From: Niels Möller Date: Wed, 21 Oct 2020 06:23:42 +0000 (+0200) Subject: Fix preprocessor error, to ensure ecc_secp256r1_inv is always defined. X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=fb702f6cb058fd2119e6ed8a80817c5ef9b16a2a;p=thirdparty%2Fnettle.git Fix preprocessor error, to ensure ecc_secp256r1_inv is always defined. --- diff --git a/ecc-secp256r1.c b/ecc-secp256r1.c index e624b020..56741c7d 100644 --- a/ecc-secp256r1.c +++ b/ecc-secp256r1.c @@ -145,59 +145,6 @@ ecc_secp256r1_modp (const struct ecc_modulo *p, mp_limb_t *rp) rp[3] = u1; } -#define ECC_SECP256R1_INV_ITCH (7*ECC_LIMB_SIZE) - -static void -ecc_secp256r1_inv (const struct ecc_modulo *p, - mp_limb_t *rp, const mp_limb_t *ap, - mp_limb_t *scratch) -{ -#define a5m1 scratch -#define a15m1 (scratch + ECC_LIMB_SIZE) - /* Overlaps first half of t0 */ -#define a32m1 (scratch + 2*ECC_LIMB_SIZE) -#define t0 (scratch + 3*ECC_LIMB_SIZE) -#define t1 (scratch + 5*ECC_LIMB_SIZE) -/* - Addition chain for p - 2 = 2^{256} - 2^{224} + 2^{192} + 2^{96} - 3 - - 2^5 - 1 = 1 + 2 (2^4 - 1) = 1 + 2 (2^2+1)(2 + 1) 4 S + 3 M - 2^{15} - 1 = (2^5 - 1) (1 + 2^5 (1 + 2^5) 10 S + 2 M - 2^{16} - 1 = 1 + 2 (2^{15} - 1) S + M - 2^{32} - 1 = (2^{16} + 1) (2^{16} - 1) 16 S + M - 2^{64} - 2^{32} + 1 = 2^{32} (2^{32} - 1) + 1 32 S + M - 2^{192} - 2^{160} + 2^{128} + 2^{32} - 1 - = 2^{128} (2^{64} - 2^{32} + 1) + 2^{32} - 1 128 S + M - 2^{224} - 2^{192} + 2^{160} + 2^{64} - 1 - = 2^{32} (...) + 2^{32} - 1 32 S + M - 2^{239} - 2^{207} + 2^{175} + 2^{79} - 1 - = 2^{15} (...) + 2^{15} - 1 15 S + M - 2^{254} - 2^{222} + 2^{190} + 2^{94} - 1 - = 2^{15} (...) + 2^{15} - 1 15 S + M - p - 2 = 2^2 (...) + 1 2 S M - --------------- - 255 S + 13 M - */ - ecc_mod_sqr (p, rp, ap); /* a^2 */ - ecc_mod_mul (p, t1, ap, rp); /* a^3 */ - ecc_mod_pow_2kp1 (p, rp, t1, 2, t0); /* a^{2^4 - 1} */ - ecc_mod_sqr (p, t0, rp); /* a^{2^5 - 2} */ - ecc_mod_mul (p, a5m1, ap, t0); /* a^{2^5 - 1}, a5m1 */ - - ecc_mod_pow_2kp1 (p, rp, a5m1, 5, t0); /* a^{2^{10} - 1, a5m1*/ - ecc_mod_pow_2k_mul (p, a15m1, rp, 5, a5m1, t0); /* a^{2^{15} - 1}, a5m1 a15m1 */ - ecc_mod_sqr (p, rp, a15m1); /* a^{2^{16} - 2}, a15m1 */ - ecc_mod_mul (p, t1, ap, rp); /* a^{2^{16} - 1}, a15m1 */ - ecc_mod_pow_2kp1 (p, a32m1, t1, 16, rp); /* a^{2^{32} - 1}, a15m1, a32m1 */ - - ecc_mod_pow_2k_mul (p, t0, a32m1, 32, ap, t1); /* a^{2^{64} - 2^{32} + 1 */ - ecc_mod_pow_2k_mul (p, rp, t0, 128, a32m1, t1); /* a^{2^{192} - 2^{160} + 2^{128} + 2^{32} - 1} */ - ecc_mod_pow_2k_mul (p, t0, rp, 32, a32m1, t1); /* a^{2^{224} - 2^{192} + 2^{160} + 2^{64} - 1} */ - ecc_mod_pow_2k_mul (p, rp, t0, 15, a15m1, t1); /* a^{2^{239} - 2^{207} + 2^{175} + 2^{79} - 1} */ - ecc_mod_pow_2k_mul (p, t0, rp, 15, a15m1, t1); /* a^{2^{254} - 2^{222} + 2^{190} + 2^{94} - 1} */ - ecc_mod_pow_2k_mul (p, rp, t0, 2, ap, t0); /* a^{2^{256} - 2^{224} + 2^{192} + 2^{96} - 3} */ -} - static void ecc_secp256r1_modq (const struct ecc_modulo *q, mp_limb_t *rp) { @@ -292,6 +239,59 @@ ecc_secp256r1_modq (const struct ecc_modulo *q, mp_limb_t *rp) #error Unsupported parameters #endif +#define ECC_SECP256R1_INV_ITCH (7*ECC_LIMB_SIZE) + +static void +ecc_secp256r1_inv (const struct ecc_modulo *p, + mp_limb_t *rp, const mp_limb_t *ap, + mp_limb_t *scratch) +{ +#define a5m1 scratch +#define a15m1 (scratch + ECC_LIMB_SIZE) + /* Overlaps first half of t0 */ +#define a32m1 (scratch + 2*ECC_LIMB_SIZE) +#define t0 (scratch + 3*ECC_LIMB_SIZE) +#define t1 (scratch + 5*ECC_LIMB_SIZE) +/* + Addition chain for p - 2 = 2^{256} - 2^{224} + 2^{192} + 2^{96} - 3 + + 2^5 - 1 = 1 + 2 (2^4 - 1) = 1 + 2 (2^2+1)(2 + 1) 4 S + 3 M + 2^{15} - 1 = (2^5 - 1) (1 + 2^5 (1 + 2^5) 10 S + 2 M + 2^{16} - 1 = 1 + 2 (2^{15} - 1) S + M + 2^{32} - 1 = (2^{16} + 1) (2^{16} - 1) 16 S + M + 2^{64} - 2^{32} + 1 = 2^{32} (2^{32} - 1) + 1 32 S + M + 2^{192} - 2^{160} + 2^{128} + 2^{32} - 1 + = 2^{128} (2^{64} - 2^{32} + 1) + 2^{32} - 1 128 S + M + 2^{224} - 2^{192} + 2^{160} + 2^{64} - 1 + = 2^{32} (...) + 2^{32} - 1 32 S + M + 2^{239} - 2^{207} + 2^{175} + 2^{79} - 1 + = 2^{15} (...) + 2^{15} - 1 15 S + M + 2^{254} - 2^{222} + 2^{190} + 2^{94} - 1 + = 2^{15} (...) + 2^{15} - 1 15 S + M + p - 2 = 2^2 (...) + 1 2 S M + --------------- + 255 S + 13 M + */ + ecc_mod_sqr (p, rp, ap); /* a^2 */ + ecc_mod_mul (p, t1, ap, rp); /* a^3 */ + ecc_mod_pow_2kp1 (p, rp, t1, 2, t0); /* a^{2^4 - 1} */ + ecc_mod_sqr (p, t0, rp); /* a^{2^5 - 2} */ + ecc_mod_mul (p, a5m1, ap, t0); /* a^{2^5 - 1}, a5m1 */ + + ecc_mod_pow_2kp1 (p, rp, a5m1, 5, t0); /* a^{2^{10} - 1, a5m1*/ + ecc_mod_pow_2k_mul (p, a15m1, rp, 5, a5m1, t0); /* a^{2^{15} - 1}, a5m1 a15m1 */ + ecc_mod_sqr (p, rp, a15m1); /* a^{2^{16} - 2}, a15m1 */ + ecc_mod_mul (p, t1, ap, rp); /* a^{2^{16} - 1}, a15m1 */ + ecc_mod_pow_2kp1 (p, a32m1, t1, 16, rp); /* a^{2^{32} - 1}, a15m1, a32m1 */ + + ecc_mod_pow_2k_mul (p, t0, a32m1, 32, ap, t1); /* a^{2^{64} - 2^{32} + 1 */ + ecc_mod_pow_2k_mul (p, rp, t0, 128, a32m1, t1); /* a^{2^{192} - 2^{160} + 2^{128} + 2^{32} - 1} */ + ecc_mod_pow_2k_mul (p, t0, rp, 32, a32m1, t1); /* a^{2^{224} - 2^{192} + 2^{160} + 2^{64} - 1} */ + ecc_mod_pow_2k_mul (p, rp, t0, 15, a15m1, t1); /* a^{2^{239} - 2^{207} + 2^{175} + 2^{79} - 1} */ + ecc_mod_pow_2k_mul (p, t0, rp, 15, a15m1, t1); /* a^{2^{254} - 2^{222} + 2^{190} + 2^{94} - 1} */ + ecc_mod_pow_2k_mul (p, rp, t0, 2, ap, t0); /* a^{2^{256} - 2^{224} + 2^{192} + 2^{96} - 3} */ +} + const struct ecc_curve _nettle_secp_256r1 = { {