Harcode curve in semi-internal modMult function

Saves 80 bytes of code size.
This commit is contained in:
Manuel Pégourié-Gonnard 2019-11-04 12:12:00 +01:00
parent 3645ac93f5
commit c3ec14c87f
3 changed files with 31 additions and 36 deletions

View file

@ -367,8 +367,7 @@ void XYcZ_add(uECC_word_t * X1, uECC_word_t * Y1, uECC_word_t * X2,
* @param Z IN -- z value
* @param curve IN -- elliptic curve
*/
void apply_z(uECC_word_t * X1, uECC_word_t * Y1, const uECC_word_t * const Z,
uECC_Curve curve);
void apply_z(uECC_word_t * X1, uECC_word_t * Y1, const uECC_word_t * const Z);
/*
* @brief Check if bit is set.
@ -399,7 +398,7 @@ void uECC_vli_mmod(uECC_word_t *result, uECC_word_t *product,
* @param curve IN -- elliptic curve
*/
void uECC_vli_modMult_fast(uECC_word_t *result, const uECC_word_t *left,
const uECC_word_t *right, uECC_Curve curve);
const uECC_word_t *right);
/*
* @brief Computes result = left - right.

View file

@ -514,12 +514,9 @@ static void uECC_vli_modMult_rnd(uECC_word_t *result, const uECC_word_t *left,
}
void uECC_vli_modMult_fast(uECC_word_t *result, const uECC_word_t *left,
const uECC_word_t *right, uECC_Curve curve)
const uECC_word_t *right)
{
uECC_word_t product[2 * NUM_ECC_WORDS];
uECC_vli_mult_rnd(product, left, right, NULL);
curve->mmod_fast(result, product);
uECC_vli_modMult_rnd(result, left, right, NULL);
}
#define EVEN(vli) (!(vli[0] & 1))
@ -599,16 +596,16 @@ void double_jacobian_default(uECC_word_t * X1, uECC_word_t * Y1,
return;
}
uECC_vli_modMult_fast(t4, Y1, Y1, curve); /* t4 = y1^2 */
uECC_vli_modMult_fast(t5, X1, t4, curve); /* t5 = x1*y1^2 = A */
uECC_vli_modMult_fast(t4, t4, t4, curve); /* t4 = y1^4 */
uECC_vli_modMult_fast(Y1, Y1, Z1, curve); /* t2 = y1*z1 = z3 */
uECC_vli_modMult_fast(Z1, Z1, Z1, curve); /* t3 = z1^2 */
uECC_vli_modMult_fast(t4, Y1, Y1); /* t4 = y1^2 */
uECC_vli_modMult_fast(t5, X1, t4); /* t5 = x1*y1^2 = A */
uECC_vli_modMult_fast(t4, t4, t4); /* t4 = y1^4 */
uECC_vli_modMult_fast(Y1, Y1, Z1); /* t2 = y1*z1 = z3 */
uECC_vli_modMult_fast(Z1, Z1, Z1); /* t3 = z1^2 */
uECC_vli_modAdd(X1, X1, Z1, curve->p, num_words); /* t1 = x1 + z1^2 */
uECC_vli_modAdd(Z1, Z1, Z1, curve->p, num_words); /* t3 = 2*z1^2 */
uECC_vli_modSub(Z1, X1, Z1, curve->p, num_words); /* t3 = x1 - z1^2 */
uECC_vli_modMult_fast(X1, X1, Z1, curve); /* t1 = x1^2 - z1^4 */
uECC_vli_modMult_fast(X1, X1, Z1); /* t1 = x1^2 - z1^4 */
uECC_vli_modAdd(Z1, X1, X1, curve->p, num_words); /* t3 = 2*(x1^2 - z1^4) */
uECC_vli_modAdd(X1, X1, Z1, curve->p, num_words); /* t1 = 3*(x1^2 - z1^4) */
@ -621,11 +618,11 @@ void double_jacobian_default(uECC_word_t * X1, uECC_word_t * Y1,
}
/* t1 = 3/2*(x1^2 - z1^4) = B */
uECC_vli_modMult_fast(Z1, X1, X1, curve); /* t3 = B^2 */
uECC_vli_modMult_fast(Z1, X1, X1); /* t3 = B^2 */
uECC_vli_modSub(Z1, Z1, t5, curve->p, num_words); /* t3 = B^2 - A */
uECC_vli_modSub(Z1, Z1, t5, curve->p, num_words); /* t3 = B^2 - 2A = x3 */
uECC_vli_modSub(t5, t5, Z1, curve->p, num_words); /* t5 = A - x3 */
uECC_vli_modMult_fast(X1, X1, t5, curve); /* t1 = B * (A - x3) */
uECC_vli_modMult_fast(X1, X1, t5); /* t1 = B * (A - x3) */
/* t4 = B * (A - x3) - y1^4 = y3: */
uECC_vli_modSub(t4, X1, t4, curve->p, num_words);
@ -641,9 +638,9 @@ void x_side_default(uECC_word_t *result,
uECC_word_t _3[NUM_ECC_WORDS] = {3}; /* -a = 3 */
wordcount_t num_words = curve->num_words;
uECC_vli_modMult_fast(result, x, x, curve); /* r = x^2 */
uECC_vli_modMult_fast(result, x, x); /* r = x^2 */
uECC_vli_modSub(result, result, _3, curve->p, num_words); /* r = x^2 - 3 */
uECC_vli_modMult_fast(result, result, x, curve); /* r = x^3 - 3x */
uECC_vli_modMult_fast(result, result, x); /* r = x^3 - 3x */
/* r = x^3 - 3x + b: */
uECC_vli_modAdd(result, result, curve->b, curve->p, num_words);
}
@ -759,15 +756,14 @@ uECC_word_t EccPoint_isZero(const uECC_word_t *point, uECC_Curve curve)
return uECC_vli_isZero(point, curve->num_words * 2);
}
void apply_z(uECC_word_t * X1, uECC_word_t * Y1, const uECC_word_t * const Z,
uECC_Curve curve)
void apply_z(uECC_word_t * X1, uECC_word_t * Y1, const uECC_word_t * const Z)
{
uECC_word_t t1[NUM_ECC_WORDS];
uECC_vli_modMult_fast(t1, Z, Z, curve); /* z^2 */
uECC_vli_modMult_fast(X1, X1, t1, curve); /* x1 * z^2 */
uECC_vli_modMult_fast(t1, t1, Z, curve); /* z^3 */
uECC_vli_modMult_fast(Y1, Y1, t1, curve); /* y1 * z^3 */
uECC_vli_modMult_fast(t1, Z, Z); /* z^2 */
uECC_vli_modMult_fast(X1, X1, t1); /* x1 * z^2 */
uECC_vli_modMult_fast(t1, t1, Z); /* z^3 */
uECC_vli_modMult_fast(Y1, Y1, t1); /* y1 * z^3 */
}
/* P = (x1, y1) => 2P, (x2, y2) => P' */
@ -788,9 +784,9 @@ static void XYcZ_initial_double(uECC_word_t * X1, uECC_word_t * Y1,
uECC_vli_set(X2, X1, num_words);
uECC_vli_set(Y2, Y1, num_words);
apply_z(X1, Y1, z, curve);
apply_z(X1, Y1, z);
curve->double_jacobian(X1, Y1, z, curve);
apply_z(X2, Y2, z, curve);
apply_z(X2, Y2, z);
}
static void XYcZ_add_rnd(uECC_word_t * X1, uECC_word_t * Y1,
@ -905,17 +901,17 @@ static void EccPoint_mult(uECC_word_t * result, const uECC_word_t * point,
/* Find final 1/Z value. */
uECC_vli_modSub(z, Rx[1], Rx[0], curve->p, num_words); /* X1 - X0 */
uECC_vli_modMult_fast(z, z, Ry[1 - nb], curve); /* Yb * (X1 - X0) */
uECC_vli_modMult_fast(z, z, point, curve); /* xP * Yb * (X1 - X0) */
uECC_vli_modMult_fast(z, z, Ry[1 - nb]); /* Yb * (X1 - X0) */
uECC_vli_modMult_fast(z, z, point); /* xP * Yb * (X1 - X0) */
uECC_vli_modInv(z, z, curve->p, num_words); /* 1 / (xP * Yb * (X1 - X0))*/
/* yP / (xP * Yb * (X1 - X0)) */
uECC_vli_modMult_fast(z, z, point + num_words, curve);
uECC_vli_modMult_fast(z, z, point + num_words);
/* Xb * yP / (xP * Yb * (X1 - X0)) */
uECC_vli_modMult_fast(z, z, Rx[1 - nb], curve);
uECC_vli_modMult_fast(z, z, Rx[1 - nb]);
/* End 1/Z calculation */
XYcZ_add_rnd(Rx[nb], Ry[nb], Rx[1 - nb], Ry[1 - nb], ws);
apply_z(Rx[0], Ry[0], z, curve);
apply_z(Rx[0], Ry[0], z);
uECC_vli_set(result, Rx[0], num_words);
uECC_vli_set(result + num_words, Ry[0], num_words);
@ -1070,7 +1066,7 @@ int uECC_valid_point(const uECC_word_t *point, uECC_Curve curve)
return -2;
}
uECC_vli_modMult_fast(tmp1, point + num_words, point + num_words, curve);
uECC_vli_modMult_fast(tmp1, point + num_words, point + num_words);
curve->x_side(tmp2, point, curve); /* tmp2 = x^3 + ax + b */
/* Make sure that y^2 == x^3 + ax + b */

View file

@ -257,7 +257,7 @@ int uECC_verify(const uint8_t *public_key, const uint8_t *message_hash,
uECC_vli_modSub(z, sum, tx, curve->p, num_words); /* z = x2 - x1 */
XYcZ_add(tx, ty, sum, sum + num_words, curve);
uECC_vli_modInv(z, z, curve->p, num_words); /* z = 1/z */
apply_z(sum, sum + num_words, z, curve);
apply_z(sum, sum + num_words, z);
/* Use Shamir's trick to calculate u1*G + u2*Q */
points[0] = 0;
@ -283,15 +283,15 @@ int uECC_verify(const uint8_t *public_key, const uint8_t *message_hash,
if (point) {
uECC_vli_set(tx, point, num_words);
uECC_vli_set(ty, point + num_words, num_words);
apply_z(tx, ty, z, curve);
apply_z(tx, ty, z);
uECC_vli_modSub(tz, rx, tx, curve->p, num_words); /* Z = x2 - x1 */
XYcZ_add(tx, ty, rx, ry, curve);
uECC_vli_modMult_fast(z, z, tz, curve);
uECC_vli_modMult_fast(z, z, tz);
}
}
uECC_vli_modInv(z, z, curve->p, num_words); /* Z = 1/Z */
apply_z(rx, ry, z, curve);
apply_z(rx, ry, z);
/* v = x1 (mod n) */
if (uECC_vli_cmp_unsafe(curve->n, rx, num_n_words) != 1) {