diff options
| -rw-r--r-- | networking/tls_sp_c32.c | 79 |
1 files changed, 37 insertions, 42 deletions
diff --git a/networking/tls_sp_c32.c b/networking/tls_sp_c32.c index 29dd04293..3b0473036 100644 --- a/networking/tls_sp_c32.c +++ b/networking/tls_sp_c32.c | |||
| @@ -1269,52 +1269,47 @@ static NOINLINE void sp_256_proj_point_add_8(sp_point* r, sp_point* p, sp_point* | |||
| 1269 | && (sp_256_cmp_equal_8(p->y, q->y) || sp_256_cmp_equal_8(p->y, t1)) | 1269 | && (sp_256_cmp_equal_8(p->y, q->y) || sp_256_cmp_equal_8(p->y, t1)) |
| 1270 | ) { | 1270 | ) { |
| 1271 | sp_256_proj_point_dbl_8(r, p); | 1271 | sp_256_proj_point_dbl_8(r, p); |
| 1272 | return; | ||
| 1272 | } | 1273 | } |
| 1273 | else { | ||
| 1274 | sp_point tp; | ||
| 1275 | sp_point *v; | ||
| 1276 | |||
| 1277 | v = r; | ||
| 1278 | if (p->infinity | q->infinity) { | ||
| 1279 | memset(&tp, 0, sizeof(tp)); | ||
| 1280 | v = &tp; | ||
| 1281 | } | ||
| 1282 | 1274 | ||
| 1283 | *r = p->infinity ? *q : *p; /* struct copy */ | ||
| 1284 | 1275 | ||
| 1285 | /* U1 = X1*Z2^2 */ | 1276 | if (p->infinity || q->infinity) { |
| 1286 | sp_256_mont_sqr_8(t1, q->z /*, p256_mod, p256_mp_mod*/); | 1277 | *r = p->infinity ? *q : *p; /* struct copy */ |
| 1287 | sp_256_mont_mul_8(t3, t1, q->z /*, p256_mod, p256_mp_mod*/); | 1278 | return; |
| 1288 | sp_256_mont_mul_8(t1, t1, v->x /*, p256_mod, p256_mp_mod*/); | ||
| 1289 | /* U2 = X2*Z1^2 */ | ||
| 1290 | sp_256_mont_sqr_8(t2, v->z /*, p256_mod, p256_mp_mod*/); | ||
| 1291 | sp_256_mont_mul_8(t4, t2, v->z /*, p256_mod, p256_mp_mod*/); | ||
| 1292 | sp_256_mont_mul_8(t2, t2, q->x /*, p256_mod, p256_mp_mod*/); | ||
| 1293 | /* S1 = Y1*Z2^3 */ | ||
| 1294 | sp_256_mont_mul_8(t3, t3, v->y /*, p256_mod, p256_mp_mod*/); | ||
| 1295 | /* S2 = Y2*Z1^3 */ | ||
| 1296 | sp_256_mont_mul_8(t4, t4, q->y /*, p256_mod, p256_mp_mod*/); | ||
| 1297 | /* H = U2 - U1 */ | ||
| 1298 | sp_256_mont_sub_8(t2, t2, t1 /*, p256_mod*/); | ||
| 1299 | /* R = S2 - S1 */ | ||
| 1300 | sp_256_mont_sub_8(t4, t4, t3 /*, p256_mod*/); | ||
| 1301 | /* Z3 = H*Z1*Z2 */ | ||
| 1302 | sp_256_mont_mul_8(v->z, v->z, q->z /*, p256_mod, p256_mp_mod*/); | ||
| 1303 | sp_256_mont_mul_8(v->z, v->z, t2 /*, p256_mod, p256_mp_mod*/); | ||
| 1304 | /* X3 = R^2 - H^3 - 2*U1*H^2 */ | ||
| 1305 | sp_256_mont_sqr_8(v->x, t4 /*, p256_mod, p256_mp_mod*/); | ||
| 1306 | sp_256_mont_sqr_8(t5, t2 /*, p256_mod, p256_mp_mod*/); | ||
| 1307 | sp_256_mont_mul_8(v->y, t1, t5 /*, p256_mod, p256_mp_mod*/); | ||
| 1308 | sp_256_mont_mul_8(t5, t5, t2 /*, p256_mod, p256_mp_mod*/); | ||
| 1309 | sp_256_mont_sub_8(v->x, v->x, t5 /*, p256_mod*/); | ||
| 1310 | sp_256_mont_dbl_8(t1, v->y /*, p256_mod*/); | ||
| 1311 | sp_256_mont_sub_8(v->x, v->x, t1 /*, p256_mod*/); | ||
| 1312 | /* Y3 = R*(U1*H^2 - X3) - S1*H^3 */ | ||
| 1313 | sp_256_mont_sub_8(v->y, v->y, v->x /*, p256_mod*/); | ||
| 1314 | sp_256_mont_mul_8(v->y, v->y, t4 /*, p256_mod, p256_mp_mod*/); | ||
| 1315 | sp_256_mont_mul_8(t5, t5, t3 /*, p256_mod, p256_mp_mod*/); | ||
| 1316 | sp_256_mont_sub_8(v->y, v->y, t5 /*, p256_mod*/); | ||
| 1317 | } | 1279 | } |
| 1280 | |||
| 1281 | /* U1 = X1*Z2^2 */ | ||
| 1282 | sp_256_mont_sqr_8(t1, q->z /*, p256_mod, p256_mp_mod*/); | ||
| 1283 | sp_256_mont_mul_8(t3, t1, q->z /*, p256_mod, p256_mp_mod*/); | ||
| 1284 | sp_256_mont_mul_8(t1, t1, r->x /*, p256_mod, p256_mp_mod*/); | ||
| 1285 | /* U2 = X2*Z1^2 */ | ||
| 1286 | sp_256_mont_sqr_8(t2, r->z /*, p256_mod, p256_mp_mod*/); | ||
| 1287 | sp_256_mont_mul_8(t4, t2, r->z /*, p256_mod, p256_mp_mod*/); | ||
| 1288 | sp_256_mont_mul_8(t2, t2, q->x /*, p256_mod, p256_mp_mod*/); | ||
| 1289 | /* S1 = Y1*Z2^3 */ | ||
| 1290 | sp_256_mont_mul_8(t3, t3, r->y /*, p256_mod, p256_mp_mod*/); | ||
| 1291 | /* S2 = Y2*Z1^3 */ | ||
| 1292 | sp_256_mont_mul_8(t4, t4, q->y /*, p256_mod, p256_mp_mod*/); | ||
| 1293 | /* H = U2 - U1 */ | ||
| 1294 | sp_256_mont_sub_8(t2, t2, t1 /*, p256_mod*/); | ||
| 1295 | /* R = S2 - S1 */ | ||
| 1296 | sp_256_mont_sub_8(t4, t4, t3 /*, p256_mod*/); | ||
| 1297 | /* Z3 = H*Z1*Z2 */ | ||
| 1298 | sp_256_mont_mul_8(r->z, r->z, q->z /*, p256_mod, p256_mp_mod*/); | ||
| 1299 | sp_256_mont_mul_8(r->z, r->z, t2 /*, p256_mod, p256_mp_mod*/); | ||
| 1300 | /* X3 = R^2 - H^3 - 2*U1*H^2 */ | ||
| 1301 | sp_256_mont_sqr_8(r->x, t4 /*, p256_mod, p256_mp_mod*/); | ||
| 1302 | sp_256_mont_sqr_8(t5, t2 /*, p256_mod, p256_mp_mod*/); | ||
| 1303 | sp_256_mont_mul_8(r->y, t1, t5 /*, p256_mod, p256_mp_mod*/); | ||
| 1304 | sp_256_mont_mul_8(t5, t5, t2 /*, p256_mod, p256_mp_mod*/); | ||
| 1305 | sp_256_mont_sub_8(r->x, r->x, t5 /*, p256_mod*/); | ||
| 1306 | sp_256_mont_dbl_8(t1, r->y /*, p256_mod*/); | ||
| 1307 | sp_256_mont_sub_8(r->x, r->x, t1 /*, p256_mod*/); | ||
| 1308 | /* Y3 = R*(U1*H^2 - X3) - S1*H^3 */ | ||
| 1309 | sp_256_mont_sub_8(r->y, r->y, r->x /*, p256_mod*/); | ||
| 1310 | sp_256_mont_mul_8(r->y, r->y, t4 /*, p256_mod, p256_mp_mod*/); | ||
| 1311 | sp_256_mont_mul_8(t5, t5, t3 /*, p256_mod, p256_mp_mod*/); | ||
| 1312 | sp_256_mont_sub_8(r->y, r->y, t5 /*, p256_mod*/); | ||
| 1318 | } | 1313 | } |
| 1319 | 1314 | ||
| 1320 | /* Multiply the point by the scalar and return the result. | 1315 | /* Multiply the point by the scalar and return the result. |