Merge branch 'main' into symbol-asm

Author: dfaranha

.github/workflows/cifuzz.yml

@@ -0,0 +1,26 @@
+name: CIFuzz
+on: [pull_request]
+jobs:
+  Fuzzing:
+    runs-on: ubuntu-latest
+    steps:
+    - name: Build Fuzzers
+      id: build
+      uses: google/oss-fuzz/infra/cifuzz/actions/build_fuzzers@master
+      with:
+        oss-fuzz-project-name: 'relic'
+        dry-run: false
+        language: c++
+    - name: Run Fuzzers
+      uses: google/oss-fuzz/infra/cifuzz/actions/run_fuzzers@master
+      with:
+        oss-fuzz-project-name: 'relic'
+        fuzz-seconds: 300
+        dry-run: false
+        language: c++
+    - name: Upload Crash
+      uses: actions/upload-artifact@v3
+      if: failure() && steps.build.outcome == 'success'
+      with:
+        name: artifacts
+        path: ./out/artifacts

.github/workflows/codeql.yml

@@ -0,0 +1,41 @@
+name: "CodeQL"
+
+on:
+  push:
+    branches: [ "main" ]
+  pull_request:
+    branches: [ "main" ]
+  schedule:
+    - cron: "54 0 * * 1"
+
+jobs:
+  analyze:
+    name: Analyze
+    runs-on: ubuntu-latest
+    permissions:
+      actions: read
+      contents: read
+      security-events: write
+
+    strategy:
+      fail-fast: false
+      matrix:
+        language: [ cpp ]
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v3
+
+      - name: Initialize CodeQL
+        uses: github/codeql-action/init@v2
+        with:
+          languages: ${{ matrix.language }}
+          queries: +security-and-quality
+
+      - name: Autobuild
+        uses: github/codeql-action/autobuild@v2
+
+      - name: Perform CodeQL Analysis
+        uses: github/codeql-action/analyze@v2
+        with:
+          category: "/language:${{ matrix.language }}"

.github/workflows/multi.yml

@@ -48,6 +48,10 @@ jobs:
     steps:
       - uses: actions/checkout@v2
 
+      - name: Install Linux Dependencies
+        if: ${{ (runner.os == 'Linux') && (matrix.config.cc == 'clang') }}
+        run: sudo apt install libomp5 libomp-dev
+
       - name: Set Windows enviroment
         if: ${{ (runner.os == 'Windows') && (matrix.config.cc == 'cl') }}
         uses: ilammy/msvc-dev-cmd@v1

.indent.pro

@@ -62,3 +62,6 @@
 -T dis_t
 -T rsa_pub_t
 -T rsa_prv_t
+-T ers_t
+-T etrs_t
+-T smlers_t

CMakeLists.txt

@@ -71,7 +71,7 @@ message("   WITH=FP       Prime field arithmetic.")
 message("   WITH=FPX      Prime extension field arithmetic.")
 message("   WITH=FB       Binary field arithmetic.")
 message("   WITH=EP       Elliptic curves over prime fields.")
-message("   WITH=EPX      Elliptic curves over quadratic extensions of prime fields.")
+message("   WITH=EPX      Elliptic curves over extensions of prime fields.")
 message("   WITH=EB       Elliptic curves over binary fields.")
 message("   WITH=ED       Elliptic Edwards curves over prime fields.")
 message("   WTTH=EC       Elliptic curve cryptography.")
@@ -129,6 +129,15 @@ message(STATUS "Prefix to identify this build of the library (default = \"\"):\n
 
 message("   LABEL=relic\n")
 
+message(STATUS "Available switches (default = CHECK, VERBS, DOCUM):\n")
+
+message("   RLC_DEPTH=w    Width w in [2,8] of table for fixed exponentiation.")
+message("   RLC_WIDTH=w    Width w in [2,6] of table for exponentiation.\n")
+
+# Table sizes for exponentiation methods
+set(RLC_DEPTH "5" CACHE STRING "Width of precomputation table for fixed base exponentiation methods.")
+set(RLC_WIDTH "4" CACHE STRING "Width of window processing for general exponentiation methods.")
+
 include(cmake/arch.cmake)
 include(cmake/err.cmake)
 include(cmake/bn.cmake)

README.md

@@ -63,4 +63,4 @@ Starting from version 0.3.3, static linking and changes in the configuration or
 
 ### Disclaimer
 
-RELIC is at most alpha-quality software. Implementations may not be correct or secure and may include patented algorithms. There are *many* configuration options which make the library horribly insecure. Backward API compatibility with early versions may not necessarily be maintained. Use at your own risk.
+RELIC is at best alpha-quality software. Implementations may not be correct or secure and may include patented algorithms. There are *many* configuration options which make the library horribly insecure. Backward API compatibility with early versions may not necessarily be maintained. Use at your own risk.

bench/bench_bn.c

@@ -282,9 +282,10 @@ static void util(void) {
 
 static void arith(void) {
 	bn_t a, b, c, d[3], e[3];
+    bn_t t[16], u[16];
 	crt_t crt;
 	dig_t f;
-	int len;
+	size_t len;
 
 	bn_null(a);
 	bn_null(b);
@@ -300,6 +301,10 @@ static void arith(void) {
 		bn_new(d[j]);
 		bn_new(e[j]);
 	}
+	for (int i = 0; i < 16; ++i) {
+        bn_null(t[i]); bn_null(u[i]);
+        bn_new(t[i]); bn_new(u[i]);
+	}
 	crt_new(crt);
 
 	BENCH_RUN("bn_add") {
@@ -667,6 +672,57 @@ static void arith(void) {
 	}
 	BENCH_END;
 
+    bn_set_2b(b, RLC_BN_BITS);
+    bn_rand(c, RLC_POS, RLC_DIG);
+    bn_sub(b, b, c);
+    if (bn_is_even(b)) {
+        bn_add_dig(b, b, 1);
+    }
+    for(int i = 0; i < 16; i++) {
+        bn_rand_mod(t[i], b);
+        bn_rand_mod(u[i], b);
+    }
+
+	BENCH_RUN("bn_mxp_sim") {
+		BENCH_ADD(bn_mxp_sim(c, t[0], u[0], t[1], u[1], b));
+	}
+	BENCH_END;
+
+	BENCH_RUN("bn_mxp_sim_few (2)") {
+		BENCH_ADD(bn_mxp_sim_few(c, t, u, b, 2));
+	}
+	BENCH_END;
+
+	BENCH_RUN("bn_mxp_sim_few (4)") {
+		BENCH_ADD(bn_mxp_sim_few(c, t, u, b, 4));
+	}
+	BENCH_END;
+
+	BENCH_RUN("bn_mxp_sim_few (8)") {
+		BENCH_ADD(bn_mxp_sim_few(c, t, u, b, 8));
+	}
+	BENCH_END;
+
+	BENCH_RUN("bn_mxp_sim_lot (2)") {
+		BENCH_ADD(bn_mxp_sim_lot(c, (const bn_t*)t, (const bn_t*)u, b, 2));
+	}
+	BENCH_END;
+
+	BENCH_RUN("bn_mxp_sim_lot (4)") {
+		BENCH_ADD(bn_mxp_sim_lot(c, (const bn_t*)t, (const bn_t*)u, b, 4));
+	}
+	BENCH_END;
+
+	BENCH_RUN("bn_mxp_sim_lot (8)") {
+		BENCH_ADD(bn_mxp_sim_lot(c, (const bn_t*)t, (const bn_t*)u, b, 8));
+	}
+	BENCH_END;
+
+	BENCH_RUN("bn_mxp_sim_lot (16)") {
+		BENCH_ADD(bn_mxp_sim_lot(c, (const bn_t*)t, (const bn_t*)u, b, 16));
+	}
+	BENCH_END;
+
 	bn_gen_prime(crt->p, RLC_BN_BITS / 2);
 	bn_gen_prime(crt->q, RLC_BN_BITS / 2);
 	bn_mul(crt->n, crt->p, crt->q);
@@ -891,7 +947,7 @@ static void arith(void) {
 
 	BENCH_RUN("bn_rec_naf") {
 		int8_t naf[RLC_BN_BITS + 1];
-		int len;
+		size_t len;
 		bn_rand(a, RLC_POS, RLC_BN_BITS);
 		BENCH_ADD((len = RLC_BN_BITS + 1, bn_rec_naf(naf, &len, a, 4)));
 	}
@@ -901,7 +957,7 @@ static void arith(void) {
 	if (eb_param_set_any_kbltz() == RLC_OK) {
 		BENCH_RUN("bn_rec_tnaf") {
 			int8_t tnaf[RLC_FB_BITS + 8];
-			int len = RLC_BN_BITS + 1;
+			size_t len = RLC_BN_BITS + 1;
 			eb_curve_get_ord(b);
 			bn_rand_mod(a, b);
 			if (eb_curve_opt_a() == RLC_ZERO) {
@@ -928,7 +984,7 @@ static void arith(void) {
 
 	BENCH_RUN("bn_rec_reg") {
 		int8_t naf[RLC_BN_BITS + 1];
-		int len = RLC_BN_BITS + 1;
+		size_t len = RLC_BN_BITS + 1;
 		bn_rand(a, RLC_POS, RLC_BN_BITS);
 		BENCH_ADD((len = RLC_BN_BITS + 1, bn_rec_reg(naf, &len, a, RLC_BN_BITS, 4)));
 	}
@@ -962,6 +1018,10 @@ static void arith(void) {
 		bn_free(d[j]);
 		bn_free(e[j]);
 	}
+	for (int i = 0; i < 16; ++i) {
+        bn_free(t[i]);
+		bn_free(u[i]);
+    }
 	crt_free(crt);
 }
 

bench/bench_cp.c

@@ -141,28 +141,28 @@ static void benaloh(void) {
 	dig_t in, new;
 	uint8_t out[RLC_BN_BITS / 8 + 1];
 	size_t out_len;
+	dig_t prime = 0xFB;
 
 	bdpe_null(pub);
 	bdpe_null(prv);
 
 	bdpe_new(pub);
 	bdpe_new(prv);
 
-	BENCH_ONE("cp_bdpe_gen", cp_bdpe_gen(pub, prv, bn_get_prime(47),
-		RLC_BN_BITS), 1);
+	BENCH_ONE("cp_bdpe_gen", cp_bdpe_gen(pub, prv, prime, RLC_BN_BITS), 1);
 
 	BENCH_RUN("cp_bdpe_enc") {
 		out_len = RLC_BN_BITS / 8 + 1;
 		rand_bytes(out, 1);
-		in = out[0] % bn_get_prime(47);
+		in = out[0] % prime;
 		BENCH_ADD(cp_bdpe_enc(out, &out_len, in, pub));
 		cp_bdpe_dec(&new, out, out_len, prv);
 	} BENCH_END;
 
 	BENCH_RUN("cp_bdpe_dec") {
 		out_len = RLC_BN_BITS / 8 + 1;
 		rand_bytes(out, 1);
-		in = out[0] % bn_get_prime(47);
+		in = out[0] % prime;
 		cp_bdpe_enc(out, &out_len, in, pub);
 		BENCH_ADD(cp_bdpe_dec(&new, out, out_len, prv));
 	} BENCH_END;
@@ -1328,7 +1328,7 @@ static void pss(void) {
 	}
 }
 
-#ifdef WITH_MPC
+#if defined(WITH_MPC)
 
 static void mpss(void) {
 	bn_t m[2], n, u[2], v[2], ms[10][2], _v[10][2];

bench/bench_epx.c

@@ -37,17 +37,17 @@
 static void memory2(void) {
 	ep2_t a[BENCH];
 
-	BENCH_FEW("ep2_null", ep4_null(a[i]), 1);
+	BENCH_FEW("ep2_null", ep2_null(a[i]), 1);
 
-	BENCH_FEW("ep2_new", ep4_new(a[i]), 1);
+	BENCH_FEW("ep2_new", ep2_new(a[i]), 1);
 	for (int i = 0; i < BENCH; i++) {
 		ep2_free(a[i]);
 	}
 
 	for (int i = 0; i < BENCH; i++) {
 		ep2_new(a[i]);
 	}
-	BENCH_FEW("ep2_free", ep4_free(a[i]), 1);
+	BENCH_FEW("ep2_free", ep2_free(a[i]), 1);
 
 	(void)a;
 }

cmake/eb.cmake

@@ -6,8 +6,6 @@ message("      EB_PLAIN=[off|on] Support for ordinary curves without endomorphis
 message("      EB_KBLTZ=[off|on] Support for Koblitz anomalous binary curves.")
 message("      EB_MIXED=[off|on] Use mixed coordinates.")
 message("      EB_PRECO=[off|on] Build precomputation table for generator.")
-message("      EB_DEPTH=w        Width w in [2,8] of precomputation table for fixed point methods.")
-message("      EB_WIDTH=w        Width w in [2,6] of window processing for unknown point methods.\n")
 
 message("   ** Available binary elliptic curve methods (default = PROJC;LWNAF;COMBS;INTER):\n")
 
@@ -34,15 +32,6 @@ message("      EB_METHD=TRICK    Shamir's trick for simultaneous multiplication.
 message("      EB_METHD=INTER    Interleaving of window (T)NAFs.")
 message("      EB_METHD=JOINT    Joint sparse form.\n")
 
-if (NOT EB_DEPTH)
-	set(EB_DEPTH 4)
-endif(NOT EB_DEPTH)
-if (NOT EB_WIDTH)
-	set(EB_WIDTH 4)
-endif(NOT EB_WIDTH)
-set(EB_DEPTH "${EB_DEPTH}" CACHE STRING "Width of precomputation table for fixed point methods.")
-set(EB_WIDTH "${EB_WIDTH}" CACHE STRING "Width of window processing for unknown point methods.")
-
 option(EB_PLAIN "Support for ordinary curves without endomorphisms" on)
 option(EB_KBLTZ "Support for Koblitz anomalous binary curves" on)
 option(EB_MIXED "Use mixed coordinates" on)

cmake/ed.cmake

@@ -2,8 +2,7 @@ message(STATUS "Elliptic Edwards curve over prime fields arithmetic configuratio
 
 message("   ** Options for the prime elliptic Edwards curve module (default = all on):")
 message("      ED_PRECO=[off|on] Build precomputation table for generator.")
-message("      ED_DEPTH=w        Width w in [2,6] of precomputation table for fixed point methods.")
-message("      ED_WIDTH=w        Width w in [2,6] of window processing for unknown point methods.\n")
+message("      RLC_DEPTH=w        Width w in [2,6] of precomputation table for fixed point methods.")
 
 message("   ** Available prime elliptic Edwards curve methods (default = PROJC;LWNAF;COMBS;INTER):")
 message("      ED_METHD=BASIC    Affine coordinates.")
@@ -31,15 +30,6 @@ message("      ED_METHD=JOINT    Joint sparse form.\n")
 
 message("      Note: these methods must be given in order. Ex: ED_METHD=\"EXTND;LWNAF;COMBD;TRICK\"\n")
 
-if (NOT ED_DEPTH)
-	set(ED_DEPTH 4)
-endif(NOT ED_DEPTH)
-if (NOT ED_WIDTH)
-	set(ED_WIDTH 4)
-endif(NOT ED_WIDTH)
-set(ED_DEPTH "${ED_DEPTH}" CACHE STRING "Width of precomputation table for fixed point methods.")
-set(ED_WIDTH "${ED_WIDTH}" CACHE STRING "Width of window processing for unknown point methods.")
-
 option(ED_PRECO "Build precomputation table for generator" on)
 
 # Choose the arithmetic methods.

cmake/ep.cmake

@@ -9,8 +9,7 @@ message("      EP_MIXED=[off|on] Use mixed coordinates.")
 message("      EP_CTMAP=[off|on] Use contant-time SSWU and isogeny map for hashing.\n")
 
 message("      EP_PRECO=[off|on] Build precomputation table for generator.")
-message("      EP_DEPTH=w        Width w in [2,8] of precomputation table for fixed point methods.")
-message("      EP_WIDTH=w        Width w in [2,6] of window processing for unknown point methods.\n")
+message("      RLC_DEPTH=w        Width w in [2,8] of precomputation table for fixed point methods.")
 
 message("   ** Available prime elliptic curve methods (default = PROJC;LWNAF;COMBS;INTER;SSWUM):\n")
 
@@ -43,15 +42,6 @@ message("      EP_METHD=BASIC    Hash to x-coordinate and increment.")
 message("      EP_METHD=SSWUM    Simplified Shallue-van de Woestijne-Ulas method.")
 message("      EP_METHD=SWIFT    SwiftEC hashing method.\n")
 
-if (NOT EP_DEPTH)
-	set(EP_DEPTH 4)
-endif(NOT EP_DEPTH)
-if (NOT EP_WIDTH)
-	set(EP_WIDTH 4)
-endif(NOT EP_WIDTH)
-set(EP_DEPTH "${EP_DEPTH}" CACHE STRING "Width of precomputation table for fixed point methods.")
-set(EP_WIDTH "${EP_WIDTH}" CACHE STRING "Width of window processing for unknown point methods.")
-
 option(EP_PLAIN "Support for ordinary curves without endomorphisms" on)
 option(EP_SUPER "Support for supersingular curves" on)
 option(EP_MIXED "Use mixed coordinates" on)