From: Niels Möller Date: Tue, 20 Oct 2020 20:27:41 +0000 (+0200) Subject: Delete ecc_mod_inv_redc X-Git-Tag: nettle_3.7rc1~46 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=d921f8869577a5de83687290e2fe2a80d8c03ac8;p=thirdparty%2Fnettle.git Delete ecc_mod_inv_redc --- diff --git a/ChangeLog b/ChangeLog index aae9374e..c4678b22 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,5 +1,8 @@ 2020-10-20 Niels Möller + * ecc-mod-inv.c (ecc_mod_inv_redc): Deleted, no longer needed. + (ecc_mod_inv_destructive): Deleted, merged with ecc_mod_inv. + * ecc-secp256r1.c (ecc_secp256r1_inv): New function, modular inverse using powering. (_nettle_secp_256r1): Analogous updates. Increases signing diff --git a/ecc-internal.h b/ecc-internal.h index b4dfad2e..d26458e1 100644 --- a/ecc-internal.h +++ b/ecc-internal.h @@ -54,7 +54,6 @@ #define ecc_mod_random _nettle_ecc_mod_random #define ecc_mod _nettle_ecc_mod #define ecc_mod_inv _nettle_ecc_mod_inv -#define ecc_mod_inv_redc _nettle_ecc_mod_inv_redc #define ecc_hash _nettle_ecc_hash #define gost_hash _nettle_gost_hash #define ecc_a_to_j _nettle_ecc_a_to_j @@ -235,7 +234,6 @@ ecc_mod_func ecc_pp1_redc; ecc_mod_func ecc_pm1_redc; ecc_mod_inv_func ecc_mod_inv; -ecc_mod_inv_func ecc_mod_inv_redc; void ecc_mod_add (const struct ecc_modulo *m, mp_limb_t *rp, @@ -441,7 +439,7 @@ curve448_eh_to_x (mp_limb_t *xp, const mp_limb_t *p, /* Current scratch needs: */ #define ECC_MOD_INV_ITCH(size) (2*(size)) -/* Only valid when using the general ecc_mod_inv/ecc_mod_inv_redc ! */ +/* Only valid when using the general ecc_mod_inv ! */ #define ECC_J_TO_A_ITCH(size) (4*(size)) #define ECC_EH_TO_A_ITCH(size, inv) (2*(size)+(inv)) #define ECC_DUP_JJ_ITCH(size) (4*(size)) diff --git a/ecc-mod-inv.c b/ecc-mod-inv.c index 570f0568..a0c1097e 100644 --- a/ecc-mod-inv.c +++ b/ecc-mod-inv.c @@ -54,19 +54,22 @@ cnd_neg (int cnd, mp_limb_t *rp, const mp_limb_t *ap, mp_size_t n) } } -/* Compute v = a^{-1} mod m, with running time depending only on the - size. Returns zero if a == 0 (mod m), to be consistent with - a^{phi(m)-1}. Also needs (m+1)/2, and m must be odd. The value at - ap is destroyed in the process. +/* Compute a^{-1} mod m, with running time depending only on the size. + Returns zero if a == 0 (mod m), to be consistent with a^{phi(m)-1}. + Also needs (m+1)/2, and m must be odd. + + Needs 2n limbs available at rp, and 2n additional scratch limbs. */ /* FIXME: Could use mpn_sec_invert (in GMP-6), but with a bit more scratch need since it doesn't precompute (m+1)/2. */ -static void -ecc_mod_inv_destructive (const struct ecc_modulo *m, - mp_limb_t *vp, mp_limb_t *ap) +void +ecc_mod_inv (const struct ecc_modulo *m, + mp_limb_t *vp, const mp_limb_t *in_ap, + mp_limb_t *scratch) { -#define bp (ap + n) +#define ap scratch +#define bp (scratch + n) #define up (vp + n) mp_size_t n = m->size; @@ -91,6 +94,7 @@ ecc_mod_inv_destructive (const struct ecc_modulo *m, mpn_zero (up+1, n - 1); mpn_copyi (bp, m->m, n); mpn_zero (vp, n); + mpn_copyi (ap, in_ap, n); for (i = m->bit_size + GMP_NUMB_BITS * n; i-- > 0; ) { @@ -154,36 +158,3 @@ ecc_mod_inv_destructive (const struct ecc_modulo *m, #undef bp #undef up } - -/* Needs 2n limbs available at rp, and 2n additional scratch - limbs. */ -void -ecc_mod_inv (const struct ecc_modulo *m, - mp_limb_t *vp, const mp_limb_t *ap, - mp_limb_t *scratch) -{ - mpn_copyi (scratch, ap, m->size); - ecc_mod_inv_destructive (m, vp, scratch); -} - -/* Inversion, with input and output in redc form. I.e., we want v = - a^-1 (mod m), but inputs and outputs are v' = vB, a' = aB. Then - v' a' = B^2 (mod b), and we do the inversion as - - v' = (a / B^2)^-1 (mod m) -*/ - -void -ecc_mod_inv_redc (const struct ecc_modulo *m, - mp_limb_t *vp, const mp_limb_t *ap, - mp_limb_t *scratch) -{ - mpn_copyi (scratch, ap, m->size); - - mpn_zero (scratch + m->size, m->size); - m->reduce (m, scratch, scratch); - mpn_zero (scratch + m->size, m->size); - m->reduce (m, scratch, scratch); - - ecc_mod_inv_destructive (m, vp, scratch); -}