aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--networking/tls_fe.c46
1 files changed, 27 insertions, 19 deletions
diff --git a/networking/tls_fe.c b/networking/tls_fe.c
index e96b33225..ecb410281 100644
--- a/networking/tls_fe.c
+++ b/networking/tls_fe.c
@@ -108,26 +108,26 @@ static void raw_try_sub(byte *x, const byte *p)
108#if 0 //UNUSED 108#if 0 //UNUSED
109static int prime_msb(const byte *p) 109static int prime_msb(const byte *p)
110{ 110{
111 int i; 111 int i;
112 byte x; 112 byte x;
113 int shift = 1; 113 int shift = 1;
114 int z = F25519_SIZE - 1; 114 int z = F25519_SIZE - 1;
115 115
116 /* 116 /*
117 Test for any hot bits. 117 Test for any hot bits.
118 As soon as one instance is encountered set shift to 0. 118 As soon as one instance is encountered set shift to 0.
119 */ 119 */
120 for (i = F25519_SIZE - 1; i >= 0; i--) { 120 for (i = F25519_SIZE - 1; i >= 0; i--) {
121 shift &= ((shift ^ ((-p[i] | p[i]) >> 7)) & 1); 121 shift &= ((shift ^ ((-p[i] | p[i]) >> 7)) & 1);
122 z -= shift; 122 z -= shift;
123 } 123 }
124 x = p[z]; 124 x = p[z];
125 z <<= 3; 125 z <<= 3;
126 shift = 1; 126 shift = 1;
127 for (i = 0; i < 8; i++) { 127 for (i = 0; i < 8; i++) {
128 shift &= ((-(x >> i) | (x >> i)) >> (7 - i) & 1); 128 shift &= ((-(x >> i) | (x >> i)) >> (7 - i) & 1);
129 z += shift; 129 z += shift;
130 } 130 }
131 131
132 return z - 1; 132 return z - 1;
133} 133}
@@ -549,6 +549,9 @@ static void curve25519(byte *result, const byte *e, const byte *q)
549 int i; 549 int i;
550 550
551 struct { 551 struct {
552 /* for bbox's special case of q == NULL meaning "use basepoint" */
553 /*static const*/ uint8_t basepoint9[CURVE25519_KEYSIZE]; // = {9};
554
552 /* from wolfssl-3.15.3/wolfssl/wolfcrypt/fe_operations.h */ 555 /* from wolfssl-3.15.3/wolfssl/wolfcrypt/fe_operations.h */
553 /*static const*/ byte f25519_one[F25519_SIZE]; // = {1}; 556 /*static const*/ byte f25519_one[F25519_SIZE]; // = {1};
554 557
@@ -559,6 +562,7 @@ static void curve25519(byte *result, const byte *e, const byte *q)
559 byte xm1[F25519_SIZE]; // = {1}; 562 byte xm1[F25519_SIZE]; // = {1};
560 byte zm1[F25519_SIZE]; // = {0}; 563 byte zm1[F25519_SIZE]; // = {0};
561 } z; 564 } z;
565#define basepoint9 z.basepoint9
562#define f25519_one z.f25519_one 566#define f25519_one z.f25519_one
563#define xm z.xm 567#define xm z.xm
564#define zm z.zm 568#define zm z.zm
@@ -569,6 +573,11 @@ static void curve25519(byte *result, const byte *e, const byte *q)
569 zm[0] = 1; 573 zm[0] = 1;
570 xm1[0] = 1; 574 xm1[0] = 1;
571 575
576 if (!q) {
577 basepoint9[0] = 9;
578 q = basepoint9;
579 }
580
572 /* Note: bit 254 is assumed to be 1 */ 581 /* Note: bit 254 is assumed to be 1 */
573 lm_copy(xm, q); 582 lm_copy(xm, q);
574 583
@@ -606,7 +615,6 @@ void FAST_FUNC curve_x25519_compute_pubkey_and_premaster(
606 uint8_t *pubkey, uint8_t *premaster, 615 uint8_t *pubkey, uint8_t *premaster,
607 const uint8_t *peerkey32) 616 const uint8_t *peerkey32)
608{ 617{
609 static const uint8_t basepoint9[CURVE25519_KEYSIZE] ALIGN8 = {9};
610 uint8_t privkey[CURVE25519_KEYSIZE]; //[32] 618 uint8_t privkey[CURVE25519_KEYSIZE]; //[32]
611 619
612 /* Generate random private key, see RFC 7748 */ 620 /* Generate random private key, see RFC 7748 */
@@ -615,7 +623,7 @@ void FAST_FUNC curve_x25519_compute_pubkey_and_premaster(
615 privkey[CURVE25519_KEYSIZE-1] = ((privkey[CURVE25519_KEYSIZE-1] & 0x7f) | 0x40); 623 privkey[CURVE25519_KEYSIZE-1] = ((privkey[CURVE25519_KEYSIZE-1] & 0x7f) | 0x40);
616 624
617 /* Compute public key */ 625 /* Compute public key */
618 curve25519(pubkey, privkey, basepoint9); 626 curve25519(pubkey, privkey, NULL /* "use base point of x25519" */);
619 627
620 /* Compute premaster using peer's public key */ 628 /* Compute premaster using peer's public key */
621 curve25519(premaster, privkey, peerkey32); 629 curve25519(premaster, privkey, peerkey32);
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-03-22 16:27:51 +0000