From 5f6cbb82de4f41896ca0b00942c7a2c7f8f3ed8f Mon Sep 17 00:00:00 2001 From: tb <> Date: Fri, 17 Jan 2025 10:41:31 +0000 Subject: ecp_methods: rework field_{mul,sqr}() handling Add wrapper functions that call the methods so that we can get rid of inconsistent use of ugly function pointers with massively overlong lines and other ways of reaching into the methods. ok jsing --- src/lib/libcrypto/ec/ecp_methods.c | 176 +++++++++++++++++-------------------- 1 file changed, 83 insertions(+), 93 deletions(-) diff --git a/src/lib/libcrypto/ec/ecp_methods.c b/src/lib/libcrypto/ec/ecp_methods.c index 3809bf9928..69eab8120f 100644 --- a/src/lib/libcrypto/ec/ecp_methods.c +++ b/src/lib/libcrypto/ec/ecp_methods.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ecp_methods.c,v 1.36 2025/01/11 21:20:39 tb Exp $ */ +/* $OpenBSD: ecp_methods.c,v 1.37 2025/01/17 10:41:31 tb Exp $ */ /* Includes code written by Lenka Fibikova * for the OpenSSL project. * Includes code written by Bodo Moeller for the OpenSSL project. @@ -84,6 +84,19 @@ * representation (i.e. 'encoding' means multiplying by some factor R). */ +static inline int +ec_field_mul(const EC_GROUP *group, BIGNUM *r, const BIGNUM *a, const BIGNUM *b, + BN_CTX *ctx) +{ + return group->meth->field_mul(group, r, a, b, ctx); +} + +static inline int +ec_field_sqr(const EC_GROUP *group, BIGNUM *r, const BIGNUM *a, BN_CTX *ctx) +{ + return group->meth->field_sqr(group, r, a, ctx); +} + static int ec_decode_scalar(const EC_GROUP *group, BIGNUM *bn, const BIGNUM *x, BN_CTX *ctx) { @@ -169,19 +182,13 @@ ec_group_get_curve(const EC_GROUP *group, BIGNUM *p, BIGNUM *a, BIGNUM *b, static int ec_point_is_on_curve(const EC_GROUP *group, const EC_POINT *point, BN_CTX *ctx) { - int (*field_mul) (const EC_GROUP *, BIGNUM *, const BIGNUM *, const BIGNUM *, BN_CTX *); - int (*field_sqr) (const EC_GROUP *, BIGNUM *, const BIGNUM *, BN_CTX *); - const BIGNUM *p; + const BIGNUM *p = group->p; BIGNUM *rh, *tmp, *Z4, *Z6; int ret = -1; if (EC_POINT_is_at_infinity(group, point)) return 1; - field_mul = group->meth->field_mul; - field_sqr = group->meth->field_sqr; - p = group->p; - BN_CTX_start(ctx); if ((rh = BN_CTX_get(ctx)) == NULL) @@ -201,15 +208,15 @@ ec_point_is_on_curve(const EC_GROUP *group, const EC_POINT *point, BN_CTX *ctx) */ /* rh := X^2 */ - if (!field_sqr(group, rh, point->X, ctx)) + if (!ec_field_sqr(group, rh, point->X, ctx)) goto err; if (!point->Z_is_one) { - if (!field_sqr(group, tmp, point->Z, ctx)) + if (!ec_field_sqr(group, tmp, point->Z, ctx)) goto err; - if (!field_sqr(group, Z4, tmp, ctx)) + if (!ec_field_sqr(group, Z4, tmp, ctx)) goto err; - if (!field_mul(group, Z6, Z4, tmp, ctx)) + if (!ec_field_mul(group, Z6, Z4, tmp, ctx)) goto err; /* rh := (rh + a*Z^4)*X */ @@ -220,19 +227,19 @@ ec_point_is_on_curve(const EC_GROUP *group, const EC_POINT *point, BN_CTX *ctx) goto err; if (!BN_mod_sub_quick(rh, rh, tmp, p)) goto err; - if (!field_mul(group, rh, rh, point->X, ctx)) + if (!ec_field_mul(group, rh, rh, point->X, ctx)) goto err; } else { - if (!field_mul(group, tmp, Z4, group->a, ctx)) + if (!ec_field_mul(group, tmp, Z4, group->a, ctx)) goto err; if (!BN_mod_add_quick(rh, rh, tmp, p)) goto err; - if (!field_mul(group, rh, rh, point->X, ctx)) + if (!ec_field_mul(group, rh, rh, point->X, ctx)) goto err; } /* rh := rh + b*Z^6 */ - if (!field_mul(group, tmp, group->b, Z6, ctx)) + if (!ec_field_mul(group, tmp, group->b, Z6, ctx)) goto err; if (!BN_mod_add_quick(rh, rh, tmp, p)) goto err; @@ -242,7 +249,7 @@ ec_point_is_on_curve(const EC_GROUP *group, const EC_POINT *point, BN_CTX *ctx) /* rh := (rh + a)*X */ if (!BN_mod_add_quick(rh, rh, group->a, p)) goto err; - if (!field_mul(group, rh, rh, point->X, ctx)) + if (!ec_field_mul(group, rh, rh, point->X, ctx)) goto err; /* rh := rh + b */ if (!BN_mod_add_quick(rh, rh, group->b, p)) @@ -250,7 +257,7 @@ ec_point_is_on_curve(const EC_GROUP *group, const EC_POINT *point, BN_CTX *ctx) } /* 'lh' := Y^2 */ - if (!field_sqr(group, tmp, point->Y, ctx)) + if (!ec_field_sqr(group, tmp, point->Y, ctx)) goto err; ret = (0 == BN_ucmp(tmp, rh)); @@ -269,8 +276,6 @@ static int ec_point_cmp(const EC_GROUP *group, const EC_POINT *a, const EC_POINT *b, BN_CTX *ctx) { - int (*field_mul) (const EC_GROUP *, BIGNUM *, const BIGNUM *, const BIGNUM *, BN_CTX *); - int (*field_sqr) (const EC_GROUP *, BIGNUM *, const BIGNUM *, BN_CTX *); BIGNUM *tmp1, *tmp2, *Za23, *Zb23; const BIGNUM *tmp1_, *tmp2_; int ret = -1; @@ -283,9 +288,6 @@ ec_point_cmp(const EC_GROUP *group, const EC_POINT *a, const EC_POINT *b, if (a->Z_is_one && b->Z_is_one) return BN_cmp(a->X, b->X) != 0 || BN_cmp(a->Y, b->Y) != 0; - field_mul = group->meth->field_mul; - field_sqr = group->meth->field_sqr; - BN_CTX_start(ctx); if ((tmp1 = BN_CTX_get(ctx)) == NULL) @@ -303,17 +305,17 @@ ec_point_cmp(const EC_GROUP *group, const EC_POINT *a, const EC_POINT *b, */ if (!b->Z_is_one) { - if (!field_sqr(group, Zb23, b->Z, ctx)) + if (!ec_field_sqr(group, Zb23, b->Z, ctx)) goto end; - if (!field_mul(group, tmp1, a->X, Zb23, ctx)) + if (!ec_field_mul(group, tmp1, a->X, Zb23, ctx)) goto end; tmp1_ = tmp1; } else tmp1_ = a->X; if (!a->Z_is_one) { - if (!field_sqr(group, Za23, a->Z, ctx)) + if (!ec_field_sqr(group, Za23, a->Z, ctx)) goto end; - if (!field_mul(group, tmp2, b->X, Za23, ctx)) + if (!ec_field_mul(group, tmp2, b->X, Za23, ctx)) goto end; tmp2_ = tmp2; } else @@ -325,17 +327,17 @@ ec_point_cmp(const EC_GROUP *group, const EC_POINT *a, const EC_POINT *b, goto end; } if (!b->Z_is_one) { - if (!field_mul(group, Zb23, Zb23, b->Z, ctx)) + if (!ec_field_mul(group, Zb23, Zb23, b->Z, ctx)) goto end; - if (!field_mul(group, tmp1, a->Y, Zb23, ctx)) + if (!ec_field_mul(group, tmp1, a->Y, Zb23, ctx)) goto end; /* tmp1_ = tmp1 */ } else tmp1_ = a->Y; if (!a->Z_is_one) { - if (!field_mul(group, Za23, Za23, a->Z, ctx)) + if (!ec_field_mul(group, Za23, Za23, a->Z, ctx)) goto end; - if (!field_mul(group, tmp2, b->Y, Za23, ctx)) + if (!ec_field_mul(group, tmp2, b->Y, Za23, ctx)) goto end; /* tmp2_ = tmp2 */ } else @@ -602,10 +604,8 @@ static int ec_add(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a, const EC_POINT *b, BN_CTX *ctx) { - int (*field_mul) (const EC_GROUP *, BIGNUM *, const BIGNUM *, const BIGNUM *, BN_CTX *); - int (*field_sqr) (const EC_GROUP *, BIGNUM *, const BIGNUM *, BN_CTX *); + const BIGNUM *p = group->p; BIGNUM *n0, *n1, *n2, *n3, *n4, *n5, *n6; - const BIGNUM *p; int ret = 0; if (a == b) @@ -615,10 +615,6 @@ ec_add(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a, const EC_POINT *b, if (EC_POINT_is_at_infinity(group, b)) return EC_POINT_copy(r, a); - field_mul = group->meth->field_mul; - field_sqr = group->meth->field_sqr; - p = group->p; - BN_CTX_start(ctx); if ((n0 = BN_CTX_get(ctx)) == NULL) @@ -651,15 +647,15 @@ ec_add(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a, const EC_POINT *b, /* n1 = X_a */ /* n2 = Y_a */ } else { - if (!field_sqr(group, n0, b->Z, ctx)) + if (!ec_field_sqr(group, n0, b->Z, ctx)) goto end; - if (!field_mul(group, n1, a->X, n0, ctx)) + if (!ec_field_mul(group, n1, a->X, n0, ctx)) goto end; /* n1 = X_a * Z_b^2 */ - if (!field_mul(group, n0, n0, b->Z, ctx)) + if (!ec_field_mul(group, n0, n0, b->Z, ctx)) goto end; - if (!field_mul(group, n2, a->Y, n0, ctx)) + if (!ec_field_mul(group, n2, a->Y, n0, ctx)) goto end; /* n2 = Y_a * Z_b^3 */ } @@ -673,15 +669,15 @@ ec_add(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a, const EC_POINT *b, /* n3 = X_b */ /* n4 = Y_b */ } else { - if (!field_sqr(group, n0, a->Z, ctx)) + if (!ec_field_sqr(group, n0, a->Z, ctx)) goto end; - if (!field_mul(group, n3, b->X, n0, ctx)) + if (!ec_field_mul(group, n3, b->X, n0, ctx)) goto end; /* n3 = X_b * Z_a^2 */ - if (!field_mul(group, n0, n0, a->Z, ctx)) + if (!ec_field_mul(group, n0, n0, a->Z, ctx)) goto end; - if (!field_mul(group, n4, b->Y, n0, ctx)) + if (!ec_field_mul(group, n4, b->Y, n0, ctx)) goto end; /* n4 = Y_b * Z_a^3 */ } @@ -729,21 +725,21 @@ ec_add(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a, const EC_POINT *b, if (!bn_copy(n0, a->Z)) goto end; } else { - if (!field_mul(group, n0, a->Z, b->Z, ctx)) + if (!ec_field_mul(group, n0, a->Z, b->Z, ctx)) goto end; } - if (!field_mul(group, r->Z, n0, n5, ctx)) + if (!ec_field_mul(group, r->Z, n0, n5, ctx)) goto end; } r->Z_is_one = 0; /* Z_r = Z_a * Z_b * n5 */ /* X_r */ - if (!field_sqr(group, n0, n6, ctx)) + if (!ec_field_sqr(group, n0, n6, ctx)) goto end; - if (!field_sqr(group, n4, n5, ctx)) + if (!ec_field_sqr(group, n4, n5, ctx)) goto end; - if (!field_mul(group, n3, n1, n4, ctx)) + if (!ec_field_mul(group, n3, n1, n4, ctx)) goto end; if (!BN_mod_sub_quick(r->X, n0, n3, p)) goto end; @@ -757,11 +753,11 @@ ec_add(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a, const EC_POINT *b, /* n9 = n5^2 * 'n7' - 2 * X_r */ /* Y_r */ - if (!field_mul(group, n0, n0, n6, ctx)) + if (!ec_field_mul(group, n0, n0, n6, ctx)) goto end; - if (!field_mul(group, n5, n4, n5, ctx)) + if (!ec_field_mul(group, n5, n4, n5, ctx)) goto end; /* now n5 is n5^3 */ - if (!field_mul(group, n1, n2, n5, ctx)) + if (!ec_field_mul(group, n1, n2, n5, ctx)) goto end; if (!BN_mod_sub_quick(n0, n0, n1, p)) goto end; @@ -784,19 +780,13 @@ ec_add(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a, const EC_POINT *b, static int ec_dbl(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a, BN_CTX *ctx) { - int (*field_mul) (const EC_GROUP *, BIGNUM *, const BIGNUM *, const BIGNUM *, BN_CTX *); - int (*field_sqr) (const EC_GROUP *, BIGNUM *, const BIGNUM *, BN_CTX *); - const BIGNUM *p; + const BIGNUM *p = group->p; BIGNUM *n0, *n1, *n2, *n3; int ret = 0; if (EC_POINT_is_at_infinity(group, a)) return EC_POINT_set_to_infinity(group, r); - field_mul = group->meth->field_mul; - field_sqr = group->meth->field_sqr; - p = group->p; - BN_CTX_start(ctx); if ((n0 = BN_CTX_get(ctx)) == NULL) @@ -816,7 +806,7 @@ ec_dbl(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a, BN_CTX *ctx) /* n1 */ if (a->Z_is_one) { - if (!field_sqr(group, n0, a->X, ctx)) + if (!ec_field_sqr(group, n0, a->X, ctx)) goto err; if (!BN_mod_lshift1_quick(n1, n0, p)) goto err; @@ -826,13 +816,13 @@ ec_dbl(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a, BN_CTX *ctx) goto err; /* n1 = 3 * X_a^2 + a_curve */ } else if (group->a_is_minus3) { - if (!field_sqr(group, n1, a->Z, ctx)) + if (!ec_field_sqr(group, n1, a->Z, ctx)) goto err; if (!BN_mod_add_quick(n0, a->X, n1, p)) goto err; if (!BN_mod_sub_quick(n2, a->X, n1, p)) goto err; - if (!field_mul(group, n1, n0, n2, ctx)) + if (!ec_field_mul(group, n1, n0, n2, ctx)) goto err; if (!BN_mod_lshift1_quick(n0, n1, p)) goto err; @@ -843,17 +833,17 @@ ec_dbl(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a, BN_CTX *ctx) * Z_a^4 */ } else { - if (!field_sqr(group, n0, a->X, ctx)) + if (!ec_field_sqr(group, n0, a->X, ctx)) goto err; if (!BN_mod_lshift1_quick(n1, n0, p)) goto err; if (!BN_mod_add_quick(n0, n0, n1, p)) goto err; - if (!field_sqr(group, n1, a->Z, ctx)) + if (!ec_field_sqr(group, n1, a->Z, ctx)) goto err; - if (!field_sqr(group, n1, n1, ctx)) + if (!ec_field_sqr(group, n1, n1, ctx)) goto err; - if (!field_mul(group, n1, n1, group->a, ctx)) + if (!ec_field_mul(group, n1, n1, group->a, ctx)) goto err; if (!BN_mod_add_quick(n1, n1, n0, p)) goto err; @@ -865,7 +855,7 @@ ec_dbl(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a, BN_CTX *ctx) if (!bn_copy(n0, a->Y)) goto err; } else { - if (!field_mul(group, n0, a->Y, a->Z, ctx)) + if (!ec_field_mul(group, n0, a->Y, a->Z, ctx)) goto err; } if (!BN_mod_lshift1_quick(r->Z, n0, p)) @@ -874,9 +864,9 @@ ec_dbl(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a, BN_CTX *ctx) /* Z_r = 2 * Y_a * Z_a */ /* n2 */ - if (!field_sqr(group, n3, a->Y, ctx)) + if (!ec_field_sqr(group, n3, a->Y, ctx)) goto err; - if (!field_mul(group, n2, a->X, n3, ctx)) + if (!ec_field_mul(group, n2, a->X, n3, ctx)) goto err; if (!BN_mod_lshift_quick(n2, n2, 2, p)) goto err; @@ -885,14 +875,14 @@ ec_dbl(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a, BN_CTX *ctx) /* X_r */ if (!BN_mod_lshift1_quick(n0, n2, p)) goto err; - if (!field_sqr(group, r->X, n1, ctx)) + if (!ec_field_sqr(group, r->X, n1, ctx)) goto err; if (!BN_mod_sub_quick(r->X, r->X, n0, p)) goto err; /* X_r = n1^2 - 2 * n2 */ /* n3 */ - if (!field_sqr(group, n0, n3, ctx)) + if (!ec_field_sqr(group, n0, n3, ctx)) goto err; if (!BN_mod_lshift_quick(n3, n0, 3, p)) goto err; @@ -901,7 +891,7 @@ ec_dbl(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a, BN_CTX *ctx) /* Y_r */ if (!BN_mod_sub_quick(n0, n2, r->X, p)) goto err; - if (!field_mul(group, n0, n1, n0, ctx)) + if (!ec_field_mul(group, n0, n1, n0, ctx)) goto err; if (!BN_mod_sub_quick(r->Y, n0, n3, p)) goto err; @@ -925,19 +915,6 @@ ec_invert(const EC_GROUP *group, EC_POINT *point, BN_CTX *ctx) return BN_usub(point->Y, group->p, point->Y); } -static int -ec_field_mul(const EC_GROUP *group, BIGNUM *r, const BIGNUM *a, const BIGNUM *b, - BN_CTX *ctx) -{ - return BN_mod_mul(r, a, b, group->p, ctx); -} - -static int -ec_field_sqr(const EC_GROUP *group, BIGNUM *r, const BIGNUM *a, BN_CTX *ctx) -{ - return BN_mod_sqr(r, a, group->p, ctx); -} - /* * Apply randomization of EC point Jacobian projective coordinates: * @@ -967,7 +944,7 @@ ec_blind_coordinates(const EC_GROUP *group, EC_POINT *p, BN_CTX *ctx) goto err; /* Z = lambda * Z */ - if (!group->meth->field_mul(group, p->Z, lambda, p->Z, ctx)) + if (!ec_field_mul(group, p->Z, lambda, p->Z, ctx)) goto err; /* tmp = lambda^2 */ @@ -975,15 +952,15 @@ ec_blind_coordinates(const EC_GROUP *group, EC_POINT *p, BN_CTX *ctx) goto err; /* X = lambda^2 * X */ - if (!group->meth->field_mul(group, p->X, tmp, p->X, ctx)) + if (!ec_field_mul(group, p->X, tmp, p->X, ctx)) goto err; /* tmp = lambda^3 */ - if (!group->meth->field_mul(group, tmp, tmp, lambda, ctx)) + if (!ec_field_mul(group, tmp, tmp, lambda, ctx)) goto err; /* Y = lambda^3 * Y */ - if (!group->meth->field_mul(group, p->Y, tmp, p->Y, ctx)) + if (!ec_field_mul(group, p->Y, tmp, p->Y, ctx)) goto err; /* Disable optimized arithmetics after replacing Z by lambda * Z. */ @@ -1241,6 +1218,19 @@ ec_mul_double_nonct(const EC_GROUP *group, EC_POINT *r, const BIGNUM *g_scalar, return ec_wnaf_mul(group, r, g_scalar, point, p_scalar, ctx); } +static int +ec_simple_field_mul(const EC_GROUP *group, BIGNUM *r, const BIGNUM *a, + const BIGNUM *b, BN_CTX *ctx) +{ + return BN_mod_mul(r, a, b, group->p, ctx); +} + +static int +ec_simple_field_sqr(const EC_GROUP *group, BIGNUM *r, const BIGNUM *a, BN_CTX *ctx) +{ + return BN_mod_sqr(r, a, group->p, ctx); +} + static int ec_mont_group_set_curve(EC_GROUP *group, const BIGNUM *p, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx) @@ -1333,8 +1323,8 @@ static const EC_METHOD ec_GFp_simple_method = { .mul_generator_ct = ec_mul_generator_ct, .mul_single_ct = ec_mul_single_ct, .mul_double_nonct = ec_mul_double_nonct, - .field_mul = ec_field_mul, - .field_sqr = ec_field_sqr, + .field_mul = ec_simple_field_mul, + .field_sqr = ec_simple_field_sqr, }; const EC_METHOD * -- cgit v1.2.3-55-g6feb