From: Niels Möller Date: Sat, 14 Nov 2020 16:32:12 +0000 (+0100) Subject: Update invert calls for curve25519_eh_to_x and curve448_eh_to_x X-Git-Tag: nettle_3.7rc1~41 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=65a8194f37f8b11041d8f8b3394d757758609681;p=thirdparty%2Fnettle.git Update invert calls for curve25519_eh_to_x and curve448_eh_to_x --- diff --git a/ChangeLog b/ChangeLog index 5d774a5f..3bb77d84 100644 --- a/ChangeLog +++ b/ChangeLog @@ -7,6 +7,9 @@ * ecc-eh-to-a.c (ecc_eh_to_a): Likewise. * ecc-j-to-a.c (ecc_j_to_a): Likewise. * ecc-gostdsa-verify.c (ecc_gostdsa_verify): Likewise. + * curve25519-eh-to-x.c (curve25519_eh_to_x): Likewise. + * curve448-eh-to-x.c (curve448_eh_to_x): Update invert call, and + reduce scratch need from 9*size to 5*size. * ecc-internal.h (ECC_MOD_INV_ITCH, ECC_J_TO_A_ITCH) (ECC_EH_TO_A_ITCH): Update accordingly, but no change in total scratch need. diff --git a/curve25519-eh-to-x.c b/curve25519-eh-to-x.c index 08ad3d91..f0f1920d 100644 --- a/curve25519-eh-to-x.c +++ b/curve25519-eh-to-x.c @@ -50,12 +50,12 @@ curve25519_eh_to_x (mp_limb_t *xp, const mp_limb_t *p, #define wp (p + 2*ecc->p.size) #define t0 scratch #define t1 (scratch + ecc->p.size) -#define t2 (scratch + 2*ecc->p.size) +#define tp (scratch + 2*ecc->p.size) const struct ecc_curve *ecc = &_nettle_curve25519; mp_limb_t cy; - /* If u = U/W and v = V/W are the coordiantes of the point on the + /* If u = U/W and v = V/W are the coordinates of the point on the Edwards curve we get the curve25519 x coordinate as x = (1+v) / (1-v) = (W + V) / (W - V) @@ -65,17 +65,17 @@ curve25519_eh_to_x (mp_limb_t *xp, const mp_limb_t *p, x = 0, and we should be fine, since ecc_mod_inv for ecc->p returns 0 in this case. */ ecc_mod_sub (&ecc->p, t0, wp, vp); - /* Needs a total of 5*size storage. */ - ecc->p.invert (&ecc->p, t1, t0, t2 + ecc->p.size); + /* Needs a total of 6*size storage. */ + ecc->p.invert (&ecc->p, t1, t0, tp); ecc_mod_add (&ecc->p, t0, wp, vp); - ecc_mod_mul (&ecc->p, t2, t0, t1, t2); + ecc_mod_mul (&ecc->p, t0, t0, t1, tp); - cy = mpn_sub_n (xp, t2, ecc->p.m, ecc->p.size); - cnd_copy (cy, xp, t2, ecc->p.size); + cy = mpn_sub_n (xp, t0, ecc->p.m, ecc->p.size); + cnd_copy (cy, xp, t0, ecc->p.size); #undef vp #undef wp #undef t0 #undef t1 -#undef t2 +#undef tp } diff --git a/curve448-eh-to-x.c b/curve448-eh-to-x.c index 6e3367ee..8f3f8c45 100644 --- a/curve448-eh-to-x.c +++ b/curve448-eh-to-x.c @@ -46,10 +46,10 @@ void curve448_eh_to_x (mp_limb_t *xp, const mp_limb_t *p, mp_limb_t *scratch) { +#define up p #define vp (p + ecc->p.size) #define t0 scratch -#define t1 (scratch + ecc->p.size) -#define t2 (scratch + 2*ecc->p.size) +#define tp (scratch + ecc->p.size) const struct ecc_curve *ecc = &_nettle_curve448; mp_limb_t cy; @@ -59,15 +59,15 @@ curve448_eh_to_x (mp_limb_t *xp, const mp_limb_t *p, mp_limb_t *scratch) x = v^2 / u^2 = (V/W)^2 / (U/W)^2 = (V/U)^2 */ - /* Needs a total of 9*size storage. */ - ecc->p.invert (&ecc->p, t0, p, t1 + ecc->p.size); - ecc_mod_mul (&ecc->p, t1, t0, vp, t1); - ecc_mod_mul (&ecc->p, t2, t1, t1, t2); - - cy = mpn_sub_n (xp, t2, ecc->p.m, ecc->p.size); - cnd_copy (cy, xp, t2, ecc->p.size); + /* Needs a total of 5*size storage. */ + ecc->p.invert (&ecc->p, t0, up, tp); + ecc_mod_mul (&ecc->p, t0, t0, vp, tp); + ecc_mod_sqr (&ecc->p, t0, t0, tp); + + cy = mpn_sub_n (xp, t0, ecc->p.m, ecc->p.size); + cnd_copy (cy, xp, t0, ecc->p.size); +#undef up #undef vp #undef t0 -#undef t1 -#undef t2 +#undef tp }