frost/secp256k1-zkp
3
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Convert field code to strict C89 (+ long long, +__int128)

Browse Source 
This makes the software more portable to embedded systems
 and static analysis tools.

Sadly, it can't result in identical binaries because C99 mixed
 declarations seem to make GCC emit superfluous stack-pointer
 updates. The compiler is also somewhat dependent on the
 declaration order.
This commit is contained in:
Gregory Maxwell
2015-01-23 05:48:27 +00:00
parent 3627437d80
commit 25b35c7ecb
4 changed files with 190 additions and 147 deletions
Download Patch File Download Diff File Expand all files Collapse all files

113
src/field_impl.h
View File

@@ -22,16 +22,18 @@
#endif
static void secp256k1_fe_get_hex(char *r, int *rlen, const secp256k1_fe_t *a) {
secp256k1_fe_t b;
int i;
unsigned char tmp[32];
if (*rlen < 65) {
*rlen = 65;
return;
}
*rlen = 65;
unsigned char tmp[32];
secp256k1_fe_t b = *a;
b = *a;
secp256k1_fe_normalize(&b);
secp256k1_fe_get_b32(tmp, &b);
for (int i=0; i<32; i++) {
for (i=0; i<32; i++) {
static const char *c = "0123456789ABCDEF";
r[2*i] = c[(tmp[i] >> 4) & 0xF];
r[2*i+1] = c[(tmp[i]) & 0xF];
@@ -40,6 +42,7 @@ static void secp256k1_fe_get_hex(char *r, int *rlen, const secp256k1_fe_t *a) {
}
static int secp256k1_fe_set_hex(secp256k1_fe_t *r, const char *a, int alen) {
int i;
unsigned char tmp[32] = {0};
static const int cvt[256] = {0, 0, 0, 0, 0, 0, 0,0,0,0,0,0,0,0,0,0,
0, 0, 0, 0, 0, 0, 0,0,0,0,0,0,0,0,0,0,
@@ -57,7 +60,7 @@ static int secp256k1_fe_set_hex(secp256k1_fe_t *r, const char *a, int alen) {
0, 0, 0, 0, 0, 0, 0,0,0,0,0,0,0,0,0,0,
0, 0, 0, 0, 0, 0, 0,0,0,0,0,0,0,0,0,0,
0, 0, 0, 0, 0, 0, 0,0,0,0,0,0,0,0,0,0};
for (int i=0; i<32; i++) {
for (i=0; i<32; i++) {
if (alen > i*2)
tmp[32 - alen/2 + i] = (cvt[(unsigned char)a[2*i]] << 4) + cvt[(unsigned char)a[2*i+1]];
}
@@ -72,62 +75,62 @@ SECP256K1_INLINE static int secp256k1_fe_equal_var(const secp256k1_fe_t *a, cons
}
static int secp256k1_fe_sqrt_var(secp256k1_fe_t *r, const secp256k1_fe_t *a) {
secp256k1_fe_t x2, x3, x6, x9, x11, x22, x44, x88, x176, x220, x223, t1;
int j;
/** The binary representation of (p + 1)/4 has 3 blocks of 1s, with lengths in
* { 2, 22, 223 }. Use an addition chain to calculate 2^n - 1 for each block:
* 1, [2], 3, 6, 9, 11, [22], 44, 88, 176, 220, [223]
*/
secp256k1_fe_t x2;
secp256k1_fe_sqr(&x2, a);
secp256k1_fe_mul(&x2, &x2, a);
secp256k1_fe_t x3;
secp256k1_fe_sqr(&x3, &x2);
secp256k1_fe_mul(&x3, &x3, a);
secp256k1_fe_t x6 = x3;
for (int j=0; j<3; j++) secp256k1_fe_sqr(&x6, &x6);
x6 = x3;
for (j=0; j<3; j++) secp256k1_fe_sqr(&x6, &x6);
secp256k1_fe_mul(&x6, &x6, &x3);
secp256k1_fe_t x9 = x6;
for (int j=0; j<3; j++) secp256k1_fe_sqr(&x9, &x9);
x9 = x6;
for (j=0; j<3; j++) secp256k1_fe_sqr(&x9, &x9);
secp256k1_fe_mul(&x9, &x9, &x3);
secp256k1_fe_t x11 = x9;
for (int j=0; j<2; j++) secp256k1_fe_sqr(&x11, &x11);
x11 = x9;
for (j=0; j<2; j++) secp256k1_fe_sqr(&x11, &x11);
secp256k1_fe_mul(&x11, &x11, &x2);
secp256k1_fe_t x22 = x11;
for (int j=0; j<11; j++) secp256k1_fe_sqr(&x22, &x22);
x22 = x11;
for (j=0; j<11; j++) secp256k1_fe_sqr(&x22, &x22);
secp256k1_fe_mul(&x22, &x22, &x11);
secp256k1_fe_t x44 = x22;
for (int j=0; j<22; j++) secp256k1_fe_sqr(&x44, &x44);
x44 = x22;
for (j=0; j<22; j++) secp256k1_fe_sqr(&x44, &x44);
secp256k1_fe_mul(&x44, &x44, &x22);
secp256k1_fe_t x88 = x44;
for (int j=0; j<44; j++) secp256k1_fe_sqr(&x88, &x88);
x88 = x44;
for (j=0; j<44; j++) secp256k1_fe_sqr(&x88, &x88);
secp256k1_fe_mul(&x88, &x88, &x44);
secp256k1_fe_t x176 = x88;
for (int j=0; j<88; j++) secp256k1_fe_sqr(&x176, &x176);
x176 = x88;
for (j=0; j<88; j++) secp256k1_fe_sqr(&x176, &x176);
secp256k1_fe_mul(&x176, &x176, &x88);
secp256k1_fe_t x220 = x176;
for (int j=0; j<44; j++) secp256k1_fe_sqr(&x220, &x220);
x220 = x176;
for (j=0; j<44; j++) secp256k1_fe_sqr(&x220, &x220);
secp256k1_fe_mul(&x220, &x220, &x44);
secp256k1_fe_t x223 = x220;
for (int j=0; j<3; j++) secp256k1_fe_sqr(&x223, &x223);
x223 = x220;
for (j=0; j<3; j++) secp256k1_fe_sqr(&x223, &x223);
secp256k1_fe_mul(&x223, &x223, &x3);
/* The final result is then assembled using a sliding window over the blocks. */
secp256k1_fe_t t1 = x223;
for (int j=0; j<23; j++) secp256k1_fe_sqr(&t1, &t1);
t1 = x223;
for (j=0; j<23; j++) secp256k1_fe_sqr(&t1, &t1);
secp256k1_fe_mul(&t1, &t1, &x22);
for (int j=0; j<6; j++) secp256k1_fe_sqr(&t1, &t1);
for (j=0; j<6; j++) secp256k1_fe_sqr(&t1, &t1);
secp256k1_fe_mul(&t1, &t1, &x2);
secp256k1_fe_sqr(&t1, &t1);
secp256k1_fe_sqr(r, &t1);
@@ -139,66 +142,66 @@ static int secp256k1_fe_sqrt_var(secp256k1_fe_t *r, const secp256k1_fe_t *a) {
}
static void secp256k1_fe_inv(secp256k1_fe_t *r, const secp256k1_fe_t *a) {
secp256k1_fe_t x2, x3, x6, x9, x11, x22, x44, x88, x176, x220, x223, t1;
int j;
/** The binary representation of (p - 2) has 5 blocks of 1s, with lengths in
* { 1, 2, 22, 223 }. Use an addition chain to calculate 2^n - 1 for each block:
* [1], [2], 3, 6, 9, 11, [22], 44, 88, 176, 220, [223]
*/
secp256k1_fe_t x2;
secp256k1_fe_sqr(&x2, a);
secp256k1_fe_mul(&x2, &x2, a);
secp256k1_fe_t x3;
secp256k1_fe_sqr(&x3, &x2);
secp256k1_fe_mul(&x3, &x3, a);
secp256k1_fe_t x6 = x3;
for (int j=0; j<3; j++) secp256k1_fe_sqr(&x6, &x6);
x6 = x3;
for (j=0; j<3; j++) secp256k1_fe_sqr(&x6, &x6);
secp256k1_fe_mul(&x6, &x6, &x3);
secp256k1_fe_t x9 = x6;
for (int j=0; j<3; j++) secp256k1_fe_sqr(&x9, &x9);
x9 = x6;
for (j=0; j<3; j++) secp256k1_fe_sqr(&x9, &x9);
secp256k1_fe_mul(&x9, &x9, &x3);
secp256k1_fe_t x11 = x9;
for (int j=0; j<2; j++) secp256k1_fe_sqr(&x11, &x11);
x11 = x9;
for (j=0; j<2; j++) secp256k1_fe_sqr(&x11, &x11);
secp256k1_fe_mul(&x11, &x11, &x2);
secp256k1_fe_t x22 = x11;
for (int j=0; j<11; j++) secp256k1_fe_sqr(&x22, &x22);
x22 = x11;
for (j=0; j<11; j++) secp256k1_fe_sqr(&x22, &x22);
secp256k1_fe_mul(&x22, &x22, &x11);
secp256k1_fe_t x44 = x22;
for (int j=0; j<22; j++) secp256k1_fe_sqr(&x44, &x44);
x44 = x22;
for (j=0; j<22; j++) secp256k1_fe_sqr(&x44, &x44);
secp256k1_fe_mul(&x44, &x44, &x22);
secp256k1_fe_t x88 = x44;
for (int j=0; j<44; j++) secp256k1_fe_sqr(&x88, &x88);
x88 = x44;
for (j=0; j<44; j++) secp256k1_fe_sqr(&x88, &x88);
secp256k1_fe_mul(&x88, &x88, &x44);
secp256k1_fe_t x176 = x88;
for (int j=0; j<88; j++) secp256k1_fe_sqr(&x176, &x176);
x176 = x88;
for (j=0; j<88; j++) secp256k1_fe_sqr(&x176, &x176);
secp256k1_fe_mul(&x176, &x176, &x88);
secp256k1_fe_t x220 = x176;
for (int j=0; j<44; j++) secp256k1_fe_sqr(&x220, &x220);
x220 = x176;
for (j=0; j<44; j++) secp256k1_fe_sqr(&x220, &x220);
secp256k1_fe_mul(&x220, &x220, &x44);
secp256k1_fe_t x223 = x220;
for (int j=0; j<3; j++) secp256k1_fe_sqr(&x223, &x223);
x223 = x220;
for (j=0; j<3; j++) secp256k1_fe_sqr(&x223, &x223);
secp256k1_fe_mul(&x223, &x223, &x3);
/* The final result is then assembled using a sliding window over the blocks. */
secp256k1_fe_t t1 = x223;
for (int j=0; j<23; j++) secp256k1_fe_sqr(&t1, &t1);
t1 = x223;
for (j=0; j<23; j++) secp256k1_fe_sqr(&t1, &t1);
secp256k1_fe_mul(&t1, &t1, &x22);
for (int j=0; j<5; j++) secp256k1_fe_sqr(&t1, &t1);
for (j=0; j<5; j++) secp256k1_fe_sqr(&t1, &t1);
secp256k1_fe_mul(&t1, &t1, a);
for (int j=0; j<3; j++) secp256k1_fe_sqr(&t1, &t1);
for (j=0; j<3; j++) secp256k1_fe_sqr(&t1, &t1);
secp256k1_fe_mul(&t1, &t1, &x2);
for (int j=0; j<2; j++) secp256k1_fe_sqr(&t1, &t1);
for (j=0; j<2; j++) secp256k1_fe_sqr(&t1, &t1);
secp256k1_fe_mul(r, a, &t1);
}
@@ -228,6 +231,8 @@ static void secp256k1_fe_inv_var(secp256k1_fe_t *r, const secp256k1_fe_t *a) {
}
static void secp256k1_fe_inv_all_var(size_t len, secp256k1_fe_t *r, const secp256k1_fe_t *a) {
secp256k1_fe_t u;
size_t i;
if (len < 1)
return;
@@ -235,12 +240,12 @@ static void secp256k1_fe_inv_all_var(size_t len, secp256k1_fe_t *r, const secp25
r[0] = a[0];
size_t i = 0;
i = 0;
while (++i < len) {
secp256k1_fe_mul(&r[i], &r[i - 1], &a[i]);
}
secp256k1_fe_t u; secp256k1_fe_inv_var(&u, &r[--i]);
secp256k1_fe_inv_var(&u, &r[--i]);
while (i > 0) {
int j = i--;