emo/busybox
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

tls: code shrink in curve 25519

Browse Source 
function                                             old     new   delta
curve25519                                           832     849     +17
curve_x25519_compute_pubkey_and_premaster             74      71      -3
static.basepoint9                                     32       -     -32
------------------------------------------------------------------------------
(add/remove: 0/1 grow/shrink: 1/1 up/down: 17/-35)            Total: -18 bytes

Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
This commit is contained in:
Denys Vlasenko 2021-04-28 12:19:24 +02:00
parent acd3079fd1
commit b35eef5383
1 changed files with 26 additions and 18 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

44
networking/tls_fe.c
View File

@ -108,26 +108,26 @@ static void raw_try_sub(byte *x, const byte *p)
#if 0 //UNUSED #if 0 //UNUSED
static int prime_msb(const byte *p) static int prime_msb(const byte *p)
{ {
int i; int i;
byte x; byte x;
int shift = 1; int shift = 1;
int z = F25519_SIZE - 1; int z = F25519_SIZE - 1;
/* /*
Test for any hot bits. Test for any hot bits.
As soon as one instance is encountered set shift to 0. As soon as one instance is encountered set shift to 0.
*/ */
for (i = F25519_SIZE - 1; i >= 0; i--) { for (i = F25519_SIZE - 1; i >= 0; i--) {
shift &= ((shift ^ ((-p[i] | p[i]) >> 7)) & 1); shift &= ((shift ^ ((-p[i] | p[i]) >> 7)) & 1);
z -= shift; z -= shift;
} }
x = p[z]; x = p[z];
z <<= 3; z <<= 3;
shift = 1; shift = 1;
for (i = 0; i < 8; i++) { for (i = 0; i < 8; i++) {
shift &= ((-(x >> i) | (x >> i)) >> (7 - i) & 1); shift &= ((-(x >> i) | (x >> i)) >> (7 - i) & 1);
z += shift; z += shift;
} }
return z - 1; return z - 1;
} }
@ -549,6 +549,9 @@ static void curve25519(byte *result, const byte *e, const byte *q)
int i; int i;
struct { struct {
/* for bbox's special case of q == NULL meaning "use basepoint" */
/*static const*/ uint8_t basepoint9[CURVE25519_KEYSIZE]; // = {9};
/* from wolfssl-3.15.3/wolfssl/wolfcrypt/fe_operations.h */ /* from wolfssl-3.15.3/wolfssl/wolfcrypt/fe_operations.h */
/*static const*/ byte f25519_one[F25519_SIZE]; // = {1}; /*static const*/ byte f25519_one[F25519_SIZE]; // = {1};
@ -559,6 +562,7 @@ static void curve25519(byte *result, const byte *e, const byte *q)
byte xm1[F25519_SIZE]; // = {1}; byte xm1[F25519_SIZE]; // = {1};
byte zm1[F25519_SIZE]; // = {0}; byte zm1[F25519_SIZE]; // = {0};
} z; } z;
#define basepoint9 z.basepoint9
#define f25519_one z.f25519_one #define f25519_one z.f25519_one
#define xm z.xm #define xm z.xm
#define zm z.zm #define zm z.zm
@ -569,6 +573,11 @@ static void curve25519(byte *result, const byte *e, const byte *q)
zm[0] = 1; zm[0] = 1;
xm1[0] = 1; xm1[0] = 1;
if (!q) {
basepoint9[0] = 9;
q = basepoint9;
}
/* Note: bit 254 is assumed to be 1 */ /* Note: bit 254 is assumed to be 1 */
lm_copy(xm, q); lm_copy(xm, q);
@ -606,7 +615,6 @@ void FAST_FUNC curve_x25519_compute_pubkey_and_premaster(
uint8_t *pubkey, uint8_t *premaster, uint8_t *pubkey, uint8_t *premaster,
const uint8_t *peerkey32) const uint8_t *peerkey32)
{ {
static const uint8_t basepoint9[CURVE25519_KEYSIZE] ALIGN8 = {9};
uint8_t privkey[CURVE25519_KEYSIZE]; //[32] uint8_t privkey[CURVE25519_KEYSIZE]; //[32]
/* Generate random private key, see RFC 7748 */ /* Generate random private key, see RFC 7748 */
@ -615,7 +623,7 @@ void FAST_FUNC curve_x25519_compute_pubkey_and_premaster(
privkey[CURVE25519_KEYSIZE-1] = ((privkey[CURVE25519_KEYSIZE-1] & 0x7f) | 0x40); privkey[CURVE25519_KEYSIZE-1] = ((privkey[CURVE25519_KEYSIZE-1] & 0x7f) | 0x40);
/* Compute public key */ /* Compute public key */
curve25519(pubkey, privkey, basepoint9); curve25519(pubkey, privkey, NULL /* "use base point of x25519" */);
/* Compute premaster using peer's public key */ /* Compute premaster using peer's public key */
curve25519(premaster, privkey, peerkey32); curve25519(premaster, privkey, peerkey32);