aboutsummaryrefslogtreecommitdiffhomepage
path: root/pyecsca/codegen/templates
diff options
context:
space:
mode:
authorJ08nY2025-10-02 13:48:25 +0200
committerJ08nY2025-10-02 13:48:25 +0200
commit9e4e4c77ec7e23fe7668ab836c89cc7a84c9389a (patch)
treee2e62eca54ce14a148f7c6422575a31ead98761d /pyecsca/codegen/templates
parente179a63fc75055323e2feac09170f7c5cc9f3501 (diff)
downloadpyecsca-codegen-9e4e4c77ec7e23fe7668ab836c89cc7a84c9389a.tar.gz
pyecsca-codegen-9e4e4c77ec7e23fe7668ab836c89cc7a84c9389a.tar.zst
pyecsca-codegen-9e4e4c77ec7e23fe7668ab836c89cc7a84c9389a.zip
Fix bnaf multiplier in codegen.
Diffstat (limited to 'pyecsca/codegen/templates')
-rw-r--r--pyecsca/codegen/templates/mult_bnaf.c53
-rw-r--r--pyecsca/codegen/templates/mult_wnaf.c2
2 files changed, 37 insertions, 18 deletions
diff --git a/pyecsca/codegen/templates/mult_bnaf.c b/pyecsca/codegen/templates/mult_bnaf.c
index d0cafdf..090807c 100644
--- a/pyecsca/codegen/templates/mult_bnaf.c
+++ b/pyecsca/codegen/templates/mult_bnaf.c
@@ -1,15 +1,30 @@
#include "mult.h"
#include "point.h"
-point_t *scalar_mult_ltr(point_t *point, point_t *neg, curve_t *curve, wnaf_t *naf) {
+point_t *scalar_mult_ltr(point_t *point, point_t *neg, curve_t *curve, wnaf_t *naf, size_t bits) {
+ point_t *q;
+ long i;
+ {% if scalarmult.complete %}
+ bn_naf_pad_left(naf, 0, (bits + 1) - naf->length);
+ q = point_copy(curve->neutral);
+ i = 0;
+ {% else %}
+ bn_naf_strip_left(naf, 0);
+ int8_t val = naf->data[0];
+ if (val == 1) {
+ q = point_copy(point);
+ } else if (val == -1) {
+ q = point_copy(neg);
+ }
+ i = 1;
+ {% endif %}
+
{% if scalarmult.always %}
point_t *q_copy = point_new();
- point_t *dummy = point_new();
{% endif %}
-
- point_t *q = point_copy(curve->neutral);
- for (long i = naf->length - 1; i >= 0; i--) {
+ for (; i < naf->length; i++) {
point_dbl(q, curve, q);
+
{% if scalarmult.always %}
point_set(q, q_copy);
{% endif %}
@@ -17,28 +32,32 @@ point_t *scalar_mult_ltr(point_t *point, point_t *neg, curve_t *curve, wnaf_t *n
if (naf->data[i] == 1) {
point_accumulate(q, point, curve, q);
{% if scalarmult.always %}
- point_accumulate(q_copy, neg, curve, dummy);
+ point_accumulate(q_copy, neg, curve, q_copy);
{% endif %}
} else if (naf->data[i] == -1) {
point_accumulate(q, neg, curve, q);
{% if scalarmult.always %}
- point_accumulate(q_copy, point, curve, dummy);
+ point_accumulate(q_copy, point, curve, q_copy);
{% endif %}
}
}
{% if scalarmult.always %}
point_free(q_copy);
- point_free(dummy);
{% endif %}
return q;
}
-point_t* scalar_mult_rtl(point_t *point, point_t *neg, curve_t *curve, wnaf_t *naf) {
+point_t* scalar_mult_rtl(point_t *point, point_t *neg, curve_t *curve, wnaf_t *naf, size_t bits) {
{% if scalarmult.always %}
point_t *r_copy = point_new();
- point_t *dummy = point_new();
{% endif %}
+ {% if scalarmult.complete %}
+ bn_naf_pad_left(naf, 0, (bits + 1) - naf->length);
+ {% endif %}
+
+ bn_naf_reverse(naf);
+
point_t *q = point_copy(point);
point_t *r = point_copy(curve->neutral);
point_t *q_neg = point_new();
@@ -46,17 +65,18 @@ point_t* scalar_mult_rtl(point_t *point, point_t *neg, curve_t *curve, wnaf_t *n
{% if scalarmult.always %}
point_set(r, r_copy);
{% endif %}
+
if (naf->data[i] == 1) {
point_accumulate(r, q, curve, r);
{% if scalarmult.always %}
point_neg(q, curve, q_neg);
- point_accumulate(r_copy, q_neg, curve, dummy);
+ point_accumulate(r_copy, q_neg, curve, r_copy);
{% endif %}
} else if (naf->data[i] == -1) {
point_neg(q, curve, q_neg);
point_accumulate(r, q_neg, curve, r);
{% if scalarmult.always %}
- point_accumulate(r_copy, q, curve, dummy);
+ point_accumulate(r_copy, q, curve, r_copy);
{% endif %}
}
point_dbl(q, curve, q);
@@ -66,7 +86,6 @@ point_t* scalar_mult_rtl(point_t *point, point_t *neg, curve_t *curve, wnaf_t *n
{% if scalarmult.always %}
point_free(r_copy);
- point_free(dummy);
{% endif %}
return r;
}
@@ -74,14 +93,14 @@ point_t* scalar_mult_rtl(point_t *point, point_t *neg, curve_t *curve, wnaf_t *n
static void scalar_mult_inner(bn_t *scalar, point_t *point, curve_t *curve, point_t *out) {
point_t *neg = point_new();
point_neg(point, curve, neg);
- wnaf_t *naf = bn_bnaf(scalar);
- {# TODO: Handle the ".complete" option #}
+ wnaf_t *naf = bn_bnaf(scalar);
+ size_t bits = bn_bit_length(&curve->n);
{% if scalarmult.direction == ProcessingDirection.LTR %}
- point_t *q = scalar_mult_ltr(point, neg, curve, naf);
+ point_t *q = scalar_mult_ltr(point, neg, curve, naf, bits);
{% elif scalarmult.direction == ProcessingDirection.RTL %}
- point_t *q = scalar_mult_rtl(point, neg, curve, naf);
+ point_t *q = scalar_mult_rtl(point, neg, curve, naf, bits);
{% endif %}
free(naf->data);
diff --git a/pyecsca/codegen/templates/mult_wnaf.c b/pyecsca/codegen/templates/mult_wnaf.c
index 3c5f2b2..c9228fb 100644
--- a/pyecsca/codegen/templates/mult_wnaf.c
+++ b/pyecsca/codegen/templates/mult_wnaf.c
@@ -26,7 +26,7 @@ static void scalar_mult_inner(bn_t *scalar, point_t *point, curve_t *curve, poin
wnaf_t *naf = bn_wnaf(scalar, {{ scalarmult.width }});
- for (long i = naf->length - 1; i >= 0; i--) {
+ for (long i = 0; i < naf->length; i++) {
point_dbl(q, curve, q);
int8_t val = naf->data[i];
if (val > 0) {
generated by cgit v1.3 (git 2.53.0) at 2026-05-14 05:39:50 +0000