From: Niels Möller Date: Tue, 13 Oct 2020 19:49:34 +0000 (+0200) Subject: Merge branch 'invert-with-redc' into master-updates X-Git-Tag: nettle_3.7rc1~57 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=04b25045c8aeed37b875861378302aa086f287a8;p=thirdparty%2Fnettle.git Merge branch 'invert-with-redc' into master-updates --- 04b25045c8aeed37b875861378302aa086f287a8 diff --cc ChangeLog index 51bc1263,42b91357..15d72b5e --- a/ChangeLog +++ b/ChangeLog @@@ -1,376 -1,22 +1,395 @@@ -2020-01-29 Niels Möller ++2020-10-13 Niels Möller + + * ecc-mod-inv.c (ecc_mod_inv_destructive): New helper function, + not preserving input argument. Extracted from old ecc_mod_inv. + (ecc_mod_inv): Call ecc_mod_inv_destructive. + (ecc_mod_inv_redc): New inversion function, with input and output + in redc form. + + * ecc-secp224r1.c: Select between ecc_mod_inv and ecc_mod_inv_redc. + * ecc-secp256r1.c: Likewise. + + * ecc-j-to-a.c (ecc_j_to_a): Simplify redc-related logic, taking + advantage of ecc->p.invert handling redc, when appropriate. Reduce + scratch need from 5n to 4n in the process (assuming inversion + needs 2n). + + * testsuite/ecc-modinv-test.c (ref_modinv): Updated to do redc, if + appropriate. + +2020-09-25 Niels Möller + + * gcm.c (gcm_fill): Added separate implementations for big- and + little-endian, to use uint64_t stores and less overhead. + +2020-09-24 Niels Möller + + * aclocal.m4 (GMP_ASM_POWERPC_R_REGISTERS): Prefer to use register + names. Can be tested by configuring with CC='gcc -Wa,-mregnames'. + +2020-09-21 Niels Möller + + * m4-utils.m4: New file with m4 utilities, copied from GMP's + mpn/asm-defs.m4. + * Makefile.in (DISTFILES): Add m4-utils.m4. + (%.asm): Include m4-utils.m4 for preprocessing of .asm files, and + include config.m4 before machine.m4. + + * aclocal.m4 (GMP_ASM_POWERPC_R_REGISTERS): New configure test, + adapted from corresponding test in GMP's acinlude.m4. + * configure.ac (ASM_PPC_WANT_R_REGISTERS): New substituted + variable. Set using GMP_ASM_POWERPC_R_REGISTERS, when powerpc64 + assembly code is enabled. + * config.m4.in: Substituted here. + * powerpc64/machine.m4: Check ASM_PPC_WANT_R_REGISTERS, and + if needed, replace register names like r0, r1, ... with integers. + +2020-09-15 Niels Möller + + * Makefile.in (DISTFILES): Add missing file blowfish-internal.h. + +2020-09-14 Niels Möller + + * asm.m4: Delete use of changequote, stick to the m4 default + quoting characters `'. Updated all assembly and m4 files. + * x86_64/machine.m4 (W64_ENTRY, W64_EXIT): Delete quoting workaround. + +2020-09-12 Niels Möller + + * x86_64/salsa20-2core.asm: Fix incorrect W64_EXIT. + +2020-08-29 Niels Möller + + Initial powerpc64 assembly support, contributed by Mamone Tarsha: + * configure.ac: New configure option --enable-power-crypto-ext. + (asm_path): Setup this and related variables for powerpc64. + * powerpc64/machine.m4: New file. + * powerpc64/README: New file. + * powerpc64/p8/aes-encrypt-internal.asm: New file. + * powerpc64/p8/aes-decrypt-internal.asm: New file. + * powerpc64/fat/aes-encrypt-internal-2.asm: New file. + * powerpc64/fat/aes-decrypt-internal-2.asm: New file. + * fat-ppc.c: New file. + * Makefile.in (OPT_SOURCES): Add fat-ppc.c. + (distdir): Add powerpc64 directories. + * aes-decrypt-internal.c (_nettle_aes_decrypt_c): Alternative + name, for fat builds. + * aes-encrypt-internal.c (_nettle_aes_encrypt_c): Likewise. + +2020-07-28 Niels Möller + + * configure.ac (FAT_TEST_LIST): New substituted variable. Set for + fat builds, otherwise empty. + * Makefile.in (check-fat): New target, using $(FAT_TEST_LIST). + +2020-07-13 Niels Möller + + * chacha-crypt.c (chacha_crypt) [HAVE_NATIVE_chacha_3core]: Use + _chacha_3core. + + * arm/neon/chacha-3core.asm: New file, 3-way interleaving of + chacha. + +2020-07-11 Niels Möller + + * testsuite/chacha-test.c (test_main): Delete obsolete tests for + chacha with 128-bit keys. #if:ed out since 2014-03-04, see below. + (test_chacha_core): New function, test chacha with simple input + structure. + +2020-07-10 Niels Möller + + * x86_64/salsa20-2core.asm: New file. + * x86_64/salsa20-crypt.asm: Deleted, siince the 2core assembly is + faster. + +2020-07-08 Niels Möller + + Rearrange salsa20, enabling ARM fat builds to use sala20_2core. + * salsa20-crypt-internal.c (_salsa20_crypt_2core) + (_salsa20_crypt_1core): New file, new functions. One or the other + is used for implementing salsa20_crypt and salsa20r12_crypt, + depending on availability of salsa20_2core. + * salsa20-crypt.c (salsa20_crypt): Call _salsa20_crypt. + * salsa20r12-crypt.c (salsa20r12_crypt): Likewise. + * salsa20-internal.h: Declare new internal functions. + * Makefile.in (nettle_SOURCES): Add salsa20-crypt-internal.c. + * fat-setup.h (salsa20_crypt_func): New typedef. + * fat-arm.c (_salsa20_crypt): Select _salsa20_crypt + implementation, use 2core version when Neon instructions are + available. + * arm/fat/salsa20-2core.asm: New file, including Neon + implementation. Trigger configure's HAVE_NATIVE_fat_salsa20_2core, + * configure.ac: Add HAVE_NATIVE_fat_salsa20_2core, to identify the + case that salsa20_2core is defined, but runtime checks are needed + to determine if it is usable. + +2020-07-06 Niels Möller + + * testsuite/salsa20-test.c (test_salsa20_core): New function, test + salsa20 with simple input structure. + + * configure.ac: Obey --enable-arm-neon=yes, even if not explicitly + targetting ARM v6 or later. + +2020-07-01 Niels Möller + + * testsuite/bcrypt-test.c: New file. Moved bcrypt tests here. + + Support for bcrypt, contributed by Stephen R. van den Berg. + * blowfish-bcrypt.c (blowfish_bcrypt_hash) + (blowfish_bcrypt_verify): New file, new functions. + * blowfish-internal.h: New header file, declaring internals needed + for bcrypt. + * testsuite/blowfish-test.c: Add bcrypt tests. + * nettle.texinfo (Cipher functions): Document bcrypt. + +2020-06-30 Niels Möller + + * nettle.texinfo (Miscellaneous hash functions): New section, with + Streebog documentation, contributed by Dmitry Baryshkov. + (Top): Added some missing entries to the detailed node listing + +2020-06-29 Niels Möller + + * .gitlab-ci.yml: Add cross tests for powerpc64le, based on patch + by Maamoun TK. + +2020-06-25 Niels Möller + + * x86_64/chacha-core-internal.asm (QROUND): Fix use of macro + arguments. Spotted by Torbjörn Granlund. + +2020-06-02 Niels Möller + + * examples/nettle-benchmark.c (main): Delete call to + time_overhead. The attempt to measure function call overhead is + not very useful or accurate. The benchmarking loop is optimized + away by gcc-10, making the benchmark program hang. + (bench_nothing, time_overhead): Deleted. + +2020-04-29 Niels Möller + + * Released Nettle-3.6. + +2020-04-27 Niels Möller + + * configure.ac: Tweak gcc command line options. Delete checks for + older gcc versions. Add -Wno-sign-compare, since warnings for + signed/unsigned comparisons adds a lot of noise, in particular + when building mini-gmp. + + * mini-gmp.c: Updated mini-gmp from the gmp repository, latest + change from 2020-04-20. + * mini-gmp.h: Likewise. + +2020-04-25 Niels Möller + + * gmp-glue.c (mpz_limbs_read, mpz_limbs_write, mpz_limbs_modify) + (mpz_limbs_finish, mpz_roinit_n): Delete compatibility + definitions. These functions available in GMP since version 6.0.0. + * gmp-glue.h: Delete corresponding declarations, and preprocessor + conditions. + + * configure.ac: Update required version of GMP to 6.1.0, needed + for mpn_zero_p. + * ecc-ecdsa-verify.c (zero_p): Deleted static function, usage + replaced with mpn_zero_p. + * testsuite/testutils.c (mpn_zero_p): Delete conditional + definition. + * testsuite/testutils.h: Delete corresponding declarations. + + * Makefile.in (DISTFILES): Add poly1305-internal.h. + * testsuite/Makefile.in (DISTFILES): Delete setup-env. + +2020-04-23 Niels Möller + + * run-tests: Set WINEPATH, since it appears wine doesn't search + for dlls in the unix PATH. + * examples/setup-env: Delete creation of extra dll symlinks. + * examples/teardown-env: Delete corresponding cleanup. + * testsuite/setup-env: Deleted file (same symlink creation). + * testsuite/teardown-env: Delete corresponding cleanup. + + * testsuite/ecc-add-test.c (test_main): Delete ASSERTs with + functions pointer comparisons. They provide little value, and fail + when linking with hogweed.dll on windows. + * testsuite/ecc-dup-test.c (test_main): Likewise. + +2020-04-22 Niels Möller + + * testsuite/Makefile.in: Use pattern rules for test executables, + replacing... + (test-rules): ...deleted rule. + * testsuite/.test-rules.make: Deleted file. + +2020-04-21 Niels Möller + + From Dmitry Baryshkov: + * gostdsa-vko.c (gostdsa_vko): New file and function. + * testsuite/gostdsa-vko-test.c (test_vko): New test. + * nettle.texinfo (GOSTDSA): Document it. + +2020-04-19 Niels Möller + + From Dmitry Baryshkov: + * gosthash94.h (struct gosthash94_ctx): Rearrange struct to enable + use of MD_UPDATE macro, in particular, replacing byte count with + block count and index. Also move buffer last, for consistency with + other hash functions. + * gosthash94.c (gosthash94_update_int): Use MD_UPDATE macro. + (gosthash94_write_digest): Update for block count rather than byte + count. + +2020-04-17 Niels Möller + + * configure.ac (LIBNETTLE_MAJOR): Increase libnettle version + number to 8.0, for move of internal poly1305 functions. + (LIBNETTLE_MINOR): Reset to zero. + +2020-04-15 Niels Möller + + From Dmitry Baryshkov: + * poly1305.h (poly1305_set_key, poly1305_digest, _poly1305_block): + Removed declarations from this public header file. + * poly1305-internal.h: New file, with declarations of internal + poly1305 functions. + (_poly1305_set_key, _poly1305_digest): Renamed, with leading + underscore. Updated definitions and all uses. + +2020-04-12 Niels Möller + + * Makefile.in (DISTFILES): Reorder to ensure that generated des + headers can't be older than desdata.stamp. + + * testsuite/ed448-test.c: Define _GNU_SOURCE, for getline with gcc + -std=c89. + +2020-04-06 Niels Möller + + * configure.ac (LIBHOGWEED_MAJOR): Increase libhogweed version + number to 6.0, at request of Gnutls team. + (LIBHOGWEED_MINOR): Reset to zero. + +2020-04-01 Niels Möller + + * config.guess: Update to 2020-01-01 version, from savannah's + config.git. + * config.sub: Likewise. + +2020-03-31 Niels Möller + + * aclocal.m4 (LSH_TYPE_SOCKLEN_T, LSH_CHECK_KRB_LIB, LSH_LIB_ARGP) + (LSH_MAKE_CONDITIONAL): Delete unused macros. + + * config.make.in (abs_top_builddir, TEST_SHLIB_DIR): New variables. + + * run-tests: Check TEST_SHLIB_DIR, and set up LD_LIBRARY_PATH and + related member variables. + + * testsuite/Makefile.in (check): Pass only TEST_SHLIB_DIR + to the run-tests script, and leave setting of LD_LIBRARY_PATH and + related variables to that script. + * examples/Makefile.in (check): Likewise. + +2020-03-26 Niels Möller + + * configure.ac: Bump package version to 3.6. + (LIBNETTLE_MINOR): Bump minor number, now 7.1. + (LIBHOGWEED_MINOR): Bump minor numbers, now 5.1 + +2020-03-14 Niels Möller + + From H.J. Lu: + * configure.ac (ASM_X86_ENDBR) + (ASM_X86_MARK_CETASM_X86_MARK_CET_ALIGN): New substituted + variables. + * config.m4.in: Substituted here. Add ASM_X86_MARK_CET to + diversion inserted at end of assembly files. + * asm.m4 (PROLOGUE): Add ASM_X86_ENDBR at entry point. + +2020-03-09 Niels Möller + + From Daiki Ueno: + * chacha-crypt.c (chacha_crypt32): New function. + * chacha-set-nonce.c (chacha_set_counter, chacha_set_counter32): + New functions. + * chacha.h (CHACHA_COUNTER_SIZE, CHACHA_COUNTER32_SIZE): New constants. + * chacha-poly1305.c (chacha_poly1305_encrypt) + (chacha_poly1305_decrypt): Use chacha_crypt32. + * testsuite/chacha-test.c: Update tests to use new functions. + * nettle.texinfo: Document new chacha functions, and update + out-of-date chacha-poly1305 documentation. + +2020-03-08 Niels Möller + + From Dmitry Baryshkov: + * cmac-des3-meta.c (nettle_cmac_des): New file, moving definition + from... + * testsuite/cmac-test.c: ... old location. + * nettle-meta.h (nettle_cmac_des): Declare it. + +2020-02-15 Niels Möller + + From Dmitry Baryshkov: + * ecc-internal.h (ecc_modq_add, ecc_modq_mul, ecc_modp_sqr) + (ecc_modp_mul, ecc_mod_submul_1, ecc_modp_mul_1, ecc_modp_add) + (ecc_modp_sub): Deleted macros. Updated callers to use respective + functions instead. + (ecc_modp_addmul_1): Delete unused macro. + +2020-02-09 Niels Möller + + Addition of struct nettle_mac based on patches by Daiki Ueno. + * nettle-meta-macs.c (nettle_get_macs): New file, new function. + * testsuite/meta-mac-test.c: New test. + + * nettle-meta.h (_NETTLE_HMAC): New macro. + (nettle_hmac_md5, nettle_hmac_ripemd160, nettle_hmac_sha1) + (nettle_hmac_sha224, nettle_hmac_sha256, nettle_hmac_sha384) + (nettle_hmac_sha512): Declare. + (struct nettle_mac): New public struct, + * testsuite/testutils.h: ...moved from this file. + + * hmac-md5-meta.c: New file. + * hmac-ripemd160-meta.c: Likewise. + * hmac-sha1-meta.c: Likewise. + * hmac-sha224-meta.c: Likewise. + * hmac-sha256-meta.c: Likewise. + * hmac-sha384-meta.c: Likewise. + * hmac-sha512-meta.c: Likewise. + + * Makefile.in (nettle_SOURCES): Add new files. + + * testsuite/testutils.h (_NETTLE_HMAC): Delete unused version of + this macro. + * testsuite/testutils.c (test_mac): Allow testing with smaller + digest size. + * testsuite/hmac-test.c (test_main): Use test_mac for tests using + key size == digest size. + + * testsuite/cmac-test.c (nettle_cmac_aes128, nettle_cmac_aes256): + Moved to... + * cmac-aes128-meta.c: New file. + * cmac-aes256-meta.c: New file. + + * nettle-meta.h (struct nettle_mac): New public struct, + * testsuite/testutils.h: ...moved from this file. + +2020-02-06 Niels Möller + + From Dmitry Baryshkov: + * gost28147.h: Deleted, move declarations to gost28147-internal.h. + +2020-02-05 Niels Möller + + * configure.ac: On Solaris, link shared libraries with --shared + rather than -G. For gcc, --shared is the proper way. For Solaris' + proprietary cc, according to docs, it accepts --shared as an alias + for -G since Oracle Solaris Studio 12.4, and it was made more gcc + compatible in later versions. Since 12.4 was released in 2014, + don't attempt to cater for older versions. + 2020-01-26 Niels Möller * ecc-internal.h (struct ecc_curve): Delete g, the curve diff --cc ecc-j-to-a.c index a232e0c5,faaaa717..fd329a48 --- a/ecc-j-to-a.c +++ b/ecc-j-to-a.c @@@ -53,41 -51,20 +51,20 @@@ ecc_j_to_a (const struct ecc_curve *ecc mp_limb_t cy; - if (ecc->use_redc) - { - /* Set v = (r_z / B^2)^-1, - - r_x = p_x v^2 / B^3 = ((v/B * v)/B * p_x)/B - r_y = p_y v^3 / B^4 = (((v/B * v)/B * v)/B * p_y)/B - */ - - mpn_copyi (up, p + 2*ecc->p.size, ecc->p.size); - mpn_zero (up + ecc->p.size, ecc->p.size); - ecc->p.reduce (&ecc->p, up); - mpn_zero (up + ecc->p.size, ecc->p.size); - ecc->p.reduce (&ecc->p, up); - - ecc->p.invert (&ecc->p, izp, up, up + ecc->p.size); + ecc->p.invert (&ecc->p, izp, p+2*ecc->p.size, izp + 2 * ecc->p.size); - ecc_modp_sqr (ecc, iz2p, izp); ++ ecc_mod_sqr (&ecc->p, iz2p, izp); - /* Divide this common factor by B */ - mpn_copyi (izBp, izp, ecc->p.size); - mpn_zero (izBp + ecc->p.size, ecc->p.size); - ecc->p.reduce (&ecc->p, izBp); - - ecc_mod_mul (&ecc->p, iz2p, izp, izBp); - } - else + if (ecc->use_redc) { - /* Set s = p_z^{-1}, r_x = p_x s^2, r_y = p_y s^3 */ - - mpn_copyi (up, p+2*ecc->p.size, ecc->p.size); /* p_z */ - ecc->p.invert (&ecc->p, izp, up, up + ecc->p.size); - - ecc_mod_sqr (&ecc->p, iz2p, izp); + /* Divide this common factor by B, instead of applying redc to + both x and y outputs. */ + mpn_zero (iz2p + ecc->p.size, ecc->p.size); + ecc->p.reduce (&ecc->p, iz2p); } + /* r_x <-- x / z^2 */ - ecc_modp_mul (ecc, iz3p, iz2p, p); - /* ecc_modp (and ecc_modp_mul) may return a value up to 2p - 1, so + ecc_mod_mul (&ecc->p, iz3p, iz2p, p); + /* ecc_mod (and ecc_mod_mul) may return a value up to 2p - 1, so do a conditional subtraction. */ cy = mpn_sub_n (r, iz3p, ecc->p.m, ecc->p.size); cnd_copy (cy, r, iz3p, ecc->p.size);