Abstract scalar inversion in EC_METHOD.

This introduces a hook for the OpenSSL assembly. Change-Id: I35e0588f0ed5bed375b12f738d16c9f46ceedeea Reviewed-on: https://boringssl-review.googlesource.com/27592 Reviewed-by: Adam Langley <alangley@gmail.com>
2018-04-06 19:43:29 -04:00 · 2018-04-06 19:43:29 -04:00 · 364a51ec3a
commit 364a51ec3a
parent b27b579fdd
6 changed files with 19 additions and 2 deletions
--- a/crypto/fipsmodule/ec/ec_montgomery.c
+++ b/crypto/fipsmodule/ec/ec_montgomery.c
@ -267,4 +267,5 @@ DEFINE_METHOD_FUNCTION(EC_METHOD, EC_GFp_mont_method) {
  out->field_sqr = ec_GFp_mont_field_sqr;
  out->field_encode = ec_GFp_mont_field_encode;
  out->field_decode = ec_GFp_mont_field_decode;
+  out->scalar_inv_montgomery = ec_simple_scalar_inv_montgomery;
 }
--- a/crypto/fipsmodule/ec/internal.h
+++ b/crypto/fipsmodule/ec/internal.h
@ -133,6 +133,12 @@ struct ec_method_st {
                      BN_CTX *);  // e.g. to Montgomery
  int (*field_decode)(const EC_GROUP *, BIGNUM *r, const BIGNUM *a,
                      BN_CTX *);  // e.g. from Montgomery
+
+  // scalar_inv_mont sets |out| to |in|^-1, where both input and output are in
+  // Montgomery form.
+  void (*scalar_inv_montgomery)(const EC_GROUP *group, EC_SCALAR *out,
+                                const EC_SCALAR *in);
+
 } /* EC_METHOD */;

 const EC_METHOD *EC_GFp_mont_method(void);
@ -271,6 +277,8 @@ int ec_GFp_simple_cmp(const EC_GROUP *, const EC_POINT *a, const EC_POINT *b,
 int ec_GFp_simple_make_affine(const EC_GROUP *, EC_POINT *, BN_CTX *);
 int ec_GFp_simple_points_make_affine(const EC_GROUP *, size_t num,
                                     EC_POINT * [], BN_CTX *);
+void ec_simple_scalar_inv_montgomery(const EC_GROUP *group, EC_SCALAR *r,
+                                     const EC_SCALAR *a);

 // method functions in montgomery.c
 int ec_GFp_mont_group_init(EC_GROUP *);
--- a/crypto/fipsmodule/ec/p224-64.c
+++ b/crypto/fipsmodule/ec/p224-64.c
@ -1127,6 +1127,7 @@ DEFINE_METHOD_FUNCTION(EC_METHOD, EC_GFp_nistp224_method) {
  out->field_sqr = ec_GFp_nistp224_field_sqr;
  out->field_encode = NULL;
  out->field_decode = NULL;
+  out->scalar_inv_montgomery = ec_simple_scalar_inv_montgomery;
 };

 #endif  // BORINGSSL_HAS_UINT128 && !SMALL
--- a/crypto/fipsmodule/ec/p256-x86_64.c
+++ b/crypto/fipsmodule/ec/p256-x86_64.c
@ -441,6 +441,7 @@ DEFINE_METHOD_FUNCTION(EC_METHOD, EC_GFp_nistz256_method) {
  out->field_sqr = ec_GFp_mont_field_sqr;
  out->field_encode = ec_GFp_mont_field_encode;
  out->field_decode = ec_GFp_mont_field_decode;
+  out->scalar_inv_montgomery = ec_simple_scalar_inv_montgomery;
 };

 #endif /* !defined(OPENSSL_NO_ASM) && defined(OPENSSL_X86_64) && \
--- a/crypto/fipsmodule/ec/scalar.c
+++ b/crypto/fipsmodule/ec/scalar.c
@ -61,9 +61,14 @@ void ec_scalar_mul_montgomery(const EC_GROUP *group, EC_SCALAR *r,
                              group->order_mont);
 }

-void ec_scalar_inv_montgomery(const EC_GROUP *group, EC_SCALAR *r,
-                              const EC_SCALAR *a) {
+void ec_simple_scalar_inv_montgomery(const EC_GROUP *group, EC_SCALAR *r,
+                                     const EC_SCALAR *a) {
  const BIGNUM *order = &group->order;
  bn_mod_inverse_prime_mont_small(r->words, a->words, order->width,
                                  group->order_mont);
 }
+
+void ec_scalar_inv_montgomery(const EC_GROUP *group, EC_SCALAR *r,
+                              const EC_SCALAR *a) {
+  group->meth->scalar_inv_montgomery(group, r, a);
+}
--- a/third_party/fiat/p256.c
+++ b/third_party/fiat/p256.c
@ -1819,6 +1819,7 @@ DEFINE_METHOD_FUNCTION(EC_METHOD, EC_GFp_nistp256_method) {
  out->field_sqr = ec_GFp_mont_field_sqr;
  out->field_encode = ec_GFp_mont_field_encode;
  out->field_decode = ec_GFp_mont_field_decode;
+  out->scalar_inv_montgomery = ec_simple_scalar_inv_montgomery;
 };

 #undef BORINGSSL_NISTP256_64BIT