crypto/fipsmodule/ec/make_p256-x86_64-table.go - boringssl - Git at Google

 /* Copyright (c) 2018, Google Inc.
  *
  * Permission to use, copy, modify, and/or distribute this software for any
  * purpose with or without fee is hereby granted, provided that the above
  * copyright notice and this permission notice appear in all copies.
  *
  * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
  * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
  * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
  * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
  * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION
  * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
  * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */

 package main

 import (
 	"crypto/elliptic"
 	"fmt"
 	"math/big"
 	"os"
 )

 const fileHeader = `/* Copyright (c) 2015, Intel Inc.
  *
  * Permission to use, copy, modify, and/or distribute this software for any
  * purpose with or without fee is hereby granted, provided that the above
  * copyright notice and this permission notice appear in all copies.
  *
  * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
  * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
  * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
  * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
  * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION
  * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
  * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */

 // This is the precomputed constant time access table for the code in
 // p256-x86_64.c, for the default generator. The table consists of 37
 // subtables, each subtable contains 64 affine points. The affine points are
 // encoded as eight uint64's, four for the x coordinate and four for the y.
 // Both values are in little-endian order. There are 37 tables because a
 // signed, 6-bit wNAF form of the scalar is used and ceil(256/(6 + 1)) = 37.
 // Within each table there are 64 values because the 6-bit wNAF value can take
 // 64 values, ignoring the sign bit, which is implemented by performing a
 // negation of the affine point when required. We would like to align it to 2MB
 // in order to increase the chances of using a large page but that appears to
 // lead to invalid ELF files being produced.

 // This file is generated by make_p256-x86_64-table.go.

 static const alignas(4096) PRECOMP256_ROW ecp_nistz256_precomputed[37] = {
 `

 func main() {
 	os.Stdout.WriteString(fileHeader)

 	scalar, tmp := new(big.Int), new(big.Int)
 	p256 := elliptic.P256()
 	p := p256.Params().P

 	// The wNAF windows are 7 bits wide, so advance across the 256-bit scalar
 	// space in 7-bit increments.
 	for shift := uint(0); shift < 256; shift += 7 {
 		// For each window, encode 64 multiples of the base point.
 		for multiple := 1; multiple <= 64; multiple++ {
 			scalar.SetInt64(int64(multiple))
 			scalar.Lsh(scalar, shift)

 			x, y := p256.ScalarBaseMult(scalar.Bytes())

 			toMontgomery(x, p)
 			toMontgomery(y, p)

 			if multiple == 1 {
 				os.Stdout.WriteString("        {{")
 			} else {
 				os.Stdout.WriteString("         {")
 			}
 			printNum(x, tmp)

 			os.Stdout.WriteString(",\n          ")
 			printNum(y, tmp)

 			if multiple == 64 {
 				os.Stdout.WriteString("}}")
 			} else {
 				os.Stdout.WriteString("},\n")
 			}
 		}

 		if shift+7 < 256 {
 			os.Stdout.WriteString(",\n")
 		} else {
 			os.Stdout.WriteString("};\n")
 		}
 	}
 }

 var mask, R *big.Int

 func init() {
 	mask = new(big.Int).SetUint64(0xffffffffffffffff)
 	R = new(big.Int).SetInt64(1)
 	R.Lsh(R, 256)
 }

 func printNum(n, tmp *big.Int) {
 	fmt.Printf("{")
 	for i := 0; i < 4; i++ {
 		tmp.And(n, mask)
 		limb := tmp.Uint64()
 		fmt.Printf("TOBN(0x%08x, 0x%08x)", uint32(limb>>32), uint32(limb))
 		n.Rsh(n, 64)

 		switch i {
 		case 0, 2:
 			os.Stdout.WriteString(", ")
 		case 1:
 			os.Stdout.WriteString(",\n           ")
 		}
 	}
 	fmt.Printf("}")
 }

 // toMontgomery sets n to be n×R mod p
 func toMontgomery(n, p *big.Int) {
 	n.Mul(n, R)
 	n.Mod(n, p)
 }
	/* Copyright (c) 2018, Google Inc.
	*
	* Permission to use, copy, modify, and/or distribute this software for any
	* purpose with or without fee is hereby granted, provided that the above
	* copyright notice and this permission notice appear in all copies.
	*
	* THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
	* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
	* MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
	* SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
	* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION
	* OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
	* CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */

	package main

	import (
	"crypto/elliptic"
	"fmt"
	"math/big"
	"os"
	)

	const fileHeader = `/* Copyright (c) 2015, Intel Inc.
	*
	* Permission to use, copy, modify, and/or distribute this software for any
	* purpose with or without fee is hereby granted, provided that the above
	* copyright notice and this permission notice appear in all copies.
	*
	* THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
	* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
	* MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
	* SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
	* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION
	* OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
	* CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */

	// This is the precomputed constant time access table for the code in
	// p256-x86_64.c, for the default generator. The table consists of 37
	// subtables, each subtable contains 64 affine points. The affine points are
	// encoded as eight uint64's, four for the x coordinate and four for the y.
	// Both values are in little-endian order. There are 37 tables because a
	// signed, 6-bit wNAF form of the scalar is used and ceil(256/(6 + 1)) = 37.
	// Within each table there are 64 values because the 6-bit wNAF value can take
	// 64 values, ignoring the sign bit, which is implemented by performing a
	// negation of the affine point when required. We would like to align it to 2MB
	// in order to increase the chances of using a large page but that appears to
	// lead to invalid ELF files being produced.

	// This file is generated by make_p256-x86_64-table.go.

	static const alignas(4096) PRECOMP256_ROW ecp_nistz256_precomputed[37] = {
	`

	func main() {
	os.Stdout.WriteString(fileHeader)

	scalar, tmp := new(big.Int), new(big.Int)
	p256 := elliptic.P256()
	p := p256.Params().P

	// The wNAF windows are 7 bits wide, so advance across the 256-bit scalar
	// space in 7-bit increments.
	for shift := uint(0); shift < 256; shift += 7 {
	// For each window, encode 64 multiples of the base point.
	for multiple := 1; multiple <= 64; multiple++ {
	scalar.SetInt64(int64(multiple))
	scalar.Lsh(scalar, shift)

	x, y := p256.ScalarBaseMult(scalar.Bytes())

	toMontgomery(x, p)
	toMontgomery(y, p)

	if multiple == 1 {
	os.Stdout.WriteString(" {{")
	} else {
	os.Stdout.WriteString(" {")
	}
	printNum(x, tmp)

	os.Stdout.WriteString(",\n ")
	printNum(y, tmp)

	if multiple == 64 {
	os.Stdout.WriteString("}}")
	} else {
	os.Stdout.WriteString("},\n")
	}
	}

	if shift+7 < 256 {
	os.Stdout.WriteString(",\n")
	} else {
	os.Stdout.WriteString("};\n")
	}
	}
	}

	var mask, R *big.Int

	func init() {
	mask = new(big.Int).SetUint64(0xffffffffffffffff)
	R = new(big.Int).SetInt64(1)
	R.Lsh(R, 256)
	}

	func printNum(n, tmp *big.Int) {
	fmt.Printf("{")
	for i := 0; i < 4; i++ {
	tmp.And(n, mask)
	limb := tmp.Uint64()
	fmt.Printf("TOBN(0x%08x, 0x%08x)", uint32(limb>>32), uint32(limb))
	n.Rsh(n, 64)

	switch i {
	case 0, 2:
	os.Stdout.WriteString(", ")
	case 1:
	os.Stdout.WriteString(",\n ")
	}
	}
	fmt.Printf("}")
	}

	// toMontgomery sets n to be n×R mod p
	func toMontgomery(n, p *big.Int) {
	n.Mul(n, R)
	n.Mod(n, p)
	}