emo/busybox
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

tls: simplify sp_256_ecc_gen_k_10, cosmetic changes

Browse Source 
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
This commit is contained in:
Denys Vlasenko 2021-04-26 14:33:38 +02:00
parent 6b69ab68b4
commit 074b33bf16
2 changed files with 52 additions and 138 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
networking/tls.h
View File

@ -111,9 +111,9 @@ void xorbuf_aligned_AES_BLOCK_SIZE(void* buf, const void* mask) FAST_FUNC;
#define CURVE25519_KEYSIZE 32 #define CURVE25519_KEYSIZE 32
void curve_x25519_compute_pubkey_and_premaster( void curve_x25519_compute_pubkey_and_premaster(
uint8_t *pubkey, uint8_t *premaster, uint8_t *pubkey32, uint8_t *premaster32,
const uint8_t *peerkey32) FAST_FUNC; const uint8_t *peerkey32) FAST_FUNC;
void curve_P256_compute_pubkey_and_premaster( void curve_P256_compute_pubkey_and_premaster(
uint8_t *pubkey, uint8_t *premaster, uint8_t *pubkey2x32, uint8_t *premaster32,
const uint8_t *peerkey32) FAST_FUNC; const uint8_t *peerkey2x32) FAST_FUNC;

184
networking/tls_sp_c32.c
View File

@ -57,7 +57,6 @@ typedef int32_t sp_digit;
/* Implementation by Sean Parkinson. */ /* Implementation by Sean Parkinson. */
/* Point structure to use. */
typedef struct sp_point { typedef struct sp_point {
sp_digit x[2 * 10]; sp_digit x[2 * 10];
sp_digit y[2 * 10]; sp_digit y[2 * 10];
@ -165,8 +164,6 @@ static void sp_256_point_from_bin2x32(sp_point* p, const uint8_t *bin2x32)
/* Compare a with b in constant time. /* Compare a with b in constant time.
* *
* a A single precision integer.
* b A single precision integer.
* return -ve, 0 or +ve if a is less than, equal to or greater than b * return -ve, 0 or +ve if a is less than, equal to or greater than b
* respectively. * respectively.
*/ */
@ -181,8 +178,6 @@ static sp_digit sp_256_cmp_10(const sp_digit* a, const sp_digit* b)
/* Compare two numbers to determine if they are equal. /* Compare two numbers to determine if they are equal.
* *
* a First number to compare.
* b Second number to compare.
* return 1 when equal and 0 otherwise. * return 1 when equal and 0 otherwise.
*/ */
static int sp_256_cmp_equal_10(const sp_digit* a, const sp_digit* b) static int sp_256_cmp_equal_10(const sp_digit* a, const sp_digit* b)
@ -198,10 +193,7 @@ static int sp_256_cmp_equal_10(const sp_digit* a, const sp_digit* b)
#endif #endif
} }
/* Normalize the values in each word to 26. /* Normalize the values in each word to 26 bits. */
*
* a Array of sp_digit to normalize.
*/
static void sp_256_norm_10(sp_digit* a) static void sp_256_norm_10(sp_digit* a)
{ {
int i; int i;
@ -211,12 +203,7 @@ static void sp_256_norm_10(sp_digit* a)
} }
} }
/* Add b to a into r. (r = a + b) /* Add b to a into r. (r = a + b) */
*
* r A single precision integer.
* a A single precision integer.
* b A single precision integer.
*/
static void sp_256_add_10(sp_digit* r, const sp_digit* a, const sp_digit* b) static void sp_256_add_10(sp_digit* r, const sp_digit* a, const sp_digit* b)
{ {
int i; int i;
@ -226,11 +213,6 @@ static void sp_256_add_10(sp_digit* r, const sp_digit* a, const sp_digit* b)
/* Conditionally add a and b using the mask m. /* Conditionally add a and b using the mask m.
* m is -1 to add and 0 when not. * m is -1 to add and 0 when not.
*
* r A single precision number representing conditional add result.
* a A single precision number to add with.
* b A single precision number to add.
* m Mask value to apply.
*/ */
static void sp_256_cond_add_10(sp_digit* r, const sp_digit* a, static void sp_256_cond_add_10(sp_digit* r, const sp_digit* a,
const sp_digit* b, const sp_digit m) const sp_digit* b, const sp_digit m)
@ -242,11 +224,6 @@ static void sp_256_cond_add_10(sp_digit* r, const sp_digit* a,
/* Conditionally subtract b from a using the mask m. /* Conditionally subtract b from a using the mask m.
* m is -1 to subtract and 0 when not. * m is -1 to subtract and 0 when not.
*
* r A single precision number representing condition subtract result.
* a A single precision number to subtract from.
* b A single precision number to subtract.
* m Mask value to apply.
*/ */
static void sp_256_cond_sub_10(sp_digit* r, const sp_digit* a, static void sp_256_cond_sub_10(sp_digit* r, const sp_digit* a,
const sp_digit* b, const sp_digit m) const sp_digit* b, const sp_digit m)
@ -256,23 +233,7 @@ static void sp_256_cond_sub_10(sp_digit* r, const sp_digit* a,
r[i] = a[i] - (b[i] & m); r[i] = a[i] - (b[i] & m);
} }
/* Add 1 to a. (a = a + 1) /* Shift number left one bit. Bottom bit is lost. */
*
* r A single precision integer.
* a A single precision integer.
*/
static void sp_256_add_one_10(sp_digit* a)
{
a[0]++;
sp_256_norm_10(a);
}
/* Shift number left one bit.
* Bottom bit is lost.
*
* r Result of shift.
* a Number to shift.
*/
static void sp_256_rshift1_10(sp_digit* r, sp_digit* a) static void sp_256_rshift1_10(sp_digit* r, sp_digit* a)
{ {
int i; int i;
@ -381,14 +342,8 @@ static void sp_256_mod_mul_norm_10(sp_digit* r, const sp_digit* a)
r[9] = (sp_digit)(t[7] >> 10); r[9] = (sp_digit)(t[7] >> 10);
} }
/* Mul a by scalar b and add into r. (r += a * b) /* Mul a by scalar b and add into r. (r += a * b) */
* static void sp_256_mul_add_10(sp_digit* r, const sp_digit* a, sp_digit b)
* r A single precision integer.
* a A single precision integer.
* b A scalar.
*/
static void sp_256_mul_add_10(sp_digit* r, const sp_digit* a,
const sp_digit b)
{ {
int64_t tb = b; int64_t tb = b;
int64_t t = 0; int64_t t = 0;
@ -402,12 +357,7 @@ static void sp_256_mul_add_10(sp_digit* r, const sp_digit* a,
r[10] += t; r[10] += t;
} }
/* Divide the number by 2 mod the modulus (prime). (r = a / 2 % m) /* Divide the number by 2 mod the modulus (prime). (r = a / 2 % m) */
*
* r Result of division by 2.
* a Number to divide.
* m Modulus (prime).
*/
static void sp_256_div2_10(sp_digit* r, const sp_digit* a, const sp_digit* m) static void sp_256_div2_10(sp_digit* r, const sp_digit* a, const sp_digit* m)
{ {
sp_256_cond_add_10(r, a, m, 0 - (a[0] & 1)); sp_256_cond_add_10(r, a, m, 0 - (a[0] & 1));
@ -415,11 +365,7 @@ static void sp_256_div2_10(sp_digit* r, const sp_digit* a, const sp_digit* m)
sp_256_rshift1_10(r, r); sp_256_rshift1_10(r, r);
} }
/* Shift the result in the high 256 bits down to the bottom. /* Shift the result in the high 256 bits down to the bottom. */
*
* r A single precision number.
* a A single precision number.
*/
static void sp_256_mont_shift_10(sp_digit* r, const sp_digit* a) static void sp_256_mont_shift_10(sp_digit* r, const sp_digit* a)
{ {
int i; int i;
@ -438,13 +384,7 @@ static void sp_256_mont_shift_10(sp_digit* r, const sp_digit* a)
memset(&r[10], 0, sizeof(*r) * 10); memset(&r[10], 0, sizeof(*r) * 10);
} }
/* Add two Montgomery form numbers (r = a + b % m). /* Add two Montgomery form numbers (r = a + b % m) */
*
* r Result of addition.
* a First number to add in Montogmery form.
* b Second number to add in Montogmery form.
* m Modulus (prime).
*/
static void sp_256_mont_add_10(sp_digit* r, const sp_digit* a, const sp_digit* b, static void sp_256_mont_add_10(sp_digit* r, const sp_digit* a, const sp_digit* b,
const sp_digit* m) const sp_digit* m)
{ {
@ -454,12 +394,7 @@ static void sp_256_mont_add_10(sp_digit* r, const sp_digit* a, const sp_digit* b
sp_256_norm_10(r); sp_256_norm_10(r);
} }
/* Double a Montgomery form number (r = a + a % m). /* Double a Montgomery form number (r = a + a % m) */
*
* r Result of doubling.
* a Number to double in Montogmery form.
* m Modulus (prime).
*/
static void sp_256_mont_dbl_10(sp_digit* r, const sp_digit* a, const sp_digit* m) static void sp_256_mont_dbl_10(sp_digit* r, const sp_digit* a, const sp_digit* m)
{ {
sp_256_add_10(r, a, a); sp_256_add_10(r, a, a);
@ -468,12 +403,7 @@ static void sp_256_mont_dbl_10(sp_digit* r, const sp_digit* a, const sp_digit* m
sp_256_norm_10(r); sp_256_norm_10(r);
} }
/* Triple a Montgomery form number (r = a + a + a % m). /* Triple a Montgomery form number (r = a + a + a % m) */
*
* r Result of Tripling.
* a Number to triple in Montogmery form.
* m Modulus (prime).
*/
static void sp_256_mont_tpl_10(sp_digit* r, const sp_digit* a, const sp_digit* m) static void sp_256_mont_tpl_10(sp_digit* r, const sp_digit* a, const sp_digit* m)
{ {
sp_256_add_10(r, a, a); sp_256_add_10(r, a, a);
@ -486,27 +416,15 @@ static void sp_256_mont_tpl_10(sp_digit* r, const sp_digit* a, const sp_digit* m
sp_256_norm_10(r); sp_256_norm_10(r);
} }
/* Sub b from a into r. (r = a - b) /* Sub b from a into r. (r = a - b) */
* static void sp_256_sub_10(sp_digit* r, const sp_digit* a, const sp_digit* b)
* r A single precision integer.
* a A single precision integer.
* b A single precision integer.
*/
static void sp_256_sub_10(sp_digit* r, const sp_digit* a,
const sp_digit* b)
{ {
int i; int i;
for (i = 0; i < 10; i++) for (i = 0; i < 10; i++)
r[i] = a[i] - b[i]; r[i] = a[i] - b[i];
} }
/* Subtract two Montgomery form numbers (r = a - b % m). /* Subtract two Montgomery form numbers (r = a - b % m) */
*
* r Result of subtration.
* a Number to subtract from in Montogmery form.
* b Number to subtract with in Montogmery form.
* m Modulus (prime).
*/
static void sp_256_mont_sub_10(sp_digit* r, const sp_digit* a, const sp_digit* b, static void sp_256_mont_sub_10(sp_digit* r, const sp_digit* a, const sp_digit* b,
const sp_digit* m) const sp_digit* m)
{ {
@ -554,12 +472,7 @@ static void sp_256_mont_reduce_10(sp_digit* a, const sp_digit* m, sp_digit mp)
sp_256_norm_10(a); sp_256_norm_10(a);
} }
/* Multiply a and b into r. (r = a * b) /* Multiply a and b into r. (r = a * b) */
*
* r A single precision integer.
* a A single precision integer.
* b A single precision integer.
*/
static void sp_256_mul_10(sp_digit* r, const sp_digit* a, const sp_digit* b) static void sp_256_mul_10(sp_digit* r, const sp_digit* a, const sp_digit* b)
{ {
int i, j, k; int i, j, k;
@ -600,11 +513,7 @@ static void sp_256_mont_mul_10(sp_digit* r, const sp_digit* a, const sp_digit* b
sp_256_mont_reduce_10(r, m, mp); sp_256_mont_reduce_10(r, m, mp);
} }
/* Square a and put result in r. (r = a * a) /* Square a and put result in r. (r = a * a) */
*
* r A single precision integer.
* a A single precision integer.
*/
static void sp_256_sqr_10(sp_digit* r, const sp_digit* a) static void sp_256_sqr_10(sp_digit* r, const sp_digit* a)
{ {
int i, j, k; int i, j, k;
@ -937,8 +846,8 @@ static void sp_256_ecc_mulmod_10(sp_point* r, const sp_point* g, const sp_digit*
else else
memcpy(r, t[0], sizeof(sp_point)); memcpy(r, t[0], sizeof(sp_point));
memset(tmp, 0, sizeof(tmp)); memset(tmp, 0, sizeof(tmp)); //paranoia
memset(td, 0, sizeof(td)); memset(td, 0, sizeof(td)); //paranoia
} }
/* Multiply the base point of P256 by the scalar and return the result. /* Multiply the base point of P256 by the scalar and return the result.
@ -956,20 +865,20 @@ static void sp_256_ecc_mulmod_base_10(sp_point* r, sp_digit* k /*, int map*/)
* The number is 0 padded to maximum size on output. * The number is 0 padded to maximum size on output.
* *
* priv Scalar to multiply the point by. * priv Scalar to multiply the point by.
* peerkey2x32 Point to multiply. * pub2x32 Point to multiply.
* out Buffer to hold X ordinate. * out32 Buffer to hold X ordinate.
*/ */
static void sp_ecc_secret_gen_256(sp_digit priv[10], const uint8_t *peerkey2x32, uint8_t* out32) static void sp_ecc_secret_gen_256(sp_digit priv[10], const uint8_t *pub2x32, uint8_t* out32)
{ {
sp_point point[1]; sp_point point[1];
#if FIXED_PEER_PUBKEY #if FIXED_PEER_PUBKEY
memset((void*)peerkey32, 0x55, 64); memset((void*)pub2x32, 0x55, 64);
#endif #endif
dump_hex("peerkey32 %s\n", peerkey2x32, 32); dump_hex("peerkey %s\n", pub2x32, 32); /* in TLS, this is peer's public key */
dump_hex(" %s\n", peerkey2x32 + 32, 32); dump_hex(" %s\n", pub2x32 + 32, 32);
sp_256_point_from_bin2x32(point, peerkey2x32); sp_256_point_from_bin2x32(point, pub2x32);
dump_hex("point->x %s\n", point->x, sizeof(point->x)); dump_hex("point->x %s\n", point->x, sizeof(point->x));
dump_hex("point->y %s\n", point->y, sizeof(point->y)); dump_hex("point->y %s\n", point->y, sizeof(point->y));
@ -979,14 +888,18 @@ static void sp_ecc_secret_gen_256(sp_digit priv[10], const uint8_t *peerkey2x32,
dump_hex("out32: %s\n", out32, 32); dump_hex("out32: %s\n", out32, 32);
} }
/* Generates a scalar that is in the range 1..order-1. /* Generates a scalar that is in the range 1..order-1. */
* #define SIMPLIFY 1
* rng Random number generator. /* Add 1 to a. (a = a + 1) */
* k Scalar value. #if !SIMPLIFY
*/ static void sp_256_add_one_10(sp_digit* a)
{
a[0]++;
sp_256_norm_10(a);
}
#endif
static void sp_256_ecc_gen_k_10(sp_digit k[10]) static void sp_256_ecc_gen_k_10(sp_digit k[10])
{ {
#define SIMPLIFY 1
#if !SIMPLIFY #if !SIMPLIFY
/* The order of the curve P256 minus 2. */ /* The order of the curve P256 minus 2. */
static const sp_digit p256_order2[10] = { static const sp_digit p256_order2[10] = {
@ -1007,7 +920,7 @@ static void sp_256_ecc_gen_k_10(sp_digit k[10])
break; break;
#else #else
/* non-loopy version (and not needing p256_order2[]): /* non-loopy version (and not needing p256_order2[]):
* if most-significant word seems that it can be larger * if most-significant word seems that k can be larger
* than p256_order2, fix it up: * than p256_order2, fix it up:
*/ */
if (k[9] >= 0x03fffff) if (k[9] >= 0x03fffff)
@ -1015,21 +928,22 @@ static void sp_256_ecc_gen_k_10(sp_digit k[10])
break; break;
#endif #endif
} }
#if !SIMPLIFY
sp_256_add_one_10(k); sp_256_add_one_10(k);
#else
if (k[0] == 0)
k[0] = 1;
#endif
#undef SIMPLIFY #undef SIMPLIFY
} }
/* Makes a random EC key pair. /* Makes a random EC key pair. */
* static void sp_ecc_make_key_256(sp_digit privkey[10], uint8_t *pubkey)
* priv Generated private value.
* pubkey Generated public point.
*/
static void sp_ecc_make_key_256(sp_digit k[10], uint8_t *pubkey)
{ {
sp_point point[1]; sp_point point[1];
sp_256_ecc_gen_k_10(k); sp_256_ecc_gen_k_10(privkey);
sp_256_ecc_mulmod_base_10(point, k); sp_256_ecc_mulmod_base_10(point, privkey);
sp_256_to_bin(point->x, pubkey); sp_256_to_bin(point->x, pubkey);
sp_256_to_bin(point->y, pubkey + 32); sp_256_to_bin(point->y, pubkey + 32);
@ -1037,16 +951,16 @@ static void sp_ecc_make_key_256(sp_digit k[10], uint8_t *pubkey)
} }
void FAST_FUNC curve_P256_compute_pubkey_and_premaster( void FAST_FUNC curve_P256_compute_pubkey_and_premaster(
uint8_t *pubkey, uint8_t *premaster32, uint8_t *pubkey2x32, uint8_t *premaster32,
const uint8_t *peerkey2x32) const uint8_t *peerkey2x32)
{ {
sp_digit privkey[10]; sp_digit privkey[10];
sp_ecc_make_key_256(privkey, pubkey); sp_ecc_make_key_256(privkey, pubkey2x32);
dump_hex("pubkey: %s\n", pubkey, 32); dump_hex("pubkey: %s\n", pubkey2x32, 32);
dump_hex(" %s\n", pubkey + 32, 32); dump_hex(" %s\n", pubkey2x32 + 32, 32);
/* Combine our privkey and peerkey32 to generate premaster */ /* Combine our privkey and peer's public key to generate premaster */
sp_ecc_secret_gen_256(privkey, /*x,y:*/peerkey2x32, premaster32); sp_ecc_secret_gen_256(privkey, /*x,y:*/peerkey2x32, premaster32);
dump_hex("premaster: %s\n", premaster32, 32); dump_hex("premaster: %s\n", premaster32, 32);
} }