Commit 93eb83f2 authored by Dmitry Baryshkov's avatar Dmitry Baryshkov Committed by Niels Möller

ecc: remove ecc_modp_foo/ecc_modq_foo macros

To make ecc functions usage more obvious remove ecc_modp_foo() and
ecc_modq_foo() wrapper macros.
Signed-off-by: Dmitry Baryshkov's avatarDmitry Baryshkov <dbaryshkov@gmail.com>
parent d7f2dae9
......@@ -62,14 +62,14 @@ curve25519_eh_to_x (mp_limb_t *xp, const mp_limb_t *p,
*/
/* NOTE: For the infinity point, this subtraction gives zero (mod
p), which isn't invertible. For curve25519, the desired output is
x = 0, and we should be fine, since ecc_modp_inv returns 0
x = 0, and we should be fine, since ecc_mod_inv for ecc->p returns 0
in this case. */
ecc_modp_sub (ecc, t0, wp, vp);
ecc_mod_sub (&ecc->p, t0, wp, vp);
/* Needs a total of 5*size storage. */
ecc->p.invert (&ecc->p, t1, t0, t2 + ecc->p.size);
ecc_modp_add (ecc, t0, wp, vp);
ecc_modp_mul (ecc, t2, t0, t1);
ecc_mod_add (&ecc->p, t0, wp, vp);
ecc_mod_mul (&ecc->p, t2, t0, t1);
cy = mpn_sub_n (xp, t2, ecc->p.m, ecc->p.size);
cnd_copy (cy, xp, t2, ecc->p.size);
......
......@@ -61,8 +61,8 @@ curve448_eh_to_x (mp_limb_t *xp, const mp_limb_t *p, mp_limb_t *scratch)
*/
/* Needs a total of 9*size storage. */
ecc->p.invert (&ecc->p, t0, p, t1 + ecc->p.size);
ecc_modp_mul (ecc, t1, t0, vp);
ecc_modp_mul (ecc, t2, t1, t1);
ecc_mod_mul (&ecc->p, t1, t0, vp);
ecc_mod_mul (&ecc->p, t2, t1, t1);
cy = mpn_sub_n (xp, t2, ecc->p.m, ecc->p.size);
cnd_copy (cy, xp, t2, ecc->p.size);
......
......@@ -78,30 +78,30 @@ ecc_add_eh (const struct ecc_curve *ecc,
#define F D
#define G E
ecc_modp_mul (ecc, C, x1, x2);
ecc_modp_mul (ecc, D, y1, y2);
ecc_modp_add (ecc, x3, x1, y1);
ecc_modp_add (ecc, y3, x2, y2);
ecc_modp_mul (ecc, T, x3, y3);
ecc_modp_sub (ecc, T, T, C);
ecc_modp_sub (ecc, T, T, D);
ecc_modp_mul (ecc, x3, C, D);
ecc_modp_mul (ecc, E, x3, ecc->b);
ecc_modp_sub (ecc, C, D, C);
ecc_modp_sqr (ecc, B, z1);
ecc_modp_sub (ecc, F, B, E);
ecc_modp_add (ecc, G, B, E);
ecc_mod_mul (&ecc->p, C, x1, x2);
ecc_mod_mul (&ecc->p, D, y1, y2);
ecc_mod_add (&ecc->p, x3, x1, y1);
ecc_mod_add (&ecc->p, y3, x2, y2);
ecc_mod_mul (&ecc->p, T, x3, y3);
ecc_mod_sub (&ecc->p, T, T, C);
ecc_mod_sub (&ecc->p, T, T, D);
ecc_mod_mul (&ecc->p, x3, C, D);
ecc_mod_mul (&ecc->p, E, x3, ecc->b);
ecc_mod_sub (&ecc->p, C, D, C);
ecc_mod_sqr (&ecc->p, B, z1);
ecc_mod_sub (&ecc->p, F, B, E);
ecc_mod_add (&ecc->p, G, B, E);
/* x3 */
ecc_modp_mul (ecc, B, F, T);
ecc_modp_mul (ecc, x3, B, z1);
ecc_mod_mul (&ecc->p, B, F, T);
ecc_mod_mul (&ecc->p, x3, B, z1);
/* y3 */
ecc_modp_mul (ecc, B, G, z1);
ecc_modp_mul (ecc, y3, B, C); /* Clobbers z1 in case r == p. */
ecc_mod_mul (&ecc->p, B, G, z1);
ecc_mod_mul (&ecc->p, y3, B, C); /* Clobbers z1 in case r == p. */
/* z3 */
ecc_modp_mul (ecc, B, F, G);
ecc_mod_mul (&ecc->p, B, F, G);
mpn_copyi (z3, B, ecc->p.size);
}
......@@ -80,32 +80,32 @@ ecc_add_ehh (const struct ecc_curve *ecc,
#define F D
#define G E
ecc_modp_mul (ecc, C, x1, x2);
ecc_modp_mul (ecc, D, y1, y2);
ecc_modp_add (ecc, A, x1, y1);
ecc_modp_add (ecc, B, x2, y2);
ecc_modp_mul (ecc, T, A, B);
ecc_modp_sub (ecc, T, T, C);
ecc_modp_sub (ecc, T, T, D);
ecc_modp_mul (ecc, x3, C, D);
ecc_modp_mul (ecc, E, x3, ecc->b);
ecc_modp_sub (ecc, C, D, C);
ecc_modp_mul (ecc, A, z1, z2);
ecc_modp_sqr (ecc, B, A);
ecc_modp_sub (ecc, F, B, E);
ecc_modp_add (ecc, G, B, E);
ecc_mod_mul (&ecc->p, C, x1, x2);
ecc_mod_mul (&ecc->p, D, y1, y2);
ecc_mod_add (&ecc->p, A, x1, y1);
ecc_mod_add (&ecc->p, B, x2, y2);
ecc_mod_mul (&ecc->p, T, A, B);
ecc_mod_sub (&ecc->p, T, T, C);
ecc_mod_sub (&ecc->p, T, T, D);
ecc_mod_mul (&ecc->p, x3, C, D);
ecc_mod_mul (&ecc->p, E, x3, ecc->b);
ecc_mod_sub (&ecc->p, C, D, C);
ecc_mod_mul (&ecc->p, A, z1, z2);
ecc_mod_sqr (&ecc->p, B, A);
ecc_mod_sub (&ecc->p, F, B, E);
ecc_mod_add (&ecc->p, G, B, E);
/* x3 */
ecc_modp_mul (ecc, B, F, T);
ecc_modp_mul (ecc, x3, B, A);
ecc_mod_mul (&ecc->p, B, F, T);
ecc_mod_mul (&ecc->p, x3, B, A);
/* y3 */
ecc_modp_mul (ecc, B, G, C);
ecc_modp_mul (ecc, y3, B, A);
ecc_mod_mul (&ecc->p, B, G, C);
ecc_mod_mul (&ecc->p, y3, B, A);
/* z3 */
ecc_modp_mul (ecc, B, F, G);
ecc_mod_mul (&ecc->p, B, F, G);
mpn_copyi (z3, B, ecc->p.size);
}
......@@ -85,41 +85,41 @@ ecc_add_jja (const struct ecc_curve *ecc,
#define y2 (q + ecc->p.size)
/* zz */
ecc_modp_sqr (ecc, zz, z1);
ecc_mod_sqr (&ecc->p, zz, z1);
/* h*/
ecc_modp_mul (ecc, h, x2, zz);
ecc_modp_sub (ecc, h, h, x1);
ecc_mod_mul (&ecc->p, h, x2, zz);
ecc_mod_sub (&ecc->p, h, h, x1);
/* hh */
ecc_modp_sqr (ecc, hh, h);
ecc_mod_sqr (&ecc->p, hh, h);
/* Do z^3 early, store at w. */
ecc_modp_mul (ecc, w, zz, z1);
ecc_mod_mul (&ecc->p, w, zz, z1);
/* z_3, use j area for scratch */
ecc_modp_add (ecc, r + 2*ecc->p.size, p + 2*ecc->p.size, h);
ecc_modp_sqr (ecc, j, r + 2*ecc->p.size);
ecc_modp_sub (ecc, j, j, zz);
ecc_modp_sub (ecc, r + 2*ecc->p.size, j, hh);
ecc_mod_add (&ecc->p, r + 2*ecc->p.size, p + 2*ecc->p.size, h);
ecc_mod_sqr (&ecc->p, j, r + 2*ecc->p.size);
ecc_mod_sub (&ecc->p, j, j, zz);
ecc_mod_sub (&ecc->p, r + 2*ecc->p.size, j, hh);
/* w */
ecc_modp_mul (ecc, j, y2, w);
ecc_modp_sub (ecc, w, j, y1);
ecc_modp_mul_1 (ecc, w, w, 2);
ecc_mod_mul (&ecc->p, j, y2, w);
ecc_mod_sub (&ecc->p, w, j, y1);
ecc_mod_mul_1 (&ecc->p, w, w, 2);
/* i replaces hh, j */
ecc_modp_mul_1 (ecc, hh, hh, 4);
ecc_modp_mul (ecc, j, hh, h);
ecc_mod_mul_1 (&ecc->p, hh, hh, 4);
ecc_mod_mul (&ecc->p, j, hh, h);
/* v */
ecc_modp_mul (ecc, v, x1, hh);
ecc_mod_mul (&ecc->p, v, x1, hh);
/* x_3, use (h, hh) as sqratch */
ecc_modp_sqr (ecc, h, w);
ecc_modp_sub (ecc, r, h, j);
ecc_modp_submul_1 (ecc, r, v, 2);
ecc_mod_sqr (&ecc->p, h, w);
ecc_mod_sub (&ecc->p, r, h, j);
ecc_mod_submul_1 (&ecc->p, r, v, 2);
/* y_3, use (h, hh) as sqratch */
ecc_modp_mul (ecc, h, y1, j); /* frees j */
ecc_modp_sub (ecc, r + ecc->p.size, v, r);
ecc_modp_mul (ecc, j, r + ecc->p.size, w);
ecc_modp_submul_1 (ecc, j, h, 2);
ecc_mod_mul (&ecc->p, h, y1, j); /* frees j */
ecc_mod_sub (&ecc->p, r + ecc->p.size, v, r);
ecc_mod_mul (&ecc->p, j, r + ecc->p.size, w);
ecc_mod_submul_1 (&ecc->p, j, h, 2);
mpn_copyi (r + ecc->p.size, j, ecc->p.size);
}
......@@ -74,47 +74,47 @@ ecc_add_jjj (const struct ecc_curve *ecc,
mp_limb_t *v = scratch + 6*ecc->p.size;
/* z1^2, z2^2, u1 = x1 x2^2, u2 = x2 z1^2 - u1 */
ecc_modp_sqr (ecc, z1z1, p + 2*ecc->p.size);
ecc_modp_sqr (ecc, z2z2, q + 2*ecc->p.size);
ecc_modp_mul (ecc, u1, p, z2z2);
ecc_modp_mul (ecc, u2, q, z1z1);
ecc_modp_sub (ecc, u2, u2, u1); /* Store h in u2 */
ecc_mod_sqr (&ecc->p, z1z1, p + 2*ecc->p.size);
ecc_mod_sqr (&ecc->p, z2z2, q + 2*ecc->p.size);
ecc_mod_mul (&ecc->p, u1, p, z2z2);
ecc_mod_mul (&ecc->p, u2, q, z1z1);
ecc_mod_sub (&ecc->p, u2, u2, u1); /* Store h in u2 */
/* z3, use i, j, v as scratch, result at i. */
ecc_modp_add (ecc, i, p + 2*ecc->p.size, q + 2*ecc->p.size);
ecc_modp_sqr (ecc, v, i);
ecc_modp_sub (ecc, v, v, z1z1);
ecc_modp_sub (ecc, v, v, z2z2);
ecc_modp_mul (ecc, i, v, u2);
ecc_mod_add (&ecc->p, i, p + 2*ecc->p.size, q + 2*ecc->p.size);
ecc_mod_sqr (&ecc->p, v, i);
ecc_mod_sub (&ecc->p, v, v, z1z1);
ecc_mod_sub (&ecc->p, v, v, z2z2);
ecc_mod_mul (&ecc->p, i, v, u2);
/* Delayed write, to support in-place operation. */
/* s1 = y1 z2^3, s2 = y2 z1^3, scratch at j and v */
ecc_modp_mul (ecc, j, z1z1, p + 2*ecc->p.size); /* z1^3 */
ecc_modp_mul (ecc, v, z2z2, q + 2*ecc->p.size); /* z2^3 */
ecc_modp_mul (ecc, s1, p + ecc->p.size, v);
ecc_modp_mul (ecc, v, j, q + ecc->p.size);
ecc_modp_sub (ecc, s2, v, s1);
ecc_modp_mul_1 (ecc, s2, s2, 2);
ecc_mod_mul (&ecc->p, j, z1z1, p + 2*ecc->p.size); /* z1^3 */
ecc_mod_mul (&ecc->p, v, z2z2, q + 2*ecc->p.size); /* z2^3 */
ecc_mod_mul (&ecc->p, s1, p + ecc->p.size, v);
ecc_mod_mul (&ecc->p, v, j, q + ecc->p.size);
ecc_mod_sub (&ecc->p, s2, v, s1);
ecc_mod_mul_1 (&ecc->p, s2, s2, 2);
/* Store z3 */
mpn_copyi (r + 2*ecc->p.size, i, ecc->p.size);
/* i, j, v */
ecc_modp_sqr (ecc, i, u2);
ecc_modp_mul_1 (ecc, i, i, 4);
ecc_modp_mul (ecc, j, u2, i);
ecc_modp_mul (ecc, v, u1, i);
ecc_mod_sqr (&ecc->p, i, u2);
ecc_mod_mul_1 (&ecc->p, i, i, 4);
ecc_mod_mul (&ecc->p, j, u2, i);
ecc_mod_mul (&ecc->p, v, u1, i);
/* now, u1, u2 and i are free for reuse .*/
/* x3, use u1, u2 as scratch */
ecc_modp_sqr (ecc, u1, s2);
ecc_modp_sub (ecc, r, u1, j);
ecc_modp_submul_1 (ecc, r, v, 2);
ecc_mod_sqr (&ecc->p, u1, s2);
ecc_mod_sub (&ecc->p, r, u1, j);
ecc_mod_submul_1 (&ecc->p, r, v, 2);
/* y3 */
ecc_modp_mul (ecc, u1, s1, j); /* Frees j */
ecc_modp_sub (ecc, u2, v, r); /* Frees v */
ecc_modp_mul (ecc, i, s2, u2);
ecc_modp_submul_1 (ecc, i, u1, 2);
ecc_mod_mul (&ecc->p, u1, s1, j); /* Frees j */
ecc_mod_sub (&ecc->p, u2, v, r); /* Frees v */
ecc_mod_mul (&ecc->p, i, s2, u2);
ecc_mod_submul_1 (&ecc->p, i, u1, 2);
mpn_copyi (r + ecc->p.size, i, ecc->p.size);
}
......@@ -84,30 +84,30 @@ ecc_add_th (const struct ecc_curve *ecc,
#define F D
#define G E
ecc_modp_mul (ecc, C, x1, x2);
ecc_modp_mul (ecc, D, y1, y2);
ecc_modp_add (ecc, x3, x1, y1);
ecc_modp_add (ecc, y3, x2, y2);
ecc_modp_mul (ecc, T, x3, y3);
ecc_modp_sub (ecc, T, T, C);
ecc_modp_sub (ecc, T, T, D);
ecc_modp_mul (ecc, x3, C, D);
ecc_modp_mul (ecc, E, x3, ecc->b);
ecc_modp_add (ecc, C, D, C);
ecc_modp_sqr (ecc, B, z1);
ecc_modp_sub (ecc, F, B, E);
ecc_modp_add (ecc, G, B, E);
ecc_mod_mul (&ecc->p, C, x1, x2);
ecc_mod_mul (&ecc->p, D, y1, y2);
ecc_mod_add (&ecc->p, x3, x1, y1);
ecc_mod_add (&ecc->p, y3, x2, y2);
ecc_mod_mul (&ecc->p, T, x3, y3);
ecc_mod_sub (&ecc->p, T, T, C);
ecc_mod_sub (&ecc->p, T, T, D);
ecc_mod_mul (&ecc->p, x3, C, D);
ecc_mod_mul (&ecc->p, E, x3, ecc->b);
ecc_mod_add (&ecc->p, C, D, C);
ecc_mod_sqr (&ecc->p, B, z1);
ecc_mod_sub (&ecc->p, F, B, E);
ecc_mod_add (&ecc->p, G, B, E);
/* x3 */
ecc_modp_mul (ecc, B, G, T);
ecc_modp_mul (ecc, x3, B, z1);
ecc_mod_mul (&ecc->p, B, G, T);
ecc_mod_mul (&ecc->p, x3, B, z1);
/* y3 */
ecc_modp_mul (ecc, B, F, z1);
ecc_modp_mul (ecc, y3, B, C); /* Clobbers z1 in case r == p. */
ecc_mod_mul (&ecc->p, B, F, z1);
ecc_mod_mul (&ecc->p, y3, B, C); /* Clobbers z1 in case r == p. */
/* z3 */
ecc_modp_mul (ecc, B, F, G);
ecc_mod_mul (&ecc->p, B, F, G);
mpn_copyi (z3, B, ecc->p.size);
}
......@@ -85,32 +85,32 @@ ecc_add_thh (const struct ecc_curve *ecc,
#define F D
#define G E
ecc_modp_mul (ecc, C, x1, x2);
ecc_modp_mul (ecc, D, y1, y2);
ecc_modp_add (ecc, A, x1, y1);
ecc_modp_add (ecc, B, x2, y2);
ecc_modp_mul (ecc, T, A, B);
ecc_modp_sub (ecc, T, T, C);
ecc_modp_sub (ecc, T, T, D);
ecc_modp_mul (ecc, x3, C, D);
ecc_modp_mul (ecc, E, x3, ecc->b);
ecc_modp_add (ecc, C, D, C);
ecc_modp_mul (ecc, A, z1, z2);
ecc_modp_sqr (ecc, B, A);
ecc_modp_sub (ecc, F, B, E);
ecc_modp_add (ecc, G, B, E);
ecc_mod_mul (&ecc->p, C, x1, x2);
ecc_mod_mul (&ecc->p, D, y1, y2);
ecc_mod_add (&ecc->p, A, x1, y1);
ecc_mod_add (&ecc->p, B, x2, y2);
ecc_mod_mul (&ecc->p, T, A, B);
ecc_mod_sub (&ecc->p, T, T, C);
ecc_mod_sub (&ecc->p, T, T, D);
ecc_mod_mul (&ecc->p, x3, C, D);
ecc_mod_mul (&ecc->p, E, x3, ecc->b);
ecc_mod_add (&ecc->p, C, D, C);
ecc_mod_mul (&ecc->p, A, z1, z2);
ecc_mod_sqr (&ecc->p, B, A);
ecc_mod_sub (&ecc->p, F, B, E);
ecc_mod_add (&ecc->p, G, B, E);
/* x3 */
ecc_modp_mul (ecc, B, G, T);
ecc_modp_mul (ecc, x3, B, A);
ecc_mod_mul (&ecc->p, B, G, T);
ecc_mod_mul (&ecc->p, x3, B, A);
/* y3 */
ecc_modp_mul (ecc, B, F, C);
ecc_modp_mul (ecc, y3, B, A);
ecc_mod_mul (&ecc->p, B, F, C);
ecc_mod_mul (&ecc->p, y3, B, A);
/* z3 */
ecc_modp_mul (ecc, B, F, G);
ecc_mod_mul (&ecc->p, B, F, G);
mpn_copyi (z3, B, ecc->p.size);
}
......@@ -64,28 +64,28 @@ ecc_dup_eh (const struct ecc_curve *ecc,
#define j (scratch + 4*ecc->p.size)
/* b */
ecc_modp_add (ecc, e, p, p + ecc->p.size);
ecc_modp_sqr (ecc, b, e);
ecc_mod_add (&ecc->p, e, p, p + ecc->p.size);
ecc_mod_sqr (&ecc->p, b, e);
/* c */
ecc_modp_sqr (ecc, c, p);
ecc_mod_sqr (&ecc->p, c, p);
/* d */
ecc_modp_sqr (ecc, d, p + ecc->p.size);
ecc_mod_sqr (&ecc->p, d, p + ecc->p.size);
/* h, can use r as scratch, even for in-place operation. */
ecc_modp_sqr (ecc, r, p + 2*ecc->p.size);
ecc_mod_sqr (&ecc->p, r, p + 2*ecc->p.size);
/* e, */
ecc_modp_add (ecc, e, c, d);
ecc_mod_add (&ecc->p, e, c, d);
/* j */
ecc_modp_add (ecc, r, r, r);
ecc_modp_sub (ecc, j, e, r);
ecc_mod_add (&ecc->p, r, r, r);
ecc_mod_sub (&ecc->p, j, e, r);
/* x' */
ecc_modp_sub (ecc, b, b, e);
ecc_modp_mul (ecc, r, b, j);
ecc_mod_sub (&ecc->p, b, b, e);
ecc_mod_mul (&ecc->p, r, b, j);
/* y' */
ecc_modp_sub (ecc, c, c, d); /* Redundant */
ecc_modp_mul (ecc, r + ecc->p.size, e, c);
ecc_mod_sub (&ecc->p, c, c, d); /* Redundant */
ecc_mod_mul (&ecc->p, r + ecc->p.size, e, c);
/* z' */
ecc_modp_mul (ecc, b, e, j);
ecc_mod_mul (&ecc->p, b, e, j);
mpn_copyi (r + 2*ecc->p.size, b, ecc->p.size);
}
......@@ -72,39 +72,39 @@ ecc_dup_jj (const struct ecc_curve *ecc,
#define zp (p + 2*ecc->p.size)
/* delta */
ecc_modp_sqr (ecc, delta, zp);
ecc_mod_sqr (&ecc->p, delta, zp);
/* gamma */
ecc_modp_sqr (ecc, gamma, yp);
ecc_mod_sqr (&ecc->p, gamma, yp);
/* z'. Can use beta area as scratch. */
ecc_modp_add (ecc, r + 2*ecc->p.size, yp, zp);
ecc_modp_sqr (ecc, beta, r + 2*ecc->p.size);
ecc_modp_sub (ecc, beta, beta, gamma);
ecc_modp_sub (ecc, r + 2*ecc->p.size, beta, delta);
ecc_mod_add (&ecc->p, r + 2*ecc->p.size, yp, zp);
ecc_mod_sqr (&ecc->p, beta, r + 2*ecc->p.size);
ecc_mod_sub (&ecc->p, beta, beta, gamma);
ecc_mod_sub (&ecc->p, r + 2*ecc->p.size, beta, delta);
/* alpha. Can use beta area as scratch, and overwrite delta. */
ecc_modp_add (ecc, sum, xp, delta);
ecc_modp_sub (ecc, delta, xp, delta);
ecc_modp_mul (ecc, beta, sum, delta);
ecc_modp_mul_1 (ecc, alpha, beta, 3);
ecc_mod_add (&ecc->p, sum, xp, delta);
ecc_mod_sub (&ecc->p, delta, xp, delta);
ecc_mod_mul (&ecc->p, beta, sum, delta);
ecc_mod_mul_1 (&ecc->p, alpha, beta, 3);
/* beta */
ecc_modp_mul (ecc, beta, xp, gamma);
ecc_mod_mul (&ecc->p, beta, xp, gamma);
/* Do gamma^2 and 4*beta early, to get them out of the way. We can
then use the old area at gamma as scratch. */
ecc_modp_sqr (ecc, g2, gamma);
ecc_modp_mul_1 (ecc, sum, beta, 4);
ecc_mod_sqr (&ecc->p, g2, gamma);
ecc_mod_mul_1 (&ecc->p, sum, beta, 4);
/* x' */
ecc_modp_sqr (ecc, gamma, alpha); /* Overwrites gamma and beta */
ecc_modp_submul_1 (ecc, gamma, sum, 2);
ecc_mod_sqr (&ecc->p, gamma, alpha); /* Overwrites gamma and beta */
ecc_mod_submul_1 (&ecc->p, gamma, sum, 2);
mpn_copyi (r, gamma, ecc->p.size);
/* y' */
ecc_modp_sub (ecc, sum, sum, r);
ecc_modp_mul (ecc, gamma, sum, alpha);
ecc_modp_submul_1 (ecc, gamma, g2, 8);
ecc_mod_sub (&ecc->p, sum, sum, r);
ecc_mod_mul (&ecc->p, gamma, sum, alpha);
ecc_mod_submul_1 (&ecc->p, gamma, g2, 8);
mpn_copyi (r + ecc->p.size, gamma, ecc->p.size);
}
......@@ -81,29 +81,29 @@ ecc_dup_th (const struct ecc_curve *ecc,
#define J (scratch + 4*ecc->p.size)
/* B */
ecc_modp_add (ecc, F, p, p + ecc->p.size);
ecc_modp_sqr (ecc, B, F);
ecc_mod_add (&ecc->p, F, p, p + ecc->p.size);
ecc_mod_sqr (&ecc->p, B, F);
/* C */
ecc_modp_sqr (ecc, C, p);
ecc_mod_sqr (&ecc->p, C, p);
/* D */
ecc_modp_sqr (ecc, D, p + ecc->p.size);
ecc_mod_sqr (&ecc->p, D, p + ecc->p.size);
/* Can use r as scratch, even for in-place operation. */
ecc_modp_sqr (ecc, r, p + 2*ecc->p.size);
ecc_mod_sqr (&ecc->p, r, p + 2*ecc->p.size);
/* F, */
ecc_modp_sub (ecc, F, D, C);
ecc_mod_sub (&ecc->p, F, D, C);
/* B - C - D */
ecc_modp_add (ecc, C, C, D);
ecc_modp_sub (ecc, B, B, C);
ecc_mod_add (&ecc->p, C, C, D);
ecc_mod_sub (&ecc->p, B, B, C);
/* J */
ecc_modp_add (ecc, r, r, r);
ecc_modp_sub (ecc, J, r, F);
ecc_mod_add (&ecc->p, r, r, r);
ecc_mod_sub (&ecc->p, J, r, F);
/* x' */
ecc_modp_mul (ecc, r, B, J);
ecc_mod_mul (&ecc->p, r, B, J);
/* y' */
ecc_modp_mul (ecc, r + ecc->p.size, F, C);
ecc_mod_mul (&ecc->p, r + ecc->p.size, F, C);
/* z' */
ecc_modp_mul (ecc, B, F, J);
ecc_mod_mul (&ecc->p, B, F, J);
mpn_copyi (r + 2*ecc->p.size, B, ecc->p.size);
}
......@@ -88,9 +88,9 @@ ecc_ecdsa_sign (const struct ecc_curve *ecc,
/* Process hash digest */
ecc_hash (&ecc->q, hp, length, digest);
ecc_modq_mul (ecc, tp, zp, rp);
ecc_modq_add (ecc, hp, hp, tp);
ecc_modq_mul (ecc, tp, hp, kinv);
ecc_mod_mul (&ecc->q, tp, zp, rp);
ecc_mod_add (&ecc->q, hp, hp, tp);
ecc_mod_mul (&ecc->q, tp, hp, kinv);
mpn_copyi (sp, tp, ecc->p.size);
#undef P
......
......@@ -112,10 +112,10 @@ ecc_ecdsa_verify (const struct ecc_curve *ecc,
/* u1 = h / s, P1 = u1 * G */
ecc_hash (&ecc->q, hp, length, digest);
ecc_modq_mul (ecc, u1, hp, sinv);
ecc_mod_mul (&ecc->q, u1, hp, sinv);
/* u2 = r / s, P2 = u2 * Y */
ecc_modq_mul (ecc, u2, rp, sinv);
ecc_mod_mul (&ecc->q, u2, rp, sinv);
/* Total storage: 5*ecc->p.size + ecc->mul_itch */
ecc->mul (ecc, P2, u2, pp, u2 + ecc->p.size);
......
......@@ -61,11 +61,11 @@ ecc_eh_to_a (const struct ecc_curve *ecc,
/* Needs 2*size + scratch for the invert call. */
ecc->p.invert (&ecc->p, izp, zp, tp + ecc->p.size);
ecc_modp_mul (ecc, tp, xp, izp);
ecc_mod_mul (&ecc->p, tp, xp, izp);
cy = mpn_sub_n (r, tp, ecc->p.m, ecc->p.size);
cnd_copy (cy, r, tp, ecc->p.size);
ecc_modp_mul (ecc, tp, yp, izp);
ecc_mod_mul (&ecc->p, tp, yp, izp);
cy = mpn_sub_n (r + ecc->p.size, tp, ecc->p.m, ecc->p.size);
cnd_copy (cy, r + ecc->p.size, tp, ecc->p.size);
}
......@@ -84,9 +84,9 @@ ecc_gostdsa_sign (const struct ecc_curve *ecc,
if (mpn_zero_p (hp, ecc->p.size))
mpn_add_1 (hp, hp, ecc->p.size, 1);
ecc_modq_mul (ecc, tp, rp, zp);
ecc_modq_mul (ecc, t2p, kp, hp);
ecc_modq_add (ecc, sp, tp, t2p);
ecc_mod_mul (&ecc->q, tp, rp, zp);