Skip to content

Commit

Permalink
Merge branch 'dalek-cryptography:main' into main
Browse files Browse the repository at this point in the history
  • Loading branch information
jmwample authored Jul 26, 2024
2 parents 08534b4 + 35e78b2 commit b98883e
Show file tree
Hide file tree
Showing 6 changed files with 26 additions and 20 deletions.
10 changes: 10 additions & 0 deletions curve25519-dalek/Cargo.toml
Original file line number Diff line number Diff line change
Expand Up @@ -71,3 +71,13 @@ group-bits = ["group", "ff/bits"]

[target.'cfg(all(not(curve25519_dalek_backend = "fiat"), not(curve25519_dalek_backend = "serial"), target_arch = "x86_64"))'.dependencies]
curve25519-dalek-derive = { version = "0.1", path = "../curve25519-dalek-derive" }

[lints.rust.unexpected_cfgs]
level = "warn"
check-cfg = [
'cfg(allow_unused_unsafe)',
'cfg(curve25519_dalek_backend, values("fiat", "serial", "simd"))',
'cfg(curve25519_dalek_diagnostics, values("build"))',
'cfg(curve25519_dalek_bits, values("32", "64"))',
'cfg(nightly)',
]
15 changes: 7 additions & 8 deletions curve25519-dalek/src/backend/serial/u32/scalar.rs
Original file line number Diff line number Diff line change
Expand Up @@ -12,7 +12,7 @@

use core::fmt::Debug;
use core::ops::{Index, IndexMut};
use subtle::BlackBox;
use subtle::{Choice, ConditionallySelectable};

#[cfg(feature = "zeroize")]
use zeroize::Zeroize;
Expand Down Expand Up @@ -187,23 +187,22 @@ impl Scalar29 {
/// Compute `a - b` (mod l).
pub fn sub(a: &Scalar29, b: &Scalar29) -> Scalar29 {
let mut difference = Scalar29::ZERO;
let mask = BlackBox::new((1u32 << 29) - 1);
let mask = (1u32 << 29) - 1;

// a - b
let mut borrow: u32 = 0;
for i in 0..9 {
borrow = a[i].wrapping_sub(b[i] + (borrow >> 31));
difference[i] = borrow & mask.get();
difference[i] = borrow & mask;
}

// conditionally add l if the difference is negative
let underflow_mask = BlackBox::new(((borrow >> 31) ^ 1).wrapping_sub(1));
let mut carry: u32 = 0;
for i in 0..9 {
// SECURITY: `BlackBox` prevents LLVM from inserting a `jns` conditional on x86(_64)
// which can be used to bypass this section when `underflow_mask` is zero.
carry = (carry >> 29) + difference[i] + (constants::L[i] & underflow_mask.get());
difference[i] = carry & mask.get();
let underflow = Choice::from((borrow >> 31) as u8);
let addend = u32::conditional_select(&0, &constants::L[i], underflow);
carry = (carry >> 29) + difference[i] + addend;
difference[i] = carry & mask;
}

difference
Expand Down
15 changes: 7 additions & 8 deletions curve25519-dalek/src/backend/serial/u64/scalar.rs
Original file line number Diff line number Diff line change
Expand Up @@ -13,7 +13,7 @@

use core::fmt::Debug;
use core::ops::{Index, IndexMut};
use subtle::BlackBox;
use subtle::{Choice, ConditionallySelectable};

#[cfg(feature = "zeroize")]
use zeroize::Zeroize;
Expand Down Expand Up @@ -176,23 +176,22 @@ impl Scalar52 {
/// Compute `a - b` (mod l)
pub fn sub(a: &Scalar52, b: &Scalar52) -> Scalar52 {
let mut difference = Scalar52::ZERO;
let mask = BlackBox::new((1u64 << 52) - 1);
let mask = (1u64 << 52) - 1;

// a - b
let mut borrow: u64 = 0;
for i in 0..5 {
borrow = a[i].wrapping_sub(b[i] + (borrow >> 63));
difference[i] = borrow & mask.get();
difference[i] = borrow & mask;
}

// conditionally add l if the difference is negative
let underflow_mask = BlackBox::new(((borrow >> 63) ^ 1).wrapping_sub(1));
let mut carry: u64 = 0;
for i in 0..5 {
// SECURITY: `BlackBox` prevents LLVM from inserting a `jns` conditional on x86(_64)
// which can be used to bypass this section when `underflow_mask` is zero.
carry = (carry >> 52) + difference[i] + (constants::L[i] & underflow_mask.get());
difference[i] = carry & mask.get();
let underflow = Choice::from((borrow >> 63) as u8);
let addend = u64::conditional_select(&0, &constants::L[i], underflow);
carry = (carry >> 52) + difference[i] + addend;
difference[i] = carry & mask;
}

difference
Expand Down
2 changes: 1 addition & 1 deletion curve25519-dalek/src/backend/vector/ifma/edwards.rs
Original file line number Diff line number Diff line change
Expand Up @@ -249,7 +249,7 @@ impl<'a> From<&'a edwards::EdwardsPoint> for NafLookupTable8<CachedPoint> {
}
}

#[cfg(target_feature = "avx512ifma,avx512vl")]
#[cfg(all(target_feature = "avx512ifma", target_feature = "avx512vl"))]
#[cfg(test)]
mod test {
use super::*;
Expand Down
2 changes: 1 addition & 1 deletion curve25519-dalek/src/backend/vector/ifma/field.rs
Original file line number Diff line number Diff line change
Expand Up @@ -629,7 +629,7 @@ impl<'a, 'b> Mul<&'b F51x4Reduced> for &'a F51x4Reduced {
}
}

#[cfg(target_feature = "avx512ifma,avx512vl")]
#[cfg(all(target_feature = "avx512ifma", target_feature = "avx512vl"))]
#[cfg(test)]
mod test {
use super::*;
Expand Down
2 changes: 0 additions & 2 deletions curve25519-dalek/src/lib.rs
Original file line number Diff line number Diff line change
Expand Up @@ -42,8 +42,6 @@
unused_lifetimes,
unused_qualifications
)]
// Requires MSRV 1.77 as it does not allow build.rs gating
#![allow(unexpected_cfgs)]

//------------------------------------------------------------------------
// External dependencies:
Expand Down

0 comments on commit b98883e

Please sign in to comment.