Commit 60fe8dfa authored by Benoit Viguier's avatar Benoit Viguier
Browse files

WIP

parent 08b93818
--- tweetnacl.c 2019-07-31 14:05:27.916394829 +0200
+++ tweetnaclVerifiableC.c 2020-01-21 16:00:28.190032713 +0100
@@ -5,7 +5,7 @@
typedef unsigned char u8;
@@ -6,5 +6,5 @@
typedef unsigned long u32;
typedef unsigned long long u64;
@@ We tell VST that long long
@@ are aligned on 8 bytes.
-typedef long long i64;
+typedef long long i64 __attribute__((aligned(8)));
typedef i64 gf[16];
extern void randombytes(u8 *,u64);
@@ -273,18 +273,16 @@
@@ We remove the undefined behavior and
@@ simplify the carry propagation.
sv car25519(gf o)
@@ -274,16 +274,14 @@
{
int i;
- i64 c;
......@@ -28,24 +21,17 @@
}
}
@@ b is a mask of 64 bits.
-sv sel25519(gf p,gf q,int b)
+sv sel25519(gf p,gf q,i64 b)
{
@@ For-loop indexes have to be int.
- i64 t,i,c=~(b-1);
+ int i;
+ i64 t,c=~(b-1);
FOR(i,16) {
t= c&(p[i]^q[i]);
p[i]^=t;
@@ -294,9 +292,10 @@
@@ -295,7 +293,8 @@
sv pack25519(u8 *o,const gf n)
{
@@ For-loop indexes have to be int.
@@ b is a 64 bit mask.
@@ Initialize m to simplify verification.
- int i,j,b;
- gf m,t;
- FOR(i,16) t[i]=n[i];
......@@ -55,46 +41,32 @@
+ set25519(t,n);
car25519(t);
car25519(t);
car25519(t);
@@ -309,7 +308,8 @@
m[15]=t[15]-0x7fff-((m[14]>>16)&1);
@@ -310,5 +309,6 @@
b=(m[15]>>16)&1;
m[14]&=0xffff;
@@ Computations in arguments
@@ are not allowed in VST.
- sel25519(t,m,1-b);
+ b=1-b;
+ sel25519(t,m,b);
}
FOR(i,16) {
o[2*i]=t[i]&0xff;
@@ -353,7 +353,8 @@
@@ -354,5 +354,6 @@
sv M(gf o,const gf a,const gf b)
{
@@ For-loop indexes have to be int.
- i64 i,j,t[31];
+ int i,j;
+ i64 t[31];
FOR(i,31) t[i]=0;
FOR(i,16) FOR(j,16) t[i+j]+=a[i]*b[j];
FOR(i,15) t[i]+=38*t[i+16];
@@ -371,7 +372,7 @@
{
@@ -372,5 +373,5 @@
gf c;
int a;
@@ gain 5 bytes.
- FOR(a,16) c[a]=i[a];
+ set25519(c,i);
for(a=253;a>=0;a--) {
S(c,c);
if(a!=2&&a!=4) M(c,c,i);
@@ -394,8 +395,9 @@
int crypto_scalarmult(u8 *q,const u8 *n,const u8 *p)
@@ -395,6 +396,7 @@
{
u8 z[32];
@@ x only needs gf.
@@ For-loop indexes have to be int.
- i64 x[80],r,i;
- gf a,b,c,d,e,f;
+ i64 r;
......@@ -102,12 +74,9 @@
+ gf x,a,b,c,d,e,f;
FOR(i,31) z[i]=n[i];
z[31]=(n[31]&127)|64;
z[0]&=248;
@@ -430,15 +432,9 @@
sel25519(a,b,r);
@@ -431,13 +433,7 @@
sel25519(c,d,r);
}
@@ simplify
- FOR(i,16) {
- x[i+16]=a[i];
- x[i+32]=c[i];
......@@ -122,4 +91,3 @@
+ pack25519(q,a);
return 0;
}
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment