From b240733ae7423cb8f542a624eef0cfa3037d05bc Mon Sep 17 00:00:00 2001 From: Denys Vlasenko Date: Wed, 1 Dec 2021 15:09:44 +0100 Subject: tls: x25519: code shrink by factoring out common code function old new delta fe_reduce - 37 +37 lm_add 67 43 -24 fe_mul_c 62 38 -24 fe_mul__distinct 138 112 -26 curve25519 800 767 -33 lm_sub 98 64 -34 ------------------------------------------------------------------------------ (add/remove: 1/0 grow/shrink: 0/5 up/down: 37/-141) Total: -104 bytes Signed-off-by: Denys Vlasenko --- networking/tls_fe.c | 68 +++++++++++++++++------------------------------------ 1 file changed, 21 insertions(+), 47 deletions(-) (limited to 'networking') diff --git a/networking/tls_fe.c b/networking/tls_fe.c index 3a0a6776f..e5580fbcf 100644 --- a/networking/tls_fe.c +++ b/networking/tls_fe.c @@ -187,7 +187,7 @@ static void fprime_mul(byte *r, const byte *a, const byte *b, #if 0 //UNUSED static void fe_load(byte *x, word32 c) { - word32 i; + int i; for (i = 0; i < sizeof(c); i++) { x[i] = c; @@ -199,21 +199,29 @@ static void fe_load(byte *x, word32 c) } #endif -static void fe_normalize(byte *x) +static void fe_reduce(byte *x, word32 c) { - byte minusp[F25519_SIZE]; - unsigned c; int i; /* Reduce using 2^255 = 19 mod p */ - c = (x[31] >> 7) * 19; - x[31] &= 127; + x[31] = c & 127; + c = (c >> 7) * 19; for (i = 0; i < F25519_SIZE; i++) { c += x[i]; x[i] = (byte)c; c >>= 8; } +} + +static void fe_normalize(byte *x) +{ + byte minusp[F25519_SIZE]; + unsigned c; + int i; + + /* Reduce using 2^255 = 19 mod p */ + fe_reduce(x, x[31]); /* The number is now less than 2^255 + 18, and therefore less than * 2p. Try subtracting p, and conditionally load the subtracted @@ -247,14 +255,7 @@ static void lm_add(byte* r, const byte* a, const byte* b) } /* Reduce with 2^255 = 19 mod p */ - r[31] &= 127; - c = (c >> 7) * 19; - - for (i = 0; i < F25519_SIZE; i++) { - c += r[i]; - r[i] = (byte)c; - c >>= 8; - } + fe_reduce(r, c); } static void lm_sub(byte* r, const byte* a, const byte* b) @@ -264,21 +265,15 @@ static void lm_sub(byte* r, const byte* a, const byte* b) /* Calculate a + 2p - b, to avoid underflow */ c = 218; - for (i = 0; i + 1 < F25519_SIZE; i++) { + for (i = 0; i < F25519_SIZE - 1; i++) { c += 65280 + ((word32)a[i]) - ((word32)b[i]); r[i] = c; c >>= 8; } c += ((word32)a[31]) - ((word32)b[31]); - r[31] = c & 127; - c = (c >> 7) * 19; - for (i = 0; i < F25519_SIZE; i++) { - c += r[i]; - r[i] = c; - c >>= 8; - } + fe_reduce(r, c); } #if 0 //UNUSED @@ -289,21 +284,15 @@ static void lm_neg(byte* r, const byte* a) /* Calculate 2p - a, to avoid underflow */ c = 218; - for (i = 0; i + 1 < F25519_SIZE; i++) { + for (i = 0; i < F25519_SIZE - 1; i++) { c += 65280 - ((word32)a[i]); r[i] = c; c >>= 8; } c -= ((word32)a[31]); - r[31] = c & 127; - c = (c >> 7) * 19; - for (i = 0; i < F25519_SIZE; i++) { - c += r[i]; - r[i] = c; - c >>= 8; - } + fe_reduce(r, c); } #endif @@ -326,14 +315,7 @@ static void fe_mul__distinct(byte *r, const byte *a, const byte *b) r[i] = c; } - r[31] &= 127; - c = (c >> 7) * 19; - - for (i = 0; i < F25519_SIZE; i++) { - c += r[i]; - r[i] = c; - c >>= 8; - } + fe_reduce(r, c); } #if 0 //UNUSED @@ -357,15 +339,7 @@ static void fe_mul_c(byte *r, const byte *a, word32 b) r[i] = c; } - r[31] &= 127; - c >>= 7; - c *= 19; - - for (i = 0; i < F25519_SIZE; i++) { - c += r[i]; - r[i] = c; - c >>= 8; - } + fe_reduce(r, c); } static void fe_inv__distinct(byte *r, const byte *x) -- cgit v1.2.1