aboutsummaryrefslogtreecommitdiff
path: root/networking
diff options
context:
space:
mode:
authorDenys Vlasenko <vda.linux@googlemail.com>2022-07-13 16:11:17 +0200
committerDenys Vlasenko <vda.linux@googlemail.com>2022-07-13 16:11:17 +0200
commit7b969bb2ada4d7757229fd735135f7720ef8008c (patch)
tree297399c415293f32f484bd62cfc3a3c513e2afe4 /networking
parente63d7cdfdac78c6fd27e9e63150335767592b85e (diff)
downloadbusybox-w32-7b969bb2ada4d7757229fd735135f7720ef8008c.tar.gz
busybox-w32-7b969bb2ada4d7757229fd735135f7720ef8008c.tar.bz2
busybox-w32-7b969bb2ada4d7757229fd735135f7720ef8008c.zip
tls: P256: remove NOP macro sp_256_norm_8()
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
Diffstat (limited to 'networking')
-rw-r--r--networking/tls_sp_c32.c35
1 files changed, 5 insertions, 30 deletions
diff --git a/networking/tls_sp_c32.c b/networking/tls_sp_c32.c
index 292dda24e..a593c5c40 100644
--- a/networking/tls_sp_c32.c
+++ b/networking/tls_sp_c32.c
@@ -68,9 +68,6 @@ static const sp_digit p256_mod[8] ALIGNED(8) = {
68 68
69#define p256_mp_mod ((sp_digit)0x000001) 69#define p256_mp_mod ((sp_digit)0x000001)
70 70
71/* Normalize the values in each word to 32 bits - NOP */
72#define sp_256_norm_8(a) ((void)0)
73
74/* Write r as big endian to byte array. 71/* Write r as big endian to byte array.
75 * Fixed length number of bytes written: 32 72 * Fixed length number of bytes written: 32
76 * 73 *
@@ -83,8 +80,6 @@ static void sp_256_to_bin_8(const sp_digit* rr, uint8_t* a)
83 int i; 80 int i;
84 const uint64_t* r = (void*)rr; 81 const uint64_t* r = (void*)rr;
85 82
86 sp_256_norm_8(rr);
87
88 r += 4; 83 r += 4;
89 for (i = 0; i < 4; i++) { 84 for (i = 0; i < 4; i++) {
90 r--; 85 r--;
@@ -97,8 +92,6 @@ static void sp_256_to_bin_8(const sp_digit* r, uint8_t* a)
97{ 92{
98 int i; 93 int i;
99 94
100 sp_256_norm_8(r);
101
102 r += 8; 95 r += 8;
103 for (i = 0; i < 8; i++) { 96 for (i = 0; i < 8; i++) {
104 r--; 97 r--;
@@ -641,7 +634,6 @@ static void sp_256_div2_8(sp_digit* r /*, const sp_digit* m*/)
641 int carry = 0; 634 int carry = 0;
642 if (r[0] & 1) 635 if (r[0] & 1)
643 carry = sp_256_add_8(r, r, m); 636 carry = sp_256_add_8(r, r, m);
644 sp_256_norm_8(r);
645 sp_256_rshift1_8(r, carry); 637 sp_256_rshift1_8(r, carry);
646} 638}
647 639
@@ -652,10 +644,8 @@ static void sp_256_mont_add_8(sp_digit* r, const sp_digit* a, const sp_digit* b
652// const sp_digit* m = p256_mod; 644// const sp_digit* m = p256_mod;
653 645
654 int carry = sp_256_add_8(r, a, b); 646 int carry = sp_256_add_8(r, a, b);
655 sp_256_norm_8(r);
656 if (carry) { 647 if (carry) {
657 sp_256_sub_8_p256_mod(r); 648 sp_256_sub_8_p256_mod(r);
658 sp_256_norm_8(r);
659 } 649 }
660} 650}
661 651
@@ -667,10 +657,8 @@ static void sp_256_mont_sub_8(sp_digit* r, const sp_digit* a, const sp_digit* b
667 657
668 int borrow; 658 int borrow;
669 borrow = sp_256_sub_8(r, a, b); 659 borrow = sp_256_sub_8(r, a, b);
670 sp_256_norm_8(r);
671 if (borrow) { 660 if (borrow) {
672 sp_256_add_8(r, r, m); 661 sp_256_add_8(r, r, m);
673 sp_256_norm_8(r);
674 } 662 }
675} 663}
676 664
@@ -680,10 +668,8 @@ static void sp_256_mont_dbl_8(sp_digit* r, const sp_digit* a /*, const sp_digit*
680// const sp_digit* m = p256_mod; 668// const sp_digit* m = p256_mod;
681 669
682 int carry = sp_256_add_8(r, a, a); 670 int carry = sp_256_add_8(r, a, a);
683 sp_256_norm_8(r);
684 if (carry) 671 if (carry)
685 sp_256_sub_8_p256_mod(r); 672 sp_256_sub_8_p256_mod(r);
686 sp_256_norm_8(r);
687} 673}
688 674
689/* Triple a Montgomery form number (r = a + a + a % m) */ 675/* Triple a Montgomery form number (r = a + a + a % m) */
@@ -692,16 +678,12 @@ static void sp_256_mont_tpl_8(sp_digit* r, const sp_digit* a /*, const sp_digit*
692// const sp_digit* m = p256_mod; 678// const sp_digit* m = p256_mod;
693 679
694 int carry = sp_256_add_8(r, a, a); 680 int carry = sp_256_add_8(r, a, a);
695 sp_256_norm_8(r);
696 if (carry) { 681 if (carry) {
697 sp_256_sub_8_p256_mod(r); 682 sp_256_sub_8_p256_mod(r);
698 sp_256_norm_8(r);
699 } 683 }
700 carry = sp_256_add_8(r, r, a); 684 carry = sp_256_add_8(r, r, a);
701 sp_256_norm_8(r);
702 if (carry) { 685 if (carry) {
703 sp_256_sub_8_p256_mod(r); 686 sp_256_sub_8_p256_mod(r);
704 sp_256_norm_8(r);
705 } 687 }
706} 688}
707 689
@@ -844,7 +826,6 @@ static void sp_512to256_mont_reduce_8(sp_digit* r, sp_digit* aa/*, const sp_digi
844 sp_512to256_mont_shift_8(r, aa); 826 sp_512to256_mont_shift_8(r, aa);
845 if (carry != 0) 827 if (carry != 0)
846 sp_256_sub_8_p256_mod(r); 828 sp_256_sub_8_p256_mod(r);
847 sp_256_norm_8(r);
848} 829}
849 830
850#else /* Generic 32-bit version */ 831#else /* Generic 32-bit version */
@@ -1003,8 +984,6 @@ static int sp_256_mul_add_8(sp_digit* r /*, const sp_digit* a, sp_digit b*/)
1003 * [In our case, it is (p256_mp_mod * a[1]) << 32.] 984 * [In our case, it is (p256_mp_mod * a[1]) << 32.]
1004 * And so on. Eventually T is divisible by R, and after division by R 985 * And so on. Eventually T is divisible by R, and after division by R
1005 * the algorithm is in the same place as the usual Montgomery reduction. 986 * the algorithm is in the same place as the usual Montgomery reduction.
1006 *
1007 * TODO: Can conditionally use 64-bit (if bit-little-endian arch) logic?
1008 */ 987 */
1009static void sp_512to256_mont_reduce_8(sp_digit* r, sp_digit* a/*, const sp_digit* m, sp_digit mp*/) 988static void sp_512to256_mont_reduce_8(sp_digit* r, sp_digit* a/*, const sp_digit* m, sp_digit mp*/)
1010{ 989{
@@ -1032,7 +1011,6 @@ static void sp_512to256_mont_reduce_8(sp_digit* r, sp_digit* a/*, const sp_digit
1032 sp_512to256_mont_shift_8(r, a); 1011 sp_512to256_mont_shift_8(r, a);
1033 if (word16th != 0) 1012 if (word16th != 0)
1034 sp_256_sub_8_p256_mod(r); 1013 sp_256_sub_8_p256_mod(r);
1035 sp_256_norm_8(r);
1036 } 1014 }
1037 else { /* Same code for explicit mp == 1 (which is always the case for P256) */ 1015 else { /* Same code for explicit mp == 1 (which is always the case for P256) */
1038 sp_digit word16th = 0; 1016 sp_digit word16th = 0;
@@ -1052,7 +1030,6 @@ static void sp_512to256_mont_reduce_8(sp_digit* r, sp_digit* a/*, const sp_digit
1052 sp_512to256_mont_shift_8(r, a); 1030 sp_512to256_mont_shift_8(r, a);
1053 if (word16th != 0) 1031 if (word16th != 0)
1054 sp_256_sub_8_p256_mod(r); 1032 sp_256_sub_8_p256_mod(r);
1055 sp_256_norm_8(r);
1056 } 1033 }
1057} 1034}
1058#endif 1035#endif
@@ -1208,14 +1185,12 @@ static void sp_256_map_8(sp_point* r, sp_point* p)
1208 /* Reduce x to less than modulus */ 1185 /* Reduce x to less than modulus */
1209 if (sp_256_cmp_8(r->x, p256_mod) >= 0) 1186 if (sp_256_cmp_8(r->x, p256_mod) >= 0)
1210 sp_256_sub_8_p256_mod(r->x); 1187 sp_256_sub_8_p256_mod(r->x);
1211 sp_256_norm_8(r->x);
1212 1188
1213 /* y /= z^3 */ 1189 /* y /= z^3 */
1214 sp_256_mont_mul_and_reduce_8(r->y, p->y, t1 /*, p256_mod, p256_mp_mod*/); 1190 sp_256_mont_mul_and_reduce_8(r->y, p->y, t1 /*, p256_mod, p256_mp_mod*/);
1215 /* Reduce y to less than modulus */ 1191 /* Reduce y to less than modulus */
1216 if (sp_256_cmp_8(r->y, p256_mod) >= 0) 1192 if (sp_256_cmp_8(r->y, p256_mod) >= 0)
1217 sp_256_sub_8_p256_mod(r->y); 1193 sp_256_sub_8_p256_mod(r->y);
1218 sp_256_norm_8(r->y);
1219 1194
1220 memset(r->z, 0, sizeof(r->z)); 1195 memset(r->z, 0, sizeof(r->z));
1221 r->z[0] = 1; 1196 r->z[0] = 1;
@@ -1300,7 +1275,6 @@ static NOINLINE void sp_256_proj_point_add_8(sp_point* r, sp_point* p, sp_point*
1300 1275
1301 /* Check double */ 1276 /* Check double */
1302 sp_256_sub_8(t1, p256_mod, q->y); 1277 sp_256_sub_8(t1, p256_mod, q->y);
1303 sp_256_norm_8(t1);
1304 if (sp_256_cmp_equal_8(p->x, q->x) 1278 if (sp_256_cmp_equal_8(p->x, q->x)
1305 && sp_256_cmp_equal_8(p->z, q->z) 1279 && sp_256_cmp_equal_8(p->z, q->z)
1306 && (sp_256_cmp_equal_8(p->y, q->y) || sp_256_cmp_equal_8(p->y, t1)) 1280 && (sp_256_cmp_equal_8(p->y, q->y) || sp_256_cmp_equal_8(p->y, t1))
@@ -1422,14 +1396,15 @@ static void sp_256_ecc_mulmod_8(sp_point* r, const sp_point* g, const sp_digit*
1422static void sp_256_ecc_mulmod_base_8(sp_point* r, sp_digit* k /*, int map*/) 1396static void sp_256_ecc_mulmod_base_8(sp_point* r, sp_digit* k /*, int map*/)
1423{ 1397{
1424 /* Since this function is called only once, save space: 1398 /* Since this function is called only once, save space:
1425 * don't have "static const sp_point p256_base = {...}", 1399 * don't have "static const sp_point p256_base = {...}".
1426 * it would have more zeros than data.
1427 */ 1400 */
1428 static const uint8_t p256_base_bin[] = { 1401 static const uint8_t p256_base_bin[] = {
1429 /* x (big-endian) */ 1402 /* x (big-endian) */
1430 0x6b,0x17,0xd1,0xf2,0xe1,0x2c,0x42,0x47,0xf8,0xbc,0xe6,0xe5,0x63,0xa4,0x40,0xf2,0x77,0x03,0x7d,0x81,0x2d,0xeb,0x33,0xa0,0xf4,0xa1,0x39,0x45,0xd8,0x98,0xc2,0x96, 1403 0x6b,0x17,0xd1,0xf2,0xe1,0x2c,0x42,0x47,0xf8,0xbc,0xe6,0xe5,0x63,0xa4,0x40,0xf2,
1404 0x77,0x03,0x7d,0x81,0x2d,0xeb,0x33,0xa0,0xf4,0xa1,0x39,0x45,0xd8,0x98,0xc2,0x96,
1431 /* y */ 1405 /* y */
1432 0x4f,0xe3,0x42,0xe2,0xfe,0x1a,0x7f,0x9b,0x8e,0xe7,0xeb,0x4a,0x7c,0x0f,0x9e,0x16,0x2b,0xce,0x33,0x57,0x6b,0x31,0x5e,0xce,0xcb,0xb6,0x40,0x68,0x37,0xbf,0x51,0xf5, 1406 0x4f,0xe3,0x42,0xe2,0xfe,0x1a,0x7f,0x9b,0x8e,0xe7,0xeb,0x4a,0x7c,0x0f,0x9e,0x16,
1407 0x2b,0xce,0x33,0x57,0x6b,0x31,0x5e,0xce,0xcb,0xb6,0x40,0x68,0x37,0xbf,0x51,0xf5,
1433 /* z will be set to 1, infinity flag to "false" */ 1408 /* z will be set to 1, infinity flag to "false" */
1434 }; 1409 };
1435 sp_point p256_base; 1410 sp_point p256_base;
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-03-17 02:56:06 +0000