diff --git a/build.rs b/build.rs index 5c328aa35b..a1e1f41d81 100644 --- a/build.rs +++ b/build.rs @@ -958,6 +958,7 @@ fn prefix_all_symbols(pp: char, prefix_prefix: &str, prefix: &str) -> String { "p256_point_double", "p256_point_mul", "p256_point_mul_base", + "p256_points_mul_public", "p256_scalar_mul_mont", "p256_scalar_sqr_rep_mont", "p256_sqr_mont", diff --git a/crypto/fipsmodule/ec/p256-nistz.c b/crypto/fipsmodule/ec/p256-nistz.c index abd7739e9e..f0fc61424d 100644 --- a/crypto/fipsmodule/ec/p256-nistz.c +++ b/crypto/fipsmodule/ec/p256-nistz.c @@ -284,18 +284,14 @@ void p256_point_mul_base(P256_POINT *r, const Limb scalar[P256_LIMBS]) { limbs_copy(r->Z, p.Z, P256_LIMBS); } -#if 0 - -static void ecp_nistz256_points_mul_public(const EC_GROUP *group, - EC_JACOBIAN *r, - const EC_SCALAR *g_scalar, - const EC_JACOBIAN *p_, - const EC_SCALAR *p_scalar) { - assert(p_ != NULL && p_scalar != NULL && g_scalar != NULL); - +void p256_points_mul_public(P256_POINT *r, + const Limb g_scalar[P256_LIMBS], + const Limb p_scalar[P256_LIMBS], + const Limb p_x[P256_LIMBS], + const Limb p_y[P256_LIMBS]) { alignas(32) P256_POINT p; uint8_t p_str[33]; - OPENSSL_memcpy(p_str, g_scalar->words, 32); + OPENSSL_memcpy(p_str, g_scalar, 32); p_str[32] = 0; // First window @@ -341,15 +337,12 @@ static void ecp_nistz256_points_mul_public(const EC_GROUP *group, } alignas(32) P256_POINT tmp; - ecp_nistz256_windowed_mul(group, &tmp, p_, p_scalar); + ecp_nistz256_windowed_mul(&tmp, p_scalar, p_x, p_y); ecp_nistz256_point_add(&p, &p, &tmp); - assert(group->field.N.width == P256_LIMBS); - OPENSSL_memcpy(r->X.words, p.X, P256_LIMBS * sizeof(BN_ULONG)); - OPENSSL_memcpy(r->Y.words, p.Y, P256_LIMBS * sizeof(BN_ULONG)); - OPENSSL_memcpy(r->Z.words, p.Z, P256_LIMBS * sizeof(BN_ULONG)); + OPENSSL_memcpy(r->X, p.X, P256_LIMBS * sizeof(BN_ULONG)); + OPENSSL_memcpy(r->Y, p.Y, P256_LIMBS * sizeof(BN_ULONG)); + OPENSSL_memcpy(r->Z, p.Z, P256_LIMBS * sizeof(BN_ULONG)); } -#endif - #endif /* defined(OPENSSL_USE_NISTZ256) */ diff --git a/src/ec/suite_b/ops/p256.rs b/src/ec/suite_b/ops/p256.rs index 86553d921b..dfa42ed4eb 100644 --- a/src/ec/suite_b/ops/p256.rs +++ b/src/ec/suite_b/ops/p256.rs @@ -114,6 +114,11 @@ pub static SCALAR_OPS: ScalarOps = ScalarOps { pub static PUBLIC_SCALAR_OPS: PublicScalarOps = PublicScalarOps { scalar_ops: &SCALAR_OPS, public_key_ops: &PUBLIC_KEY_OPS, + + #[cfg(any(target_arch = "aarch64", target_arch = "x86_64"))] + twin_mul: twin_mul_nistz256, + + #[cfg(not(any(target_arch = "aarch64", target_arch = "x86_64")))] twin_mul: |g_scalar, p_scalar, p_xy| { super::twin_mul_inefficient(&PRIVATE_KEY_OPS, g_scalar, p_scalar, p_xy) }, @@ -121,6 +126,24 @@ pub static PUBLIC_SCALAR_OPS: PublicScalarOps = PublicScalarOps { q_minus_n: Elem::from_hex("4319055358e8617b0c46353d039cdaae"), }; +#[cfg(any(target_arch = "aarch64", target_arch = "x86_64"))] +fn twin_mul_nistz256(g_scalar: &Scalar, p_scalar: &Scalar, (p_x, p_y): &(Elem, Elem)) -> Point { + prefixed_extern! { + fn p256_points_mul_public(r: *mut Limb, // [3][COMMON_OPS.num_limbs] + g_scalar: *const Limb, // [COMMON_OPS.num_limbs] + p_scalar: *const Limb, // [COMMON_OPS.num_limbs] + p_x: *const Limb, // [COMMON_OPS.num_limbs] + p_y: *const Limb, // [COMMON_OPS.num_limbs] + ); + } + let mut r = Point::new_at_infinity(); + unsafe { + p256_points_mul_public(r.xyz.as_mut_ptr(), g_scalar.limbs.as_ptr(), + p_scalar.limbs.as_ptr(), p_x.limbs.as_ptr(), p_y.limbs.as_ptr()); + } + r +} + pub static PRIVATE_SCALAR_OPS: PrivateScalarOps = PrivateScalarOps { scalar_ops: &SCALAR_OPS, @@ -273,7 +296,6 @@ prefixed_extern! { p_x: *const Limb, // [COMMON_OPS.num_limbs] p_y: *const Limb, // [COMMON_OPS.num_limbs] ); - fn p256_scalar_mul_mont( r: *mut Limb, // [COMMON_OPS.num_limbs] a: *const Limb, // [COMMON_OPS.num_limbs]