From 2488e4b33ad3e9625e15a1bfec6effce25e88e6d Mon Sep 17 00:00:00 2001 From: hasufell Date: Sun, 20 Apr 2014 19:50:49 +0200 Subject: [PATCH 1/7] MEM: introduce our own ntru_malloc() function Use this instead of malloc(). --- src/mem.c | 48 ++++++++++++++++++++++++++++++++++++++++++++++++ src/mem.h | 29 +++++++++++++++++++++++++++++ src/poly.c | 3 ++- 3 files changed, 79 insertions(+), 1 deletion(-) create mode 100644 src/mem.c create mode 100644 src/mem.h diff --git a/src/mem.c b/src/mem.c new file mode 100644 index 0000000..7a63f58 --- /dev/null +++ b/src/mem.c @@ -0,0 +1,48 @@ +/* + * Copyright (C) 2014 FH Bielefeld + * + * This file is part of a FH Bielefeld project. + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 2.1 of the License, or (at your option) any later version. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this library; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, + * MA 02110-1301 USA + */ + +#include "mem.h" + +#include +#include + + +/** + * Allocate memory of size and return + * a void pointer. + * + * @param size of the memory to allocate in bytes + * @return void pointer to the beginning of the allocated memory block + */ +void *ntru_malloc(size_t size) +{ + void *ptr; + + ptr = malloc(size); + + if (size) + if (!ptr) { + fprintf(stderr, "failed to allocate memory, aborting!"); + abort(); + } + + return ptr; +} diff --git a/src/mem.h b/src/mem.h new file mode 100644 index 0000000..eabe1e9 --- /dev/null +++ b/src/mem.h @@ -0,0 +1,29 @@ +/* + * Copyright (C) 2014 FH Bielefeld + * + * This file is part of a FH Bielefeld project. + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 2.1 of the License, or (at your option) any later version. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this library; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, + * MA 02110-1301 USA + */ + +#ifndef NTRU_MEM_H +#define NTRU_MEM_H + +#include + +void *ntru_malloc(size_t size); + +#endif /* NTRU_MEM_H */ diff --git a/src/poly.c b/src/poly.c index e4c1d43..05b2522 100644 --- a/src/poly.c +++ b/src/poly.c @@ -21,6 +21,7 @@ #include "context.h" #include "err.h" +#include "mem.h" #include "poly.h" #include @@ -108,7 +109,7 @@ pb_poly *build_polynom(int const * const c, pb_poly *new_poly; mp_int chara; - new_poly = malloc(sizeof(*new_poly)); + new_poly = ntru_malloc(sizeof(*new_poly)); init_integer(&chara); init_polynom_size(new_poly, &chara, len); mp_clear(&chara); From e33bd66d05b0d4e45309175a507863dae838ab82 Mon Sep 17 00:00:00 2001 From: hasufell Date: Sun, 20 Apr 2014 19:51:45 +0200 Subject: [PATCH 2/7] BUILD: update Makefile for mem.o --- src/Makefile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/Makefile b/src/Makefile index 9d0df37..6fc357d 100644 --- a/src/Makefile +++ b/src/Makefile @@ -37,8 +37,8 @@ endif LIBS += -L. # objects -PQC_OBJS = rand.o poly.o -PQC_HEADERS = err.h rand.h poly.h context.h +PQC_OBJS = rand.o poly.o keypair.o mem.o +PQC_HEADERS = err.h rand.h poly.h context.h keypair.h # CUNIT_OBJS = cunit.o # includes From 6594a022fe7e73f9d01cb71ddc1d2832c16a09e9 Mon Sep 17 00:00:00 2001 From: hasufell Date: Sun, 20 Apr 2014 19:53:30 +0200 Subject: [PATCH 3/7] POLY: use our MACROS for error handling All mp_* and pb_* functions that return an error code should only be called via a MACRO which handles the error. --- src/poly.c | 20 ++++++++++---------- src/poly.h | 26 ++++++++++++++++++++++++++ 2 files changed, 36 insertions(+), 10 deletions(-) diff --git a/src/poly.c b/src/poly.c index 05b2522..f7cacec 100644 --- a/src/poly.c +++ b/src/poly.c @@ -127,14 +127,14 @@ pb_poly *build_polynom(int const * const c, unsigned_c = c[i]; } - mp_set_int(&(new_poly->terms[i]), unsigned_c); + MP_SET_INT(&(new_poly->terms[i]), unsigned_c); if (sign == true) mp_neg(&(new_poly->terms[i]), &(new_poly->terms[i])); } } else { /* fill with zeros */ for (unsigned int i = 0; i < len; i++) - mp_set(&(new_poly->terms[i]), 0); + MP_SET(&(new_poly->terms[i]), 0); } new_poly->used = len; @@ -151,7 +151,7 @@ pb_poly *build_polynom(int const * const c, void erase_polynom(pb_poly *poly, size_t len) { for (unsigned int i = 0; i < len ; i++) { - mp_set(&(poly->terms[i]), 0); + MP_SET(&(poly->terms[i]), 0); mp_abs(&(poly->terms[i]), &(poly->terms[i])); } } @@ -190,7 +190,7 @@ void pb_starmultiply(pb_poly *a, mp_int mp_modulus; init_integer(&mp_modulus); - mp_set_int(&mp_modulus, (unsigned long)(modulus)); + MP_SET_INT(&mp_modulus, (unsigned long)(modulus)); /* avoid side effects */ a_tmp = build_polynom(NULL, ctx->N, ctx); @@ -276,14 +276,14 @@ bool pb_inverse_poly_q(pb_poly * const a, pb_poly *a_tmp, *b, *c, *f, *g; b = build_polynom(NULL, ctx->N + 1, ctx); - mp_set(&(b->terms[0]), 1); + MP_SET(&(b->terms[0]), 1); c = build_polynom(NULL, ctx->N + 1, ctx); f = build_polynom(NULL, ctx->N + 1, ctx); PB_COPY(a, f); g = build_polynom(NULL, ctx->N + 1, ctx); - mp_set(&(g->terms[0]), 1); + MP_SET(&(g->terms[0]), 1); mp_neg(&(g->terms[0]), &(g->terms[0])); - mp_set(&(g->terms[ctx->N]), 1); + MP_SET(&(g->terms[ctx->N]), 1); /* avoid side effects */ a_tmp = build_polynom(NULL, ctx->N, ctx); PB_COPY(a, a_tmp); @@ -295,8 +295,8 @@ bool pb_inverse_poly_q(pb_poly * const a, MP_COPY(&(f->terms[i]), &(f->terms[i - 1])); MP_COPY(&(c->terms[ctx->N - i]), &(c->terms[ctx->N + 1 - i])); } - mp_set(&(f->terms[ctx->N]), 0); - mp_set(&(c->terms[0]), 0); + MP_SET(&(f->terms[ctx->N]), 0); + MP_SET(&(c->terms[0]), 0); k++; } @@ -348,7 +348,7 @@ OUT_OF_LOOP: if (mp_cmp_d(&(Fq->terms[i]), 0) == MP_LT) { mp_int mp_tmp; init_integer(&mp_tmp); - mp_set_int(&mp_tmp, ctx->q); + MP_SET_INT(&mp_tmp, ctx->q); MP_ADD(&(Fq->terms[i]), &mp_tmp, &(Fq->terms[i])); mp_clear(&mp_tmp); } diff --git a/src/poly.h b/src/poly.h index f60ab26..4d9aa04 100644 --- a/src/poly.h +++ b/src/poly.h @@ -30,6 +30,16 @@ #include #include +#define MP_SET(...) mp_set(__VA_ARGS__) + +#define MP_SET_INT(...) \ +{ \ + int result; \ + if ((result = mp_set_int(__VA_ARGS__)) != MP_OKAY) \ + NTRU_ABORT("Error setting long constant. %s", \ + mp_error_to_string(result)); \ +} + #define MP_MUL(...) \ { \ int result; \ @@ -86,6 +96,22 @@ mp_error_to_string(result)); \ } +#define MP_EXPTMOD(...) \ +{ \ + int result; \ + if ((result = mp_exptmod(__VA_ARGS__)) != MP_OKAY) \ + NTRU_ABORT("Error computing modular exponentiation. %s", \ + mp_error_to_string(result)); \ +} + +#define MP_EXPT_D(...) \ +{ \ + int result; \ + if ((result = mp_expt_d(__VA_ARGS__)) != MP_OKAY) \ + NTRU_ABORT("Error computing modular exponentiation. %s", \ + mp_error_to_string(result)); \ +} + #define PB_MUL(...) \ { \ int result; \ From 320af3c6178dc9e9963d4f79b8ecad5da67d05a8 Mon Sep 17 00:00:00 2001 From: hasufell Date: Sun, 20 Apr 2014 19:55:30 +0200 Subject: [PATCH 4/7] POLY: introduce delete_polynom_multi() Just a wrapper around delete_polynom() to handle multiple args. Must be called with NULL as last argument! --- src/poly.c | 31 ++++++++++++++++++++++++++----- src/poly.h | 3 +++ 2 files changed, 29 insertions(+), 5 deletions(-) diff --git a/src/poly.c b/src/poly.c index f7cacec..7f5ffcc 100644 --- a/src/poly.c +++ b/src/poly.c @@ -24,6 +24,7 @@ #include "mem.h" #include "poly.h" +#include #include #include #include @@ -170,6 +171,30 @@ void delete_polynom(pb_poly *poly) free(poly); } +/** + * This deletes the internal structure of all polynomials, + * and frees the pointers. Don't call this on stack variables, + * this is intended for use after ntru_ functions, that + * return a polynomial pointer. + * You must call this with NULL as last argument! + * + * @param poly the polynomial to delete + * @param ... follow up polynomials + */ +void delete_polynom_multi(pb_poly *poly, ...) +{ + pb_poly *next_poly; + va_list args; + + next_poly = poly; + va_start(args, poly); + while (next_poly != NULL) { + delete_polynom(next_poly); + next_poly = va_arg(args, pb_poly*); + } + va_end(args); +} + /** * Starmultiplication, as follows: * c = a * b mod (x^N − 1) @@ -353,11 +378,7 @@ OUT_OF_LOOP: mp_clear(&mp_tmp); } - delete_polynom(a_tmp); - delete_polynom(b); - delete_polynom(c); - delete_polynom(f); - delete_polynom(g); + delete_polynom_multi(a_tmp, b, c, f, g, NULL); /* TODO: check if the f * Fq = 1 (mod p) condition holds true */ diff --git a/src/poly.h b/src/poly.h index 4d9aa04..77a9b54 100644 --- a/src/poly.h +++ b/src/poly.h @@ -28,6 +28,7 @@ #include #include +#include #include #define MP_SET(...) mp_set(__VA_ARGS__) @@ -164,6 +165,8 @@ void erase_polynom(pb_poly *poly, size_t len); void delete_polynom(pb_poly *new_poly); +void delete_polynom_multi(pb_poly *poly, ...); + void pb_starmultiply(pb_poly *a, pb_poly *b, pb_poly *c, From 1231328e5163cfa155319c55213c0c12218f01d8 Mon Sep 17 00:00:00 2001 From: hasufell Date: Sun, 20 Apr 2014 19:57:45 +0200 Subject: [PATCH 5/7] POLY: add pb_mod2_to_modq() This should make pb_inverse_poly_q() a bit more readable. TODO: make the algorithm more descriptive in general. --- src/poly.c | 65 +++++++++++++++++++++++++++++++++++------------------- 1 file changed, 42 insertions(+), 23 deletions(-) diff --git a/src/poly.c b/src/poly.c index 7f5ffcc..2c69ebe 100644 --- a/src/poly.c +++ b/src/poly.c @@ -36,6 +36,9 @@ * static declarations */ static unsigned int get_degree(pb_poly const * const poly); +static void pb_mod2_to_modq(pb_poly * const a, + pb_poly *Fq, + ntru_context *ctx); /** @@ -283,6 +286,43 @@ static unsigned int get_degree(pb_poly const * const poly) return count; } +/** + * Find the inverse polynomial modulo a power of 2, + * which is q. + * + * @param a polynomial to invert (is allowed to be the same as param Fq) + * @param Fq polynomial [out] + * @param ctx NTRU context + * @return true/false for success/failure + */ +static void pb_mod2_to_modq(pb_poly * const a, + pb_poly *Fq, + ntru_context *ctx) +{ + int v = 2; + + while (v < (int)(ctx->q)) { + pb_poly *pb_tmp, + *pb_tmp2; + mp_int tmp_v; + pb_tmp = build_polynom(NULL, ctx->N, ctx); + v = v * 2; + init_integer(&tmp_v); + MP_SET_INT(&tmp_v, v); + pb_tmp2 = build_polynom(NULL, ctx->N, ctx); + MP_SET_INT(&(pb_tmp2->terms[0]), 2); + + /* mod after sub or before? */ + pb_starmultiply(a, Fq, pb_tmp, ctx, v); + PB_SUB(pb_tmp2, pb_tmp, pb_tmp); + PB_MOD(pb_tmp, &tmp_v, pb_tmp, ctx->N); + pb_starmultiply(Fq, pb_tmp, Fq, ctx, v); + + mp_clear(&tmp_v); + delete_polynom_multi(pb_tmp, pb_tmp2, NULL); + } +} + /** * Invert the polynomial a modulo q. * @@ -296,8 +336,7 @@ bool pb_inverse_poly_q(pb_poly * const a, ntru_context *ctx) { int k = 0, - j = 0, - v = 2; + j = 0; pb_poly *a_tmp, *b, *c, *f, *g; b = build_polynom(NULL, ctx->N + 1, ctx); @@ -347,27 +386,7 @@ OUT_OF_LOOP: MP_COPY(&(b->terms[i]), &(Fq->terms[j])); } - while (v < (int)(ctx->q)) { - pb_poly *pb_tmp, - *pb_tmp2; - mp_int tmp_v; - pb_tmp = build_polynom(NULL, ctx->N, ctx); - v = v * 2; - init_integer(&tmp_v); - mp_set_int(&tmp_v, v); - pb_tmp2 = build_polynom(NULL, ctx->N, ctx); - mp_set_int(&(pb_tmp2->terms[0]), 2); - - /* hope this does not blow up in our face */ - pb_starmultiply(a_tmp, Fq, pb_tmp, ctx, v); - PB_SUB(pb_tmp2, pb_tmp, pb_tmp); - PB_MOD(pb_tmp, &tmp_v, pb_tmp, ctx->N); - pb_starmultiply(Fq, pb_tmp, Fq, ctx, v); - - mp_clear(&tmp_v); - delete_polynom(pb_tmp); - delete_polynom(pb_tmp2); - } + pb_mod2_to_modq(a_tmp, Fq, ctx); for (int i = ctx->N - 1; i >= 0; i--) if (mp_cmp_d(&(Fq->terms[i]), 0) == MP_LT) { From 12a54416fbebc2c2d8852d39d6f31e2da76739f9 Mon Sep 17 00:00:00 2001 From: hasufell Date: Sun, 20 Apr 2014 20:06:49 +0200 Subject: [PATCH 6/7] BUILD: ignore -Wunused-function... this is a library --- src/Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/Makefile b/src/Makefile index 6fc357d..1f2182f 100644 --- a/src/Makefile +++ b/src/Makefile @@ -4,7 +4,7 @@ PKG_CONFIG ?= pkg-config # flags CFLAGS ?= -march=native -O2 -pipe -CFLAGS += -std=c99 -pedantic -Wall -Wextra -Werror -Wno-unused-variable -Wno-unused-parameter +CFLAGS += -std=c99 -pedantic -Wall -Wextra -Werror -Wno-unused-variable -Wno-unused-parameter -Wno-unused-function ifeq ($(shell $(CC) -v 2>&1 | grep 'gcc version' &>/dev/null && echo 1),1) CFLAGS += -Wno-unused-but-set-variable endif From 6b15bd16140db66bfd404baaa3a1abe02284173b Mon Sep 17 00:00:00 2001 From: hasufell Date: Sun, 20 Apr 2014 20:58:02 +0200 Subject: [PATCH 7/7] DOC: fix doxygen comment in pb_mod2_to_modq() --- src/poly.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/src/poly.c b/src/poly.c index de7eaa0..c6f77f5 100644 --- a/src/poly.c +++ b/src/poly.c @@ -290,10 +290,9 @@ static unsigned int get_degree(pb_poly const * const poly) * Find the inverse polynomial modulo a power of 2, * which is q. * - * @param a polynomial to invert (is allowed to be the same as param Fq) + * @param a polynomial to invert * @param Fq polynomial [out] * @param ctx NTRU context - * @return true/false for success/failure */ static void pb_mod2_to_modq(pb_poly * const a, pb_poly *Fq,