From b417368c7bbf1c46dae0570abcb24cf5d6e0f106 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Thu, 28 Jun 2018 12:45:25 -0400 Subject: Expose reduction mod p in CurveGFp This is slightly slower for Brainpool, but NIST curves are 5% faster. --- src/lib/pubkey/ec_group/curve_gfp.cpp | 27 ++++++++++++++++----------- src/lib/pubkey/ec_group/curve_gfp.h | 7 +++++++ src/lib/pubkey/ec_group/point_gfp.cpp | 10 +++++----- 3 files changed, 28 insertions(+), 16 deletions(-) (limited to 'src/lib') diff --git a/src/lib/pubkey/ec_group/curve_gfp.cpp b/src/lib/pubkey/ec_group/curve_gfp.cpp index 8ce8a6732..bd68a3ed7 100644 --- a/src/lib/pubkey/ec_group/curve_gfp.cpp +++ b/src/lib/pubkey/ec_group/curve_gfp.cpp @@ -60,6 +60,8 @@ class CurveGFp_Montgomery final : public CurveGFp_Repr size_t get_ws_size() const override { return 2*m_p_words + 4; } + void redc_mod_p(BigInt& z, secure_vector& ws) const override; + BigInt invert_element(const BigInt& x, secure_vector& ws) const override; void to_curve_rep(BigInt& x, secure_vector& ws) const override; @@ -91,6 +93,11 @@ class CurveGFp_Montgomery final : public CurveGFp_Repr bool m_a_is_minus_3; }; +void CurveGFp_Montgomery::redc_mod_p(BigInt& z, secure_vector& ws) const + { + z.reduce_below(m_p, ws); + } + BigInt CurveGFp_Montgomery::invert_element(const BigInt& x, secure_vector& ws) const { // Should we use Montgomery inverse instead? @@ -195,10 +202,10 @@ class CurveGFp_NIST : public CurveGFp_Repr bool is_one(const BigInt& x) const override { return x == 1; } void to_curve_rep(BigInt& x, secure_vector& ws) const override - { redc(x, ws); } + { redc_mod_p(x, ws); } void from_curve_rep(BigInt& x, secure_vector& ws) const override - { redc(x, ws); } + { redc_mod_p(x, ws); } BigInt invert_element(const BigInt& x, secure_vector& ws) const override; @@ -225,8 +232,6 @@ class CurveGFp_NIST : public CurveGFp_Repr size_t x_size, secure_vector& ws) const override; private: - virtual void redc(BigInt& x, secure_vector& ws) const = 0; - // Curve parameters BigInt m_1; BigInt m_a, m_b; @@ -259,7 +264,7 @@ void CurveGFp_NIST::curve_mul_words(BigInt& z, y.data(), y.size(), std::min(m_p_words, y.size()), ws.data(), ws.size()); - this->redc(z, ws); + this->redc_mod_p(z, ws); } void CurveGFp_NIST::curve_sqr_words(BigInt& z, const word x[], size_t x_size, @@ -276,7 +281,7 @@ void CurveGFp_NIST::curve_sqr_words(BigInt& z, const word x[], size_t x_size, x, x_size, std::min(m_p_words, x_size), ws.data(), ws.size()); - this->redc(z, ws); + this->redc_mod_p(z, ws); } #if defined(BOTAN_HAS_NIST_PRIME_REDUCERS_W32) @@ -290,7 +295,7 @@ class CurveGFp_P192 final : public CurveGFp_NIST CurveGFp_P192(const BigInt& a, const BigInt& b) : CurveGFp_NIST(192, a, b) {} const BigInt& get_p() const override { return prime_p192(); } private: - void redc(BigInt& x, secure_vector& ws) const override { redc_p192(x, ws); } + void redc_mod_p(BigInt& x, secure_vector& ws) const override { redc_p192(x, ws); } }; /** @@ -302,7 +307,7 @@ class CurveGFp_P224 final : public CurveGFp_NIST CurveGFp_P224(const BigInt& a, const BigInt& b) : CurveGFp_NIST(224, a, b) {} const BigInt& get_p() const override { return prime_p224(); } private: - void redc(BigInt& x, secure_vector& ws) const override { redc_p224(x, ws); } + void redc_mod_p(BigInt& x, secure_vector& ws) const override { redc_p224(x, ws); } }; /** @@ -314,7 +319,7 @@ class CurveGFp_P256 final : public CurveGFp_NIST CurveGFp_P256(const BigInt& a, const BigInt& b) : CurveGFp_NIST(256, a, b) {} const BigInt& get_p() const override { return prime_p256(); } private: - void redc(BigInt& x, secure_vector& ws) const override { redc_p256(x, ws); } + void redc_mod_p(BigInt& x, secure_vector& ws) const override { redc_p256(x, ws); } BigInt invert_element(const BigInt& x, secure_vector& ws) const override; }; @@ -389,7 +394,7 @@ class CurveGFp_P384 final : public CurveGFp_NIST CurveGFp_P384(const BigInt& a, const BigInt& b) : CurveGFp_NIST(384, a, b) {} const BigInt& get_p() const override { return prime_p384(); } private: - void redc(BigInt& x, secure_vector& ws) const override { redc_p384(x, ws); } + void redc_mod_p(BigInt& x, secure_vector& ws) const override { redc_p384(x, ws); } BigInt invert_element(const BigInt& x, secure_vector& ws) const override; }; @@ -475,7 +480,7 @@ class CurveGFp_P521 final : public CurveGFp_NIST CurveGFp_P521(const BigInt& a, const BigInt& b) : CurveGFp_NIST(521, a, b) {} const BigInt& get_p() const override { return prime_p521(); } private: - void redc(BigInt& x, secure_vector& ws) const override { redc_p521(x, ws); } + void redc_mod_p(BigInt& x, secure_vector& ws) const override { redc_p521(x, ws); } BigInt invert_element(const BigInt& x, secure_vector& ws) const override; }; diff --git a/src/lib/pubkey/ec_group/curve_gfp.h b/src/lib/pubkey/ec_group/curve_gfp.h index 85640b442..338b524e8 100644 --- a/src/lib/pubkey/ec_group/curve_gfp.h +++ b/src/lib/pubkey/ec_group/curve_gfp.h @@ -49,6 +49,8 @@ class BOTAN_UNSTABLE_API CurveGFp_Repr */ virtual const BigInt& get_1_rep() const = 0; + virtual void redc_mod_p(BigInt& z, secure_vector& ws) const = 0; + virtual BigInt invert_element(const BigInt& x, secure_vector& ws) const = 0; virtual void to_curve_rep(BigInt& x, secure_vector& ws) const = 0; @@ -169,6 +171,11 @@ class BOTAN_UNSTABLE_API CurveGFp final // TODO: from_rep taking && ref + void redc_mod_p(BigInt& z, secure_vector& ws) const + { + m_repr->redc_mod_p(z, ws); + } + void mul(BigInt& z, const BigInt& x, const BigInt& y, secure_vector& ws) const { m_repr->curve_mul(z, x, y, ws); diff --git a/src/lib/pubkey/ec_group/point_gfp.cpp b/src/lib/pubkey/ec_group/point_gfp.cpp index 4c048427f..77803de78 100644 --- a/src/lib/pubkey/ec_group/point_gfp.cpp +++ b/src/lib/pubkey/ec_group/point_gfp.cpp @@ -304,14 +304,14 @@ void PointGFp::mult2(std::vector& ws_bn) m_curve.mul(T1, m_coord_x, T0, ws); T1 <<= 2; // * 4 - T1.reduce_below(p, sub_ws); + m_curve.redc_mod_p(T1, sub_ws); if(m_curve.a_is_zero()) { // if a == 0 then 3*x^2 + a*z^4 is just 3*x^2 m_curve.sqr(T4, m_coord_x, ws); // x^2 T4 *= 3; // 3*x^2 - T4.reduce_below(p, sub_ws); + m_curve.redc_mod_p(T4, sub_ws); } else if(m_curve.a_is_minus_3()) { @@ -331,7 +331,7 @@ void PointGFp::mult2(std::vector& ws_bn) m_curve.mul(T4, T2, T3, ws); // (x-z^2)*(x+z^2) T4 *= 3; // 3*(x-z^2)*(x+z^2) - T4.reduce_below(p, sub_ws); + m_curve.redc_mod_p(T4, sub_ws); } else { @@ -350,7 +350,7 @@ void PointGFp::mult2(std::vector& ws_bn) m_curve.sqr(T3, T0, ws); T3 <<= 3; - T3.reduce_below(p, sub_ws); + m_curve.redc_mod_p(T3, sub_ws); T1.mod_sub(T2, p, sub_ws); @@ -361,7 +361,7 @@ void PointGFp::mult2(std::vector& ws_bn) m_curve.mul(T2, m_coord_y, m_coord_z, ws); T2 <<= 1; - T2.reduce_below(p, sub_ws); + m_curve.redc_mod_p(T2, sub_ws); m_coord_y = T0; m_coord_z = T2; -- cgit v1.2.3