Skip to content

Commit

Permalink
Remove secp384 (issue #1335) as unused one.
Browse files Browse the repository at this point in the history 
Add comments for #1064.
  • Loading branch information
@krizhanovsky
krizhanovsky committed Jan 1, 2021
1 parent 5c40b07 commit 1a16214
Show file tree
Hide file tree
Showing 12 changed files with 32 additions and 1,433 deletions.
9 changes: 5 additions & 4 deletions tls/bignum.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -799,10 +799,8 @@ __mpi_mul(size_t n, const unsigned long *s, unsigned long *d, unsigned long b)
*
* All the arguments may reference the same MPI.
*
* TODO #1064 the function is used for squaring which is inefficient, so
* implement a normal squaring. (Gather statistics how many square calls
* and for which sizes).
* See "Speeding up Big-Numbers Squaring", S.Gueron and V.Krasnov, 2012.
* TODO #1064 replace the call with a faster implementation for ec_p256
* and move this for TODO #1335 for the rest of the calls.
*/
void
ttls_mpi_mul_mpi(TlsMpi *X, const TlsMpi *A, const TlsMpi *B)
Expand Down Expand Up @@ -1106,6 +1104,9 @@ __mpi_montg_init(unsigned long *mm, const TlsMpi *N)

/**
* Montgomery multiplication: A = A * B * R^-1 mod N (HAC 14.36).
*
* TODO #1335: this is used for modular exponentiation only, so repalce it with
* an adequate assembly implementation for the RSA handshakes.
*/
static int
__mpi_montmul(TlsMpi *A, const TlsMpi *B, const TlsMpi *N, unsigned long mm,
Expand Down
3 changes: 3 additions & 0 deletions tls/bignum_x86-64.S
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1359,6 +1359,9 @@ ENTRY_32(mpi_mul_mod_p256_x86_64_4)
ret
ENDPROC(mpi_mul_mod_p256_x86_64_4)

/**
* TODO #1064: See "Speeding up Big-Numbers Squaring", S.Gueron and V.Krasnov
*/
ENTRY_32(mpi_sqr_mod_p256_x86_64_4)
push %rbx
push %r12
Expand Down
28 changes: 8 additions & 20 deletions tls/ciphersuites.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -40,9 +40,6 @@ static union {
cs_mp_ecdhe_secp256 __page_aligned_data = {
.mp = { .curr = sizeof(TlsMpiPool) }
},
cs_mp_ecdhe_secp384 __page_aligned_data = {
.mp = { .curr = sizeof(TlsMpiPool) }
},
cs_mp_ecdhe_curve25519 __page_aligned_data = {
.mp = { .curr = sizeof(TlsMpiPool) }
},
Expand All @@ -55,52 +52,44 @@ static TlsCiphersuite ciphersuite_definitions[] = {
"TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256",
TTLS_CIPHER_AES_128_GCM, TTLS_MD_SHA256,
TTLS_KEY_EXCHANGE_ECDHE_ECDSA,
0, { &cs_mp_ecdhe_secp256.mp, &cs_mp_ecdhe_secp384.mp,
&cs_mp_ecdhe_curve25519.mp } },
0, { &cs_mp_ecdhe_secp256.mp, &cs_mp_ecdhe_curve25519.mp } },
{ TTLS_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
"TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384",
TTLS_CIPHER_AES_256_GCM, TTLS_MD_SHA384,
TTLS_KEY_EXCHANGE_ECDHE_ECDSA,
0, { &cs_mp_ecdhe_secp256.mp, &cs_mp_ecdhe_secp384.mp,
&cs_mp_ecdhe_curve25519.mp } },
0, { &cs_mp_ecdhe_secp256.mp, &cs_mp_ecdhe_curve25519.mp } },
{ TTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CCM,
"TLS-ECDHE-ECDSA-WITH-AES-256-CCM",
TTLS_CIPHER_AES_256_CCM, TTLS_MD_SHA256,
TTLS_KEY_EXCHANGE_ECDHE_ECDSA,
0, { &cs_mp_ecdhe_secp256.mp, &cs_mp_ecdhe_secp384.mp,
&cs_mp_ecdhe_curve25519.mp } },
0, { &cs_mp_ecdhe_secp256.mp, &cs_mp_ecdhe_curve25519.mp } },
{ TTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8,
"TLS-ECDHE-ECDSA-WITH-AES-256-CCM-8",
TTLS_CIPHER_AES_256_CCM, TTLS_MD_SHA256,
TTLS_KEY_EXCHANGE_ECDHE_ECDSA,
TTLS_CIPHERSUITE_SHORT_TAG,
{ &cs_mp_ecdhe_secp256.mp, &cs_mp_ecdhe_secp384.mp,
&cs_mp_ecdhe_curve25519.mp } },
{ &cs_mp_ecdhe_secp256.mp, &cs_mp_ecdhe_curve25519.mp } },
{ TTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CCM,
"TLS-ECDHE-ECDSA-WITH-AES-128-CCM",
TTLS_CIPHER_AES_128_CCM, TTLS_MD_SHA256,
TTLS_KEY_EXCHANGE_ECDHE_ECDSA,
0, { &cs_mp_ecdhe_secp256.mp, &cs_mp_ecdhe_secp384.mp,
&cs_mp_ecdhe_curve25519.mp } },
0, { &cs_mp_ecdhe_secp256.mp, &cs_mp_ecdhe_curve25519.mp } },
{ TTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8,
"TLS-ECDHE-ECDSA-WITH-AES-128-CCM-8",
TTLS_CIPHER_AES_128_CCM, TTLS_MD_SHA256,
TTLS_KEY_EXCHANGE_ECDHE_ECDSA,
TTLS_CIPHERSUITE_SHORT_TAG,
{ &cs_mp_ecdhe_secp256.mp, &cs_mp_ecdhe_secp384.mp,
&cs_mp_ecdhe_curve25519.mp } },
{ &cs_mp_ecdhe_secp256.mp, &cs_mp_ecdhe_curve25519.mp } },
{ TTLS_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
"TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256",
TTLS_CIPHER_AES_128_GCM, TTLS_MD_SHA256,
TTLS_KEY_EXCHANGE_ECDHE_RSA,
0, { &cs_mp_ecdhe_secp256.mp, &cs_mp_ecdhe_secp384.mp,
&cs_mp_ecdhe_curve25519.mp } },
0, { &cs_mp_ecdhe_secp256.mp, &cs_mp_ecdhe_curve25519.mp } },
{ TTLS_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
"TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384",
TTLS_CIPHER_AES_256_GCM, TTLS_MD_SHA384,
TTLS_KEY_EXCHANGE_ECDHE_RSA,
0, { &cs_mp_ecdhe_secp256.mp, &cs_mp_ecdhe_secp384.mp,
&cs_mp_ecdhe_curve25519.mp } },
0, { &cs_mp_ecdhe_secp256.mp, &cs_mp_ecdhe_curve25519.mp } },
{ TTLS_TLS_DHE_RSA_WITH_AES_256_GCM_SHA384,
"TLS-DHE-RSA-WITH-AES-256-GCM-SHA384",
TTLS_CIPHER_AES_256_GCM, TTLS_MD_SHA384,
Expand Down Expand Up @@ -151,7 +140,6 @@ ttls_ciphersuite_addr_mp(void *addr)
unsigned long x = (unsigned long)addr;

__CS_ADDR_MP(ecdhe_secp256, x);
__CS_ADDR_MP(ecdhe_secp384, x);
__CS_ADDR_MP(dhe, x);

return NULL;
Expand Down
1 change: 1 addition & 0 deletions tls/ec_25519.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,7 @@
* Tempesta TLS
*
* Elliptic curve 25519 (Montgomery).
* http://cr.yp.to/ecdh/curve25519-20060209.pdf
*
* TODO #1335: the slow and incomplete implementation is still based on mbed TLS.
*
Expand Down
10 changes: 9 additions & 1 deletion tls/ec_p256.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -14,7 +14,8 @@
*
* 4. RFC 8422 for the related TLS structures and constants
*
* 5. [Curve25519] http://cr.yp.to/ecdh/curve25519-20060209.pdf
* 5. J.W.Bos, P.L.Montgomery, "Montgomery Arithmetic from a Software
* Perspective", 2017.
*
* 6. Coron, Jean-S'ebastien. Resistance against differential power analysis
* for elliptic curve cryptosystems. In : Cryptographic Hardware and
Expand Down Expand Up @@ -348,6 +349,9 @@ ecp256_safe_cond_assign(unsigned long *x, unsigned long *y, unsigned char assign
* chapter "3 A Montgomery-friendly modulus".
* Probably we can reduce not all operations, since X + nP mod P = X mod P
* and the same for all the operations in the field.
*
* See _sp_256_mont_mul_avx2_4() from WolfSSL and
* __ecp_nistz256_mul_montx() from OpenSSL.
*/

static void
Expand Down Expand Up @@ -420,6 +424,10 @@ ecp256_mul(TlsMpi *X, const TlsMpi *A, const TlsMpi *B)
* - 4 modular reductions in worse case.
*
* @X must be at least G_LIMBS * 2 in size.
*
* TODO #1064 [5] we can not use the inversion with numbers in Montgormery
* representation as is, so need to multiply on R^3 or perform double
* reduction or use inversion for normal numbers only.
*/
static void
ecp256_inv_mod(TlsMpi *X, const TlsMpi *I, const TlsMpi *N)
Expand Down
Loading

0 comments on commit 1a16214

Please sign in to comment.