } while (elapsed<MIN_TIME || iterations<MIN_ITERS); - elapsed=1000.0*elapsed/iterations; - printf("GT pow - %8d iterations ",iterations); - printf(" %8.2lf ms per iteration\n",elapsed); - - FP12_BLS383_copy(&g,&w); - - iterations=0; - start=clock(); - do { - FP12_BLS383_compow(&cm,&g,s,r); - iterations++; - elapsed=(clock()-start)/(double)CLOCKS_PER_SEC; - } while (elapsed<MIN_TIME || iterations<MIN_ITERS); - elapsed=1000.0*elapsed/iterations; - printf("GT pow (compressed) - %8d iterations ",iterations); - printf(" %8.2lf ms per iteration\n",elapsed); - - iterations=0; - start=clock(); - do { - PAIR_BLS383_ate(&w,&Q,&P); - iterations++; - elapsed=(clock()-start)/(double)CLOCKS_PER_SEC; - } while (elapsed<MIN_TIME || iterations<MIN_ITERS); - elapsed=1000.0*elapsed/iterations; - printf("PAIRing ATE - %8d iterations ",iterations); - printf(" %8.2lf ms per iteration\n",elapsed); - - iterations=0; - start=clock(); - do { - FP12_BLS383_copy(&g,&w); - PAIR_BLS383_fexp(&g); - iterations++; - elapsed=(clock()-start)/(double)CLOCKS_PER_SEC; - } while (elapsed<MIN_TIME || iterations<MIN_ITERS); - elapsed=1000.0*elapsed/iterations; - printf("PAIRing FEXP - %8d iterations ",iterations); - printf(" %8.2lf ms per iteration\n",elapsed); - - ECP_BLS383_copy(&P,&G); - ECP2_BLS383_copy(&Q,&W); - - PAIR_BLS383_G1mul(&P,s); - PAIR_BLS383_ate(&g,&Q,&P); - PAIR_BLS383_fexp(&g); - - ECP_BLS383_copy(&P,&G); - - PAIR_BLS383_G2mul(&Q,s); - PAIR_BLS383_ate(&w,&Q,&P); - PAIR_BLS383_fexp(&w); - - if (!FP12_BLS383_equals(&g,&w)) - { - printf("FAILURE - e(sQ,p)!=e(Q,sP) \n"); - return 0; - } - - ECP2_BLS383_copy(&Q,&W); - PAIR_BLS383_ate(&g,&Q,&P); - PAIR_BLS383_fexp(&g); - - PAIR_BLS383_GTpow(&g,s); - - if (!FP12_BLS383_equals(&g,&w)) - { - printf("FAILURE - e(sQ,p)!=e(Q,P)^s \n"); - return 0; - } - return 0; -} - -int BLS_24(csprng *RNG) -{ - int i,iterations; - clock_t start; - double elapsed; - - ECP_BLS24 P,G; - ECP4_BLS24 Q,W; - FP24_BLS24 g,w; - FP8_BLS24 cm; - - BIG_BLS24 s,r,x,y; - printf("\nTesting/Timing BLS24 Pairings\n"); - - ECP_BLS24_generator(&G); - - - BIG_BLS24_rcopy(r,CURVE_Order_BLS24); - BIG_BLS24_randomnum(s,r,RNG); - ECP_BLS24_copy(&P,&G); - PAIR_BLS24_G1mul(&P,r); - - if (!ECP_BLS24_isinf(&P)) - { - printf("FAILURE - rG!=O\n"); - return 0; - } - - iterations=0; - start=clock(); - do { - ECP_BLS24_copy(&P,&G); - PAIR_BLS24_G1mul(&P,s); - - iterations++; - elapsed=(clock()-start)/(double)CLOCKS_PER_SEC; - } while (elapsed<MIN_TIME || iterations<MIN_ITERS); - elapsed=1000.0*elapsed/iterations; - printf("G1 mul - %8d iterations ",iterations); - printf(" %8.2lf ms per iteration\n",elapsed); - - ECP4_BLS24_generator(&W); - - ECP4_BLS24_copy(&Q,&W); - ECP4_BLS24_mul(&Q,r); - - if (!ECP4_BLS24_isinf(&Q)) - { - printf("FAILURE - rQ!=O\n"); - return 0; - } - - iterations=0; - start=clock(); - do { - ECP4_BLS24_copy(&Q,&W); - PAIR_BLS24_G2mul(&Q,s); - - iterations++; - elapsed=(clock()-start)/(double)CLOCKS_PER_SEC; - } while (elapsed<MIN_TIME || iterations<MIN_ITERS); - elapsed=1000.0*elapsed/iterations; - printf("G2 mul - %8d iterations ",iterations); - printf(" %8.2lf ms per iteration\n",elapsed); - - PAIR_BLS24_ate(&w,&Q,&P); - PAIR_BLS24_fexp(&w); - - FP24_BLS24_copy(&g,&w); - - PAIR_BLS24_GTpow(&g,r); - - if (!FP24_BLS24_isunity(&g)) - { - printf("FAILURE - g^r!=1\n"); - return 0; - } - - iterations=0; - start=clock(); - do { - FP24_BLS24_copy(&g,&w); - PAIR_BLS24_GTpow(&g,s); - - iterations++; - elapsed=(clock()-start)/(double)CLOCKS_PER_SEC; - } while (elapsed<MIN_TIME || iterations<MIN_ITERS); - elapsed=1000.0*elapsed/iterations; - printf("GT pow - %8d iterations ",iterations); - printf(" %8.2lf ms per iteration\n",elapsed); - - FP24_BLS24_copy(&g,&w); - - iterations=0; - start=clock(); - do { - FP24_BLS24_compow(&cm,&g,s,r); - iterations++; - elapsed=(clock()-start)/(double)CLOCKS_PER_SEC; - } while (elapsed<MIN_TIME || iterations<MIN_ITERS); - elapsed=1000.0*elapsed/iterations; - printf("GT pow (compressed) - %8d iterations ",iterations); - printf(" %8.2lf ms per iteration\n",elapsed); - - iterations=0; - start=clock(); - do { - PAIR_BLS24_ate(&w,&Q,&P); - iterations++; - elapsed=(clock()-start)/(double)CLOCKS_PER_SEC; - } while (elapsed<MIN_TIME || iterations<MIN_ITERS); - elapsed=1000.0*elapsed/iterations; - printf("PAIRing ATE - %8d iterations ",iterations); - printf(" %8.2lf ms per iteration\n",elapsed); - - iterations=0; - start=clock(); - do { - FP24_BLS24_copy(&g,&w); - PAIR_BLS24_fexp(&g); - iterations++; - elapsed=(clock()-start)/(double)CLOCKS_PER_SEC; - } while (elapsed<MIN_TIME || iterations<MIN_ITERS); - elapsed=1000.0*elapsed/iterations; - printf("PAIRing FEXP - %8d iterations ",iterations); - printf(" %8.2lf ms per iteration\n",elapsed); - - ECP_BLS24_copy(&P,&G); - ECP4_BLS24_copy(&Q,&W); - - PAIR_BLS24_G1mul(&P,s); - PAIR_BLS24_ate(&g,&Q,&P); - PAIR_BLS24_fexp(&g); - - ECP_BLS24_copy(&P,&G); - - PAIR_BLS24_G2mul(&Q,s); - PAIR_BLS24_ate(&w,&Q,&P); - PAIR_BLS24_fexp(&w); - - if (!FP24_BLS24_equals(&g,&w)) - { - printf("FAILURE - e(sQ,p)!=e(Q,sP) \n"); - return 0; - } - - ECP4_BLS24_copy(&Q,&W); - PAIR_BLS24_ate(&g,&Q,&P); - PAIR_BLS24_fexp(&g); - - PAIR_BLS24_GTpow(&g,s); - - if (!FP24_BLS24_equals(&g,&w)) - { - printf("FAILURE - e(sQ,p)!=e(Q,P)^s \n"); - return 0; - } - return 0; -} - - -int BLS_48(csprng *RNG) -{ - int i,iterations; - clock_t start; - double elapsed; - - ECP_BLS48 P,G; - ECP8_BLS48 Q,W; - FP48_BLS48 g,w; - FP16_BLS48 cm; - - BIG_BLS48 s,r,x,y; - printf("\nTesting/Timing BLS48 Pairings\n"); - - ECP_BLS48_generator(&G); - - - BIG_BLS48_rcopy(r,CURVE_Order_BLS48); - BIG_BLS48_randomnum(s,r,RNG); - ECP_BLS48_copy(&P,&G); - PAIR_BLS48_G1mul(&P,r); - - if (!ECP_BLS48_isinf(&P)) - { - printf("FAILURE - rG!=O\n"); - return 0; - } - - iterations=0; - start=clock(); - do { - ECP_BLS48_copy(&P,&G); - PAIR_BLS48_G1mul(&P,s); - - iterations++; - elapsed=(clock()-start)/(double)CLOCKS_PER_SEC; - } while (elapsed<MIN_TIME || iterations<MIN_ITERS); - elapsed=1000.0*elapsed/iterations; - printf("G1 mul - %8d iterations ",iterations); - printf(" %8.2lf ms per iteration\n",elapsed); - - ECP8_BLS48_generator(&W); - - ECP8_BLS48_copy(&Q,&W); - ECP8_BLS48_mul(&Q,r); - - if (!ECP8_BLS48_isinf(&Q)) - { - printf("FAILURE - rQ!=O\n"); - return 0; - } - - iterations=0; - start=clock(); - do { - ECP8_BLS48_copy(&Q,&W); - PAIR_BLS48_G2mul(&Q,s); - - iterations++; - elapsed=(clock()-start)/(double)CLOCKS_PER_SEC; - } while (elapsed<MIN_TIME || iterations<MIN_ITERS); - elapsed=1000.0*elapsed/iterations; - printf("G2 mul - %8d iterations ",iterations); - printf(" %8.2lf ms per iteration\n",elapsed); - - PAIR_BLS48_ate(&w,&Q,&P); - PAIR_BLS48_fexp(&w); - - FP48_BLS48_copy(&g,&w); - - PAIR_BLS48_GTpow(&g,r); - - if (!FP48_BLS48_isunity(&g)) - { - printf("FAILURE - g^r!=1\n"); - return 0; - } - - iterations=0; - start=clock(); - do { - FP48_BLS48_copy(&g,&w); - PAIR_BLS48_GTpow(&g,s); - - iterations++; - elapsed=(clock()-start)/(double)CLOCKS_PER_SEC; - } while (elapsed<MIN_TIME || iterations<MIN_ITERS); - elapsed=1000.0*elapsed/iterations; - printf("GT pow - %8d iterations ",iterations); - printf(" %8.2lf ms per iteration\n",elapsed); - - FP48_BLS48_copy(&g,&w); - - iterations=0; - start=clock(); - do { - FP48_BLS48_compow(&cm,&g,s,r); - iterations++; - elapsed=(clock()-start)/(double)CLOCKS_PER_SEC; - } while (elapsed<MIN_TIME || iterations<MIN_ITERS); - elapsed=1000.0*elapsed/iterations; - printf("GT pow (compressed) - %8d iterations ",iterations); - printf(" %8.2lf ms per iteration\n",elapsed); - - iterations=0; - start=clock(); - do { - PAIR_BLS48_ate(&w,&Q,&P); - iterations++; - elapsed=(clock()-start)/(double)CLOCKS_PER_SEC; - } while (elapsed<MIN_TIME || iterations<MIN_ITERS); - elapsed=1000.0*elapsed/iterations; - printf("PAIRing ATE - %8d iterations ",iterations); - printf(" %8.2lf ms per iteration\n",elapsed); - - iterations=0; - start=clock(); - do { - FP48_BLS48_copy(&g,&w); - PAIR_BLS48_fexp(&g); - iterations++; - elapsed=(clock()-start)/(double)CLOCKS_PER_SEC; - } while (elapsed<MIN_TIME || iterations<MIN_ITERS); - elapsed=1000.0*elapsed/iterations; - printf("PAIRing FEXP - %8d iterations ",iterations); - printf(" %8.2lf ms per iteration\n",elapsed); - - ECP_BLS48_copy(&P,&G); - ECP8_BLS48_copy(&Q,&W); - - PAIR_BLS48_G1mul(&P,s); - PAIR_BLS48_ate(&g,&Q,&P); - PAIR_BLS48_fexp(&g); - - ECP_BLS48_copy(&P,&G); - - PAIR_BLS48_G2mul(&Q,s); - PAIR_BLS48_ate(&w,&Q,&P); - PAIR_BLS48_fexp(&w); - - if (!FP48_BLS48_equals(&g,&w)) - { - printf("FAILURE - e(sQ,p)!=e(Q,sP) \n"); - return 0; - } - - ECP8_BLS48_copy(&Q,&W); - PAIR_BLS48_ate(&g,&Q,&P); - PAIR_BLS48_fexp(&g); - - PAIR_BLS48_GTpow(&g,s); - - if (!FP48_BLS48_equals(&g,&w)) - { - printf("FAILURE - e(sQ,p)!=e(Q,P)^s \n"); - return 0; - } - return 0; -} -#endif - -int RSA_2048(csprng *RNG) -{ - rsa_public_key_2048 pub; - rsa_private_key_2048 priv; - - int i,iterations; - clock_t start; - double elapsed; - - char m[RFS_2048],d[RFS_2048],c[RFS_2048]; - octet M= {0,sizeof(m),m}; - octet D= {0,sizeof(d),d}; - octet C= {0,sizeof(c),c}; - - printf("\nTesting/Timing 2048-bit RSA\n"); - - printf("Generating 2048-bit RSA public/private key pair\n"); - - iterations=0; - start=clock(); - do { - RSA_2048_KEY_PAIR(RNG,65537,&priv,&pub,NULL,NULL); - iterations++; - elapsed=(clock()-start)/(double)CLOCKS_PER_SEC; - } while (elapsed<MIN_TIME || iterations<MIN_ITERS); - elapsed=1000.0*elapsed/iterations; - printf("RSA gen - %8d iterations ",iterations); - printf(" %8.2lf ms per iteration\n",elapsed); - - M.len=RFS_2048; - for (i=0;i<RFS_2048;i++) M.val[i]=i%128; - - iterations=0; - start=clock(); - do { - RSA_2048_ENCRYPT(&pub,&M,&C); - iterations++; - elapsed=(clock()-start)/(double)CLOCKS_PER_SEC; - } while (elapsed<MIN_TIME || iterations<MIN_ITERS); - elapsed=1000.0*elapsed/iterations; - printf("RSA enc - %8d iterations ",iterations); - printf(" %8.2lf ms per iteration\n",elapsed); - - iterations=0; - start=clock(); - do { - RSA_2048_DECRYPT(&priv,&C,&D); - iterations++; - elapsed=(clock()-start)/(double)CLOCKS_PER_SEC; - } while (elapsed<MIN_TIME || iterations<MIN_ITERS); - elapsed=1000.0*elapsed/iterations; - printf("RSA dec - %8d iterations ",iterations); - printf(" %8.2lf ms per iteration\n",elapsed); - - for (i=0;i<RFS_2048;i++) - { - if (M.val[i]!=D.val[i]) - { - printf("FAILURE - RSA decryption\n"); - return 0; - } - } - - printf("All tests pass\n"); - - return 0; -} - -int main() -{ - csprng RNG; - int i; - char pr[10]; - unsigned long ran; - - time((time_t *)&ran); - pr[0]=ran; - pr[1]=ran>>8; - pr[2]=ran>>16; - pr[3]=ran>>24; - for (i=4;i<10;i++) pr[i]=i; - RAND_seed(&RNG,10,pr); - - ED_25519(&RNG); -#if CHUNK==32 || CHUNK==64 - NIST_256(&RNG); - GOLD_LOCKS(&RNG); -#endif - BN_254(&RNG); -#if CHUNK==32 || CHUNK==64 - BLS_383(&RNG); - BLS_24(&RNG); - BLS_48(&RNG); -#endif - RSA_2048(&RNG); - -}
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/1add7560/version3/c/big.c ---------------------------------------------------------------------- diff --git a/version3/c/big.c b/version3/c/big.c deleted file mode 100644 index 6845c6b..0000000 --- a/version3/c/big.c +++ /dev/null @@ -1,1535 +0,0 @@ -/* - Licensed to the Apache Software Foundation (ASF) under one - or more contributor license agreements. See the NOTICE file - distributed with this work for additional information - regarding copyright ownership. The ASF licenses this file - to you under the Apache License, Version 2.0 (the - "License"); you may not use this file except in compliance - with the License. You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - - Unless required by applicable law or agreed to in writing, - software distributed under the License is distributed on an - "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - KIND, either express or implied. See the License for the - specific language governing permissions and limitations - under the License. -*/ - -/* AMCL basic functions for BIG type */ -/* SU=m, SU is Stack Usage */ - -#include "big_XXX.h" - -/* test a=0? */ -int BIG_XXX_iszilch(BIG_XXX a) -{ - int i; - for (i=0; i<NLEN_XXX; i++) - if (a[i]!=0) return 0; - return 1; -} - -/* test a=1? */ -int BIG_XXX_isunity(BIG_XXX a) -{ - int i; - for(i=1; i<NLEN_XXX; i++) - if (a[i]!=0) return 0; - if (a[0]!=1) return 0; - return 1; -} - -/* test a=0? */ -int BIG_XXX_diszilch(DBIG_XXX a) -{ - int i; - for (i=0; i<DNLEN_XXX; i++) - if (a[i]!=0) return 0; - return 1; -} - -/* SU= 56 */ -/* output a */ -void BIG_XXX_output(BIG_XXX a) -{ - BIG_XXX b; - int i,len; - len=BIG_XXX_nbits(a); - if (len%4==0) len/=4; - else - { - len/=4; - len++; - } - if (len<MODBYTES_XXX*2) len=MODBYTES_XXX*2; - - for (i=len-1; i>=0; i--) - { - BIG_XXX_copy(b,a); - BIG_XXX_shr(b,i*4); - printf("%01x",(unsigned int) b[0]&15); - } -} - -/* SU= 16 */ -void BIG_XXX_rawoutput(BIG_XXX a) -{ - int i; - printf("("); - for (i=0; i<NLEN_XXX-1; i++) -#if CHUNK==64 - printf("%"PRIxMAX",",(uintmax_t) a[i]); - printf("%"PRIxMAX")",(uintmax_t) a[NLEN_XXX-1]); -#else - printf("%x,",(unsigned int) a[i]); - printf("%x)",(unsigned int) a[NLEN_XXX-1]); -#endif -} - -/* Swap a and b if d=1 */ -void BIG_XXX_cswap(BIG_XXX a,BIG_XXX b,int d) -{ - int i; - chunk t,c=d; - c=~(c-1); -#ifdef DEBUG_NORM - for (i=0; i<NLEN_XXX+2; i++) -#else - for (i=0; i<NLEN_XXX; i++) -#endif - { - t=c&(a[i]^b[i]); - a[i]^=t; - b[i]^=t; - } -} - -/* Move b to a if d=1 */ -void BIG_XXX_cmove(BIG_XXX f,BIG_XXX g,int d) -{ - int i; - chunk b=(chunk)-d; -#ifdef DEBUG_NORM - for (i=0; i<NLEN_XXX+2; i++) -#else - for (i=0; i<NLEN_XXX; i++) -#endif - { - f[i]^=(f[i]^g[i])&b; - } -} - -/* Move g to f if d=1 */ -void BIG_XXX_dcmove(DBIG_XXX f,DBIG_XXX g,int d) -{ - int i; - chunk b=(chunk)-d; -#ifdef DEBUG_NORM - for (i=0; i<DNLEN_XXX+2; i++) -#else - for (i=0; i<DNLEN_XXX; i++) -#endif - { - f[i]^=(f[i]^g[i])&b; - } -} - -/* convert BIG to/from bytes */ -/* SU= 64 */ -void BIG_XXX_toBytes(char *b,BIG_XXX a) -{ - int i; - BIG_XXX c; - BIG_XXX_copy(c,a); - BIG_XXX_norm(c); - for (i=MODBYTES_XXX-1; i>=0; i--) - { - b[i]=c[0]&0xff; - BIG_XXX_fshr(c,8); - } -} - -/* SU= 16 */ -void BIG_XXX_fromBytes(BIG_XXX a,char *b) -{ - int i; - BIG_XXX_zero(a); - for (i=0; i<MODBYTES_XXX; i++) - { - BIG_XXX_fshl(a,8); - a[0]+=(int)(unsigned char)b[i]; - //BIG_XXX_inc(a,(int)(unsigned char)b[i]); BIG_XXX_norm(a); - } -#ifdef DEBUG_NORM - a[MPV_XXX]=1; - a[MNV_XXX]=0; -#endif -} - -void BIG_XXX_fromBytesLen(BIG_XXX a,char *b,int s) -{ - int i,len=s; - BIG_XXX_zero(a); - - if (len>MODBYTES_XXX) len=MODBYTES_XXX; - for (i=0; i<len; i++) - { - BIG_XXX_fshl(a,8); - a[0]+=(int)(unsigned char)b[i]; - } -#ifdef DEBUG_NORM - a[MPV_XXX]=1; - a[MNV_XXX]=0; -#endif -} - - - -/* SU= 88 */ -void BIG_XXX_doutput(DBIG_XXX a) -{ - DBIG_XXX b; - int i,len; - BIG_XXX_dnorm(a); - len=BIG_XXX_dnbits(a); - if (len%4==0) len/=4; - else - { - len/=4; - len++; - } - - for (i=len-1; i>=0; i--) - { - BIG_XXX_dcopy(b,a); - BIG_XXX_dshr(b,i*4); - printf("%01x",(unsigned int) b[0]&15); - } -} - - -void BIG_XXX_drawoutput(DBIG_XXX a) -{ - int i; - printf("("); - for (i=0; i<DNLEN_XXX-1; i++) -#if CHUNK==64 - printf("%"PRIxMAX",",(uintmax_t) a[i]); - printf("%"PRIxMAX")",(uintmax_t) a[DNLEN_XXX-1]); -#else - printf("%x,",(unsigned int) a[i]); - printf("%x)",(unsigned int) a[DNLEN_XXX-1]); -#endif -} - -/* Copy b=a */ -void BIG_XXX_copy(BIG_XXX b,BIG_XXX a) -{ - int i; - for (i=0; i<NLEN_XXX; i++) - b[i]=a[i]; -#ifdef DEBUG_NORM - b[MPV_XXX]=a[MPV_XXX]; - b[MNV_XXX]=a[MNV_XXX]; -#endif -} - -/* Copy from ROM b=a */ -void BIG_XXX_rcopy(BIG_XXX b,const BIG_XXX a) -{ - int i; - for (i=0; i<NLEN_XXX; i++) - b[i]=a[i]; -#ifdef DEBUG_NORM - b[MPV_XXX]=1; - b[MNV_XXX]=0; -#endif -} - -/* double length DBIG copy b=a */ -void BIG_XXX_dcopy(DBIG_XXX b,DBIG_XXX a) -{ - int i; - for (i=0; i<DNLEN_XXX; i++) - b[i]=a[i]; -#ifdef DEBUG_NORM - b[DMPV_XXX]=a[DMPV_XXX]; - b[DMNV_XXX]=a[DMNV_XXX]; -#endif -} - -/* Copy BIG to bottom half of DBIG */ -void BIG_XXX_dscopy(DBIG_XXX b,BIG_XXX a) -{ - int i; - for (i=0; i<NLEN_XXX-1; i++) - b[i]=a[i]; - - b[NLEN_XXX-1]=a[NLEN_XXX-1]&BMASK_XXX; /* top word normalized */ - b[NLEN_XXX]=a[NLEN_XXX-1]>>BASEBITS_XXX; - - for (i=NLEN_XXX+1; i<DNLEN_XXX; i++) b[i]=0; -#ifdef DEBUG_NORM - b[DMPV_XXX]=a[MPV_XXX]; - b[DMNV_XXX]=a[MNV_XXX]; -#endif -} - -/* Copy BIG to top half of DBIG */ -void BIG_XXX_dsucopy(DBIG_XXX b,BIG_XXX a) -{ - int i; - for (i=0; i<NLEN_XXX; i++) - b[i]=0; - for (i=NLEN_XXX; i<DNLEN_XXX; i++) - b[i]=a[i-NLEN_XXX]; -#ifdef DEBUG_NORM - b[DMPV_XXX]=a[MPV_XXX]; - b[DMNV_XXX]=a[MNV_XXX]; -#endif -} - -/* Copy bottom half of DBIG to BIG */ -void BIG_XXX_sdcopy(BIG_XXX b,DBIG_XXX a) -{ - int i; - for (i=0; i<NLEN_XXX; i++) - b[i]=a[i]; -#ifdef DEBUG_NORM - b[MPV_XXX]=a[DMPV_XXX]; - b[MNV_XXX]=a[DMNV_XXX]; -#endif -} - -/* Copy top half of DBIG to BIG */ -void BIG_XXX_sducopy(BIG_XXX b,DBIG_XXX a) -{ - int i; - for (i=0; i<NLEN_XXX; i++) - b[i]=a[i+NLEN_XXX]; -#ifdef DEBUG_NORM - b[MPV_XXX]=a[DMPV_XXX]; - b[MNV_XXX]=a[DMNV_XXX]; - -#endif -} - -/* Set a=0 */ -void BIG_XXX_zero(BIG_XXX a) -{ - int i; - for (i=0; i<NLEN_XXX; i++) - a[i]=0; -#ifdef DEBUG_NORM - a[MPV_XXX]=a[MNV_XXX]=0; -#endif -} - -void BIG_XXX_dzero(DBIG_XXX a) -{ - int i; - for (i=0; i<DNLEN_XXX; i++) - a[i]=0; -#ifdef DEBUG_NORM - a[DMPV_XXX]=a[DMNV_XXX]=0; -#endif -} - -/* set a=1 */ -void BIG_XXX_one(BIG_XXX a) -{ - int i; - a[0]=1; - for (i=1; i<NLEN_XXX; i++) - a[i]=0; -#ifdef DEBUG_NORM - a[MPV_XXX]=1; - a[MNV_XXX]=0; -#endif -} - - - -/* Set c=a+b */ -/* SU= 8 */ -void BIG_XXX_add(BIG_XXX c,BIG_XXX a,BIG_XXX b) -{ - int i; - for (i=0; i<NLEN_XXX; i++) - c[i]=a[i]+b[i]; -#ifdef DEBUG_NORM - c[MPV_XXX]=a[MPV_XXX]+b[MPV_XXX]; - c[MNV_XXX]=a[MNV_XXX]+b[MNV_XXX]; - if (c[MPV_XXX]>NEXCESS_XXX) printf("add problem - positive digit overflow %d\n",c[MPV_XXX]); - if (c[MNV_XXX]>NEXCESS_XXX) printf("add problem - negative digit overflow %d\n",c[MNV_XXX]); - -#endif -} - -/* Set c=a or b */ -void BIG_XXX_or(BIG_XXX c,BIG_XXX a,BIG_XXX b) -{ - int i; - BIG_XXX_norm(a); - BIG_XXX_norm(b); - for (i=0; i<NLEN_XXX; i++) - c[i]=a[i]|b[i]; -#ifdef DEBUG_NORM - c[MPV_XXX]=1; - c[MNV_XXX]=0; -#endif -} - - -/* Set c=c+d */ -void BIG_XXX_inc(BIG_XXX c,int d) -{ - BIG_XXX_norm(c); - c[0]+=(chunk)d; -#ifdef DEBUG_NORM - c[MPV_XXX]+=1; -#endif -} - -/* Set c=a-b */ -/* SU= 8 */ -void BIG_XXX_sub(BIG_XXX c,BIG_XXX a,BIG_XXX b) -{ - int i; - for (i=0; i<NLEN_XXX; i++) - c[i]=a[i]-b[i]; -#ifdef DEBUG_NORM - c[MPV_XXX]=a[MPV_XXX]+b[MNV_XXX]; - c[MNV_XXX]=a[MNV_XXX]+b[MPV_XXX]; - if (c[MPV_XXX]>NEXCESS_XXX) printf("sub problem - positive digit overflow %d\n",c[MPV_XXX]); - if (c[MNV_XXX]>NEXCESS_XXX) printf("sub problem - negative digit overflow %d\n",c[MNV_XXX]); - -#endif -} - -/* SU= 8 */ - -void BIG_XXX_dsub(DBIG_XXX c,DBIG_XXX a,DBIG_XXX b) -{ - int i; - for (i=0; i<DNLEN_XXX; i++) - c[i]=a[i]-b[i]; -#ifdef DEBUG_NORM - c[DMPV_XXX]=a[DMPV_XXX]+b[DMNV_XXX]; - c[DMNV_XXX]=a[DMNV_XXX]+b[DMPV_XXX]; - if (c[DMPV_XXX]>NEXCESS_XXX) printf("double sub problem - positive digit overflow %d\n",c[DMPV_XXX]); - if (c[DMNV_XXX]>NEXCESS_XXX) printf("double sub problem - negative digit overflow %d\n",c[DMNV_XXX]); -#endif -} - -void BIG_XXX_dadd(DBIG_XXX c,DBIG_XXX a,DBIG_XXX b) -{ - int i; - for (i=0; i<DNLEN_XXX; i++) - c[i]=a[i]+b[i]; -#ifdef DEBUG_NORM - c[DMPV_XXX]=a[DMPV_XXX]+b[DMNV_XXX]; - c[DMNV_XXX]=a[DMNV_XXX]+b[DMPV_XXX]; - if (c[DMPV_XXX]>NEXCESS_XXX) printf("double add problem - positive digit overflow %d\n",c[DMPV_XXX]); - if (c[DMNV_XXX]>NEXCESS_XXX) printf("double add problem - negative digit overflow %d\n",c[DMNV_XXX]); -#endif -} - -/* Set c=c-1 */ -void BIG_XXX_dec(BIG_XXX c,int d) -{ - BIG_XXX_norm(c); - c[0]-=(chunk)d; -#ifdef DEBUG_NORM - c[MNV_XXX]+=1; -#endif -} - -/* multiplication r=a*c by c<=NEXCESS_XXX */ -void BIG_XXX_imul(BIG_XXX r,BIG_XXX a,int c) -{ - int i; - for (i=0; i<NLEN_XXX; i++) r[i]=a[i]*c; -#ifdef DEBUG_NORM - r[MPV_XXX]=a[MPV_XXX]*c; - r[MNV_XXX]=a[MNV_XXX]*c; - if (r[MPV_XXX]>NEXCESS_XXX) printf("int mul problem - positive digit overflow %d\n",r[MPV_XXX]); - if (r[MNV_XXX]>NEXCESS_XXX) printf("int mul problem - negative digit overflow %d\n",r[MNV_XXX]); - -#endif -} - -/* multiplication r=a*c by larger integer - c<=FEXCESS */ -/* SU= 24 */ -chunk BIG_XXX_pmul(BIG_XXX r,BIG_XXX a,int c) -{ - int i; - chunk ak,carry=0; -// BIG_XXX_norm(a); - for (i=0; i<NLEN_XXX; i++) - { - ak=a[i]; - r[i]=0; - carry=muladd_XXX(ak,(chunk)c,carry,&r[i]); - } -#ifdef DEBUG_NORM - r[MPV_XXX]=1; - r[MNV_XXX]=0; -#endif - return carry; -} - -/* r/=3 */ -/* SU= 16 */ -int BIG_XXX_div3(BIG_XXX r) -{ - int i; - chunk ak,base,carry=0; - BIG_XXX_norm(r); - base=((chunk)1<<BASEBITS_XXX); - for (i=NLEN_XXX-1; i>=0; i--) - { - ak=(carry*base+r[i]); - r[i]=ak/3; - carry=ak%3; - } - return (int)carry; -} - -/* multiplication c=a*b by even larger integer b>FEXCESS, resulting in DBIG */ -/* SU= 24 */ -void BIG_XXX_pxmul(DBIG_XXX c,BIG_XXX a,int b) -{ - int j; - chunk carry; - BIG_XXX_dzero(c); - carry=0; - for (j=0; j<NLEN_XXX; j++) - carry=muladd_XXX(a[j],(chunk)b,carry,&c[j]); - c[NLEN_XXX]=carry; -#ifdef DEBUG_NORM - c[DMPV_XXX]=1; - c[DMNV_XXX]=0; -#endif -} - -/* .. if you know the result will fit in a BIG, c must be distinct from a and b */ -/* SU= 40 */ -void BIG_XXX_smul(BIG_XXX c,BIG_XXX a,BIG_XXX b) -{ - int i,j; - chunk carry; -// BIG_XXX_norm(a); -// BIG_XXX_norm(b); - - BIG_XXX_zero(c); - for (i=0; i<NLEN_XXX; i++) - { - carry=0; - for (j=0; j<NLEN_XXX; j++) - { - if (i+j<NLEN_XXX) - carry=muladd_XXX(a[i],b[j],carry,&c[i+j]); - } - } -#ifdef DEBUG_NORM - c[MPV_XXX]=1; - c[MNV_XXX]=0; -#endif - -} - -/* Set c=a*b */ -/* SU= 72 */ -void BIG_XXX_mul(DBIG_XXX c,BIG_XXX a,BIG_XXX b) -{ - int i; -#ifdef dchunk - dchunk t,co; - dchunk s; - dchunk d[NLEN_XXX]; - int k; -#endif - -#ifdef DEBUG_NORM - if ((a[MPV_XXX]!=1 && a[MPV_XXX]!=0) || a[MNV_XXX]!=0) printf("First input to mul not normed\n"); - if ((b[MPV_XXX]!=1 && b[MPV_XXX]!=0) || b[MNV_XXX]!=0) printf("Second input to mul not normed\n"); -#endif - - /* Faster to Combafy it.. Let the compiler unroll the loops! */ - -#ifdef COMBA - - /* faster psuedo-Karatsuba method */ -#ifdef UNWOUND - - /* Insert output of faster.c here */ - -#else - for (i=0; i<NLEN_XXX; i++) - d[i]=(dchunk)a[i]*b[i]; - - s=d[0]; - t=s; - c[0]=(chunk)t&BMASK_XXX; - co=t>>BASEBITS_XXX; - - for (k=1; k<NLEN_XXX; k++) - { - s+=d[k]; - t=co+s; - for (i=k; i>=1+k/2; i--) t+=(dchunk)(a[i]-a[k-i])*(b[k-i]-b[i]); - c[k]=(chunk)t&BMASK_XXX; - co=t>>BASEBITS_XXX; - } - for (k=NLEN_XXX; k<2*NLEN_XXX-1; k++) - { - s-=d[k-NLEN_XXX]; - t=co+s; - for (i=NLEN_XXX-1; i>=1+k/2; i--) t+=(dchunk)(a[i]-a[k-i])*(b[k-i]-b[i]); - c[k]=(chunk)t&BMASK_XXX; - co=t>>BASEBITS_XXX; - } - c[2*NLEN_XXX-1]=(chunk)co; - -#endif - -#else - int j; - chunk carry; - BIG_XXX_dzero(c); - for (i=0; i<NLEN_XXX; i++) - { - carry=0; - for (j=0; j<NLEN_XXX; j++) - carry=muladd_XXX(a[i],b[j],carry,&c[i+j]); - - c[NLEN_XXX+i]=carry; - } - -#endif - -#ifdef DEBUG_NORM - c[DMPV_XXX]=1; - c[DMNV_XXX]=0; -#endif -} - -/* Set c=a*a */ -/* SU= 80 */ -void BIG_XXX_sqr(DBIG_XXX c,BIG_XXX a) -{ - int i,j; -#ifdef dchunk - dchunk t,co; -#endif - -#ifdef DEBUG_NORM - if ((a[MPV_XXX]!=1 && a[MPV_XXX]!=0) || a[MNV_XXX]!=0) printf("Input to sqr not normed\n"); -#endif - /* Note 2*a[i] in loop below and extra addition */ - -#ifdef COMBA - -#ifdef UNWOUND - - /* Insert output of faster.c here */ - -#else - - - t=(dchunk)a[0]*a[0]; - c[0]=(chunk)t&BMASK_XXX; - co=t>>BASEBITS_XXX; - - for (j=1; j<NLEN_XXX-1; ) - { - t=(dchunk)a[j]*a[0]; - for (i=1; i<(j+1)/2; i++) - { - t+=(dchunk)a[j-i]*a[i]; - } - t+=t; - t+=co; - c[j]=(chunk)t&BMASK_XXX; - co=t>>BASEBITS_XXX; - j++; - t=(dchunk)a[j]*a[0]; - for (i=1; i<(j+1)/2; i++) - { - t+=(dchunk)a[j-i]*a[i]; - } - t+=t; - t+=co; - t+=(dchunk)a[j/2]*a[j/2]; - c[j]=(chunk)t&BMASK_XXX; - co=t>>BASEBITS_XXX; - j++; - } - - for (j=NLEN_XXX-1+NLEN_XXX%2; j<DNLEN_XXX-3; ) - { - t=(dchunk)a[NLEN_XXX-1]*a[j-NLEN_XXX+1]; - for (i=j-NLEN_XXX+2; i<(j+1)/2; i++) - { - t+=(dchunk)a[j-i]*a[i]; - } - t+=t; - t+=co; - c[j]=(chunk)t&BMASK_XXX; - co=t>>BASEBITS_XXX; - j++; - t=(dchunk)a[NLEN_XXX-1]*a[j-NLEN_XXX+1]; - for (i=j-NLEN_XXX+2; i<(j+1)/2; i++) - { - t+=(dchunk)a[j-i]*a[i]; - } - t+=t; - t+=co; - t+=(dchunk)a[j/2]*a[j/2]; - c[j]=(chunk)t&BMASK_XXX; - co=t>>BASEBITS_XXX; - j++; - } - - t=(dchunk)a[NLEN_XXX-2]*a[NLEN_XXX-1]; - t+=t; - t+=co; - c[DNLEN_XXX-3]=(chunk)t&BMASK_XXX; - co=t>>BASEBITS_XXX; - - t=(dchunk)a[NLEN_XXX-1]*a[NLEN_XXX-1]+co; - c[DNLEN_XXX-2]=(chunk)t&BMASK_XXX; - co=t>>BASEBITS_XXX; - c[DNLEN_XXX-1]=(chunk)co; - - -#endif - -#else - chunk carry; - BIG_XXX_dzero(c); - for (i=0; i<NLEN_XXX; i++) - { - carry=0; - for (j=i+1; j<NLEN_XXX; j++) - carry=muladd_XXX(a[i],a[j],carry,&c[i+j]); - c[NLEN_XXX+i]=carry; - } - - for (i=0; i<DNLEN_XXX; i++) c[i]*=2; - - for (i=0; i<NLEN_XXX; i++) - c[2*i+1]+=muladd_XXX(a[i],a[i],0,&c[2*i]); - - BIG_XXX_dnorm(c); -#endif - - -#ifdef DEBUG_NORM - c[DMPV_XXX]=1; - c[DMNV_XXX]=0; -#endif - -} - -/* Montgomery reduction */ -void BIG_XXX_monty(BIG_XXX a,BIG_XXX md,chunk MC,DBIG_XXX d) -{ - int i,k; - -#ifdef dchunk - dchunk t,c,s; - dchunk dd[NLEN_XXX]; - chunk v[NLEN_XXX]; -#endif - -#ifdef COMBA - -#ifdef UNWOUND - - /* Insert output of faster.c here */ - -#else - - t=d[0]; - v[0]=((chunk)t*MC)&BMASK_XXX; - t+=(dchunk)v[0]*md[0]; - c=(t>>BASEBITS_XXX)+d[1]; - s=0; - - for (k=1; k<NLEN_XXX; k++) - { - t=c+s+(dchunk)v[0]*md[k]; - for (i=k-1; i>k/2; i--) t+=(dchunk)(v[k-i]-v[i])*(md[i]-md[k-i]); - v[k]=((chunk)t*MC)&BMASK_XXX; - t+=(dchunk)v[k]*md[0]; - c=(t>>BASEBITS_XXX)+d[k+1]; - dd[k]=(dchunk)v[k]*md[k]; - s+=dd[k]; - } - for (k=NLEN_XXX; k<2*NLEN_XXX-1; k++) - { - t=c+s; - for (i=NLEN_XXX-1; i>=1+k/2; i--) t+=(dchunk)(v[k-i]-v[i])*(md[i]-md[k-i]); - a[k-NLEN_XXX]=(chunk)t&BMASK_XXX; - c=(t>>BASEBITS_XXX)+d[k+1]; - s-=dd[k-NLEN_XXX+1]; - } - a[NLEN_XXX-1]=(chunk)c&BMASK_XXX; - -#endif - - - -#else - int j; - chunk m,carry; - for (i=0; i<NLEN_XXX; i++) - { - if (MC==-1) m=(-d[i])&BMASK_XXX; - else - { - if (MC==1) m=d[i]; - else m=(MC*d[i])&BMASK_XXX; - } - carry=0; - for (j=0; j<NLEN_XXX; j++) - carry=muladd_XXX(m,md[j],carry,&d[i+j]); - d[NLEN_XXX+i]+=carry; - } - BIG_XXX_sducopy(a,d); - BIG_XXX_norm(a); - -#endif - -#ifdef DEBUG_NORM - a[MPV_XXX]=1; - a[MNV_XXX]=0; -#endif -} - -/* General shift left of a by n bits */ -/* a MUST be normalised */ -/* SU= 32 */ -void BIG_XXX_shl(BIG_XXX a,int k) -{ - int i; - int n=k%BASEBITS_XXX; - int m=k/BASEBITS_XXX; - - a[NLEN_XXX-1]=((a[NLEN_XXX-1-m]<<n)); - if (NLEN_XXX>=m+2) a[NLEN_XXX-1]|=(a[NLEN_XXX-m-2]>>(BASEBITS_XXX-n)); - - for (i=NLEN_XXX-2; i>m; i--) - a[i]=((a[i-m]<<n)&BMASK_XXX)|(a[i-m-1]>>(BASEBITS_XXX-n)); - a[m]=(a[0]<<n)&BMASK_XXX; - for (i=0; i<m; i++) a[i]=0; - -} - -/* Fast shift left of a by n bits, where n less than a word, Return excess (but store it as well) */ -/* a MUST be normalised */ -/* SU= 16 */ -int BIG_XXX_fshl(BIG_XXX a,int n) -{ - int i; - - a[NLEN_XXX-1]=((a[NLEN_XXX-1]<<n))|(a[NLEN_XXX-2]>>(BASEBITS_XXX-n)); /* top word not masked */ - for (i=NLEN_XXX-2; i>0; i--) - a[i]=((a[i]<<n)&BMASK_XXX)|(a[i-1]>>(BASEBITS_XXX-n)); - a[0]=(a[0]<<n)&BMASK_XXX; - - return (int)(a[NLEN_XXX-1]>>((8*MODBYTES_XXX)%BASEBITS_XXX)); /* return excess - only used in ff.c */ -} - -/* double length left shift of a by k bits - k can be > BASEBITS , a MUST be normalised */ -/* SU= 32 */ -void BIG_XXX_dshl(DBIG_XXX a,int k) -{ - int i; - int n=k%BASEBITS_XXX; - int m=k/BASEBITS_XXX; - - a[DNLEN_XXX-1]=((a[DNLEN_XXX-1-m]<<n))|(a[DNLEN_XXX-m-2]>>(BASEBITS_XXX-n)); - - for (i=DNLEN_XXX-2; i>m; i--) - a[i]=((a[i-m]<<n)&BMASK_XXX)|(a[i-m-1]>>(BASEBITS_XXX-n)); - a[m]=(a[0]<<n)&BMASK_XXX; - for (i=0; i<m; i++) a[i]=0; - -} - -/* General shift right of a by k bits */ -/* a MUST be normalised */ -/* SU= 32 */ -void BIG_XXX_shr(BIG_XXX a,int k) -{ - int i; - int n=k%BASEBITS_XXX; - int m=k/BASEBITS_XXX; - for (i=0; i<NLEN_XXX-m-1; i++) - a[i]=(a[m+i]>>n)|((a[m+i+1]<<(BASEBITS_XXX-n))&BMASK_XXX); - if (NLEN_XXX>m) a[NLEN_XXX-m-1]=a[NLEN_XXX-1]>>n; - for (i=NLEN_XXX-m; i<NLEN_XXX; i++) a[i]=0; - -} - -/* Fast combined shift, subtract and norm. Return sign of result */ -int BIG_XXX_ssn(BIG_XXX r,BIG_XXX a,BIG_XXX m) -{ - int i,n=NLEN_XXX-1; - chunk carry; - m[0]=(m[0]>>1)|((m[1]<<(BASEBITS_XXX-1))&BMASK_XXX); - r[0]=a[0]-m[0]; - carry=r[0]>>BASEBITS_XXX; - r[0]&=BMASK_XXX; - - for (i=1;i<n;i++) - { - m[i]=(m[i]>>1)|((m[i+1]<<(BASEBITS_XXX-1))&BMASK_XXX); - r[i]=a[i]-m[i]+carry; - carry=r[i]>>BASEBITS_XXX; - r[i]&=BMASK_XXX; - } - - m[n]>>=1; - r[n]=a[n]-m[n]+carry; -#ifdef DEBUG_NORM - r[MPV_XXX]=1; - r[MNV_XXX]=0; -#endif - return ((r[n]>>(CHUNK-1))&1); -} - -/* Faster shift right of a by k bits. Return shifted out part */ -/* a MUST be normalised */ -/* SU= 16 */ -int BIG_XXX_fshr(BIG_XXX a,int k) -{ - int i; - chunk r=a[0]&(((chunk)1<<k)-1); /* shifted out part */ - for (i=0; i<NLEN_XXX-1; i++) - a[i]=(a[i]>>k)|((a[i+1]<<(BASEBITS_XXX-k))&BMASK_XXX); - a[NLEN_XXX-1]=a[NLEN_XXX-1]>>k; - return (int)r; -} - -/* double length right shift of a by k bits - can be > BASEBITS */ -/* SU= 32 */ -void BIG_XXX_dshr(DBIG_XXX a,int k) -{ - int i; - int n=k%BASEBITS_XXX; - int m=k/BASEBITS_XXX; - for (i=0; i<DNLEN_XXX-m-1; i++) - a[i]=(a[m+i]>>n)|((a[m+i+1]<<(BASEBITS_XXX-n))&BMASK_XXX); - a[DNLEN_XXX-m-1]=a[DNLEN_XXX-1]>>n; - for (i=DNLEN_XXX-m; i<DNLEN_XXX; i++ ) a[i]=0; -} - -/* Split DBIG d into two BIGs t|b. Split happens at n bits, where n falls into NLEN word */ -/* d MUST be normalised */ -/* SU= 24 */ -chunk BIG_XXX_split(BIG_XXX t,BIG_XXX b,DBIG_XXX d,int n) -{ - int i; - chunk nw,carry=0; - int m=n%BASEBITS_XXX; -// BIG_dnorm(d); - - if (m==0) - { - for (i=0; i<NLEN_XXX; i++) b[i]=d[i]; - if (t!=b) - { - for (i=NLEN_XXX; i<2*NLEN_XXX; i++) t[i-NLEN_XXX]=d[i]; - carry=t[NLEN_XXX-1]>>BASEBITS_XXX; - t[NLEN_XXX-1]=t[NLEN_XXX-1]&BMASK_XXX; /* top word normalized */ - } - return carry; - } - - for (i=0; i<NLEN_XXX-1; i++) b[i]=d[i]; - - b[NLEN_XXX-1]=d[NLEN_XXX-1]&(((chunk)1<<m)-1); - - if (t!=b) - { - carry=(d[DNLEN_XXX-1]<<(BASEBITS_XXX-m)); - for (i=DNLEN_XXX-2; i>=NLEN_XXX-1; i--) - { - nw=(d[i]>>m)|carry; - carry=(d[i]<<(BASEBITS_XXX-m))&BMASK_XXX; - t[i-NLEN_XXX+1]=nw; - } - } -#ifdef DEBUG_NORM - t[MPV_XXX]=1; - t[MNV_XXX]=0; - b[MPV_XXX]=1; - b[MNV_XXX]=0; -#endif - return carry; -} - -/* you gotta keep the sign of carry! Look - no branching! */ -/* Note that sign bit is needed to disambiguate between +ve and -ve values */ -/* normalise BIG - force all digits < 2^BASEBITS */ -chunk BIG_XXX_norm(BIG_XXX a) -{ - int i; - chunk d,carry=0; - for (i=0; i<NLEN_XXX-1; i++) - { - d=a[i]+carry; - a[i]=d&BMASK_XXX; - carry=d>>BASEBITS_XXX; - } - a[NLEN_XXX-1]=(a[NLEN_XXX-1]+carry); - -#ifdef DEBUG_NORM - a[MPV_XXX]=1; - a[MNV_XXX]=0; -#endif - return (a[NLEN_XXX-1]>>((8*MODBYTES_XXX)%BASEBITS_XXX)); /* only used in ff.c */ -} - -void BIG_XXX_dnorm(DBIG_XXX a) -{ - int i; - chunk d,carry=0; - for (i=0; i<DNLEN_XXX-1; i++) - { - d=a[i]+carry; - a[i]=d&BMASK_XXX; - carry=d>>BASEBITS_XXX; - } - a[DNLEN_XXX-1]=(a[DNLEN_XXX-1]+carry); -#ifdef DEBUG_NORM - a[DMPV_XXX]=1; - a[DMNV_XXX]=0; -#endif -} - -/* Compare a and b. Return 1 for a>b, -1 for a<b, 0 for a==b */ -/* a and b MUST be normalised before call */ -int BIG_XXX_comp(BIG_XXX a,BIG_XXX b) -{ - int i; - for (i=NLEN_XXX-1; i>=0; i--) - { - if (a[i]==b[i]) continue; - if (a[i]>b[i]) return 1; - else return -1; - } - return 0; -} - -int BIG_XXX_dcomp(DBIG_XXX a,DBIG_XXX b) -{ - int i; - for (i=DNLEN_XXX-1; i>=0; i--) - { - if (a[i]==b[i]) continue; - if (a[i]>b[i]) return 1; - else return -1; - } - return 0; -} - -/* return number of bits in a */ -/* SU= 8 */ -int BIG_XXX_nbits(BIG_XXX a) -{ - int bts,k=NLEN_XXX-1; - BIG_XXX t; - chunk c; - BIG_XXX_copy(t,a); - BIG_XXX_norm(t); - while (k>=0 && t[k]==0) k--; - if (k<0) return 0; - bts=BASEBITS_XXX*k; - c=t[k]; - while (c!=0) - { - c/=2; - bts++; - } - return bts; -} - -/* SU= 8, Calculate number of bits in a DBIG - output normalised */ -int BIG_XXX_dnbits(DBIG_XXX a) -{ - int bts,k=DNLEN_XXX-1; - DBIG_XXX t; - chunk c; - BIG_XXX_dcopy(t,a); - BIG_XXX_dnorm(t); - while (k>=0 && t[k]==0) k--; - if (k<0) return 0; - bts=BASEBITS_XXX*k; - c=t[k]; - while (c!=0) - { - c/=2; - bts++; - } - return bts; -} - - -/* Set b=b mod c */ -/* SU= 16 */ -void BIG_XXX_mod(BIG_XXX b,BIG_XXX c1) -{ - int k=0; - BIG_XXX r; /**/ - BIG_XXX c; - BIG_XXX_copy(c,c1); - - BIG_XXX_norm(b); - if (BIG_XXX_comp(b,c)<0) - return; - do - { - BIG_XXX_fshl(c,1); - k++; - } - while (BIG_XXX_comp(b,c)>=0); - - while (k>0) - { - BIG_XXX_fshr(c,1); - -// constant time... - BIG_XXX_sub(r,b,c); - BIG_XXX_norm(r); - BIG_XXX_cmove(b,r,1-((r[NLEN_XXX-1]>>(CHUNK-1))&1)); - k--; - } -} - -/* Set a=b mod c, b is destroyed. Slow but rarely used. */ -/* SU= 96 */ -void BIG_XXX_dmod(BIG_XXX a,DBIG_XXX b,BIG_XXX c) -{ - int k=0; - DBIG_XXX m,r; - BIG_XXX_dnorm(b); - BIG_XXX_dscopy(m,c); - - if (BIG_XXX_dcomp(b,m)<0) - { - BIG_XXX_sdcopy(a,b); - return; - } - - do - { - BIG_XXX_dshl(m,1); - k++; - } - while (BIG_XXX_dcomp(b,m)>=0); - - while (k>0) - { - BIG_XXX_dshr(m,1); -// constant time... - BIG_XXX_dsub(r,b,m); - BIG_XXX_dnorm(r); - BIG_XXX_dcmove(b,r,1-((r[DNLEN_XXX-1]>>(CHUNK-1))&1)); - - k--; - } - BIG_XXX_sdcopy(a,b); -} - -/* Set a=b/c, b is destroyed. Slow but rarely used. */ -/* SU= 136 */ - -void BIG_XXX_ddiv(BIG_XXX a,DBIG_XXX b,BIG_XXX c) -{ - int d,k=0; - DBIG_XXX m,dr; - BIG_XXX e,r; - BIG_XXX_dnorm(b); - BIG_XXX_dscopy(m,c); - - BIG_XXX_zero(a); - BIG_XXX_zero(e); - BIG_XXX_inc(e,1); - - while (BIG_XXX_dcomp(b,m)>=0) - { - BIG_XXX_fshl(e,1); - BIG_XXX_dshl(m,1); - k++; - } - - while (k>0) - { - BIG_XXX_dshr(m,1); - BIG_XXX_fshr(e,1); - - BIG_XXX_dsub(dr,b,m); - BIG_XXX_dnorm(dr); - d=1-((dr[DNLEN_XXX-1]>>(CHUNK-1))&1); - BIG_XXX_dcmove(b,dr,d); - - BIG_XXX_add(r,a,e); - BIG_XXX_norm(r); - BIG_XXX_cmove(a,r,d); - - k--; - } -} - -/* SU= 136 */ - -void BIG_XXX_sdiv(BIG_XXX a,BIG_XXX c) -{ - int d,k=0; - BIG_XXX m,e,b,r; - BIG_XXX_norm(a); - BIG_XXX_copy(b,a); - BIG_XXX_copy(m,c); - - BIG_XXX_zero(a); - BIG_XXX_zero(e); - BIG_XXX_inc(e,1); - - while (BIG_XXX_comp(b,m)>=0) - { - BIG_XXX_fshl(e,1); - BIG_XXX_fshl(m,1); - k++; - } - - while (k>0) - { - BIG_XXX_fshr(m,1); - BIG_XXX_fshr(e,1); - - BIG_XXX_sub(r,b,m); - BIG_XXX_norm(r); - d=1-((r[NLEN_XXX-1]>>(CHUNK-1))&1); - BIG_XXX_cmove(b,r,d); - - BIG_XXX_add(r,a,e); - BIG_XXX_norm(r); - BIG_XXX_cmove(a,r,d); - k--; - } -} - -/* return LSB of a */ -int BIG_XXX_parity(BIG_XXX a) -{ - return a[0]%2; -} - -/* return n-th bit of a */ -/* SU= 16 */ -int BIG_XXX_bit(BIG_XXX a,int n) -{ - if (a[n/BASEBITS_XXX]&((chunk)1<<(n%BASEBITS_XXX))) return 1; - else return 0; -} - -/* return NAF value as +/- 1, 3 or 5. x and x3 should be normed. -nbs is number of bits processed, and nzs is number of trailing 0s detected */ -/* SU= 32 */ -/* -int BIG_nafbits(BIG x,BIG x3,int i,int *nbs,int *nzs) -{ - int j,r,nb; - - nb=BIG_bit(x3,i)-BIG_bit(x,i); - *nbs=1; - *nzs=0; - if (nb==0) return 0; - if (i==0) return nb; - - if (nb>0) r=1; - else r=(-1); - - for (j=i-1;j>0;j--) - { - (*nbs)++; - r*=2; - nb=BIG_bit(x3,j)-BIG_bit(x,j); - if (nb>0) r+=1; - if (nb<0) r-=1; - if (abs(r)>5) break; - } - - if (r%2!=0 && j!=0) - { // backtrack - if (nb>0) r=(r-1)/2; - if (nb<0) r=(r+1)/2; - (*nbs)--; - } - - while (r%2==0) - { // remove trailing zeros - r/=2; - (*nzs)++; - (*nbs)--; - } - return r; -} -*/ - -/* return last n bits of a, where n is small < BASEBITS */ -/* SU= 16 */ -int BIG_XXX_lastbits(BIG_XXX a,int n) -{ - int msk=(1<<n)-1; - BIG_XXX_norm(a); - return ((int)a[0])&msk; -} - -/* get 8*MODBYTES size random number */ -void BIG_XXX_random(BIG_XXX m,csprng *rng) -{ - int i,b,j=0,r=0; - int len=8*MODBYTES_XXX; - - BIG_XXX_zero(m); - /* generate random BIG */ - for (i=0; i<len; i++) - { - if (j==0) r=RAND_byte(rng); - else r>>=1; - b=r&1; - BIG_XXX_shl(m,1); - m[0]+=b; - j++; - j&=7; - } - -#ifdef DEBUG_NORM - m[MPV_XXX]=1; - m[MNV_XXX]=0; -#endif -} - -/* get random BIG from rng, modulo q. Done one bit at a time, so its portable */ - -void BIG_XXX_randomnum(BIG_XXX m,BIG_XXX q,csprng *rng) -{ - int i,b,j=0,r=0; - DBIG_XXX d; - BIG_XXX_dzero(d); - /* generate random DBIG */ - for (i=0; i<2*BIG_XXX_nbits(q); i++) - { - if (j==0) r=RAND_byte(rng); - else r>>=1; - b=r&1; - BIG_XXX_dshl(d,1); - d[0]+=b; - j++; - j&=7; - } - /* reduce modulo a BIG. Removes bias */ - BIG_XXX_dmod(m,d,q); -#ifdef DEBUG_NORM - m[MPV_XXX]=1; - m[MNV_XXX]=0; -#endif -} - -/* Set r=a*b mod m */ -/* SU= 96 */ -void BIG_XXX_modmul(BIG_XXX r,BIG_XXX a1,BIG_XXX b1,BIG_XXX m) -{ - DBIG_XXX d; - BIG_XXX a,b; - BIG_XXX_copy(a,a1); - BIG_XXX_copy(b,b1); - BIG_XXX_mod(a,m); - BIG_XXX_mod(b,m); - - BIG_XXX_mul(d,a,b); - BIG_XXX_dmod(r,d,m); -} - -/* Set a=a*a mod m */ -/* SU= 88 */ -void BIG_XXX_modsqr(BIG_XXX r,BIG_XXX a1,BIG_XXX m) -{ - DBIG_XXX d; - BIG_XXX a; - BIG_XXX_copy(a,a1); - BIG_XXX_mod(a,m); - BIG_XXX_sqr(d,a); - BIG_XXX_dmod(r,d,m); -} - -/* Set r=-a mod m */ -/* SU= 16 */ -void BIG_XXX_modneg(BIG_XXX r,BIG_XXX a1,BIG_XXX m) -{ - BIG_XXX a; - BIG_XXX_copy(a,a1); - BIG_XXX_mod(a,m); - BIG_XXX_sub(r,m,a); -// BIG_XXX_mod(r,m); -} - -/* Set a=a/b mod m */ -/* SU= 136 */ -void BIG_XXX_moddiv(BIG_XXX r,BIG_XXX a1,BIG_XXX b1,BIG_XXX m) -{ - DBIG_XXX d; - BIG_XXX z; - BIG_XXX a,b; - BIG_XXX_copy(a,a1); - BIG_XXX_copy(b,b1); - - BIG_XXX_mod(a,m); - BIG_XXX_invmodp(z,b,m); - - BIG_XXX_mul(d,a,z); - BIG_XXX_dmod(r,d,m); -} - -/* Get jacobi Symbol (a/p). Returns 0, 1 or -1 */ -/* SU= 216 */ -int BIG_XXX_jacobi(BIG_XXX a,BIG_XXX p) -{ - int n8,k,m=0; - BIG_XXX t,x,n,zilch,one; - BIG_XXX_one(one); - BIG_XXX_zero(zilch); - if (BIG_XXX_parity(p)==0 || BIG_XXX_comp(a,zilch)==0 || BIG_XXX_comp(p,one)<=0) return 0; - BIG_XXX_norm(a); - BIG_XXX_copy(x,a); - BIG_XXX_copy(n,p); - BIG_XXX_mod(x,p); - - while (BIG_XXX_comp(n,one)>0) - { - if (BIG_XXX_comp(x,zilch)==0) return 0; - n8=BIG_XXX_lastbits(n,3); - k=0; - while (BIG_XXX_parity(x)==0) - { - k++; - BIG_XXX_shr(x,1); - } - if (k%2==1) m+=(n8*n8-1)/8; - m+=(n8-1)*(BIG_XXX_lastbits(x,2)-1)/4; - BIG_XXX_copy(t,n); - - BIG_XXX_mod(t,x); - BIG_XXX_copy(n,x); - BIG_XXX_copy(x,t); - m%=2; - - } - if (m==0) return 1; - else return -1; -} - -/* Set r=1/a mod p. Binary method */ -/* SU= 240 */ -void BIG_XXX_invmodp(BIG_XXX r,BIG_XXX a,BIG_XXX p) -{ - BIG_XXX u,v,x1,x2,t,one; - BIG_XXX_mod(a,p); - BIG_XXX_copy(u,a); - BIG_XXX_copy(v,p); - BIG_XXX_one(one); - BIG_XXX_copy(x1,one); - BIG_XXX_zero(x2); - - while (BIG_XXX_comp(u,one)!=0 && BIG_XXX_comp(v,one)!=0) - { - while (BIG_XXX_parity(u)==0) - { - BIG_XXX_fshr(u,1); - if (BIG_XXX_parity(x1)!=0) - { - BIG_XXX_add(x1,p,x1); - BIG_XXX_norm(x1); - } - BIG_XXX_fshr(x1,1); - } - while (BIG_XXX_parity(v)==0) - { - BIG_XXX_fshr(v,1); - if (BIG_XXX_parity(x2)!=0) - { - BIG_XXX_add(x2,p,x2); - BIG_XXX_norm(x2); - } - BIG_XXX_fshr(x2,1); - } - if (BIG_XXX_comp(u,v)>=0) - { - BIG_XXX_sub(u,u,v); - BIG_XXX_norm(u); - if (BIG_XXX_comp(x1,x2)>=0) BIG_XXX_sub(x1,x1,x2); - else - { - BIG_XXX_sub(t,p,x2); - BIG_XXX_add(x1,x1,t); - } - BIG_XXX_norm(x1); - } - else - { - BIG_XXX_sub(v,v,u); - BIG_XXX_norm(v); - if (BIG_XXX_comp(x2,x1)>=0) BIG_XXX_sub(x2,x2,x1); - else - { - BIG_XXX_sub(t,p,x1); - BIG_XXX_add(x2,x2,t); - } - BIG_XXX_norm(x2); - } - } - if (BIG_XXX_comp(u,one)==0) - BIG_XXX_copy(r,x1); - else - BIG_XXX_copy(r,x2); -} - -/* set x = x mod 2^m */ -void BIG_XXX_mod2m(BIG_XXX x,int m) -{ - int i,wd,bt; - chunk msk; - BIG_XXX_norm(x); -// if (m>=MODBITS) return; - wd=m/BASEBITS_XXX; - bt=m%BASEBITS_XXX; - msk=((chunk)1<<bt)-1; - x[wd]&=msk; - for (i=wd+1; i<NLEN_XXX; i++) x[i]=0; -} - -// new -/* Convert to DBIG number from byte array of given length */ -void BIG_XXX_dfromBytesLen(DBIG_XXX a,char *b,int s) -{ - int i,len=s; - BIG_XXX_dzero(a); - - for (i=0; i<len; i++) - { - BIG_XXX_dshl(a,8); - a[0]+=(int)(unsigned char)b[i]; - } -#ifdef DEBUG_NORM - a[DMPV_XXX]=1; - a[DMNV_XXX]=0; -#endif -} http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/1add7560/version3/c/big.h ---------------------------------------------------------------------- diff --git a/version3/c/big.h b/version3/c/big.h deleted file mode 100644 index 36b0c7c..0000000 --- a/version3/c/big.h +++ /dev/null @@ -1,610 +0,0 @@ -/* - Licensed to the Apache Software Foundation (ASF) under one - or more contributor license agreements. See the NOTICE file - distributed with this work for additional information - regarding copyright ownership. The ASF licenses this file - to you under the Apache License, Version 2.0 (the - "License"); you may not use this file except in compliance - with the License. You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - - Unless required by applicable law or agreed to in writing, - software distributed under the License is distributed on an - "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - KIND, either express or implied. See the License for the - specific language governing permissions and limitations - under the License. -*/ - -/** - * @file big.h - * @author Mike Scott - * @brief BIG Header File - * - */ - -#ifndef BIG_XXX_H -#define BIG_XXX_H - -#include <stdio.h> -#include <stdlib.h> -#include <inttypes.h> -#include "arch.h" -#include "amcl.h" -#include "config_big_XXX.h" - -//#define UNWOUND - -#define BIGBITS_XXX (8*MODBYTES_XXX) /**< Length in bits */ -#define NLEN_XXX (1+((8*MODBYTES_XXX-1)/BASEBITS_XXX)) /**< length in bytes */ -#define DNLEN_XXX 2*NLEN_XXX /**< Double length in bytes */ -#define BMASK_XXX (((chunk)1<<BASEBITS_XXX)-1) /**< Mask = 2^BASEBITS-1 */ -#define NEXCESS_XXX (1<<(CHUNK-BASEBITS_XXX-1)) /**< 2^(CHUNK-BASEBITS-1) - digit cannot be multiplied by more than this before normalisation */ - -#define HBITS_XXX (BASEBITS_XXX/2) /**< Number of bits in number base divided by 2 */ -#define HMASK_XXX (((chunk)1<<HBITS_XXX)-1) /**< Mask = 2^HBITS-1 */ - -//#define DEBUG_NORM - -#ifdef DEBUG_NORM /* Add an extra location to track chunk extension */ -#define MPV_XXX NLEN_XXX -#define MNV_XXX (NLEN_XXX+1) -typedef chunk BIG_XXX[NLEN_XXX+2]; /**< Define type BIG as array of chunks */ -#define DMPV_XXX DNLEN_XXX -#define DMNV_XXX (DNLEN_XXX+1) -typedef chunk DBIG_XXX[DNLEN_XXX+2]; /**< Define type DBIG as array of chunks */ -#else -typedef chunk BIG_XXX[NLEN_XXX]; /**< Define type BIG as array of chunks */ -typedef chunk DBIG_XXX[DNLEN_XXX]; /**< Define type DBIG as array of chunks */ -#endif - -/* BIG number prototypes */ - -/** @brief Tests for BIG equal to zero - * - @param x a BIG number - @return 1 if zero, else returns 0 - */ -extern int BIG_XXX_iszilch(BIG_XXX x); -/** @brief Tests for BIG equal to one - * - @param x a BIG number - @return 1 if one, else returns 0 - */ -extern int BIG_XXX_isunity(BIG_XXX x); -/** @brief Tests for DBIG equal to zero - * - @param x a DBIG number - @return 1 if zero, else returns 0 - */ -extern int BIG_XXX_diszilch(DBIG_XXX x); -/** @brief Outputs a BIG number to the console - * - @param x a BIG number - */ -extern void BIG_XXX_output(BIG_XXX x); -/** @brief Outputs a BIG number to the console in raw form (for debugging) - * - @param x a BIG number - */ -extern void BIG_XXX_rawoutput(BIG_XXX x); -/** @brief Conditional constant time swap of two BIG numbers - * - Conditionally swaps parameters in constant time (without branching) - @param x a BIG number - @param y another BIG number - @param s swap takes place if not equal to 0 - */ -extern void BIG_XXX_cswap(BIG_XXX x,BIG_XXX y,int s); -/** @brief Conditional copy of BIG number - * - Conditionally copies second parameter to the first (without branching) - @param x a BIG number - @param y another BIG number - @param s copy takes place if not equal to 0 - */ -extern void BIG_XXX_cmove(BIG_XXX x,BIG_XXX y,int s); -/** @brief Conditional copy of DBIG number - * - Conditionally copies second parameter to the first (without branching) - @param x a DBIG number - @param y another DBIG number - @param s copy takes place if not equal to 0 - */ -extern void BIG_XXX_dcmove(BIG_XXX x,BIG_XXX y,int s); -/** @brief Convert from BIG number to byte array - * - @param a byte array - @param x BIG number - */ -extern void BIG_XXX_toBytes(char *a,BIG_XXX x); -/** @brief Convert to BIG number from byte array - * - @param x BIG number - @param a byte array - */ -extern void BIG_XXX_fromBytes(BIG_XXX x,char *a); -/** @brief Convert to BIG number from byte array of given length - * - @param x BIG number - @param a byte array - @param s byte array length - */ -extern void BIG_XXX_fromBytesLen(BIG_XXX x,char *a,int s); -/**@brief Convert to DBIG number from byte array of given length - * - @param x DBIG number - @param a byte array - @param s byte array length - */ -extern void BIG_XXX_dfromBytesLen(DBIG_XXX x,char *a,int s); -/** @brief Outputs a DBIG number to the console - * - @param x a DBIG number - */ -extern void BIG_XXX_doutput(DBIG_XXX x); - -/** @brief Outputs a DBIG number to the console - * - @param x a DBIG number - */ -extern void BIG_XXX_drawoutput(DBIG_XXX x); - -/** @brief Copy BIG from Read-Only Memory to a BIG - * - @param x BIG number - @param y BIG number in ROM - */ -extern void BIG_XXX_rcopy(BIG_XXX x,const BIG_XXX y); -/** @brief Copy BIG to another BIG - * - @param x BIG number - @param y BIG number to be copied - */ -extern void BIG_XXX_copy(BIG_XXX x,BIG_XXX y); -/** @brief Copy DBIG to another DBIG - * - @param x DBIG number - @param y DBIG number to be copied - */ -extern void BIG_XXX_dcopy(DBIG_XXX x,DBIG_XXX y); -/** @brief Copy BIG to upper half of DBIG - * - @param x DBIG number - @param y BIG number to be copied - */ -extern void BIG_XXX_dsucopy(DBIG_XXX x,BIG_XXX y); -/** @brief Copy BIG to lower half of DBIG - * - @param x DBIG number - @param y BIG number to be copied - */ -extern void BIG_XXX_dscopy(DBIG_XXX x,BIG_XXX y); -/** @brief Copy lower half of DBIG to a BIG - * - @param x BIG number - @param y DBIG number to be copied - */ -extern void BIG_XXX_sdcopy(BIG_XXX x,DBIG_XXX y); -/** @brief Copy upper half of DBIG to a BIG - * - @param x BIG number - @param y DBIG number to be copied - */ -extern void BIG_XXX_sducopy(BIG_XXX x,DBIG_XXX y); -/** @brief Set BIG to zero - * - @param x BIG number to be set to zero - */ -extern void BIG_XXX_zero(BIG_XXX x); -/** @brief Set DBIG to zero - * - @param x DBIG number to be set to zero - */ -extern void BIG_XXX_dzero(DBIG_XXX x); -/** @brief Set BIG to one (unity) - * - @param x BIG number to be set to one. - */ -extern void BIG_XXX_one(BIG_XXX x); -/** @brief Set BIG to inverse mod 2^256 - * - @param x BIG number to be inverted - */ -extern void BIG_XXX_invmod2m(BIG_XXX x); -/** @brief Set BIG to sum of two BIGs - output not normalised - * - @param x BIG number, sum of other two - @param y BIG number - @param z BIG number - */ -extern void BIG_XXX_add(BIG_XXX x,BIG_XXX y,BIG_XXX z); - -/** @brief Set BIG to logical or of two BIGs - output normalised - * - @param x BIG number, or of other two - @param y BIG number - @param z BIG number - */ -extern void BIG_XXX_or(BIG_XXX x,BIG_XXX y,BIG_XXX z); - -/** @brief Increment BIG by a small integer - output not normalised - * - @param x BIG number to be incremented - @param i integer - */ -extern void BIG_XXX_inc(BIG_XXX x,int i); -/** @brief Set BIG to difference of two BIGs - * - @param x BIG number, difference of other two - output not normalised - @param y BIG number - @param z BIG number - */ -extern void BIG_XXX_sub(BIG_XXX x,BIG_XXX y,BIG_XXX z); -/** @brief Decrement BIG by a small integer - output not normalised - * - @param x BIG number to be decremented - @param i integer - */ -extern void BIG_XXX_dec(BIG_XXX x,int i); -/** @brief Set DBIG to sum of two DBIGs - * - @param x DBIG number, sum of other two - output not normalised - @param y DBIG number - @param z DBIG number - */ -extern void BIG_XXX_dadd(DBIG_XXX x,DBIG_XXX y,DBIG_XXX z); -/** @brief Set DBIG to difference of two DBIGs - * - @param x DBIG number, difference of other two - output not normalised - @param y DBIG number - @param z DBIG number - */ -extern void BIG_XXX_dsub(DBIG_XXX x,DBIG_XXX y,DBIG_XXX z); -/** @brief Multiply BIG by a small integer - output not normalised - * - @param x BIG number, product of other two - @param y BIG number - @param i small integer - */ -extern void BIG_XXX_imul(BIG_XXX x,BIG_XXX y,int i); -/** @brief Multiply BIG by not-so-small small integer - output normalised - * - @param x BIG number, product of other two - @param y BIG number - @param i small integer - @return Overflowing bits - */ -extern chunk BIG_XXX_pmul(BIG_XXX x,BIG_XXX y,int i); -/** @brief Divide BIG by 3 - output normalised - * - @param x BIG number - @return Remainder - */ -extern int BIG_XXX_div3(BIG_XXX x); -/** @brief Multiply BIG by even bigger small integer resulting in a DBIG - output normalised - * - @param x DBIG number, product of other two - @param y BIG number - @param i small integer - */ -extern void BIG_XXX_pxmul(DBIG_XXX x,BIG_XXX y,int i); -/** @brief Multiply BIG by another BIG resulting in DBIG - inputs normalised and output normalised - * - @param x DBIG number, product of other two - @param y BIG number - @param z BIG number - */ -extern void BIG_XXX_mul(DBIG_XXX x,BIG_XXX y,BIG_XXX z); -/** @brief Multiply BIG by another BIG resulting in another BIG - inputs normalised and output normalised - * - Note that the product must fit into a BIG, and x must be distinct from y and z - @param x BIG number, product of other two - @param y BIG number - @param z BIG number - */ -extern void BIG_XXX_smul(BIG_XXX x,BIG_XXX y,BIG_XXX z); -/** @brief Square BIG resulting in a DBIG - input normalised and output normalised - * - @param x DBIG number, square of a BIG - @param y BIG number to be squared - */ -extern void BIG_XXX_sqr(DBIG_XXX x,BIG_XXX y); - -/** @brief Montgomery reduction of a DBIG to a BIG - input normalised and output normalised - * - @param a BIG number, reduction of a BIG - @param md BIG number, the modulus - @param MC the Montgomery Constant - @param d DBIG number to be reduced - */ -extern void BIG_XXX_monty(BIG_XXX a,BIG_XXX md,chunk MC,DBIG_XXX d); - -/** @brief Shifts a BIG left by any number of bits - input must be normalised, output normalised - * - @param x BIG number to be shifted - @param s Number of bits to shift - */ -extern void BIG_XXX_shl(BIG_XXX x,int s); -/** @brief Fast shifts a BIG left by a small number of bits - input must be normalised, output will be normalised - * - The number of bits to be shifted must be less than BASEBITS - @param x BIG number to be shifted - @param s Number of bits to shift - @return Overflow bits - */ -extern int BIG_XXX_fshl(BIG_XXX x,int s); -/** @brief Shifts a DBIG left by any number of bits - input must be normalised, output normalised - * - @param x DBIG number to be shifted - @param s Number of bits to shift - */ -extern void BIG_XXX_dshl(DBIG_XXX x,int s); -/** @brief Shifts a BIG right by any number of bits - input must be normalised, output normalised - * - @param x BIG number to be shifted - @param s Number of bits to shift - */ -extern void BIG_XXX_shr(BIG_XXX x,int s); - -/** @brief Fast time-critical combined shift by 1 bit, subtract and normalise - * - @param r BIG number normalised output - @param a BIG number to be subtracted from - @param m BIG number to be shifted and subtracted - @return sign of r - */ -extern int BIG_XXX_ssn(BIG_XXX r,BIG_XXX a, BIG_XXX m); - -/** @brief Fast shifts a BIG right by a small number of bits - input must be normalised, output will be normalised - * - The number of bits to be shifted must be less than BASEBITS - @param x BIG number to be shifted - @param s Number of bits to shift - @return Shifted out bits - */ -extern int BIG_XXX_fshr(BIG_XXX x,int s); -/** @brief Shifts a DBIG right by any number of bits - input must be normalised, output normalised - * - @param x DBIG number to be shifted - @param s Number of bits to shift - */ -extern void BIG_XXX_dshr(DBIG_XXX x,int s); -/** @brief Splits a DBIG into two BIGs - input must be normalised, outputs normalised - * - Internal function. The value of s must be approximately in the middle of the DBIG. - Typically used to extract z mod 2^MODBITS and z/2^MODBITS - @param x BIG number, top half of z - @param y BIG number, bottom half of z - @param z DBIG number to be split in two. - @param s Bit position at which to split - @return carry-out from top half - */ -extern chunk BIG_XXX_split(BIG_XXX x,BIG_XXX y,DBIG_XXX z,int s); -/** @brief Normalizes a BIG number - output normalised - * - All digits of the input BIG are reduced mod 2^BASEBITS - @param x BIG number to be normalised - */ -extern chunk BIG_XXX_norm(BIG_XXX x); -/** @brief Normalizes a DBIG number - output normalised - * - All digits of the input DBIG are reduced mod 2^BASEBITS - @param x DBIG number to be normalised - */ -extern void BIG_XXX_dnorm(DBIG_XXX x); -/** @brief Compares two BIG numbers. Inputs must be normalised externally - * - @param x first BIG number to be compared - @param y second BIG number to be compared - @return -1 is x<y, 0 if x=y, 1 if x>y - */ -extern int BIG_XXX_comp(BIG_XXX x,BIG_XXX y); -/** @brief Compares two DBIG numbers. Inputs must be normalised externally - * - @param x first DBIG number to be compared - @param y second DBIG number to be compared - @return -1 is x<y, 0 if x=y, 1 if x>y - */ -extern int BIG_XXX_dcomp(DBIG_XXX x,DBIG_XXX y); -/** @brief Calculate number of bits in a BIG - output normalised - * - @param x BIG number - @return Number of bits in x - */ -extern int BIG_XXX_nbits(BIG_XXX x); -/** @brief Calculate number of bits in a DBIG - output normalised - * - @param x DBIG number - @return Number of bits in x - */ -extern int BIG_XXX_dnbits(DBIG_XXX x); -/** @brief Reduce x mod n - input and output normalised - * - Slow but rarely used - @param x BIG number to be reduced mod n - @param n The modulus - */ -extern void BIG_XXX_mod(BIG_XXX x,BIG_XXX n); -/** @brief Divide x by n - output normalised - * - Slow but rarely used - @param x BIG number to be divided by n - @param n The Divisor - */ -extern void BIG_XXX_sdiv(BIG_XXX x,BIG_XXX n); -/** @brief x=y mod n - output normalised - * - Slow but rarely used. y is destroyed. - @param x BIG number, on exit = y mod n - @param y DBIG number - @param n Modulus - */ -extern void BIG_XXX_dmod(BIG_XXX x,DBIG_XXX y,BIG_XXX n); -/** @brief x=y/n - output normalised - * - Slow but rarely used. y is destroyed. - @param x BIG number, on exit = y/n - @param y DBIG number - @param n Modulus - */ -extern void BIG_XXX_ddiv(BIG_XXX x,DBIG_XXX y,BIG_XXX n); -/** @brief return parity of BIG, that is the least significant bit - * - @param x BIG number - @return 0 or 1 - */ -extern int BIG_XXX_parity(BIG_XXX x); -/** @brief return i-th of BIG - * - @param x BIG number - @param i the bit of x to be returned - @return 0 or 1 - */ -extern int BIG_XXX_bit(BIG_XXX x,int i); -/** @brief return least significant bits of a BIG - * - @param x BIG number - @param n number of bits to return. Assumed to be less than BASEBITS. - @return least significant n bits as an integer - */ -extern int BIG_XXX_lastbits(BIG_XXX x,int n); -/** @brief Create a random BIG from a random number generator - * - Assumes that the random number generator has been suitably initialised - @param x BIG number, on exit a random number - @param r A pointer to a Cryptographically Secure Random Number Generator - */ -extern void BIG_XXX_random(BIG_XXX x,csprng *r); -/** @brief Create an unbiased random BIG from a random number generator, reduced with respect to a modulus - * - Assumes that the random number generator has been suitably initialised - @param x BIG number, on exit a random number - @param n The modulus - @param r A pointer to a Cryptographically Secure Random Number Generator - */ -extern void BIG_XXX_randomnum(BIG_XXX x,BIG_XXX n,csprng *r); -/** brief return NAF (Non-Adjacent-Form) value as +/- 1, 3 or 5, inputs must be normalised - * - Given x and 3*x extracts NAF value from given bit position, and returns number of bits processed, and number of trailing zeros detected if any - param x BIG number - param x3 BIG number, three times x - param i bit position - param nbs pointer to integer returning number of bits processed - param nzs pointer to integer returning number of trailing 0s - return + or - 1, 3 or 5 -*/ - -/** @brief Calculate x=y*z mod n - * - Slow method for modular multiplication - @param x BIG number, on exit = y*z mod n - @param y BIG number - @param z BIG number - @param n The BIG Modulus - */ -extern void BIG_XXX_modmul(BIG_XXX x,BIG_XXX y,BIG_XXX z,BIG_XXX n); -/** @brief Calculate x=y/z mod n - * - Slow method for modular division - @param x BIG number, on exit = y/z mod n - @param y BIG number - @param z BIG number - @param n The BIG Modulus - */ -extern void BIG_XXX_moddiv(BIG_XXX x,BIG_XXX y,BIG_XXX z,BIG_XXX n); -/** @brief Calculate x=y^2 mod n - * - Slow method for modular squaring - @param x BIG number, on exit = y^2 mod n - @param y BIG number - @param n The BIG Modulus - */ -extern void BIG_XXX_modsqr(BIG_XXX x,BIG_XXX y,BIG_XXX n); -/** @brief Calculate x=-y mod n - * - Modular negation - @param x BIG number, on exit = -y mod n - @param y BIG number - @param n The BIG Modulus - */ -extern void BIG_XXX_modneg(BIG_XXX x,BIG_XXX y,BIG_XXX n); -/** @brief Calculate jacobi Symbol (x/y) - * - @param x BIG number - @param y BIG number - @return Jacobi symbol, -1,0 or 1 - */ -extern int BIG_XXX_jacobi(BIG_XXX x,BIG_XXX y); -/** @brief Calculate x=1/y mod n - * - Modular Inversion - This is slow. Uses binary method. - @param x BIG number, on exit = 1/y mod n - @param y BIG number - @param n The BIG Modulus - */ -extern void BIG_XXX_invmodp(BIG_XXX x,BIG_XXX y,BIG_XXX n); -/** @brief Calculate x=x mod 2^m - * - Truncation - @param x BIG number, on reduced mod 2^m - @param m new truncated size -*/ -extern void BIG_XXX_mod2m(BIG_XXX x,int m); - -/** @brief Calculates a*b+c+*d - * - Calculate partial product of a.b, add in carry c, and add total to d - @param x multiplier - @param y multiplicand - @param c carry - @param r pointer to accumulated bottom half of result - @return top half of result - */ - -#ifdef dchunk - -/* Method required to calculate x*y+c+r, bottom half in r, top half returned */ -static inline chunk muladd_XXX(chunk x,chunk y,chunk c,chunk *r) -{ - dchunk prod=(dchunk)x*y+c+*r; - *r=(chunk)prod&BMASK_XXX; - return (chunk)(prod>>BASEBITS_XXX); -} - -#else - -/* No integer type available that can store double the wordlength */ -/* accumulate partial products */ - -static inline chunk muladd_XXX(chunk x,chunk y,chunk c,chunk *r) -{ - chunk x0,x1,y0,y1; - chunk bot,top,mid,carry; - x0=x&HMASK_XXX; - x1=(x>>HBITS_XXX); - y0=y&HMASK_XXX; - y1=(y>>HBITS_XXX); - bot=x0*y0; - top=x1*y1; - mid=x0*y1+x1*y0; - x0=mid&HMASK_XXX; - x1=(mid>>HBITS_XXX); - bot+=x0<<HBITS_XXX; - bot+=*r; - bot+=c; - - top+=x1; - carry=bot>>BASEBITS_XXX; - bot&=BMASK_XXX; - top+=carry; - - *r=bot; - return top; -} - -#endif - - -#endif http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto/blob/1add7560/version3/c/config16.py ---------------------------------------------------------------------- diff --git a/version3/c/config16.py b/version3/c/config16.py deleted file mode 100644 index 6ad7270..0000000 --- a/version3/c/config16.py +++ /dev/null @@ -1,367 +0,0 @@ -import os -import sys - -deltext="" -if sys.platform.startswith("linux") : - deltext="rm" - copytext="cp" -if sys.platform.startswith("darwin") : - deltext="rm" - copytext="cp" -if sys.platform.startswith("win") : - deltext="del" - copytext="copy" - -def replace(namefile,oldtext,newtext): - f = open(namefile,'r') - filedata = f.read() - f.close() - - newdata = filedata.replace(oldtext,newtext) - - f = open(namefile,'w') - f.write(newdata) - f.close() - - -def rsaset(tb,tff,nb,base,ml) : - bd=tb+"_"+base - fnameh="config_big_"+bd+".h" - os.system(copytext+" config_big.h "+fnameh) - replace(fnameh,"XXX",bd) - replace(fnameh,"@NB@",nb) - replace(fnameh,"@BASE@",base) - - fnameh="config_ff_"+tff+".h" - os.system(copytext+" config_ff.h "+fnameh) - replace(fnameh,"XXX",bd) - replace(fnameh,"WWW",tff) - replace(fnameh,"@ML@",ml); - - fnamec="big_"+bd+".c" - fnameh="big_"+bd+".h" - - os.system(copytext+" big.c "+fnamec) - os.system(copytext+" big.h "+fnameh) - - replace(fnamec,"XXX",bd) - replace(fnameh,"XXX",bd) - os.system("gcc -O3 -std=c99 -c "+fnamec) - - fnamec="ff_"+tff+".c" - fnameh="ff_"+tff+".h" - - os.system(copytext+" ff.c "+fnamec) - os.system(copytext+" ff.h "+fnameh) - - replace(fnamec,"WWW",tff) - replace(fnamec,"XXX",bd) - replace(fnameh,"WWW",tff) - replace(fnameh,"XXX",bd) - os.system("gcc -O3 -std=c99 -c "+fnamec) - - fnamec="rsa_"+tff+".c" - fnameh="rsa_"+tff+".h" - - os.system(copytext+" rsa.c "+fnamec) - os.system(copytext+" rsa.h "+fnameh) - - replace(fnamec,"WWW",tff) - replace(fnamec,"XXX",bd) - replace(fnameh,"WWW",tff) - replace(fnameh,"XXX",bd) - os.system("gcc -O3 -std=c99 -c "+fnamec) - -def curveset(tb,tf,tc,nb,base,nbt,m8,mt,ct,pf,stw,sx,cs) : - bd=tb+"_"+base - fnameh="config_big_"+bd+".h" - os.system(copytext+" config_big.h "+fnameh) - replace(fnameh,"XXX",bd) - replace(fnameh,"@NB@",nb) - replace(fnameh,"@BASE@",base) - - fnameh="config_field_"+tf+".h" - os.system(copytext+" config_field.h "+fnameh) - replace(fnameh,"XXX",bd) - replace(fnameh,"YYY",tf) - replace(fnameh,"@NBT@",nbt) - replace(fnameh,"@M8@",m8) - replace(fnameh,"@MT@",mt) - - ib=int(base) - inb=int(nb) - inbt=int(nbt) - sh=ib*(1+((8*inb-1)//ib))-inbt - if sh > 6 : - sh=6 - replace(fnameh,"@SH@",str(sh)) - - fnameh="config_curve_"+tc+".h" - os.system(copytext+" config_curve.h "+fnameh) - replace(fnameh,"XXX",bd) - replace(fnameh,"YYY",tf) - replace(fnameh,"ZZZ",tc) - replace(fnameh,"@CT@",ct) - replace(fnameh,"@PF@",pf) - - replace(fnameh,"@ST@",stw) - replace(fnameh,"@SX@",sx) - replace(fnameh,"@CS@",cs) - - fnamec="big_"+bd+".c" - fnameh="big_"+bd+".h" - - os.system(copytext+" big.c "+fnamec) - os.system(copytext+" big.h "+fnameh) - - replace(fnamec,"XXX",bd) - replace(fnameh,"XXX",bd) - os.system("gcc -O3 -std=c99 -c "+fnamec) - - fnamec="fp_"+tf+".c" - fnameh="fp_"+tf+".h" - - os.system(copytext+" fp.c "+fnamec) - os.system(copytext+" fp.h "+fnameh) - - replace(fnamec,"YYY",tf) - replace(fnamec,"XXX",bd) - replace(fnameh,"YYY",tf) - replace(fnameh,"XXX",bd) - os.system("gcc -O3 -std=c99 -c "+fnamec) - - os.system("gcc -O3 -std=c99 -c rom_field_"+tf+".c"); - - fnamec="ecp_"+tc+".c" - fnameh="ecp_"+tc+".h" - - os.system(copytext+" ecp.c "+fnamec) - os.system(copytext+" ecp.h "+fnameh) - - replace(fnamec,"ZZZ",tc) - replace(fnamec,"YYY",tf) - replace(fnamec,"XXX",bd) - replace(fnameh,"ZZZ",tc) - replace(fnameh,"YYY",tf) - replace(fnameh,"XXX",bd) - os.system("gcc -O3 -std=c99 -c "+fnamec) - - fnamec="ecdh_"+tc+".c" - fnameh="ecdh_"+tc+".h" - - os.system(copytext+" ecdh.c "+fnamec) - os.system(copytext+" ecdh.h "+fnameh) - - replace(fnamec,"ZZZ",tc) - replace(fnamec,"YYY",tf) - replace(fnamec,"XXX",bd) - replace(fnameh,"ZZZ",tc) - replace(fnameh,"YYY",tf) - replace(fnameh,"XXX",bd) - os.system("gcc -O3 -std=c99 -c "+fnamec) - - os.system("gcc -O3 -std=c99 -c rom_curve_"+tc+".c"); - - if pf != "NOT" : - fnamec="fp2_"+tf+".c" - fnameh="fp2_"+tf+".h" - - os.system(copytext+" fp2.c "+fnamec) - os.system(copytext+" fp2.h "+fnameh) - replace(fnamec,"YYY",tf) - replace(fnamec,"XXX",bd) - replace(fnameh,"YYY",tf) - replace(fnameh,"XXX",bd) - os.system("gcc -O3 -std=c99 -c "+fnamec) - - fnamec="fp4_"+tf+".c" - fnameh="fp4_"+tf+".h" - - os.system(copytext+" fp4.c "+fnamec) - os.system(copytext+" fp4.h "+fnameh) - replace(fnamec,"YYY",tf) - replace(fnamec,"XXX",bd) - replace(fnamec,"ZZZ",tc) - replace(fnameh,"YYY",tf) - replace(fnameh,"XXX",bd) - replace(fnameh,"ZZZ",tc) - os.system("gcc -O3 -std=c99 -c "+fnamec) - - fnamec="fp12_"+tf+".c" - fnameh="fp12_"+tf+".h" - - os.system(copytext+" fp12.c "+fnamec) - os.system(copytext+" fp12.h "+fnameh) - replace(fnamec,"YYY",tf) - replace(fnamec,"XXX",bd) - replace(fnameh,"YYY",tf) - replace(fnameh,"XXX",bd) - os.system("gcc -O3 -std=c99 -c "+fnamec) - - fnamec="ecp2_"+tc+".c" - fnameh="ecp2_"+tc+".h" - - os.system(copytext+" ecp2.c "+fnamec) - os.system(copytext+" ecp2.h "+fnameh) - replace(fnamec,"ZZZ",tc) - replace(fnamec,"YYY",tf) - replace(fnamec,"XXX",bd) - replace(fnameh,"ZZZ",tc) - replace(fnameh,"YYY",tf) - replace(fnameh,"XXX",bd) - os.system("gcc -O3 -std=c99 -c "+fnamec) - - fnamec="pair_"+tc+".c" - fnameh="pair_"+tc+".h" - - os.system(copytext+" pair.c "+fnamec) - os.system(copytext+" pair.h "+fnameh) - replace(fnamec,"ZZZ",tc) - replace(fnamec,"YYY",tf) - replace(fnamec,"XXX",bd) - replace(fnameh,"ZZZ",tc) - replace(fnameh,"YYY",tf) - replace(fnameh,"XXX",bd) - os.system("gcc -O3 -std=c99 -c "+fnamec) - - fnamec="mpin_"+tc+".c" - fnameh="mpin_"+tc+".h" - - os.system(copytext+" mpin.c "+fnamec) - os.system(copytext+" mpin.h "+fnameh) - replace(fnamec,"ZZZ",tc) - replace(fnamec,"YYY",tf) - replace(fnamec,"XXX",bd) - replace(fnameh,"ZZZ",tc) - replace(fnameh,"YYY",tf) - replace(fnameh,"XXX",bd) - os.system("gcc -O3 -std=c99 -c "+fnamec) - -replace("arch.h","@WL@","16") -print("Elliptic Curves") -print("1. ED25519") -print("2. NUMS256E") - -print("Pairing-Friendly Elliptic Curves") -print("3. BN254") -print("4. BN254CX") - -print("RSA") -print("5. RSA2048") - - -selection=[] -ptr=0 -max=6 - -curve_selected=False -pfcurve_selected=False -rsa_selected=False - -while ptr<max: - x=int(input("Choose a Scheme to support - 0 to finish: ")) - if x == 0: - break -# print("Choice= ",x) - already=False - for i in range(0,ptr): - if x==selection[i]: - already=True - break - if already: - continue - - selection.append(x) - ptr=ptr+1 - -# curveset(big,field,curve,big_length_bytes,bits_in_base,modulus_bits,modulus_mod_8,modulus_type,curve_type,pairing_friendly,sextic twist,sign of x) -# for each curve give names for big, field and curve. In many cases the latter two will be the same. -# Typically "big" is the size in bits, always a multiple of 8, "field" describes the modulus, and "curve" is the common name for the elliptic curve -# big_length_bytes is "big" divided by 8 -# Next give the number base used for 16 bit architectures, as n where the base is 2^n (note that these must be fixed for the same "big" name, if is ever re-used for another curve) -# modulus_bits is the bit length of the modulus, typically the same or slightly smaller than "big" -# modulus_mod_8 is the remainder when the modulus is divided by 8 -# modulus_type is NOT_SPECIAL, or PSEUDO_MERSENNE, or MONTGOMERY_Friendly, or GENERALISED_MERSENNE (supported for GOLDILOCKS only) -# curve_type is WEIERSTRASS, EDWARDS or MONTGOMERY -# pairing_friendly is BN, BLS or NOT (if not pairing friendly) -# if pairing friendly. M or D type twist, and sign of the family parameter x - - if x==1: - curveset("256","25519","ED25519","32","13","255","5","PSEUDO_MERSENNE","EDWARDS","NOT","","","128") - curve_selected=True - if x==2: - curveset("256","256PME","NUMS256E","32","13","256","3","PSEUDO_MERSENNE","EDWARDS","NOT","","","128") - curve_selected=True - - - if x==3: - curveset("256","BN254","BN254","32","13","254","3","NOT_SPECIAL","WEIERSTRASS","BN","D_TYPE","NEGATIVEX","128") - pfcurve_selected=True - if x==4: - curveset("256","BN254CX","BN254CX","32","13","254","3","NOT_SPECIAL","WEIERSTRASS","BN","D_TYPE","NEGATIVEX","128") - pfcurve_selected=True - -# rsaset(big,ring,big_length_bytes,bits_in_base,multiplier) -# for each choice give distinct names for "big" and "ring". -# Typically "big" is the length in bits of the underlying big number type -# "ring" is the RSA modulus size = "big" times 2^m -# big_length_bytes is "big" divided by 8 -# Next give the number base used for 16 bit architecture, as n where the base is 2^n -# multiplier is 2^m (see above) - -# There are choices here, different ways of getting the same result, but some faster than others - if x==5: - #256 is slower but may allow reuse of 256-bit BIGs used for elliptic curve - #512 is faster.. but best is 1024 - rsaset("256","2048","32","13","8") - rsa_selected=True - - -os.system(deltext+" big.*") -os.system(deltext+" fp.*") -os.system(deltext+" ecp.*") -os.system(deltext+" ecdh.*") -os.system(deltext+" ff.*") -os.system(deltext+" rsa.*") -os.system(deltext+" config_big.h") -os.system(deltext+" config_field.h") -os.system(deltext+" config_curve.h") -os.system(deltext+" config_ff.h") -os.system(deltext+" fp2.*") -os.system(deltext+" fp4.*") -os.system(deltext+" fp12.*") -os.system(deltext+" ecp2.*") -os.system(deltext+" pair.*") -os.system(deltext+" mpin.*") - -# create library -os.system("gcc -O3 -std=c99 -c randapi.c") -if curve_selected : - os.system("gcc -O3 -std=c99 -c ecdh_support.c") -if rsa_selected : - os.system("gcc -O3 -std=c99 -c rsa_support.c") -if pfcurve_selected : - os.system("gcc -O3 -std=c99 -c pbc_support.c") - -os.system("gcc -O3 -std=c99 -c hash.c") -os.system("gcc -O3 -std=c99 -c rand.c") -os.system("gcc -O3 -std=c99 -c oct.c") -os.system("gcc -O3 -std=c99 -c aes.c") -os.system("gcc -O3 -std=c99 -c gcm.c") -os.system("gcc -O3 -std=c99 -c newhope.c") - -if sys.platform.startswith("win") : - os.system("for %i in (*.o) do @echo %~nxi >> f.list") - os.system("ar rc amcl.a @f.list") - os.system(deltext+" f.list") - -else : - os.system("ar rc amcl.a *.o") - -os.system(deltext+" *.o") - - -#print("Your section was "); -#for i in range(0,ptr): -# print (selection[i]) -
