This is an automated email from the ASF dual-hosted git repository. sandreoli pushed a commit to branch review-mike in repository https://gitbox.apache.org/repos/asf/incubator-milagro-crypto-c.git
commit db3924bfcd69924b7257c9c9d23af37cecb8c6e2 Author: Samuele Andreoli <[email protected]> AuthorDate: Thu Apr 9 08:53:55 2020 +0100 use naming convention for ff powers --- include/ff.h.in | 20 ++++++++++---------- src/ff.c.in | 34 +++++++++++++++++----------------- src/paillier.c | 8 ++++---- src/rsa.c.in | 6 +++--- test/test_ff_consistency_WWW.c.in | 16 ++++++++-------- 5 files changed, 42 insertions(+), 42 deletions(-) diff --git a/include/ff.h.in b/include/ff.h.in index fd24215..f1180f0 100644 --- a/include/ff.h.in +++ b/include/ff.h.in @@ -249,7 +249,7 @@ extern void FF_WWW_randomnum(BIG_XXX *x,BIG_XXX *y,csprng *R,int n); @param n size of FF in BIGs @param en size of the exponent in BIGs */ -extern void FF_WWW_skpow(BIG_XXX *r,BIG_XXX *x,BIG_XXX * e,BIG_XXX *p,int n, int en); +extern void FF_WWW_ct_pow(BIG_XXX *r,BIG_XXX *x,BIG_XXX * e,BIG_XXX *p,int n, int en); /** @brief Calculate r=x^e mod p, side channel resistant * For short BIG exponent @@ -259,7 +259,7 @@ extern void FF_WWW_skpow(BIG_XXX *r,BIG_XXX *x,BIG_XXX * e,BIG_XXX *p,int n, int @param p FF modulus @param n size of FF in BIGs */ -extern void FF_WWW_skspow(BIG_XXX *r,BIG_XXX *x,BIG_XXX e,BIG_XXX *p,int n); +extern void FF_WWW_ct_pow_big(BIG_XXX *r,BIG_XXX *x,BIG_XXX e,BIG_XXX *p,int n); /** @brief Calculate r=x^e.y^f mod p for FF e and f, side channel resistant * @param r FF instance, on exit = x^e.y^f mod p @@ -271,7 +271,7 @@ extern void FF_WWW_skspow(BIG_XXX *r,BIG_XXX *x,BIG_XXX e,BIG_XXX *p,int n); @param n size of FF in BIGs @param en size of the exponent in BIGs */ -extern void FF_WWW_skpow2(BIG_XXX *r,BIG_XXX *x, BIG_XXX *e, BIG_XXX *y, BIG_XXX *f, BIG_XXX *p, int n, int en); +extern void FF_WWW_ct_pow_2(BIG_XXX *r,BIG_XXX *x, BIG_XXX *e, BIG_XXX *y, BIG_XXX *f, BIG_XXX *p, int n, int en); /** @brief Calculate r=x^e.y^f.z^g mod p for FF e, f and g, side channel resistant * @param r FF instance, on exit = x^e.y^f.z^g mod p @@ -285,7 +285,7 @@ extern void FF_WWW_skpow2(BIG_XXX *r,BIG_XXX *x, BIG_XXX *e, BIG_XXX *y, BIG_XXX @param n size of FF in BIGs @param en size of the exponent in BIGs */ -extern void FF_WWW_skpow3(BIG_XXX *r,BIG_XXX *x, BIG_XXX *e, BIG_XXX *y, BIG_XXX *f, BIG_XXX *z, BIG_XXX *g, BIG_XXX *p, int n, int en); +extern void FF_WWW_ct_pow_3(BIG_XXX *r,BIG_XXX *x, BIG_XXX *e, BIG_XXX *y, BIG_XXX *f, BIG_XXX *z, BIG_XXX *g, BIG_XXX *p, int n, int en); /** @brief Calculate r=x^e mod p. Faster but not constant time * For very short integer exponent @@ -295,7 +295,7 @@ extern void FF_WWW_skpow3(BIG_XXX *r,BIG_XXX *x, BIG_XXX *e, BIG_XXX *y, BIG_XXX @param p FF modulus @param n size of FF in BIGs */ -extern void FF_WWW_power(BIG_XXX *r,BIG_XXX *x,int e,BIG_XXX *p,int n); +extern void FF_WWW_nt_pow_int(BIG_XXX *r,BIG_XXX *x,int e,BIG_XXX *p,int n); /** @brief Calculate r=x^e mod p * @param r FF instance, on exit = x^e mod p @@ -305,7 +305,7 @@ extern void FF_WWW_power(BIG_XXX *r,BIG_XXX *x,int e,BIG_XXX *p,int n); @param n size of base in BIGs @param en size of exponent in BIGs */ -extern void FF_WWW_pow(BIG_XXX *r, BIG_XXX *x, BIG_XXX *e, BIG_XXX *p, int n, int en); +extern void FF_WWW_nt_pow(BIG_XXX *r, BIG_XXX *x, BIG_XXX *e, BIG_XXX *p, int n, int en); /** @brief Calculate r=x^e.y^f mod p. Faster but non constant time * @param r FF instance, on exit = x^e.y^f mod p @@ -317,7 +317,7 @@ extern void FF_WWW_pow(BIG_XXX *r, BIG_XXX *x, BIG_XXX *e, BIG_XXX *p, int n, in @param n size of FF in BIGs @param en size of exponent in BIGs */ -void FF_WWW_pow2(BIG_XXX *r,BIG_XXX *x,BIG_XXX *e, BIG_XXX *y, BIG_XXX *f, BIG_XXX *p,int n, int en); +void FF_WWW_nt_pow_2(BIG_XXX *r,BIG_XXX *x,BIG_XXX *e, BIG_XXX *y, BIG_XXX *f, BIG_XXX *p,int n, int en); /** @brief Calculate r=x^e.y^f.z^g mod p. Faster but non constant time * @param r FF instance, on exit = x^e.y^f.z^g mod p @@ -331,7 +331,7 @@ void FF_WWW_pow2(BIG_XXX *r,BIG_XXX *x,BIG_XXX *e, BIG_XXX *y, BIG_XXX *f, BIG_X @param n size of FF in BIGs @param en size of exponent in BIGs */ -void FF_WWW_pow3(BIG_XXX *r,BIG_XXX *x,BIG_XXX *e, BIG_XXX *y, BIG_XXX *f, BIG_XXX *z, BIG_XXX *g, BIG_XXX *p, int n, int en); +void FF_WWW_nt_pow_3(BIG_XXX *r,BIG_XXX *x,BIG_XXX *e, BIG_XXX *y, BIG_XXX *f, BIG_XXX *z, BIG_XXX *g, BIG_XXX *p, int n, int en); /** @brief Calculate r=x^e.y^f.z^g.w^h mod p. Faster but non constant time * @param r FF instance, on exit = x^e.y^f.z^g.w^h mod p @@ -347,7 +347,7 @@ void FF_WWW_pow3(BIG_XXX *r,BIG_XXX *x,BIG_XXX *e, BIG_XXX *y, BIG_XXX *f, BIG_X @param n size of FF in BIGs @param en size of exponent in BIGs */ -extern void FF_WWW_pow4(BIG_XXX *r,BIG_XXX *x,BIG_XXX *e, BIG_XXX *y, BIG_XXX *f, BIG_XXX *z, BIG_XXX *g, BIG_XXX *w, BIG_XXX *h, BIG_XXX *p, int n, int en); +extern void FF_WWW_nt_pow_4(BIG_XXX *r,BIG_XXX *x,BIG_XXX *e, BIG_XXX *y, BIG_XXX *f, BIG_XXX *z, BIG_XXX *g, BIG_XXX *w, BIG_XXX *h, BIG_XXX *p, int n, int en); /** @brief Test if an FF has factor in common with integer s * @param x FF instance to be tested @@ -371,7 +371,7 @@ extern int FF_WWW_prime(BIG_XXX *x,csprng *R,int n); @param rp FF instance, solution modulo p @param rq FF instance, solution modulo q @param p FF instance, MUST be coprime with q - @param invp FF instance, p^(-1) mod q + @param invpq FF instance, p^(-1) mod q @param pq FF instance, p*q @param n size of p in BIGs */ diff --git a/src/ff.c.in b/src/ff.c.in index 65f768f..a5d9867 100644 --- a/src/ff.c.in +++ b/src/ff.c.in @@ -625,7 +625,7 @@ void FF_WWW_invmodp(BIG_XXX r[],BIG_XXX a[],BIG_XXX p[],int n) FF_WWW_sub(w, r, p, n); FF_WWW_norm(w, n); FF_WWW_cmove(r, w, (FF_WWW_comp(r, p, n)>0), n); - + FF_WWW_sub(r, p, r, n); FF_WWW_norm(r, n); @@ -815,7 +815,7 @@ static void FF_WWW_modsqr(BIG_XXX z[],BIG_XXX x[],BIG_XXX p[],BIG_XXX ND[],int n } /* r=x^e mod p using side-channel resistant Montgomery Ladder, for short e */ -void FF_WWW_skspow(BIG_XXX r[],BIG_XXX x[],BIG_XXX e,BIG_XXX p[],int n) +void FF_WWW_ct_pow_big(BIG_XXX r[],BIG_XXX x[],BIG_XXX e,BIG_XXX p[],int n) { int i,b; #ifndef C99 @@ -842,7 +842,7 @@ void FF_WWW_skspow(BIG_XXX r[],BIG_XXX x[],BIG_XXX e,BIG_XXX p[],int n) } /* r=x^e mod p using side-channel resistant Montgomery Ladder, for large e */ -void FF_WWW_skpow(BIG_XXX r[],BIG_XXX x[],BIG_XXX e[],BIG_XXX p[],int n, int en) +void FF_WWW_ct_pow(BIG_XXX r[],BIG_XXX x[],BIG_XXX e[],BIG_XXX p[],int n, int en) { int i,b; #ifndef C99 @@ -873,7 +873,7 @@ void FF_WWW_skpow(BIG_XXX r[],BIG_XXX x[],BIG_XXX e[],BIG_XXX p[],int n, int en) } /* r=x^e*y^f mod p - side channel resistant */ -void FF_WWW_skpow2(BIG_XXX r[],BIG_XXX x[], BIG_XXX e[], BIG_XXX y[], BIG_XXX f[], BIG_XXX p[], int n, int en) +void FF_WWW_ct_pow_2(BIG_XXX r[],BIG_XXX x[], BIG_XXX e[], BIG_XXX y[], BIG_XXX f[], BIG_XXX p[], int n, int en) { int i,eb,fb; #ifndef C99 @@ -914,8 +914,8 @@ void FF_WWW_skpow2(BIG_XXX r[],BIG_XXX x[], BIG_XXX e[], BIG_XXX y[], BIG_XXX f[ FF_WWW_redc(r,p,ND,n); } -/* r=x^e*y^f mod p - side channel resistant */ -void FF_WWW_skpow3(BIG_XXX r[],BIG_XXX x[], BIG_XXX e[], BIG_XXX y[], BIG_XXX f[], BIG_XXX z[], BIG_XXX g[], BIG_XXX p[], int n, int en) +/* r=x^e*y^f*z^g mod p - side channel resistant */ +void FF_WWW_ct_pow_3(BIG_XXX r[],BIG_XXX x[], BIG_XXX e[], BIG_XXX y[], BIG_XXX f[], BIG_XXX z[], BIG_XXX g[], BIG_XXX p[], int n, int en) { int i,b; #ifndef C99 @@ -973,7 +973,7 @@ void FF_WWW_skpow3(BIG_XXX r[],BIG_XXX x[], BIG_XXX e[], BIG_XXX y[], BIG_XXX f[ } /* raise to an integer power - right-to-left method */ -void FF_WWW_power(BIG_XXX r[],BIG_XXX x[],int e,BIG_XXX p[],int n) +void FF_WWW_nt_pow_int(BIG_XXX r[],BIG_XXX x[],int e,BIG_XXX p[],int n) { int f=1; #ifndef C99 @@ -1007,7 +1007,7 @@ void FF_WWW_power(BIG_XXX r[],BIG_XXX x[],int e,BIG_XXX p[],int n) } /* r=x^e mod p, faster but not side channel resistant */ -void FF_WWW_pow(BIG_XXX r[], BIG_XXX x[], BIG_XXX e[], BIG_XXX p[], int n, int en) +void FF_WWW_nt_pow(BIG_XXX r[], BIG_XXX x[], BIG_XXX e[], BIG_XXX p[], int n, int en) { int i,b; #ifndef C99 @@ -1034,7 +1034,7 @@ void FF_WWW_pow(BIG_XXX r[], BIG_XXX x[], BIG_XXX e[], BIG_XXX p[], int n, int e /* Compute prod(x_i^e_i) mod p. Faster but not constant time Only feasible for small values of n (n<=4) */ -static void FF_WWW_pown(BIG_XXX *r, BIG_XXX *x[], BIG_XXX *e[], BIG_XXX *p, int xlen, int elen, int n) +static void FF_WWW_nt_pow_n(BIG_XXX *r, BIG_XXX *x[], BIG_XXX *e[], BIG_XXX *p, int xlen, int elen, int n) { #ifndef C99 BIG_XXX products[15][FFLEN_WWW], ND[FFLEN_WWW]; @@ -1092,28 +1092,28 @@ static void FF_WWW_pown(BIG_XXX *r, BIG_XXX *x[], BIG_XXX *e[], BIG_XXX *p, int FF_WWW_redc(r, p, ND, xlen); } -void FF_WWW_pow2(BIG_XXX *r,BIG_XXX *x,BIG_XXX *e, BIG_XXX *y, BIG_XXX *f, BIG_XXX *p,int n, int en) +void FF_WWW_nt_pow_2(BIG_XXX *r,BIG_XXX *x,BIG_XXX *e, BIG_XXX *y, BIG_XXX *f, BIG_XXX *p,int n, int en) { BIG_XXX *x_s[] = {x,y}; BIG_XXX *e_s[] = {e,f}; - FF_WWW_pown(r, x_s, e_s, p, n, en, 2); + FF_WWW_nt_pow_n(r, x_s, e_s, p, n, en, 2); } -void FF_WWW_pow3(BIG_XXX *r,BIG_XXX *x,BIG_XXX *e, BIG_XXX *y, BIG_XXX *f, BIG_XXX *z, BIG_XXX *g, BIG_XXX *p, int n, int en) +void FF_WWW_nt_pow_3(BIG_XXX *r,BIG_XXX *x,BIG_XXX *e, BIG_XXX *y, BIG_XXX *f, BIG_XXX *z, BIG_XXX *g, BIG_XXX *p, int n, int en) { BIG_XXX *x_s[] = {x,y,z}; BIG_XXX *e_s[] = {e,f,g}; - FF_WWW_pown(r, x_s, e_s, p, n, en, 3); + FF_WWW_nt_pow_n(r, x_s, e_s, p, n, en, 3); } -void FF_WWW_pow4(BIG_XXX *r,BIG_XXX *x,BIG_XXX *e, BIG_XXX *y, BIG_XXX *f, BIG_XXX *z, BIG_XXX *g, BIG_XXX *w, BIG_XXX *h, BIG_XXX *p, int n, int en) +void FF_WWW_nt_pow_4(BIG_XXX *r,BIG_XXX *x,BIG_XXX *e, BIG_XXX *y, BIG_XXX *f, BIG_XXX *z, BIG_XXX *g, BIG_XXX *w, BIG_XXX *h, BIG_XXX *p, int n, int en) { BIG_XXX *x_s[] = {x,y,z,w}; BIG_XXX *e_s[] = {e,f,g,h}; - FF_WWW_pown(r, x_s, e_s, p, n, en, 4); + FF_WWW_nt_pow_n(r, x_s, e_s, p, n, en, 4); } static sign32 igcd(sign32 x,sign32 y) @@ -1186,12 +1186,12 @@ int FF_WWW_prime(BIG_XXX p[],csprng *rng,int n) for (i=0; i<10; i++) { FF_WWW_randomnum(x,p,rng,n); - FF_WWW_pow(x,x,d,p,n,n); + FF_WWW_nt_pow(x,x,d,p,n,n); if (FF_WWW_isunity(x,n) || FF_WWW_comp(x,nm1,n)==0) continue; loop=0; for (j=1; j<s; j++) { - FF_WWW_power(x,x,2,p,n); + FF_WWW_nt_pow_int(x,x,2,p,n); if (FF_WWW_isunity(x,n)) return 0; if (FF_WWW_comp(x,nm1,n)==0 ) { diff --git a/src/paillier.c b/src/paillier.c index c58611e..5612065 100644 --- a/src/paillier.c +++ b/src/paillier.c @@ -162,7 +162,7 @@ void PAILLIER_ENCRYPT(csprng *RNG, PAILLIER_public_key *PUB, octet* PT, octet* C } // r^n - FF_4096_pow(ws1, ws1, PUB->n, PUB->n2, FFLEN_4096, HFLEN_4096); + FF_4096_nt_pow(ws1, ws1, PUB->n, PUB->n2, FFLEN_4096, HFLEN_4096); // g^pt = 1 + pt * n FF_4096_mul(ws2, pt, PUB->n, HFLEN_4096); @@ -203,7 +203,7 @@ void PAILLIER_DECRYPT(PAILLIER_private_key *PRIV, octet* CT, octet* PT) FF_2048_dmod(ws, ct, PRIV->p2, FFLEN_2048); // Compute ws = (ct^lp mod p2 - 1) - FF_2048_skpow(ws, ws, PRIV->lp, PRIV->p2, FFLEN_2048, HFLEN_2048); + FF_2048_ct_pow(ws, ws, PRIV->lp, PRIV->p2, FFLEN_2048, HFLEN_2048); FF_2048_dec(ws, 1, FFLEN_2048); // dws = ws / p @@ -219,7 +219,7 @@ void PAILLIER_DECRYPT(PAILLIER_private_key *PRIV, octet* CT, octet* PT) FF_2048_dmod(ws, ct, PRIV->q2, FFLEN_2048); // Compute ws = (ct^lq mod q2 - 1) - FF_2048_skpow(ws, ws, PRIV->lq, PRIV->q2, FFLEN_2048, HFLEN_2048); + FF_2048_ct_pow(ws, ws, PRIV->lq, PRIV->q2, FFLEN_2048, HFLEN_2048); FF_2048_dec(ws, 1, FFLEN_2048); // dws = ws / q @@ -279,7 +279,7 @@ void PAILLIER_MULT(PAILLIER_public_key *PUB, octet* CT1, octet* PT, octet* CT) FF_4096_fromOctet(ct1, CT1, FFLEN_4096); // ct1^pt mod n^2 - FF_4096_skpow(ct, ct1, pt, PUB->n2, FFLEN_4096, HFLEN_4096); + FF_4096_ct_pow(ct, ct1, pt, PUB->n2, FFLEN_4096, HFLEN_4096); // output FF_4096_toOctet(CT, ct, FFLEN_4096); diff --git a/src/rsa.c.in b/src/rsa.c.in index ba996bd..4ca8ed4 100644 --- a/src/rsa.c.in +++ b/src/rsa.c.in @@ -121,7 +121,7 @@ void RSA_WWW_ENCRYPT(rsa_public_key_WWW *PUB,octet *F,octet *G) BIG_XXX f[FFLEN_WWW]; FF_WWW_fromOctet(f,F,FFLEN_WWW); - FF_WWW_power(f,f,PUB->e,PUB->n,FFLEN_WWW); + FF_WWW_nt_pow_int(f,f,PUB->e,PUB->n,FFLEN_WWW); FF_WWW_toOctet(G,f,FFLEN_WWW); } @@ -136,8 +136,8 @@ void RSA_WWW_DECRYPT(rsa_private_key_WWW *PRIV,octet *G,octet *F) FF_WWW_dmod(jp,g,PRIV->p,HFLEN_WWW); FF_WWW_dmod(jq,g,PRIV->q,HFLEN_WWW); - FF_WWW_skpow(jp,jp,PRIV->dp,PRIV->p,HFLEN_WWW,HFLEN_WWW); - FF_WWW_skpow(jq,jq,PRIV->dq,PRIV->q,HFLEN_WWW,HFLEN_WWW); + FF_WWW_ct_pow(jp,jp,PRIV->dp,PRIV->p,HFLEN_WWW,HFLEN_WWW); + FF_WWW_ct_pow(jq,jq,PRIV->dq,PRIV->q,HFLEN_WWW,HFLEN_WWW); FF_WWW_zero(g,FFLEN_WWW); diff --git a/test/test_ff_consistency_WWW.c.in b/test/test_ff_consistency_WWW.c.in index 0be68c4..ee6ab6e 100644 --- a/test/test_ff_consistency_WWW.c.in +++ b/test/test_ff_consistency_WWW.c.in @@ -310,12 +310,12 @@ int main() FF_WWW_random(G, &RNG, HFLEN_WWW); FF_WWW_random(H, &RNG, HFLEN_WWW); - FF_WWW_pow(L, A, E, P, HFLEN_WWW, HFLEN_WWW); - FF_WWW_pow(N, B, F, P, HFLEN_WWW, HFLEN_WWW); + FF_WWW_nt_pow(L, A, E, P, HFLEN_WWW, HFLEN_WWW); + FF_WWW_nt_pow(N, B, F, P, HFLEN_WWW, HFLEN_WWW); FF_WWW_mul(Q, L, N, HFLEN_WWW); FF_WWW_dmod(L, Q, P, HFLEN_WWW); - FF_WWW_pow2(N, A, E, B, F, P, HFLEN_WWW, HFLEN_WWW); + FF_WWW_nt_pow_2(N, A, E, B, F, P, HFLEN_WWW, HFLEN_WWW); if(FF_WWW_comp(N, L, HFLEN_WWW)) { @@ -324,11 +324,11 @@ int main() } // Test triple exponent - FF_WWW_pow(N, C, G, P, HFLEN_WWW, HFLEN_WWW); + FF_WWW_nt_pow(N, C, G, P, HFLEN_WWW, HFLEN_WWW); FF_WWW_mul(Q, L, N, HFLEN_WWW); FF_WWW_dmod(L, Q, P, HFLEN_WWW); - FF_WWW_pow3(N, A, E, B, F, C, G, P, HFLEN_WWW, HFLEN_WWW); + FF_WWW_nt_pow_3(N, A, E, B, F, C, G, P, HFLEN_WWW, HFLEN_WWW); if(FF_WWW_comp(N, L, HFLEN_WWW)) { @@ -338,7 +338,7 @@ int main() // Test triple exponent for secret key FF_WWW_zero(N, HFLEN_WWW); - FF_WWW_skpow3(N, A, E, B, F, C, G, P, HFLEN_WWW, HFLEN_WWW); + FF_WWW_ct_pow_3(N, A, E, B, F, C, G, P, HFLEN_WWW, HFLEN_WWW); if(FF_WWW_comp(N, L, HFLEN_WWW)) { @@ -347,11 +347,11 @@ int main() } // Test quadruple exponent - FF_WWW_pow(N, D, H, P, HFLEN_WWW, HFLEN_WWW); + FF_WWW_nt_pow(N, D, H, P, HFLEN_WWW, HFLEN_WWW); FF_WWW_mul(Q, L, N, HFLEN_WWW); FF_WWW_dmod(L, Q, P, HFLEN_WWW); - FF_WWW_pow4(N, A, E, B, F, C, G, D, H, P, HFLEN_WWW, HFLEN_WWW); + FF_WWW_nt_pow_4(N, A, E, B, F, C, G, D, H, P, HFLEN_WWW, HFLEN_WWW); if(FF_WWW_comp(N, L, HFLEN_WWW)) {
