summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDenys Vlasenko2021-04-27 01:21:26 +0200
committerDenys Vlasenko2021-04-27 01:21:26 +0200
commita2bc52dd447816a887e508c6a1210ec43b38b03d (patch)
tree7cd088aee4c6c6a9f135aab3b5d32f657badb185
parente52e43c72f9dce8bc524a8e6770e6abe3e97db09 (diff)
downloadbusybox-a2bc52dd447816a887e508c6a1210ec43b38b03d.zip
busybox-a2bc52dd447816a887e508c6a1210ec43b38b03d.tar.gz
tls: reorder P256 functions to make more sense
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
-rw-r--r--networking/tls_sp_c32.c358
1 files changed, 179 insertions, 179 deletions
diff --git a/networking/tls_sp_c32.c b/networking/tls_sp_c32.c
index 1f14031..8059f6e 100644
--- a/networking/tls_sp_c32.c
+++ b/networking/tls_sp_c32.c
@@ -220,106 +220,6 @@ static void sp_256_rshift1_10(sp_digit* r, sp_digit* a)
r[9] = a[9] >> 1;
}
-/* Multiply a number by Montogmery normalizer mod modulus (prime).
- *
- * r The resulting Montgomery form number.
- * a The number to convert.
- */
-static void sp_256_mod_mul_norm_10(sp_digit* r, const sp_digit* a)
-{
- int64_t t[8];
- int64_t a32[8];
- int64_t o;
-
- a32[0] = a[0];
- a32[0] |= a[1] << 26;
- a32[0] &= 0xffffffff;
- a32[1] = (sp_digit)(a[1] >> 6);
- a32[1] |= a[2] << 20;
- a32[1] &= 0xffffffff;
- a32[2] = (sp_digit)(a[2] >> 12);
- a32[2] |= a[3] << 14;
- a32[2] &= 0xffffffff;
- a32[3] = (sp_digit)(a[3] >> 18);
- a32[3] |= a[4] << 8;
- a32[3] &= 0xffffffff;
- a32[4] = (sp_digit)(a[4] >> 24);
- a32[4] |= a[5] << 2;
- a32[4] |= a[6] << 28;
- a32[4] &= 0xffffffff;
- a32[5] = (sp_digit)(a[6] >> 4);
- a32[5] |= a[7] << 22;
- a32[5] &= 0xffffffff;
- a32[6] = (sp_digit)(a[7] >> 10);
- a32[6] |= a[8] << 16;
- a32[6] &= 0xffffffff;
- a32[7] = (sp_digit)(a[8] >> 16);
- a32[7] |= a[9] << 10;
- a32[7] &= 0xffffffff;
-
- /* 1 1 0 -1 -1 -1 -1 0 */
- t[0] = 0 + a32[0] + a32[1] - a32[3] - a32[4] - a32[5] - a32[6];
- /* 0 1 1 0 -1 -1 -1 -1 */
- t[1] = 0 + a32[1] + a32[2] - a32[4] - a32[5] - a32[6] - a32[7];
- /* 0 0 1 1 0 -1 -1 -1 */
- t[2] = 0 + a32[2] + a32[3] - a32[5] - a32[6] - a32[7];
- /* -1 -1 0 2 2 1 0 -1 */
- t[3] = 0 - a32[0] - a32[1] + 2 * a32[3] + 2 * a32[4] + a32[5] - a32[7];
- /* 0 -1 -1 0 2 2 1 0 */
- t[4] = 0 - a32[1] - a32[2] + 2 * a32[4] + 2 * a32[5] + a32[6];
- /* 0 0 -1 -1 0 2 2 1 */
- t[5] = 0 - a32[2] - a32[3] + 2 * a32[5] + 2 * a32[6] + a32[7];
- /* -1 -1 0 0 0 1 3 2 */
- t[6] = 0 - a32[0] - a32[1] + a32[5] + 3 * a32[6] + 2 * a32[7];
- /* 1 0 -1 -1 -1 -1 0 3 */
- t[7] = 0 + a32[0] - a32[2] - a32[3] - a32[4] - a32[5] + 3 * a32[7];
-
- t[1] += t[0] >> 32; t[0] &= 0xffffffff;
- t[2] += t[1] >> 32; t[1] &= 0xffffffff;
- t[3] += t[2] >> 32; t[2] &= 0xffffffff;
- t[4] += t[3] >> 32; t[3] &= 0xffffffff;
- t[5] += t[4] >> 32; t[4] &= 0xffffffff;
- t[6] += t[5] >> 32; t[5] &= 0xffffffff;
- t[7] += t[6] >> 32; t[6] &= 0xffffffff;
- o = t[7] >> 32; t[7] &= 0xffffffff;
- t[0] += o;
- t[3] -= o;
- t[6] -= o;
- t[7] += o;
- t[1] += t[0] >> 32; t[0] &= 0xffffffff;
- t[2] += t[1] >> 32; t[1] &= 0xffffffff;
- t[3] += t[2] >> 32; t[2] &= 0xffffffff;
- t[4] += t[3] >> 32; t[3] &= 0xffffffff;
- t[5] += t[4] >> 32; t[4] &= 0xffffffff;
- t[6] += t[5] >> 32; t[5] &= 0xffffffff;
- t[7] += t[6] >> 32; t[6] &= 0xffffffff;
-
- r[0] = (sp_digit)(t[0]) & 0x3ffffff;
- r[1] = (sp_digit)(t[0] >> 26);
- r[1] |= t[1] << 6;
- r[1] &= 0x3ffffff;
- r[2] = (sp_digit)(t[1] >> 20);
- r[2] |= t[2] << 12;
- r[2] &= 0x3ffffff;
- r[3] = (sp_digit)(t[2] >> 14);
- r[3] |= t[3] << 18;
- r[3] &= 0x3ffffff;
- r[4] = (sp_digit)(t[3] >> 8);
- r[4] |= t[4] << 24;
- r[4] &= 0x3ffffff;
- r[5] = (sp_digit)(t[4] >> 2) & 0x3ffffff;
- r[6] = (sp_digit)(t[4] >> 28);
- r[6] |= t[5] << 4;
- r[6] &= 0x3ffffff;
- r[7] = (sp_digit)(t[5] >> 22);
- r[7] |= t[6] << 10;
- r[7] &= 0x3ffffff;
- r[8] = (sp_digit)(t[6] >> 16);
- r[8] |= t[7] << 16;
- r[8] &= 0x3ffffff;
- r[9] = (sp_digit)(t[7] >> 10);
-}
-
/* Mul a by scalar b and add into r. (r += a * b) */
static void sp_256_mul_add_10(sp_digit* r, const sp_digit* a, sp_digit b)
{
@@ -335,6 +235,58 @@ static void sp_256_mul_add_10(sp_digit* r, const sp_digit* a, sp_digit b)
r[10] += t;
}
+/* Multiply a and b into r. (r = a * b) */
+static void sp_256_mul_10(sp_digit* r, const sp_digit* a, const sp_digit* b)
+{
+ int i, j, k;
+ int64_t c;
+
+ c = ((int64_t)a[9]) * b[9];
+ r[19] = (sp_digit)(c >> 26);
+ c = (c & 0x3ffffff) << 26;
+ for (k = 17; k >= 0; k--) {
+ for (i = 9; i >= 0; i--) {
+ j = k - i;
+ if (j >= 10)
+ break;
+ if (j < 0)
+ continue;
+ c += ((int64_t)a[i]) * b[j];
+ }
+ r[k + 2] += c >> 52;
+ r[k + 1] = (c >> 26) & 0x3ffffff;
+ c = (c & 0x3ffffff) << 26;
+ }
+ r[0] = (sp_digit)(c >> 26);
+}
+
+/* Square a and put result in r. (r = a * a) */
+static void sp_256_sqr_10(sp_digit* r, const sp_digit* a)
+{
+ int i, j, k;
+ int64_t c;
+
+ c = ((int64_t)a[9]) * a[9];
+ r[19] = (sp_digit)(c >> 26);
+ c = (c & 0x3ffffff) << 26;
+ for (k = 17; k >= 0; k--) {
+ for (i = 9; i >= 0; i--) {
+ j = k - i;
+ if (j >= 10 || i <= j)
+ break;
+ if (j < 0)
+ continue;
+ c += ((int64_t)a[i]) * a[j] * 2;
+ }
+ if (i == j)
+ c += ((int64_t)a[i]) * a[i];
+ r[k + 2] += c >> 52;
+ r[k + 1] = (c >> 26) & 0x3ffffff;
+ c = (c & 0x3ffffff) << 26;
+ }
+ r[0] = (sp_digit)(c >> 26);
+}
+
/* Divide the number by 2 mod the modulus (prime). (r = a / 2 % m) */
static void sp_256_div2_10(sp_digit* r, const sp_digit* a, const sp_digit* m)
{
@@ -344,25 +296,6 @@ static void sp_256_div2_10(sp_digit* r, const sp_digit* a, const sp_digit* m)
sp_256_rshift1_10(r, r);
}
-/* Shift the result in the high 256 bits down to the bottom. */
-static void sp_256_mont_shift_10(sp_digit* r, const sp_digit* a)
-{
- int i;
- sp_digit n, s;
-
- s = a[10];
- n = a[9] >> 22;
- for (i = 0; i < 9; i++) {
- n += (s & 0x3ffffff) << 4;
- r[i] = n & 0x3ffffff;
- n >>= 26;
- s = a[11 + i] + (s >> 26);
- }
- n += s << 4;
- r[9] = n;
- memset(&r[10], 0, sizeof(*r) * 10);
-}
-
/* Add two Montgomery form numbers (r = a + b % m) */
static void sp_256_mont_add_10(sp_digit* r, const sp_digit* a, const sp_digit* b,
const sp_digit* m)
@@ -374,6 +307,16 @@ static void sp_256_mont_add_10(sp_digit* r, const sp_digit* a, const sp_digit* b
sp_256_norm_10(r);
}
+/* Subtract two Montgomery form numbers (r = a - b % m) */
+static void sp_256_mont_sub_10(sp_digit* r, const sp_digit* a, const sp_digit* b,
+ const sp_digit* m)
+{
+ sp_256_sub_10(r, a, b);
+ if (r[9] >> 22)
+ sp_256_add_10(r, r, m);
+ sp_256_norm_10(r);
+}
+
/* Double a Montgomery form number (r = a + a % m) */
static void sp_256_mont_dbl_10(sp_digit* r, const sp_digit* a, const sp_digit* m)
{
@@ -399,14 +342,23 @@ static void sp_256_mont_tpl_10(sp_digit* r, const sp_digit* a, const sp_digit* m
sp_256_norm_10(r);
}
-/* Subtract two Montgomery form numbers (r = a - b % m) */
-static void sp_256_mont_sub_10(sp_digit* r, const sp_digit* a, const sp_digit* b,
- const sp_digit* m)
+/* Shift the result in the high 256 bits down to the bottom. */
+static void sp_256_mont_shift_10(sp_digit* r, const sp_digit* a)
{
- sp_256_sub_10(r, a, b);
- if (r[9] >> 22)
- sp_256_add_10(r, r, m);
- sp_256_norm_10(r);
+ int i;
+ sp_digit n, s;
+
+ s = a[10];
+ n = a[9] >> 22;
+ for (i = 0; i < 9; i++) {
+ n += (s & 0x3ffffff) << 4;
+ r[i] = n & 0x3ffffff;
+ n >>= 26;
+ s = a[11 + i] + (s >> 26);
+ }
+ n += s << 4;
+ r[9] = n;
+ memset(&r[10], 0, sizeof(*r) * 10);
}
/* Reduce the number back to 256 bits using Montgomery reduction.
@@ -449,31 +401,6 @@ static void sp_256_mont_reduce_10(sp_digit* a, const sp_digit* m, sp_digit mp)
sp_256_norm_10(a);
}
-/* Multiply a and b into r. (r = a * b) */
-static void sp_256_mul_10(sp_digit* r, const sp_digit* a, const sp_digit* b)
-{
- int i, j, k;
- int64_t c;
-
- c = ((int64_t)a[9]) * b[9];
- r[19] = (sp_digit)(c >> 26);
- c = (c & 0x3ffffff) << 26;
- for (k = 17; k >= 0; k--) {
- for (i = 9; i >= 0; i--) {
- j = k - i;
- if (j >= 10)
- break;
- if (j < 0)
- continue;
- c += ((int64_t)a[i]) * b[j];
- }
- r[k + 2] += c >> 52;
- r[k + 1] = (c >> 26) & 0x3ffffff;
- c = (c & 0x3ffffff) << 26;
- }
- r[0] = (sp_digit)(c >> 26);
-}
-
/* Multiply two Montogmery form numbers mod the modulus (prime).
* (r = a * b mod m)
*
@@ -490,33 +417,6 @@ static void sp_256_mont_mul_10(sp_digit* r, const sp_digit* a, const sp_digit* b
sp_256_mont_reduce_10(r, m, mp);
}
-/* Square a and put result in r. (r = a * a) */
-static void sp_256_sqr_10(sp_digit* r, const sp_digit* a)
-{
- int i, j, k;
- int64_t c;
-
- c = ((int64_t)a[9]) * a[9];
- r[19] = (sp_digit)(c >> 26);
- c = (c & 0x3ffffff) << 26;
- for (k = 17; k >= 0; k--) {
- for (i = 9; i >= 0; i--) {
- j = k - i;
- if (j >= 10 || i <= j)
- break;
- if (j < 0)
- continue;
- c += ((int64_t)a[i]) * a[j] * 2;
- }
- if (i == j)
- c += ((int64_t)a[i]) * a[i];
- r[k + 2] += c >> 52;
- r[k + 1] = (c >> 26) & 0x3ffffff;
- c = (c & 0x3ffffff) << 26;
- }
- r[0] = (sp_digit)(c >> 26);
-}
-
/* Square the Montgomery form number. (r = a * a mod m)
*
* r Result of squaring.
@@ -564,6 +464,106 @@ static void sp_256_mont_inv_10(sp_digit* r, sp_digit* a)
memcpy(r, t, sizeof(sp_digit) * 10);
}
+/* Multiply a number by Montogmery normalizer mod modulus (prime).
+ *
+ * r The resulting Montgomery form number.
+ * a The number to convert.
+ */
+static void sp_256_mod_mul_norm_10(sp_digit* r, const sp_digit* a)
+{
+ int64_t t[8];
+ int64_t a32[8];
+ int64_t o;
+
+ a32[0] = a[0];
+ a32[0] |= a[1] << 26;
+ a32[0] &= 0xffffffff;
+ a32[1] = (sp_digit)(a[1] >> 6);
+ a32[1] |= a[2] << 20;
+ a32[1] &= 0xffffffff;
+ a32[2] = (sp_digit)(a[2] >> 12);
+ a32[2] |= a[3] << 14;
+ a32[2] &= 0xffffffff;
+ a32[3] = (sp_digit)(a[3] >> 18);
+ a32[3] |= a[4] << 8;
+ a32[3] &= 0xffffffff;
+ a32[4] = (sp_digit)(a[4] >> 24);
+ a32[4] |= a[5] << 2;
+ a32[4] |= a[6] << 28;
+ a32[4] &= 0xffffffff;
+ a32[5] = (sp_digit)(a[6] >> 4);
+ a32[5] |= a[7] << 22;
+ a32[5] &= 0xffffffff;
+ a32[6] = (sp_digit)(a[7] >> 10);
+ a32[6] |= a[8] << 16;
+ a32[6] &= 0xffffffff;
+ a32[7] = (sp_digit)(a[8] >> 16);
+ a32[7] |= a[9] << 10;
+ a32[7] &= 0xffffffff;
+
+ /* 1 1 0 -1 -1 -1 -1 0 */
+ t[0] = 0 + a32[0] + a32[1] - a32[3] - a32[4] - a32[5] - a32[6];
+ /* 0 1 1 0 -1 -1 -1 -1 */
+ t[1] = 0 + a32[1] + a32[2] - a32[4] - a32[5] - a32[6] - a32[7];
+ /* 0 0 1 1 0 -1 -1 -1 */
+ t[2] = 0 + a32[2] + a32[3] - a32[5] - a32[6] - a32[7];
+ /* -1 -1 0 2 2 1 0 -1 */
+ t[3] = 0 - a32[0] - a32[1] + 2 * a32[3] + 2 * a32[4] + a32[5] - a32[7];
+ /* 0 -1 -1 0 2 2 1 0 */
+ t[4] = 0 - a32[1] - a32[2] + 2 * a32[4] + 2 * a32[5] + a32[6];
+ /* 0 0 -1 -1 0 2 2 1 */
+ t[5] = 0 - a32[2] - a32[3] + 2 * a32[5] + 2 * a32[6] + a32[7];
+ /* -1 -1 0 0 0 1 3 2 */
+ t[6] = 0 - a32[0] - a32[1] + a32[5] + 3 * a32[6] + 2 * a32[7];
+ /* 1 0 -1 -1 -1 -1 0 3 */
+ t[7] = 0 + a32[0] - a32[2] - a32[3] - a32[4] - a32[5] + 3 * a32[7];
+
+ t[1] += t[0] >> 32; t[0] &= 0xffffffff;
+ t[2] += t[1] >> 32; t[1] &= 0xffffffff;
+ t[3] += t[2] >> 32; t[2] &= 0xffffffff;
+ t[4] += t[3] >> 32; t[3] &= 0xffffffff;
+ t[5] += t[4] >> 32; t[4] &= 0xffffffff;
+ t[6] += t[5] >> 32; t[5] &= 0xffffffff;
+ t[7] += t[6] >> 32; t[6] &= 0xffffffff;
+ o = t[7] >> 32; t[7] &= 0xffffffff;
+ t[0] += o;
+ t[3] -= o;
+ t[6] -= o;
+ t[7] += o;
+ t[1] += t[0] >> 32; t[0] &= 0xffffffff;
+ t[2] += t[1] >> 32; t[1] &= 0xffffffff;
+ t[3] += t[2] >> 32; t[2] &= 0xffffffff;
+ t[4] += t[3] >> 32; t[3] &= 0xffffffff;
+ t[5] += t[4] >> 32; t[4] &= 0xffffffff;
+ t[6] += t[5] >> 32; t[5] &= 0xffffffff;
+ t[7] += t[6] >> 32; t[6] &= 0xffffffff;
+
+ r[0] = (sp_digit)(t[0]) & 0x3ffffff;
+ r[1] = (sp_digit)(t[0] >> 26);
+ r[1] |= t[1] << 6;
+ r[1] &= 0x3ffffff;
+ r[2] = (sp_digit)(t[1] >> 20);
+ r[2] |= t[2] << 12;
+ r[2] &= 0x3ffffff;
+ r[3] = (sp_digit)(t[2] >> 14);
+ r[3] |= t[3] << 18;
+ r[3] &= 0x3ffffff;
+ r[4] = (sp_digit)(t[3] >> 8);
+ r[4] |= t[4] << 24;
+ r[4] &= 0x3ffffff;
+ r[5] = (sp_digit)(t[4] >> 2) & 0x3ffffff;
+ r[6] = (sp_digit)(t[4] >> 28);
+ r[6] |= t[5] << 4;
+ r[6] &= 0x3ffffff;
+ r[7] = (sp_digit)(t[5] >> 22);
+ r[7] |= t[6] << 10;
+ r[7] &= 0x3ffffff;
+ r[8] = (sp_digit)(t[6] >> 16);
+ r[8] |= t[7] << 16;
+ r[8] &= 0x3ffffff;
+ r[9] = (sp_digit)(t[7] >> 10);
+}
+
/* Map the Montgomery form projective co-ordinate point to an affine point.
*
* r Resulting affine co-ordinate point.
@@ -808,7 +808,7 @@ static void sp_256_ecc_mulmod_base_10(sp_point* r, sp_digit* k /*, int map*/)
* pub2x32 Point to multiply.
* out32 Buffer to hold X ordinate.
*/
-static void sp_ecc_secret_gen_256(sp_digit priv[10], const uint8_t *pub2x32, uint8_t* out32)
+static void sp_ecc_secret_gen_256(const sp_digit priv[10], const uint8_t *pub2x32, uint8_t* out32)
{
sp_point point[1];