Home Explore Help
Sign In
OWEALs
/
unetd
mirror of https://git.openwrt.org/project/unetd.git
2
0
Fork 0
Files Issues 0 Wiki
Branch: master
Branches Tags
unetd
/
fprime.c

fprime.c 2.6 KB
Permalink History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140 
  1. /* Arithmetic in prime fields
    2. 

  2.  * Daniel Beer <dlbeer@gmail.com>, 10 Jan 2014
    3. 

  3.  *
    4. 

  4.  * This file is in the public domain.
    5. 

  5.  */
    6. 

  6. 

  7. #include "fprime.h"
    8. 

  8. 

  9. static void raw_add(uint8_t *x, const uint8_t *p)
    10. 

  10. {
    11. 

  11. 	uint16_t c = 0;
    12. 

  12. 	int i;
    13. 

  13. 

  14. 	for (i = 0; i < FPRIME_SIZE; i++) {
    15. 

  15. 		c += ((uint16_t)x[i]) + ((uint16_t)p[i]);
    16. 

  16. 		x[i] = c;
    17. 

  17. 		c >>= 8;
    18. 

  18. 	}
    19. 

  19. }
    20. 

  20. 

  21. static void raw_try_sub(uint8_t *x, const uint8_t *p)
    22. 

  22. {
    23. 

  23. 	uint8_t minusp[FPRIME_SIZE];
    24. 

  24. 	uint16_t c = 0;
    25. 

  25. 	int i;
    26. 

  26. 

  27. 	for (i = 0; i < FPRIME_SIZE; i++) {
    28. 

  28. 		c = ((uint16_t)x[i]) - ((uint16_t)p[i]) - c;
    29. 

  29. 		minusp[i] = c;
    30. 

  30. 		c = (c >> 8) & 1;
    31. 

  31. 	}
    32. 

  32. 

  33. 	fprime_select(x, minusp, x, c);
    34. 

  34. }
    35. 

  35. 

  36. /* Warning: this function is variable-time */
    37. 

  37. static int prime_msb(const uint8_t *p)
    38. 

  38. {
    39. 

  39. 	int i;
    40. 

  40. 	uint8_t x;
    41. 

  41. 

  42. 	for (i = FPRIME_SIZE - 1; i >= 0; i--)
    43. 

  43. 		if (p[i])
    44. 

  44. 			break;
    45. 

  45. 

  46. 	x = p[i];
    47. 

  47. 	i <<= 3;
    48. 

  48. 

  49. 	while (x) {
    50. 

  50. 		x >>= 1;
    51. 

  51. 		i++;
    52. 

  52. 	}
    53. 

  53. 

  54. 	return i - 1;
    55. 

  55. }
    56. 

  56. 

  57. /* Warning: this function may be variable-time in the argument n */
    58. 

  58. static void shift_n_bits(uint8_t *x, int n)
    59. 

  59. {
    60. 

  60. 	uint16_t c = 0;
    61. 

  61. 	int i;
    62. 

  62. 

  63. 	for (i = 0; i < FPRIME_SIZE; i++) {
    64. 

  64. 		c |= ((uint16_t)x[i]) << n;
    65. 

  65. 		x[i] = c;
    66. 

  66. 		c >>= 8;
    67. 

  67. 	}
    68. 

  68. }
    69. 

  69. 

  70. static inline int min_int(int a, int b)
    71. 

  71. {
    72. 

  72. 	return a < b ? a : b;
    73. 

  73. }
    74. 

  74. 

  75. void fprime_from_bytes(uint8_t *n,
    76. 

  76. 		       const uint8_t *x, size_t len,
    77. 

  77. 		       const uint8_t *modulus)
    78. 

  78. {
    79. 

  79. 	const int preload_total = min_int(prime_msb(modulus) - 1, len << 3);
    80. 

  80. 	const int preload_bytes = preload_total >> 3;
    81. 

  81. 	const int preload_bits = preload_total & 7;
    82. 

  82. 	const int rbits = (len << 3) - preload_total;
    83. 

  83. 	int i;
    84. 

  84. 

  85. 	memset(n, 0, FPRIME_SIZE);
    86. 

  86. 

  87. 	for (i = 0; i < preload_bytes; i++)
    88. 

  88. 		n[i] = x[len - preload_bytes + i];
    89. 

  89. 

  90. 	if (preload_bits) {
    91. 

  91. 		shift_n_bits(n, preload_bits);
    92. 

  92. 		n[0] |= x[len - preload_bytes - 1] >> (8 - preload_bits);
    93. 

  93. 	}
    94. 

  94. 

  95. 	for (i = rbits - 1; i >= 0; i--) {
    96. 

  96. 		const uint8_t bit = (x[i >> 3] >> (i & 7)) & 1;
    97. 

  97. 

  98. 		shift_n_bits(n, 1);
    99. 

  99. 		n[0] |= bit;
    100. 

  100. 		raw_try_sub(n, modulus);
    101. 

  101. 	}
    102. 

  102. }
    103. 

  103. 

  104. void fprime_select(uint8_t *dst,
    105. 

  105. 		   const uint8_t *zero, const uint8_t *one,
    106. 

  106. 		   uint8_t condition)
    107. 

  107. {
    108. 

  108. 	const uint8_t mask = -condition;
    109. 

  109. 	int i;
    110. 

  110. 

  111. 	for (i = 0; i < FPRIME_SIZE; i++)
    112. 

  112. 		dst[i] = zero[i] ^ (mask & (one[i] ^ zero[i]));
    113. 

  113. }
    114. 

  114. 

  115. void fprime_add(uint8_t *r, const uint8_t *a, const uint8_t *modulus)
    116. 

  116. {
    117. 

  117. 	raw_add(r, a);
    118. 

  118. 	raw_try_sub(r, modulus);
    119. 

  119. }
    120. 

  120. 

  121. void fprime_mul(uint8_t *r, const uint8_t *a, const uint8_t *b,
    122. 

  122. 		const uint8_t *modulus)
    123. 

  123. {
    124. 

  124. 	int i;
    125. 

  125. 

  126. 	memset(r, 0, FPRIME_SIZE);
    127. 

  127. 

  128. 	for (i = prime_msb(modulus); i >= 0; i--) {
    129. 

  129. 		const uint8_t bit = (b[i >> 3] >> (i & 7)) & 1;
    130. 

  130. 		uint8_t plusa[FPRIME_SIZE];
    131. 

  131. 

  132. 		shift_n_bits(r, 1);
    133. 

  133. 		raw_try_sub(r, modulus);
    134. 

  134. 

  135. 		fprime_copy(plusa, r);
    136. 

  136. 		fprime_add(plusa, a, modulus);
    137. 

  137. 

  138. 		fprime_select(r, r, plusa, bit);
    139. 

  139. 	}
    140. 

  140. }
    141.