diff options
| author | Daiki Ueno <dueno@redhat.com> | 2017-08-05 09:43:46 +0200 |
|---|---|---|
| committer | Niels Möller <nisse@lysator.liu.se> | 2017-09-18 21:48:26 +0200 |
| commit | 9ae25aaa1cfc2749d1376ce52a68048263003e8c (patch) | |
| tree | 795503b495a3b976468d5b70f0d6b6552cc249c9 | |
| parent | ecfc1125c8dc7c0866e21d92f9e177e52b1aa5a1 (diff) | |
| download | nettle-9ae25aaa1cfc2749d1376ce52a68048263003e8c.tar.gz | |
ecc: Add add_hh and dup members to ecc_curve
This makes it possible to share the same code for curve25519 and
curve448 primitives, which use different underlying formulas for
addition and doubling.
Signed-off-by: Daiki Ueno <dueno@redhat.com>
| -rw-r--r-- | ecc-192.c | 4 | ||||
| -rw-r--r-- | ecc-224.c | 4 | ||||
| -rw-r--r-- | ecc-25519.c | 4 | ||||
| -rw-r--r-- | ecc-256.c | 4 | ||||
| -rw-r--r-- | ecc-384.c | 4 | ||||
| -rw-r--r-- | ecc-521.c | 4 | ||||
| -rw-r--r-- | ecc-internal.h | 8 | ||||
| -rw-r--r-- | ecc-mul-a-eh.c | 12 | ||||
| -rw-r--r-- | ecc-mul-g-eh.c | 4 | ||||
| -rw-r--r-- | testsuite/ecc-add-test.c | 43 | ||||
| -rw-r--r-- | testsuite/ecc-dup-test.c | 10 |
11 files changed, 70 insertions, 31 deletions
@@ -155,12 +155,16 @@ const struct ecc_curve nettle_secp_192r1 = ECC_PIPPENGER_K, ECC_PIPPENGER_C, + ECC_ADD_JJA_ITCH (ECC_LIMB_SIZE), ECC_ADD_JJJ_ITCH (ECC_LIMB_SIZE), + ECC_DUP_JJ_ITCH (ECC_LIMB_SIZE), ECC_MUL_A_ITCH (ECC_LIMB_SIZE), ECC_MUL_G_ITCH (ECC_LIMB_SIZE), ECC_J_TO_A_ITCH (ECC_LIMB_SIZE), + ecc_add_jja, ecc_add_jjj, + ecc_dup_jj, ecc_mul_a, ecc_mul_g, ecc_j_to_a, @@ -107,12 +107,16 @@ const struct ecc_curve nettle_secp_224r1 = ECC_PIPPENGER_K, ECC_PIPPENGER_C, + ECC_ADD_JJA_ITCH (ECC_LIMB_SIZE), ECC_ADD_JJJ_ITCH (ECC_LIMB_SIZE), + ECC_DUP_JJ_ITCH (ECC_LIMB_SIZE), ECC_MUL_A_ITCH (ECC_LIMB_SIZE), ECC_MUL_G_ITCH (ECC_LIMB_SIZE), ECC_J_TO_A_ITCH (ECC_LIMB_SIZE), + ecc_add_jja, ecc_add_jjj, + ecc_dup_jj, ecc_mul_a, ecc_mul_g, ecc_j_to_a, diff --git a/ecc-25519.c b/ecc-25519.c index 92de49be..16073ecf 100644 --- a/ecc-25519.c +++ b/ecc-25519.c @@ -335,12 +335,16 @@ const struct ecc_curve _nettle_curve25519 = ECC_PIPPENGER_K, ECC_PIPPENGER_C, + ECC_ADD_EH_ITCH (ECC_LIMB_SIZE), ECC_ADD_EHH_ITCH (ECC_LIMB_SIZE), + ECC_DUP_EH_ITCH (ECC_LIMB_SIZE), ECC_MUL_A_EH_ITCH (ECC_LIMB_SIZE), ECC_MUL_G_EH_ITCH (ECC_LIMB_SIZE), ECC_EH_TO_A_ITCH (ECC_LIMB_SIZE, ECC_25519_INV_ITCH), + ecc_add_eh, ecc_add_ehh, + ecc_dup_eh, ecc_mul_a_eh, ecc_mul_g_eh, ecc_eh_to_a, @@ -284,12 +284,16 @@ const struct ecc_curve nettle_secp_256r1 = ECC_PIPPENGER_K, ECC_PIPPENGER_C, + ECC_ADD_JJA_ITCH (ECC_LIMB_SIZE), ECC_ADD_JJJ_ITCH (ECC_LIMB_SIZE), + ECC_DUP_JJ_ITCH (ECC_LIMB_SIZE), ECC_MUL_A_ITCH (ECC_LIMB_SIZE), ECC_MUL_G_ITCH (ECC_LIMB_SIZE), ECC_J_TO_A_ITCH (ECC_LIMB_SIZE), + ecc_add_jja, ecc_add_jjj, + ecc_dup_jj, ecc_mul_a, ecc_mul_g, ecc_j_to_a, @@ -192,12 +192,16 @@ const struct ecc_curve nettle_secp_384r1 = ECC_PIPPENGER_K, ECC_PIPPENGER_C, + ECC_ADD_JJA_ITCH (ECC_LIMB_SIZE), ECC_ADD_JJJ_ITCH (ECC_LIMB_SIZE), + ECC_DUP_JJ_ITCH (ECC_LIMB_SIZE), ECC_MUL_A_ITCH (ECC_LIMB_SIZE), ECC_MUL_G_ITCH (ECC_LIMB_SIZE), ECC_J_TO_A_ITCH (ECC_LIMB_SIZE), + ecc_add_jja, ecc_add_jjj, + ecc_dup_jj, ecc_mul_a, ecc_mul_g, ecc_j_to_a, @@ -120,12 +120,16 @@ const struct ecc_curve nettle_secp_521r1 = ECC_PIPPENGER_K, ECC_PIPPENGER_C, + ECC_ADD_JJA_ITCH (ECC_LIMB_SIZE), ECC_ADD_JJJ_ITCH (ECC_LIMB_SIZE), + ECC_DUP_JJ_ITCH (ECC_LIMB_SIZE), ECC_MUL_A_ITCH (ECC_LIMB_SIZE), ECC_MUL_G_ITCH (ECC_LIMB_SIZE), ECC_J_TO_A_ITCH (ECC_LIMB_SIZE), + ecc_add_jja, ecc_add_jjj, + ecc_dup_jj, ecc_mul_a, ecc_mul_g, ecc_j_to_a, diff --git a/ecc-internal.h b/ecc-internal.h index ce1e34fb..643277c0 100644 --- a/ecc-internal.h +++ b/ecc-internal.h @@ -112,6 +112,10 @@ typedef void ecc_add_func (const struct ecc_curve *ecc, const mp_limb_t *p, const mp_limb_t *q, mp_limb_t *scratch); +typedef void ecc_dup_func (const struct ecc_curve *ecc, + mp_limb_t *r, const mp_limb_t *p, + mp_limb_t *scratch); + typedef void ecc_mul_g_func (const struct ecc_curve *ecc, mp_limb_t *r, const mp_limb_t *np, mp_limb_t *scratch); @@ -168,12 +172,16 @@ struct ecc_curve unsigned short pippenger_k; unsigned short pippenger_c; + unsigned short add_hh_itch; unsigned short add_hhh_itch; + unsigned short dup_itch; unsigned short mul_itch; unsigned short mul_g_itch; unsigned short h_to_a_itch; + ecc_add_func *add_hh; ecc_add_func *add_hhh; + ecc_dup_func *dup; ecc_mul_func *mul; ecc_mul_g_func *mul_g; ecc_h_to_a_func *h_to_a; diff --git a/ecc-mul-a-eh.c b/ecc-mul-a-eh.c index cf743236..e9b22cd4 100644 --- a/ecc-mul-a-eh.c +++ b/ecc-mul-a-eh.c @@ -75,8 +75,8 @@ ecc_mul_a_eh (const struct ecc_curve *ecc, { int digit; - ecc_dup_eh (ecc, r, r, scratch_out); - ecc_add_ehh (ecc, tp, r, pe, scratch_out); + ecc->dup (ecc, r, r, scratch_out); + ecc->add_hhh (ecc, tp, r, pe, scratch_out); digit = (w & bit) > 0; /* If we had a one-bit, use the sum. */ @@ -107,8 +107,8 @@ table_init (const struct ecc_curve *ecc, for (j = 2; j < size; j += 2) { - ecc_dup_eh (ecc, TABLE(j), TABLE(j/2), scratch); - ecc_add_ehh (ecc, TABLE(j+1), TABLE(j), TABLE(1), scratch); + ecc->dup (ecc, TABLE(j), TABLE(j/2), scratch); + ecc->add_hhh (ecc, TABLE(j+1), TABLE(j), TABLE(1), scratch); } } @@ -163,11 +163,11 @@ ecc_mul_a_eh (const struct ecc_curve *ecc, bits |= w >> shift; } for (j = 0; j < ECC_MUL_A_EH_WBITS; j++) - ecc_dup_eh (ecc, r, r, scratch_out); + ecc->dup (ecc, r, r, scratch_out); bits &= TABLE_MASK; sec_tabselect (tp, 3*ecc->p.size, table, TABLE_SIZE, bits); - ecc_add_ehh (ecc, r, tp, r, scratch_out); + ecc->add_hhh (ecc, r, tp, r, scratch_out); } #undef table #undef tp diff --git a/ecc-mul-g-eh.c b/ecc-mul-g-eh.c index a945494d..971bc6c5 100644 --- a/ecc-mul-g-eh.c +++ b/ecc-mul-g-eh.c @@ -64,7 +64,7 @@ ecc_mul_g_eh (const struct ecc_curve *ecc, mp_limb_t *r, for (i = k; i-- > 0; ) { - ecc_dup_eh (ecc, r, r, scratch); + ecc->dup (ecc, r, r, scratch); for (j = 0; j * c < bit_rows; j++) { unsigned bits; @@ -93,7 +93,7 @@ ecc_mul_g_eh (const struct ecc_curve *ecc, mp_limb_t *r, + (2*ecc->p.size * (mp_size_t) j << c)), 1<<c, bits); - ecc_add_eh (ecc, r, r, tp, scratch_out); + ecc->add_hh (ecc, r, r, tp, scratch_out); } } #undef tp diff --git a/testsuite/ecc-add-test.c b/testsuite/ecc-add-test.c index 54fae31f..8e88a76b 100644 --- a/testsuite/ecc-add-test.c +++ b/testsuite/ecc-add-test.c @@ -1,4 +1,5 @@ #include "testutils.h" +#include <assert.h> void test_main (void) @@ -20,64 +21,70 @@ test_main (void) /* Zero point has x = 0, y = 1, z = 1 */ mpn_zero (z, 3*ecc->p.size); z[ecc->p.size] = z[2*ecc->p.size] = 1; - + + assert (ecc->add_hh == ecc_add_eh); + assert (ecc->add_hhh == ecc_add_ehh); + ecc_a_to_j (ecc, g, ecc->g); - ecc_add_ehh (ecc, p, z, z, scratch); + ecc->add_hhh (ecc, p, z, z, scratch); test_ecc_mul_h (i, 0, p); - ecc_add_eh (ecc, p, z, z, scratch); + ecc->add_hh (ecc, p, z, z, scratch); test_ecc_mul_h (i, 0, p); - ecc_add_ehh (ecc, p, g, p, scratch); + ecc->add_hhh (ecc, p, g, p, scratch); test_ecc_mul_h (i, 1, p); - ecc_add_eh (ecc, p, z, g, scratch); + ecc->add_hh (ecc, p, z, g, scratch); test_ecc_mul_h (i, 1, p); - ecc_add_ehh (ecc, g2, g, p, scratch); + ecc->add_hhh (ecc, g2, g, p, scratch); test_ecc_mul_h (i, 2, g2); - ecc_add_eh (ecc, g2, g, g, scratch); + ecc->add_hh (ecc, g2, g, g, scratch); test_ecc_mul_h (i, 2, g2); - ecc_add_ehh (ecc, g3, g, g2, scratch); + ecc->add_hhh (ecc, g3, g, g2, scratch); test_ecc_mul_h (i, 3, g3); - ecc_add_eh (ecc, g3, g2, g, scratch); + ecc->add_hh (ecc, g3, g2, g, scratch); test_ecc_mul_h (i, 3, g3); - ecc_add_ehh (ecc, p, g, g3, scratch); + ecc->add_hhh (ecc, p, g, g3, scratch); test_ecc_mul_h (i, 4, p); - ecc_add_eh (ecc, p, g3, g, scratch); + ecc->add_hh (ecc, p, g3, g, scratch); test_ecc_mul_h (i, 4, p); - ecc_add_ehh (ecc, p, g2, g2, scratch); + ecc->add_hhh (ecc, p, g2, g2, scratch); test_ecc_mul_h (i, 4, p); free (z); } else { + assert (ecc->add_hhh == ecc_add_jjj); + assert (ecc->dup == ecc_dup_jj); + ecc_a_to_j (ecc, g, ecc->g); - ecc_dup_jj (ecc, g2, g, scratch); + ecc->dup (ecc, g2, g, scratch); test_ecc_mul_h (i, 2, g2); - ecc_add_jjj (ecc, g3, g, g2, scratch); + ecc->add_hhh (ecc, g3, g, g2, scratch); test_ecc_mul_h (i, 3, g3); - ecc_add_jjj (ecc, g3, g2, g, scratch); + ecc->add_hhh (ecc, g3, g2, g, scratch); test_ecc_mul_h (i, 3, g3); - ecc_add_jjj (ecc, p, g, g3, scratch); + ecc->add_hhh (ecc, p, g, g3, scratch); test_ecc_mul_h (i, 4, p); - ecc_add_jjj (ecc, p, g3, g, scratch); + ecc->add_hhh (ecc, p, g3, g, scratch); test_ecc_mul_h (i, 4, p); - ecc_dup_jj (ecc, p, g2, scratch); + ecc->dup (ecc, p, g2, scratch); test_ecc_mul_h (i, 4, p); } free (g); diff --git a/testsuite/ecc-dup-test.c b/testsuite/ecc-dup-test.c index b92352c1..f987b165 100644 --- a/testsuite/ecc-dup-test.c +++ b/testsuite/ecc-dup-test.c @@ -21,13 +21,13 @@ test_main (void) ecc_a_to_j (ecc, g, ecc->g); - ecc_dup_eh (ecc, p, z, scratch); + ecc->dup (ecc, p, z, scratch); test_ecc_mul_h (i, 0, p); - ecc_dup_eh (ecc, p, g, scratch); + ecc->dup (ecc, p, g, scratch); test_ecc_mul_h (i, 2, p); - ecc_dup_eh (ecc, p, p, scratch); + ecc->dup (ecc, p, p, scratch); test_ecc_mul_h (i, 4, p); free (z); } @@ -35,10 +35,10 @@ test_main (void) { ecc_a_to_j (ecc, g, ecc->g); - ecc_dup_jj (ecc, p, g, scratch); + ecc->dup (ecc, p, g, scratch); test_ecc_mul_h (i, 2, p); - ecc_dup_jj (ecc, p, p, scratch); + ecc->dup (ecc, p, p, scratch); test_ecc_mul_h (i, 4, p); } free (p); |