Commit 294eabae authored by Michael Hamburg's avatar Michael Hamburg

generate f_field.h

parent 55126adc
......@@ -11,6 +11,7 @@ MACHINE := $(shell uname -m)
BUILD_ASM = build/obj
BUILD_OBJ = build/obj
BUILD_C = build/obj
BUILD_H = build/obj/include
BUILD_PY = build/obj
BUILD_LIB = build/lib
BUILD_INC = build/include
......@@ -40,8 +41,8 @@ endif
WARNFLAGS = -pedantic -Wall -Wextra -Werror -Wunreachable-code \
-Wmissing-declarations -Wunused-function -Wno-overlength-strings $(EXWARN)
INCFLAGS = -Isrc/include -Ibuild/include
PUB_INCFLAGS = -Ibuild/include
INCFLAGS = -Isrc/include -I$(BUILD_INC) -I$(BUILD_H)
PUB_INCFLAGS = -I$(BUILD_INC)
LANGFLAGS = -std=c99 -fno-strict-aliasing
LANGXXFLAGS = -fno-strict-aliasing
GENFLAGS = -ffunction-sections -fdata-sections -fvisibility=hidden -fomit-frame-pointer -fPIC
......@@ -124,7 +125,7 @@ endif
# Create all the build subdirectories
$(BUILD_OBJ)/timestamp:
mkdir -p $(BUILD_ASM) $(BUILD_OBJ) $(BUILD_C) $(BUILD_PY) \
$(BUILD_LIB) $(BUILD_INC) $(BUILD_BIN) $(BUILD_IBIN) $(BUILD_INC)/decaf
$(BUILD_LIB) $(BUILD_INC) $(BUILD_BIN) $(BUILD_IBIN) $(BUILD_H) $(BUILD_INC)/decaf
touch $@
$(BUILD_OBJ)/%.o: $(BUILD_ASM)/%.s
......@@ -133,7 +134,7 @@ $(BUILD_OBJ)/%.o: $(BUILD_ASM)/%.s
gen_headers: $(GEN_HEADERS)
$(GEN_HEADERS): src/gen_headers/*.py src/public_include/decaf/*
python -B src/gen_headers/main.py --hpre=$(BUILD_INC) --cpre=$(BUILD_C)
python -B src/gen_headers/main.py --hpre=$(BUILD_INC) --ihpre=$(BUILD_H) --cpre=$(BUILD_C)
cp src/public_include/decaf/* $(BUILD_INC)/decaf/
################################################################
......@@ -145,17 +146,18 @@ COMPONENTS_OF_$(1) = $$(BUILD_OBJ)/$(1)_impl.o $$(BUILD_OBJ)/$(1)_arithmetic.o
LIBCOMPONENTS += $$(COMPONENTS_OF_$(1))
$$(BUILD_ASM)/$(1)_arithmetic.s: src/$(1)/f_arithmetic.c $$(HEADERS)
$$(CC) $$(CFLAGS) -I src/$(1) -I src/$(1)/$(2) -S -c -o $$@ $$<
$$(CC) $$(CFLAGS) -I src/$(1) -I src/$(1)/$(2) -I $(BUILD_H)/$(1) -I $(BUILD_H)/$(1)/$(2) -S -c -o $$@ $$<
$$(BUILD_ASM)/$(1)_impl.s: src/$(1)/$(2)/f_impl.c $$(HEADERS)
$$(CC) $$(CFLAGS) -I src/$(1) -I src/$(1)/$(2) -S -c -o $$@ $$<
$$(CC) $$(CFLAGS) -I src/$(1) -I src/$(1)/$(2) -I $(BUILD_H)/$(1) -I $(BUILD_H)/$(1)/$(2) -S -c -o $$@ $$<
endef
################################################################
# Per-field, per-curve code: call with curve, field
################################################################
define define_curve
$$(BUILD_IBIN)/decaf_gen_tables_$(1): $$(BUILD_OBJ)/decaf_gen_tables_$(1).o $$(BUILD_OBJ)/decaf_$(1).o $$(BUILD_OBJ)/utils.o \
$$(BUILD_IBIN)/decaf_gen_tables_$(1): $$(BUILD_OBJ)/decaf_gen_tables_$(1).o \
$$(BUILD_OBJ)/decaf_$(1).o $$(BUILD_OBJ)/utils.o \
$$(COMPONENTS_OF_$(2))
$$(LD) $$(LDFLAGS) -o $$@ $$^
......@@ -165,20 +167,24 @@ $$(BUILD_C)/decaf_tables_$(1).c: $$(BUILD_IBIN)/decaf_gen_tables_$(1)
$$(BUILD_ASM)/decaf_tables_$(1).s: $$(BUILD_C)/decaf_tables_$(1).c $$(HEADERS)
$$(CC) $$(CFLAGS) -S -c -o $$@ $$< \
-I src/curve_$(1)/ -I src/$(2) -I src/$(2)/$$(ARCH_FOR_$(2)) \
-I $(BUILD_H)/curve_$(1) -I $(BUILD_H)/$(2) -I $(BUILD_H)/$(2)/$$(ARCH_FOR_$(2))
$$(BUILD_ASM)/decaf_gen_tables_$(1).s: src/decaf_gen_tables.c $$(HEADERS)
$$(CC) $$(CFLAGS) \
-I src/curve_$(1)/ -I src/$(2) -I src/$(2)/$$(ARCH_FOR_$(2)) \
-I src/curve_$(1) -I src/$(2) -I src/$(2)/$$(ARCH_FOR_$(2)) \
-I $(BUILD_H)/curve_$(1) -I $(BUILD_H)/$(2) -I $(BUILD_H)/$(2)/$$(ARCH_FOR_$(2)) \
-S -c -o $$@ $$<
$$(BUILD_ASM)/decaf_$(1).s: src/decaf.c $$(HEADERS)
$$(CC) $$(CFLAGS) \
-I src/curve_$(1)/ -I src/$(2) -I src/$(2)/$$(ARCH_FOR_$(2)) \
-I $(BUILD_H)/curve_$(1) -I $(BUILD_H)/$(2) -I $(BUILD_H)/$(2)/$$(ARCH_FOR_$(2)) \
-S -c -o $$@ $$<
$$(BUILD_ASM)/decaf_crypto_$(1).s: src/decaf_crypto.c $$(HEADERS)
$$(CC) $$(CFLAGS) \
-I src/curve_$(1)/ \
-I $(BUILD_H)/curve_$(1) \
-S -c -o $$@ $$<
LIBCOMPONENTS += $$(BUILD_OBJ)/decaf_$(1).o $$(BUILD_OBJ)/decaf_tables_$(1).o
......
from gen_file import gen_file
crypto_h = gen_file(
public = True,
per = "curve",
name = "decaf/crypto_%(shortname)s.h",
doc = """
Example Decaf crypto routines.
......
from gen_file import gen_file
crypto_hxx = gen_file(
public = True,
per = "curve",
name = "decaf/crypto_%(shortname)s.hxx",
doc = """
Example Decaf cyrpto routines, C++ wrapper.
......
field_data = {
"p25519" : {
"gf_desc" : "2^255 - 19",
"modulus" : 2**255 - 19,
"gf_shortname" : "25519",
"gf_impl_bits" : 320,
"gf_lit_limb_bits" : 51
},
"p448" : {
"gf_desc" : "2^448 - 2^224 - 1",
"modulus" : 2**448 - 2**224 - 1,
"gf_shortname" : "448",
"gf_impl_bits" : 512,
"gf_lit_limb_bits" : 56
}
}
curve_data = {
"Curve25519" : {
"iso_to" : "Curve25519",
......@@ -7,9 +24,8 @@ curve_data = {
"longnum" : "25519",
"c_ns" : "decaf_255",
"cofactor" : 8,
"modulus" : 2**255 - 19,
"scalar_bits" : 253,
"gf_bits" : 320
"field" : "p25519",
"scalar_bits" : 253
},
"Ed448" : {
"iso_to" : "Ed448-Goldilocks",
......@@ -19,9 +35,8 @@ curve_data = {
"longnum" : "448",
"c_ns" : "decaf_448",
"cofactor" : 4,
"modulus" : 2**448 - 2**224 - 1,
"scalar_bits" : 446,
"gf_bits" : 512
"field" : "p448",
"scalar_bits" : 446
}
}
......@@ -33,7 +48,15 @@ def ceil_log2(x):
out += 1
return out
for field,data in field_data.iteritems():
if "gf_bits" not in data:
data["gf_bits"] = ceil_log2(data["modulus"])
for curve,data in curve_data.iteritems():
for key in field_data[data["field"]]:
if key not in data:
data[key] = field_data[data["field"]][key]
if "modulus_type" not in data:
mod = data["modulus"]
ptwo = 2
......
from gen_file import gen_file
decaf_h = gen_file(
public = True,
per = "curve",
name = "decaf/%(c_ns)s.h",
doc = """@brief A group of prime order p, based on %(iso_to)s.""",
code = """
......@@ -11,7 +13,7 @@ extern "C" {
#endif
/** @cond internal */
#define %(C_NS)s_LIMBS (%(gf_bits)d/DECAF_WORD_BITS)
#define %(C_NS)s_LIMBS (%(gf_impl_bits)d/DECAF_WORD_BITS)
#define %(C_NS)s_SCALAR_LIMBS ((%(scalar_bits)d-1)/DECAF_WORD_BITS+1)
/** @endcond */
......
from gen_file import gen_file
decaf_hxx = gen_file(
public = True,
per = "curve",
name = "decaf/%(c_ns)s.hxx",
doc = """
A group of prime order p, C++ wrapper.
......
from gen_file import gen_file
f_field_h = gen_file(
public = False,
per = "field",
name = "p%(gf_shortname)s/f_field.h",
doc = """@brief Field-specific code for %(gf_desc)s.""",
code = """
#include "constant_time.h"
#include <string.h>
#include "f_impl.h"
#define GF_LIT_LIMB_BITS %(gf_lit_limb_bits)d
#define GF_BITS %(gf_bits)d
#define gf gf_%(gf_shortname)s_t
#define gf_s gf_%(gf_shortname)s_s
#define gf_mul gf_%(gf_shortname)s_mul
#define gf_sqr gf_%(gf_shortname)s_sqr
#define gf_add_RAW gf_%(gf_shortname)s_add_RAW
#define gf_sub_RAW gf_%(gf_shortname)s_sub_RAW
#define gf_mulw gf_%(gf_shortname)s_mulw
#define gf_bias gf_%(gf_shortname)s_bias
#define gf_isr gf_%(gf_shortname)s_isr
#define gf_weak_reduce gf_%(gf_shortname)s_weak_reduce
#define gf_strong_reduce gf_%(gf_shortname)s_strong_reduce
#define gf_serialize gf_%(gf_shortname)s_serialize
#define gf_deserialize gf_%(gf_shortname)s_deserialize
#define SQRT_MINUS_ONE P%(gf_shortname)s_SQRT_MINUS_ONE /* might not be defined */
""")
\ No newline at end of file
from curve_data import curve_data
from curve_data import curve_data, field_data
from textwrap import dedent
def redoc(filename,doc,author):
......@@ -22,10 +22,12 @@ def redoc(filename,doc,author):
gend_files = {}
def gen_file(name,doc,code,author="Mike Hamburg"):
per_map = {"field":field_data, "curve":curve_data, "global":{"global":{}} }
def gen_file(public,name,doc,code,per="global",author="Mike Hamburg"):
is_header = name.endswith(".h") or name.endswith(".hxx") or name.endswith(".h++")
for curve,data in curve_data.iteritems():
for curve,data in per_map[per].iteritems():
ns_name = name % data
_,_,name_base = ns_name.rpartition("/")
......@@ -44,8 +46,5 @@ def gen_file(name,doc,code,author="Mike Hamburg"):
#endif /* %(header_guard)s */
""") % { "header_guard" : header_guard, "code": ns_code }
ret += ns_code[1:-1]
gend_files[ns_name] = ret
if ns_name == name:
# It's not namespaced
break
gend_files[ns_name] = (public,ret)
......@@ -5,16 +5,18 @@ import argparse
import re
parser = argparse.ArgumentParser(description='Generate Decaf headers and other such files.')
parser.add_argument('--hpre', required = True, help = "Where to put the header files")
parser.add_argument('--hpre', required = True, help = "Where to put the public header files")
parser.add_argument('--ihpre', required = True, help = "Where to put the internal header files")
parser.add_argument('--cpre', required = True, help = "Where to put the C/C++ implementation files")
args = parser.parse_args()
prefixes = { "h" : args.hpre, "hxx" : args.hpre, "c" : args.cpre }
prefixes = { (True,"h") : args.hpre, (True,"hxx") : args.hpre, (False,"c") : args.cpre, (False,"h") : args.ihpre }
from decaf_hxx import decaf_hxx
from decaf_h import decaf_h
from crypto_h import crypto_h
from crypto_hxx import crypto_hxx
from f_field_h import f_field_h
root_hxx_code = "\n".join((
"#include <%s>" % name
......@@ -22,6 +24,8 @@ root_hxx_code = "\n".join((
if re.match("^decaf/decaf_\d+.hxx$",name)
))
decaf_root_hxx = gen_file(
public = True,
per = "global",
name = "decaf.hxx",
doc = """@brief Decaf curve metaheader.""",
code = "\n"+root_hxx_code+"\n"
......@@ -33,6 +37,8 @@ crypto_h_code = "\n".join((
if re.match("^decaf/crypto_\d+.h$",name)
))
crypto_h = gen_file(
public = True,
per = "global",
name = "decaf/crypto.h",
doc = """
Example Decaf crypto routines, metaheader.
......@@ -49,6 +55,8 @@ crypto_hxx_code = "\n".join((
if re.match("^decaf/crypto_\d+.hxx$",name)
))
crypto_hxx = gen_file(
public = True,
per = "global",
name = "decaf/crypto.hxx",
doc = """
Example Decaf crypto routines, C++, metaheader.
......@@ -65,6 +73,8 @@ root_h_code = "\n".join((
if re.match("^decaf/decaf_\d+.h$",name)
))
decaf_root_hxx = gen_file(
public = True,
per = "global",
name = "decaf.h",
doc = """
Master header for Decaf library.
......@@ -84,9 +94,9 @@ decaf_root_hxx = gen_file(
)
for name,code in gend_files.iteritems():
for name,(public,code) in gend_files.iteritems():
_,_,name_suffix = name.partition(".")
prefix = prefixes[name_suffix]
prefix = prefixes[(public,name_suffix)]
if not os.path.exists(os.path.dirname(prefix + "/" + name)):
os.makedirs(os.path.dirname(prefix + "/" + name))
with open(prefix + "/" + name,"w") as f:
......
/**
* @file f_field.h
* @brief Field-specific code.
* @copyright
* Copyright (c) 2014 Cryptography Research, Inc. \n
* Released under the MIT License. See LICENSE.txt for license information.
* @author Mike Hamburg
*/
#ifndef __F_FIELD_H__
#define __F_FIELD_H__ 1
#include "constant_time.h"
#include <string.h>
#include "f_impl.h"
#define GF_LIT_LIMB_BITS 51
#define GF_BITS 255
#define gf gf_25519_t
#define gf_s gf_25519_s
#define gf_mul gf_25519_mul
#define gf_sqr gf_25519_sqr
#define gf_add_RAW gf_25519_add_RAW
#define gf_sub_RAW gf_25519_sub_RAW
#define gf_mulw gf_25519_mulw
#define gf_bias gf_25519_bias
#define gf_isr gf_25519_isr
#define gf_weak_reduce gf_25519_weak_reduce
#define gf_strong_reduce gf_25519_strong_reduce
#define gf_serialize gf_25519_serialize
#define gf_deserialize gf_25519_deserialize
#define SQRT_MINUS_ONE P25519_SQRT_MINUS_ONE
#endif /* __F_FIELD_H__ */
......@@ -22,7 +22,7 @@ static uint64_t widemul_32 (
}
void
p448_mul (
gf_448_mul (
gf_448_s *__restrict__ cs,
const gf_448_t as,
const gf_448_t bs
......@@ -83,7 +83,7 @@ p448_mul (
}
void
p448_mulw (
gf_448_mulw (
gf_448_s *__restrict__ cs,
const gf_448_t as,
uint64_t b
......@@ -127,15 +127,15 @@ p448_mulw (
}
void
p448_sqr (
gf_448_sqr (
gf_448_s *__restrict__ cs,
const gf_448_t as
) {
p448_mul(cs,as,as); /* PERF */
gf_448_mul(cs,as,as); /* PERF */
}
void
p448_strong_reduce (
gf_448_strong_reduce (
gf_448_t a
) {
word_t mask = (1ull<<28)-1;
......@@ -178,14 +178,14 @@ p448_strong_reduce (
}
void
p448_serialize (
gf_448_serialize (
uint8_t *serial,
const gf_448_t x
) {
int i,j;
gf_448_t red;
p448_copy(red, x);
p448_strong_reduce(red);
gf_448_copy(red, x);
gf_448_strong_reduce(red);
for (i=0; i<8; i++) {
uint64_t limb = red->limb[2*i] + (((uint64_t)red->limb[2*i+1])<<28);
for (j=0; j<7; j++) {
......@@ -197,7 +197,7 @@ p448_serialize (
}
mask_t
p448_deserialize (
gf_448_deserialize (
gf_448_t x,
const uint8_t serial[56]
) {
......
......@@ -23,69 +23,69 @@ extern "C" {
#endif
static __inline__ void
p448_add_RAW (
gf_448_add_RAW (
gf_448_t out,
const gf_448_t a,
const gf_448_t b
) __attribute__((unused,always_inline));
static __inline__ void
p448_sub_RAW (
gf_448_sub_RAW (
gf_448_t out,
const gf_448_t a,
const gf_448_t b
) __attribute__((unused,always_inline));
static __inline__ void
p448_copy (
gf_448_copy (
gf_448_t out,
const gf_448_t a
) __attribute__((unused,always_inline));
static __inline__ void
p448_weak_reduce (
gf_448_weak_reduce (
gf_448_t inout
) __attribute__((unused,always_inline));
void
p448_strong_reduce (
gf_448_strong_reduce (
gf_448_t inout
);
static __inline__ void
p448_bias (
gf_448_bias (
gf_448_t inout,
int amount
) __attribute__((unused,always_inline));
void
p448_mul (
gf_448_mul (
gf_448_s *__restrict__ out,
const gf_448_t a,
const gf_448_t b
);
void
p448_mulw (
gf_448_mulw (
gf_448_s *__restrict__ out,
const gf_448_t a,
uint64_t b
);
void
p448_sqr (
gf_448_sqr (
gf_448_s *__restrict__ out,
const gf_448_t a
);
void
p448_serialize (
gf_448_serialize (
uint8_t *serial,
const gf_448_t x
);
mask_t
p448_deserialize (
gf_448_deserialize (
gf_448_t x,
const uint8_t serial[56]
);
......@@ -93,7 +93,7 @@ p448_deserialize (
/* -------------- Inline functions begin here -------------- */
void
p448_add_RAW (
gf_448_add_RAW (
gf_448_t out,
const gf_448_t a,
const gf_448_t b
......@@ -111,7 +111,7 @@ p448_add_RAW (
}
void
p448_sub_RAW (
gf_448_sub_RAW (
gf_448_t out,
const gf_448_t a,
const gf_448_t b
......@@ -129,7 +129,7 @@ p448_sub_RAW (
}
void
p448_copy (
gf_448_copy (
gf_448_t out,
const gf_448_t a
) {
......@@ -137,7 +137,7 @@ p448_copy (
}
void
p448_bias (
gf_448_bias (
gf_448_t a,
int amt
) {
......@@ -151,7 +151,7 @@ p448_bias (
}
void
p448_weak_reduce (
gf_448_weak_reduce (
gf_448_t a
) {
uint64_t mask = (1ull<<28) - 1;
......
......@@ -99,7 +99,7 @@ smull2 (
}
void
p448_mul (
gf_448_mul (
gf_448_s *__restrict__ cs,
const gf_448_t as,
const gf_448_t bs
......@@ -450,7 +450,7 @@ p448_mul (
}
void
p448_sqr (
gf_448_sqr (
gf_448_s *__restrict__ cs,
const gf_448_t as
) {
......@@ -748,7 +748,7 @@ p448_sqr (
}
void
p448_mulw (
gf_448_mulw (
gf_448_s *__restrict__ cs,
const gf_448_t as,
uint64_t b
......@@ -862,7 +862,7 @@ p448_mulw (
}
void
p448_strong_reduce (
gf_448_strong_reduce (
gf_448_t a
) {
word_t mask = (1ull<<28)-1;
......@@ -905,14 +905,14 @@ p448_strong_reduce (
}
void
p448_serialize (
gf_448_serialize (
uint8_t *serial,
const gf_448_t x
) {
int i,j;
gf_448_t red;
p448_copy(red, x);
p448_strong_reduce(red);
gf_448_copy(red, x);
gf_448_strong_reduce(red);
for (i=0; i<8; i++) {
uint64_t limb = red->limb[2*i] + (((uint64_t)red->limb[2*i+1])<<28);
for (j=0; j<7; j++) {
......@@ -924,7 +924,7 @@ p448_serialize (
}
mask_t
p448_deserialize (
gf_448_deserialize (
gf_448_t x,
const uint8_t serial[56]
) {
......
......@@ -23,69 +23,69 @@ extern "C" {
#endif
static __inline__ void
p448_add_RAW (
gf_448_add_RAW (
gf_448_t out,
const gf_448_t a,
const gf_448_t b
) __attribute__((unused,always_inline));
static __inline__ void
p448_sub_RAW (
gf_448_sub_RAW (
gf_448_t out,
const gf_448_t a,
const gf_448_t b
) __attribute__((unused,always_inline));
static __inline__ void
p448_copy (
gf_448_copy (
gf_448_t out,
const gf_448_t a
) __attribute__((unused,always_inline));
static __inline__ void
p448_weak_reduce (
gf_448_weak_reduce (
gf_448_t inout
) __attribute__((unused,always_inline));
void
p448_strong_reduce (
gf_448_strong_reduce (
gf_448_t inout
);
static __inline__ void
p448_bias (
gf_448_bias (
gf_448_t inout,
int amount
) __attribute__((unused,always_inline));
void
p448_mul (
gf_448_mul (
gf_448_s *__restrict__ out,
const gf_448_t a,
const gf_448_t b
);
void
p448_mulw (
gf_448_mulw (
gf_448_s *__restrict__ out,
const gf_448_t a,
uint64_t b
);
void
p448_sqr (
gf_448_sqr (
gf_448_s *__restrict__ out,
const gf_448_t a
);
void
p448_serialize (
gf_448_serialize (
uint8_t *serial,
const gf_448_t x
);
mask_t
p448_deserialize (
gf_448_deserialize (
gf_448_t x,
const uint8_t serial[56]
);
......@@ -93,7 +93,7 @@ p448_deserialize (
/* -------------- Inline functions begin here -------------- */
void
p448_add_RAW (
gf_448_add_RAW (
gf_448_t out,
const gf_448_t a,
const gf_448_t b
......@@ -111,7 +111,7 @@ p448_add_RAW (
}
void
p448_sub_RAW (
gf_448_sub_RAW (
gf_448_t out,
const gf_448_t a,
const gf_448_t b
......@@ -129,7 +129,7 @@ p448_sub_RAW (
}
void
p448_copy (
gf_448_copy (
gf_448_t out,
const gf_448_t a
) {
......@@ -137,7 +137,7 @@ p448_copy (
}
void
p448_bias (
gf_448_bias (
gf_448_t a,
int amt
) {
......@@ -151,7 +151,7 @@ p448_bias (
}
void
p448_weak_reduce (
gf_448_weak_reduce (
gf_448_t a
) {
uint64_t mask = (1ull<<28) - 1;
......
......@@ -69,7 +69,7 @@ smull2 (
}
void
p448_mul (
gf_448_mul (
gf_448_s *__restrict__ cs,
const gf_448_t as,
const gf_448_t bs
......@@ -368,7 +368,7 @@ p448_mul (
}
void
p448_sqr (
gf_448_sqr (
gf_448_s *__restrict__ cs,
const gf_448_t bs
) {
......@@ -569,7 +569,7 @@ p448_sqr (
}
void
p448_mulw (
gf_448_mulw (
gf_448_s *__restrict__ cs,
const gf_448_t as,
uint64_t b
......@@ -620,7 +620,7 @@ p448_mulw (