diff options
| author | Dmitry Baryshkov <dbaryshkov@gmail.com> | 2020-02-10 18:09:33 +0300 |
|---|---|---|
| committer | Niels Möller <nisse@lysator.liu.se> | 2020-02-15 10:33:28 +0100 |
| commit | 93eb83f20d56ff25dd57f3fa4e810cdf8d488239 (patch) | |
| tree | 681d695bc06140a488bb9247aaaa67264adfa7cf | |
| parent | d7f2dae963d279782582d785c80ddef377dfe6dc (diff) | |
| download | nettle-93eb83f20d56ff25dd57f3fa4e810cdf8d488239.tar.gz | |
ecc: remove ecc_modp_foo/ecc_modq_foo macros
To make ecc functions usage more obvious remove ecc_modp_foo() and
ecc_modq_foo() wrapper macros.
Signed-off-by: Dmitry Baryshkov <dbaryshkov@gmail.com>
| -rw-r--r-- | curve25519-eh-to-x.c | 8 | ||||
| -rw-r--r-- | curve448-eh-to-x.c | 4 | ||||
| -rw-r--r-- | ecc-add-eh.c | 38 | ||||
| -rw-r--r-- | ecc-add-ehh.c | 42 | ||||
| -rw-r--r-- | ecc-add-jja.c | 44 | ||||
| -rw-r--r-- | ecc-add-jjj.c | 54 | ||||
| -rw-r--r-- | ecc-add-th.c | 38 | ||||
| -rw-r--r-- | ecc-add-thh.c | 42 | ||||
| -rw-r--r-- | ecc-dup-eh.c | 26 | ||||
| -rw-r--r-- | ecc-dup-jj.c | 36 | ||||
| -rw-r--r-- | ecc-dup-th.c | 26 | ||||
| -rw-r--r-- | ecc-ecdsa-sign.c | 6 | ||||
| -rw-r--r-- | ecc-ecdsa-verify.c | 4 | ||||
| -rw-r--r-- | ecc-eh-to-a.c | 4 | ||||
| -rw-r--r-- | ecc-gostdsa-sign.c | 6 | ||||
| -rw-r--r-- | ecc-gostdsa-verify.c | 4 | ||||
| -rw-r--r-- | ecc-internal.h | 20 | ||||
| -rw-r--r-- | ecc-j-to-a.c | 12 | ||||
| -rw-r--r-- | eddsa-decompress.c | 10 | ||||
| -rw-r--r-- | eddsa-sign.c | 4 |
20 files changed, 204 insertions, 224 deletions
diff --git a/curve25519-eh-to-x.c b/curve25519-eh-to-x.c index 3a8787f0..1ce2dd83 100644 --- a/curve25519-eh-to-x.c +++ b/curve25519-eh-to-x.c @@ -62,14 +62,14 @@ curve25519_eh_to_x (mp_limb_t *xp, const mp_limb_t *p, */ /* NOTE: For the infinity point, this subtraction gives zero (mod p), which isn't invertible. For curve25519, the desired output is - x = 0, and we should be fine, since ecc_modp_inv returns 0 + x = 0, and we should be fine, since ecc_mod_inv for ecc->p returns 0 in this case. */ - ecc_modp_sub (ecc, t0, wp, vp); + ecc_mod_sub (&ecc->p, t0, wp, vp); /* Needs a total of 5*size storage. */ ecc->p.invert (&ecc->p, t1, t0, t2 + ecc->p.size); - ecc_modp_add (ecc, t0, wp, vp); - ecc_modp_mul (ecc, t2, t0, t1); + ecc_mod_add (&ecc->p, t0, wp, vp); + ecc_mod_mul (&ecc->p, t2, t0, t1); cy = mpn_sub_n (xp, t2, ecc->p.m, ecc->p.size); cnd_copy (cy, xp, t2, ecc->p.size); diff --git a/curve448-eh-to-x.c b/curve448-eh-to-x.c index 4bc78303..ffeb83c1 100644 --- a/curve448-eh-to-x.c +++ b/curve448-eh-to-x.c @@ -61,8 +61,8 @@ curve448_eh_to_x (mp_limb_t *xp, const mp_limb_t *p, mp_limb_t *scratch) */ /* Needs a total of 9*size storage. */ ecc->p.invert (&ecc->p, t0, p, t1 + ecc->p.size); - ecc_modp_mul (ecc, t1, t0, vp); - ecc_modp_mul (ecc, t2, t1, t1); + ecc_mod_mul (&ecc->p, t1, t0, vp); + ecc_mod_mul (&ecc->p, t2, t1, t1); cy = mpn_sub_n (xp, t2, ecc->p.m, ecc->p.size); cnd_copy (cy, xp, t2, ecc->p.size); diff --git a/ecc-add-eh.c b/ecc-add-eh.c index 8e6b82ab..05faa752 100644 --- a/ecc-add-eh.c +++ b/ecc-add-eh.c @@ -78,30 +78,30 @@ ecc_add_eh (const struct ecc_curve *ecc, #define F D #define G E - ecc_modp_mul (ecc, C, x1, x2); - ecc_modp_mul (ecc, D, y1, y2); - ecc_modp_add (ecc, x3, x1, y1); - ecc_modp_add (ecc, y3, x2, y2); - ecc_modp_mul (ecc, T, x3, y3); - ecc_modp_sub (ecc, T, T, C); - ecc_modp_sub (ecc, T, T, D); - ecc_modp_mul (ecc, x3, C, D); - ecc_modp_mul (ecc, E, x3, ecc->b); - - ecc_modp_sub (ecc, C, D, C); - ecc_modp_sqr (ecc, B, z1); - ecc_modp_sub (ecc, F, B, E); - ecc_modp_add (ecc, G, B, E); + ecc_mod_mul (&ecc->p, C, x1, x2); + ecc_mod_mul (&ecc->p, D, y1, y2); + ecc_mod_add (&ecc->p, x3, x1, y1); + ecc_mod_add (&ecc->p, y3, x2, y2); + ecc_mod_mul (&ecc->p, T, x3, y3); + ecc_mod_sub (&ecc->p, T, T, C); + ecc_mod_sub (&ecc->p, T, T, D); + ecc_mod_mul (&ecc->p, x3, C, D); + ecc_mod_mul (&ecc->p, E, x3, ecc->b); + + ecc_mod_sub (&ecc->p, C, D, C); + ecc_mod_sqr (&ecc->p, B, z1); + ecc_mod_sub (&ecc->p, F, B, E); + ecc_mod_add (&ecc->p, G, B, E); /* x3 */ - ecc_modp_mul (ecc, B, F, T); - ecc_modp_mul (ecc, x3, B, z1); + ecc_mod_mul (&ecc->p, B, F, T); + ecc_mod_mul (&ecc->p, x3, B, z1); /* y3 */ - ecc_modp_mul (ecc, B, G, z1); - ecc_modp_mul (ecc, y3, B, C); /* Clobbers z1 in case r == p. */ + ecc_mod_mul (&ecc->p, B, G, z1); + ecc_mod_mul (&ecc->p, y3, B, C); /* Clobbers z1 in case r == p. */ /* z3 */ - ecc_modp_mul (ecc, B, F, G); + ecc_mod_mul (&ecc->p, B, F, G); mpn_copyi (z3, B, ecc->p.size); } diff --git a/ecc-add-ehh.c b/ecc-add-ehh.c index bdd827ba..1c57a728 100644 --- a/ecc-add-ehh.c +++ b/ecc-add-ehh.c @@ -80,32 +80,32 @@ ecc_add_ehh (const struct ecc_curve *ecc, #define F D #define G E - ecc_modp_mul (ecc, C, x1, x2); - ecc_modp_mul (ecc, D, y1, y2); - ecc_modp_add (ecc, A, x1, y1); - ecc_modp_add (ecc, B, x2, y2); - ecc_modp_mul (ecc, T, A, B); - ecc_modp_sub (ecc, T, T, C); - ecc_modp_sub (ecc, T, T, D); - ecc_modp_mul (ecc, x3, C, D); - ecc_modp_mul (ecc, E, x3, ecc->b); - ecc_modp_sub (ecc, C, D, C); - - ecc_modp_mul (ecc, A, z1, z2); - ecc_modp_sqr (ecc, B, A); - - ecc_modp_sub (ecc, F, B, E); - ecc_modp_add (ecc, G, B, E); + ecc_mod_mul (&ecc->p, C, x1, x2); + ecc_mod_mul (&ecc->p, D, y1, y2); + ecc_mod_add (&ecc->p, A, x1, y1); + ecc_mod_add (&ecc->p, B, x2, y2); + ecc_mod_mul (&ecc->p, T, A, B); + ecc_mod_sub (&ecc->p, T, T, C); + ecc_mod_sub (&ecc->p, T, T, D); + ecc_mod_mul (&ecc->p, x3, C, D); + ecc_mod_mul (&ecc->p, E, x3, ecc->b); + ecc_mod_sub (&ecc->p, C, D, C); + + ecc_mod_mul (&ecc->p, A, z1, z2); + ecc_mod_sqr (&ecc->p, B, A); + + ecc_mod_sub (&ecc->p, F, B, E); + ecc_mod_add (&ecc->p, G, B, E); /* x3 */ - ecc_modp_mul (ecc, B, F, T); - ecc_modp_mul (ecc, x3, B, A); + ecc_mod_mul (&ecc->p, B, F, T); + ecc_mod_mul (&ecc->p, x3, B, A); /* y3 */ - ecc_modp_mul (ecc, B, G, C); - ecc_modp_mul (ecc, y3, B, A); + ecc_mod_mul (&ecc->p, B, G, C); + ecc_mod_mul (&ecc->p, y3, B, A); /* z3 */ - ecc_modp_mul (ecc, B, F, G); + ecc_mod_mul (&ecc->p, B, F, G); mpn_copyi (z3, B, ecc->p.size); } diff --git a/ecc-add-jja.c b/ecc-add-jja.c index 9b5cab9d..037711d3 100644 --- a/ecc-add-jja.c +++ b/ecc-add-jja.c @@ -85,41 +85,41 @@ ecc_add_jja (const struct ecc_curve *ecc, #define y2 (q + ecc->p.size) /* zz */ - ecc_modp_sqr (ecc, zz, z1); + ecc_mod_sqr (&ecc->p, zz, z1); /* h*/ - ecc_modp_mul (ecc, h, x2, zz); - ecc_modp_sub (ecc, h, h, x1); + ecc_mod_mul (&ecc->p, h, x2, zz); + ecc_mod_sub (&ecc->p, h, h, x1); /* hh */ - ecc_modp_sqr (ecc, hh, h); + ecc_mod_sqr (&ecc->p, hh, h); /* Do z^3 early, store at w. */ - ecc_modp_mul (ecc, w, zz, z1); + ecc_mod_mul (&ecc->p, w, zz, z1); /* z_3, use j area for scratch */ - ecc_modp_add (ecc, r + 2*ecc->p.size, p + 2*ecc->p.size, h); - ecc_modp_sqr (ecc, j, r + 2*ecc->p.size); - ecc_modp_sub (ecc, j, j, zz); - ecc_modp_sub (ecc, r + 2*ecc->p.size, j, hh); + ecc_mod_add (&ecc->p, r + 2*ecc->p.size, p + 2*ecc->p.size, h); + ecc_mod_sqr (&ecc->p, j, r + 2*ecc->p.size); + ecc_mod_sub (&ecc->p, j, j, zz); + ecc_mod_sub (&ecc->p, r + 2*ecc->p.size, j, hh); /* w */ - ecc_modp_mul (ecc, j, y2, w); - ecc_modp_sub (ecc, w, j, y1); - ecc_modp_mul_1 (ecc, w, w, 2); + ecc_mod_mul (&ecc->p, j, y2, w); + ecc_mod_sub (&ecc->p, w, j, y1); + ecc_mod_mul_1 (&ecc->p, w, w, 2); /* i replaces hh, j */ - ecc_modp_mul_1 (ecc, hh, hh, 4); - ecc_modp_mul (ecc, j, hh, h); + ecc_mod_mul_1 (&ecc->p, hh, hh, 4); + ecc_mod_mul (&ecc->p, j, hh, h); /* v */ - ecc_modp_mul (ecc, v, x1, hh); + ecc_mod_mul (&ecc->p, v, x1, hh); /* x_3, use (h, hh) as sqratch */ - ecc_modp_sqr (ecc, h, w); - ecc_modp_sub (ecc, r, h, j); - ecc_modp_submul_1 (ecc, r, v, 2); + ecc_mod_sqr (&ecc->p, h, w); + ecc_mod_sub (&ecc->p, r, h, j); + ecc_mod_submul_1 (&ecc->p, r, v, 2); /* y_3, use (h, hh) as sqratch */ - ecc_modp_mul (ecc, h, y1, j); /* frees j */ - ecc_modp_sub (ecc, r + ecc->p.size, v, r); - ecc_modp_mul (ecc, j, r + ecc->p.size, w); - ecc_modp_submul_1 (ecc, j, h, 2); + ecc_mod_mul (&ecc->p, h, y1, j); /* frees j */ + ecc_mod_sub (&ecc->p, r + ecc->p.size, v, r); + ecc_mod_mul (&ecc->p, j, r + ecc->p.size, w); + ecc_mod_submul_1 (&ecc->p, j, h, 2); mpn_copyi (r + ecc->p.size, j, ecc->p.size); } diff --git a/ecc-add-jjj.c b/ecc-add-jjj.c index 1143e79a..54b2246a 100644 --- a/ecc-add-jjj.c +++ b/ecc-add-jjj.c @@ -74,47 +74,47 @@ ecc_add_jjj (const struct ecc_curve *ecc, mp_limb_t *v = scratch + 6*ecc->p.size; /* z1^2, z2^2, u1 = x1 x2^2, u2 = x2 z1^2 - u1 */ - ecc_modp_sqr (ecc, z1z1, p + 2*ecc->p.size); - ecc_modp_sqr (ecc, z2z2, q + 2*ecc->p.size); - ecc_modp_mul (ecc, u1, p, z2z2); - ecc_modp_mul (ecc, u2, q, z1z1); - ecc_modp_sub (ecc, u2, u2, u1); /* Store h in u2 */ + ecc_mod_sqr (&ecc->p, z1z1, p + 2*ecc->p.size); + ecc_mod_sqr (&ecc->p, z2z2, q + 2*ecc->p.size); + ecc_mod_mul (&ecc->p, u1, p, z2z2); + ecc_mod_mul (&ecc->p, u2, q, z1z1); + ecc_mod_sub (&ecc->p, u2, u2, u1); /* Store h in u2 */ /* z3, use i, j, v as scratch, result at i. */ - ecc_modp_add (ecc, i, p + 2*ecc->p.size, q + 2*ecc->p.size); - ecc_modp_sqr (ecc, v, i); - ecc_modp_sub (ecc, v, v, z1z1); - ecc_modp_sub (ecc, v, v, z2z2); - ecc_modp_mul (ecc, i, v, u2); + ecc_mod_add (&ecc->p, i, p + 2*ecc->p.size, q + 2*ecc->p.size); + ecc_mod_sqr (&ecc->p, v, i); + ecc_mod_sub (&ecc->p, v, v, z1z1); + ecc_mod_sub (&ecc->p, v, v, z2z2); + ecc_mod_mul (&ecc->p, i, v, u2); /* Delayed write, to support in-place operation. */ /* s1 = y1 z2^3, s2 = y2 z1^3, scratch at j and v */ - ecc_modp_mul (ecc, j, z1z1, p + 2*ecc->p.size); /* z1^3 */ - ecc_modp_mul (ecc, v, z2z2, q + 2*ecc->p.size); /* z2^3 */ - ecc_modp_mul (ecc, s1, p + ecc->p.size, v); - ecc_modp_mul (ecc, v, j, q + ecc->p.size); - ecc_modp_sub (ecc, s2, v, s1); - ecc_modp_mul_1 (ecc, s2, s2, 2); + ecc_mod_mul (&ecc->p, j, z1z1, p + 2*ecc->p.size); /* z1^3 */ + ecc_mod_mul (&ecc->p, v, z2z2, q + 2*ecc->p.size); /* z2^3 */ + ecc_mod_mul (&ecc->p, s1, p + ecc->p.size, v); + ecc_mod_mul (&ecc->p, v, j, q + ecc->p.size); + ecc_mod_sub (&ecc->p, s2, v, s1); + ecc_mod_mul_1 (&ecc->p, s2, s2, 2); /* Store z3 */ mpn_copyi (r + 2*ecc->p.size, i, ecc->p.size); /* i, j, v */ - ecc_modp_sqr (ecc, i, u2); - ecc_modp_mul_1 (ecc, i, i, 4); - ecc_modp_mul (ecc, j, u2, i); - ecc_modp_mul (ecc, v, u1, i); + ecc_mod_sqr (&ecc->p, i, u2); + ecc_mod_mul_1 (&ecc->p, i, i, 4); + ecc_mod_mul (&ecc->p, j, u2, i); + ecc_mod_mul (&ecc->p, v, u1, i); /* now, u1, u2 and i are free for reuse .*/ /* x3, use u1, u2 as scratch */ - ecc_modp_sqr (ecc, u1, s2); - ecc_modp_sub (ecc, r, u1, j); - ecc_modp_submul_1 (ecc, r, v, 2); + ecc_mod_sqr (&ecc->p, u1, s2); + ecc_mod_sub (&ecc->p, r, u1, j); + ecc_mod_submul_1 (&ecc->p, r, v, 2); /* y3 */ - ecc_modp_mul (ecc, u1, s1, j); /* Frees j */ - ecc_modp_sub (ecc, u2, v, r); /* Frees v */ - ecc_modp_mul (ecc, i, s2, u2); - ecc_modp_submul_1 (ecc, i, u1, 2); + ecc_mod_mul (&ecc->p, u1, s1, j); /* Frees j */ + ecc_mod_sub (&ecc->p, u2, v, r); /* Frees v */ + ecc_mod_mul (&ecc->p, i, s2, u2); + ecc_mod_submul_1 (&ecc->p, i, u1, 2); mpn_copyi (r + ecc->p.size, i, ecc->p.size); } diff --git a/ecc-add-th.c b/ecc-add-th.c index c19afbb5..1d61a32e 100644 --- a/ecc-add-th.c +++ b/ecc-add-th.c @@ -84,30 +84,30 @@ ecc_add_th (const struct ecc_curve *ecc, #define F D #define G E - ecc_modp_mul (ecc, C, x1, x2); - ecc_modp_mul (ecc, D, y1, y2); - ecc_modp_add (ecc, x3, x1, y1); - ecc_modp_add (ecc, y3, x2, y2); - ecc_modp_mul (ecc, T, x3, y3); - ecc_modp_sub (ecc, T, T, C); - ecc_modp_sub (ecc, T, T, D); - ecc_modp_mul (ecc, x3, C, D); - ecc_modp_mul (ecc, E, x3, ecc->b); - - ecc_modp_add (ecc, C, D, C); - ecc_modp_sqr (ecc, B, z1); - ecc_modp_sub (ecc, F, B, E); - ecc_modp_add (ecc, G, B, E); + ecc_mod_mul (&ecc->p, C, x1, x2); + ecc_mod_mul (&ecc->p, D, y1, y2); + ecc_mod_add (&ecc->p, x3, x1, y1); + ecc_mod_add (&ecc->p, y3, x2, y2); + ecc_mod_mul (&ecc->p, T, x3, y3); + ecc_mod_sub (&ecc->p, T, T, C); + ecc_mod_sub (&ecc->p, T, T, D); + ecc_mod_mul (&ecc->p, x3, C, D); + ecc_mod_mul (&ecc->p, E, x3, ecc->b); + + ecc_mod_add (&ecc->p, C, D, C); + ecc_mod_sqr (&ecc->p, B, z1); + ecc_mod_sub (&ecc->p, F, B, E); + ecc_mod_add (&ecc->p, G, B, E); /* x3 */ - ecc_modp_mul (ecc, B, G, T); - ecc_modp_mul (ecc, x3, B, z1); + ecc_mod_mul (&ecc->p, B, G, T); + ecc_mod_mul (&ecc->p, x3, B, z1); /* y3 */ - ecc_modp_mul (ecc, B, F, z1); - ecc_modp_mul (ecc, y3, B, C); /* Clobbers z1 in case r == p. */ + ecc_mod_mul (&ecc->p, B, F, z1); + ecc_mod_mul (&ecc->p, y3, B, C); /* Clobbers z1 in case r == p. */ /* z3 */ - ecc_modp_mul (ecc, B, F, G); + ecc_mod_mul (&ecc->p, B, F, G); mpn_copyi (z3, B, ecc->p.size); } diff --git a/ecc-add-thh.c b/ecc-add-thh.c index 03bb761f..59b33f38 100644 --- a/ecc-add-thh.c +++ b/ecc-add-thh.c @@ -85,32 +85,32 @@ ecc_add_thh (const struct ecc_curve *ecc, #define F D #define G E - ecc_modp_mul (ecc, C, x1, x2); - ecc_modp_mul (ecc, D, y1, y2); - ecc_modp_add (ecc, A, x1, y1); - ecc_modp_add (ecc, B, x2, y2); - ecc_modp_mul (ecc, T, A, B); - ecc_modp_sub (ecc, T, T, C); - ecc_modp_sub (ecc, T, T, D); - ecc_modp_mul (ecc, x3, C, D); - ecc_modp_mul (ecc, E, x3, ecc->b); - ecc_modp_add (ecc, C, D, C); - - ecc_modp_mul (ecc, A, z1, z2); - ecc_modp_sqr (ecc, B, A); - - ecc_modp_sub (ecc, F, B, E); - ecc_modp_add (ecc, G, B, E); + ecc_mod_mul (&ecc->p, C, x1, x2); + ecc_mod_mul (&ecc->p, D, y1, y2); + ecc_mod_add (&ecc->p, A, x1, y1); + ecc_mod_add (&ecc->p, B, x2, y2); + ecc_mod_mul (&ecc->p, T, A, B); + ecc_mod_sub (&ecc->p, T, T, C); + ecc_mod_sub (&ecc->p, T, T, D); + ecc_mod_mul (&ecc->p, x3, C, D); + ecc_mod_mul (&ecc->p, E, x3, ecc->b); + ecc_mod_add (&ecc->p, C, D, C); + + ecc_mod_mul (&ecc->p, A, z1, z2); + ecc_mod_sqr (&ecc->p, B, A); + + ecc_mod_sub (&ecc->p, F, B, E); + ecc_mod_add (&ecc->p, G, B, E); /* x3 */ - ecc_modp_mul (ecc, B, G, T); - ecc_modp_mul (ecc, x3, B, A); + ecc_mod_mul (&ecc->p, B, G, T); + ecc_mod_mul (&ecc->p, x3, B, A); /* y3 */ - ecc_modp_mul (ecc, B, F, C); - ecc_modp_mul (ecc, y3, B, A); + ecc_mod_mul (&ecc->p, B, F, C); + ecc_mod_mul (&ecc->p, y3, B, A); /* z3 */ - ecc_modp_mul (ecc, B, F, G); + ecc_mod_mul (&ecc->p, B, F, G); mpn_copyi (z3, B, ecc->p.size); } diff --git a/ecc-dup-eh.c b/ecc-dup-eh.c index f7b46eef..b36c5540 100644 --- a/ecc-dup-eh.c +++ b/ecc-dup-eh.c @@ -64,28 +64,28 @@ ecc_dup_eh (const struct ecc_curve *ecc, #define j (scratch + 4*ecc->p.size) /* b */ - ecc_modp_add (ecc, e, p, p + ecc->p.size); - ecc_modp_sqr (ecc, b, e); + ecc_mod_add (&ecc->p, e, p, p + ecc->p.size); + ecc_mod_sqr (&ecc->p, b, e); /* c */ - ecc_modp_sqr (ecc, c, p); + ecc_mod_sqr (&ecc->p, c, p); /* d */ - ecc_modp_sqr (ecc, d, p + ecc->p.size); + ecc_mod_sqr (&ecc->p, d, p + ecc->p.size); /* h, can use r as scratch, even for in-place operation. */ - ecc_modp_sqr (ecc, r, p + 2*ecc->p.size); + ecc_mod_sqr (&ecc->p, r, p + 2*ecc->p.size); /* e, */ - ecc_modp_add (ecc, e, c, d); + ecc_mod_add (&ecc->p, e, c, d); /* j */ - ecc_modp_add (ecc, r, r, r); - ecc_modp_sub (ecc, j, e, r); + ecc_mod_add (&ecc->p, r, r, r); + ecc_mod_sub (&ecc->p, j, e, r); /* x' */ - ecc_modp_sub (ecc, b, b, e); - ecc_modp_mul (ecc, r, b, j); + ecc_mod_sub (&ecc->p, b, b, e); + ecc_mod_mul (&ecc->p, r, b, j); /* y' */ - ecc_modp_sub (ecc, c, c, d); /* Redundant */ - ecc_modp_mul (ecc, r + ecc->p.size, e, c); + ecc_mod_sub (&ecc->p, c, c, d); /* Redundant */ + ecc_mod_mul (&ecc->p, r + ecc->p.size, e, c); /* z' */ - ecc_modp_mul (ecc, b, e, j); + ecc_mod_mul (&ecc->p, b, e, j); mpn_copyi (r + 2*ecc->p.size, b, ecc->p.size); } diff --git a/ecc-dup-jj.c b/ecc-dup-jj.c index 8e1cf36c..2247e8fd 100644 --- a/ecc-dup-jj.c +++ b/ecc-dup-jj.c @@ -72,39 +72,39 @@ ecc_dup_jj (const struct ecc_curve *ecc, #define zp (p + 2*ecc->p.size) /* delta */ - ecc_modp_sqr (ecc, delta, zp); + ecc_mod_sqr (&ecc->p, delta, zp); /* gamma */ - ecc_modp_sqr (ecc, gamma, yp); + ecc_mod_sqr (&ecc->p, gamma, yp); /* z'. Can use beta area as scratch. */ - ecc_modp_add (ecc, r + 2*ecc->p.size, yp, zp); - ecc_modp_sqr (ecc, beta, r + 2*ecc->p.size); - ecc_modp_sub (ecc, beta, beta, gamma); - ecc_modp_sub (ecc, r + 2*ecc->p.size, beta, delta); + ecc_mod_add (&ecc->p, r + 2*ecc->p.size, yp, zp); + ecc_mod_sqr (&ecc->p, beta, r + 2*ecc->p.size); + ecc_mod_sub (&ecc->p, beta, beta, gamma); + ecc_mod_sub (&ecc->p, r + 2*ecc->p.size, beta, delta); /* alpha. Can use beta area as scratch, and overwrite delta. */ - ecc_modp_add (ecc, sum, xp, delta); - ecc_modp_sub (ecc, delta, xp, delta); - ecc_modp_mul (ecc, beta, sum, delta); - ecc_modp_mul_1 (ecc, alpha, beta, 3); + ecc_mod_add (&ecc->p, sum, xp, delta); + ecc_mod_sub (&ecc->p, delta, xp, delta); + ecc_mod_mul (&ecc->p, beta, sum, delta); + ecc_mod_mul_1 (&ecc->p, alpha, beta, 3); /* beta */ - ecc_modp_mul (ecc, beta, xp, gamma); + ecc_mod_mul (&ecc->p, beta, xp, gamma); /* Do gamma^2 and 4*beta early, to get them out of the way. We can then use the old area at gamma as scratch. */ - ecc_modp_sqr (ecc, g2, gamma); - ecc_modp_mul_1 (ecc, sum, beta, 4); + ecc_mod_sqr (&ecc->p, g2, gamma); + ecc_mod_mul_1 (&ecc->p, sum, beta, 4); /* x' */ - ecc_modp_sqr (ecc, gamma, alpha); /* Overwrites gamma and beta */ - ecc_modp_submul_1 (ecc, gamma, sum, 2); + ecc_mod_sqr (&ecc->p, gamma, alpha); /* Overwrites gamma and beta */ + ecc_mod_submul_1 (&ecc->p, gamma, sum, 2); mpn_copyi (r, gamma, ecc->p.size); /* y' */ - ecc_modp_sub (ecc, sum, sum, r); - ecc_modp_mul (ecc, gamma, sum, alpha); - ecc_modp_submul_1 (ecc, gamma, g2, 8); + ecc_mod_sub (&ecc->p, sum, sum, r); + ecc_mod_mul (&ecc->p, gamma, sum, alpha); + ecc_mod_submul_1 (&ecc->p, gamma, g2, 8); mpn_copyi (r + ecc->p.size, gamma, ecc->p.size); } diff --git a/ecc-dup-th.c b/ecc-dup-th.c index b4ce95c9..dd95b84a 100644 --- a/ecc-dup-th.c +++ b/ecc-dup-th.c @@ -81,29 +81,29 @@ ecc_dup_th (const struct ecc_curve *ecc, #define J (scratch + 4*ecc->p.size) /* B */ - ecc_modp_add (ecc, F, p, p + ecc->p.size); - ecc_modp_sqr (ecc, B, F); + ecc_mod_add (&ecc->p, F, p, p + ecc->p.size); + ecc_mod_sqr (&ecc->p, B, F); /* C */ - ecc_modp_sqr (ecc, C, p); + ecc_mod_sqr (&ecc->p, C, p); /* D */ - ecc_modp_sqr (ecc, D, p + ecc->p.size); + ecc_mod_sqr (&ecc->p, D, p + ecc->p.size); /* Can use r as scratch, even for in-place operation. */ - ecc_modp_sqr (ecc, r, p + 2*ecc->p.size); + ecc_mod_sqr (&ecc->p, r, p + 2*ecc->p.size); /* F, */ - ecc_modp_sub (ecc, F, D, C); + ecc_mod_sub (&ecc->p, F, D, C); /* B - C - D */ - ecc_modp_add (ecc, C, C, D); - ecc_modp_sub (ecc, B, B, C); + ecc_mod_add (&ecc->p, C, C, D); + ecc_mod_sub (&ecc->p, B, B, C); /* J */ - ecc_modp_add (ecc, r, r, r); - ecc_modp_sub (ecc, J, r, F); + ecc_mod_add (&ecc->p, r, r, r); + ecc_mod_sub (&ecc->p, J, r, F); /* x' */ - ecc_modp_mul (ecc, r, B, J); + ecc_mod_mul (&ecc->p, r, B, J); /* y' */ - ecc_modp_mul (ecc, r + ecc->p.size, F, C); + ecc_mod_mul (&ecc->p, r + ecc->p.size, F, C); /* z' */ - ecc_modp_mul (ecc, B, F, J); + ecc_mod_mul (&ecc->p, B, F, J); mpn_copyi (r + 2*ecc->p.size, B, ecc->p.size); } diff --git a/ecc-ecdsa-sign.c b/ecc-ecdsa-sign.c index 3b9e9cc1..d675bd9b 100644 --- a/ecc-ecdsa-sign.c +++ b/ecc-ecdsa-sign.c @@ -88,9 +88,9 @@ ecc_ecdsa_sign (const struct ecc_curve *ecc, /* Process hash digest */ ecc_hash (&ecc->q, hp, length, digest); - ecc_modq_mul (ecc, tp, zp, rp); - ecc_modq_add (ecc, hp, hp, tp); - ecc_modq_mul (ecc, tp, hp, kinv); + ecc_mod_mul (&ecc->q, tp, zp, rp); + ecc_mod_add (&ecc->q, hp, hp, tp); + ecc_mod_mul (&ecc->q, tp, hp, kinv); mpn_copyi (sp, tp, ecc->p.size); #undef P diff --git a/ecc-ecdsa-verify.c b/ecc-ecdsa-verify.c index d7f5b684..6f9fb5d9 100644 --- a/ecc-ecdsa-verify.c +++ b/ecc-ecdsa-verify.c @@ -112,10 +112,10 @@ ecc_ecdsa_verify (const struct ecc_curve *ecc, /* u1 = h / s, P1 = u1 * G */ ecc_hash (&ecc->q, hp, length, digest); - ecc_modq_mul (ecc, u1, hp, sinv); + ecc_mod_mul (&ecc->q, u1, hp, sinv); /* u2 = r / s, P2 = u2 * Y */ - ecc_modq_mul (ecc, u2, rp, sinv); + ecc_mod_mul (&ecc->q, u2, rp, sinv); /* Total storage: 5*ecc->p.size + ecc->mul_itch */ ecc->mul (ecc, P2, u2, pp, u2 + ecc->p.size); diff --git a/ecc-eh-to-a.c b/ecc-eh-to-a.c index 89d2b6e3..869e8ad5 100644 --- a/ecc-eh-to-a.c +++ b/ecc-eh-to-a.c @@ -61,11 +61,11 @@ ecc_eh_to_a (const struct ecc_curve *ecc, /* Needs 2*size + scratch for the invert call. */ ecc->p.invert (&ecc->p, izp, zp, tp + ecc->p.size); - ecc_modp_mul (ecc, tp, xp, izp); + ecc_mod_mul (&ecc->p, tp, xp, izp); cy = mpn_sub_n (r, tp, ecc->p.m, ecc->p.size); cnd_copy (cy, r, tp, ecc->p.size); - ecc_modp_mul (ecc, tp, yp, izp); + ecc_mod_mul (&ecc->p, tp, yp, izp); cy = mpn_sub_n (r + ecc->p.size, tp, ecc->p.m, ecc->p.size); cnd_copy (cy, r + ecc->p.size, tp, ecc->p.size); } diff --git a/ecc-gostdsa-sign.c b/ecc-gostdsa-sign.c index 00eeef81..a12eb2af 100644 --- a/ecc-gostdsa-sign.c +++ b/ecc-gostdsa-sign.c @@ -84,9 +84,9 @@ ecc_gostdsa_sign (const struct ecc_curve *ecc, if (mpn_zero_p (hp, ecc->p.size)) mpn_add_1 (hp, hp, ecc->p.size, 1); - ecc_modq_mul (ecc, tp, rp, zp); - ecc_modq_mul (ecc, t2p, kp, hp); - ecc_modq_add (ecc, sp, tp, t2p); + ecc_mod_mul (&ecc->q, tp, rp, zp); + ecc_mod_mul (&ecc->q, t2p, kp, hp); + ecc_mod_add (&ecc->q, sp, tp, t2p); /* Also reduce mod ecc->q. It should already be < 2*ecc->q, * so one subtraction should suffice. */ diff --git a/ecc-gostdsa-verify.c b/ecc-gostdsa-verify.c index 4358132b..29b82c84 100644 --- a/ecc-gostdsa-verify.c +++ b/ecc-gostdsa-verify.c @@ -102,10 +102,10 @@ ecc_gostdsa_verify (const struct ecc_curve *ecc, ecc->q.invert (&ecc->q, vp, hp, vp + 2*ecc->p.size); /* z1 = s / h, P1 = z1 * G */ - ecc_modq_mul (ecc, z1, sp, vp); + ecc_mod_mul (&ecc->q, z1, sp, vp); /* z2 = - r / h, P2 = z2 * Y */ - ecc_modq_mul (ecc, z2, rp, vp); + ecc_mod_mul (&ecc->q, z2, rp, vp); mpn_sub_n (z2, ecc->q.m, z2, ecc->p.size); /* Total storage: 5*ecc->p.size + ecc->mul_itch */ diff --git a/ecc-internal.h b/ecc-internal.h index 9516023a..9e24e0ce 100644 --- a/ecc-internal.h +++ b/ecc-internal.h @@ -256,26 +256,6 @@ void ecc_mod_sqr (const struct ecc_modulo *m, mp_limb_t *rp, const mp_limb_t *ap); -#define ecc_modp_add(ecc, r, a, b) \ - ecc_mod_add (&(ecc)->p, (r), (a), (b)) -#define ecc_modp_sub(ecc, r, a, b) \ - ecc_mod_sub (&(ecc)->p, (r), (a), (b)) -#define ecc_modp_mul_1(ecc, r, a, b) \ - ecc_mod_mul_1 (&(ecc)->p, (r), (a), (b)) -#define ecc_modp_addmul_1(ecc, r, a, b) \ - ecc_mod_addmul_1 (&(ecc)->p, (r), (a), (b)) -#define ecc_modp_submul_1(ecc, r, a, b) \ - ecc_mod_submul_1 (&(ecc)->p, (r), (a), (b)) -#define ecc_modp_mul(ecc, r, a, b) \ - ecc_mod_mul (&(ecc)->p, (r), (a), (b)) -#define ecc_modp_sqr(ecc, r, a) \ - ecc_mod_sqr (&(ecc)->p, (r), (a)) - -#define ecc_modq_add(ecc, r, a, b) \ - ecc_mod_add (&(ecc)->q, (r), (a), (b)) -#define ecc_modq_mul(ecc, r, a, b) \ - ecc_mod_mul (&(ecc)->q, (r), (a), (b)) - /* mod q operations. */ void ecc_mod_random (const struct ecc_modulo *m, mp_limb_t *xp, diff --git a/ecc-j-to-a.c b/ecc-j-to-a.c index eca10f0f..a232e0c5 100644 --- a/ecc-j-to-a.c +++ b/ecc-j-to-a.c @@ -74,7 +74,7 @@ ecc_j_to_a (const struct ecc_curve *ecc, mpn_zero (izBp + ecc->p.size, ecc->p.size); ecc->p.reduce (&ecc->p, izBp); - ecc_modp_mul (ecc, iz2p, izp, izBp); + ecc_mod_mul (&ecc->p, iz2p, izp, izBp); } else { @@ -83,11 +83,11 @@ ecc_j_to_a (const struct ecc_curve *ecc, mpn_copyi (up, p+2*ecc->p.size, ecc->p.size); /* p_z */ ecc->p.invert (&ecc->p, izp, up, up + ecc->p.size); - ecc_modp_sqr (ecc, iz2p, izp); + ecc_mod_sqr (&ecc->p, iz2p, izp); } - ecc_modp_mul (ecc, iz3p, iz2p, p); - /* ecc_modp (and ecc_modp_mul) may return a value up to 2p - 1, so + ecc_mod_mul (&ecc->p, iz3p, iz2p, p); + /* ecc_mod (and ecc_mod_mul) may return a value up to 2p - 1, so do a conditional subtraction. */ cy = mpn_sub_n (r, iz3p, ecc->p.m, ecc->p.size); cnd_copy (cy, r, iz3p, ecc->p.size); @@ -105,8 +105,8 @@ ecc_j_to_a (const struct ecc_curve *ecc, } return; } - ecc_modp_mul (ecc, iz3p, iz2p, izp); - ecc_modp_mul (ecc, tp, iz3p, p + ecc->p.size); + ecc_mod_mul (&ecc->p, iz3p, iz2p, izp); + ecc_mod_mul (&ecc->p, tp, iz3p, p + ecc->p.size); /* And a similar subtraction. */ cy = mpn_sub_n (r + ecc->p.size, tp, ecc->p.m, ecc->p.size); cnd_copy (cy, r + ecc->p.size, tp, ecc->p.size); diff --git a/eddsa-decompress.c b/eddsa-decompress.c index 441ccfbf..8116084d 100644 --- a/eddsa-decompress.c +++ b/eddsa-decompress.c @@ -90,14 +90,14 @@ _eddsa_decompress (const struct ecc_curve *ecc, mp_limb_t *p, /* For a valid input, y < p, so subtraction should underflow. */ res &= mpn_sub_n (scratch, scratch, ecc->p.m, ecc->p.size); - ecc_modp_sqr (ecc, y2, yp); - ecc_modp_mul (ecc, vp, y2, ecc->b); - ecc_modp_sub (ecc, vp, vp, ecc->unit); + ecc_mod_sqr (&ecc->p, y2, yp); + ecc_mod_mul (&ecc->p, vp, y2, ecc->b); + ecc_mod_sub (&ecc->p, vp, vp, ecc->unit); /* The sign is different between curve25519 and curve448. */ if (ecc->p.bit_size == 255) - ecc_modp_sub (ecc, up, ecc->unit, y2); + ecc_mod_sub (&ecc->p, up, ecc->unit, y2); else - ecc_modp_sub (ecc, up, y2, ecc->unit); + ecc_mod_sub (&ecc->p, up, y2, ecc->unit); res &= ecc->p.sqrt (&ecc->p, tp, up, vp, scratch_out); cy = mpn_sub_n (xp, tp, ecc->p.m, ecc->p.size); diff --git a/eddsa-sign.c b/eddsa-sign.c index 1d5e4796..acb8299b 100644 --- a/eddsa-sign.c +++ b/eddsa-sign.c @@ -91,8 +91,8 @@ _eddsa_sign (const struct ecc_curve *ecc, eddsa->digest (ctx, 2*nbytes, hash); _eddsa_hash (&ecc->q, hp, 2*nbytes, hash); - ecc_modq_mul (ecc, sp, hp, k2); - ecc_modq_add (ecc, sp, sp, rp); /* FIXME: Can be plain add */ + ecc_mod_mul (&ecc->q, sp, hp, k2); + ecc_mod_add (&ecc->q, sp, sp, rp); /* FIXME: Can be plain add */ if (ecc->p.bit_size == 255) { /* FIXME: Special code duplicated in ecc_curve25519_modq |