forked from wolfSSL/wolfssl
wolfcrypt/src/ge_448.c: redo small stack refactor of ge448_double_scalarmult_vartime(), so that when -UWOLFSSL_SMALL_STACK, code is effectively unchanged.
This commit is contained in:
Daniel Pouzzner
@ -10655,7 +10655,7 @@ static void slide(int8_t *r, const uint8_t *a)
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
/* Perform a scalar multplication of the base point and public point.
|
/* Perform a scalar multiplication of the base point and public point.
|
||||||
* r = a * p + b * base
|
* r = a * p + b * base
|
||||||
* Uses a sliding window of 5 bits.
|
* Uses a sliding window of 5 bits.
|
||||||
* Not constant time.
|
* Not constant time.
|
||||||
@ -10667,25 +10667,24 @@ int ge448_double_scalarmult_vartime(ge448_p2 *r, const uint8_t *a,
|
|||||||
const ge448_p2 *p, const uint8_t *b)
|
const ge448_p2 *p, const uint8_t *b)
|
||||||
{
|
{
|
||||||
#define GE448_WINDOW_BUF_SIZE 448
|
#define GE448_WINDOW_BUF_SIZE 448
|
||||||
|
|
||||||
|
#if !defined(WOLFSSL_SMALL_STACK) || (defined(WOLFSSL_NO_MALLOC) && !defined(XMALLOC_USER))
|
||||||
|
int8_t aslide[GE448_WINDOW_BUF_SIZE];
|
||||||
|
int8_t bslide[GE448_WINDOW_BUF_SIZE];
|
||||||
|
ge448_p2 pi[16]; /* p,3p,..,31p */
|
||||||
|
ge448_p2 p2;
|
||||||
|
int i;
|
||||||
|
|
||||||
|
#define PI_PTR(pi) (&(pi))
|
||||||
|
#else
|
||||||
int8_t *aslide = NULL;
|
int8_t *aslide = NULL;
|
||||||
int8_t *bslide = NULL;
|
int8_t *bslide = NULL;
|
||||||
ge448_p2 *pi[16]; /* p,3p,..,31p */
|
ge448_p2 *pi[16]; /* p,3p,..,31p */
|
||||||
ge448_p2 *p2 = NULL;
|
ge448_p2 *p2 = NULL;
|
||||||
int i;
|
int i, ret;
|
||||||
int ret;
|
|
||||||
|
|
||||||
#if defined(WOLFSSL_NO_MALLOC) && !defined(XMALLOC_USER)
|
#define PI_PTR(pi) (pi)
|
||||||
int8_t aslide_buf[GE448_WINDOW_BUF_SIZE];
|
|
||||||
int8_t bslide_buf[GE448_WINDOW_BUF_SIZE];
|
|
||||||
ge448_p2 pi_buf[16];
|
|
||||||
ge448_p2 p2_buf;
|
|
||||||
|
|
||||||
aslide = &aslide_buf[0];
|
|
||||||
bslide = &bslide_buf[0];
|
|
||||||
for (i = 0; i < (int)(sizeof pi / sizeof pi[0]); ++i)
|
|
||||||
pi[i] = &pi_buf[i];
|
|
||||||
p2 = &p2_buf;
|
|
||||||
#else
|
|
||||||
XMEMSET(pi, 0, sizeof pi);
|
XMEMSET(pi, 0, sizeof pi);
|
||||||
aslide = (int8_t *)XMALLOC(GE448_WINDOW_BUF_SIZE, NULL, DYNAMIC_TYPE_TMP_BUFFER);
|
aslide = (int8_t *)XMALLOC(GE448_WINDOW_BUF_SIZE, NULL, DYNAMIC_TYPE_TMP_BUFFER);
|
||||||
if (! aslide) {
|
if (! aslide) {
|
||||||
@ -10714,25 +10713,25 @@ int ge448_double_scalarmult_vartime(ge448_p2 *r, const uint8_t *a,
|
|||||||
slide(aslide, a);
|
slide(aslide, a);
|
||||||
slide(bslide, b);
|
slide(bslide, b);
|
||||||
|
|
||||||
fe448_copy(pi[0]->X, p->X);
|
fe448_copy(PI_PTR(pi[0])->X, p->X);
|
||||||
fe448_copy(pi[0]->Y, p->Y);
|
fe448_copy(PI_PTR(pi[0])->Y, p->Y);
|
||||||
fe448_copy(pi[0]->Z, p->Z);
|
fe448_copy(PI_PTR(pi[0])->Z, p->Z);
|
||||||
ge448_dbl(p2, p);
|
ge448_dbl(PI_PTR(p2), p);
|
||||||
ge448_add(pi[1], p2, pi[0]);
|
ge448_add(PI_PTR(pi[1]), PI_PTR(p2), PI_PTR(pi[0]));
|
||||||
ge448_add(pi[2], p2, pi[1]);
|
ge448_add(PI_PTR(pi[2]), PI_PTR(p2), PI_PTR(pi[1]));
|
||||||
ge448_add(pi[3], p2, pi[2]);
|
ge448_add(PI_PTR(pi[3]), PI_PTR(p2), PI_PTR(pi[2]));
|
||||||
ge448_add(pi[4], p2, pi[3]);
|
ge448_add(PI_PTR(pi[4]), PI_PTR(p2), PI_PTR(pi[3]));
|
||||||
ge448_add(pi[5], p2, pi[4]);
|
ge448_add(PI_PTR(pi[5]), PI_PTR(p2), PI_PTR(pi[4]));
|
||||||
ge448_add(pi[6], p2, pi[5]);
|
ge448_add(PI_PTR(pi[6]), PI_PTR(p2), PI_PTR(pi[5]));
|
||||||
ge448_add(pi[7], p2, pi[6]);
|
ge448_add(PI_PTR(pi[7]), PI_PTR(p2), PI_PTR(pi[6]));
|
||||||
ge448_add(pi[8], p2, pi[7]);
|
ge448_add(PI_PTR(pi[8]), PI_PTR(p2), PI_PTR(pi[7]));
|
||||||
ge448_add(pi[9], p2, pi[8]);
|
ge448_add(PI_PTR(pi[9]), PI_PTR(p2), PI_PTR(pi[8]));
|
||||||
ge448_add(pi[10], p2, pi[9]);
|
ge448_add(PI_PTR(pi[10]), PI_PTR(p2), PI_PTR(pi[9]));
|
||||||
ge448_add(pi[11], p2, pi[10]);
|
ge448_add(PI_PTR(pi[11]), PI_PTR(p2), PI_PTR(pi[10]));
|
||||||
ge448_add(pi[12], p2, pi[11]);
|
ge448_add(PI_PTR(pi[12]), PI_PTR(p2), PI_PTR(pi[11]));
|
||||||
ge448_add(pi[13], p2, pi[12]);
|
ge448_add(PI_PTR(pi[13]), PI_PTR(p2), PI_PTR(pi[12]));
|
||||||
ge448_add(pi[14], p2, pi[13]);
|
ge448_add(PI_PTR(pi[14]), PI_PTR(p2), PI_PTR(pi[13]));
|
||||||
ge448_add(pi[15], p2, pi[14]);
|
ge448_add(PI_PTR(pi[15]), PI_PTR(p2), PI_PTR(pi[14]));
|
||||||
|
|
||||||
ge448_0(r);
|
ge448_0(r);
|
||||||
|
|
||||||
@ -10747,9 +10746,9 @@ int ge448_double_scalarmult_vartime(ge448_p2 *r, const uint8_t *a,
|
|||||||
ge448_dbl(r, r);
|
ge448_dbl(r, r);
|
||||||
|
|
||||||
if (aslide[i] > 0)
|
if (aslide[i] > 0)
|
||||||
ge448_add(r, r, pi[aslide[i]/2]);
|
ge448_add(r, r, PI_PTR(pi[aslide[i]/2]));
|
||||||
else if (aslide[i] < 0)
|
else if (aslide[i] < 0)
|
||||||
ge448_sub(r, r ,pi[(-aslide[i])/2]);
|
ge448_sub(r, r ,PI_PTR(pi[(-aslide[i])/2]));
|
||||||
|
|
||||||
if (bslide[i] > 0)
|
if (bslide[i] > 0)
|
||||||
ge448_madd(r, r, &base_i[bslide[i]/2]);
|
ge448_madd(r, r, &base_i[bslide[i]/2]);
|
||||||
@ -10757,9 +10756,9 @@ int ge448_double_scalarmult_vartime(ge448_p2 *r, const uint8_t *a,
|
|||||||
ge448_msub(r, r, &base_i[(-bslide[i])/2]);
|
ge448_msub(r, r, &base_i[(-bslide[i])/2]);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
#if defined(WOLFSSL_SMALL_STACK) && !(defined(WOLFSSL_NO_MALLOC) && !defined(XMALLOC_USER))
|
||||||
ret = 0;
|
ret = 0;
|
||||||
|
|
||||||
#if !defined(WOLFSSL_NO_MALLOC) || defined(XMALLOC_USER)
|
|
||||||
out:
|
out:
|
||||||
|
|
||||||
if (aslide)
|
if (aslide)
|
||||||
@ -10772,9 +10771,13 @@ int ge448_double_scalarmult_vartime(ge448_p2 *r, const uint8_t *a,
|
|||||||
}
|
}
|
||||||
if (p2)
|
if (p2)
|
||||||
XFREE(p2, NULL, DYNAMIC_TYPE_TMP_BUFFER);
|
XFREE(p2, NULL, DYNAMIC_TYPE_TMP_BUFFER);
|
||||||
#endif
|
|
||||||
|
|
||||||
return ret;
|
return ret;
|
||||||
|
#else
|
||||||
|
return 0;
|
||||||
|
#endif
|
||||||
|
|
||||||
|
#undef PI_PTR
|
||||||
#undef GE448_WINDOW_BUF_SIZE
|
#undef GE448_WINDOW_BUF_SIZE
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
Reference in New Issue
Block a user