Merge pull request #1250 from SparkiDev/curve25519_asm

Intel ASM code for Curve25519

wolfcrypt/src/curve25519.c

@@ -67,6 +67,8 @@ int wc_curve25519_make_key(WC_RNG* rng, int keysize, curve25519_key* key)
     if (keysize != CURVE25519_KEYSIZE)
         return ECC_BAD_ARG_E;
 
+    fe_init();
+
     /* random number for private key */
     ret = wc_RNG_GenerateBlock(rng, key->k.point, keysize);
     if (ret != 0)
@@ -429,6 +431,9 @@ int wc_curve25519_init(curve25519_key* key)
         XMEMSET(key->k.pointY, 0, key->dp->size);
         XMEMSET(key->p.pointY, 0, key->dp->size);
     #endif
+
+    fe_init();
+
     return 0;
 }
 

wolfcrypt/src/ed25519.c

@@ -295,6 +295,8 @@ int wc_ed25519_init(ed25519_key* key)
 
     XMEMSET(key, 0, sizeof(ed25519_key));
 
+    fe_init();
+
     return 0;
 }
 

wolfcrypt/src/fe_low_mem.c

@@ -40,7 +40,6 @@
     #include <wolfcrypt/src/misc.c>
 #endif
 
-
 void fprime_copy(byte *x, const byte *a)
 {
     int i;
@@ -58,6 +57,10 @@ void lm_copy(byte* x, const byte* a)
 
 
 #ifdef CURVE25519_SMALL
+void fe_init()
+{
+}
+
 /* Double an X-coordinate */
 static void xc_double(byte *x3, byte *z3,
 		      const byte *x1, const byte *z1)

wolfcrypt/src/fe_operations.c

@@ -41,7 +41,9 @@
     #include <wolfcrypt/src/misc.c>
 #endif
 
-#ifdef CURVED25519_128BIT
+#ifdef CURVED25519_X64
+#include "fe_x25519_x64.i"
+#elif defined(CURVED25519_128BIT)
 #include "fe_x25519_128.i"
 #else
 
@@ -115,6 +117,10 @@ void fe_0(fe h)
 
 #if defined(HAVE_CURVE25519) && !defined(CURVE25519_SMALL) && \
     !defined(FREESCALE_LTC_ECC)
+void fe_init()
+{
+}
+
 int curve25519(byte* q, byte* n, byte* p)
 {
 #if 0

wolfcrypt/src/fe_x25519_128.i

@@ -1,4 +1,4 @@
-/* fp_x25519_128.i
+/* fe_x25519_128.i
  *
  * Copyright (C) 2006-2017 wolfSSL Inc.
  *
@@ -19,6 +19,10 @@
  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
  */
 
+void fe_init()
+{
+}
+
 /* Convert a number represented as an array of bytes to an array of words with
  * 51-bits of data in each word.
  *
@@ -458,7 +462,7 @@ int curve25519(byte* r, byte* n, byte* a)
 /* The field element value 0 as an array of bytes. */
 static const unsigned char zero[32] = {0};
 
-/* Constant time check as to whether a is a not 0.
+/* Constant time check as to whether a is not 0.
  *
  * a  A field element.
  */

wolfcrypt/src/include.am

@@ -40,7 +40,8 @@ EXTRA_DIST += \
               wolfcrypt/src/fp_sqr_comba_8.i \
               wolfcrypt/src/fp_sqr_comba_9.i \
               wolfcrypt/src/fp_sqr_comba_small_set.i \
-              wolfcrypt/src/fe_x25519_128.i
+              wolfcrypt/src/fe_x25519_128.i \
+              wolfcrypt/src/fe_x25519_x64.i
 
 EXTRA_DIST += wolfcrypt/src/port/ti/ti-aes.c \
               wolfcrypt/src/port/ti/ti-des3.c \

wolfssl/wolfcrypt/fe_operations.h

@@ -33,7 +33,9 @@
 
 #include <wolfssl/wolfcrypt/types.h>
 
-#if defined(HAVE___UINT128_T) && !defined(NO_CURVED25519_128BIT)
+#if defined(USE_INTEL_SPEEDUP) && !defined(NO_CURVED25519_X64)
+    #define CURVED25519_X64
+#elif defined(HAVE___UINT128_T) && !defined(NO_CURVED25519_128BIT)
     #define CURVED25519_128BIT
 #endif
 
@@ -58,13 +60,17 @@ Bounds on each t[i] vary depending on context.
 
 
 #if !defined(FREESCALE_LTC_ECC)
+WOLFSSL_LOCAL void fe_init(void);
+
 WOLFSSL_LOCAL int  curve25519(byte * q, byte * n, byte * p);
 #endif
 
 /* default to be faster but take more memory */
 #if !defined(CURVE25519_SMALL) || !defined(ED25519_SMALL)
 
-#if defined(CURVED25519_128BIT)
+#ifdef CURVED25519_X64
+    typedef int64_t  fe[4];
+#elif defined(CURVED25519_128BIT)
     typedef int64_t  fe[5];
 #else
     typedef int32_t  fe[10];

wolfssl/wolfcrypt/ge_operations.h

@@ -47,6 +47,8 @@ Representations:
 
 #ifdef ED25519_SMALL
   typedef byte     ge[F25519_SIZE];
+#elif defined(CURVED25519_X64)
+  typedef int64_t  ge[4];
 #elif defined(CURVED25519_128BIT)
   typedef int64_t  ge[5];
 #else