zzy/openssl
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Changes to resolve symbol conflict due to gf_mul

Browse Source 
CLA: trivial

Changed names of internal functions to resolve symbol conflict when Openssl is used with intel/ISA-L.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21421)
This commit is contained in:
Pankul94 2023-07-11 09:46:48 -07:00 committed by Pauli
parent ed6dfd1e36
commit 15e041b751
5 changed files with 107 additions and 107 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
crypto/ec/curve448/arch_32/f_impl32.c
View File

@ -21,7 +21,7 @@ NON_EMPTY_TRANSLATION_UNIT
# include "../field.h" # include "../field.h"
void gf_mul(gf_s * RESTRICT cs, const gf as, const gf bs) void ossl_gf_mul(gf_s * RESTRICT cs, const gf as, const gf bs)
{ {
const uint32_t *a = as->limb, *b = bs->limb; const uint32_t *a = as->limb, *b = bs->limb;
uint32_t *c = cs->limb; uint32_t *c = cs->limb;
@ -70,7 +70,7 @@ void gf_mul(gf_s * RESTRICT cs, const gf as, const gf bs)
c[1] += ((uint32_t)(accum1)); c[1] += ((uint32_t)(accum1));
} }
void gf_mulw_unsigned(gf_s * RESTRICT cs, const gf as, uint32_t b) void ossl_gf_mulw_unsigned(gf_s * RESTRICT cs, const gf as, uint32_t b)
{ {
const uint32_t *a = as->limb; const uint32_t *a = as->limb;
uint32_t *c = cs->limb; uint32_t *c = cs->limb;
@ -98,8 +98,8 @@ void gf_mulw_unsigned(gf_s * RESTRICT cs, const gf as, uint32_t b)
c[1] += (uint32_t)(accum8 >> 28); c[1] += (uint32_t)(accum8 >> 28);
} }
void gf_sqr(gf_s * RESTRICT cs, const gf as) void ossl_gf_sqr(gf_s * RESTRICT cs, const gf as)
{ {
gf_mul(cs, as, as); /* Performs better with a dedicated square */ ossl_gf_mul(cs, as, as); /* Performs better with a dedicated square */
} }
#endif #endif

6
crypto/ec/curve448/arch_64/f_impl64.c
View File

@ -21,7 +21,7 @@ NON_EMPTY_TRANSLATION_UNIT
# include "../field.h" # include "../field.h"
void gf_mul(gf_s * RESTRICT cs, const gf as, const gf bs) void ossl_gf_mul(gf_s * RESTRICT cs, const gf as, const gf bs)
{ {
const uint64_t *a = as->limb, *b = bs->limb; const uint64_t *a = as->limb, *b = bs->limb;
uint64_t *c = cs->limb; uint64_t *c = cs->limb;
@ -73,7 +73,7 @@ void gf_mul(gf_s * RESTRICT cs, const gf as, const gf bs)
c[1] += ((uint64_t)(accum1)); c[1] += ((uint64_t)(accum1));
} }
void gf_mulw_unsigned(gf_s * RESTRICT cs, const gf as, uint32_t b) void ossl_gf_mulw_unsigned(gf_s * RESTRICT cs, const gf as, uint32_t b)
{ {
const uint64_t *a = as->limb; const uint64_t *a = as->limb;
uint64_t *c = cs->limb; uint64_t *c = cs->limb;
@ -99,7 +99,7 @@ void gf_mulw_unsigned(gf_s * RESTRICT cs, const gf as, uint32_t b)
c[1] += accum4 >> 56; c[1] += accum4 >> 56;
} }
void gf_sqr(gf_s * RESTRICT cs, const gf as) void ossl_gf_sqr(gf_s * RESTRICT cs, const gf as)
{ {
const uint64_t *a = as->limb; const uint64_t *a = as->limb;
uint64_t *c = cs->limb; uint64_t *c = cs->limb;

144
crypto/ec/curve448/curve448.c
View File

@ -44,13 +44,13 @@ static void gf_invert(gf y, const gf x, int assert_nonzero)
mask_t ret; mask_t ret;
gf t1, t2; gf t1, t2;
gf_sqr(t1, x); /* o^2 */ ossl_gf_sqr(t1, x); /* o^2 */
ret = gf_isr(t2, t1); /* +-1/sqrt(o^2) = +-1/o */ ret = gf_isr(t2, t1); /* +-1/sqrt(o^2) = +-1/o */
(void)ret; (void)ret;
if (assert_nonzero) if (assert_nonzero)
assert(ret); assert(ret);
gf_sqr(t1, t2); ossl_gf_sqr(t1, t2);
gf_mul(t2, t1, x); /* not direct to y in case of alias. */ ossl_gf_mul(t2, t1, x); /* not direct to y in case of alias. */
gf_copy(y, t2); gf_copy(y, t2);
} }
@ -63,23 +63,23 @@ static void point_double_internal(curve448_point_t p, const curve448_point_t q,
{ {
gf a, b, c, d; gf a, b, c, d;
gf_sqr(c, q->x); ossl_gf_sqr(c, q->x);
gf_sqr(a, q->y); ossl_gf_sqr(a, q->y);
gf_add_nr(d, c, a); /* 2+e */ gf_add_nr(d, c, a); /* 2+e */
gf_add_nr(p->t, q->y, q->x); /* 2+e */ gf_add_nr(p->t, q->y, q->x); /* 2+e */
gf_sqr(b, p->t); ossl_gf_sqr(b, p->t);
gf_subx_nr(b, b, d, 3); /* 4+e */ gf_subx_nr(b, b, d, 3); /* 4+e */
gf_sub_nr(p->t, a, c); /* 3+e */ gf_sub_nr(p->t, a, c); /* 3+e */
gf_sqr(p->x, q->z); ossl_gf_sqr(p->x, q->z);
gf_add_nr(p->z, p->x, p->x); /* 2+e */ gf_add_nr(p->z, p->x, p->x); /* 2+e */
gf_subx_nr(a, p->z, p->t, 4); /* 6+e */ gf_subx_nr(a, p->z, p->t, 4); /* 6+e */
if (GF_HEADROOM == 5) if (GF_HEADROOM == 5)
gf_weak_reduce(a); /* or 1+e */ gf_weak_reduce(a); /* or 1+e */
gf_mul(p->x, a, b); ossl_gf_mul(p->x, a, b);
gf_mul(p->z, p->t, a); ossl_gf_mul(p->z, p->t, a);
gf_mul(p->y, p->t, d); ossl_gf_mul(p->y, p->t, d);
if (!before_double) if (!before_double)
gf_mul(p->t, b, d); ossl_gf_mul(p->t, b, d);
} }
void ossl_curve448_point_double(curve448_point_t p, const curve448_point_t q) void ossl_curve448_point_double(curve448_point_t p, const curve448_point_t q)
@ -108,17 +108,17 @@ static void pniels_to_pt(curve448_point_t e, const pniels_t d)
gf_add(eu, d->n->b, d->n->a); gf_add(eu, d->n->b, d->n->a);
gf_sub(e->y, d->n->b, d->n->a); gf_sub(e->y, d->n->b, d->n->a);
gf_mul(e->t, e->y, eu); ossl_gf_mul(e->t, e->y, eu);
gf_mul(e->x, d->z, e->y); ossl_gf_mul(e->x, d->z, e->y);
gf_mul(e->y, d->z, eu); ossl_gf_mul(e->y, d->z, eu);
gf_sqr(e->z, d->z); ossl_gf_sqr(e->z, d->z);
} }
static void niels_to_pt(curve448_point_t e, const niels_t n) static void niels_to_pt(curve448_point_t e, const niels_t n)
{ {
gf_add(e->y, n->b, n->a); gf_add(e->y, n->b, n->a);
gf_sub(e->x, n->b, n->a); gf_sub(e->x, n->b, n->a);
gf_mul(e->t, e->y, e->x); ossl_gf_mul(e->t, e->y, e->x);
gf_copy(e->z, ONE); gf_copy(e->z, ONE);
} }
@ -128,19 +128,19 @@ static void add_niels_to_pt(curve448_point_t d, const niels_t e,
gf a, b, c; gf a, b, c;
gf_sub_nr(b, d->y, d->x); /* 3+e */ gf_sub_nr(b, d->y, d->x); /* 3+e */
gf_mul(a, e->a, b); ossl_gf_mul(a, e->a, b);
gf_add_nr(b, d->x, d->y); /* 2+e */ gf_add_nr(b, d->x, d->y); /* 2+e */
gf_mul(d->y, e->b, b); ossl_gf_mul(d->y, e->b, b);
gf_mul(d->x, e->c, d->t); ossl_gf_mul(d->x, e->c, d->t);
gf_add_nr(c, a, d->y); /* 2+e */ gf_add_nr(c, a, d->y); /* 2+e */
gf_sub_nr(b, d->y, a); /* 3+e */ gf_sub_nr(b, d->y, a); /* 3+e */
gf_sub_nr(d->y, d->z, d->x); /* 3+e */ gf_sub_nr(d->y, d->z, d->x); /* 3+e */
gf_add_nr(a, d->x, d->z); /* 2+e */ gf_add_nr(a, d->x, d->z); /* 2+e */
gf_mul(d->z, a, d->y); ossl_gf_mul(d->z, a, d->y);
gf_mul(d->x, d->y, b); ossl_gf_mul(d->x, d->y, b);
gf_mul(d->y, a, c); ossl_gf_mul(d->y, a, c);
if (!before_double) if (!before_double)
gf_mul(d->t, b, c); ossl_gf_mul(d->t, b, c);
} }
static void sub_niels_from_pt(curve448_point_t d, const niels_t e, static void sub_niels_from_pt(curve448_point_t d, const niels_t e,
@ -149,19 +149,19 @@ static void sub_niels_from_pt(curve448_point_t d, const niels_t e,
gf a, b, c; gf a, b, c;
gf_sub_nr(b, d->y, d->x); /* 3+e */ gf_sub_nr(b, d->y, d->x); /* 3+e */
gf_mul(a, e->b, b); ossl_gf_mul(a, e->b, b);
gf_add_nr(b, d->x, d->y); /* 2+e */ gf_add_nr(b, d->x, d->y); /* 2+e */
gf_mul(d->y, e->a, b); ossl_gf_mul(d->y, e->a, b);
gf_mul(d->x, e->c, d->t); ossl_gf_mul(d->x, e->c, d->t);
gf_add_nr(c, a, d->y); /* 2+e */ gf_add_nr(c, a, d->y); /* 2+e */
gf_sub_nr(b, d->y, a); /* 3+e */ gf_sub_nr(b, d->y, a); /* 3+e */
gf_add_nr(d->y, d->z, d->x); /* 2+e */ gf_add_nr(d->y, d->z, d->x); /* 2+e */
gf_sub_nr(a, d->z, d->x); /* 3+e */ gf_sub_nr(a, d->z, d->x); /* 3+e */
gf_mul(d->z, a, d->y); ossl_gf_mul(d->z, a, d->y);
gf_mul(d->x, d->y, b); ossl_gf_mul(d->x, d->y, b);
gf_mul(d->y, a, c); ossl_gf_mul(d->y, a, c);
if (!before_double) if (!before_double)
gf_mul(d->t, b, c); ossl_gf_mul(d->t, b, c);
} }
static void add_pniels_to_pt(curve448_point_t p, const pniels_t pn, static void add_pniels_to_pt(curve448_point_t p, const pniels_t pn,
@ -169,7 +169,7 @@ static void add_pniels_to_pt(curve448_point_t p, const pniels_t pn,
{ {
gf L0; gf L0;
gf_mul(L0, p->z, pn->z); ossl_gf_mul(L0, p->z, pn->z);
gf_copy(p->z, L0); gf_copy(p->z, L0);
add_niels_to_pt(p, pn->n, before_double); add_niels_to_pt(p, pn->n, before_double);
} }
@ -179,7 +179,7 @@ static void sub_pniels_from_pt(curve448_point_t p, const pniels_t pn,
{ {
gf L0; gf L0;
gf_mul(L0, p->z, pn->z); ossl_gf_mul(L0, p->z, pn->z);
gf_copy(p->z, L0); gf_copy(p->z, L0);
sub_niels_from_pt(p, pn->n, before_double); sub_niels_from_pt(p, pn->n, before_double);
} }
@ -192,8 +192,8 @@ ossl_curve448_point_eq(const curve448_point_t p,
gf a, b; gf a, b;
/* equality mod 2-torsion compares x/y */ /* equality mod 2-torsion compares x/y */
gf_mul(a, p->y, q->x); ossl_gf_mul(a, p->y, q->x);
gf_mul(b, q->y, p->x); ossl_gf_mul(b, q->y, p->x);
succ = gf_eq(a, b); succ = gf_eq(a, b);
return mask_to_bool(succ); return mask_to_bool(succ);
@ -205,15 +205,15 @@ ossl_curve448_point_valid(const curve448_point_t p)
mask_t out; mask_t out;
gf a, b, c; gf a, b, c;
gf_mul(a, p->x, p->y); ossl_gf_mul(a, p->x, p->y);
gf_mul(b, p->z, p->t); ossl_gf_mul(b, p->z, p->t);
out = gf_eq(a, b); out = gf_eq(a, b);
gf_sqr(a, p->x); ossl_gf_sqr(a, p->x);
gf_sqr(b, p->y); ossl_gf_sqr(b, p->y);
gf_sub(a, b, a); gf_sub(a, b, a);
gf_sqr(b, p->t); ossl_gf_sqr(b, p->t);
gf_mulw(c, b, TWISTED_D); gf_mulw(c, b, TWISTED_D);
gf_sqr(b, p->z); ossl_gf_sqr(b, p->z);
gf_add(b, b, c); gf_add(b, b, c);
out &= gf_eq(a, b); out &= gf_eq(a, b);
out &= ~gf_eq(p->z, ZERO); out &= ~gf_eq(p->z, ZERO);
@ -290,26 +290,26 @@ ossl_curve448_point_mul_by_ratio_and_encode_like_eddsa(
/* 4-isogeny: 2xy/(y^+x^2), (y^2-x^2)/(2z^2-y^2+x^2) */ /* 4-isogeny: 2xy/(y^+x^2), (y^2-x^2)/(2z^2-y^2+x^2) */
gf u; gf u;
gf_sqr(x, q->x); ossl_gf_sqr(x, q->x);
gf_sqr(t, q->y); ossl_gf_sqr(t, q->y);
gf_add(u, x, t); gf_add(u, x, t);
gf_add(z, q->y, q->x); gf_add(z, q->y, q->x);
gf_sqr(y, z); ossl_gf_sqr(y, z);
gf_sub(y, y, u); gf_sub(y, y, u);
gf_sub(z, t, x); gf_sub(z, t, x);
gf_sqr(x, q->z); ossl_gf_sqr(x, q->z);
gf_add(t, x, x); gf_add(t, x, x);
gf_sub(t, t, z); gf_sub(t, t, z);
gf_mul(x, t, y); ossl_gf_mul(x, t, y);
gf_mul(y, z, u); ossl_gf_mul(y, z, u);
gf_mul(z, u, t); ossl_gf_mul(z, u, t);
OPENSSL_cleanse(u, sizeof(u)); OPENSSL_cleanse(u, sizeof(u));
} }
/* Affinize */ /* Affinize */
gf_invert(z, z, 1); gf_invert(z, z, 1);
gf_mul(t, x, z); ossl_gf_mul(t, x, z);
gf_mul(x, y, z); ossl_gf_mul(x, y, z);
/* Encode */ /* Encode */
enc[EDDSA_448_PRIVATE_BYTES - 1] = 0; enc[EDDSA_448_PRIVATE_BYTES - 1] = 0;
@ -340,15 +340,15 @@ ossl_curve448_point_decode_like_eddsa_and_mul_by_ratio(
succ = gf_deserialize(p->y, enc2, 1, 0); succ = gf_deserialize(p->y, enc2, 1, 0);
succ &= word_is_zero(enc2[EDDSA_448_PRIVATE_BYTES - 1]); succ &= word_is_zero(enc2[EDDSA_448_PRIVATE_BYTES - 1]);
gf_sqr(p->x, p->y); ossl_gf_sqr(p->x, p->y);
gf_sub(p->z, ONE, p->x); /* num = 1-y^2 */ gf_sub(p->z, ONE, p->x); /* num = 1-y^2 */
gf_mulw(p->t, p->x, EDWARDS_D); /* dy^2 */ gf_mulw(p->t, p->x, EDWARDS_D); /* dy^2 */
gf_sub(p->t, ONE, p->t); /* denom = 1-dy^2 or 1-d + dy^2 */ gf_sub(p->t, ONE, p->t); /* denom = 1-dy^2 or 1-d + dy^2 */
gf_mul(p->x, p->z, p->t); ossl_gf_mul(p->x, p->z, p->t);
succ &= gf_isr(p->t, p->x); /* 1/sqrt(num * denom) */ succ &= gf_isr(p->t, p->x); /* 1/sqrt(num * denom) */
gf_mul(p->x, p->t, p->z); /* sqrt(num / denom) */ ossl_gf_mul(p->x, p->t, p->z); /* sqrt(num / denom) */
gf_cond_neg(p->x, gf_lobit(p->x) ^ low); gf_cond_neg(p->x, gf_lobit(p->x) ^ low);
gf_copy(p->z, ONE); gf_copy(p->z, ONE);
@ -356,20 +356,20 @@ ossl_curve448_point_decode_like_eddsa_and_mul_by_ratio(
gf a, b, c, d; gf a, b, c, d;
/* 4-isogeny 2xy/(y^2-ax^2), (y^2+ax^2)/(2-y^2-ax^2) */ /* 4-isogeny 2xy/(y^2-ax^2), (y^2+ax^2)/(2-y^2-ax^2) */
gf_sqr(c, p->x); ossl_gf_sqr(c, p->x);
gf_sqr(a, p->y); ossl_gf_sqr(a, p->y);
gf_add(d, c, a); gf_add(d, c, a);
gf_add(p->t, p->y, p->x); gf_add(p->t, p->y, p->x);
gf_sqr(b, p->t); ossl_gf_sqr(b, p->t);
gf_sub(b, b, d); gf_sub(b, b, d);
gf_sub(p->t, a, c); gf_sub(p->t, a, c);
gf_sqr(p->x, p->z); ossl_gf_sqr(p->x, p->z);
gf_add(p->z, p->x, p->x); gf_add(p->z, p->x, p->x);
gf_sub(a, p->z, d); gf_sub(a, p->z, d);
gf_mul(p->x, a, b); ossl_gf_mul(p->x, a, b);
gf_mul(p->z, p->t, a); ossl_gf_mul(p->z, p->t, a);
gf_mul(p->y, p->t, d); ossl_gf_mul(p->y, p->t, d);
gf_mul(p->t, b, d); ossl_gf_mul(p->t, b, d);
OPENSSL_cleanse(a, sizeof(a)); OPENSSL_cleanse(a, sizeof(a));
OPENSSL_cleanse(b, sizeof(b)); OPENSSL_cleanse(b, sizeof(b));
OPENSSL_cleanse(c, sizeof(c)); OPENSSL_cleanse(c, sizeof(c));
@ -424,30 +424,30 @@ ossl_x448_int(uint8_t out[X_PUBLIC_BYTES],
gf_add_nr(t1, x2, z2); /* A = x2 + z2 */ /* 2+e */ gf_add_nr(t1, x2, z2); /* A = x2 + z2 */ /* 2+e */
gf_sub_nr(t2, x2, z2); /* B = x2 - z2 */ /* 3+e */ gf_sub_nr(t2, x2, z2); /* B = x2 - z2 */ /* 3+e */
gf_sub_nr(z2, x3, z3); /* D = x3 - z3 */ /* 3+e */ gf_sub_nr(z2, x3, z3); /* D = x3 - z3 */ /* 3+e */
gf_mul(x2, t1, z2); /* DA */ ossl_gf_mul(x2, t1, z2); /* DA */
gf_add_nr(z2, z3, x3); /* C = x3 + z3 */ /* 2+e */ gf_add_nr(z2, z3, x3); /* C = x3 + z3 */ /* 2+e */
gf_mul(x3, t2, z2); /* CB */ ossl_gf_mul(x3, t2, z2); /* CB */
gf_sub_nr(z3, x2, x3); /* DA-CB */ /* 3+e */ gf_sub_nr(z3, x2, x3); /* DA-CB */ /* 3+e */
gf_sqr(z2, z3); /* (DA-CB)^2 */ ossl_gf_sqr(z2, z3); /* (DA-CB)^2 */
gf_mul(z3, x1, z2); /* z3 = x1(DA-CB)^2 */ ossl_gf_mul(z3, x1, z2); /* z3 = x1(DA-CB)^2 */
gf_add_nr(z2, x2, x3); /* (DA+CB) */ /* 2+e */ gf_add_nr(z2, x2, x3); /* (DA+CB) */ /* 2+e */
gf_sqr(x3, z2); /* x3 = (DA+CB)^2 */ ossl_gf_sqr(x3, z2); /* x3 = (DA+CB)^2 */
gf_sqr(z2, t1); /* AA = A^2 */ ossl_gf_sqr(z2, t1); /* AA = A^2 */
gf_sqr(t1, t2); /* BB = B^2 */ ossl_gf_sqr(t1, t2); /* BB = B^2 */
gf_mul(x2, z2, t1); /* x2 = AA*BB */ ossl_gf_mul(x2, z2, t1); /* x2 = AA*BB */
gf_sub_nr(t2, z2, t1); /* E = AA-BB */ /* 3+e */ gf_sub_nr(t2, z2, t1); /* E = AA-BB */ /* 3+e */
gf_mulw(t1, t2, -EDWARDS_D); /* E*-d = a24*E */ gf_mulw(t1, t2, -EDWARDS_D); /* E*-d = a24*E */
gf_add_nr(t1, t1, z2); /* AA + a24*E */ /* 2+e */ gf_add_nr(t1, t1, z2); /* AA + a24*E */ /* 2+e */
gf_mul(z2, t2, t1); /* z2 = E(AA+a24*E) */ ossl_gf_mul(z2, t2, t1); /* z2 = E(AA+a24*E) */
} }
/* Finish */ /* Finish */
gf_cond_swap(x2, x3, swap); gf_cond_swap(x2, x3, swap);
gf_cond_swap(z2, z3, swap); gf_cond_swap(z2, z3, swap);
gf_invert(z2, z2, 0); gf_invert(z2, z2, 0);
gf_mul(x1, x2, z2); ossl_gf_mul(x1, x2, z2);
gf_serialize(out, x1, 1); gf_serialize(out, x1, 1);
nz = ~gf_eq(x1, ZERO); nz = ~gf_eq(x1, ZERO);
@ -471,8 +471,8 @@ ossl_curve448_point_mul_by_ratio_and_encode_like_x448(uint8_t
curve448_point_copy(q, p); curve448_point_copy(q, p);
gf_invert(q->t, q->x, 0); /* 1/x */ gf_invert(q->t, q->x, 0); /* 1/x */
gf_mul(q->z, q->t, q->y); /* y/x */ ossl_gf_mul(q->z, q->t, q->y); /* y/x */
gf_sqr(q->y, q->z); /* (y/x)^2 */ ossl_gf_sqr(q->y, q->z); /* (y/x)^2 */
gf_serialize(out, q->y, 1); gf_serialize(out, q->y, 1);
ossl_curve448_point_destroy(q); ossl_curve448_point_destroy(q);
} }

36
crypto/ec/curve448/f_generic.c
View File

@ -173,32 +173,32 @@ mask_t gf_isr(gf a, const gf x)
{ {
gf L0, L1, L2; gf L0, L1, L2;
gf_sqr(L1, x); ossl_gf_sqr(L1, x);
gf_mul(L2, x, L1); ossl_gf_mul(L2, x, L1);
gf_sqr(L1, L2); ossl_gf_sqr(L1, L2);
gf_mul(L2, x, L1); ossl_gf_mul(L2, x, L1);
gf_sqrn(L1, L2, 3); gf_sqrn(L1, L2, 3);
gf_mul(L0, L2, L1); ossl_gf_mul(L0, L2, L1);
gf_sqrn(L1, L0, 3); gf_sqrn(L1, L0, 3);
gf_mul(L0, L2, L1); ossl_gf_mul(L0, L2, L1);
gf_sqrn(L2, L0, 9); gf_sqrn(L2, L0, 9);
gf_mul(L1, L0, L2); ossl_gf_mul(L1, L0, L2);
gf_sqr(L0, L1); ossl_gf_sqr(L0, L1);
gf_mul(L2, x, L0); ossl_gf_mul(L2, x, L0);
gf_sqrn(L0, L2, 18); gf_sqrn(L0, L2, 18);
gf_mul(L2, L1, L0); ossl_gf_mul(L2, L1, L0);
gf_sqrn(L0, L2, 37); gf_sqrn(L0, L2, 37);
gf_mul(L1, L2, L0); ossl_gf_mul(L1, L2, L0);
gf_sqrn(L0, L1, 37); gf_sqrn(L0, L1, 37);
gf_mul(L1, L2, L0); ossl_gf_mul(L1, L2, L0);
gf_sqrn(L0, L1, 111); gf_sqrn(L0, L1, 111);
gf_mul(L2, L1, L0); ossl_gf_mul(L2, L1, L0);
gf_sqr(L0, L2); ossl_gf_sqr(L0, L2);
gf_mul(L1, x, L0); ossl_gf_mul(L1, x, L0);
gf_sqrn(L0, L1, 223); gf_sqrn(L0, L1, 223);
gf_mul(L1, L2, L0); ossl_gf_mul(L1, L2, L0);
gf_sqr(L2, L1); ossl_gf_sqr(L2, L1);
gf_mul(L0, L2, x); ossl_gf_mul(L0, L2, x);
gf_copy(a, L1); gf_copy(a, L1);
return gf_eq(L0, ONE); return gf_eq(L0, ONE);
} }

20
crypto/ec/curve448/field.h
View File

@ -54,9 +54,9 @@ static INLINE_UNUSED void gf_weak_reduce(gf inout);
void gf_strong_reduce(gf inout); void gf_strong_reduce(gf inout);
void gf_add(gf out, const gf a, const gf b); void gf_add(gf out, const gf a, const gf b);
void gf_sub(gf out, const gf a, const gf b); void gf_sub(gf out, const gf a, const gf b);
void gf_mul(gf_s * RESTRICT out, const gf a, const gf b); void ossl_gf_mul(gf_s * RESTRICT out, const gf a, const gf b);
void gf_mulw_unsigned(gf_s * RESTRICT out, const gf a, uint32_t b); void ossl_gf_mulw_unsigned(gf_s * RESTRICT out, const gf a, uint32_t b);
void gf_sqr(gf_s * RESTRICT out, const gf a); void ossl_gf_sqr(gf_s * RESTRICT out, const gf a);
mask_t gf_isr(gf a, const gf x); /** a^2 x = 1, QNR, or 0 if x=0. Return true if successful */ mask_t gf_isr(gf a, const gf x); /** a^2 x = 1, QNR, or 0 if x=0. Return true if successful */
mask_t gf_eq(const gf x, const gf y); mask_t gf_eq(const gf x, const gf y);
mask_t gf_lobit(const gf x); mask_t gf_lobit(const gf x);
@ -85,16 +85,16 @@ static ossl_inline void gf_sqrn(gf_s * RESTRICT y, const gf x, int n)
assert(n > 0); assert(n > 0);
if (n & 1) { if (n & 1) {
gf_sqr(y, x); ossl_gf_sqr(y, x);
n--; n--;
} else { } else {
gf_sqr(tmp, x); ossl_gf_sqr(tmp, x);
gf_sqr(y, tmp); ossl_gf_sqr(y, tmp);
n -= 2; n -= 2;
} }
for (; n; n -= 2) { for (; n; n -= 2) {
gf_sqr(tmp, y); ossl_gf_sqr(tmp, y);
gf_sqr(y, tmp); ossl_gf_sqr(y, tmp);
} }
} }
@ -122,9 +122,9 @@ static ossl_inline void gf_subx_nr(gf c, const gf a, const gf b, int amt)
static ossl_inline void gf_mulw(gf c, const gf a, int32_t w) static ossl_inline void gf_mulw(gf c, const gf a, int32_t w)
{ {
if (w > 0) { if (w > 0) {
gf_mulw_unsigned(c, a, w); ossl_gf_mulw_unsigned(c, a, w);
} else { } else {
gf_mulw_unsigned(c, a, -w); ossl_gf_mulw_unsigned(c, a, -w);
gf_sub(c, ZERO, c); gf_sub(c, ZERO, c);
} }
} }