tls: stop passing temporary buffer address in P256 code
function old new delta sp_256_proj_point_dbl_10 435 453 +18 sp_256_ecc_mulmod_10 1300 1237 -63 ------------------------------------------------------------------------------ (add/remove: 0/0 grow/shrink: 1/1 up/down: 18/-63) Total: -45 bytes Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
This commit is contained in:
Denys Vlasenko
@ -553,16 +553,15 @@ static void sp_256_mont_sqr_10(sp_digit* r, const sp_digit* a, const sp_digit* m
|
|||||||
*
|
*
|
||||||
* r Inverse result.
|
* r Inverse result.
|
||||||
* a Number to invert.
|
* a Number to invert.
|
||||||
* td Temporary data.
|
|
||||||
*/
|
*/
|
||||||
/* Mod-2 for the P256 curve. */
|
/* Mod-2 for the P256 curve. */
|
||||||
static const uint32_t p256_mod_2[8] = {
|
static const uint32_t p256_mod_2[8] = {
|
||||||
0xfffffffd,0xffffffff,0xffffffff,0x00000000,
|
0xfffffffd,0xffffffff,0xffffffff,0x00000000,
|
||||||
0x00000000,0x00000000,0x00000001,0xffffffff,
|
0x00000000,0x00000000,0x00000001,0xffffffff,
|
||||||
};
|
};
|
||||||
static void sp_256_mont_inv_10(sp_digit* r, sp_digit* a, sp_digit* td)
|
static void sp_256_mont_inv_10(sp_digit* r, sp_digit* a)
|
||||||
{
|
{
|
||||||
sp_digit* t = td;
|
sp_digit t[2*10]; //can be just [10]?
|
||||||
int i;
|
int i;
|
||||||
|
|
||||||
memcpy(t, a, sizeof(sp_digit) * 10);
|
memcpy(t, a, sizeof(sp_digit) * 10);
|
||||||
@ -578,15 +577,14 @@ static void sp_256_mont_inv_10(sp_digit* r, sp_digit* a, sp_digit* td)
|
|||||||
*
|
*
|
||||||
* r Resulting affine co-ordinate point.
|
* r Resulting affine co-ordinate point.
|
||||||
* p Montgomery form projective co-ordinate point.
|
* p Montgomery form projective co-ordinate point.
|
||||||
* t Temporary ordinate data.
|
|
||||||
*/
|
*/
|
||||||
static void sp_256_map_10(sp_point* r, sp_point* p, sp_digit* t)
|
static void sp_256_map_10(sp_point* r, sp_point* p)
|
||||||
{
|
{
|
||||||
sp_digit* t1 = t;
|
sp_digit t1[2*10];
|
||||||
sp_digit* t2 = t + 2*10;
|
sp_digit t2[2*10];
|
||||||
int32_t n;
|
int32_t n;
|
||||||
|
|
||||||
sp_256_mont_inv_10(t1, p->z, t + 2*10);
|
sp_256_mont_inv_10(t1, p->z);
|
||||||
|
|
||||||
sp_256_mont_sqr_10(t2, t1, p256_mod, p256_mp_mod);
|
sp_256_mont_sqr_10(t2, t1, p256_mod, p256_mp_mod);
|
||||||
sp_256_mont_mul_10(t1, t2, t1, p256_mod, p256_mp_mod);
|
sp_256_mont_mul_10(t1, t2, t1, p256_mod, p256_mp_mod);
|
||||||
@ -617,13 +615,12 @@ static void sp_256_map_10(sp_point* r, sp_point* p, sp_digit* t)
|
|||||||
*
|
*
|
||||||
* r Result of doubling point.
|
* r Result of doubling point.
|
||||||
* p Point to double.
|
* p Point to double.
|
||||||
* t Temporary ordinate data.
|
|
||||||
*/
|
*/
|
||||||
static void sp_256_proj_point_dbl_10(sp_point* r, sp_point* p, sp_digit* t)
|
static void sp_256_proj_point_dbl_10(sp_point* r, sp_point* p)
|
||||||
{
|
{
|
||||||
sp_point tp;
|
sp_point tp;
|
||||||
sp_digit* t1 = t;
|
sp_digit t1[2*10];
|
||||||
sp_digit* t2 = t + 2*10;
|
sp_digit t2[2*10];
|
||||||
|
|
||||||
/* Put point to double into result */
|
/* Put point to double into result */
|
||||||
if (r != p)
|
if (r != p)
|
||||||
@ -676,16 +673,14 @@ static void sp_256_proj_point_dbl_10(sp_point* r, sp_point* p, sp_digit* t)
|
|||||||
* r Result of addition.
|
* r Result of addition.
|
||||||
* p Frist point to add.
|
* p Frist point to add.
|
||||||
* q Second point to add.
|
* q Second point to add.
|
||||||
* t Temporary ordinate data.
|
|
||||||
*/
|
*/
|
||||||
static void sp_256_proj_point_add_10(sp_point* r, sp_point* p, sp_point* q,
|
static void sp_256_proj_point_add_10(sp_point* r, sp_point* p, sp_point* q)
|
||||||
sp_digit* t)
|
|
||||||
{
|
{
|
||||||
sp_digit* t1 = t;
|
sp_digit t1[2*10];
|
||||||
sp_digit* t2 = t + 2*10;
|
sp_digit t2[2*10];
|
||||||
sp_digit* t3 = t + 4*10;
|
sp_digit t3[2*10];
|
||||||
sp_digit* t4 = t + 6*10;
|
sp_digit t4[2*10];
|
||||||
sp_digit* t5 = t + 8*10;
|
sp_digit t5[2*10];
|
||||||
|
|
||||||
/* Ensure only the first point is the same as the result. */
|
/* Ensure only the first point is the same as the result. */
|
||||||
if (q == r) {
|
if (q == r) {
|
||||||
@ -701,7 +696,7 @@ static void sp_256_proj_point_add_10(sp_point* r, sp_point* p, sp_point* q,
|
|||||||
&& sp_256_cmp_equal_10(p->z, q->z)
|
&& sp_256_cmp_equal_10(p->z, q->z)
|
||||||
&& (sp_256_cmp_equal_10(p->y, q->y) || sp_256_cmp_equal_10(p->y, t1))
|
&& (sp_256_cmp_equal_10(p->y, q->y) || sp_256_cmp_equal_10(p->y, t1))
|
||||||
) {
|
) {
|
||||||
sp_256_proj_point_dbl_10(r, p, t);
|
sp_256_proj_point_dbl_10(r, p);
|
||||||
}
|
}
|
||||||
else {
|
else {
|
||||||
sp_point tp;
|
sp_point tp;
|
||||||
@ -762,7 +757,6 @@ static void sp_256_ecc_mulmod_10(sp_point* r, const sp_point* g, const sp_digit*
|
|||||||
{
|
{
|
||||||
enum { map = 1 }; /* we always convert result to affine coordinates */
|
enum { map = 1 }; /* we always convert result to affine coordinates */
|
||||||
sp_point t[3];
|
sp_point t[3];
|
||||||
sp_digit tmp[2 * 10 * 5];
|
|
||||||
sp_digit n;
|
sp_digit n;
|
||||||
int i;
|
int i;
|
||||||
int c, y;
|
int c, y;
|
||||||
@ -791,20 +785,17 @@ static void sp_256_ecc_mulmod_10(sp_point* r, const sp_point* g, const sp_digit*
|
|||||||
y = (n >> 25) & 1;
|
y = (n >> 25) & 1;
|
||||||
n <<= 1;
|
n <<= 1;
|
||||||
|
|
||||||
//FIXME: what's "tmp" and why do we pass it down?
|
sp_256_proj_point_add_10(&t[y^1], &t[0], &t[1]);
|
||||||
//is it scratch space for "sensitive" data, to be memset(0) after we are done?
|
|
||||||
sp_256_proj_point_add_10(&t[y^1], &t[0], &t[1], tmp);
|
|
||||||
memcpy(&t[2], &t[y], sizeof(sp_point));
|
memcpy(&t[2], &t[y], sizeof(sp_point));
|
||||||
sp_256_proj_point_dbl_10(&t[2], &t[2], tmp);
|
sp_256_proj_point_dbl_10(&t[2], &t[2]);
|
||||||
memcpy(&t[y], &t[2], sizeof(sp_point));
|
memcpy(&t[y], &t[2], sizeof(sp_point));
|
||||||
}
|
}
|
||||||
|
|
||||||
if (map)
|
if (map)
|
||||||
sp_256_map_10(r, &t[0], tmp);
|
sp_256_map_10(r, &t[0]);
|
||||||
else
|
else
|
||||||
memcpy(r, &t[0], sizeof(sp_point));
|
memcpy(r, &t[0], sizeof(sp_point));
|
||||||
|
|
||||||
memset(tmp, 0, sizeof(tmp)); //paranoia
|
|
||||||
memset(t, 0, sizeof(t)); //paranoia
|
memset(t, 0, sizeof(t)); //paranoia
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
Reference in New Issue
Block a user