aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDenys Vlasenko <vda.linux@googlemail.com>2021-10-05 13:30:48 +0200
committerDenys Vlasenko <vda.linux@googlemail.com>2021-10-05 13:32:04 +0200
commite730505034e9964176111c9e28b06c68cec1f4c0 (patch)
tree86fc6b204fec5313aaf659cfed94bd1ef3db3956
parent934bb01d518f28fcefed81345ed6ec89510925be (diff)
downloadbusybox-w32-e730505034e9964176111c9e28b06c68cec1f4c0.tar.gz
busybox-w32-e730505034e9964176111c9e28b06c68cec1f4c0.tar.bz2
busybox-w32-e730505034e9964176111c9e28b06c68cec1f4c0.zip
tls: P256 code shrink
function old new delta sp_256_to_bin_10 - 120 +120 sp_256_from_bin_10 - 119 +119 sp_256_proj_point_dbl_10 446 443 -3 curve_P256_compute_pubkey_and_premaster 191 186 -5 sp_256_point_from_bin2x32 62 50 -12 sp_256_to_bin 120 - -120 static.sp_256_from_bin 149 - -149 ------------------------------------------------------------------------------ (add/remove: 2/2 grow/shrink: 0/3 up/down: 239/-289) Total: -50 bytes Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
Diffstat
-rw-r--r--networking/tls_sp_c32.c94
1 files changed, 42 insertions, 52 deletions
diff --git a/networking/tls_sp_c32.c b/networking/tls_sp_c32.c
index 353dacdc4..9c92d0a14 100644
--- a/networking/tls_sp_c32.c
+++ b/networking/tls_sp_c32.c
@@ -80,13 +80,13 @@ static void sp_256_norm_10(sp_digit* a)
80 } 80 }
81} 81}
82 82
83/* Write r as big endian to byte aray. 83/* Write r as big endian to byte array.
84 * Fixed length number of bytes written: 32 84 * Fixed length number of bytes written: 32
85 * 85 *
86 * r A single precision integer. 86 * r A single precision integer.
87 * a Byte array. 87 * a Byte array.
88 */ 88 */
89static void sp_256_to_bin(sp_digit* r, uint8_t* a) 89static void sp_256_to_bin_10(sp_digit* r, uint8_t* a)
90{ 90{
91 int i, j, s = 0, b; 91 int i, j, s = 0, b;
92 92
@@ -112,33 +112,28 @@ static void sp_256_to_bin(sp_digit* r, uint8_t* a)
112 } 112 }
113} 113}
114 114
115/* Read big endian unsigned byte aray into r. 115/* Read big endian unsigned byte array into r.
116 * 116 *
117 * r A single precision integer. 117 * r A single precision integer.
118 * a Byte array. 118 * a Byte array.
119 * n Number of bytes in array to read. 119 * n Number of bytes in array to read.
120 */ 120 */
121static void sp_256_from_bin(sp_digit* r, int max, const uint8_t* a, int n) 121static void sp_256_from_bin_10(sp_digit* r, const uint8_t* a)
122{ 122{
123 int i, j = 0, s = 0; 123 int i, j = 0, s = 0;
124 124
125 r[0] = 0; 125 r[0] = 0;
126 for (i = n-1; i >= 0; i--) { 126 for (i = 32 - 1; i >= 0; i--) {
127 r[j] |= ((sp_digit)a[i]) << s; 127 r[j] |= ((sp_digit)a[i]) << s;
128 if (s >= 18) { 128 if (s >= 18) {
129 r[j] &= 0x3ffffff; 129 r[j] &= 0x3ffffff;
130 s = 26 - s; 130 s = 26 - s;
131 if (j + 1 >= max)
132 break;
133 r[++j] = a[i] >> s; 131 r[++j] = a[i] >> s;
134 s = 8 - s; 132 s = 8 - s;
135 } 133 }
136 else 134 else
137 s += 8; 135 s += 8;
138 } 136 }
139
140 for (j++; j < max; j++)
141 r[j] = 0;
142} 137}
143 138
144/* Convert a point of big-endian 32-byte x,y pair to type sp_point. */ 139/* Convert a point of big-endian 32-byte x,y pair to type sp_point. */
@@ -146,11 +141,9 @@ static void sp_256_point_from_bin2x32(sp_point* p, const uint8_t *bin2x32)
146{ 141{
147 memset(p, 0, sizeof(*p)); 142 memset(p, 0, sizeof(*p));
148 /*p->infinity = 0;*/ 143 /*p->infinity = 0;*/
149 sp_256_from_bin(p->x, 2 * 10, bin2x32, 32); 144 sp_256_from_bin_10(p->x, bin2x32);
150 sp_256_from_bin(p->y, 2 * 10, bin2x32 + 32, 32); 145 sp_256_from_bin_10(p->y, bin2x32 + 32);
151 //static const uint8_t one[1] = { 1 }; 146 p->z[0] = 1; /* p->z = 1 */
152 //sp_256_from_bin(p->z, 2 * 10, one, 1);
153 p->z[0] = 1;
154} 147}
155 148
156/* Compare a with b. 149/* Compare a with b.
@@ -195,30 +188,6 @@ static void sp_256_sub_10(sp_digit* r, const sp_digit* a, const sp_digit* b)
195 r[i] = a[i] - b[i]; 188 r[i] = a[i] - b[i];
196} 189}
197 190
198/* Shift number left one bit. Bottom bit is lost. */
199static void sp_256_rshift1_10(sp_digit* r, sp_digit* a)
200{
201 int i;
202 for (i = 0; i < 9; i++)
203 r[i] = ((a[i] >> 1) | (a[i + 1] << 25)) & 0x3ffffff;
204 r[9] = a[9] >> 1;
205}
206
207/* Mul a by scalar b and add into r. (r += a * b) */
208static void sp_256_mul_add_10(sp_digit* r, const sp_digit* a, sp_digit b)
209{
210 int64_t tb = b;
211 int64_t t = 0;
212 int i;
213
214 for (i = 0; i < 10; i++) {
215 t += (tb * a[i]) + r[i];
216 r[i] = t & 0x3ffffff;
217 t >>= 26;
218 }
219 r[10] += t;
220}
221
222/* Multiply a and b into r. (r = a * b) */ 191/* Multiply a and b into r. (r = a * b) */
223static void sp_256_mul_10(sp_digit* r, const sp_digit* a, const sp_digit* b) 192static void sp_256_mul_10(sp_digit* r, const sp_digit* a, const sp_digit* b)
224{ 193{
@@ -271,6 +240,15 @@ static void sp_256_sqr_10(sp_digit* r, const sp_digit* a)
271 r[0] = (sp_digit)(c >> 26); 240 r[0] = (sp_digit)(c >> 26);
272} 241}
273 242
243/* Shift number left one bit. Bottom bit is lost. */
244static void sp_256_rshift1_10(sp_digit* r, sp_digit* a)
245{
246 int i;
247 for (i = 0; i < 9; i++)
248 r[i] = ((a[i] >> 1) | (a[i + 1] << 25)) & 0x3ffffff;
249 r[9] = a[9] >> 1;
250}
251
274/* Divide the number by 2 mod the modulus (prime). (r = a / 2 % m) */ 252/* Divide the number by 2 mod the modulus (prime). (r = a / 2 % m) */
275static void sp_256_div2_10(sp_digit* r, const sp_digit* a, const sp_digit* m) 253static void sp_256_div2_10(sp_digit* r, const sp_digit* a, const sp_digit* m)
276{ 254{
@@ -345,6 +323,20 @@ static void sp_256_mont_shift_10(sp_digit* r, const sp_digit* a)
345 memset(&r[10], 0, sizeof(*r) * 10); 323 memset(&r[10], 0, sizeof(*r) * 10);
346} 324}
347 325
326/* Mul a by scalar b and add into r. (r += a * b) */
327static void sp_256_mul_add_10(sp_digit* r, const sp_digit* a, sp_digit b)
328{
329 int64_t t = 0;
330 int i;
331
332 for (i = 0; i < 10; i++) {
333 t += ((int64_t)b * a[i]) + r[i];
334 r[i] = t & 0x3ffffff;
335 t >>= 26;
336 }
337 r[10] += t;
338}
339
348/* Reduce the number back to 256 bits using Montgomery reduction. 340/* Reduce the number back to 256 bits using Montgomery reduction.
349 * 341 *
350 * a A single precision number to reduce in place. 342 * a A single precision number to reduce in place.
@@ -362,7 +354,7 @@ static void sp_256_mont_reduce_10(sp_digit* a, const sp_digit* m, sp_digit mp)
362 sp_256_mul_add_10(a+i, m, mu); 354 sp_256_mul_add_10(a+i, m, mu);
363 a[i+1] += a[i] >> 26; 355 a[i+1] += a[i] >> 26;
364 } 356 }
365 mu = (a[i] * mp) & 0x3fffffl; 357 mu = (a[i] * mp) & 0x03fffff;
366 sp_256_mul_add_10(a+i, m, mu); 358 sp_256_mul_add_10(a+i, m, mu);
367 a[i+1] += a[i] >> 26; 359 a[i+1] += a[i] >> 26;
368 a[i] &= 0x3ffffff; 360 a[i] &= 0x3ffffff;
@@ -370,11 +362,11 @@ static void sp_256_mont_reduce_10(sp_digit* a, const sp_digit* m, sp_digit mp)
370 else { 362 else {
371 for (i = 0; i < 9; i++) { 363 for (i = 0; i < 9; i++) {
372 mu = a[i] & 0x3ffffff; 364 mu = a[i] & 0x3ffffff;
373 sp_256_mul_add_10(a+i, p256_mod, mu); 365 sp_256_mul_add_10(a+i, m, mu);
374 a[i+1] += a[i] >> 26; 366 a[i+1] += a[i] >> 26;
375 } 367 }
376 mu = a[i] & 0x3fffffl; 368 mu = a[i] & 0x03fffff;
377 sp_256_mul_add_10(a+i, p256_mod, mu); 369 sp_256_mul_add_10(a+i, m, mu);
378 a[i+1] += a[i] >> 26; 370 a[i+1] += a[i] >> 26;
379 a[i] &= 0x3ffffff; 371 a[i] &= 0x3ffffff;
380 } 372 }
@@ -617,7 +609,6 @@ static void sp_256_map_10(sp_point* r, sp_point* p)
617 */ 609 */
618static void sp_256_proj_point_dbl_10(sp_point* r, sp_point* p) 610static void sp_256_proj_point_dbl_10(sp_point* r, sp_point* p)
619{ 611{
620 sp_point tp;
621 sp_digit t1[2*10]; 612 sp_digit t1[2*10];
622 sp_digit t2[2*10]; 613 sp_digit t2[2*10];
623 614
@@ -625,10 +616,9 @@ static void sp_256_proj_point_dbl_10(sp_point* r, sp_point* p)
625 if (r != p) 616 if (r != p)
626 *r = *p; /* struct copy */ 617 *r = *p; /* struct copy */
627 618
628 if (r->infinity) { 619 if (r->infinity) /* If infinity, don't double */
629 /* If infinity, don't double (work on dummy value) */ 620 return;
630 r = &tp; 621
631 }
632 /* T1 = Z * Z */ 622 /* T1 = Z * Z */
633 sp_256_mont_sqr_10(t1, r->z, p256_mod, p256_mp_mod); 623 sp_256_mont_sqr_10(t1, r->z, p256_mod, p256_mp_mod);
634 /* Z = Y * Z */ 624 /* Z = Y * Z */
@@ -848,7 +838,7 @@ static void sp_ecc_secret_gen_256(const sp_digit priv[10], const uint8_t *pub2x3
848 838
849 sp_256_ecc_mulmod_10(point, point, priv); 839 sp_256_ecc_mulmod_10(point, point, priv);
850 840
851 sp_256_to_bin(point->x, out32); 841 sp_256_to_bin_10(point->x, out32);
852 dump_hex("out32: %s\n", out32, 32); 842 dump_hex("out32: %s\n", out32, 32);
853} 843}
854 844
@@ -876,7 +866,7 @@ static void sp_256_ecc_gen_k_10(sp_digit k[10])
876#if FIXED_SECRET 866#if FIXED_SECRET
877 memset(buf, 0x77, sizeof(buf)); 867 memset(buf, 0x77, sizeof(buf));
878#endif 868#endif
879 sp_256_from_bin(k, 10, buf, sizeof(buf)); 869 sp_256_from_bin_10(k, buf);
880#if !SIMPLIFY 870#if !SIMPLIFY
881 if (sp_256_cmp_10(k, p256_order2) < 0) 871 if (sp_256_cmp_10(k, p256_order2) < 0)
882 break; 872 break;
@@ -901,8 +891,8 @@ static void sp_ecc_make_key_256(sp_digit privkey[10], uint8_t *pubkey)
901 891
902 sp_256_ecc_gen_k_10(privkey); 892 sp_256_ecc_gen_k_10(privkey);
903 sp_256_ecc_mulmod_base_10(point, privkey); 893 sp_256_ecc_mulmod_base_10(point, privkey);
904 sp_256_to_bin(point->x, pubkey); 894 sp_256_to_bin_10(point->x, pubkey);
905 sp_256_to_bin(point->y, pubkey + 32); 895 sp_256_to_bin_10(point->y, pubkey + 32);
906 896
907 memset(point, 0, sizeof(point)); //paranoia 897 memset(point, 0, sizeof(point)); //paranoia
908} 898}
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-08-07 04:18:48 +0000