Revert "Merge branch 'main' into clear-stack"

This reverts commit 43b91c3, reversing changes made to db2695c.
formosa-crypto · Oct 13, 2023 · 8f7bb04 · 8f7bb04
1 parent 43b91c3
commit 8f7bb04
Show file tree

Hide file tree

Showing 21 changed files with 284 additions and 402 deletions.
diff --git a/proof/crypto_scalarmult/curve25519/amd64/mulx/extracted_ct_proof.ec b/proof/crypto_scalarmult/curve25519/amd64/mulx/extracted_ct_proof.ec
@@ -2,14 +2,14 @@ require import Extracted_ct.
 
 equiv jade_scalarmult_curve25519_amd64_mulx : 
   M.jade_scalarmult_curve25519_amd64_mulx ~ M.jade_scalarmult_curve25519_amd64_mulx :
-    ={qp, np, pp, M.leakages} ==> ={M.leakages}.
+    ={q, n, p, M.leakages} ==> ={M.leakages}.
 proof.
 proc; inline *; sim => />.
 qed.
 
 equiv jade_scalarmult_curve25519_amd64_mulx_base : 
   M.jade_scalarmult_curve25519_amd64_mulx_base ~ M.jade_scalarmult_curve25519_amd64_mulx_base :
-    ={qp, np, M.leakages} ==> ={M.leakages}.
+    ={q, n, M.leakages} ==> ={M.leakages}.
 proof.
 proc; inline *; sim => />.
 qed.

diff --git a/proof/crypto_scalarmult/curve25519/amd64/ref4/extracted_ct_proof.ec b/proof/crypto_scalarmult/curve25519/amd64/ref4/extracted_ct_proof.ec
@@ -2,14 +2,14 @@ require import Extracted_ct.
 
 equiv jade_scalarmult_curve25519_amd64_ref4 : 
   M.jade_scalarmult_curve25519_amd64_ref4 ~ M.jade_scalarmult_curve25519_amd64_ref4 :
-    ={qp, np, pp, M.leakages} ==> ={M.leakages}.
+    ={q, n, p, M.leakages} ==> ={M.leakages}.
 proof.
 proc; inline *; sim => />.
 qed.
 
 equiv jade_scalarmult_curve25519_amd64_ref4_base : 
   M.jade_scalarmult_curve25519_amd64_ref4_base ~ M.jade_scalarmult_curve25519_amd64_ref4_base :
-    ={qp, np, M.leakages} ==> ={M.leakages}.
+    ={q, n, M.leakages} ==> ={M.leakages}.
 proof.
 proc; inline *; sim => />.
 qed.

diff --git a/proof/crypto_scalarmult/curve25519/amd64/ref5/extracted_ct_proof.ec b/proof/crypto_scalarmult/curve25519/amd64/ref5/extracted_ct_proof.ec
@@ -2,14 +2,14 @@ require import Extracted_ct.
 
 equiv jade_scalarmult_curve25519_amd64_ref5 : 
   M.jade_scalarmult_curve25519_amd64_ref5 ~ M.jade_scalarmult_curve25519_amd64_ref5 :
-    ={qp, np, pp, M.leakages} ==> ={M.leakages}.
+    ={q, n, p, M.leakages} ==> ={M.leakages}.
 proof.
 proc; inline *; sim => />.
 qed.
 
 equiv jade_scalarmult_curve25519_amd64_ref5_base : 
   M.jade_scalarmult_curve25519_amd64_ref5_base ~ M.jade_scalarmult_curve25519_amd64_ref5_base :
-    ={qp, np, M.leakages} ==> ={M.leakages}.
+    ={q, n, M.leakages} ==> ={M.leakages}.
 proof.
 proc; inline *; sim => />.
 qed.

diff --git a/src/crypto_scalarmult/curve25519/amd64/common/51/decode_u5.jinc b/src/crypto_scalarmult/curve25519/amd64/common/51/decode_u5.jinc
diff --git a/src/crypto_scalarmult/curve25519/amd64/common/51/init_points5.jinc b/src/crypto_scalarmult/curve25519/amd64/common/51/init_points5.jinc
diff --git a/src/crypto_scalarmult/curve25519/amd64/common/51/load5.jinc b/src/crypto_scalarmult/curve25519/amd64/common/51/load5.jinc
@@ -0,0 +1,113 @@
+inline fn __decode_u_coordinate5(reg u64 up) -> reg u64[5]
+{
+  inline int i;
+  reg u64[4] t;
+  reg u64[5] u;
+  reg u64 mask;
+
+  for i=0 to 4
+  { t[i] = [up + 8*i]; }
+  mask = 0x7ffffffffffff;
+
+  //u[0] = t[0] & mask; // 51; 13 left
+  u[0] = t[0];
+  u[0] &= mask;
+
+  //u[1] = (t[1] << 13) || (t[0] >> 51) & mask; // 38; 26 left
+  u[1] = t[1];
+  u[1] <<= 13;
+  t[0] >>= 51;
+  u[1] |= t[0];
+  u[1] &= mask;
+
+  //u[2] = (t[2] << 26) || (t[1] >> 38) & mask; // 25; 39 left
+  u[2] = t[2];
+  u[2] <<= 26;
+  t[1] >>= 38;
+  u[2] |= t[1];
+  u[2] &= mask;
+
+  //u[3] = (t[3] << 39) || (t[2] >> 25) & mask; // 12; '52' left
+  u[3] = t[3];
+  u[3] <<= 39;
+  t[2] >>= 25;
+  u[3] |= t[2];
+  u[3] &= mask;
+
+  //u[4] = (t[3] >> 12) & mask;
+  u[4] = t[3];
+  u[4] >>= 12;
+  u[4] &= mask;
+
+  return u;
+}
+
+inline fn __decode_u_coordinate_base5() -> reg u64[5]
+{
+  reg u64[5] u;
+
+  u[0] = 9;
+  u[1] = 0;
+  u[2] = 0;
+  u[3] = 0;
+  u[4] = 0;
+
+  return u;
+}
+
+inline fn __init_points5(
+  reg u64[5] initr)
+  ->
+  stack u64[5],
+  reg   u64[5],
+  stack u64[5],
+  stack u64[5]
+{
+  inline int i;
+  stack u64[5] x2 x3 z3;
+  reg u64[5] z2r;
+  reg u64 z;
+
+  ?{}, z = #set0();
+
+  x2[0] = 1;
+  z2r[0] = 0;
+  x3 = #copy(initr);
+  z3[0] = 1;
+
+  for i=1 to 5
+  { x2[i] = z;
+    z2r[i] = z;
+    z3[i] = z;
+  }
+
+  //     (1,   0, init, 1)
+  return x2, z2r, x3,  z3;
+}
+
+inline fn __init_points5_x3()
+  ->
+  stack u64[5],
+  reg   u64[5],
+  stack u64[5]
+{
+  inline int i;
+  stack u64[5] f1s f3s;
+  reg   u64[5] f2;
+  reg   u64 z;
+
+  ?{}, z = #set0();
+
+  f1s[0] = 1;
+  f2[0]  = 1;
+  f3s[0] = 1;
+
+  for i=1 to 5
+  { f1s[i] = z;
+    f2[i]  = z;
+    f3s[i] = z;
+  }
+
+  return f1s, f2, f3s;
+}
+
diff --git a/src/crypto_scalarmult/curve25519/amd64/common/64/decode_u4.jinc b/src/crypto_scalarmult/curve25519/amd64/common/64/decode_u4.jinc
diff --git a/...ve25519/amd64/common/64/init_points4.jinc → ...ult/curve25519/amd64/common/64/load4.jinc b/...ve25519/amd64/common/64/init_points4.jinc → ...ult/curve25519/amd64/common/64/load4.jinc
@@ -1,3 +1,27 @@
+inline fn __decode_u_coordinate4(reg u64 up) -> reg u64[4]
+{
+  inline int i;
+  reg u64[4] u;
+
+  for i=0 to 4
+  { u[i] = [up + 8*i]; }
+  u[3] &= 0x7fffffffffffffff;
+
+  return u;
+}
+
+inline fn __decode_u_coordinate_base4() -> reg u64[4]
+{
+  reg u64[4] u;
+
+  u[0] = 9;
+  u[1] = 0;
+  u[2] = 0;
+  u[3] = 0;
+
+  return u;
+}
+
 inline fn __init_points4(
   reg u64[4] initr)
   ->

diff --git a/src/crypto_scalarmult/curve25519/amd64/common/decode.jinc b/src/crypto_scalarmult/curve25519/amd64/common/decode.jinc
@@ -0,0 +1,34 @@
+inline fn __decode_scalar(reg u64 kp) -> stack u8[32]
+{
+  inline int i;
+  stack u8[32] k;
+  reg u64 t;
+
+  for i=0 to 4
+  { t = [kp + 8*i];
+    k[u64 i] = t; }
+
+  k[0]  &= 0xf8;
+  k[31] &= 0x7f;
+  k[31] |= 0x40;
+
+  return k;
+}
+
+inline fn __decode_scalar_shl1(reg u64 kp) -> stack u64[4]
+{
+  inline int i;
+  reg u64[4] k;
+  stack u64[4] ks;
+
+  for i=0 to 4
+  { k[i] = [kp + 8*i]; }
+  k[3] <<= 1;
+  k[0] &= 0xfffffffffffffff8;
+  k[3] |= 0x8000000000000000;
+
+  ks = #copy(k);
+
+  return ks;
+}
+
diff --git a/src/crypto_scalarmult/curve25519/amd64/common/decode_scalar.jinc b/src/crypto_scalarmult/curve25519/amd64/common/decode_scalar.jinc