tls: simplify sp_256_ecc_gen_k_10, cosmetic changes

Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
author: Denys Vlasenko <vda.linux@googlemail.com> 2021-04-26 14:33:38 +0200
committer: Denys Vlasenko <vda.linux@googlemail.com> 2021-04-26 14:33:38 +0200
commit: 074b33bf16b8dc047a94d615c24f40d2ba9ead46 (patch)
tree: 02cefa26509caeda392b8b33df646ad439d1436a
parent: 6b69ab68b47d0933f8b4a1d7ed8460274a736a5f (diff)
download: busybox-w32-074b33bf16b8dc047a94d615c24f40d2ba9ead46.tar.gz
busybox-w32-074b33bf16b8dc047a94d615c24f40d2ba9ead46.tar.bz2
busybox-w32-074b33bf16b8dc047a94d615c24f40d2ba9ead46.zip
2 files changed, 52 insertions, 138 deletions
diff --git a/networking/tls.h b/networking/tls.h
index 154e9b2fb..215e92b02 100644
--- a/networking/tls.h
+++ b/networking/tls.h
@@ -111,9 +111,9 @@ void xorbuf_aligned_AES_BLOCK_SIZE(void* buf, const void* mask) FAST_FUNC;
 #define CURVE25519_KEYSIZE 32
 void curve_x25519_compute_pubkey_and_premaster(
-                uint8_t *pubkey, uint8_t *premaster,
+                uint8_t *pubkey32, uint8_t *premaster32,
                const uint8_t *peerkey32) FAST_FUNC;
 void curve_P256_compute_pubkey_and_premaster(
-                uint8_t *pubkey, uint8_t *premaster,
+                uint8_t *pubkey2x32, uint8_t *premaster32,
-                const uint8_t *peerkey32) FAST_FUNC;
+                const uint8_t *peerkey2x32) FAST_FUNC;
diff --git a/networking/tls_sp_c32.c b/networking/tls_sp_c32.c
index e7667de73..b4e14deac 100644
--- a/networking/tls_sp_c32.c
+++ b/networking/tls_sp_c32.c
@@ -57,7 +57,6 @@ typedef int32_t sp_digit;
 /* Implementation by Sean Parkinson. */
-/* Point structure to use. */
 typedef struct sp_point {
        sp_digit x[2 * 10];
        sp_digit y[2 * 10];
@@ -165,8 +164,6 @@ static void sp_256_point_from_bin2x32(sp_point* p, const uint8_t *bin2x32)
 /* Compare a with b in constant time.
 *
- * a  A single precision integer.
- * b  A single precision integer.
 * return -ve, 0 or +ve if a is less than, equal to or greater than b
 * respectively.
 */
@@ -181,8 +178,6 @@ static sp_digit sp_256_cmp_10(const sp_digit* a, const sp_digit* b)
 /* Compare two numbers to determine if they are equal.
 *
- * a  First number to compare.
- * b  Second number to compare.
 * return 1 when equal and 0 otherwise.
 */
 static int sp_256_cmp_equal_10(const sp_digit* a, const sp_digit* b)
@@ -198,10 +193,7 @@ static int sp_256_cmp_equal_10(const sp_digit* a, const sp_digit* b)
 #endif
 }
-/* Normalize the values in each word to 26.
+/* Normalize the values in each word to 26 bits. */
- *
- * a  Array of sp_digit to normalize.
- */
 static void sp_256_norm_10(sp_digit* a)
 {
    int i;
@@ -211,12 +203,7 @@ static void sp_256_norm_10(sp_digit* a)
    }
 }
-/* Add b to a into r. (r = a + b)
+/* Add b to a into r. (r = a + b) */
- *
- * r  A single precision integer.
- * a  A single precision integer.
- * b  A single precision integer.
- */
 static void sp_256_add_10(sp_digit* r, const sp_digit* a, const sp_digit* b)
 {
    int i;
@@ -226,11 +213,6 @@ static void sp_256_add_10(sp_digit* r, const sp_digit* a, const sp_digit* b)
 /* Conditionally add a and b using the mask m.
 * m is -1 to add and 0 when not.
- *
- * r  A single precision number representing conditional add result.
- * a  A single precision number to add with.
- * b  A single precision number to add.
- * m  Mask value to apply.
 */
 static void sp_256_cond_add_10(sp_digit* r, const sp_digit* a,
        const sp_digit* b, const sp_digit m)
@@ -242,11 +224,6 @@ static void sp_256_cond_add_10(sp_digit* r, const sp_digit* a,
 /* Conditionally subtract b from a using the mask m.
 * m is -1 to subtract and 0 when not.
- *
- * r  A single precision number representing condition subtract result.
- * a  A single precision number to subtract from.
- * b  A single precision number to subtract.
- * m  Mask value to apply.
 */
 static void sp_256_cond_sub_10(sp_digit* r, const sp_digit* a,
        const sp_digit* b, const sp_digit m)
@@ -256,23 +233,7 @@ static void sp_256_cond_sub_10(sp_digit* r, const sp_digit* a,
        r[i] = a[i] - (b[i] & m);
 }
-/* Add 1 to a. (a = a + 1)
+/* Shift number left one bit. Bottom bit is lost. */
- *
- * r  A single precision integer.
- * a  A single precision integer.
- */
-static void sp_256_add_one_10(sp_digit* a)
-{
-    a[0]++;
-    sp_256_norm_10(a);
-}
-/* Shift number left one bit.
- * Bottom bit is lost.
- *
- * r  Result of shift.
- * a  Number to shift.
- */
 static void sp_256_rshift1_10(sp_digit* r, sp_digit* a)
 {
    int i;
@@ -381,14 +342,8 @@ static void sp_256_mod_mul_norm_10(sp_digit* r, const sp_digit* a)
    r[9] = (sp_digit)(t[7] >> 10);
 }
-/* Mul a by scalar b and add into r. (r += a * b)
+/* Mul a by scalar b and add into r. (r += a * b) */
- *
+static void sp_256_mul_add_10(sp_digit* r, const sp_digit* a, sp_digit b)
- * r  A single precision integer.
- * a  A single precision integer.
- * b  A scalar.
- */
-static void sp_256_mul_add_10(sp_digit* r, const sp_digit* a,
-        const sp_digit b)
 {
    int64_t tb = b;
    int64_t t = 0;
@@ -402,12 +357,7 @@ static void sp_256_mul_add_10(sp_digit* r, const sp_digit* a,
    r[10] += t;
 }
-/* Divide the number by 2 mod the modulus (prime). (r = a / 2 % m)
+/* Divide the number by 2 mod the modulus (prime). (r = a / 2 % m) */
- *
- * r  Result of division by 2.
- * a  Number to divide.
- * m  Modulus (prime).
- */
 static void sp_256_div2_10(sp_digit* r, const sp_digit* a, const sp_digit* m)
 {
    sp_256_cond_add_10(r, a, m, 0 - (a[0] & 1));
@@ -415,11 +365,7 @@ static void sp_256_div2_10(sp_digit* r, const sp_digit* a, const sp_digit* m)
    sp_256_rshift1_10(r, r);
 }
-/* Shift the result in the high 256 bits down to the bottom.
+/* Shift the result in the high 256 bits down to the bottom. */
- *
- * r  A single precision number.
- * a  A single precision number.
- */
 static void sp_256_mont_shift_10(sp_digit* r, const sp_digit* a)
 {
    int i;
@@ -438,13 +384,7 @@ static void sp_256_mont_shift_10(sp_digit* r, const sp_digit* a)
    memset(&r[10], 0, sizeof(*r) * 10);
 }
-/* Add two Montgomery form numbers (r = a + b % m).
+/* Add two Montgomery form numbers (r = a + b % m) */
- *
- * r   Result of addition.
- * a   First number to add in Montogmery form.
- * b   Second number to add in Montogmery form.
- * m   Modulus (prime).
- */
 static void sp_256_mont_add_10(sp_digit* r, const sp_digit* a, const sp_digit* b,
        const sp_digit* m)
 {
@@ -454,12 +394,7 @@ static void sp_256_mont_add_10(sp_digit* r, const sp_digit* a, const sp_digit* b
    sp_256_norm_10(r);
 }
-/* Double a Montgomery form number (r = a + a % m).
+/* Double a Montgomery form number (r = a + a % m) */
- *
- * r   Result of doubling.
- * a   Number to double in Montogmery form.
- * m   Modulus (prime).
- */
 static void sp_256_mont_dbl_10(sp_digit* r, const sp_digit* a, const sp_digit* m)
 {
    sp_256_add_10(r, a, a);
@@ -468,12 +403,7 @@ static void sp_256_mont_dbl_10(sp_digit* r, const sp_digit* a, const sp_digit* m
    sp_256_norm_10(r);
 }
-/* Triple a Montgomery form number (r = a + a + a % m).
+/* Triple a Montgomery form number (r = a + a + a % m) */
- *
- * r   Result of Tripling.
- * a   Number to triple in Montogmery form.
- * m   Modulus (prime).
- */
 static void sp_256_mont_tpl_10(sp_digit* r, const sp_digit* a, const sp_digit* m)
 {
    sp_256_add_10(r, a, a);
@@ -486,27 +416,15 @@ static void sp_256_mont_tpl_10(sp_digit* r, const sp_digit* a, const sp_digit* m
    sp_256_norm_10(r);
 }
-/* Sub b from a into r. (r = a - b)
+/* Sub b from a into r. (r = a - b) */
- *
+static void sp_256_sub_10(sp_digit* r, const sp_digit* a, const sp_digit* b)
- * r  A single precision integer.
- * a  A single precision integer.
- * b  A single precision integer.
- */
-static void sp_256_sub_10(sp_digit* r, const sp_digit* a,
-        const sp_digit* b)
 {
    int i;
    for (i = 0; i < 10; i++)
        r[i] = a[i] - b[i];
 }
-/* Subtract two Montgomery form numbers (r = a - b % m).
+/* Subtract two Montgomery form numbers (r = a - b % m) */
- *
- * r   Result of subtration.
- * a   Number to subtract from in Montogmery form.
- * b   Number to subtract with in Montogmery form.
- * m   Modulus (prime).
- */
 static void sp_256_mont_sub_10(sp_digit* r, const sp_digit* a, const sp_digit* b,
        const sp_digit* m)
 {
@@ -554,12 +472,7 @@ static void sp_256_mont_reduce_10(sp_digit* a, const sp_digit* m, sp_digit mp)
    sp_256_norm_10(a);
 }
-/* Multiply a and b into r. (r = a * b)
+/* Multiply a and b into r. (r = a * b) */
- *
- * r  A single precision integer.
- * a  A single precision integer.
- * b  A single precision integer.
- */
 static void sp_256_mul_10(sp_digit* r, const sp_digit* a, const sp_digit* b)
 {
    int i, j, k;
@@ -600,11 +513,7 @@ static void sp_256_mont_mul_10(sp_digit* r, const sp_digit* a, const sp_digit* b
    sp_256_mont_reduce_10(r, m, mp);
 }
-/* Square a and put result in r. (r = a * a)
+/* Square a and put result in r. (r = a * a) */
- *
- * r  A single precision integer.
- * a  A single precision integer.
- */
 static void sp_256_sqr_10(sp_digit* r, const sp_digit* a)
 {
    int i, j, k;
@@ -937,8 +846,8 @@ static void sp_256_ecc_mulmod_10(sp_point* r, const sp_point* g, const sp_digit*
    else
        memcpy(r, t[0], sizeof(sp_point));
-    memset(tmp, 0, sizeof(tmp));
+    memset(tmp, 0, sizeof(tmp)); //paranoia
-    memset(td, 0, sizeof(td));
+    memset(td, 0, sizeof(td)); //paranoia
 }
 /* Multiply the base point of P256 by the scalar and return the result.
@@ -956,20 +865,20 @@ static void sp_256_ecc_mulmod_base_10(sp_point* r, sp_digit* k /*, int map*/)
 * The number is 0 padded to maximum size on output.
 *
 * priv    Scalar to multiply the point by.
- * peerkey2x32   Point to multiply.
+ * pub2x32 Point to multiply.
- * out     Buffer to hold X ordinate.
+ * out32   Buffer to hold X ordinate.
 */
-static void sp_ecc_secret_gen_256(sp_digit priv[10], const uint8_t *peerkey2x32, uint8_t* out32)
+static void sp_ecc_secret_gen_256(sp_digit priv[10], const uint8_t *pub2x32, uint8_t* out32)
 {
    sp_point point[1];
 #if FIXED_PEER_PUBKEY
-    memset((void*)peerkey32, 0x55, 64);
+    memset((void*)pub2x32, 0x55, 64);
 #endif
-    dump_hex("peerkey32 %s\n", peerkey2x32, 32);
+    dump_hex("peerkey %s\n", pub2x32, 32); /* in TLS, this is peer's public key */
-    dump_hex("          %s\n", peerkey2x32 + 32, 32);
+    dump_hex("        %s\n", pub2x32 + 32, 32);
-    sp_256_point_from_bin2x32(point, peerkey2x32);
+    sp_256_point_from_bin2x32(point, pub2x32);
    dump_hex("point->x %s\n", point->x, sizeof(point->x));
    dump_hex("point->y %s\n", point->y, sizeof(point->y));
@@ -979,14 +888,18 @@ static void sp_ecc_secret_gen_256(sp_digit priv[10], const uint8_t *peerkey2x32,
    dump_hex("out32: %s\n", out32, 32);
 }
-/* Generates a scalar that is in the range 1..order-1.
+/* Generates a scalar that is in the range 1..order-1. */
- *
+#define SIMPLIFY 1
- * rng  Random number generator.
+/* Add 1 to a. (a = a + 1) */
- * k    Scalar value.
+#if !SIMPLIFY
- */
+static void sp_256_add_one_10(sp_digit* a)
+{
+    a[0]++;
+    sp_256_norm_10(a);
+}
+#endif
 static void sp_256_ecc_gen_k_10(sp_digit k[10])
 {
-#define SIMPLIFY 1
 #if !SIMPLIFY
        /* The order of the curve P256 minus 2. */
        static const sp_digit p256_order2[10] = {
@@ -1007,7 +920,7 @@ static void sp_256_ecc_gen_k_10(sp_digit k[10])
                        break;
 #else
                /* non-loopy version (and not needing p256_order2[]):
-                 * if most-significant word seems that it can be larger
+                 * if most-significant word seems that k can be larger
                 * than p256_order2, fix it up:
                 */
                if (k[9] >= 0x03fffff)
@@ -1015,21 +928,22 @@ static void sp_256_ecc_gen_k_10(sp_digit k[10])
                break;
 #endif
        }
+#if !SIMPLIFY
        sp_256_add_one_10(k);
+#else
+        if (k[0] == 0)
+                k[0] = 1;
+#endif
 #undef SIMPLIFY
 }
-/* Makes a random EC key pair.
+/* Makes a random EC key pair. */
- *
+static void sp_ecc_make_key_256(sp_digit privkey[10], uint8_t *pubkey)
- * priv   Generated private value.
- * pubkey Generated public point.
- */
-static void sp_ecc_make_key_256(sp_digit k[10], uint8_t *pubkey)
 {
        sp_point point[1];
-        sp_256_ecc_gen_k_10(k);
+        sp_256_ecc_gen_k_10(privkey);
-        sp_256_ecc_mulmod_base_10(point, k);
+        sp_256_ecc_mulmod_base_10(point, privkey);
        sp_256_to_bin(point->x, pubkey);
        sp_256_to_bin(point->y, pubkey + 32);
@@ -1037,16 +951,16 @@ static void sp_ecc_make_key_256(sp_digit k[10], uint8_t *pubkey)
 }
 void FAST_FUNC curve_P256_compute_pubkey_and_premaster(
-                uint8_t *pubkey, uint8_t *premaster32,
+                uint8_t *pubkey2x32, uint8_t *premaster32,
                const uint8_t *peerkey2x32)
 {
        sp_digit privkey[10];
-        sp_ecc_make_key_256(privkey, pubkey);
+        sp_ecc_make_key_256(privkey, pubkey2x32);
-        dump_hex("pubkey: %s\n", pubkey, 32);
+        dump_hex("pubkey: %s\n", pubkey2x32, 32);
-        dump_hex("        %s\n", pubkey + 32, 32);
+        dump_hex("        %s\n", pubkey2x32 + 32, 32);
-        /* Combine our privkey and peerkey32 to generate premaster */
+        /* Combine our privkey and peer's public key to generate premaster */
        sp_ecc_secret_gen_256(privkey, /*x,y:*/peerkey2x32, premaster32);
        dump_hex("premaster: %s\n", premaster32, 32);
 }
author	Denys Vlasenko <vda.linux@googlemail.com>	2021-04-26 14:33:38 +0200
committer	Denys Vlasenko <vda.linux@googlemail.com>	2021-04-26 14:33:38 +0200
commit	074b33bf16b8dc047a94d615c24f40d2ba9ead46 (patch)
tree	02cefa26509caeda392b8b33df646ad439d1436a
parent	6b69ab68b47d0933f8b4a1d7ed8460274a736a5f (diff)
download	busybox-w32-074b33bf16b8dc047a94d615c24f40d2ba9ead46.tar.gz busybox-w32-074b33bf16b8dc047a94d615c24f40d2ba9ead46.tar.bz2 busybox-w32-074b33bf16b8dc047a94d615c24f40d2ba9ead46.zip