From 88ba7e71e0aff19b3a8a5e37758dcf88e8bae848 Mon Sep 17 00:00:00 2001 From: Matt Caswell Date: Thu, 16 Nov 2017 16:58:20 +0000 Subject: Remove some vestiges of the old decaf template approach Reviewed-by: Bernd Edlinger (Merged from https://github.com/openssl/openssl/pull/5105) --- crypto/ec/curve448/scalar.c | 98 +++++++++++++++++++++------------------------ 1 file changed, 46 insertions(+), 52 deletions(-) (limited to 'crypto/ec/curve448/scalar.c') diff --git a/crypto/ec/curve448/scalar.c b/crypto/ec/curve448/scalar.c index cd8a5086f8..7509a5fb76 100644 --- a/crypto/ec/curve448/scalar.c +++ b/crypto/ec/curve448/scalar.c @@ -17,14 +17,8 @@ #include "constant_time.h" #include "point_448.h" -/* Template stuff */ -#define SCALAR_BITS DECAF_448_SCALAR_BITS -#define SCALAR_SER_BYTES DECAF_448_SCALAR_BYTES -#define SCALAR_LIMBS DECAF_448_SCALAR_LIMBS -#define scalar_t curve448_scalar_t - static const decaf_word_t MONTGOMERY_FACTOR = (decaf_word_t)0x3bd440fae918bc5ull; -static const scalar_t sc_p = {{{ +static const curve448_scalar_t sc_p = {{{ SC_LIMB(0x2378c292ab5844f3), SC_LIMB(0x216cc2728dc58f55), SC_LIMB(0xc44edb49aed63690), SC_LIMB(0xffffffff7cca23e9), SC_LIMB(0xffffffffffffffff), SC_LIMB(0xffffffffffffffff), SC_LIMB(0x3fffffffffffffff) }}}, sc_r2 = {{{ SC_LIMB(0xe3539257049b9b60), SC_LIMB(0x7af32c4bc1b195d9), SC_LIMB(0x0d66de2388ea1859), SC_LIMB(0xae17cf725ee4d838), SC_LIMB(0x1a9cc14ba3c47c44), SC_LIMB(0x2052bcb7e4d070af), SC_LIMB(0x3402a939f823b729) @@ -33,21 +27,21 @@ static const scalar_t sc_p = {{{ #define WBITS DECAF_WORD_BITS /* NB this may be different from ARCH_WORD_BITS */ -const scalar_t curve448_scalar_one = {{{1}}}, curve448_scalar_zero = {{{0}}}; +const curve448_scalar_t curve448_scalar_one = {{{1}}}, curve448_scalar_zero = {{{0}}}; /** {extra,accum} - sub +? p * Must have extra <= 1 */ static DECAF_NOINLINE void sc_subx( - scalar_t out, - const decaf_word_t accum[SCALAR_LIMBS], - const scalar_t sub, - const scalar_t p, + curve448_scalar_t out, + const decaf_word_t accum[DECAF_448_SCALAR_LIMBS], + const curve448_scalar_t sub, + const curve448_scalar_t p, decaf_word_t extra ) { decaf_dsword_t chain = 0; unsigned int i; - for (i=0; ilimb[i]; out->limb[i] = chain; chain >>= WBITS; @@ -55,7 +49,7 @@ static DECAF_NOINLINE void sc_subx( decaf_word_t borrow = chain+extra; /* = 0 or -1 */ chain = 0; - for (i=0; ilimb[i]) + (p->limb[i] & borrow); out->limb[i] = chain; chain >>= WBITS; @@ -63,20 +57,20 @@ static DECAF_NOINLINE void sc_subx( } static DECAF_NOINLINE void sc_montmul ( - scalar_t out, - const scalar_t a, - const scalar_t b + curve448_scalar_t out, + const curve448_scalar_t a, + const curve448_scalar_t b ) { unsigned int i,j; - decaf_word_t accum[SCALAR_LIMBS+1] = {0}; + decaf_word_t accum[DECAF_448_SCALAR_LIMBS+1] = {0}; decaf_word_t hi_carry = 0; - for (i=0; ilimb[i]; const decaf_word_t *mier = b->limb; decaf_dword_t chain = 0; - for (j=0; j>= WBITS; @@ -86,7 +80,7 @@ static DECAF_NOINLINE void sc_montmul ( mand = accum[0] * MONTGOMERY_FACTOR; chain = 0; mier = sc_p->limb; - for (j=0; j>= WBITS; @@ -101,30 +95,30 @@ static DECAF_NOINLINE void sc_montmul ( } void curve448_scalar_mul ( - scalar_t out, - const scalar_t a, - const scalar_t b + curve448_scalar_t out, + const curve448_scalar_t a, + const curve448_scalar_t b ) { sc_montmul(out,a,b); sc_montmul(out,out,sc_r2); } void curve448_scalar_sub ( - scalar_t out, - const scalar_t a, - const scalar_t b + curve448_scalar_t out, + const curve448_scalar_t a, + const curve448_scalar_t b ) { sc_subx(out, a->limb, b, sc_p, 0); } void curve448_scalar_add ( - scalar_t out, - const scalar_t a, - const scalar_t b + curve448_scalar_t out, + const curve448_scalar_t a, + const curve448_scalar_t b ) { decaf_dword_t chain = 0; unsigned int i; - for (i=0; ilimb[i]) + b->limb[i]; out->limb[i] = chain; chain >>= WBITS; @@ -133,12 +127,12 @@ void curve448_scalar_add ( } static DECAF_INLINE void scalar_decode_short ( - scalar_t s, + curve448_scalar_t s, const unsigned char *ser, unsigned int nbytes ) { unsigned int i,j,k=0; - for (i=0; ilimb[i] - sc_p->limb[i]) >> WBITS; } /* Here accum == 0 or -1 */ @@ -165,13 +159,13 @@ decaf_error_t curve448_scalar_decode( } void curve448_scalar_destroy ( - scalar_t scalar + curve448_scalar_t scalar ) { - OPENSSL_cleanse(scalar, sizeof(scalar_t)); + OPENSSL_cleanse(scalar, sizeof(curve448_scalar_t)); } void curve448_scalar_decode_long( - scalar_t s, + curve448_scalar_t s, const unsigned char *ser, size_t ser_len ) { @@ -181,14 +175,14 @@ void curve448_scalar_decode_long( } size_t i; - scalar_t t1, t2; + curve448_scalar_t t1, t2; - i = ser_len - (ser_len%SCALAR_SER_BYTES); - if (i==ser_len) i -= SCALAR_SER_BYTES; + i = ser_len - (ser_len%DECAF_448_SCALAR_BYTES); + if (i==ser_len) i -= DECAF_448_SCALAR_BYTES; scalar_decode_short(t1, &ser[i], ser_len-i); - if (ser_len == sizeof(scalar_t)) { + if (ser_len == sizeof(curve448_scalar_t)) { assert(i==0); /* ham-handed reduce */ curve448_scalar_mul(s,t1,curve448_scalar_one); @@ -197,7 +191,7 @@ void curve448_scalar_decode_long( } while (i) { - i -= SCALAR_SER_BYTES; + i -= DECAF_448_SCALAR_BYTES; sc_montmul(t1,t1,sc_r2); ignore_result( curve448_scalar_decode(t2, ser+i) ); curve448_scalar_add(t1, t1, t2); @@ -209,11 +203,11 @@ void curve448_scalar_decode_long( } void curve448_scalar_encode( - unsigned char ser[SCALAR_SER_BYTES], - const scalar_t s + unsigned char ser[DECAF_448_SCALAR_BYTES], + const curve448_scalar_t s ) { unsigned int i,j,k=0; - for (i=0; ilimb[i] >> (8*j); } @@ -221,18 +215,18 @@ void curve448_scalar_encode( } void curve448_scalar_halve ( - scalar_t out, - const scalar_t a + curve448_scalar_t out, + const curve448_scalar_t a ) { decaf_word_t mask = -(a->limb[0] & 1); decaf_dword_t chain = 0; unsigned int i; - for (i=0; ilimb[i]) + (sc_p->limb[i] & mask); out->limb[i] = chain; chain >>= DECAF_WORD_BITS; } - for (i=0; ilimb[i] = out->limb[i]>>1 | out->limb[i+1]<<(WBITS-1); } out->limb[i] = out->limb[i]>>1 | chain<<(WBITS-1); -- cgit v1.2.3