[git commit] tls: P256: remove NOP macro sp_256_norm_8()

Denys Vlasenko vda.linux at googlemail.com
Wed Jul 13 14:11:17 UTC 2022


commit: https://git.busybox.net/busybox/commit/?id=7b969bb2ada4d7757229fd735135f7720ef8008c
branch: https://git.busybox.net/busybox/commit/?id=refs/heads/master

Signed-off-by: Denys Vlasenko <vda.linux at googlemail.com>
---
 networking/tls_sp_c32.c | 35 +++++------------------------------
 1 file changed, 5 insertions(+), 30 deletions(-)

diff --git a/networking/tls_sp_c32.c b/networking/tls_sp_c32.c
index 292dda24e..a593c5c40 100644
--- a/networking/tls_sp_c32.c
+++ b/networking/tls_sp_c32.c
@@ -68,9 +68,6 @@ static const sp_digit p256_mod[8] ALIGNED(8) = {
 
 #define p256_mp_mod ((sp_digit)0x000001)
 
-/* Normalize the values in each word to 32 bits - NOP */
-#define sp_256_norm_8(a) ((void)0)
-
 /* Write r as big endian to byte array.
  * Fixed length number of bytes written: 32
  *
@@ -83,8 +80,6 @@ static void sp_256_to_bin_8(const sp_digit* rr, uint8_t* a)
 	int i;
 	const uint64_t* r = (void*)rr;
 
-	sp_256_norm_8(rr);
-
 	r += 4;
 	for (i = 0; i < 4; i++) {
 		r--;
@@ -97,8 +92,6 @@ static void sp_256_to_bin_8(const sp_digit* r, uint8_t* a)
 {
 	int i;
 
-	sp_256_norm_8(r);
-
 	r += 8;
 	for (i = 0; i < 8; i++) {
 		r--;
@@ -641,7 +634,6 @@ static void sp_256_div2_8(sp_digit* r /*, const sp_digit* m*/)
 	int carry = 0;
 	if (r[0] & 1)
 		carry = sp_256_add_8(r, r, m);
-	sp_256_norm_8(r);
 	sp_256_rshift1_8(r, carry);
 }
 
@@ -652,10 +644,8 @@ static void sp_256_mont_add_8(sp_digit* r, const sp_digit* a, const sp_digit* b
 //	const sp_digit* m = p256_mod;
 
 	int carry = sp_256_add_8(r, a, b);
-	sp_256_norm_8(r);
 	if (carry) {
 		sp_256_sub_8_p256_mod(r);
-		sp_256_norm_8(r);
 	}
 }
 
@@ -667,10 +657,8 @@ static void sp_256_mont_sub_8(sp_digit* r, const sp_digit* a, const sp_digit* b
 
 	int borrow;
 	borrow = sp_256_sub_8(r, a, b);
-	sp_256_norm_8(r);
 	if (borrow) {
 		sp_256_add_8(r, r, m);
-		sp_256_norm_8(r);
 	}
 }
 
@@ -680,10 +668,8 @@ static void sp_256_mont_dbl_8(sp_digit* r, const sp_digit* a /*, const sp_digit*
 //	const sp_digit* m = p256_mod;
 
 	int carry = sp_256_add_8(r, a, a);
-	sp_256_norm_8(r);
 	if (carry)
 		sp_256_sub_8_p256_mod(r);
-	sp_256_norm_8(r);
 }
 
 /* Triple a Montgomery form number (r = a + a + a % m) */
@@ -692,16 +678,12 @@ static void sp_256_mont_tpl_8(sp_digit* r, const sp_digit* a /*, const sp_digit*
 //	const sp_digit* m = p256_mod;
 
 	int carry = sp_256_add_8(r, a, a);
-	sp_256_norm_8(r);
 	if (carry) {
 		sp_256_sub_8_p256_mod(r);
-		sp_256_norm_8(r);
 	}
 	carry = sp_256_add_8(r, r, a);
-	sp_256_norm_8(r);
 	if (carry) {
 		sp_256_sub_8_p256_mod(r);
-		sp_256_norm_8(r);
 	}
 }
 
@@ -844,7 +826,6 @@ static void sp_512to256_mont_reduce_8(sp_digit* r, sp_digit* aa/*, const sp_digi
 	sp_512to256_mont_shift_8(r, aa);
 	if (carry != 0)
 		sp_256_sub_8_p256_mod(r);
-	sp_256_norm_8(r);
 }
 
 #else /* Generic 32-bit version */
@@ -1003,8 +984,6 @@ static int sp_256_mul_add_8(sp_digit* r /*, const sp_digit* a, sp_digit b*/)
  * [In our case, it is (p256_mp_mod * a[1]) << 32.]
  * And so on. Eventually T is divisible by R, and after division by R
  * the algorithm is in the same place as the usual Montgomery reduction.
- *
- * TODO: Can conditionally use 64-bit (if bit-little-endian arch) logic?
  */
 static void sp_512to256_mont_reduce_8(sp_digit* r, sp_digit* a/*, const sp_digit* m, sp_digit mp*/)
 {
@@ -1032,7 +1011,6 @@ static void sp_512to256_mont_reduce_8(sp_digit* r, sp_digit* a/*, const sp_digit
 		sp_512to256_mont_shift_8(r, a);
 		if (word16th != 0)
 			sp_256_sub_8_p256_mod(r);
-		sp_256_norm_8(r);
 	}
 	else { /* Same code for explicit mp == 1 (which is always the case for P256) */
 		sp_digit word16th = 0;
@@ -1052,7 +1030,6 @@ static void sp_512to256_mont_reduce_8(sp_digit* r, sp_digit* a/*, const sp_digit
 		sp_512to256_mont_shift_8(r, a);
 		if (word16th != 0)
 			sp_256_sub_8_p256_mod(r);
-		sp_256_norm_8(r);
 	}
 }
 #endif
@@ -1208,14 +1185,12 @@ static void sp_256_map_8(sp_point* r, sp_point* p)
 	/* Reduce x to less than modulus */
 	if (sp_256_cmp_8(r->x, p256_mod) >= 0)
 		sp_256_sub_8_p256_mod(r->x);
-	sp_256_norm_8(r->x);
 
 	/* y /= z^3 */
 	sp_256_mont_mul_and_reduce_8(r->y, p->y, t1 /*, p256_mod, p256_mp_mod*/);
 	/* Reduce y to less than modulus */
 	if (sp_256_cmp_8(r->y, p256_mod) >= 0)
 		sp_256_sub_8_p256_mod(r->y);
-	sp_256_norm_8(r->y);
 
 	memset(r->z, 0, sizeof(r->z));
 	r->z[0] = 1;
@@ -1300,7 +1275,6 @@ static NOINLINE void sp_256_proj_point_add_8(sp_point* r, sp_point* p, sp_point*
 
 	/* Check double */
 	sp_256_sub_8(t1, p256_mod, q->y);
-	sp_256_norm_8(t1);
 	if (sp_256_cmp_equal_8(p->x, q->x)
 	 && sp_256_cmp_equal_8(p->z, q->z)
 	 && (sp_256_cmp_equal_8(p->y, q->y) || sp_256_cmp_equal_8(p->y, t1))
@@ -1422,14 +1396,15 @@ static void sp_256_ecc_mulmod_8(sp_point* r, const sp_point* g, const sp_digit*
 static void sp_256_ecc_mulmod_base_8(sp_point* r, sp_digit* k /*, int map*/)
 {
 	/* Since this function is called only once, save space:
-	 * don't have "static const sp_point p256_base = {...}",
-	 * it would have more zeros than data.
+	 * don't have "static const sp_point p256_base = {...}".
 	 */
 	static const uint8_t p256_base_bin[] = {
 		/* x (big-endian) */
-		0x6b,0x17,0xd1,0xf2,0xe1,0x2c,0x42,0x47,0xf8,0xbc,0xe6,0xe5,0x63,0xa4,0x40,0xf2,0x77,0x03,0x7d,0x81,0x2d,0xeb,0x33,0xa0,0xf4,0xa1,0x39,0x45,0xd8,0x98,0xc2,0x96,
+		0x6b,0x17,0xd1,0xf2,0xe1,0x2c,0x42,0x47,0xf8,0xbc,0xe6,0xe5,0x63,0xa4,0x40,0xf2,
+		0x77,0x03,0x7d,0x81,0x2d,0xeb,0x33,0xa0,0xf4,0xa1,0x39,0x45,0xd8,0x98,0xc2,0x96,
 		/* y */
-		0x4f,0xe3,0x42,0xe2,0xfe,0x1a,0x7f,0x9b,0x8e,0xe7,0xeb,0x4a,0x7c,0x0f,0x9e,0x16,0x2b,0xce,0x33,0x57,0x6b,0x31,0x5e,0xce,0xcb,0xb6,0x40,0x68,0x37,0xbf,0x51,0xf5,
+		0x4f,0xe3,0x42,0xe2,0xfe,0x1a,0x7f,0x9b,0x8e,0xe7,0xeb,0x4a,0x7c,0x0f,0x9e,0x16,
+		0x2b,0xce,0x33,0x57,0x6b,0x31,0x5e,0xce,0xcb,0xb6,0x40,0x68,0x37,0xbf,0x51,0xf5,
 		/* z will be set to 1, infinity flag to "false" */
 	};
 	sp_point p256_base;


More information about the busybox-cvs mailing list