Commit 9ae25aaa authored by Daiki Ueno's avatar Daiki Ueno Committed by Niels Möller

ecc: Add add_hh and dup members to ecc_curve

This makes it possible to share the same code for curve25519 and
curve448 primitives, which use different underlying formulas for
addition and doubling.
Signed-off-by: default avatarDaiki Ueno <dueno@redhat.com>
parent ecfc1125
......@@ -155,12 +155,16 @@ const struct ecc_curve nettle_secp_192r1 =
ECC_PIPPENGER_K,
ECC_PIPPENGER_C,
ECC_ADD_JJA_ITCH (ECC_LIMB_SIZE),
ECC_ADD_JJJ_ITCH (ECC_LIMB_SIZE),
ECC_DUP_JJ_ITCH (ECC_LIMB_SIZE),
ECC_MUL_A_ITCH (ECC_LIMB_SIZE),
ECC_MUL_G_ITCH (ECC_LIMB_SIZE),
ECC_J_TO_A_ITCH (ECC_LIMB_SIZE),
ecc_add_jja,
ecc_add_jjj,
ecc_dup_jj,
ecc_mul_a,
ecc_mul_g,
ecc_j_to_a,
......
......@@ -107,12 +107,16 @@ const struct ecc_curve nettle_secp_224r1 =
ECC_PIPPENGER_K,
ECC_PIPPENGER_C,
ECC_ADD_JJA_ITCH (ECC_LIMB_SIZE),
ECC_ADD_JJJ_ITCH (ECC_LIMB_SIZE),
ECC_DUP_JJ_ITCH (ECC_LIMB_SIZE),
ECC_MUL_A_ITCH (ECC_LIMB_SIZE),
ECC_MUL_G_ITCH (ECC_LIMB_SIZE),
ECC_J_TO_A_ITCH (ECC_LIMB_SIZE),
ecc_add_jja,
ecc_add_jjj,
ecc_dup_jj,
ecc_mul_a,
ecc_mul_g,
ecc_j_to_a,
......
......@@ -335,12 +335,16 @@ const struct ecc_curve _nettle_curve25519 =
ECC_PIPPENGER_K,
ECC_PIPPENGER_C,
ECC_ADD_EH_ITCH (ECC_LIMB_SIZE),
ECC_ADD_EHH_ITCH (ECC_LIMB_SIZE),
ECC_DUP_EH_ITCH (ECC_LIMB_SIZE),
ECC_MUL_A_EH_ITCH (ECC_LIMB_SIZE),
ECC_MUL_G_EH_ITCH (ECC_LIMB_SIZE),
ECC_EH_TO_A_ITCH (ECC_LIMB_SIZE, ECC_25519_INV_ITCH),
ecc_add_eh,
ecc_add_ehh,
ecc_dup_eh,
ecc_mul_a_eh,
ecc_mul_g_eh,
ecc_eh_to_a,
......
......@@ -284,12 +284,16 @@ const struct ecc_curve nettle_secp_256r1 =
ECC_PIPPENGER_K,
ECC_PIPPENGER_C,
ECC_ADD_JJA_ITCH (ECC_LIMB_SIZE),
ECC_ADD_JJJ_ITCH (ECC_LIMB_SIZE),
ECC_DUP_JJ_ITCH (ECC_LIMB_SIZE),
ECC_MUL_A_ITCH (ECC_LIMB_SIZE),
ECC_MUL_G_ITCH (ECC_LIMB_SIZE),
ECC_J_TO_A_ITCH (ECC_LIMB_SIZE),
ecc_add_jja,
ecc_add_jjj,
ecc_dup_jj,
ecc_mul_a,
ecc_mul_g,
ecc_j_to_a,
......
......@@ -192,12 +192,16 @@ const struct ecc_curve nettle_secp_384r1 =
ECC_PIPPENGER_K,
ECC_PIPPENGER_C,
ECC_ADD_JJA_ITCH (ECC_LIMB_SIZE),
ECC_ADD_JJJ_ITCH (ECC_LIMB_SIZE),
ECC_DUP_JJ_ITCH (ECC_LIMB_SIZE),
ECC_MUL_A_ITCH (ECC_LIMB_SIZE),
ECC_MUL_G_ITCH (ECC_LIMB_SIZE),
ECC_J_TO_A_ITCH (ECC_LIMB_SIZE),
ecc_add_jja,
ecc_add_jjj,
ecc_dup_jj,
ecc_mul_a,
ecc_mul_g,
ecc_j_to_a,
......
......@@ -120,12 +120,16 @@ const struct ecc_curve nettle_secp_521r1 =
ECC_PIPPENGER_K,
ECC_PIPPENGER_C,
ECC_ADD_JJA_ITCH (ECC_LIMB_SIZE),
ECC_ADD_JJJ_ITCH (ECC_LIMB_SIZE),
ECC_DUP_JJ_ITCH (ECC_LIMB_SIZE),
ECC_MUL_A_ITCH (ECC_LIMB_SIZE),
ECC_MUL_G_ITCH (ECC_LIMB_SIZE),
ECC_J_TO_A_ITCH (ECC_LIMB_SIZE),
ecc_add_jja,
ecc_add_jjj,
ecc_dup_jj,
ecc_mul_a,
ecc_mul_g,
ecc_j_to_a,
......
......@@ -112,6 +112,10 @@ typedef void ecc_add_func (const struct ecc_curve *ecc,
const mp_limb_t *p, const mp_limb_t *q,
mp_limb_t *scratch);
typedef void ecc_dup_func (const struct ecc_curve *ecc,
mp_limb_t *r, const mp_limb_t *p,
mp_limb_t *scratch);
typedef void ecc_mul_g_func (const struct ecc_curve *ecc, mp_limb_t *r,
const mp_limb_t *np, mp_limb_t *scratch);
......@@ -168,12 +172,16 @@ struct ecc_curve
unsigned short pippenger_k;
unsigned short pippenger_c;
unsigned short add_hh_itch;
unsigned short add_hhh_itch;
unsigned short dup_itch;
unsigned short mul_itch;
unsigned short mul_g_itch;
unsigned short h_to_a_itch;
ecc_add_func *add_hh;
ecc_add_func *add_hhh;
ecc_dup_func *dup;
ecc_mul_func *mul;
ecc_mul_g_func *mul_g;
ecc_h_to_a_func *h_to_a;
......
......@@ -75,8 +75,8 @@ ecc_mul_a_eh (const struct ecc_curve *ecc,
{
int digit;
ecc_dup_eh (ecc, r, r, scratch_out);
ecc_add_ehh (ecc, tp, r, pe, scratch_out);
ecc->dup (ecc, r, r, scratch_out);
ecc->add_hhh (ecc, tp, r, pe, scratch_out);
digit = (w & bit) > 0;
/* If we had a one-bit, use the sum. */
......@@ -107,8 +107,8 @@ table_init (const struct ecc_curve *ecc,
for (j = 2; j < size; j += 2)
{
ecc_dup_eh (ecc, TABLE(j), TABLE(j/2), scratch);
ecc_add_ehh (ecc, TABLE(j+1), TABLE(j), TABLE(1), scratch);
ecc->dup (ecc, TABLE(j), TABLE(j/2), scratch);
ecc->add_hhh (ecc, TABLE(j+1), TABLE(j), TABLE(1), scratch);
}
}
......@@ -163,11 +163,11 @@ ecc_mul_a_eh (const struct ecc_curve *ecc,
bits |= w >> shift;
}
for (j = 0; j < ECC_MUL_A_EH_WBITS; j++)
ecc_dup_eh (ecc, r, r, scratch_out);
ecc->dup (ecc, r, r, scratch_out);
bits &= TABLE_MASK;
sec_tabselect (tp, 3*ecc->p.size, table, TABLE_SIZE, bits);
ecc_add_ehh (ecc, r, tp, r, scratch_out);
ecc->add_hhh (ecc, r, tp, r, scratch_out);
}
#undef table
#undef tp
......
......@@ -64,7 +64,7 @@ ecc_mul_g_eh (const struct ecc_curve *ecc, mp_limb_t *r,
for (i = k; i-- > 0; )
{
ecc_dup_eh (ecc, r, r, scratch);
ecc->dup (ecc, r, r, scratch);
for (j = 0; j * c < bit_rows; j++)
{
unsigned bits;
......@@ -93,7 +93,7 @@ ecc_mul_g_eh (const struct ecc_curve *ecc, mp_limb_t *r,
+ (2*ecc->p.size * (mp_size_t) j << c)),
1<<c, bits);
ecc_add_eh (ecc, r, r, tp, scratch_out);
ecc->add_hh (ecc, r, r, tp, scratch_out);
}
}
#undef tp
......
#include "testutils.h"
#include <assert.h>
void
test_main (void)
......@@ -20,64 +21,70 @@ test_main (void)
/* Zero point has x = 0, y = 1, z = 1 */
mpn_zero (z, 3*ecc->p.size);
z[ecc->p.size] = z[2*ecc->p.size] = 1;
assert (ecc->add_hh == ecc_add_eh);
assert (ecc->add_hhh == ecc_add_ehh);
ecc_a_to_j (ecc, g, ecc->g);
ecc_add_ehh (ecc, p, z, z, scratch);
ecc->add_hhh (ecc, p, z, z, scratch);
test_ecc_mul_h (i, 0, p);
ecc_add_eh (ecc, p, z, z, scratch);
ecc->add_hh (ecc, p, z, z, scratch);
test_ecc_mul_h (i, 0, p);
ecc_add_ehh (ecc, p, g, p, scratch);
ecc->add_hhh (ecc, p, g, p, scratch);
test_ecc_mul_h (i, 1, p);
ecc_add_eh (ecc, p, z, g, scratch);
ecc->add_hh (ecc, p, z, g, scratch);
test_ecc_mul_h (i, 1, p);
ecc_add_ehh (ecc, g2, g, p, scratch);
ecc->add_hhh (ecc, g2, g, p, scratch);
test_ecc_mul_h (i, 2, g2);
ecc_add_eh (ecc, g2, g, g, scratch);
ecc->add_hh (ecc, g2, g, g, scratch);
test_ecc_mul_h (i, 2, g2);
ecc_add_ehh (ecc, g3, g, g2, scratch);
ecc->add_hhh (ecc, g3, g, g2, scratch);
test_ecc_mul_h (i, 3, g3);
ecc_add_eh (ecc, g3, g2, g, scratch);
ecc->add_hh (ecc, g3, g2, g, scratch);
test_ecc_mul_h (i, 3, g3);
ecc_add_ehh (ecc, p, g, g3, scratch);
ecc->add_hhh (ecc, p, g, g3, scratch);
test_ecc_mul_h (i, 4, p);
ecc_add_eh (ecc, p, g3, g, scratch);
ecc->add_hh (ecc, p, g3, g, scratch);
test_ecc_mul_h (i, 4, p);
ecc_add_ehh (ecc, p, g2, g2, scratch);
ecc->add_hhh (ecc, p, g2, g2, scratch);
test_ecc_mul_h (i, 4, p);
free (z);
}
else
{
assert (ecc->add_hhh == ecc_add_jjj);
assert (ecc->dup == ecc_dup_jj);
ecc_a_to_j (ecc, g, ecc->g);
ecc_dup_jj (ecc, g2, g, scratch);
ecc->dup (ecc, g2, g, scratch);
test_ecc_mul_h (i, 2, g2);
ecc_add_jjj (ecc, g3, g, g2, scratch);
ecc->add_hhh (ecc, g3, g, g2, scratch);
test_ecc_mul_h (i, 3, g3);
ecc_add_jjj (ecc, g3, g2, g, scratch);
ecc->add_hhh (ecc, g3, g2, g, scratch);
test_ecc_mul_h (i, 3, g3);
ecc_add_jjj (ecc, p, g, g3, scratch);
ecc->add_hhh (ecc, p, g, g3, scratch);
test_ecc_mul_h (i, 4, p);
ecc_add_jjj (ecc, p, g3, g, scratch);
ecc->add_hhh (ecc, p, g3, g, scratch);
test_ecc_mul_h (i, 4, p);
ecc_dup_jj (ecc, p, g2, scratch);
ecc->dup (ecc, p, g2, scratch);
test_ecc_mul_h (i, 4, p);
}
free (g);
......
......@@ -21,13 +21,13 @@ test_main (void)
ecc_a_to_j (ecc, g, ecc->g);
ecc_dup_eh (ecc, p, z, scratch);
ecc->dup (ecc, p, z, scratch);
test_ecc_mul_h (i, 0, p);
ecc_dup_eh (ecc, p, g, scratch);
ecc->dup (ecc, p, g, scratch);
test_ecc_mul_h (i, 2, p);
ecc_dup_eh (ecc, p, p, scratch);
ecc->dup (ecc, p, p, scratch);
test_ecc_mul_h (i, 4, p);
free (z);
}
......@@ -35,10 +35,10 @@ test_main (void)
{
ecc_a_to_j (ecc, g, ecc->g);
ecc_dup_jj (ecc, p, g, scratch);
ecc->dup (ecc, p, g, scratch);
test_ecc_mul_h (i, 2, p);
ecc_dup_jj (ecc, p, p, scratch);
ecc->dup (ecc, p, p, scratch);
test_ecc_mul_h (i, 4, p);
}
free (p);
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment