Merge pull request #2208 from SparkiDev/curve25519_arm

Curve25519 ARM64 assembly

src/include.am

@@ -371,9 +371,14 @@ if BUILD_FEMATH
 if BUILD_CURVE25519_SMALL
 src_libwolfssl_la_SOURCES += wolfcrypt/src/fe_low_mem.c
 else
-src_libwolfssl_la_SOURCES += wolfcrypt/src/fe_operations.c
 if BUILD_INTELASM
 src_libwolfssl_la_SOURCES += wolfcrypt/src/fe_x25519_asm.S
+else
+if BUILD_ARMASM
+src_libwolfssl_la_SOURCES += wolfcrypt/src/port/arm/armv8-curve25519.S
+else
+src_libwolfssl_la_SOURCES += wolfcrypt/src/fe_operations.c
+endif
 endif
 endif
 endif
@@ -384,9 +389,14 @@ src_libwolfssl_la_SOURCES += wolfcrypt/src/ge_low_mem.c
 else
 src_libwolfssl_la_SOURCES += wolfcrypt/src/ge_operations.c
 if !BUILD_FEMATH
-src_libwolfssl_la_SOURCES += wolfcrypt/src/fe_operations.c
 if BUILD_INTELASM
 src_libwolfssl_la_SOURCES += wolfcrypt/src/fe_x25519_asm.S
+else
+if BUILD_ARMASM
+src_libwolfssl_la_SOURCES += wolfcrypt/src/port/arm/armv8-curve25519.S
+else
+src_libwolfssl_la_SOURCES += wolfcrypt/src/fe_operations.c
+endif
 endif
 endif
 endif

wolfcrypt/src/ge_operations.c

@@ -42,8 +42,13 @@
     #include <wolfcrypt/src/misc.c>
 #endif
 
+#if defined(CURVED25519_X64) || defined(WOLFSSL_ARMASM)
+  #define CURVED25519_ASM_64BIT
+#endif
+
+
 static void ge_p2_0(ge_p2 *);
-#ifndef CURVED25519_X64
+#ifndef CURVED25519_ASM_64BIT
 static void ge_precomp_0(ge_precomp *);
 #endif
 static void ge_p3_to_p2(ge_p2 *,const ge_p3 *);
@@ -927,7 +932,7 @@ r = p + q
 */
 static WC_INLINE void ge_add(ge_p1p1 *r,const ge_p3 *p,const ge_cached *q)
 {
-#ifndef CURVED25519_X64
+#ifndef CURVED25519_ASM_64BIT
     ge t0;
     fe_add(r->X,p->Y,p->X);
     fe_sub(r->Y,p->Y,p->X);
@@ -947,7 +952,7 @@ static WC_INLINE void ge_add(ge_p1p1 *r,const ge_p3 *p,const ge_cached *q)
 }
 
 
-#ifndef CURVED25519_X64
+#ifndef CURVED25519_ASM_64BIT
 /* ge_scalar mult base */
 static unsigned char equal(signed char b,signed char c)
 {
@@ -977,7 +982,7 @@ static WC_INLINE void cmov(ge_precomp *t,const ge_precomp *u,unsigned char b,
 }
 #endif
 
-#ifdef CURVED25519_X64
+#ifdef CURVED25519_ASM_64BIT
 static const ge_precomp base[64][8] = {
 {
     {
@@ -6368,7 +6373,7 @@ static const ge_precomp base[32][8] = {
 
 static void ge_select(ge_precomp *t,int pos,signed char b)
 {
-#ifndef CURVED25519_X64
+#ifndef CURVED25519_ASM_64BIT
   ge_precomp minust;
   unsigned char bnegative = negative(b);
   unsigned char babs = b - (((-bnegative) & b) << 1);
@@ -6390,7 +6395,6 @@ static void ge_select(ge_precomp *t,int pos,signed char b)
 #endif
 }
 
-
 /*
 h = a * B
 where a = a[0]+256*a[1]+...+256^31 a[31]
@@ -6404,7 +6408,7 @@ void ge_scalarmult_base(ge_p3 *h,const unsigned char *a)
   signed char e[64];
   signed char carry;
   ge_p1p1 r;
-#ifndef CURVED25519_X64
+#ifndef CURVED25519_ASM_64BIT
   ge_p2 s;
 #endif
   ge_precomp t;
@@ -6427,7 +6431,7 @@ void ge_scalarmult_base(ge_p3 *h,const unsigned char *a)
   e[63] += carry;
   /* each e[i] is between -8 and 8 */
 
-#ifndef CURVED25519_X64
+#ifndef CURVED25519_ASM_64BIT
   ge_select(&t,0,e[1]);
   fe_sub(h->X, t.yplusx, t.yminusx);
   fe_add(h->Y, t.yplusx, t.yminusx);
@@ -6498,7 +6502,7 @@ static void slide(signed char *r,const unsigned char *a)
     }
 }
 
-#ifdef CURVED25519_X64
+#ifdef CURVED25519_ASM_64BIT
 static const ge_precomp Bi[8] = {
     {
         { 0x2fbc93c6f58c3b85, -0x306cd2390473f1e7, 0x270b4898643d42c2, 0x07cf9d3a33d4ba65,  },
@@ -6691,7 +6695,7 @@ int ge_double_scalarmult_vartime(ge_p2 *r, const unsigned char *a,
   return 0;
 }
 
-#ifdef CURVED25519_X64
+#ifdef CURVED25519_ASM_64BIT
 static const ge d = {
     0x75eb4dca135978a3, 0x00700a4d4141d8ab, -0x7338bf8688861768, 0x52036cee2b6ffe73,
     };
@@ -6708,7 +6712,7 @@ static const ge d = {
 #endif
 
 
-#ifdef CURVED25519_X64
+#ifdef CURVED25519_ASM_64BIT
 static const ge sqrtm1 = {
     -0x3b11e4d8b5f15f50, 0x2f431806ad2fe478, 0x2b4d00993dfbd7a7, 0x2b8324804fc1df0b,
     };
@@ -6775,7 +6779,7 @@ r = p + q
 
 static WC_INLINE void ge_madd(ge_p1p1 *r,const ge_p3 *p,const ge_precomp *q)
 {
-#ifndef CURVED25519_X64
+#ifndef CURVED25519_ASM_64BIT
     ge t0;
     fe_add(r->X,p->Y,p->X);
     fe_sub(r->Y,p->Y,p->X);
@@ -6802,7 +6806,7 @@ r = p - q
 
 static WC_INLINE void ge_msub(ge_p1p1 *r,const ge_p3 *p,const ge_precomp *q)
 {
-#ifndef CURVED25519_X64
+#ifndef CURVED25519_ASM_64BIT
     ge t0;
     fe_add(r->X,p->Y,p->X);
     fe_sub(r->Y,p->Y,p->X);
@@ -6828,7 +6832,7 @@ r = p
 
 static void ge_p1p1_to_p2(ge_p2 *r,const ge_p1p1 *p)
 {
-#ifndef CURVED25519_X64
+#ifndef CURVED25519_ASM_64BIT
   fe_mul(r->X,p->X,p->T);
   fe_mul(r->Y,p->Y,p->Z);
   fe_mul(r->Z,p->Z,p->T);
@@ -6846,7 +6850,7 @@ r = p
 
 static WC_INLINE void ge_p1p1_to_p3(ge_p3 *r,const ge_p1p1 *p)
 {
-#ifndef CURVED25519_X64
+#ifndef CURVED25519_ASM_64BIT
   fe_mul(r->X,p->X,p->T);
   fe_mul(r->Y,p->Y,p->Z);
   fe_mul(r->Z,p->Z,p->T);
@@ -6875,7 +6879,7 @@ r = 2 * p
 
 static WC_INLINE void ge_p2_dbl(ge_p1p1 *r,const ge_p2 *p)
 {
-#ifndef CURVED25519_X64
+#ifndef CURVED25519_ASM_64BIT
     ge t0;
     fe_sq(r->X,p->X);
     fe_sq(r->Z,p->Y);
@@ -6912,7 +6916,7 @@ static void ge_p3_dbl(ge_p1p1 *r,const ge_p3 *p)
 r = p
 */
 
-#ifdef CURVED25519_X64
+#ifdef CURVED25519_ASM_64BIT
 static const ge d2 = {
     -0x1429646bd94d0ea7, 0x00e0149a8283b156, 0x198e80f2eef3d130, 0x2406d9dc56dffce7,
     };
@@ -6966,7 +6970,7 @@ void ge_p3_tobytes(unsigned char *s,const ge_p3 *h)
 }
 
 
-#ifndef CURVED25519_X64
+#ifndef CURVED25519_ASM_64BIT
 /* ge_precomp_0 */
 static void ge_precomp_0(ge_precomp *h)
 {
@@ -6984,7 +6988,7 @@ r = p - q
 
 static WC_INLINE void ge_sub(ge_p1p1 *r,const ge_p3 *p,const ge_cached *q)
 {
-#ifndef CURVED25519_X64
+#ifndef CURVED25519_ASM_64BIT
     ge t0;
     fe_add(r->X,p->Y,p->X);
     fe_sub(r->Y,p->Y,p->X);

wolfcrypt/src/include.am

@@ -50,6 +50,8 @@ EXTRA_DIST += wolfcrypt/src/port/ti/ti-aes.c \
               wolfcrypt/src/port/nrf51.c \
               wolfcrypt/src/port/arm/armv8-aes.c \
               wolfcrypt/src/port/arm/armv8-sha256.c \
+              wolfcrypt/src/port/arm/armv8-curve25519.c \
+              wolfcrypt/src/port/arm/armv8-curve25519.S \
               wolfcrypt/src/port/nxp/ksdk_port.c \
               wolfcrypt/src/port/atmel/README.md \
               wolfcrypt/src/port/xilinx/xil-sha3.c \

wolfssl/wolfcrypt/fe_operations.h

@@ -39,6 +39,10 @@
     #define CURVED25519_128BIT
 #endif
 
+#if defined(CURVED25519_X64) || defined(WOLFSSL_ARMASM)
+    #define CURVED25519_ASM_64BIT
+#endif
+
 /*
 fe means field element.
 Here the field is \Z/(2^255-19).
@@ -72,7 +76,7 @@ WOLFSSL_LOCAL int  curve25519(byte * q, byte * n, byte * p);
 /* default to be faster but take more memory */
 #if !defined(CURVE25519_SMALL) || !defined(ED25519_SMALL)
 
-#ifdef CURVED25519_X64
+#ifdef CURVED25519_ASM_64BIT
     typedef int64_t  fe[4];
 #elif defined(CURVED25519_128BIT)
     typedef int64_t  fe[5];
@@ -108,7 +112,7 @@ WOLFSSL_LOCAL void fe_pow22523(fe,const fe);
 WOLFSSL_LOCAL uint64_t load_3(const unsigned char *in);
 WOLFSSL_LOCAL uint64_t load_4(const unsigned char *in);
 
-#ifdef CURVED25519_X64
+#ifdef CURVED25519_ASM_64BIT
 WOLFSSL_LOCAL void fe_ge_to_p2(fe rx, fe ry, fe rz, const fe px, const fe py,
                                const fe pz, const fe pt);
 WOLFSSL_LOCAL void fe_ge_to_p3(fe rx, fe ry, fe rz, fe rt, const fe px,
@@ -132,7 +136,7 @@ WOLFSSL_LOCAL void fe_ge_sub(fe rx, fe ry, fe rz, fe rt, const fe px,
                              const fe qt2d, const fe qyplusx,
                              const fe qyminusx);
 WOLFSSL_LOCAL void fe_cmov_table(fe* r, fe* base, signed char b);
-#endif /* CURVED25519_X64 */
+#endif /* CURVED25519_ASM_64BIT */
 #endif /* !CURVE25519_SMALL || !ED25519_SMALL */
 
 /* Use less memory and only 32bit types or less, but is slower

wolfssl/wolfcrypt/ge_operations.h

@@ -47,7 +47,7 @@ Representations:
 
 #ifdef ED25519_SMALL
   typedef byte     ge[F25519_SIZE];
-#elif defined(CURVED25519_X64)
+#elif defined(CURVED25519_ASM_64BIT)
   typedef int64_t  ge[4];
 #elif defined(CURVED25519_128BIT)
   typedef int64_t  ge[5];