Separate 64/32 tables

mirage · Feb 17, 2024 · 91e32ca · 91e32ca
1 parent dab05dc
commit 91e32ca
Show file tree

Hide file tree

Showing 16 changed files with 84,633 additions and 179,896 deletions.
diff --git a/ec/gen_tables/gen_tables.ml b/ec/gen_tables/gen_tables.ml
@@ -2,13 +2,14 @@ open Format
 
 let print_header name =
   printf
-    {|/*
-          Pre-computed multiples of the generator point G for the curve %s,
-          used for speeding up its scalar multiplication in point_operations.h.
+    {|
+/*
+      Pre-computed %d-bit multiples of the generator point G for the curve %s,
+      used for speeding up its scalar multiplication in point_operations.h.
 
-          Generated by %s, with tables for both 64-bit and 32-bit architectures.
-       */|}
-    name Sys.argv.(0)
+      Generated by %s
+*/|}
+    Sys.word_size name Sys.argv.(0)
 
 let pp_array elem_fmt fmt arr =
   let fout = fprintf fmt in
@@ -22,24 +23,15 @@ let pp_array elem_fmt fmt arr =
 
 let div_round_up a b = (a / b) + if a mod b = 0 then 0 else 1
 
-let _rev_str_bytes str =
-    let len = String.length str in
-    let bytes = Bytes.make len '\000' in
-    for i = 0 to len - 1 do
-        Bytes.set bytes i str.[len - i - 1]
-    done;
-    bytes
-
-let pp_string_words ~wordsize ~byte_length fmt str =
-  let limbs = div_round_up (byte_length * 8) wordsize in
+let pp_string_words ~wordsize fmt str =
   assert (String.length str * 8 mod wordsize = 0);
+  let limbs = String.length str * 8 / wordsize in
   (* Truncate at the beginning (little-endian) *)
-  let offset = String.length str mod limbs in
   let bytes = Bytes.unsafe_of_string str in
   (* let bytes = rev_str_bytes str in *)
   fprintf fmt "@[<2>{@\n";
   for i = 0 to limbs - 1 do
-    let index = (i * (wordsize / 8)) + offset in
+    let index = i * (wordsize / 8) in
     (if wordsize = 64 then
        let w = Bytes.get_int64_le bytes index in
        fprintf fmt "%#016Lx" w
@@ -64,23 +56,32 @@ let check_shape tables =
         x)
     tables
 
-let print_tables tables ~wordsize ~byte_length =
+let print_tables tables ~wordsize =
   let fe_len = String.length tables.(0).(0).(0) in
   printf "@[<2>static WORD generator_table[%d][15][3][LIMBS] = @," (fe_len * 2);
   pp_array
-    (pp_array (pp_array (pp_string_words ~wordsize ~byte_length)))
+    (pp_array (pp_array (pp_string_words ~wordsize)))
     std_formatter tables;
   printf "@];@,"
 
-let print_toplevel name (module P : Mirage_crypto_ec.Dh_dsa) =
-  let tables, byte_length = P.Dsa.Precompute.generator_tables () in
+let print_toplevel name wordsize (module P : Mirage_crypto_ec.Dh_dsa) =
+  let tables = P.Dsa.Precompute.generator_tables () in
+  assert (wordsize = Sys.word_size);
   check_shape tables;
   print_header name;
-  printf "@[<v>#ifdef ARCH_64BIT@,";
-  print_tables ~wordsize:64 ~byte_length tables;
-  printf "#else // 32-bit@,";
-  print_tables ~wordsize:32 ~byte_length tables;
-  printf "@]#endif@."
+  if wordsize = 64 then
+    printf
+      "@[<v>#ifndef ARCH_64BIT@,\
+       #error \"Cannot use 64-bit tables on a 32-bit architecture\"@,\
+       #endif@,\
+       @]"
+  else
+    printf
+      "@[<v>#ifdef ARCH_64BIT@,\
+       #error \"Cannot use 32-bit tables on a 64-bit architecture\"@,\
+       #endif@,\
+       @]";
+  print_tables ~wordsize tables
 
 let curves =
   Mirage_crypto_ec.
@@ -92,17 +93,21 @@ let curves =
     ]
 
 let usage () =
-  printf "Usage: gen_tables [%a]"
+  printf "Usage: gen_tables [%a] [64 | 32]@."
     (pp_print_list
        ~pp_sep:(fun fmt () -> pp_print_string fmt " | ")
        pp_print_string)
     (List.map fst curves)
 
 let go =
-  let name, curve =
-    try List.find (fun (name, _) -> name = Sys.argv.(1)) curves
+  let name, curve, wordsize =
+    try
+      let name, curve =
+        List.find (fun (name, _) -> name = Sys.argv.(1)) curves
+      in
+      (name, curve, int_of_string Sys.argv.(2))
     with _ ->
       usage ();
       exit 1
   in
-  print_toplevel name curve
+  print_toplevel name wordsize curve
diff --git a/ec/mirage_crypto_ec.ml b/ec/mirage_crypto_ec.ml
@@ -63,7 +63,7 @@ module type Dsa = sig
     val generate : key:priv -> Cstruct.t -> Cstruct.t
   end
   module Precompute : sig
-    val generator_tables : unit -> (string array array array * int)
+    val generator_tables : unit -> string array array array
   end
 end
 
@@ -428,7 +428,7 @@ module type Scalar = sig
   val to_octets : scalar -> string
   val scalar_mult : scalar -> point -> point
   val scalar_mult_base : scalar -> point
-  val generator_tables : unit -> (field_element array array array * int)
+  val generator_tables : unit -> field_element array array array
 end
 
 module Make_scalar (Param : Parameters) (P : Point) : Scalar = struct
@@ -483,7 +483,7 @@ module Make_scalar (Param : Parameters) (P : Point) : Scalar = struct
       base := P.double !base
     done;
     let convert {f_x; f_y; f_z} = [|f_x; f_y; f_z|] in
-    (Array.map (Array.map convert) table, Param.byte_length)
+    Array.map (Array.map convert) table
 end
 
 module Make_dh (Param : Parameters) (P : Point) (S : Scalar) : Dh = struct

diff --git a/ec/mirage_crypto_ec.mli b/ec/mirage_crypto_ec.mli
@@ -135,11 +135,10 @@ module type Dsa = sig
   (** Operations to precompute useful data meant to be hardcoded in
       [mirage-crypto-ec] before compilation *)
   module Precompute : sig
-    val generator_tables : unit -> (string array array array * int)
+    val generator_tables : unit -> string array array array
     (** Return an array of shape (Fe_length * 2, 15, 3) containing multiples of
         the generator point for the curve. Useful only to bootstrap tables
-        necessary for scalar multiplication. Returns the tables and the number
-        of significant bytes for each element.*)
+        necessary for scalar multiplication. *)
   end
 end
 

diff --git a/ec/native/GNUmakefile b/ec/native/GNUmakefile
@@ -34,12 +34,16 @@ np224_64.h:
 np224_32.h:
 	$(WBW_MONT) np224 32 $(P224N) $(N_FUNCS) > $@
 
-.PHONY: p224_tables.h
-p224_tables.h:
-	$(GEN_TABLE) p224 > $@
+.PHONY: p224_tables_64.h
+p224_tables_64.h:
+	$(GEN_TABLE) p224 64 > $@
+
+.PHONY: p224_tables_32.h
+p224_tables_32.h:
+	$(GEN_TABLE) p224 32 > $@
 
 .PHONY: p224
-p224: p224_64.h p224_32.h np224_64.h np224_32.h p224_tables.h
+p224: p224_64.h p224_32.h np224_64.h np224_32.h p224_tables_64.h p224_tables_32.h
 
 
 # The NIST curve P-256 (AKA SECP256R1)
@@ -64,12 +68,16 @@ np256_64.h:
 np256_32.h:
 	$(WBW_MONT) np256 32 $(P256N) $(N_FUNCS) > $@
 
-.PHONY: p256_tables.h
-p256_tables.h:
-	$(GEN_TABLE) p256 > $@
+.PHONY: p256_tables_64.h
+p256_tables_64.h:
+	$(GEN_TABLE) p256 64 > $@
+
+.PHONY: p256_tables_32.h
+p256_tables_32.h:
+	$(GEN_TABLE) p256 32 > $@
 
 .PHONY: p256
-p256: p256_64.h p256_32.h np256_64.h np256_32.h p256_tables.h
+p256: p256_64.h p256_32.h np256_64.h np256_32.h p256_tables_64.h p256_tables_32.h
 
 # The NIST curve P-384 (AKA SECP384R1)
 P384="2^384 - 2^128 - 2^96 + 2^32 - 1"
@@ -93,12 +101,16 @@ np384_64.h:
 np384_32.h:
 	$(WBW_MONT) np384 32 $(P384N) $(N_FUNCS) > $@
 
-.PHONY: p384_tables.h
-p384_tables.h:
-	$(GEN_TABLE) p384 > $@
+.PHONY: p384_tables_64.h
+p384_tables_64.h:
+	$(GEN_TABLE) p384 64 > $@
+
+.PHONY: p384_tables_32.h
+p384_tables_32.h:
+	$(GEN_TABLE) p384 32 > $@
 
 .PHONY: p384
-p384: p384_64.h p384_32.h np384_64.h np384_32.h p384_tables.h
+p384: p384_64.h p384_32.h np384_64.h np384_32.h p384_tables_64.h p384_tables_32.h
 
 # The NIST curve P-521 (AKA SECP521R1)
 P521="2^521 - 1"
@@ -122,12 +134,16 @@ np521_64.h:
 np521_32.h:
 	$(WBW_MONT) np521 32 $(P521N) $(N_FUNCS) > $@
 
-.PHONY: p521_tables.h
-p521_tables.h:
-	$(GEN_TABLE) p521 > $@
+.PHONY: p521_tables_64.h
+p521_tables_64.h:
+	$(GEN_TABLE) p521 64 > $@
+
+.PHONY: p521_tables_32.h
+p521_tables_32.h:
+	$(GEN_TABLE) p521 32 > $@
 
 .PHONY: p521
-p521: p521_64.h p521_32.h np521_64.h np521_32.h p521_tables.h
+p521: p521_64.h p521_32.h np521_64.h np521_32.h p521_tables_64.h p521_tables_32.h
 
 # 25519
 25519="2^255 - 19"
@@ -148,9 +164,13 @@ curve25519: curve25519_64.h curve25519_32.h
 .PHONY: clean
 clean:
 	$(RM) p224_32.h p224_64.h np224_32.h np224_64.h
+	$(RM) p224_tables_32.h p224_tables_64.h
 	$(RM) p256_32.h p256_64.h np256_32.h np256_64.h
+	$(RM) p256_tables_32.h p256_tables_64.h
 	$(RM) p384_32.h p384_64.h np384_32.h np384_64.h
+	$(RM) p384_tables_32.h p384_tables_64.h
 	$(RM) p521_32.h p521_64.h np521_32.h np521_64.h
+	$(RM) p521_tables_32.h p521_tables_64.h
 	$(RM) curve25519_32.h curve25519_64.h
 
 .PHONY: all

diff --git a/ec/native/p224_stubs.c b/ec/native/p224_stubs.c
@@ -5,18 +5,19 @@
 #define LIMBS 4
 #define WORD uint64_t
 #define WORDSIZE 64
+#include "p224_tables_64.h"
 #else
 #include "p224_32.h"
 #define LIMBS 7
 #define WORD uint32_t
 #define WORDSIZE 32
+#include "p224_tables_32.h"
 #endif
 
 #define LEN_PRIME 224
 #define CURVE_DESCRIPTION fiat_p224
 
 #include "inversion_template.h"
-#include "p224_tables.h"
 #include "point_operations.h"
 
 #include <caml/memory.h>