Skip to content

Commit

Permalink
Prefix all the SIKE symbols.
Browse files Browse the repository at this point in the history 
I should have noticed this previously, but the SIKE code was exporting
symbols called generic things like “params”. They're not dynamically
exported, but BoringSSL is often statically linked so better to ensure
that these things are prefixed to avoid the risk of collisions.

Change-Id: I3a942dbc8f4eab703d5f1d6898f67513fd7b578c
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/36745
Commit-Queue: Adam Langley <agl@google.com>
Commit-Queue: David Benjamin <davidben@google.com>
Reviewed-by: David Benjamin <davidben@google.com>
  • Loading branch information
@agl
agl authored and CQ bot account: commit-bot@chromium.org committed Jul 19, 2019
1 parent 1a3178c commit 07432f3
Show file tree
Hide file tree
Showing 7 changed files with 101 additions and 101 deletions.
12 changes: 6 additions & 6 deletions third_party/sike/asm/fp_generic.c
View file
Expand Up @@ -13,7 +13,7 @@
#include "../fpx.h"

// Global constants
extern const struct params_t params;
extern const struct params_t sike_params;

static void digit_x_digit(const crypto_word_t a, const crypto_word_t b, crypto_word_t* c)
{ // Digit multiplication, digit * digit -> 2-digit result
Expand Down Expand Up @@ -62,13 +62,13 @@ void sike_fpadd(const felm_t a, const felm_t b, felm_t c)

carry = 0;
for (i = 0; i < NWORDS_FIELD; i++) {
SUBC(carry, c[i], params.prime_x2[i], carry, c[i]);
SUBC(carry, c[i], sike_params.prime_x2[i], carry, c[i]);
}
mask = 0 - (crypto_word_t)carry;

carry = 0;
for (i = 0; i < NWORDS_FIELD; i++) {
ADDC(carry, c[i], params.prime_x2[i] & mask, carry, c[i]);
ADDC(carry, c[i], sike_params.prime_x2[i] & mask, carry, c[i]);
}
}

Expand All @@ -86,7 +86,7 @@ void sike_fpsub(const felm_t a, const felm_t b, felm_t c)

borrow = 0;
for (i = 0; i < NWORDS_FIELD; i++) {
ADDC(borrow, c[i], params.prime_x2[i] & mask, borrow, c[i]);
ADDC(borrow, c[i], sike_params.prime_x2[i] & mask, borrow, c[i]);
}
}

Expand Down Expand Up @@ -139,7 +139,7 @@ void sike_fprdc(felm_t ma, felm_t mc)
for (i = 0; i < NWORDS_FIELD; i++) {
for (j = 0; j < i; j++) {
if (j < (i-ZERO_WORDS+1)) {
MUL(mc[j], params.prime_p1[i-j], UV+1, UV[0]);
MUL(mc[j], sike_params.prime_p1[i-j], UV+1, UV[0]);
ADDC(0, UV[0], v, carry, v);
ADDC(carry, UV[1], u, carry, u);
t += carry;
Expand All @@ -160,7 +160,7 @@ void sike_fprdc(felm_t ma, felm_t mc)
}
for (j = i-NWORDS_FIELD+1; j < NWORDS_FIELD; j++) {
if (j < (NWORDS_FIELD-count)) {
MUL(mc[j], params.prime_p1[i-j], UV+1, UV[0]);
MUL(mc[j], sike_params.prime_p1[i-j], UV+1, UV[0]);
ADDC(0, UV[0], v, carry, v);
ADDC(carry, UV[1], u, carry, u);
t += carry;
Expand Down
2 changes: 1 addition & 1 deletion third_party/sike/curve_params.c
View file
Expand Up @@ -7,7 +7,7 @@
#include "utils.h"

// Parameters for isogeny system "SIKE"
const struct params_t params = {
const struct params_t sike_params = {
.prime = {
U64_TO_WORDS(0xFFFFFFFFFFFFFFFF), U64_TO_WORDS(0xFFFFFFFFFFFFFFFF),
U64_TO_WORDS(0xFFFFFFFFFFFFFFFF), U64_TO_WORDS(0xFDC1767AE2FFFFFF),
Expand Down
12 changes: 6 additions & 6 deletions third_party/sike/fpx.c
View file
Expand Up @@ -8,7 +8,7 @@
#include "utils.h"
#include "fpx.h"

extern const struct params_t params;
extern const struct params_t sike_params;

// Multiprecision squaring, c = a^2 mod p.
static void fpsqr_mont(const felm_t ma, felm_t mc)
Expand Down Expand Up @@ -205,7 +205,7 @@ void sike_fp2sqr_mont(const f2elm_t a, f2elm_t c) {
void sike_fpneg(felm_t a) {
uint32_t borrow = 0;
for (size_t i = 0; i < NWORDS_FIELD; i++) {
SUBC(borrow, params.prime_x2[i], a[i], borrow, a[i]);
SUBC(borrow, sike_params.prime_x2[i], a[i], borrow, a[i]);
}
}

Expand All @@ -218,7 +218,7 @@ void sike_fpdiv2(const felm_t a, felm_t c) {

mask = 0 - (crypto_word_t)(a[0] & 1); // If a is odd compute a+p503
for (size_t i = 0; i < NWORDS_FIELD; i++) {
ADDC(carry, a[i], params.prime[i] & mask, carry, c[i]);
ADDC(carry, a[i], sike_params.prime[i] & mask, carry, c[i]);
}

// Multiprecision right shift by one.
Expand All @@ -234,13 +234,13 @@ void sike_fpcorrection(felm_t a) {
crypto_word_t mask;

for (size_t i = 0; i < NWORDS_FIELD; i++) {
SUBC(borrow, a[i], params.prime[i], borrow, a[i]);
SUBC(borrow, a[i], sike_params.prime[i], borrow, a[i]);
}
mask = 0 - (crypto_word_t)borrow;

borrow = 0;
for (size_t i = 0; i < NWORDS_FIELD; i++) {
ADDC(borrow, a[i], params.prime[i] & mask, borrow, a[i]);
ADDC(borrow, a[i], sike_params.prime[i] & mask, borrow, a[i]);
}
}

Expand All @@ -261,7 +261,7 @@ void sike_fp2mul_mont(const f2elm_t a, const f2elm_t b, f2elm_t c) {
mask = mp_subfast(tt1, tt2, tt1); // tt1 = a0*b0 - a1*b1. If tt1 < 0 then mask = 0xFF..F, else if tt1 >= 0 then mask = 0x00..0

for (size_t i = 0; i < NWORDS_FIELD; i++) {
t1[i] = params.prime[i] & mask;
t1[i] = sike_params.prime[i] & mask;
}

sike_fprdc(tt3, c->c1); // c[1] = (a0+a1)*(b0+b1) - a0*b0 - a1*b1
Expand Down
10 changes: 5 additions & 5 deletions third_party/sike/fpx.h
View file
Expand Up @@ -96,11 +96,11 @@ do { \

// Conversion of a GF(p^2) element to Montgomery representation,
// mc_i = a_i*R^2*R^(-1) = a_i*R in GF(p^2).
#define sike_to_fp2mont(a, mc) \
do { \
sike_fpmul_mont(a->c0, params.mont_R2, mc->c0); \
sike_fpmul_mont(a->c1, params.mont_R2, mc->c1); \
} while(0)
#define sike_to_fp2mont(a, mc) \
do { \
sike_fpmul_mont(a->c0, sike_params.mont_R2, mc->c0); \
sike_fpmul_mont(a->c1, sike_params.mont_R2, mc->c1); \
} while (0)

// Conversion of a GF(p^2) element from Montgomery representation to standard representation,
// c_i = ma_i*R^(-1) = a_i in GF(p^2).
Expand Down
28 changes: 14 additions & 14 deletions third_party/sike/isogeny.c
View file
Expand Up @@ -25,7 +25,7 @@ static void xDBL(const point_proj_t P, point_proj_t Q, const f2elm_t A24plus, co
sike_fp2mul_mont(Q->Z, t1, Q->Z); // Z2 = [A24plus*[(X1+Z1)^2-(X1-Z1)^2] + C24*(X1-Z1)^2]*[(X1+Z1)^2-(X1-Z1)^2]
}

void xDBLe(const point_proj_t P, point_proj_t Q, const f2elm_t A24plus, const f2elm_t C24, size_t e)
void sike_xDBLe(const point_proj_t P, point_proj_t Q, const f2elm_t A24plus, const f2elm_t C24, size_t e)
{ // Computes [2^e](X:Z) on Montgomery curve with projective constant via e repeated doublings.
// Input: projective Montgomery x-coordinates P = (XP:ZP), such that xP=XP/ZP and Montgomery curve constants A+2C and 4C.
// Output: projective Montgomery x-coordinates Q <- (2^e)*P.
Expand All @@ -36,7 +36,7 @@ void xDBLe(const point_proj_t P, point_proj_t Q, const f2elm_t A24plus, const f2
}
}

void get_4_isog(const point_proj_t P, f2elm_t A24plus, f2elm_t C24, f2elm_t* coeff)
void sike_get_4_isog(const point_proj_t P, f2elm_t A24plus, f2elm_t C24, f2elm_t* coeff)
{ // Computes the corresponding 4-isogeny of a projective Montgomery point (X4:Z4) of order 4.
// Input: projective point of order four P = (X4:Z4).
// Output: the 4-isogenous Montgomery curve with projective coefficients A+2C/4C and the 3 coefficients
Expand All @@ -53,7 +53,7 @@ void get_4_isog(const point_proj_t P, f2elm_t A24plus, f2elm_t C24, f2elm_t* coe
sike_fp2sqr_mont(A24plus, A24plus); // A24plus = 4*X4^4
}

void eval_4_isog(point_proj_t P, f2elm_t* coeff)
void sike_eval_4_isog(point_proj_t P, f2elm_t* coeff)
{ // Evaluates the isogeny at the point (X:Z) in the domain of the isogeny, given a 4-isogeny phi defined
// by the 3 coefficients in coeff (computed in the function get_4_isog()).
// Inputs: the coefficients defining the isogeny, and the projective point P = (X:Z).
Expand All @@ -77,7 +77,7 @@ void eval_4_isog(point_proj_t P, f2elm_t* coeff)
}


void xTPL(const point_proj_t P, point_proj_t Q, const f2elm_t A24minus, const f2elm_t A24plus)
void sike_xTPL(const point_proj_t P, point_proj_t Q, const f2elm_t A24minus, const f2elm_t A24plus)
{ // Tripling of a Montgomery point in projective coordinates (X:Z).
// Input: projective Montgomery x-coordinates P = (X:Z), where x=X/Z and Montgomery curve constants A24plus = A+2C and A24minus = A-2C.
// Output: projective Montgomery x-coordinates Q = 3*P = (X3:Z3).
Expand Down Expand Up @@ -107,17 +107,17 @@ void xTPL(const point_proj_t P, point_proj_t Q, const f2elm_t A24minus, const f2
sike_fp2mul_mont(t0, t1, Q->Z); // Z3 = 2*Z*t1
}

void xTPLe(const point_proj_t P, point_proj_t Q, const f2elm_t A24minus, const f2elm_t A24plus, size_t e)
void sike_xTPLe(const point_proj_t P, point_proj_t Q, const f2elm_t A24minus, const f2elm_t A24plus, size_t e)
{ // Computes [3^e](X:Z) on Montgomery curve with projective constant via e repeated triplings.
// Input: projective Montgomery x-coordinates P = (XP:ZP), such that xP=XP/ZP and Montgomery curve constants A24plus = A+2C and A24minus = A-2C.
// Output: projective Montgomery x-coordinates Q <- (3^e)*P.
memmove(Q, P, sizeof(*P));
for (size_t i = 0; i < e; i++) {
xTPL(Q, Q, A24minus, A24plus);
sike_xTPL(Q, Q, A24minus, A24plus);
}
}

void get_3_isog(const point_proj_t P, f2elm_t A24minus, f2elm_t A24plus, f2elm_t* coeff)
void sike_get_3_isog(const point_proj_t P, f2elm_t A24minus, f2elm_t A24plus, f2elm_t* coeff)
{ // Computes the corresponding 3-isogeny of a projective Montgomery point (X3:Z3) of order 3.
// Input: projective point of order three P = (X3:Z3).
// Output: the 3-isogenous Montgomery curve with projective coefficient A/C.
Expand Down Expand Up @@ -146,7 +146,7 @@ void get_3_isog(const point_proj_t P, f2elm_t A24minus, f2elm_t A24plus, f2elm_t
}


void eval_3_isog(point_proj_t Q, f2elm_t* coeff)
void sike_eval_3_isog(point_proj_t Q, f2elm_t* coeff)
{ // Computes the 3-isogeny R=phi(X:Z), given projective point (X3:Z3) of order 3 on a Montgomery curve and
// a point P with 2 coefficients in coeff (computed in the function get_3_isog()).
// Inputs: projective points P = (X3:Z3) and Q = (X:Z).
Expand All @@ -166,7 +166,7 @@ void eval_3_isog(point_proj_t Q, f2elm_t* coeff)
}


void inv_3_way(f2elm_t z1, f2elm_t z2, f2elm_t z3)
void sike_inv_3_way(f2elm_t z1, f2elm_t z2, f2elm_t z3)
{ // 3-way simultaneous inversion
// Input: z1,z2,z3
// Output: 1/z1,1/z2,1/z3 (override inputs).
Expand All @@ -183,14 +183,14 @@ void inv_3_way(f2elm_t z1, f2elm_t z2, f2elm_t z3)
}


void get_A(const f2elm_t xP, const f2elm_t xQ, const f2elm_t xR, f2elm_t A)
void sike_get_A(const f2elm_t xP, const f2elm_t xQ, const f2elm_t xR, f2elm_t A)
{ // Given the x-coordinates of P, Q, and R, returns the value A corresponding to the Montgomery curve E_A: y^2=x^3+A*x^2+x such that R=Q-P on E_A.
// Input: the x-coordinates xP, xQ, and xR of the points P, Q and R.
// Output: the coefficient A corresponding to the curve E_A: y^2=x^3+A*x^2+x.
f2elm_t t0, t1, one = F2ELM_INIT;

extern const struct params_t params;
sike_fpcopy(params.mont_one, one->c0);
extern const struct params_t sike_params;
sike_fpcopy(sike_params.mont_one, one->c0);
sike_fp2add(xP, xQ, t1); // t1 = xP+xQ
sike_fp2mul_mont(xP, xQ, t0); // t0 = xP*xQ
sike_fp2mul_mont(xR, t1, A); // A = xR*t1
Expand All @@ -207,7 +207,7 @@ void get_A(const f2elm_t xP, const f2elm_t xQ, const f2elm_t xR, f2elm_t A)
}


void j_inv(const f2elm_t A, const f2elm_t C, f2elm_t jinv)
void sike_j_inv(const f2elm_t A, const f2elm_t C, f2elm_t jinv)
{ // Computes the j-invariant of a Montgomery curve with projective constant.
// Input: A,C in GF(p^2).
// Output: j=256*(A^2-3*C^2)^3/(C^4*(A^2-4*C^2)), which is the j-invariant of the Montgomery curve B*y^2=x^3+(A/C)*x^2+x or (equivalently) j-invariant of B'*y^2=C*x^3+A*x^2+C*x.
Expand All @@ -232,7 +232,7 @@ void j_inv(const f2elm_t A, const f2elm_t C, f2elm_t jinv)
}


void xDBLADD(point_proj_t P, point_proj_t Q, const f2elm_t xPQ, const f2elm_t A24)
void sike_xDBLADD(point_proj_t P, point_proj_t Q, const f2elm_t xPQ, const f2elm_t A24)
{ // Simultaneous doubling and differential addition.
// Input: projective Montgomery points P=(XP:ZP) and Q=(XQ:ZQ) such that xP=XP/ZP and xQ=XQ/ZQ, affine difference xPQ=x(P-Q) and Montgomery curve constant A24=(A+2)/4.
// Output: projective Montgomery points P <- 2*P = (X2P:Z2P) such that x(2P)=X2P/Z2P, and Q <- P+Q = (XQP:ZQP) such that = x(Q+P)=XQP/ZQP.
Expand Down
22 changes: 11 additions & 11 deletions third_party/sike/isogeny.h
View file
Expand Up @@ -3,47 +3,47 @@

// Computes [2^e](X:Z) on Montgomery curve with projective
// constant via e repeated doublings.
void xDBLe(
void sike_xDBLe(
const point_proj_t P, point_proj_t Q, const f2elm_t A24plus,
const f2elm_t C24, size_t e);
// Simultaneous doubling and differential addition.
void xDBLADD(
void sike_xDBLADD(
point_proj_t P, point_proj_t Q, const f2elm_t xPQ,
const f2elm_t A24);
// Tripling of a Montgomery point in projective coordinates (X:Z).
void xTPL(
void sike_xTPL(
const point_proj_t P, point_proj_t Q, const f2elm_t A24minus,
const f2elm_t A24plus);
// Computes [3^e](X:Z) on Montgomery curve with projective constant
// via e repeated triplings.
void xTPLe(
void sike_xTPLe(
const point_proj_t P, point_proj_t Q, const f2elm_t A24minus,
const f2elm_t A24plus, size_t e);
// Given the x-coordinates of P, Q, and R, returns the value A
// corresponding to the Montgomery curve E_A: y^2=x^3+A*x^2+x such that R=Q-P on E_A.
void get_A(
void sike_get_A(
const f2elm_t xP, const f2elm_t xQ, const f2elm_t xR, f2elm_t A);
// Computes the j-invariant of a Montgomery curve with projective constant.
void j_inv(
void sike_j_inv(
const f2elm_t A, const f2elm_t C, f2elm_t jinv);
// Computes the corresponding 4-isogeny of a projective Montgomery
// point (X4:Z4) of order 4.
void get_4_isog(
void sike_get_4_isog(
const point_proj_t P, f2elm_t A24plus, f2elm_t C24, f2elm_t* coeff);
// Computes the corresponding 3-isogeny of a projective Montgomery
// point (X3:Z3) of order 3.
void get_3_isog(
void sike_get_3_isog(
const point_proj_t P, f2elm_t A24minus, f2elm_t A24plus,
f2elm_t* coeff);
// Computes the 3-isogeny R=phi(X:Z), given projective point (X3:Z3)
// of order 3 on a Montgomery curve and a point P with coefficients given in coeff.
void eval_3_isog(
void sike_eval_3_isog(
point_proj_t Q, f2elm_t* coeff);
// Evaluates the isogeny at the point (X:Z) in the domain of the isogeny.
void eval_4_isog(
void sike_eval_4_isog(
point_proj_t P, f2elm_t* coeff);
// 3-way simultaneous inversion
void inv_3_way(
void sike_inv_3_way(
f2elm_t z1, f2elm_t z2, f2elm_t z3);

#endif // ISOGENY_H_

0 comments on commit 07432f3

Please sign in to comment.