[git commit] tls: code shrink in curve 25519

Denys Vlasenko vda.linux at googlemail.com
Wed Apr 28 10:19:24 UTC 2021


commit: https://git.busybox.net/busybox/commit/?id=b35eef5383a4e7a6fb60fcf3833654a0bb2245e0
branch: https://git.busybox.net/busybox/commit/?id=refs/heads/master

function                                             old     new   delta
curve25519                                           832     849     +17
curve_x25519_compute_pubkey_and_premaster             74      71      -3
static.basepoint9                                     32       -     -32
------------------------------------------------------------------------------
(add/remove: 0/1 grow/shrink: 1/1 up/down: 17/-35)            Total: -18 bytes

Signed-off-by: Denys Vlasenko <vda.linux at googlemail.com>
---
 networking/tls_fe.c | 46 +++++++++++++++++++++++++++-------------------
 1 file changed, 27 insertions(+), 19 deletions(-)

diff --git a/networking/tls_fe.c b/networking/tls_fe.c
index e96b33225..ecb410281 100644
--- a/networking/tls_fe.c
+++ b/networking/tls_fe.c
@@ -108,26 +108,26 @@ static void raw_try_sub(byte *x, const byte *p)
 #if 0 //UNUSED
 static int prime_msb(const byte *p)
 {
-    int i;
-    byte x;
-    int shift = 1;
-    int z     = F25519_SIZE - 1;
-
-   /*
-       Test for any hot bits.
-       As soon as one instance is encountered set shift to 0.
-    */
+	int i;
+	byte x;
+	int shift = 1;
+	int z     = F25519_SIZE - 1;
+
+	/*
+	    Test for any hot bits.
+	    As soon as one instance is encountered set shift to 0.
+	 */
 	for (i = F25519_SIZE - 1; i >= 0; i--) {
-        shift &= ((shift ^ ((-p[i] | p[i]) >> 7)) & 1);
-        z -= shift;
-    }
+		shift &= ((shift ^ ((-p[i] | p[i]) >> 7)) & 1);
+		z -= shift;
+	}
 	x = p[z];
 	z <<= 3;
-    shift = 1;
-    for (i = 0; i < 8; i++) {
-        shift &= ((-(x >> i) | (x >> i)) >> (7 - i) & 1);
-        z += shift;
-    }
+	shift = 1;
+	for (i = 0; i < 8; i++) {
+		shift &= ((-(x >> i) | (x >> i)) >> (7 - i) & 1);
+		z += shift;
+	}
 
 	return z - 1;
 }
@@ -549,6 +549,9 @@ static void curve25519(byte *result, const byte *e, const byte *q)
 	int i;
 
 	struct {
+		/* for bbox's special case of q == NULL meaning "use basepoint" */
+		/*static const*/ uint8_t basepoint9[CURVE25519_KEYSIZE]; // = {9};
+
 		/* from wolfssl-3.15.3/wolfssl/wolfcrypt/fe_operations.h */
 		/*static const*/ byte f25519_one[F25519_SIZE]; // = {1};
 
@@ -559,6 +562,7 @@ static void curve25519(byte *result, const byte *e, const byte *q)
 		byte xm1[F25519_SIZE]; // = {1};
 		byte zm1[F25519_SIZE]; // = {0};
 	} z;
+#define basepoint9 z.basepoint9
 #define f25519_one z.f25519_one
 #define xm         z.xm
 #define zm         z.zm
@@ -569,6 +573,11 @@ static void curve25519(byte *result, const byte *e, const byte *q)
 	zm[0] = 1;
 	xm1[0] = 1;
 
+	if (!q) {
+		basepoint9[0] = 9;
+		q = basepoint9;
+	}
+
 	/* Note: bit 254 is assumed to be 1 */
 	lm_copy(xm, q);
 
@@ -606,7 +615,6 @@ void FAST_FUNC curve_x25519_compute_pubkey_and_premaster(
 		uint8_t *pubkey, uint8_t *premaster,
 		const uint8_t *peerkey32)
 {
-	static const uint8_t basepoint9[CURVE25519_KEYSIZE] ALIGN8 = {9};
 	uint8_t privkey[CURVE25519_KEYSIZE]; //[32]
 
 	/* Generate random private key, see RFC 7748 */
@@ -615,7 +623,7 @@ void FAST_FUNC curve_x25519_compute_pubkey_and_premaster(
 	privkey[CURVE25519_KEYSIZE-1] = ((privkey[CURVE25519_KEYSIZE-1] & 0x7f) | 0x40);
 
 	/* Compute public key */
-	curve25519(pubkey, privkey, basepoint9);
+	curve25519(pubkey, privkey, NULL /* "use base point of x25519" */);
 
 	/* Compute premaster using peer's public key */
 	curve25519(premaster, privkey, peerkey32);


More information about the busybox-cvs mailing list