Skip to content

Commit 8167d16

Browse files
Merge pull request #10727 from SparkiDev/thumb2_x25519_fix
Thumb2 X25519: Fix to do full reduction
2 parents c2a8f77 + ad85f49 commit 8167d16

2 files changed

Lines changed: 70 additions & 8 deletions

File tree

wolfcrypt/src/port/arm/thumb2-curve25519.S

Lines changed: 36 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -2933,10 +2933,33 @@ L_curve25519_inv_8:
29332933
LDR r1, [sp, #160]
29342934
LDR r0, [sp, #160]
29352935
BL fe_mul_op
2936+
/* Ensure result is less than modulus */
2937+
LDR r0, [sp, #160]
2938+
LDM r0, {r4, r5, r6, r7, r8, r9, r10, r11}
2939+
ADDS r2, r4, #0x13
2940+
ADCS r2, r5, #0x0
2941+
ADCS r2, r6, #0x0
2942+
ADCS r2, r7, #0x0
2943+
ADCS r2, r8, #0x0
2944+
ADCS r2, r9, #0x0
2945+
ADCS r2, r10, #0x0
2946+
ADC r2, r11, #0x0
2947+
ASR r2, r2, #31
2948+
AND r2, r2, #0x13
2949+
ADDS r4, r4, r2
2950+
ADCS r5, r5, #0x0
2951+
ADCS r6, r6, #0x0
2952+
ADCS r7, r7, #0x0
2953+
ADCS r8, r8, #0x0
2954+
ADCS r9, r9, #0x0
2955+
ADCS r10, r10, #0x0
2956+
ADC r11, r11, #0x0
2957+
BFC r11, #31, #1
2958+
STM r0, {r4, r5, r6, r7, r8, r9, r10, r11}
29362959
MOV r0, #0x0
29372960
ADD sp, sp, #0xbc
29382961
POP {r4, r5, r6, r7, r8, r9, r10, r11, pc}
2939-
/* Cycle Count = 682 */
2962+
/* Cycle Count = 721 */
29402963
.size curve25519,.-curve25519
29412964
#else
29422965
.text
@@ -3253,22 +3276,30 @@ L_curve25519_inv_8:
32533276
/* Ensure result is less than modulus */
32543277
LDR r0, [sp, #176]
32553278
LDM r0, {r4, r5, r6, r7, r8, r9, r10, r11}
3256-
MOV r2, #0x13
3257-
AND r2, r2, r11, ASR #31
3279+
ADDS r2, r4, #0x13
3280+
ADCS r2, r5, #0x0
3281+
ADCS r2, r6, #0x0
3282+
ADCS r2, r7, #0x0
3283+
ADCS r2, r8, #0x0
3284+
ADCS r2, r9, #0x0
3285+
ADCS r2, r10, #0x0
3286+
ADC r2, r11, #0x0
3287+
ASR r2, r2, #31
3288+
AND r2, r2, #0x13
32583289
ADDS r4, r4, r2
32593290
ADCS r5, r5, #0x0
32603291
ADCS r6, r6, #0x0
32613292
ADCS r7, r7, #0x0
32623293
ADCS r8, r8, #0x0
32633294
ADCS r9, r9, #0x0
3264-
BFC r11, #31, #1
32653295
ADCS r10, r10, #0x0
32663296
ADC r11, r11, #0x0
3297+
BFC r11, #31, #1
32673298
STM r0, {r4, r5, r6, r7, r8, r9, r10, r11}
32683299
MOV r0, #0x0
32693300
ADD sp, sp, #0xc0
32703301
POP {r4, r5, r6, r7, r8, r9, r10, r11, pc}
3271-
/* Cycle Count = 589 */
3302+
/* Cycle Count = 597 */
32723303
.size curve25519,.-curve25519
32733304
#endif /* WC_NO_CACHE_RESISTANT */
32743305
#endif /* HAVE_CURVE25519 */

wolfcrypt/src/port/arm/thumb2-curve25519_c.c

Lines changed: 34 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -3372,6 +3372,29 @@ WC_OMIT_FRAME_POINTER int curve25519(byte* r, const byte* n, const byte* a)
33723372
"LDR r1, [sp, #160]\n\t"
33733373
"LDR r0, [sp, #160]\n\t"
33743374
"BL fe_mul_op\n\t"
3375+
/* Ensure result is less than modulus */
3376+
"LDR %[r], [sp, #160]\n\t"
3377+
"LDM %[r], {r4, r5, r6, r7, r8, r9, r10, r11}\n\t"
3378+
"ADDS %[a], r4, #0x13\n\t"
3379+
"ADCS %[a], r5, #0x0\n\t"
3380+
"ADCS %[a], r6, #0x0\n\t"
3381+
"ADCS %[a], r7, #0x0\n\t"
3382+
"ADCS %[a], r8, #0x0\n\t"
3383+
"ADCS %[a], r9, #0x0\n\t"
3384+
"ADCS %[a], r10, #0x0\n\t"
3385+
"ADC %[a], r11, #0x0\n\t"
3386+
"ASR %[a], %[a], #31\n\t"
3387+
"AND %[a], %[a], #0x13\n\t"
3388+
"ADDS r4, r4, %[a]\n\t"
3389+
"ADCS r5, r5, #0x0\n\t"
3390+
"ADCS r6, r6, #0x0\n\t"
3391+
"ADCS r7, r7, #0x0\n\t"
3392+
"ADCS r8, r8, #0x0\n\t"
3393+
"ADCS r9, r9, #0x0\n\t"
3394+
"ADCS r10, r10, #0x0\n\t"
3395+
"ADC r11, r11, #0x0\n\t"
3396+
"BFC r11, #31, #1\n\t"
3397+
"STM %[r], {r4, r5, r6, r7, r8, r9, r10, r11}\n\t"
33753398
"MOV r0, #0x0\n\t"
33763399
"ADD sp, sp, #0xbc\n\t"
33773400
#ifndef WOLFSSL_NO_VAR_ASSIGN_REG
@@ -3773,17 +3796,25 @@ WC_OMIT_FRAME_POINTER int curve25519(byte* r, const byte* n, const byte* a)
37733796
/* Ensure result is less than modulus */
37743797
"LDR %[r], [sp, #176]\n\t"
37753798
"LDM %[r], {r4, r5, r6, r7, r8, r9, r10, r11}\n\t"
3776-
"MOV %[a], #0x13\n\t"
3777-
"AND %[a], %[a], r11, ASR #31\n\t"
3799+
"ADDS %[a], r4, #0x13\n\t"
3800+
"ADCS %[a], r5, #0x0\n\t"
3801+
"ADCS %[a], r6, #0x0\n\t"
3802+
"ADCS %[a], r7, #0x0\n\t"
3803+
"ADCS %[a], r8, #0x0\n\t"
3804+
"ADCS %[a], r9, #0x0\n\t"
3805+
"ADCS %[a], r10, #0x0\n\t"
3806+
"ADC %[a], r11, #0x0\n\t"
3807+
"ASR %[a], %[a], #31\n\t"
3808+
"AND %[a], %[a], #0x13\n\t"
37783809
"ADDS r4, r4, %[a]\n\t"
37793810
"ADCS r5, r5, #0x0\n\t"
37803811
"ADCS r6, r6, #0x0\n\t"
37813812
"ADCS r7, r7, #0x0\n\t"
37823813
"ADCS r8, r8, #0x0\n\t"
37833814
"ADCS r9, r9, #0x0\n\t"
3784-
"BFC r11, #31, #1\n\t"
37853815
"ADCS r10, r10, #0x0\n\t"
37863816
"ADC r11, r11, #0x0\n\t"
3817+
"BFC r11, #31, #1\n\t"
37873818
"STM %[r], {r4, r5, r6, r7, r8, r9, r10, r11}\n\t"
37883819
"MOV r0, #0x0\n\t"
37893820
"ADD sp, sp, #0xc0\n\t"

0 commit comments

Comments
 (0)