Skip to content

Commit

Permalink
P-256 ECDSA verification: Clarify multiplication.
Browse files Browse the repository at this point in the history 
Move more of the logic for the nistz256 multiplication into Rust.
  • Loading branch information
@briansmith
briansmith committed Oct 17, 2023
1 parent b59316a commit 36540de
Show file tree
Hide file tree
Showing 3 changed files with 10 additions and 29 deletions.
2 changes: 1 addition & 1 deletion build.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -958,7 +958,7 @@ fn prefix_all_symbols(pp: char, prefix_prefix: &str, prefix: &str) -> String {
"p256_point_double",
"p256_point_mul",
"p256_point_mul_base",
"p256_points_mul_public",
"p256_point_mul_base_vartime",
"p256_scalar_mul_mont",
"p256_scalar_sqr_rep_mont",
"p256_sqr_mont",
Expand Down
11 changes: 2 additions & 9 deletions crypto/fipsmodule/ec/p256-nistz.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -284,11 +284,8 @@ void p256_point_mul_base(P256_POINT *r, const Limb scalar[P256_LIMBS]) {
limbs_copy(r->Z, p.Z, P256_LIMBS);
}

void p256_points_mul_public(P256_POINT *r,
const Limb g_scalar[P256_LIMBS],
const Limb p_scalar[P256_LIMBS],
const Limb p_x[P256_LIMBS],
const Limb p_y[P256_LIMBS]) {
void p256_point_mul_base_vartime(P256_POINT *r,
const Limb g_scalar[P256_LIMBS]) {
alignas(32) P256_POINT p;
uint8_t p_str[33];
OPENSSL_memcpy(p_str, g_scalar, 32);
Expand Down Expand Up @@ -336,10 +333,6 @@ void p256_points_mul_public(P256_POINT *r,
ecp_nistz256_point_add_affine(&p, &p, &t);
}

alignas(32) P256_POINT tmp;
ecp_nistz256_windowed_mul(&tmp, p_scalar, p_x, p_y);
ecp_nistz256_point_add(&p, &p, &tmp);

OPENSSL_memcpy(r->X, p.X, P256_LIMBS * sizeof(BN_ULONG));
OPENSSL_memcpy(r->Y, p.Y, P256_LIMBS * sizeof(BN_ULONG));
OPENSSL_memcpy(r->Z, p.Z, P256_LIMBS * sizeof(BN_ULONG));
Expand Down
26 changes: 7 additions & 19 deletions src/ec/suite_b/ops/p256.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -127,30 +127,18 @@ pub static PUBLIC_SCALAR_OPS: PublicScalarOps = PublicScalarOps {
};

#[cfg(any(target_arch = "aarch64", target_arch = "x86_64"))]
fn twin_mul_nistz256(
g_scalar: &Scalar,
p_scalar: &Scalar,
(p_x, p_y): &(Elem<R>, Elem<R>),
) -> Point {
fn twin_mul_nistz256(g_scalar: &Scalar, p_scalar: &Scalar, p_xy: &(Elem<R>, Elem<R>)) -> Point {
prefixed_extern! {
fn p256_points_mul_public(r: *mut Limb, // [3][COMMON_OPS.num_limbs]
g_scalar: *const Limb, // [COMMON_OPS.num_limbs]
p_scalar: *const Limb, // [COMMON_OPS.num_limbs]
p_x: *const Limb, // [COMMON_OPS.num_limbs]
p_y: *const Limb, // [COMMON_OPS.num_limbs]
fn p256_point_mul_base_vartime(r: *mut Limb, // [3][COMMON_OPS.num_limbs]
g_scalar: *const Limb, // [COMMON_OPS.num_limbs]
);
}
let mut r = Point::new_at_infinity();
let mut scaled_g = Point::new_at_infinity();
unsafe {
p256_points_mul_public(
r.xyz.as_mut_ptr(),
g_scalar.limbs.as_ptr(),
p_scalar.limbs.as_ptr(),
p_x.limbs.as_ptr(),
p_y.limbs.as_ptr(),
);
p256_point_mul_base_vartime(scaled_g.xyz.as_mut_ptr(), g_scalar.limbs.as_ptr());
}
r
let scaled_p = PRIVATE_KEY_OPS.point_mul(p_scalar, p_xy);
PRIVATE_KEY_OPS.common.point_sum(&scaled_g, &scaled_p)
}

pub static PRIVATE_SCALAR_OPS: PrivateScalarOps = PrivateScalarOps {
Expand Down

0 comments on commit 36540de

Please sign in to comment.