acw/simple_crypto
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Shift over fe_cmov/fe_isnonzero/fe_isnegative.

Browse Source
This commit is contained in:
Adam Wick
2019-05-26 14:20:16 -07:00
parent c9f418feff
commit fc09ff48a2
2 changed files with 33 additions and 29 deletions
Download Patch File Download Diff File Expand all files Collapse all files

48
src/ed25519/fe.rs
View File

@@ -821,13 +821,15 @@ fn negate() {
}); });
} }
pub fn fe_cmov(f: &mut FieldElement, g: &FieldElement, bl: bool) impl FieldElement {
{ pub fn cmov(&mut self, g: &FieldElement, bl: bool)
let b = if bl { -1 } else { 0 }; {
for i in 0..10 { let b = if bl { -1 } else { 0 };
let mut x = f.value[i] ^ g.value[i]; for i in 0..10 {
x &= b; let mut x = self.value[i] ^ g.value[i];
f.value[i] ^= x; x &= b;
self.value[i] ^= x;
}
} }
} }
@@ -845,25 +847,27 @@ fn cmov() {
let b = bbytes.len() > 1; let b = bbytes.len() > 1;
let c = test_from_bytes(&cbytes); let c = test_from_bytes(&cbytes);
let mut r = FieldElement::new(); let mut r = FieldElement::new();
fe_cmov(&mut r, &a, b); r.cmov(&a, b);
assert_eq!(r, c); assert_eq!(r, c);
}); });
} }
pub fn fe_isnonzero(f: &FieldElement) -> bool impl FieldElement {
{ pub fn isnonzero(&self) -> bool
let s = f.to_bytes(); {
let mut res = false; let s = self.to_bytes();
for i in 0..32 { let mut res = false;
res |= s[i] != 0; for i in 0..32 {
res |= s[i] != 0;
}
res
} }
res
}
pub fn fe_isnegative(f: &FieldElement) -> bool pub fn isnegative(&self) -> bool
{ {
let s = f.to_bytes(); let s = self.to_bytes();
s[0] & 1 == 1 s[0] & 1 == 1
}
} }
#[cfg(test)] #[cfg(test)]
@@ -880,8 +884,8 @@ fn is_tests() {
println!("a: {:?}", a); println!("a: {:?}", a);
let z = zbytes.len() > 1; let z = zbytes.len() > 1;
let n = nbytes.len() > 1; let n = nbytes.len() > 1;
assert_eq!(z, fe_isnonzero(&a)); assert_eq!(z, a.isnonzero());
assert_eq!(n, fe_isnegative(&a)); assert_eq!(n, a.isnegative());
}); });
} }

14
src/ed25519/point.rs
View File

@@ -58,15 +58,15 @@ impl Point {
let mut vxx = hx.square(); let mut vxx = hx.square();
vxx *= &v; vxx *= &v;
let mut check = &vxx - &u; /* vx^2-u */ let mut check = &vxx - &u; /* vx^2-u */
if fe_isnonzero(&check) { if check.isnonzero() {
check = &vxx + &u; check = &vxx + &u;
if fe_isnonzero(&check) { if check.isnonzero() {
return None; return None;
} }
hx *= &SQRTM1; hx *= &SQRTM1;
} }
if fe_isnegative(&hx) != ((s[31] >> 7) == 1) { if hx.isnegative() != ((s[31] >> 7) == 1) {
hx = -&hx; hx = -&hx;
} }
@@ -473,9 +473,9 @@ fn equal(b: i8, c: i8) -> bool
fn cmov(t: &mut Precomp, u: &Precomp, b: bool) fn cmov(t: &mut Precomp, u: &Precomp, b: bool)
{ {
fe_cmov(&mut t.yplusx, &u.yplusx, b); t.yplusx.cmov(&u.yplusx, b);
fe_cmov(&mut t.yminusx, &u.yminusx, b); t.yminusx.cmov(&u.yminusx, b);
fe_cmov(&mut t.xy2d, &u.xy2d, b); t.xy2d.cmov(&u.xy2d, b);
} }
fn negative(b: i8) -> u8 fn negative(b: i8) -> u8
@@ -1796,7 +1796,7 @@ fn into_encoded_point(x: &FieldElement, y: &FieldElement, z: &FieldElement) -> V
let x_over_z = x * &recip; let x_over_z = x * &recip;
let y_over_z = y * &recip; let y_over_z = y * &recip;
let mut bytes = y_over_z.to_bytes(); let mut bytes = y_over_z.to_bytes();
let sign_bit = if fe_isnegative(&x_over_z) { 1 } else { 0 }; let sign_bit = if x_over_z.isnegative() { 1 } else { 0 };
// The preceding computations must execute in constant time, but this // The preceding computations must execute in constant time, but this
// doesn't need to. // doesn't need to.
bytes[31] ^= sign_bit << 7; bytes[31] ^= sign_bit << 7;