added 32-bit implementation of optimised secp521r1 mmod

- the implementation does not work for unknown reason, but gives overview of final performance of P-521 - details can be tracked here: kmackay#99 (comment)
Umair-Anwar · Aug 22, 2024 · 2f05d85 · 2f05d85
1 parent c89c032
commit 2f05d85
Showing 1 changed file with 27 additions and 0 deletions.
diff --git a/curve-specific.inc b/curve-specific.inc
@@ -1330,6 +1330,32 @@ uECC_Curve uECC_secp521r1(void) { return &curve_secp521r1; }
 #if (uECC_OPTIMIZATION_LEVEL > 0)
 /* Computes result = product % curve_p
    from https://www.iad.gov/iad/customcf/openAttachment.cfm?FilePath=/iad/library/ia-guidance/ia-solutions-for-classified/algorithm-guidance/assets/public/upload/Mathematical-routines-for-the-NIST-prime-elliptic-curves.pdf&WpKes=aF6woL7fQp3dJiyEfkweRSR88VCgsUeRStm5D9 */
+
+#if uECC_WORD_SIZE == 4
+static void vli_mmod_fast_secp521r1(uint32_t *result, uint32_t *product) {
+    uint32_t tmp[ num_words_secp521r1 ];
+    int carry;
+    int i;
+
+    /* t */
+    uECC_vli_set(result, product, num_words_secp521r1);
+
+    result[ num_words_secp521r1 - 1 ] &= 0x01FF;
+
+    /* s */
+    for ( i = 0; i < num_words_secp521r1 - 2; ++i ) {
+        tmp[ i ] = ( product[ num_words_secp521r1 - 1 + i ] >> 9 ) | ( product[ num_words_secp521r1 + i ] << 23 );
+    }
+    tmp[ num_words_secp521r1 - 1 ] = ( product[ num_words_secp521r1 + num_words_secp521r1 - 1 ] >> 9 ) & 0x01FF;
+
+    carry = (int)uECC_vli_add(result, result, tmp, num_words_secp521r1);
+
+    while (carry || uECC_vli_cmp_unsafe(curve_secp521r1.p, result, num_words_secp521r1) != 1) {
+         carry -= uECC_vli_sub( result, result, curve_secp521r1.p, num_words_secp521r1);
+    }
+
+}
+#else
 static void vli_mmod_fast_secp521r1(uint64_t *result, uint64_t *product) {
     uint64_t tmp[ num_words_secp521r1 ];
     int carry;
@@ -1353,6 +1379,7 @@ static void vli_mmod_fast_secp521r1(uint64_t *result, uint64_t *product) {
     }
 
 }
+#endif
 #endif /* uECC_OPTIMIZATION_LEVEL > 0 */