diff --git a/wolfcrypt/src/port/arm/armv8-32-curve25519.S b/wolfcrypt/src/port/arm/armv8-32-curve25519.S index e307cb9fb4..7171e8c060 100644 --- a/wolfcrypt/src/port/arm/armv8-32-curve25519.S +++ b/wolfcrypt/src/port/arm/armv8-32-curve25519.S @@ -3677,6 +3677,33 @@ L_curve25519_inv_8: ldr r1, [sp, #160] ldr r0, [sp, #160] bl fe_mul_op + # Ensure result is less than modulus + ldr r0, [sp, #160] + ldm r0, {r4, r5, r6, r7, r8, r9, r10, r11} + adds r2, r4, #19 + adcs r2, r5, #0 + adcs r2, r6, #0 + adcs r2, r7, #0 + adcs r2, r8, #0 + adcs r2, r9, #0 + adcs r2, r10, #0 + adc r2, r11, #0 + asr r2, r2, #31 + and r2, r2, #19 + adds r4, r4, r2 + adcs r5, r5, #0 + adcs r6, r6, #0 + adcs r7, r7, #0 + adcs r8, r8, #0 + adcs r9, r9, #0 + adcs r10, r10, #0 + adc r11, r11, #0 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + bic r11, r11, #0x80000000 +#else + bfc r11, #31, #1 +#endif + stm r0, {r4, r5, r6, r7, r8, r9, r10, r11} mov r0, #0 add sp, sp, #0xbc pop {r4, r5, r6, r7, r8, r9, r10, r11, pc} @@ -3959,21 +3986,29 @@ L_curve25519_inv_8: # Ensure result is less than modulus ldr r0, [sp, #176] ldm r0, {r4, r5, r6, r7, r8, r9, r10, r11} - mov r2, #19 - and r2, r2, r11, asr #31 + adds r2, r4, #19 + adcs r2, r5, #0 + adcs r2, r6, #0 + adcs r2, r7, #0 + adcs r2, r8, #0 + adcs r2, r9, #0 + adcs r2, r10, #0 + adc r2, r11, #0 + asr r2, r2, #31 + and r2, r2, #19 adds r4, r4, r2 adcs r5, r5, #0 adcs r6, r6, #0 adcs r7, r7, #0 adcs r8, r8, #0 adcs r9, r9, #0 + adcs r10, r10, #0 + adc r11, r11, #0 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) bic r11, r11, #0x80000000 #else bfc r11, #31, #1 #endif - adcs r10, r10, #0 - adc r11, r11, #0 stm r0, {r4, r5, r6, r7, r8, r9, r10, r11} mov r0, #0 add sp, sp, #0xc0 diff --git a/wolfcrypt/src/port/arm/armv8-32-curve25519_c.c b/wolfcrypt/src/port/arm/armv8-32-curve25519_c.c index c981871e4b..726c02905f 100644 --- a/wolfcrypt/src/port/arm/armv8-32-curve25519_c.c +++ b/wolfcrypt/src/port/arm/armv8-32-curve25519_c.c @@ -4082,6 +4082,33 @@ WC_OMIT_FRAME_POINTER int curve25519(byte* r, const byte* n, const byte* a) "ldr r1, [sp, #160]\n\t" "ldr r0, [sp, #160]\n\t" "bl fe_mul_op\n\t" + /* Ensure result is less than modulus */ + "ldr %[r], [sp, #160]\n\t" + "ldm %[r], {r4, r5, r6, r7, r8, r9, r10, r11}\n\t" + "adds %[a], r4, #19\n\t" + "adcs %[a], r5, #0\n\t" + "adcs %[a], r6, #0\n\t" + "adcs %[a], r7, #0\n\t" + "adcs %[a], r8, #0\n\t" + "adcs %[a], r9, #0\n\t" + "adcs %[a], r10, #0\n\t" + "adc %[a], r11, #0\n\t" + "asr %[a], %[a], #31\n\t" + "and %[a], %[a], #19\n\t" + "adds r4, r4, %[a]\n\t" + "adcs r5, r5, #0\n\t" + "adcs r6, r6, #0\n\t" + "adcs r7, r7, #0\n\t" + "adcs r8, r8, #0\n\t" + "adcs r9, r9, #0\n\t" + "adcs r10, r10, #0\n\t" + "adc r11, r11, #0\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "bic r11, r11, #0x80000000\n\t" +#else + "bfc r11, #31, #1\n\t" +#endif + "stm %[r], {r4, r5, r6, r7, r8, r9, r10, r11}\n\t" "mov r0, #0\n\t" "add sp, sp, #0xbc\n\t" #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -4392,21 +4419,29 @@ WC_OMIT_FRAME_POINTER int curve25519(byte* r, const byte* n, const byte* a) /* Ensure result is less than modulus */ "ldr %[r], [sp, #176]\n\t" "ldm %[r], {r4, r5, r6, r7, r8, r9, r10, r11}\n\t" - "mov %[a], #19\n\t" - "and %[a], %[a], r11, asr #31\n\t" + "adds %[a], r4, #19\n\t" + "adcs %[a], r5, #0\n\t" + "adcs %[a], r6, #0\n\t" + "adcs %[a], r7, #0\n\t" + "adcs %[a], r8, #0\n\t" + "adcs %[a], r9, #0\n\t" + "adcs %[a], r10, #0\n\t" + "adc %[a], r11, #0\n\t" + "asr %[a], %[a], #31\n\t" + "and %[a], %[a], #19\n\t" "adds r4, r4, %[a]\n\t" "adcs r5, r5, #0\n\t" "adcs r6, r6, #0\n\t" "adcs r7, r7, #0\n\t" "adcs r8, r8, #0\n\t" "adcs r9, r9, #0\n\t" + "adcs r10, r10, #0\n\t" + "adc r11, r11, #0\n\t" #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) "bic r11, r11, #0x80000000\n\t" #else "bfc r11, #31, #1\n\t" #endif - "adcs r10, r10, #0\n\t" - "adc r11, r11, #0\n\t" "stm %[r], {r4, r5, r6, r7, r8, r9, r10, r11}\n\t" "mov r0, #0\n\t" "add sp, sp, #0xc0\n\t"