codex-storage
/
constantine
mirror of https://github.com/codex-storage/constantine.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Travis CI (#14) 

* add Travis config for x86_64 and ARM64

* Add Travis badge

* add stew test dependency

* comment out unused 64-bit word extended precision arithmetic for ARM CI
This commit is contained in:
Mamy Ratsimbazafy 2020-02-23 17:56:43 +01:00 committed by GitHub
parent 5f91751328
commit acbb0f57f7
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 216 additions and 106 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

96
.travis.yml Normal file
View File

@ -0,0 +1,96 @@
# Travis config for Constantine
language: c
cache:
directories:
- nim-devel
- nim-stable
matrix:
include:
# Constantine only works with Nim devel
# Build and test using both gcc and clang
# Build and test on both x86-64 and ARM64
- os: linux
arch: amd64
env:
- ARCH=amd64
- CHANNEL=devel
compiler: gcc
- os: linux
arch: arm64
env:
- ARCH=arm64
- CHANNEL=devel
compiler: gcc
- os: linux
arch: amd64
env:
- ARCH=amd64
- CHANNEL=devel
compiler: clang
# On OSX we only test against clang (gcc is mapped to clang by default)
- os: osx
arch: amd64
env:
- ARCH=amd64
- CHANNEL=devel
compiler: clang
fast_finish: true
# Submodules are only for benchmarks, don't clone them
git:
submodules: false
addons:
apt:
packages:
- libgmp-dev
homebrew:
packages:
- gmp
before_install:
- |
if [ "${CHANNEL}" = stable ]; then
BRANCH="v$(curl https://nim-lang.org/channels/stable)"
else
BRANCH="${CHANNEL}"
fi
install:
# Detect caching of Nim compiler
- |
if [ ! -x "nim-${CHANNEL}/bin/nim" ]; then
git clone -b "${BRANCH}" https://github.com/nim-lang/nim "nim-${CHANNEL}/"
pushd "nim-${CHANNEL}"
git clone --depth 1 https://github.com/nim-lang/csources csources/
pushd csources
sh build.sh
popd
rm -rf csources
bin/nim c koch
./koch boot -d:release
./koch tools
else
pushd "nim-${CHANNEL}"
git fetch origin "${BRANCH}"
if [[ $(git merge FETCH_HEAD | grep -c "Already up to date.") -ne 1 ]]; then
bin/nim c koch
./koch boot -d:release
./koch tools
fi
fi
popd
before_script:
- export PATH="$PWD/nim-${CHANNEL}/bin${PATH:+:$PATH}"
script:
- nimble refresh
- nimble install gmp stew
- nimble test
branches:
except:
- gh-pages

2
README.md
View File

@ -4,6 +4,8 @@
[![License: MIT](https://img.shields.io/badge/License-MIT-blue.svg)](https://opensource.org/licenses/MIT)
![Stability: experimental](https://img.shields.io/badge/stability-experimental-orange.svg)
[![Build Status: Travis](https://img.shields.io/travis/com/mratsim/constantine/master?label=Travis%20%28Linux%20x86_64%2FARM64,%20MacOS%20x86_64%29)](https://travis-ci.com/mratsim/constantine)
This library provides constant-time implementation of elliptic curve cryptography.
> Warning ⚠️: The library is in development state and cannot be used at the moment

222
constantine/primitives/extended_precision.nim
View File

@ -14,117 +14,16 @@
import ./constant_time
func asm_x86_64_extMul(hi, lo: var uint64, a, b: uint64) {.inline.}=
## Extended precision multiplication uint64 * uint64 --> uint128
# TODO !!! - Replace by constant-time, portable, non-assembly version
# -> use uint128? Compiler might add unwanted branches
# MUL r/m64
# Multiply RAX by r/m64
# ############################################################
#
# Inputs:
# - RAX
# - r/m
# Outputs:
# - High word in RDX
# - Low word in RAX
# Don't forget to dereference the var hidden pointer in hi/lo
asm """
mulq %[operand]
: "=d" (`*hi`), "=a" (`*lo`)
: "a" (`a`), [operand] "rm" (`b`)
:
"""
func unsafeExtPrecMul*(hi, lo: var Ct[uint64], a, b: Ct[uint64]) {.inline.}=
## Extended precision multiplication uint64 * uint64 --> uint128
##
## TODO, at the moment only x86_64 architecture are supported
## as we use assembly.
## Also we assume that the native integer division
## provided by the PU is constant-time
# Note, using C/Nim default `*` is inefficient
# and complicated to make constant-time
# See at the bottom.
type T = uint64
when not defined(amd64):
{.error: "At the moment only x86_64 architecture is supported".}
else:
asm_x86_64_extMul(T(hi), T(lo), T(a), T(b))
# 32-bit words
#
# ############################################################
template unsafeExtPrecMul*(a, b: Ct[uint32]): Ct[uint64] =
## Extended precision multiplication uint32 * uint32 --> uint64
Ct[uint64](uint64(a) * uint64(b))
func asm_x86_64_div2n1n(q, r: var uint64, n_hi, n_lo, d: uint64) {.inline.}=
## Division uint128 by uint64
## Warning ⚠️ :
## - if n_hi == d, quotient does not fit in an uint64
## - if n_hi > d result is undefined
# TODO !!! - Replace by constant-time, portable, non-assembly version
# -> use uint128? Compiler might add unwanted branches
# DIV r/m64
# Divide RDX:RAX (n_hi:n_lo) by r/m64
#
# Inputs
# - numerator high word in RDX,
# - numerator low word in RAX,
# - divisor as r/m parameter (register or memory at the compiler discretion)
# Result
# - Quotient in RAX
# - Remainder in RDX
# 1. name the register/memory "divisor"
# 2. don't forget to dereference the var hidden pointer
# 3. -
# 4. no clobbered registers beside explectly used RAX and RDX
asm """
divq %[divisor]
: "=a" (`*q`), "=d" (`*r`)
: "d" (`n_hi`), "a" (`n_lo`), [divisor] "rm" (`d`)
:
"""
func unsafeDiv2n1n*(q, r: var Ct[uint64], n_hi, n_lo, d: Ct[uint64]) {.inline.}=
## Division uint128 by uint64
## Warning ⚠️ :
## - if n_hi == d, quotient does not fit in an uint64
## - if n_hi > d result is undefined
##
## To avoid issues, n_hi, n_lo, d should be normalized.
## i.e. shifted (== multiplied by the same power of 2)
## so that the most significant bit in d is set.
##
## TODO, at the moment only x86_64 architecture are supported
## as we use assembly.
## Also we assume that the native integer division
## provided by the PU is constant-time
# Note, using C/Nim default `div` is inefficient
# and complicated to make constant-time
# See at the bottom.
#
# Furthermore compilers may try to substitute division
# with a fast path that may have branches. It might also
# be the same at the hardware level.
# TODO !!! - Replace by constant-time, portable, non-assembly version
# -> use uint128? Compiler might add unwanted branches
type T = uint64
when not defined(amd64):
{.error: "At the moment only x86_64 architecture is supported".}
else:
asm_x86_64_div2n1n(T(q), T(r), T(n_hi), T(n_lo), T(d))
func unsafeDiv2n1n*(q, r: var Ct[uint32], n_hi, n_lo, d: Ct[uint32]) {.inline.}=
## Division uint64 by uint32
## Warning ⚠️ :
@ -141,6 +40,119 @@ func unsafeDiv2n1n*(q, r: var Ct[uint32], n_hi, n_lo, d: Ct[uint32]) {.inline.}=
q = (Ct[uint32])(dividend div divisor)
r = (Ct[uint32])(dividend mod divisor)
# ############################################################
#
# 64-bit words
#
# ############################################################
# func asm_x86_64_extMul(hi, lo: var uint64, a, b: uint64) {.inline.}=
# ## Extended precision multiplication uint64 * uint64 --> uint128
# # TODO !!! - Replace by constant-time, portable, non-assembly version
# # -> use uint128? Compiler might add unwanted branches
# # MUL r/m64
# # Multiply RAX by r/m64
# #
# # Inputs:
# # - RAX
# # - r/m
# # Outputs:
# # - High word in RDX
# # - Low word in RAX
# # Don't forget to dereference the var hidden pointer in hi/lo
# asm """
# mulq %[operand]
# : "=d" (`*hi`), "=a" (`*lo`)
# : "a" (`a`), [operand] "rm" (`b`)
# :
# """
# func unsafeExtPrecMul*(hi, lo: var Ct[uint64], a, b: Ct[uint64]) {.inline.}=
# ## Extended precision multiplication uint64 * uint64 --> uint128
# ##
# ## TODO, at the moment only x86_64 architecture are supported
# ## as we use assembly.
# ## Also we assume that the native integer division
# ## provided by the PU is constant-time
# # Note, using C/Nim default `*` is inefficient
# # and complicated to make constant-time
# # See at the bottom.
# type T = uint64
# when not defined(amd64):
# {.error: "At the moment only x86_64 architecture is supported".}
# else:
# asm_x86_64_extMul(T(hi), T(lo), T(a), T(b))
# func asm_x86_64_div2n1n(q, r: var uint64, n_hi, n_lo, d: uint64) {.inline.}=
# ## Division uint128 by uint64
# ## Warning ⚠️ :
# ## - if n_hi == d, quotient does not fit in an uint64
# ## - if n_hi > d result is undefined
# # TODO !!! - Replace by constant-time, portable, non-assembly version
# # -> use uint128? Compiler might add unwanted branches
# # DIV r/m64
# # Divide RDX:RAX (n_hi:n_lo) by r/m64
# #
# # Inputs
# # - numerator high word in RDX,
# # - numerator low word in RAX,
# # - divisor as r/m parameter (register or memory at the compiler discretion)
# # Result
# # - Quotient in RAX
# # - Remainder in RDX
# # 1. name the register/memory "divisor"
# # 2. don't forget to dereference the var hidden pointer
# # 3. -
# # 4. no clobbered registers beside explectly used RAX and RDX
# asm """
# divq %[divisor]
# : "=a" (`*q`), "=d" (`*r`)
# : "d" (`n_hi`), "a" (`n_lo`), [divisor] "rm" (`d`)
# :
# """
# func unsafeDiv2n1n*(q, r: var Ct[uint64], n_hi, n_lo, d: Ct[uint64]) {.inline.}=
# ## Division uint128 by uint64
# ## Warning ⚠️ :
# ## - if n_hi == d, quotient does not fit in an uint64
# ## - if n_hi > d result is undefined
# ##
# ## To avoid issues, n_hi, n_lo, d should be normalized.
# ## i.e. shifted (== multiplied by the same power of 2)
# ## so that the most significant bit in d is set.
# ##
# ## TODO, at the moment only x86_64 architecture are supported
# ## as we use assembly.
# ## Also we assume that the native integer division
# ## provided by the PU is constant-time
# # Note, using C/Nim default `div` is inefficient
# # and complicated to make constant-time
# # See at the bottom.
# #
# # Furthermore compilers may try to substitute division
# # with a fast path that may have branches. It might also
# # be the same at the hardware level.
# # TODO !!! - Replace by constant-time, portable, non-assembly version
# # -> use uint128? Compiler might add unwanted branches
# type T = uint64
# when not defined(amd64):
# {.error: "At the moment only x86_64 architecture is supported".}
# else:
# asm_x86_64_div2n1n(T(q), T(r), T(n_hi), T(n_lo), T(d))
when isMainModule:
block: # Multiplication
var hi, lo: uint64