Skip to content

Commit

Permalink
Generate code for the scalar field of standard curves
Browse files Browse the repository at this point in the history 
fiat-crypto is already used for arithmetic on scalars, at least
by the Zig standard library and in Rust (p384_rs, being merged
into the p384 crate as we speak).

So it may be useful to pregenerate and test this in fiat-crypto.

This change adds support for the curve25519, p256, secp256k1
and p384 scalar fields.
  • Loading branch information
@jedisct1
jedisct1 committed May 28, 2022
1 parent b6a61fd commit ca7c56d
Show file tree
Hide file tree
Showing 55 changed files with 777,653 additions and 4 deletions.
11 changes: 8 additions & 3 deletions Makefile
View file
Original file line number Diff line number Diff line change
Expand Up @@ -226,8 +226,7 @@ ZIG_DIR := fiat-zig/src/

# Java only really supports 32-bit builds, because we have neither 64x64->64x64 multiplication, nor uint128
# Java also requires that class names match file names
# from https://stackoverflow.com/q/42925485/377022
to_title_case = $(shell echo '$(1)' | sed 's/.*/\L&/; s/[a-z]*/\u&/g')
to_title_case = $(shell echo '$(1)' | awk '{split($$0,w,"");u=1;for(i=1;i<=length(w);i++){c=tolower(w[i]);if(u)c=toupper(c);u=0;if(c~/[a-zA-Z0-9]/)printf("%s",c);if(c~/[^a-zA-Z]/)u=1;}}')
empty=
space=$(empty) $(empty)
JAVA_RENAME = $(foreach i,$(patsubst %_32,%,$(filter %_32,$(1))),Fiat$(subst $(space),,$(call to_title_case,$(subst _, ,$(i)))))
Expand Down Expand Up @@ -293,8 +292,14 @@ $(foreach bw,64 32,$(eval $(call add_curve_keys,p384_$(bw),WORD_BY_WORD_MONTGOME
$(foreach bw,64 32,$(eval $(call add_curve_keys,p224_$(bw),WORD_BY_WORD_MONTGOMERY,'p224',$(bw),'2^224 - 2^96 + 1',$(WORD_BY_WORD_MONTGOMERY_FUNCTIONS),WORD_BY_WORD_MONTGOMERY)))
$(foreach bw,64,$(eval $(call add_curve_keys,p434_$(bw),WORD_BY_WORD_MONTGOMERY,'p434',$(bw),'2^216 * 3^137 - 1',$(WORD_BY_WORD_MONTGOMERY_FUNCTIONS),WORD_BY_WORD_MONTGOMERY))) # 32 is a bit too heavy

$(foreach bw,64 32,$(eval $(call add_curve_keys,curve25519_scalar_$(bw),WORD_BY_WORD_MONTGOMERY,'25519_scalar',$(bw),'2^252 + 27742317777372353535851937790883648493',$(WORD_BY_WORD_MONTGOMERY_FUNCTIONS),WORD_BY_WORD_MONTGOMERY)))
$(foreach bw,64 32,$(eval $(call add_curve_keys,p256_scalar_$(bw),WORD_BY_WORD_MONTGOMERY,'p256_scalar',$(bw),'2^256 - 2^224 + 2^192 - 89188191075325690597107910205041859247',$(WORD_BY_WORD_MONTGOMERY_FUNCTIONS),WORD_BY_WORD_MONTGOMERY)))
$(foreach bw,64 32,$(eval $(call add_curve_keys,p384_scalar_$(bw),WORD_BY_WORD_MONTGOMERY,'p384_scalar',$(bw),'2^384 - 1388124618062372383947042015309946732620727252194336364173',$(WORD_BY_WORD_MONTGOMERY_FUNCTIONS),WORD_BY_WORD_MONTGOMERY)))
$(foreach bw,64 32,$(eval $(call add_curve_keys,secp256k1_scalar_$(bw),WORD_BY_WORD_MONTGOMERY,'secp256k1_scalar',$(bw),'2^256 - 432420386565659656852420866394968145599',$(WORD_BY_WORD_MONTGOMERY_FUNCTIONS),WORD_BY_WORD_MONTGOMERY)))

# Files taking 30s or less
LITE_BASE_FILES := curve25519_64 poly1305_64 poly1305_32 p256_64 secp256k1_64 p384_64 p224_32 p434_64 p448_solinas_64 secp256k1_32 p256_32 p448_solinas_32
LITE_BASE_FILES := curve25519_64 poly1305_64 poly1305_32 p256_64 secp256k1_64 p384_64 p224_32 p434_64 p448_solinas_64 secp256k1_32 p256_32 p448_solinas_32 \
curve25519_scalar_64 p256_scalar_64 secp256k1_scalar_64 p384_scalar_64 secp256k1_scalar_32 p256_scalar_32

EXTRA_C_FILES := inversion/c/*_test.c

Expand Down
6 changes: 5 additions & 1 deletion fiat-amd64/gentest.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -20,11 +20,15 @@ def removeprefix(s, prefix):
poly1305=('3', '2^130 - 5'))

montgomeryprimes = dict(
curve25519_scalar='2^252 + 27742317777372353535851937790883648493',
p224='2^224 - 2^96 + 1',
p256='2^256 - 2^224 + 2^192 + 2^96 - 1',
p256_scalar='2^256 - 2^224 + 2^192 - 89188191075325690597107910205041859247',
p384='2^384 - 2^128 - 2^96 + 2^32 - 1',
p384_scalar='2^384 - 1388124618062372383947042015309946732620727252194336364173',
p434='2^216 * 3^137 - 1',
secp256k1='2^256 - 2^32 - 977')
secp256k1='2^256 - 2^32 - 977',
secp256k1_scalar='2^256 - 432420386565659656852420866394968145599')

output_makefile = ('--makefile' in sys.argv[1:])
asm_files = tuple(i for i in sys.argv[1:] if i not in ('--makefile',))
Expand Down
4,976 changes: 4,976 additions & 0 deletions fiat-bedrock2/src/curve25519_scalar_32.c
View file

Large diffs are not rendered by default.

1,984 changes: 1,984 additions & 0 deletions fiat-bedrock2/src/curve25519_scalar_64.c
View file

Large diffs are not rendered by default.

5,562 changes: 5,562 additions & 0 deletions fiat-bedrock2/src/p256_scalar_32.c
View file

Large diffs are not rendered by default.

2,163 changes: 2,163 additions & 0 deletions fiat-bedrock2/src/p256_scalar_64.c
View file

Large diffs are not rendered by default.

11,823 changes: 11,823 additions & 0 deletions fiat-bedrock2/src/p384_scalar_32.c
View file

Large diffs are not rendered by default.

3,867 changes: 3,867 additions & 0 deletions fiat-bedrock2/src/p384_scalar_64.c
View file

Large diffs are not rendered by default.

5,871 changes: 5,871 additions & 0 deletions fiat-bedrock2/src/secp256k1_scalar_32.c
View file

Large diffs are not rendered by default.

2,175 changes: 2,175 additions & 0 deletions fiat-bedrock2/src/secp256k1_scalar_64.c
View file

Large diffs are not rendered by default.

Loading

0 comments on commit ca7c56d

Please sign in to comment.