[PATCH 4/8] ecc: Add add_hh and dup members to ecc_curve

From: Daiki Ueno dueno@redhat.com

This makes it possible to share the same code for curve25519 and curve448 primitives, which use different underlying formulas for addition and doubling.

Signed-off-by: Daiki Ueno dueno@redhat.com --- ecc-192.c | 4 ++++ ecc-224.c | 4 ++++ ecc-25519.c | 4 ++++ ecc-256.c | 4 ++++ ecc-384.c | 4 ++++ ecc-521.c | 4 ++++ ecc-internal.h | 8 ++++++++ ecc-mul-a-eh.c | 12 ++++++------ ecc-mul-g-eh.c | 4 ++-- testsuite/ecc-add-test.c | 43 +++++++++++++++++++++++++------------------ testsuite/ecc-dup-test.c | 10 +++++----- 11 files changed, 70 insertions(+), 31 deletions(-)

diff --git a/ecc-192.c b/ecc-192.c index 5c52b043..1fbbcded 100644 --- a/ecc-192.c +++ b/ecc-192.c @@ -155,12 +155,16 @@ const struct ecc_curve nettle_secp_192r1 = ECC_PIPPENGER_K, ECC_PIPPENGER_C,

+ ECC_ADD_JJA_ITCH (ECC_LIMB_SIZE), ECC_ADD_JJJ_ITCH (ECC_LIMB_SIZE), + ECC_DUP_JJ_ITCH (ECC_LIMB_SIZE), ECC_MUL_A_ITCH (ECC_LIMB_SIZE), ECC_MUL_G_ITCH (ECC_LIMB_SIZE), ECC_J_TO_A_ITCH (ECC_LIMB_SIZE),

+ ecc_add_jja, ecc_add_jjj, + ecc_dup_jj, ecc_mul_a, ecc_mul_g, ecc_j_to_a, diff --git a/ecc-224.c b/ecc-224.c index cdb42197..b1ff0578 100644 --- a/ecc-224.c +++ b/ecc-224.c @@ -107,12 +107,16 @@ const struct ecc_curve nettle_secp_224r1 = ECC_PIPPENGER_K, ECC_PIPPENGER_C,

+ ECC_ADD_JJA_ITCH (ECC_LIMB_SIZE), ECC_ADD_JJJ_ITCH (ECC_LIMB_SIZE), + ECC_DUP_JJ_ITCH (ECC_LIMB_SIZE), ECC_MUL_A_ITCH (ECC_LIMB_SIZE), ECC_MUL_G_ITCH (ECC_LIMB_SIZE), ECC_J_TO_A_ITCH (ECC_LIMB_SIZE),

+ ecc_add_jja, ecc_add_jjj, + ecc_dup_jj, ecc_mul_a, ecc_mul_g, ecc_j_to_a, diff --git a/ecc-25519.c b/ecc-25519.c index 92de49be..16073ecf 100644 --- a/ecc-25519.c +++ b/ecc-25519.c @@ -335,12 +335,16 @@ const struct ecc_curve _nettle_curve25519 = ECC_PIPPENGER_K, ECC_PIPPENGER_C,

+ ECC_ADD_EH_ITCH (ECC_LIMB_SIZE), ECC_ADD_EHH_ITCH (ECC_LIMB_SIZE), + ECC_DUP_EH_ITCH (ECC_LIMB_SIZE), ECC_MUL_A_EH_ITCH (ECC_LIMB_SIZE), ECC_MUL_G_EH_ITCH (ECC_LIMB_SIZE), ECC_EH_TO_A_ITCH (ECC_LIMB_SIZE, ECC_25519_INV_ITCH),

+ ecc_add_eh, ecc_add_ehh, + ecc_dup_eh, ecc_mul_a_eh, ecc_mul_g_eh, ecc_eh_to_a, diff --git a/ecc-256.c b/ecc-256.c index e757985c..d0870657 100644 --- a/ecc-256.c +++ b/ecc-256.c @@ -284,12 +284,16 @@ const struct ecc_curve nettle_secp_256r1 = ECC_PIPPENGER_K, ECC_PIPPENGER_C,

+ ECC_ADD_JJA_ITCH (ECC_LIMB_SIZE), ECC_ADD_JJJ_ITCH (ECC_LIMB_SIZE), + ECC_DUP_JJ_ITCH (ECC_LIMB_SIZE), ECC_MUL_A_ITCH (ECC_LIMB_SIZE), ECC_MUL_G_ITCH (ECC_LIMB_SIZE), ECC_J_TO_A_ITCH (ECC_LIMB_SIZE),

+ ecc_add_jja, ecc_add_jjj, + ecc_dup_jj, ecc_mul_a, ecc_mul_g, ecc_j_to_a, diff --git a/ecc-384.c b/ecc-384.c index a393c61f..006c4568 100644 --- a/ecc-384.c +++ b/ecc-384.c @@ -192,12 +192,16 @@ const struct ecc_curve nettle_secp_384r1 = ECC_PIPPENGER_K, ECC_PIPPENGER_C,

+ ECC_ADD_JJA_ITCH (ECC_LIMB_SIZE), ECC_ADD_JJJ_ITCH (ECC_LIMB_SIZE), + ECC_DUP_JJ_ITCH (ECC_LIMB_SIZE), ECC_MUL_A_ITCH (ECC_LIMB_SIZE), ECC_MUL_G_ITCH (ECC_LIMB_SIZE), ECC_J_TO_A_ITCH (ECC_LIMB_SIZE),

+ ecc_add_jja, ecc_add_jjj, + ecc_dup_jj, ecc_mul_a, ecc_mul_g, ecc_j_to_a, diff --git a/ecc-521.c b/ecc-521.c index 1a08f209..9d32b54e 100644 --- a/ecc-521.c +++ b/ecc-521.c @@ -120,12 +120,16 @@ const struct ecc_curve nettle_secp_521r1 = ECC_PIPPENGER_K, ECC_PIPPENGER_C,

+ ECC_ADD_JJA_ITCH (ECC_LIMB_SIZE), ECC_ADD_JJJ_ITCH (ECC_LIMB_SIZE), + ECC_DUP_JJ_ITCH (ECC_LIMB_SIZE), ECC_MUL_A_ITCH (ECC_LIMB_SIZE), ECC_MUL_G_ITCH (ECC_LIMB_SIZE), ECC_J_TO_A_ITCH (ECC_LIMB_SIZE),

+ ecc_add_jja, ecc_add_jjj, + ecc_dup_jj, ecc_mul_a, ecc_mul_g, ecc_j_to_a, diff --git a/ecc-internal.h b/ecc-internal.h index ce1e34fb..643277c0 100644 --- a/ecc-internal.h +++ b/ecc-internal.h @@ -112,6 +112,10 @@ typedef void ecc_add_func (const struct ecc_curve *ecc, const mp_limb_t *p, const mp_limb_t *q, mp_limb_t *scratch);

+typedef void ecc_dup_func (const struct ecc_curve *ecc, + mp_limb_t *r, const mp_limb_t *p, + mp_limb_t *scratch); + typedef void ecc_mul_g_func (const struct ecc_curve *ecc, mp_limb_t *r, const mp_limb_t *np, mp_limb_t *scratch);

@@ -168,12 +172,16 @@ struct ecc_curve unsigned short pippenger_k; unsigned short pippenger_c;

+ unsigned short add_hh_itch; unsigned short add_hhh_itch; + unsigned short dup_itch; unsigned short mul_itch; unsigned short mul_g_itch; unsigned short h_to_a_itch;

+ ecc_add_func *add_hh; ecc_add_func *add_hhh; + ecc_dup_func *dup; ecc_mul_func *mul; ecc_mul_g_func *mul_g; ecc_h_to_a_func *h_to_a; diff --git a/ecc-mul-a-eh.c b/ecc-mul-a-eh.c index cf743236..e9b22cd4 100644 --- a/ecc-mul-a-eh.c +++ b/ecc-mul-a-eh.c @@ -75,8 +75,8 @@ ecc_mul_a_eh (const struct ecc_curve *ecc, { int digit;

- ecc_dup_eh (ecc, r, r, scratch_out); - ecc_add_ehh (ecc, tp, r, pe, scratch_out); + ecc->dup (ecc, r, r, scratch_out); + ecc->add_hhh (ecc, tp, r, pe, scratch_out);

digit = (w & bit) > 0; /* If we had a one-bit, use the sum. */ @@ -107,8 +107,8 @@ table_init (const struct ecc_curve *ecc,

for (j = 2; j < size; j += 2) { - ecc_dup_eh (ecc, TABLE(j), TABLE(j/2), scratch); - ecc_add_ehh (ecc, TABLE(j+1), TABLE(j), TABLE(1), scratch); + ecc->dup (ecc, TABLE(j), TABLE(j/2), scratch); + ecc->add_hhh (ecc, TABLE(j+1), TABLE(j), TABLE(1), scratch); } }

@@ -163,11 +163,11 @@ ecc_mul_a_eh (const struct ecc_curve *ecc, bits |= w >> shift; } for (j = 0; j < ECC_MUL_A_EH_WBITS; j++) - ecc_dup_eh (ecc, r, r, scratch_out); + ecc->dup (ecc, r, r, scratch_out);

bits &= TABLE_MASK; sec_tabselect (tp, 3*ecc->p.size, table, TABLE_SIZE, bits); - ecc_add_ehh (ecc, r, tp, r, scratch_out); + ecc->add_hhh (ecc, r, tp, r, scratch_out); } #undef table #undef tp diff --git a/ecc-mul-g-eh.c b/ecc-mul-g-eh.c index a945494d..971bc6c5 100644 --- a/ecc-mul-g-eh.c +++ b/ecc-mul-g-eh.c @@ -64,7 +64,7 @@ ecc_mul_g_eh (const struct ecc_curve *ecc, mp_limb_t *r,

for (i = k; i-- > 0; ) { - ecc_dup_eh (ecc, r, r, scratch); + ecc->dup (ecc, r, r, scratch); for (j = 0; j * c < bit_rows; j++) { unsigned bits; @@ -93,7 +93,7 @@ ecc_mul_g_eh (const struct ecc_curve *ecc, mp_limb_t *r, + (2*ecc->p.size * (mp_size_t) j << c)), 1<<c, bits);

- ecc_add_eh (ecc, r, r, tp, scratch_out); + ecc->add_hh (ecc, r, r, tp, scratch_out); } } #undef tp diff --git a/testsuite/ecc-add-test.c b/testsuite/ecc-add-test.c index 54fae31f..8e88a76b 100644 --- a/testsuite/ecc-add-test.c +++ b/testsuite/ecc-add-test.c @@ -1,4 +1,5 @@ #include "testutils.h" +#include <assert.h>

void test_main (void) @@ -20,64 +21,70 @@ test_main (void) /* Zero point has x = 0, y = 1, z = 1 */ mpn_zero (z, 3*ecc->p.size); z[ecc->p.size] = z[2*ecc->p.size] = 1; - + + assert (ecc->add_hh == ecc_add_eh); + assert (ecc->add_hhh == ecc_add_ehh); + ecc_a_to_j (ecc, g, ecc->g);

- ecc_add_ehh (ecc, p, z, z, scratch); + ecc->add_hhh (ecc, p, z, z, scratch); test_ecc_mul_h (i, 0, p);

- ecc_add_eh (ecc, p, z, z, scratch); + ecc->add_hh (ecc, p, z, z, scratch); test_ecc_mul_h (i, 0, p);

- ecc_add_ehh (ecc, p, g, p, scratch); + ecc->add_hhh (ecc, p, g, p, scratch); test_ecc_mul_h (i, 1, p);

- ecc_add_eh (ecc, p, z, g, scratch); + ecc->add_hh (ecc, p, z, g, scratch); test_ecc_mul_h (i, 1, p);

- ecc_add_ehh (ecc, g2, g, p, scratch); + ecc->add_hhh (ecc, g2, g, p, scratch); test_ecc_mul_h (i, 2, g2);

- ecc_add_eh (ecc, g2, g, g, scratch); + ecc->add_hh (ecc, g2, g, g, scratch); test_ecc_mul_h (i, 2, g2);

- ecc_add_ehh (ecc, g3, g, g2, scratch); + ecc->add_hhh (ecc, g3, g, g2, scratch); test_ecc_mul_h (i, 3, g3);

- ecc_add_eh (ecc, g3, g2, g, scratch); + ecc->add_hh (ecc, g3, g2, g, scratch); test_ecc_mul_h (i, 3, g3);

- ecc_add_ehh (ecc, p, g, g3, scratch); + ecc->add_hhh (ecc, p, g, g3, scratch); test_ecc_mul_h (i, 4, p);

- ecc_add_eh (ecc, p, g3, g, scratch); + ecc->add_hh (ecc, p, g3, g, scratch); test_ecc_mul_h (i, 4, p);

- ecc_add_ehh (ecc, p, g2, g2, scratch); + ecc->add_hhh (ecc, p, g2, g2, scratch); test_ecc_mul_h (i, 4, p);

free (z); } else { + assert (ecc->add_hhh == ecc_add_jjj); + assert (ecc->dup == ecc_dup_jj); + ecc_a_to_j (ecc, g, ecc->g);

- ecc_dup_jj (ecc, g2, g, scratch); + ecc->dup (ecc, g2, g, scratch); test_ecc_mul_h (i, 2, g2);

- ecc_add_jjj (ecc, g3, g, g2, scratch); + ecc->add_hhh (ecc, g3, g, g2, scratch); test_ecc_mul_h (i, 3, g3);

- ecc_add_jjj (ecc, g3, g2, g, scratch); + ecc->add_hhh (ecc, g3, g2, g, scratch); test_ecc_mul_h (i, 3, g3);

- ecc_add_jjj (ecc, p, g, g3, scratch); + ecc->add_hhh (ecc, p, g, g3, scratch); test_ecc_mul_h (i, 4, p);

- ecc_add_jjj (ecc, p, g3, g, scratch); + ecc->add_hhh (ecc, p, g3, g, scratch); test_ecc_mul_h (i, 4, p);

- ecc_dup_jj (ecc, p, g2, scratch); + ecc->dup (ecc, p, g2, scratch); test_ecc_mul_h (i, 4, p); } free (g); diff --git a/testsuite/ecc-dup-test.c b/testsuite/ecc-dup-test.c index b92352c1..f987b165 100644 --- a/testsuite/ecc-dup-test.c +++ b/testsuite/ecc-dup-test.c @@ -21,13 +21,13 @@ test_main (void) ecc_a_to_j (ecc, g, ecc->g);

- ecc_dup_eh (ecc, p, z, scratch); + ecc->dup (ecc, p, z, scratch); test_ecc_mul_h (i, 0, p);

- ecc_dup_eh (ecc, p, g, scratch); + ecc->dup (ecc, p, g, scratch); test_ecc_mul_h (i, 2, p);

- ecc_dup_eh (ecc, p, p, scratch); + ecc->dup (ecc, p, p, scratch); test_ecc_mul_h (i, 4, p); free (z); } @@ -35,10 +35,10 @@ test_main (void) { ecc_a_to_j (ecc, g, ecc->g);

- ecc_dup_jj (ecc, p, g, scratch); + ecc->dup (ecc, p, g, scratch); test_ecc_mul_h (i, 2, p);

- ecc_dup_jj (ecc, p, p, scratch); + ecc->dup (ecc, p, p, scratch); test_ecc_mul_h (i, 4, p); } free (p);