Commit 46189922 authored by Jack Doerner's avatar Jack Doerner

synchronizing collected fixes and updates from private branch.

parent 44844de1
......@@ -16,7 +16,7 @@ fn hash<'a>(msg: &[u8], res: &mut [u8; 32]) {
}
pub fn ecdsa_keygen<F: Fq, T: Ford, E: ECGroup<F,T>>(rng: &mut Rng) -> (T, E)
pub fn ecdsa_keygen<F: Fq, T: Ford, E: ECGroup<F,T>>(rng: &mut dyn Rng) -> (T, E)
{
let (sk, pk) : (T, E) = E::rand(rng);
debug_assert!( E::gen().scalar(&sk).affine() == pk);
......@@ -63,7 +63,7 @@ pub fn ecdsa_verify<F: Fq, T: Ford, E: ECGroup<F,T>>(msg: &[u8], sig: (&T, &T),
ecdsa_verify_with_tables(msg, sig, &gentable[..], &pktable[..])
}
pub fn ecdsa_sign<F: Fq, T: Ford, E: ECGroup<F,T>>(msg: &[u8], sk: &T, rng: &mut Rng) -> (T, T) {
pub fn ecdsa_sign<F: Fq, T: Ford, E: ECGroup<F,T>>(msg: &[u8], sk: &T, rng: &mut dyn Rng) -> (T, T) {
// Calculate e = HASH ( m )
// Let z be the L_{n} leftmost bits of e where L_{n} is the bit len of the grp order n.
// Select k in [1,order-1]
......
......@@ -33,7 +33,13 @@ const LOWER64: u128 = 0x0000000000000000FFFFFFFFFFFFFFFF;
impl fmt::Debug for FSecp256Ord {
fn fmt(&self, f: &mut fmt::Formatter) -> fmt::Result {
write!(f, "[0x{:0x} 0x{:0x} 0x{:0x} 0x{:0x}]", self.v[0], self.v[1], self.v[2], self.v[3])
write!(f, "[0x{:0x}, 0x{:0x}, 0x{:0x}, 0x{:0x}]", self.v[0], self.v[1], self.v[2], self.v[3])
}
}
impl fmt::Display for FSecp256Ord {
fn fmt(&self, f: &mut fmt::Formatter) -> fmt::Result {
write!(f, "0x{:0x}{:0x}{:0x}{:0x}", self.v[3], self.v[2], self.v[1], self.v[0])
}
}
......@@ -43,8 +49,7 @@ impl FSecp256Ord {
assert!(overflow <= 1);
let overflow =
if r.v[3]==0xFFFFFFFFFFFFFFFF &&
(r.v[2]>0xFFFFFFFFFFFFFFFE ||
if r.v[3]==0xFFFFFFFFFFFFFFFF && (r.v[2]>0xFFFFFFFFFFFFFFFE ||
(r.v[2]==0xFFFFFFFFFFFFFFFE && r.v[1]>0xBAAEDCE6AF48A03B) ||
(r.v[2]==0xFFFFFFFFFFFFFFFE && r.v[1]==0xBAAEDCE6AF48A03B && r.v[0]>=0xBFD25E8CD0364141)
)
......@@ -86,6 +91,9 @@ impl FSecp256Ord {
// q1l7
// l7l6l5l4
// println!("L0: {:x} l1: {:x} l2: {:x} l3:{:x}",l0,l1,l2,l3);
// println!("l4: {:x} l5: {:x} l6: {:x} l7:{:x}",l4,l5,l6,l7);
let y04 = l4 * R0; // < 127 bits
let y05 = l5 * R0;
let y06 = l6 * R0;
......@@ -117,11 +125,11 @@ impl FSecp256Ord {
let l2 = l2 + r2;
let l3 = l3 + r3;
// reduce (r5 r4) * (q2 q1 q0)
// r0r4
// r0r5
// r1r4
// r1r5
// reduce (r5 r4) * (1 R1 R0)
// R0r4
// R0r5
// R1r4
// R1r5
//. r5r4
let z04 = r4 * R0; // each product is < 127 bits
let z05 = r5 * R0;
......@@ -161,11 +169,12 @@ impl FSecp256Ord {
// the result can still be between [q, 2q]
let reduc: u128 =
if l3==0xFFFFFFFFFFFFFFFF &&
if l3>0xFFFFFFFFFFFFFFFF ||
(l3==0xFFFFFFFFFFFFFFFF &&
(l2>0xFFFFFFFFFFFFFFFE ||
(l2==0xFFFFFFFFFFFFFFFE && l1>0xBAAEDCE6AF48A03B) ||
(l2==0xFFFFFFFFFFFFFFFE && l1==0xBAAEDCE6AF48A03B && l0>=0xBFD25E8CD0364141)
)
))
{ 1 } else { 0 };
let l0 = l0 + reduc*R0;
......@@ -174,7 +183,7 @@ impl FSecp256Ord {
let l1 = ov + l1 + reduc*R1;
let ov = l1 >> 64;
let l1 = (l1 & LOWER64) as u64;
let l2 = ov + l2 + reduc*R2;
let l2 = ov + l2 + reduc;
let ov = l2 >> 64;
let l2 = (l2 & LOWER64) as u64;
let l3 = ((ov + l3) & LOWER64) as u64;
......@@ -209,7 +218,7 @@ impl Ford for FSecp256Ord {
}
fn rand(rng: &mut Rng) -> Self {
fn rand(rng: &mut dyn Rng) -> Self {
let r0 = rng.next_u64();
let r1 = rng.next_u64();
let r2 = rng.next_u64();
......@@ -472,53 +481,53 @@ impl Ford for FSecp256Ord {
let t = t.mul(&u5); /* 101 */
let t = t.sqr().sqr().sqr().sqr();
let t = t.mul(&x3); /* 111 */
let t = t.mul(&x3); /* 0111 */
let t = t.sqr().sqr().sqr().sqr();
let t = t.mul(&u5); /* 101 */
let t = t.mul(&u5); /* 0101 */
let t = t.sqr().sqr().sqr().sqr().sqr();
let t = t.mul(&u11); /* 1011 */
let t = t.mul(&u11); /* 01011 */
let t = t.sqr().sqr().sqr().sqr();
let t = t.mul(&u11); /* 1011 */
let t = t.sqr().sqr().sqr().sqr();
let t = t.mul(&x3); /* 111 */
let t = t.mul(&x3); /* 0111 */
let t = t.sqr().sqr().sqr().sqr().sqr();
let t = t.mul(&x3); /* 111 */
let t = t.mul(&x3); /* 00111 */
let t = t.sqr().sqr().sqr().sqr().sqr().sqr();
let t = t.mul(&u13); /* 1101 */
let t = t.mul(&u13); /* 001101 */
let t = t.sqr().sqr().sqr().sqr();
let t = t.mul(&u5); /* 101 */
let t = t.mul(&u5); /* 0101 */
let t = t.sqr().sqr().sqr();
let t = t.mul(&x3); /* 111 */
let t = t.sqr().sqr().sqr().sqr().sqr();
let t = t.mul(&u9); /* 1001 */
let t = t.mul(&u9); /* 01001 */
let t = t.sqr().sqr().sqr().sqr().sqr().sqr();
let t = t.mul(&u5); /* 101 */
let t = t.mul(&u5); /* 000101 */
let t = t.sqr().sqr().sqr().sqr().sqr().sqr().sqr().sqr().sqr().sqr();
let t = t.mul(&x3); /* 111 */
let t = t.mul(&x3); /* 0000000111 */
let t = t.sqr().sqr().sqr().sqr();
let t = t.mul(&x3); /* 111 */
let t = t.mul(&x3); /* 0111 */
let t = t.sqr().sqr().sqr().sqr().sqr().sqr().sqr().sqr().sqr();
let t = t.mul(&x8); /* 11111111 */
let t = t.mul(&x8); /* 011111111 */
let t = t.sqr().sqr().sqr().sqr().sqr();
let t = t.mul(&u9); /* 1001 */
let t = t.mul(&u9); /* 01001 */
let t = t.sqr().sqr().sqr().sqr().sqr().sqr();
let t = t.mul(&u11); /* 1011 */
let t = t.mul(&u11); /* 001011 */
let t = t.sqr().sqr().sqr().sqr();
let t = t.mul(&u13); /* 1101 */
let t = t.sqr().sqr().sqr().sqr().sqr();
let t = t.mul(&x2); /* 11 */
let t = t.mul(&x2); /* 00011 */
let t = t.sqr().sqr().sqr().sqr().sqr().sqr();
let t = t.mul(&u13); /* 1101 */
let t = t.mul(&u13); /* 001101 */
let t = t.sqr().sqr().sqr().sqr().sqr().sqr().sqr().sqr().sqr().sqr();
let t = t.mul(&u13); /* 1101 */
let t = t.mul(&u13); /* 0000001101 */
let t = t.sqr().sqr().sqr().sqr();
let t = t.mul(&u9); /* 1001 */
let t = t.sqr().sqr().sqr().sqr().sqr().sqr();
let t = t.mul(&self); /* 1 */
let t = t.mul(&self); /* 000001 */
let t = t.sqr().sqr().sqr().sqr().sqr().sqr().sqr().sqr();
let r = t.mul(&x6); /* 111111 */
let r = t.mul(&x6); /* 00111111 */
r
}
......@@ -572,6 +581,29 @@ impl Ford for FSecp256Ord {
FSecp256Ord::reduce512(l0,l1,l2,l3,l4,l5,l6,l7)
}
fn pow_native(&self, n: u64) -> FSecp256Ord {
if n == 0 {
return FSecp256Ord::ONE;
}
let mut n = n;
let mut x = self.clone();
let mut y = FSecp256Ord::ONE;
while n > 1 {
if n % 2 == 0 {
x = x.sqr();
n = n / 2;
} else {
y = x.mul(&y);
x = x.sqr();
n = (n-1)/2;
}
}
x.mul(&y)
}
}
......@@ -666,6 +698,10 @@ fn secp256k1_ord_sqr_tests() {
let aa = a.mul(&a);
assert!(a2==aa);
let a = FSecp256Ord { v: [0x6cf5d18fee5877a2, 0xbaaedce6af48a03a, 0xfffffffffffffffe, 0xffffffffffffffff] };
let a2 = a.sqr();
let aa = a.mul(&a);
assert!(a2==aa);
}
......@@ -686,6 +722,28 @@ fn secp256k1_ord_inv_tests() {
let one = c.mul(&cinv);
assert!(one == FSecp256Ord::ONE);
let d = FSecp256Ord { v: [ 0xbfd25e8cd0364122, 0xbaaedce6af48a03b, 0xfffffffffffffffe, 0xffffffffffffffff] };
let dinv = d.inv();
let one = d.mul(&dinv);
assert!(one == FSecp256Ord::ONE);
let e = FSecp256Ord { v: [ 0xbfd25e8cd0361fff, 0xbaaedce6af48a03b, 0xfffffffffffffffe, 0xffffffffffffffff] };
let einv = e.inv();
let one = e.mul(&einv);
assert!(one == FSecp256Ord::ONE);
let e = FSecp256Ord { v: [0x6cf5d18fee5877a2, 0xbaaedce6af48a03a, 0xfffffffffffffffe, 0xffffffffffffffff] };
let einv = e.inv();
let one = e.mul(&einv);
assert!(one == FSecp256Ord::ONE);
let e = FSecp256Ord { v: [ 0x0 , 0x0 , 0xfffffffffffffffe ,0xffffffffffffffff] };
let einv = e.inv();
let one = e.mul(&einv);
assert!(one == FSecp256Ord::ONE);
}
......@@ -694,3 +752,4 @@ fn secp256k1_ord_inv_tests() {
This diff is collapsed.
......@@ -24,9 +24,9 @@ pub mod precomp;
pub type SecpOrd = f_4141::FSecp256Ord;
pub type Secp = secp256k1::P256<f_fc2f::FSecp256, SecpOrd>;
use std::fmt::Debug;
use std::fmt::{Debug,Display};
pub trait Fq: Copy + Debug + Eq {
pub trait Fq: Copy + Debug + Display + Eq {
const ONE: Self;
const ZERO: Self;
const NBITS: usize;
......@@ -48,14 +48,13 @@ pub trait Fq: Copy + Debug + Eq {
fn to_bytes(&self, b: &mut [u8]);
fn from_bytes(b: &[u8]) -> Self;
fn rand(rng: &mut rand::Rng) -> Self;
fn rand(rng: &mut dyn rand::Rng) -> Self;
fn mul(&self, b: &Self) -> Self;
fn muli(&self, b: u64) -> Self;
fn equals(&self, b: &Self) -> bool;
// number of bits in representation
//fn nbits() -> usize;
fn bit(&self, i:u32) -> bool;
fn normalize(&mut self) ;
......@@ -70,7 +69,7 @@ pub trait Fq: Copy + Debug + Eq {
}
/// trait needed by a field that represents Z modulo the order of a group
pub trait Ford: Copy + Debug + Eq {
pub trait Ford: Copy + Debug + Display + Eq {
const ONE: Self;
const ZERO: Self;
const NBITS: usize;
......@@ -79,13 +78,14 @@ pub trait Ford: Copy + Debug + Eq {
fn from_slice(r: &[u64]) -> Self;
fn is_zero(&self) -> bool;
fn rand(rng: &mut rand::Rng) -> Self;
fn rand(rng: &mut dyn rand::Rng) -> Self;
//fn nbits() -> usize;
fn bit(&self, i:usize) -> bool;
fn add(&self, r:&Self) -> Self;
fn sub(&self, r:&Self) -> Self;
fn mul(&self, b: &Self) -> Self;
fn pow_native(&self, n: u64) -> Self;
fn inv(&self) -> Self;
fn sqr(&self) -> Self;
fn neg(&self) -> Self;
......@@ -97,7 +97,7 @@ pub trait Ford: Copy + Debug + Eq {
}
pub trait ECGroup<F, T>: Eq + PartialEq
pub trait ECGroup<F, T>: Eq + PartialEq + Debug + Display
where F: Fq, T: Ford,
Self: std::marker::Sized
{
......@@ -117,10 +117,8 @@ pub trait ECGroup<F, T>: Eq + PartialEq
/// checks that the point is actually on the curve, else returns Error
fn from_xy(x: &F, y: &F) -> Result<Self, &'static str>;
fn rand(rng: &mut rand::Rng) -> (T, Self);
fn rand(rng: &mut dyn rand::Rng) -> (T, Self);
// fn hash_to_curve(message: &[u8]) -> Self;
// fn to_bytes(p:&Self, b: &mut [u8], n:usize);
// fn from_bytes(b: &[u8]) -> Self;
fn is_infinity(&self) -> bool;
......
......@@ -14,7 +14,7 @@
use super::{Fq, Ford, ECGroup};
use std::fmt;
use std::fmt::{Debug};
use std::fmt::{Debug, Display};
use std::marker::PhantomData;
use rand::Rng;
......@@ -40,6 +40,12 @@ impl<F,T> Debug for P256<F, T> where F:Fq, T:Ford {
}
}
impl<F,T> Display for P256<F, T> where F:Fq, T:Ford {
fn fmt(&self, f: &mut fmt::Formatter) -> fmt::Result {
write!(f, "x:{}, y:{}, z:{}, inf:{}", self.x, self.y, self.z, self.inf)
}
}
impl<F, T> ECGroup<F, T> for P256<F, T>
where F: Fq, T: Ford {
......@@ -78,7 +84,7 @@ impl<F, T> ECGroup<F, T> for P256<F, T>
}
// can also generate by hashing to the curve
fn rand(rng: &mut Rng) -> (T, Self) {
fn rand(rng: &mut dyn Rng) -> (T, Self) {
let x = <T as Ford>::rand(rng);
let p = Self::scalar_gen(&x).affine();
(x, p)
......@@ -759,7 +765,7 @@ mod tests {
b.iter(|| {
for i in 0..N {
let gx = g.scalar(&x[i]).affine();
let _gx = g.scalar(&x[i]).affine();
}
});
//let a = FSecp256Ord::from_slice( &[0xf78541d24fe89bc7, 0x8a7007a0f47ac5b0, 0x9dce2824684f345f, 0x10ab8a41b7cd99b0] );
......@@ -779,7 +785,7 @@ mod tests {
b.iter(|| {
for i in 0..N {
let gx: P256<FSecp256, FSecp256Ord> = P256::scalar_table_multi(&table_h[..], &x[i]).affine();
let _gx: P256<FSecp256, FSecp256Ord> = P256::scalar_table_multi(&table_h[..], &x[i]).affine();
}
});
}
......@@ -795,7 +801,7 @@ mod tests {
b.iter(|| {
for i in 0..N {
let gx: P256<FSecp256, FSecp256Ord> = P256::scalar_gen(&x[i]).affine();
let _gx: P256<FSecp256, FSecp256Ord> = P256::scalar_gen(&x[i]).affine();
}
});
}
......@@ -805,7 +811,7 @@ mod tests {
let x: P256<FSecp256, FSecp256Ord> = P256::gen();
b.iter(|| {
for i in 0..N {
for _i in 0..N {
P256::precomp_table(&x);
}
});
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment