kris/boringssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Implement field_{mul,sqr} in p224-64.c with p224_felems.

Browse Source 
This is in preparation for representing field elements with
stack-allocated types in the generic code. While there is likely little
benefit in threading all the turned field arithmetic through all the
generic code, and the P-224 logic, in particular, does not have a tight
enough abstraction for this, the current implementations depend on
BN_div, which is not compatible with stack-allocating things and avoiding
malloc.

This also speeds things up slightly, now that benchmarks cover point
validation.

Before:
Did 82786 ECDH P-224 operations in 10024326us (8258.5 ops/sec)
After:
Did 89991 ECDH P-224 operations in 10012429us (8987.9 ops/sec)

Change-Id: I468483b49f5dc69187aebd62834365ce5caab795
Reviewed-on: https://boringssl-review.googlesource.com/26971
Reviewed-by: Adam Langley <agl@google.com>
This commit is contained in:
David Benjamin 2018-04-01 15:36:02 -04:00 committed by Adam Langley
parent c81ecf3436
commit 5b05988add
3 changed files with 30 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
crypto/fipsmodule/ec/internal.h
View File

@ -249,10 +249,6 @@ int ec_GFp_simple_cmp(const EC_GROUP *, const EC_POINT *a, const EC_POINT *b,
int ec_GFp_simple_make_affine(const EC_GROUP *, EC_POINT *, BN_CTX *);
int ec_GFp_simple_points_make_affine(const EC_GROUP *, size_t num,
EC_POINT * [], BN_CTX *);
int ec_GFp_simple_field_mul(const EC_GROUP *, BIGNUM *r, const BIGNUM *a,
const BIGNUM *b, BN_CTX *);
int ec_GFp_simple_field_sqr(const EC_GROUP *, BIGNUM *r, const BIGNUM *a,
BN_CTX *);
// method functions in montgomery.c
int ec_GFp_mont_group_init(EC_GROUP *);

32
crypto/fipsmodule/ec/p224-64.c
View File

@ -1087,6 +1087,34 @@ static int ec_GFp_nistp224_points_mul(const EC_GROUP *group, EC_POINT *r,
return 1;
}
static int ec_GFp_nistp224_field_mul(const EC_GROUP *group, BIGNUM *r,
const BIGNUM *a, const BIGNUM *b,
BN_CTX *ctx) {
p224_felem felem1, felem2;
p224_widefelem wide;
if (!p224_BN_to_felem(felem1, a) ||
!p224_BN_to_felem(felem2, b)) {
return 0;
}
p224_felem_mul(wide, felem1, felem2);
p224_felem_reduce(felem1, wide);
p224_felem_contract(felem1, felem1);
return p224_felem_to_BN(r, felem1) != NULL;
}
static int ec_GFp_nistp224_field_sqr(const EC_GROUP *group, BIGNUM *r,
const BIGNUM *a, BN_CTX *ctx) {
p224_felem felem;
if (!p224_BN_to_felem(felem, a)) {
return 0;
}
p224_widefelem wide;
p224_felem_square(wide, felem);
p224_felem_reduce(felem, wide);
p224_felem_contract(felem, felem);
return p224_felem_to_BN(r, felem) != NULL;
}
DEFINE_METHOD_FUNCTION(EC_METHOD, EC_GFp_nistp224_method) {
out->group_init = ec_GFp_simple_group_init;
out->group_finish = ec_GFp_simple_group_finish;
@ -1095,8 +1123,8 @@ DEFINE_METHOD_FUNCTION(EC_METHOD, EC_GFp_nistp224_method) {
ec_GFp_nistp224_point_get_affine_coordinates;
out->mul = ec_GFp_nistp224_points_mul;
out->mul_public = ec_GFp_nistp224_points_mul;
out->field_mul = ec_GFp_simple_field_mul;
out->field_sqr = ec_GFp_simple_field_sqr;
out->field_mul = ec_GFp_nistp224_field_mul;
out->field_sqr = ec_GFp_nistp224_field_sqr;
out->field_encode = NULL;
out->field_decode = NULL;
};

10
crypto/fipsmodule/ec/simple.c
View File

@ -1034,13 +1034,3 @@ err:
return ret;
}
int ec_GFp_simple_field_mul(const EC_GROUP *group, BIGNUM *r, const BIGNUM *a,
const BIGNUM *b, BN_CTX *ctx) {
return BN_mod_mul(r, a, b, &group->field, ctx);
}
int ec_GFp_simple_field_sqr(const EC_GROUP *group, BIGNUM *r, const BIGNUM *a,
BN_CTX *ctx) {
return BN_mod_sqr(r, a, &group->field, ctx);
}