curve448: Integrate 64-bit reference implementation

Signed-off-by: Amitay Isaacs <amitay@ozlabs.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14784)
2025-03-31 20:10:45 +08:00 · 2021-01-19 14:14:25 +11:00 · 2021-01-19 14:14:25 +11:00 · 27947123c9
commit 27947123c9
parent a72da9eceb
4 changed files with 21 additions and 5 deletions
--- a/crypto/ec/build.info
+++ b/crypto/ec/build.info
@ -48,10 +48,16 @@ $COMMON=ec_lib.c ecp_smpl.c ecp_mont.c ecp_nist.c ec_cvt.c ec_mult.c \
        ec2_smpl.c ec_deprecated.c \
        ecp_oct.c ec2_oct.c ec_oct.c ec_kmeth.c ecdh_ossl.c \
        ecdsa_ossl.c ecdsa_sign.c ecdsa_vrf.c curve25519.c \
-        curve448/arch_32/f_impl.c curve448/f_generic.c curve448/scalar.c \
+        curve448/f_generic.c curve448/scalar.c \
        curve448/curve448_tables.c curve448/eddsa.c curve448/curve448.c \
        $ECASM ec_backend.c ecx_backend.c ecdh_kdf.c

+IF[{- $config{'use_int128'} eq "1" -}]
+  $COMMON=$COMMON curve448/arch_64/f_impl.c
+ELSE
+  $COMMON=$COMMON curve448/arch_32/f_impl.c
+ENDIF
+
 IF[{- !$disabled{'ec_nistp_64_gcc_128'} -}]
  $COMMON=$COMMON ecp_nistp224.c ecp_nistp256.c ecp_nistp521.c ecp_nistputil.c
 ENDIF
--- a/crypto/ec/curve448/arch_64/f_impl.c
+++ b/crypto/ec/curve448/arch_64/f_impl.c
@ -10,7 +10,7 @@
 * Originally written by Mike Hamburg
 */

-#include "field.h"
+#include "../field.h"

 void gf_mul(gf_s * RESTRICT cs, const gf as, const gf bs)
 {
--- a/crypto/ec/curve448/field.h
+++ b/crypto/ec/curve448/field.h
@ -66,10 +66,15 @@ void gf_serialize(uint8_t *serial, const gf x, int with_highbit);
 mask_t gf_deserialize(gf x, const uint8_t serial[SER_BYTES], int with_hibit,
                      uint8_t hi_nmask);

-# include "arch_32/f_impl.h"    /* Bring in the inline implementations */

 # define LIMBPERM(i) (i)
-# define LIMB_MASK(i) (((1)<<LIMB_PLACE_VALUE(i))-1)
+# if (ARCH_WORD_BITS == 32)
+#  include "arch_32/f_impl.h"    /* Bring in the inline implementations */
+#  define LIMB_MASK(i) (((1)<<LIMB_PLACE_VALUE(i))-1)
+# elif (ARCH_WORD_BITS == 64)
+#  include "arch_64/f_impl.h"    /* Bring in the inline implementations */
+#  define LIMB_MASK(i) (((1ULL)<<LIMB_PLACE_VALUE(i))-1)
+# endif

 static const gf ZERO = {{{0}}}, ONE = {{{1}}};

--- a/crypto/ec/curve448/word.h
+++ b/crypto/ec/curve448/word.h
@ -17,9 +17,14 @@
 # include <assert.h>
 # include <stdlib.h>
 # include <openssl/e_os2.h>
-# include "arch_32/arch_intrinsics.h"
 # include "curve448utils.h"

+# ifdef INT128_MAX
+#  include "arch_64/arch_intrinsics.h"
+# else
+#  include "arch_32/arch_intrinsics.h"
+# endif
+
 # if (ARCH_WORD_BITS == 64)
 typedef uint64_t word_t, mask_t;
 typedef uint128_t dword_t;