summaryrefslogtreecommitdiffstats
path: root/crypto/ec/curve448/scalar.c
diff options
context:
space:
mode:
authorMatt Caswell <matt@openssl.org>2017-11-16 16:58:20 +0000
committerMatt Caswell <matt@openssl.org>2018-02-20 12:59:29 +0000
commit88ba7e71e0aff19b3a8a5e37758dcf88e8bae848 (patch)
tree2c9bc58e4627c37dd37775f6131428c8629913cf /crypto/ec/curve448/scalar.c
parente77725774638ae974a70fd8b1bc0566ccfa03ac0 (diff)
Remove some vestiges of the old decaf template approach
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de> (Merged from https://github.com/openssl/openssl/pull/5105)
Diffstat (limited to 'crypto/ec/curve448/scalar.c')
-rw-r--r--crypto/ec/curve448/scalar.c98
1 files changed, 46 insertions, 52 deletions
diff --git a/crypto/ec/curve448/scalar.c b/crypto/ec/curve448/scalar.c
index cd8a5086f8..7509a5fb76 100644
--- a/crypto/ec/curve448/scalar.c
+++ b/crypto/ec/curve448/scalar.c
@@ -17,14 +17,8 @@
#include "constant_time.h"
#include "point_448.h"
-/* Template stuff */
-#define SCALAR_BITS DECAF_448_SCALAR_BITS
-#define SCALAR_SER_BYTES DECAF_448_SCALAR_BYTES
-#define SCALAR_LIMBS DECAF_448_SCALAR_LIMBS
-#define scalar_t curve448_scalar_t
-
static const decaf_word_t MONTGOMERY_FACTOR = (decaf_word_t)0x3bd440fae918bc5ull;
-static const scalar_t sc_p = {{{
+static const curve448_scalar_t sc_p = {{{
SC_LIMB(0x2378c292ab5844f3), SC_LIMB(0x216cc2728dc58f55), SC_LIMB(0xc44edb49aed63690), SC_LIMB(0xffffffff7cca23e9), SC_LIMB(0xffffffffffffffff), SC_LIMB(0xffffffffffffffff), SC_LIMB(0x3fffffffffffffff)
}}}, sc_r2 = {{{
SC_LIMB(0xe3539257049b9b60), SC_LIMB(0x7af32c4bc1b195d9), SC_LIMB(0x0d66de2388ea1859), SC_LIMB(0xae17cf725ee4d838), SC_LIMB(0x1a9cc14ba3c47c44), SC_LIMB(0x2052bcb7e4d070af), SC_LIMB(0x3402a939f823b729)
@@ -33,21 +27,21 @@ static const scalar_t sc_p = {{{
#define WBITS DECAF_WORD_BITS /* NB this may be different from ARCH_WORD_BITS */
-const scalar_t curve448_scalar_one = {{{1}}}, curve448_scalar_zero = {{{0}}};
+const curve448_scalar_t curve448_scalar_one = {{{1}}}, curve448_scalar_zero = {{{0}}};
/** {extra,accum} - sub +? p
* Must have extra <= 1
*/
static DECAF_NOINLINE void sc_subx(
- scalar_t out,
- const decaf_word_t accum[SCALAR_LIMBS],
- const scalar_t sub,
- const scalar_t p,
+ curve448_scalar_t out,
+ const decaf_word_t accum[DECAF_448_SCALAR_LIMBS],
+ const curve448_scalar_t sub,
+ const curve448_scalar_t p,
decaf_word_t extra
) {
decaf_dsword_t chain = 0;
unsigned int i;
- for (i=0; i<SCALAR_LIMBS; i++) {
+ for (i=0; i<DECAF_448_SCALAR_LIMBS; i++) {
chain = (chain + accum[i]) - sub->limb[i];
out->limb[i] = chain;
chain >>= WBITS;
@@ -55,7 +49,7 @@ static DECAF_NOINLINE void sc_subx(
decaf_word_t borrow = chain+extra; /* = 0 or -1 */
chain = 0;
- for (i=0; i<SCALAR_LIMBS; i++) {
+ for (i=0; i<DECAF_448_SCALAR_LIMBS; i++) {
chain = (chain + out->limb[i]) + (p->limb[i] & borrow);
out->limb[i] = chain;
chain >>= WBITS;
@@ -63,20 +57,20 @@ static DECAF_NOINLINE void sc_subx(
}
static DECAF_NOINLINE void sc_montmul (
- scalar_t out,
- const scalar_t a,
- const scalar_t b
+ curve448_scalar_t out,
+ const curve448_scalar_t a,
+ const curve448_scalar_t b
) {
unsigned int i,j;
- decaf_word_t accum[SCALAR_LIMBS+1] = {0};
+ decaf_word_t accum[DECAF_448_SCALAR_LIMBS+1] = {0};
decaf_word_t hi_carry = 0;
- for (i=0; i<SCALAR_LIMBS; i++) {
+ for (i=0; i<DECAF_448_SCALAR_LIMBS; i++) {
decaf_word_t mand = a->limb[i];
const decaf_word_t *mier = b->limb;
decaf_dword_t chain = 0;
- for (j=0; j<SCALAR_LIMBS; j++) {
+ for (j=0; j<DECAF_448_SCALAR_LIMBS; j++) {
chain += ((decaf_dword_t)mand)*mier[j] + accum[j];
accum[j] = chain;
chain >>= WBITS;
@@ -86,7 +80,7 @@ static DECAF_NOINLINE void sc_montmul (
mand = accum[0] * MONTGOMERY_FACTOR;
chain = 0;
mier = sc_p->limb;
- for (j=0; j<SCALAR_LIMBS; j++) {
+ for (j=0; j<DECAF_448_SCALAR_LIMBS; j++) {
chain += (decaf_dword_t)mand*mier[j] + accum[j];
if (j) accum[j-1] = chain;
chain >>= WBITS;
@@ -101,30 +95,30 @@ static DECAF_NOINLINE void sc_montmul (
}
void curve448_scalar_mul (
- scalar_t out,
- const scalar_t a,
- const scalar_t b
+ curve448_scalar_t out,
+ const curve448_scalar_t a,
+ const curve448_scalar_t b
) {
sc_montmul(out,a,b);
sc_montmul(out,out,sc_r2);
}
void curve448_scalar_sub (
- scalar_t out,
- const scalar_t a,
- const scalar_t b
+ curve448_scalar_t out,
+ const curve448_scalar_t a,
+ const curve448_scalar_t b
) {
sc_subx(out, a->limb, b, sc_p, 0);
}
void curve448_scalar_add (
- scalar_t out,
- const scalar_t a,
- const scalar_t b
+ curve448_scalar_t out,
+ const curve448_scalar_t a,
+ const curve448_scalar_t b
) {
decaf_dword_t chain = 0;
unsigned int i;
- for (i=0; i<SCALAR_LIMBS; i++) {
+ for (i=0; i<DECAF_448_SCALAR_LIMBS; i++) {
chain = (chain + a->limb[i]) + b->limb[i];
out->limb[i] = chain;
chain >>= WBITS;
@@ -133,12 +127,12 @@ void curve448_scalar_add (
}
static DECAF_INLINE void scalar_decode_short (
- scalar_t s,
+ curve448_scalar_t s,
const unsigned char *ser,
unsigned int nbytes
) {
unsigned int i,j,k=0;
- for (i=0; i<SCALAR_LIMBS; i++) {
+ for (i=0; i<DECAF_448_SCALAR_LIMBS; i++) {
decaf_word_t out = 0;
for (j=0; j<sizeof(decaf_word_t) && k<nbytes; j++,k++) {
out |= ((decaf_word_t)ser[k])<<(8*j);
@@ -148,13 +142,13 @@ static DECAF_INLINE void scalar_decode_short (
}
decaf_error_t curve448_scalar_decode(
- scalar_t s,
- const unsigned char ser[SCALAR_SER_BYTES]
+ curve448_scalar_t s,
+ const unsigned char ser[DECAF_448_SCALAR_BYTES]
) {
unsigned int i;
- scalar_decode_short(s, ser, SCALAR_SER_BYTES);
+ scalar_decode_short(s, ser, DECAF_448_SCALAR_BYTES);
decaf_dsword_t accum = 0;
- for (i=0; i<SCALAR_LIMBS; i++) {
+ for (i=0; i<DECAF_448_SCALAR_LIMBS; i++) {
accum = (accum + s->limb[i] - sc_p->limb[i]) >> WBITS;
}
/* Here accum == 0 or -1 */
@@ -165,13 +159,13 @@ decaf_error_t curve448_scalar_decode(
}
void curve448_scalar_destroy (
- scalar_t scalar
+ curve448_scalar_t scalar
) {
- OPENSSL_cleanse(scalar, sizeof(scalar_t));
+ OPENSSL_cleanse(scalar, sizeof(curve448_scalar_t));
}
void curve448_scalar_decode_long(
- scalar_t s,
+ curve448_scalar_t s,
const unsigned char *ser,
size_t ser_len
) {
@@ -181,14 +175,14 @@ void curve448_scalar_decode_long(
}
size_t i;
- scalar_t t1, t2;
+ curve448_scalar_t t1, t2;
- i = ser_len - (ser_len%SCALAR_SER_BYTES);
- if (i==ser_len) i -= SCALAR_SER_BYTES;
+ i = ser_len - (ser_len%DECAF_448_SCALAR_BYTES);
+ if (i==ser_len) i -= DECAF_448_SCALAR_BYTES;
scalar_decode_short(t1, &ser[i], ser_len-i);
- if (ser_len == sizeof(scalar_t)) {
+ if (ser_len == sizeof(curve448_scalar_t)) {
assert(i==0);
/* ham-handed reduce */
curve448_scalar_mul(s,t1,curve448_scalar_one);
@@ -197,7 +191,7 @@ void curve448_scalar_decode_long(
}
while (i) {
- i -= SCALAR_SER_BYTES;
+ i -= DECAF_448_SCALAR_BYTES;
sc_montmul(t1,t1,sc_r2);
ignore_result( curve448_scalar_decode(t2, ser+i) );
curve448_scalar_add(t1, t1, t2);
@@ -209,11 +203,11 @@ void curve448_scalar_decode_long(
}
void curve448_scalar_encode(
- unsigned char ser[SCALAR_SER_BYTES],
- const scalar_t s
+ unsigned char ser[DECAF_448_SCALAR_BYTES],
+ const curve448_scalar_t s
) {
unsigned int i,j,k=0;
- for (i=0; i<SCALAR_LIMBS; i++) {
+ for (i=0; i<DECAF_448_SCALAR_LIMBS; i++) {
for (j=0; j<sizeof(decaf_word_t); j++,k++) {
ser[k] = s->limb[i] >> (8*j);
}
@@ -221,18 +215,18 @@ void curve448_scalar_encode(
}
void curve448_scalar_halve (
- scalar_t out,
- const scalar_t a
+ curve448_scalar_t out,
+ const curve448_scalar_t a
) {
decaf_word_t mask = -(a->limb[0] & 1);
decaf_dword_t chain = 0;
unsigned int i;
- for (i=0; i<SCALAR_LIMBS; i++) {
+ for (i=0; i<DECAF_448_SCALAR_LIMBS; i++) {
chain = (chain + a->limb[i]) + (sc_p->limb[i] & mask);
out->limb[i] = chain;
chain >>= DECAF_WORD_BITS;
}
- for (i=0; i<SCALAR_LIMBS-1; i++) {
+ for (i=0; i<DECAF_448_SCALAR_LIMBS-1; i++) {
out->limb[i] = out->limb[i]>>1 | out->limb[i+1]<<(WBITS-1);
}
out->limb[i] = out->limb[i]>>1 | chain<<(WBITS-1);
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-16 08:13:00 +0000