tls: code shrink in curve 25519

function                                             old     new   delta
curve25519                                           832     849     +17
curve_x25519_compute_pubkey_and_premaster             74      71      -3
static.basepoint9                                     32       -     -32
------------------------------------------------------------------------------
(add/remove: 0/1 grow/shrink: 1/1 up/down: 17/-35)            Total: -18 bytes

Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>

1 files changed, 27 insertions, 19 deletions

diff --git a/networking/tls_fe.c b/networking/tls_fe.c
index e96b33225..ecb410281 100644
--- a/networking/tls_fe.c
+++ b/networking/tls_fe.c
@@ -108,26 +108,26 @@ static void raw_try_sub(byte *x, const byte *p)
 #if 0 //UNUSED
 static int prime_msb(const byte *p)
 {
-    int i;
-    byte x;
-    int shift = 1;
-    int z     = F25519_SIZE - 1;
-
-   /*
-       Test for any hot bits.
-       As soon as one instance is encountered set shift to 0.
-    */
+        int i;
+        byte x;
+        int shift = 1;
+        int z     = F25519_SIZE - 1;
+
+        /*
+            Test for any hot bits.
+            As soon as one instance is encountered set shift to 0.
+         */
         for (i = F25519_SIZE - 1; i >= 0; i--) {
-        shift &= ((shift ^ ((-p[i] | p[i]) >> 7)) & 1);
-        z -= shift;
-    }
+                shift &= ((shift ^ ((-p[i] | p[i]) >> 7)) & 1);
+                z -= shift;
+        }
         x = p[z];
         z <<= 3;
-    shift = 1;
-    for (i = 0; i < 8; i++) {
-        shift &= ((-(x >> i) | (x >> i)) >> (7 - i) & 1);
-        z += shift;
-    }
+        shift = 1;
+        for (i = 0; i < 8; i++) {
+                shift &= ((-(x >> i) | (x >> i)) >> (7 - i) & 1);
+                z += shift;
+        }
 
         return z - 1;
 }
@@ -549,6 +549,9 @@ static void curve25519(byte *result, const byte *e, const byte *q)
         int i;
 
         struct {
+                /* for bbox's special case of q == NULL meaning "use basepoint" */
+                /*static const*/ uint8_t basepoint9[CURVE25519_KEYSIZE]; // = {9};
+
                 /* from wolfssl-3.15.3/wolfssl/wolfcrypt/fe_operations.h */
                 /*static const*/ byte f25519_one[F25519_SIZE]; // = {1};
 
@@ -559,6 +562,7 @@ static void curve25519(byte *result, const byte *e, const byte *q)
                 byte xm1[F25519_SIZE]; // = {1};
                 byte zm1[F25519_SIZE]; // = {0};
         } z;
+#define basepoint9 z.basepoint9
 #define f25519_one z.f25519_one
 #define xm         z.xm
 #define zm         z.zm
@@ -569,6 +573,11 @@ static void curve25519(byte *result, const byte *e, const byte *q)
         zm[0] = 1;
         xm1[0] = 1;
 
+        if (!q) {
+                basepoint9[0] = 9;
+                q = basepoint9;
+        }
+
         /* Note: bit 254 is assumed to be 1 */
         lm_copy(xm, q);
 
@@ -606,7 +615,6 @@ void FAST_FUNC curve_x25519_compute_pubkey_and_premaster(
                 uint8_t *pubkey, uint8_t *premaster,
                 const uint8_t *peerkey32)
 {
-        static const uint8_t basepoint9[CURVE25519_KEYSIZE] ALIGN8 = {9};
         uint8_t privkey[CURVE25519_KEYSIZE]; //[32]
 
         /* Generate random private key, see RFC 7748 */
@@ -615,7 +623,7 @@ void FAST_FUNC curve_x25519_compute_pubkey_and_premaster(
         privkey[CURVE25519_KEYSIZE-1] = ((privkey[CURVE25519_KEYSIZE-1] & 0x7f) | 0x40);
 
         /* Compute public key */
-        curve25519(pubkey, privkey, basepoint9);
+        curve25519(pubkey, privkey, NULL /* "use base point of x25519" */);
 
         /* Compute premaster using peer's public key */
         curve25519(premaster, privkey, peerkey32);