aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDenys Vlasenko <vda.linux@googlemail.com>2021-12-01 15:09:44 +0100
committerDenys Vlasenko <vda.linux@googlemail.com>2021-12-01 15:09:44 +0100
commitb240733ae7423cb8f542a624eef0cfa3037d05bc (patch)
tree90f2a5fd0611becd0164566d3c582f08dec46075
parent8514b4166d7a9d7720006d852ae67f43baed8ef1 (diff)
downloadbusybox-w32-b240733ae7423cb8f542a624eef0cfa3037d05bc.tar.gz
busybox-w32-b240733ae7423cb8f542a624eef0cfa3037d05bc.tar.bz2
busybox-w32-b240733ae7423cb8f542a624eef0cfa3037d05bc.zip
tls: x25519: code shrink by factoring out common code
function old new delta fe_reduce - 37 +37 lm_add 67 43 -24 fe_mul_c 62 38 -24 fe_mul__distinct 138 112 -26 curve25519 800 767 -33 lm_sub 98 64 -34 ------------------------------------------------------------------------------ (add/remove: 1/0 grow/shrink: 0/5 up/down: 37/-141) Total: -104 bytes Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
Diffstat
-rw-r--r--networking/tls_fe.c68
1 files changed, 21 insertions, 47 deletions
diff --git a/networking/tls_fe.c b/networking/tls_fe.c
index 3a0a6776f..e5580fbcf 100644
--- a/networking/tls_fe.c
+++ b/networking/tls_fe.c
@@ -187,7 +187,7 @@ static void fprime_mul(byte *r, const byte *a, const byte *b,
187#if 0 //UNUSED 187#if 0 //UNUSED
188static void fe_load(byte *x, word32 c) 188static void fe_load(byte *x, word32 c)
189{ 189{
190 word32 i; 190 int i;
191 191
192 for (i = 0; i < sizeof(c); i++) { 192 for (i = 0; i < sizeof(c); i++) {
193 x[i] = c; 193 x[i] = c;
@@ -199,21 +199,29 @@ static void fe_load(byte *x, word32 c)
199} 199}
200#endif 200#endif
201 201
202static void fe_normalize(byte *x) 202static void fe_reduce(byte *x, word32 c)
203{ 203{
204 byte minusp[F25519_SIZE];
205 unsigned c;
206 int i; 204 int i;
207 205
208 /* Reduce using 2^255 = 19 mod p */ 206 /* Reduce using 2^255 = 19 mod p */
209 c = (x[31] >> 7) * 19; 207 x[31] = c & 127;
210 x[31] &= 127; 208 c = (c >> 7) * 19;
211 209
212 for (i = 0; i < F25519_SIZE; i++) { 210 for (i = 0; i < F25519_SIZE; i++) {
213 c += x[i]; 211 c += x[i];
214 x[i] = (byte)c; 212 x[i] = (byte)c;
215 c >>= 8; 213 c >>= 8;
216 } 214 }
215}
216
217static void fe_normalize(byte *x)
218{
219 byte minusp[F25519_SIZE];
220 unsigned c;
221 int i;
222
223 /* Reduce using 2^255 = 19 mod p */
224 fe_reduce(x, x[31]);
217 225
218 /* The number is now less than 2^255 + 18, and therefore less than 226 /* The number is now less than 2^255 + 18, and therefore less than
219 * 2p. Try subtracting p, and conditionally load the subtracted 227 * 2p. Try subtracting p, and conditionally load the subtracted
@@ -247,14 +255,7 @@ static void lm_add(byte* r, const byte* a, const byte* b)
247 } 255 }
248 256
249 /* Reduce with 2^255 = 19 mod p */ 257 /* Reduce with 2^255 = 19 mod p */
250 r[31] &= 127; 258 fe_reduce(r, c);
251 c = (c >> 7) * 19;
252
253 for (i = 0; i < F25519_SIZE; i++) {
254 c += r[i];
255 r[i] = (byte)c;
256 c >>= 8;
257 }
258} 259}
259 260
260static void lm_sub(byte* r, const byte* a, const byte* b) 261static void lm_sub(byte* r, const byte* a, const byte* b)
@@ -264,21 +265,15 @@ static void lm_sub(byte* r, const byte* a, const byte* b)
264 265
265 /* Calculate a + 2p - b, to avoid underflow */ 266 /* Calculate a + 2p - b, to avoid underflow */
266 c = 218; 267 c = 218;
267 for (i = 0; i + 1 < F25519_SIZE; i++) { 268 for (i = 0; i < F25519_SIZE - 1; i++) {
268 c += 65280 + ((word32)a[i]) - ((word32)b[i]); 269 c += 65280 + ((word32)a[i]) - ((word32)b[i]);
269 r[i] = c; 270 r[i] = c;
270 c >>= 8; 271 c >>= 8;
271 } 272 }
272 273
273 c += ((word32)a[31]) - ((word32)b[31]); 274 c += ((word32)a[31]) - ((word32)b[31]);
274 r[31] = c & 127;
275 c = (c >> 7) * 19;
276 275
277 for (i = 0; i < F25519_SIZE; i++) { 276 fe_reduce(r, c);
278 c += r[i];
279 r[i] = c;
280 c >>= 8;
281 }
282} 277}
283 278
284#if 0 //UNUSED 279#if 0 //UNUSED
@@ -289,21 +284,15 @@ static void lm_neg(byte* r, const byte* a)
289 284
290 /* Calculate 2p - a, to avoid underflow */ 285 /* Calculate 2p - a, to avoid underflow */
291 c = 218; 286 c = 218;
292 for (i = 0; i + 1 < F25519_SIZE; i++) { 287 for (i = 0; i < F25519_SIZE - 1; i++) {
293 c += 65280 - ((word32)a[i]); 288 c += 65280 - ((word32)a[i]);
294 r[i] = c; 289 r[i] = c;
295 c >>= 8; 290 c >>= 8;
296 } 291 }
297 292
298 c -= ((word32)a[31]); 293 c -= ((word32)a[31]);
299 r[31] = c & 127;
300 c = (c >> 7) * 19;
301 294
302 for (i = 0; i < F25519_SIZE; i++) { 295 fe_reduce(r, c);
303 c += r[i];
304 r[i] = c;
305 c >>= 8;
306 }
307} 296}
308#endif 297#endif
309 298
@@ -326,14 +315,7 @@ static void fe_mul__distinct(byte *r, const byte *a, const byte *b)
326 r[i] = c; 315 r[i] = c;
327 } 316 }
328 317
329 r[31] &= 127; 318 fe_reduce(r, c);
330 c = (c >> 7) * 19;
331
332 for (i = 0; i < F25519_SIZE; i++) {
333 c += r[i];
334 r[i] = c;
335 c >>= 8;
336 }
337} 319}
338 320
339#if 0 //UNUSED 321#if 0 //UNUSED
@@ -357,15 +339,7 @@ static void fe_mul_c(byte *r, const byte *a, word32 b)
357 r[i] = c; 339 r[i] = c;
358 } 340 }
359 341
360 r[31] &= 127; 342 fe_reduce(r, c);
361 c >>= 7;
362 c *= 19;
363
364 for (i = 0; i < F25519_SIZE; i++) {
365 c += r[i];
366 r[i] = c;
367 c >>= 8;
368 }
369} 343}
370 344
371static void fe_inv__distinct(byte *r, const byte *x) 345static void fe_inv__distinct(byte *r, const byte *x)
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-03-22 15:39:13 +0000