Commit d94a1471 authored by Michael Hamburg's avatar Michael Hamburg

move everything over to more-tolerable templating

parent 4e57f491
......@@ -69,12 +69,10 @@ BUILDPYS= $(SAGES:test/%.sage=$(BUILD_PY)/%.py)
.PHONY: clean all test test_ct bench todo doc lib bat sage sagetest gen_headers
.PRECIOUS: $(BUILD_ASM)/%.s $(BUILD_C)/*/%.c $(BUILD_H)/*/%.h $(BUILD_IBIN)/%
GEN_HEADERS=\
$(BUILD_INC)/decaf/decaf_255.h \
$(BUILD_INC)/decaf/decaf_448.h \
$(BUILD_INC)/decaf/decaf_255.hxx \
$(BUILD_INC)/decaf/decaf_448.hxx \
$( src/public_include/decaf/* : src/public_include = $(BUILD_INC) )
HEADER_SRCS= $(shell find src/public_include -name "*.h*")
GEN_HEADERS_0= $(HEADER_SRCS:src/public_include/%=$(BUILD_INC)/%)
GEN_HEADERS_1= $(GEN_HEADERS_0:%.tmpl.h=%.h)
GEN_HEADERS= $(GEN_HEADERS_1:%.tmpl.hxx=%.hxx)
HEADERS= Makefile $(shell find src test -name "*.h") $(BUILD_OBJ)/timestamp $(GEN_HEADERS)
# components needed by the lib
......@@ -90,7 +88,6 @@ scan: clean
-enable-checker osx -enable-checker security -enable-checker unix \
make all
# Internal test programs, which are not part of the final build/bin directory.
$(BUILD_IBIN)/test: $(BUILD_OBJ)/test_decaf.o lib
ifeq ($(UNAME),Darwin)
......@@ -125,10 +122,15 @@ $(BUILD_OBJ)/%.o: $(BUILD_ASM)/%.s
$(ASM) $(ASFLAGS) -c -o $@ $<
gen_headers: $(GEN_HEADERS)
$(BUILD_INC)/%: src/public_include/% $(BUILD_OBJ)/timestamp
cp -f $< $@
$(BUILD_INC)/%.h: src/public_include/%.tmpl.h src/gen_headers/*
python -B src/gen_headers/template.py --per=global --guard=$(@:$(BUILD_INC)/%=%) -o $@ $<
$(GEN_HEADERS): src/gen_headers/*.py src/public_include/decaf/*
python -B src/gen_headers/main.py --hpre=$(BUILD_INC) --ihpre=$(BUILD_H) --cpre=$(BUILD_C)
cp src/public_include/decaf/* $(BUILD_INC)/decaf/
$(BUILD_INC)/%.hxx: src/public_include/%.tmpl.hxx src/gen_headers/*
python -B src/gen_headers/template.py --per=global --guard=$(@:$(BUILD_INC)/%=%) -o $@ $<
################################################################
# Per-field code: call with field, arch
......@@ -169,13 +171,22 @@ define define_curve
LIBCOMPONENTS += $$(BUILD_OBJ)/$(1)/decaf.o $$(BUILD_OBJ)/$(1)/crypto.o $$(BUILD_OBJ)/$(1)/decaf_tables.o
PER_OBJ_DIRS += $$(BUILD_OBJ)/$(1)
HEADERS_OF_$(1) = $$(HEADERS_OF_$(2))
GLOBAL_HEADERS_OF_$(1) = $(BUILD_INC)/decaf/decaf_$(3).h $(BUILD_INC)/decaf/decaf_$(3).hxx \
$(BUILD_INC)/decaf/crypto_$(3).h $(BUILD_INC)/decaf/crypto_$(3).hxx
HEADERS_OF_$(1) = $$(HEADERS_OF_$(2)) $$(GLOBAL_HEADERS_OF_$(1))
HEADERS += $$(GLOBAL_HEADERS_OF_$(1))
$$(BUILD_C)/$(1)/%.c: src/per_curve/%.tmpl.c src/gen_headers/* $$(HEADERS_OF_$(2))
python -B src/gen_headers/template.py --per=curve --item=$(1) --guard=$(1)/`basename $$@` -o $$@ $$<
$$(BUILD_H)/$(1)/%.h: src/per_curve/%.tmpl.h src/gen_headers/* $$(HEADERS_OF_$(2))
python -B src/gen_headers/template.py --per=curve --item=$(1) --guard=$(1)/`basename $$@` -o $$@ $$<
$$(BUILD_INC)/decaf/decaf_$(3).%: src/per_curve/decaf.tmpl.% src/gen_headers/* $$(HEADERS_OF_$(2))
python -B src/gen_headers/template.py --per=curve --item=$(1) --guard=$$(@:$(BUILD_INC)/%=%) -o $$@ $$<
$$(BUILD_INC)/decaf/crypto_$(3).%: src/per_curve/crypto.tmpl.% src/gen_headers/* $$(HEADERS_OF_$(2))
python -B src/gen_headers/template.py --per=curve --item=$(1) --guard=$$(@:$(BUILD_INC)/%=%) -o $$@ $$<
$$(BUILD_IBIN)/decaf_gen_tables_$(1): $$(BUILD_OBJ)/$(1)/decaf_gen_tables.o \
$$(BUILD_OBJ)/$(1)/decaf.o $$(BUILD_OBJ)/utils.o \
......@@ -200,9 +211,9 @@ endef
################################################################
# call code above to generate curves and fields
$(eval $(call define_field,p25519,arch_x86_64))
$(eval $(call define_curve,curve25519,p25519))
$(eval $(call define_curve,curve25519,p25519,255))
$(eval $(call define_field,p448,arch_x86_64))
$(eval $(call define_curve,ed448goldilocks,p448))
$(eval $(call define_curve,ed448goldilocks,p448,448))
# The shakesum utility is in the public bin directory.
$(BUILD_BIN)/shakesum: $(BUILD_OBJ)/shakesum.o $(BUILD_OBJ)/shake.o $(BUILD_OBJ)/utils.o
......
......@@ -84,6 +84,7 @@ def ceil_log2(x):
out += 1
return out
# TODO: reduce this because we can now have expressions.
for field,data in field_data.iteritems():
if "modulus" not in data:
data["modulus"] = eval(data["gf_desc"].replace("^","**"))
......
from curve_data import curve_data, field_data
from textwrap import dedent
def redoc(filename,doc,author):
doc = doc.replace("\n","\n * ")
doc = dedent("""
/**
* @file %(filename)s
* @author %(author)s
*
* @copyright
* Copyright (c) 2015-2016 Cryptography Research, Inc. \\n
* Released under the MIT License. See LICENSE.txt for license information.
*
* %(doc)s
*
* @warning This file was automatically generated in Python.
* Please do not edit it.
*/""") % { "filename": filename, "doc": doc, "author" : author }
doc = doc.replace(" * \n", " *\n")
return doc[1:]
gend_files = {}
per_map = {"field":field_data, "curve":curve_data, "global":{"global":{}} }
def gen_file(public,name,doc,code,per="global",author="Mike Hamburg"):
is_header = name.endswith(".h") or name.endswith(".hxx") or name.endswith(".h++")
for curve,data in per_map[per].iteritems():
ns_name = name % data
_,_,name_base = ns_name.rpartition("/")
header_guard = "__" + ns_name.replace(".","_").replace("/","_").upper() + "__"
ns_doc = dedent(doc).strip().rstrip()
ns_doc = redoc(ns_name, ns_doc % data, author)
ns_code = code % data
ret = ns_doc + "\n"
if is_header:
ns_code = dedent("""\n
#ifndef %(header_guard)s
#define %(header_guard)s 1
%(code)s
#endif /* %(header_guard)s */
""") % { "header_guard" : header_guard, "code": ns_code }
ret += ns_code[1:-1]
gend_files[ns_name] = (public,ret)
from gen_file import gen_file,gend_files
import os
import argparse
import re
parser = argparse.ArgumentParser(description='Generate Decaf headers and other such files.')
parser.add_argument('--hpre', required = True, help = "Where to put the public header files")
parser.add_argument('--ihpre', required = True, help = "Where to put the internal header files")
parser.add_argument('--cpre', required = True, help = "Where to put the C/C++ implementation files")
args = parser.parse_args()
prefixes = { (True,"h") : args.hpre, (True,"hxx") : args.hpre, (False,"c") : args.cpre, (False,"h") : args.ihpre }
from decaf_hxx import decaf_hxx
from decaf_h import decaf_h
from crypto_h import crypto_h
from crypto_hxx import crypto_hxx
from curve_data import curve_data
root_hxx_code = "\n".join((
"#include <%s>" % name
for name in sorted(gend_files)
if re.match("^decaf/decaf_\d+.hxx$",name)
))
root_hxx_code += """
namespace decaf {
template <template<typename Group> class Run>
void run_for_all_curves() {
"""
root_hxx_code += "\n".join((
" Run<%s>::run();" % cd["cxx_ns"]
for cd in sorted(curve_data.values(), key=lambda x:x["c_ns"])
))
root_hxx_code += """
}
}
"""
decaf_root_hxx = gen_file(
public = True,
per = "global",
name = "decaf.hxx",
doc = """@brief Decaf curve metaheader.""",
code = "\n"+root_hxx_code+"\n"
)
crypto_h_code = "\n".join((
"#include <%s>" % name
for name in sorted(gend_files)
if re.match("^decaf/crypto_\d+.h$",name)
))
crypto_h = gen_file(
public = True,
per = "global",
name = "decaf/crypto.h",
doc = """
Example Decaf crypto routines, metaheader.
@warning These are merely examples, though they ought to be secure. But real
protocols will decide differently on magic numbers, formats, which items to
hash, etc.
""",
code = "\n"+crypto_h_code+"\n"
)
crypto_hxx_code = "\n".join((
"#include <%s>" % name
for name in sorted(gend_files)
if re.match("^decaf/crypto_\d+.hxx$",name)
))
crypto_hxx = gen_file(
public = True,
per = "global",
name = "decaf/crypto.hxx",
doc = """
Example Decaf crypto routines, C++, metaheader.
@warning These are merely examples, though they ought to be secure. But real
protocols will decide differently on magic numbers, formats, which items to
hash, etc.
""",
code = "\n"+crypto_hxx_code+"\n"
)
root_h_code = "\n".join((
"#include <%s>" % name
for name in sorted(gend_files)
if re.match("^decaf/decaf_\d+.h$",name)
))
decaf_root_hxx = gen_file(
public = True,
per = "global",
name = "decaf.h",
doc = """
Master header for Decaf library.
The Decaf library implements cryptographic operations on a elliptic curve
groups of prime order p. It accomplishes this by using a twisted Edwards
curve (isogenous to Ed448-Goldilocks or Ed25519) and wiping out the cofactor.
The formulas are all complete and have no special cases. However, some
functions can fail. For example, decoding functions can fail because not
every string is the encoding of a valid group element.
The formulas contain no data-dependent branches, timing or memory accesses,
except for decaf_XXX_base_double_scalarmul_non_secret.
""",
code = "\n"+root_h_code+"\n"
)
for name,(public,code) in gend_files.iteritems():
_,_,name_suffix = name.rpartition(".")
prefix = prefixes[(public,name_suffix)]
if not os.path.exists(os.path.dirname(prefix + "/" + name)):
os.makedirs(os.path.dirname(prefix + "/" + name))
with open(prefix + "/" + name,"w") as f:
f.write(code + "\n")
\ No newline at end of file
......@@ -13,7 +13,7 @@ parser.add_argument('--guard', required = False, default = None, help = "header
parser.add_argument('files', metavar='file', type=str, nargs='+', help='a list of files to fill')
args = parser.parse_args()
per_map = {"field":field_data, "curve":curve_data, "global":{"global":{}} }
per_map = {"field":field_data, "curve":curve_data, "global":{"global":{"field":field_data,"curve":curve_data} }}
def redoc(filename,doc,author):
doc = doc.replace("\n","\n * ")
......
from gen_file import gen_file
/**
* Example Decaf crypto routines.
* @warning These are merely examples, though they ought to be secure. But real
* protocols will decide differently on magic numbers, formats, which items to
* hash, etc.
* @warning Experimental! The names, parameter orders etc are likely to change.
*/
crypto_h = gen_file(
public = True,
per = "curve",
name = "decaf/crypto_%(shortname)s.h",
doc = """
Example Decaf crypto routines.
@warning These are merely examples, though they ought to be secure. But real
protocols will decide differently on magic numbers, formats, which items to
hash, etc.
@warning Experimental! The names, parameter orders etc are likely to change.
""", code = """
#include <decaf/%(c_ns)s.h>
#include <decaf/$(c_ns).h>
#include <decaf/strobe.h>
#ifdef __cplusplus
......@@ -19,48 +14,48 @@ extern "C" {
#endif
/** Number of bytes for a symmetric key (expanded to full key) */
#define %(C_NS)s_SYMMETRIC_KEY_BYTES 32
#define $(C_NS)_SYMMETRIC_KEY_BYTES 32
/** A symmetric key, the compressed point of a private key. */
typedef unsigned char %(c_ns)s_symmetric_key_t[%(C_NS)s_SYMMETRIC_KEY_BYTES];
typedef unsigned char $(c_ns)_symmetric_key_t[$(C_NS)_SYMMETRIC_KEY_BYTES];
/** An encoded public key. */
typedef unsigned char %(c_ns)s_public_key_t[%(C_NS)s_SER_BYTES];
typedef unsigned char $(c_ns)_public_key_t[$(C_NS)_SER_BYTES];
/** A signature. */
typedef unsigned char %(c_ns)s_signature_t[%(C_NS)s_SER_BYTES + %(C_NS)s_SCALAR_BYTES];
typedef unsigned char $(c_ns)_signature_t[$(C_NS)_SER_BYTES + $(C_NS)_SCALAR_BYTES];
typedef struct {
/** @cond internal */
/** The symmetric key from which everything is expanded */
%(c_ns)s_symmetric_key_t sym;
$(c_ns)_symmetric_key_t sym;
/** The scalar x */
%(c_ns)s_scalar_t secret_scalar;
$(c_ns)_scalar_t secret_scalar;
/** x*Base */
%(c_ns)s_public_key_t pub;
$(c_ns)_public_key_t pub;
/** @endcond */
} /** Private key structure for pointers. */
%(c_ns)s_private_key_s,
$(c_ns)_private_key_s,
/** A private key (gmp array[1] style). */
%(c_ns)s_private_key_t[1];
$(c_ns)_private_key_t[1];
/**
* Derive a key from its compressed form.
* @param [out] priv The derived private key.
* @param [in] proto The compressed or proto-key, which must be 32 random bytes.
*/
void %(c_ns)s_derive_private_key (
%(c_ns)s_private_key_t priv,
const %(c_ns)s_symmetric_key_t proto
void $(c_ns)_derive_private_key (
$(c_ns)_private_key_t priv,
const $(c_ns)_symmetric_key_t proto
) NONNULL2 API_VIS;
/**
* Destroy a private key.
*/
void %(c_ns)s_destroy_private_key (
%(c_ns)s_private_key_t priv
void $(c_ns)_destroy_private_key (
$(c_ns)_private_key_t priv
) NONNULL1 API_VIS;
/**
......@@ -68,9 +63,9 @@ void %(c_ns)s_destroy_private_key (
* @param [out] pub The extracted private key.
* @param [in] priv The private key.
*/
void %(c_ns)s_private_to_public (
%(c_ns)s_public_key_t pub,
const %(c_ns)s_private_key_t priv
void $(c_ns)_private_to_public (
$(c_ns)_public_key_t pub,
const $(c_ns)_private_key_t priv
) NONNULL2 API_VIS;
/**
......@@ -89,11 +84,11 @@ void %(c_ns)s_private_to_public (
* @retval DECAF_FAILURE Key exchange failed.
*/
decaf_error_t
%(c_ns)s_shared_secret (
$(c_ns)_shared_secret (
uint8_t *shared,
size_t shared_bytes,
const %(c_ns)s_private_key_t my_privkey,
const %(c_ns)s_public_key_t your_pubkey,
const $(c_ns)_private_key_t my_privkey,
const $(c_ns)_public_key_t your_pubkey,
int me_first
) NONNULL134 WARN_UNUSED API_VIS;
......@@ -105,10 +100,10 @@ decaf_error_t
* @param [in] strobe A STROBE context with the message.
*/
void
%(c_ns)s_sign_strobe (
$(c_ns)_sign_strobe (
keccak_strobe_t strobe,
%(c_ns)s_signature_t sig,
const %(c_ns)s_private_key_t priv
$(c_ns)_signature_t sig,
const $(c_ns)_private_key_t priv
) NONNULL3 API_VIS;
/**
......@@ -120,9 +115,9 @@ void
* @param [in] message_len The message's length.
*/
void
%(c_ns)s_sign (
%(c_ns)s_signature_t sig,
const %(c_ns)s_private_key_t priv,
$(c_ns)_sign (
$(c_ns)_signature_t sig,
const $(c_ns)_private_key_t priv,
const unsigned char *message,
size_t message_len
) NONNULL3 API_VIS;
......@@ -138,10 +133,10 @@ void
* @return DECAF_FAILURE The signature did not verify successfully.
*/
decaf_error_t
%(c_ns)s_verify_strobe (
$(c_ns)_verify_strobe (
keccak_strobe_t strobe,
const %(c_ns)s_signature_t sig,
const %(c_ns)s_public_key_t pub
const $(c_ns)_signature_t sig,
const $(c_ns)_public_key_t pub
) NONNULL3 API_VIS WARN_UNUSED;
/**
......@@ -156,9 +151,9 @@ decaf_error_t
* @return DECAF_FAILURE The signature did not verify successfully.
*/
decaf_error_t
%(c_ns)s_verify (
const %(c_ns)s_signature_t sig,
const %(c_ns)s_public_key_t pub,
$(c_ns)_verify (
const $(c_ns)_signature_t sig,
const $(c_ns)_public_key_t pub,
const unsigned char *message,
size_t message_len
) NONNULL3 API_VIS WARN_UNUSED;
......@@ -166,4 +161,3 @@ decaf_error_t
#ifdef __cplusplus
} /* extern "C" */
#endif
""")
from gen_file import gen_file
/*
* Example Decaf cyrpto routines, C++ wrapper.
* @warning These are merely examples, though they ought to be secure. But real
* protocols will decide differently on magic numbers, formats, which items to
* hash, etc.
* @warning Experimental! The names, parameter orders etc are likely to change.
*/
crypto_hxx = gen_file(
public = True,
per = "curve",
name = "decaf/crypto_%(shortname)s.hxx",
doc = """
Example Decaf cyrpto routines, C++ wrapper.
@warning These are merely examples, though they ought to be secure. But real
protocols will decide differently on magic numbers, formats, which items to
hash, etc.
@warning Experimental! The names, parameter orders etc are likely to change.
""", code = """
#include <decaf.hxx>
#include <decaf/decaf_$(gf_bits).hxx>
#include <decaf/shake.hxx>
#include <decaf/strobe.hxx>
......@@ -31,21 +26,21 @@ template <typename Group> class PublicKey;
/** A private key for crypto over some Group */
template <typename Group> class PrivateKey;
/** A public key for crypto over %(name)s */
template<> class PublicKey<%(cxx_ns)s>
: public Serializable< PublicKey<%(cxx_ns)s> > {
/** A public key for crypto over $(name) */
template<> class PublicKey<$(cxx_ns)>
: public Serializable< PublicKey<$(cxx_ns)> > {
private:
/** @cond internal */
typedef %(c_ns)s_public_key_t Wrapped;
typedef $(c_ns)_public_key_t Wrapped;
Wrapped wrapped;
template<class Group> friend class PrivateKey;
/** @endcond */
public:
/** Underlying group */
typedef %(cxx_ns)s Group;
typedef $(cxx_ns) Group;
/** Signature size. */
static const size_t SIG_BYTES = sizeof(%(c_ns)s_signature_t);
static const size_t SIG_BYTES = sizeof($(c_ns)_signature_t);
/** Serialization size. */
static const size_t SER_BYTES = sizeof(Wrapped);
......@@ -56,7 +51,7 @@ public:
}
/** Read a private key from a string*/
inline explicit PublicKey(const PrivateKey<%(cxx_ns)s> &b) NOEXCEPT;
inline explicit PublicKey(const PrivateKey<$(cxx_ns)> &b) NOEXCEPT;
/** Create but don't initialize */
inline explicit PublicKey(const NOINIT&) NOEXCEPT { }
......@@ -74,7 +69,7 @@ public:
const Block &message,
const FixedBlock<SIG_BYTES> &sig
) const throw(CryptoException) {
if (DECAF_SUCCESS != %(c_ns)s_verify(sig.data(),wrapped,message.data(),message.size())) {
if (DECAF_SUCCESS != $(c_ns)_verify(sig.data(),wrapped,message.data(),message.size())) {
throw(CryptoException());
}
}
......@@ -84,33 +79,33 @@ public:
Strobe &context,
const FixedBlock<SIG_BYTES> &sig
) const throw(CryptoException) {
if (DECAF_SUCCESS != %(c_ns)s_verify_strobe(context.wrapped,sig.data(),wrapped)) {
if (DECAF_SUCCESS != $(c_ns)_verify_strobe(context.wrapped,sig.data(),wrapped)) {
throw(CryptoException());
}
}
};
/** A private key for crypto over %(name)s */
template<> class PrivateKey<%(cxx_ns)s>
: public Serializable< PrivateKey<%(cxx_ns)s> > {
/** A private key for crypto over $(name) */
template<> class PrivateKey<$(cxx_ns)>
: public Serializable< PrivateKey<$(cxx_ns)> > {
private:
/** @cond internal */
typedef %(c_ns)s_private_key_t Wrapped;
typedef $(c_ns)_private_key_t Wrapped;
Wrapped wrapped;
template<class Group> friend class PublicKey;
/** @endcond */
public:
/** Underlying group */
typedef %(cxx_ns)s Group;
typedef $(cxx_ns) Group;
/** Signature size. */
static const size_t SIG_BYTES = sizeof(%(c_ns)s_signature_t);
static const size_t SIG_BYTES = sizeof($(c_ns)_signature_t);
/** Serialization size. */
static const size_t SER_BYTES = sizeof(Wrapped);
/** Compressed size. */
static const size_t SYM_BYTES = %(C_NS)s_SYMMETRIC_KEY_BYTES;
static const size_t SYM_BYTES = $(C_NS)_SYMMETRIC_KEY_BYTES;
/** Create but don't initialize */
inline explicit PrivateKey(const NOINIT&) NOEXCEPT { }
......@@ -122,18 +117,18 @@ public:
/** Read a private key from a string*/
inline explicit PrivateKey(const FixedBlock<SYM_BYTES> &b) NOEXCEPT {
%(c_ns)s_derive_private_key(wrapped, b.data());
$(c_ns)_derive_private_key(wrapped, b.data());
}
/** Create at random */
inline explicit PrivateKey(Rng &r) NOEXCEPT {
FixedArrayBuffer<SYM_BYTES> tmp(r);
%(c_ns)s_derive_private_key(wrapped, tmp.data());
$(c_ns)_derive_private_key(wrapped, tmp.data());
}
/** Secure destructor */
inline ~PrivateKey() NOEXCEPT {
%(c_ns)s_destroy_private_key(wrapped);
$(c_ns)_destroy_private_key(wrapped);
}
/** Serialization size. */
......@@ -152,18 +147,18 @@ public:
}
/** Get the public key */
inline PublicKey<%(cxx_ns)s> pub() const NOEXCEPT {
PublicKey<%(cxx_ns)s> ret(*this); return ret;
inline PublicKey<$(cxx_ns)> pub() const NOEXCEPT {
PublicKey<$(cxx_ns)> ret(*this); return ret;
}
/** Derive a shared secret */
inline SecureBuffer sharedSecret(
const PublicKey<%(cxx_ns)s> &pub,
const PublicKey<$(cxx_ns)> &pub,
size_t bytes,
bool me_first
) const throw(CryptoException,std::bad_alloc) {
SecureBuffer ret(bytes);
if (DECAF_SUCCESS != %(c_ns)s_shared_secret(ret.data(),bytes,wrapped,pub.wrapped,me_first)) {
if (DECAF_SUCCESS != $(c_ns)_shared_secret(ret.data(),bytes,wrapped,pub.wrapped,me_first)) {
throw(CryptoException());
}
return ret;
......@@ -173,33 +168,32 @@ public:
inline decaf_error_t __attribute__((warn_unused_result))
sharedSecretNoexcept(
Buffer ret,
const PublicKey<%(cxx_ns)s> &pub,
const PublicKey<$(cxx_ns)> &pub,
bool me_first
) const NOEXCEPT {
return %(c_ns)s_shared_secret(ret.data(),ret.size(),wrapped,pub.wrapped,me_first);
return $(c_ns)_shared_secret(ret.data(),ret.size(),wrapped,pub.wrapped,me_first);
}
/** Sign a message. */
inline SecureBuffer sign(const Block &message) const {
SecureBuffer sig(SIG_BYTES);
%(c_ns)s_sign(sig.data(), wrapped, message.data(), message.size());
$(c_ns)_sign(sig.data(), wrapped, message.data(), message.size());
return sig;
}
/** Sign a message. */
inline SecureBuffer verify(Strobe &context) const {
SecureBuffer sig(SIG_BYTES);
%(c_ns)s_sign_strobe(context.wrapped, sig.data(), wrapped);
$(c_ns)_sign_strobe(context.wrapped, sig.data(), wrapped);
return sig;
}
};
/** @cond internal */
PublicKey<%(cxx_ns)s>::PublicKey(const PrivateKey<%(cxx_ns)s> &b) NOEXCEPT {
%(c_ns)s_private_to_public(wrapped,b.wrapped);
PublicKey<$(cxx_ns)>::PublicKey(const PrivateKey<$(cxx_ns)> &b) NOEXCEPT {
$(c_ns)_private_to_public(wrapped,b.wrapped);
}
/** @endcond */
#undef NOEXCEPT
} /* namespace decaf */
""")
\ No newline at end of file
} /* namespace decaf */
\ No newline at end of file
......@@ -19,7 +19,7 @@
#define IMAGINE_TWIST $(imagine_twist)
#define COFACTOR $(cofactor)
/** Comb config: number of combs, n, t, s. */
/* Comb config: number of combs, n, t, s. */
#define COMBS_N $(combs.n)
#define COMBS_T $(combs.t)
#define COMBS_S $(combs.s)
......@@ -39,9 +39,7 @@ static const scalar_t sc_p = {{{
}}};
static const decaf_word_t MONTGOMERY_FACTOR = (decaf_word_t)0x$("%x" % pow(-q,2**64-1,2**64))ull;
const uint8_t API_NS(x_base_point)[SER_BYTES] /* TODO */ = {
$(ser(mont_base,8))
};
const uint8_t API_NS(x_base_point)[SER_BYTES] = { $(ser(mont_base,8)) };
#if COFACTOR==8
static const gf SQRT_ONE_MINUS_D = {FIELD_LITERAL(
......
/**
* Master header for Decaf library.
*
* The Decaf library implements cryptographic operations on a elliptic curve
* groups of prime order p. It accomplishes this by using a twisted Edwards
* curve (isogenous to Ed448-Goldilocks or Ed25519) and wiping out the cofactor.
*
* The formulas are all complete and have no special cases. However, some
* functions can fail. For example, decoding functions can fail because not
* every string is the encoding of a valid group element.
*
* The formulas contain no data-dependent branches, timing or memory accesses,
* except for decaf_XXX_base_double_scalarmul_non_secret.
*/
$("\n".join([
"#include <decaf/decaf_%s.h>" % g for g in sorted([c["bits"] for _,c in curve.iteritems()])
]))
/** Master header for Decaf library, C++ version. */
$("\n".join([
"#include <decaf/decaf_%s.hxx>" % g for g in sorted([c["bits"] for _,c in curve.iteritems()])
]))
namespace decaf {
template <template<typename Group> class Run>
void run_for_all_curves() {
$("\n".join([
" Run<%s>::run();" % cd["cxx_ns"]
for cd in sorted(curve.values(), key=lambda x:x["c_ns"])
])
)
}
}
/**
* Example Decaf crypto routines, metaheader.
* @warning These are merely examples, though they ought to be secure. But real
* protocols will decide differently on magic numbers, formats, which items to
* hash, etc.
*/
$("\n".join([
"#include <decaf/crypto_%s.h>" % g for g in sorted([c["bits"] for _,c in curve.iteritems()])
]))
/**
* Example Decaf crypto routines, C++ metaheader.
* @warning These are merely examples, though they ought to be secure. But real
* protocols will decide differently on magic numbers, formats, which items to
* hash, etc.
*/
$("\n".join([
"#include <decaf/crypto_%s.hxx>" % g for g in sorted([c["bits"] for _,c in curve.iteritems()])
]))
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment