summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDenys Vlasenko2021-12-01 15:09:44 +0100
committerDenys Vlasenko2021-12-01 15:09:44 +0100
commitb240733ae7423cb8f542a624eef0cfa3037d05bc (patch)
tree90f2a5fd0611becd0164566d3c582f08dec46075
parent8514b4166d7a9d7720006d852ae67f43baed8ef1 (diff)
downloadbusybox-b240733ae7423cb8f542a624eef0cfa3037d05bc.zip
busybox-b240733ae7423cb8f542a624eef0cfa3037d05bc.tar.gz
tls: x25519: code shrink by factoring out common code
function old new delta fe_reduce - 37 +37 lm_add 67 43 -24 fe_mul_c 62 38 -24 fe_mul__distinct 138 112 -26 curve25519 800 767 -33 lm_sub 98 64 -34 ------------------------------------------------------------------------------ (add/remove: 1/0 grow/shrink: 0/5 up/down: 37/-141) Total: -104 bytes Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
-rw-r--r--networking/tls_fe.c68
1 files changed, 21 insertions, 47 deletions
diff --git a/networking/tls_fe.c b/networking/tls_fe.c
index 3a0a677..e5580fb 100644
--- a/networking/tls_fe.c
+++ b/networking/tls_fe.c
@@ -187,7 +187,7 @@ static void fprime_mul(byte *r, const byte *a, const byte *b,
#if 0 //UNUSED
static void fe_load(byte *x, word32 c)
{
- word32 i;
+ int i;
for (i = 0; i < sizeof(c); i++) {
x[i] = c;
@@ -199,21 +199,29 @@ static void fe_load(byte *x, word32 c)
}
#endif
-static void fe_normalize(byte *x)
+static void fe_reduce(byte *x, word32 c)
{
- byte minusp[F25519_SIZE];
- unsigned c;
int i;
/* Reduce using 2^255 = 19 mod p */
- c = (x[31] >> 7) * 19;
- x[31] &= 127;
+ x[31] = c & 127;
+ c = (c >> 7) * 19;
for (i = 0; i < F25519_SIZE; i++) {
c += x[i];
x[i] = (byte)c;
c >>= 8;
}
+}
+
+static void fe_normalize(byte *x)
+{
+ byte minusp[F25519_SIZE];
+ unsigned c;
+ int i;
+
+ /* Reduce using 2^255 = 19 mod p */
+ fe_reduce(x, x[31]);
/* The number is now less than 2^255 + 18, and therefore less than
* 2p. Try subtracting p, and conditionally load the subtracted
@@ -247,14 +255,7 @@ static void lm_add(byte* r, const byte* a, const byte* b)
}
/* Reduce with 2^255 = 19 mod p */
- r[31] &= 127;
- c = (c >> 7) * 19;
-
- for (i = 0; i < F25519_SIZE; i++) {
- c += r[i];
- r[i] = (byte)c;
- c >>= 8;
- }
+ fe_reduce(r, c);
}
static void lm_sub(byte* r, const byte* a, const byte* b)
@@ -264,21 +265,15 @@ static void lm_sub(byte* r, const byte* a, const byte* b)
/* Calculate a + 2p - b, to avoid underflow */
c = 218;
- for (i = 0; i + 1 < F25519_SIZE; i++) {
+ for (i = 0; i < F25519_SIZE - 1; i++) {
c += 65280 + ((word32)a[i]) - ((word32)b[i]);
r[i] = c;
c >>= 8;
}
c += ((word32)a[31]) - ((word32)b[31]);
- r[31] = c & 127;
- c = (c >> 7) * 19;
- for (i = 0; i < F25519_SIZE; i++) {
- c += r[i];
- r[i] = c;
- c >>= 8;
- }
+ fe_reduce(r, c);
}
#if 0 //UNUSED
@@ -289,21 +284,15 @@ static void lm_neg(byte* r, const byte* a)
/* Calculate 2p - a, to avoid underflow */
c = 218;
- for (i = 0; i + 1 < F25519_SIZE; i++) {
+ for (i = 0; i < F25519_SIZE - 1; i++) {
c += 65280 - ((word32)a[i]);
r[i] = c;
c >>= 8;
}
c -= ((word32)a[31]);
- r[31] = c & 127;
- c = (c >> 7) * 19;
- for (i = 0; i < F25519_SIZE; i++) {
- c += r[i];
- r[i] = c;
- c >>= 8;
- }
+ fe_reduce(r, c);
}
#endif
@@ -326,14 +315,7 @@ static void fe_mul__distinct(byte *r, const byte *a, const byte *b)
r[i] = c;
}
- r[31] &= 127;
- c = (c >> 7) * 19;
-
- for (i = 0; i < F25519_SIZE; i++) {
- c += r[i];
- r[i] = c;
- c >>= 8;
- }
+ fe_reduce(r, c);
}
#if 0 //UNUSED
@@ -357,15 +339,7 @@ static void fe_mul_c(byte *r, const byte *a, word32 b)
r[i] = c;
}
- r[31] &= 127;
- c >>= 7;
- c *= 19;
-
- for (i = 0; i < F25519_SIZE; i++) {
- c += r[i];
- r[i] = c;
- c >>= 8;
- }
+ fe_reduce(r, c);
}
static void fe_inv__distinct(byte *r, const byte *x)