1
0
mirror of https://github.com/trezor/trezor-firmware.git synced 2024-11-28 10:29:04 +00:00

refactor(crypto): do not use precomputed table for ed25519

This commit is contained in:
Ondřej Vejpustek 2024-09-01 20:52:30 +02:00
parent 5e36f86291
commit 7548fbf9ad
3 changed files with 12 additions and 0 deletions

View File

@ -1,5 +1,7 @@
#include "ed25519-donna.h"
#include "options.h"
#if !OPTIMIZE_SIZE_ED25519
/* multiples of the base point in packed {ysubx, xaddy, t2d} form */
const uint8_t ALIGN(16) ge25519_niels_base_multiples[256][96] = {
{0x3e,0x91,0x40,0xd7,0x05,0x39,0x10,0x9d,0xb3,0xbe,0x40,0xd1,0x05,0x9f,0x39,0xfd,0x09,0x8a,0x8f,0x68,0x34,0x84,0xc1,0xa5,0x67,0x12,0xf8,0x98,0x92,0x2f,0xfd,0x44,0x85,0x3b,0x8c,0xf5,0xc6,0x93,0xbc,0x2f,0x19,0x0e,0x8c,0xfb,0xc6,0x2d,0x93,0xcf,0xc2,0x42,0x3d,0x64,0x98,0x48,0x0b,0x27,0x65,0xba,0xd4,0x33,0x3a,0x9d,0xcf,0x07,0x59,0xbb,0x6f,0x4b,0x67,0x15,0xbd,0xdb,0xea,0xa5,0xa2,0xee,0x00,0x3f,0xe1,0x41,0xfa,0xc6,0x57,0xc9,0x1c,0x9d,0xd4,0xcd,0xca,0xec,0x16,0xaf,0x1f,0xbe,0x0e,0x4f},
@ -259,3 +261,4 @@ const uint8_t ALIGN(16) ge25519_niels_base_multiples[256][96] = {
{0x33,0x3e,0xed,0x2e,0xb3,0x07,0x13,0x46,0xe7,0x81,0x55,0xa4,0x33,0x2f,0x04,0xae,0x66,0x03,0x5f,0x19,0xd3,0x49,0x44,0xc9,0x58,0x48,0x31,0x6c,0x8a,0x5d,0x7d,0x0b,0xb9,0xb0,0x10,0x5e,0xaa,0xaf,0x6a,0x2a,0xa9,0x1a,0x04,0xef,0x70,0xa3,0xf0,0x78,0x1f,0xd6,0x3a,0xaa,0x77,0xfb,0x3e,0x77,0xe1,0xd9,0x4b,0xa7,0xa2,0xa5,0xec,0x44,0x43,0xd5,0x95,0x7b,0x32,0x48,0xd4,0x25,0x1d,0x0f,0x34,0xa3,0x00,0x83,0xd3,0x70,0x2b,0xc5,0xe1,0x60,0x1c,0x53,0x1c,0xde,0xe4,0xe9,0x7d,0x2c,0x51,0x24,0x22,0x27},
{0x2e,0x34,0xc5,0x49,0xaf,0x92,0xbc,0x1a,0xd0,0xfa,0xe6,0xb2,0x11,0xd8,0xee,0xff,0x29,0x4e,0xc8,0xfc,0x8d,0x8c,0xa2,0xef,0x43,0xc5,0x4c,0xa4,0x18,0xdf,0xb5,0x11,0xfc,0x75,0xa9,0x42,0x8a,0xbb,0x7b,0xbf,0x58,0xa3,0xad,0x96,0x77,0x39,0x5c,0x8c,0x48,0xaa,0xed,0xcd,0x6f,0xc7,0x7f,0xe2,0xa6,0x20,0xbc,0xf6,0xd7,0x5f,0x73,0x19,0x66,0x42,0xc8,0x42,0xd0,0x90,0xab,0xe3,0x7e,0x54,0x19,0x7f,0x0f,0x8e,0x84,0xeb,0xb9,0x97,0xa4,0x65,0xd0,0xa1,0x03,0x25,0x5f,0x89,0xdf,0x91,0x11,0x91,0xef,0x0f}
};
#endif

View File

@ -1,2 +1,6 @@
#include "options.h"
#if !OPTIMIZE_SIZE_ED25519
/* multiples of the base point in packed {ysubx, xaddy, t2d} form */
extern const uint8_t ALIGN(16) ge25519_niels_base_multiples[256][96];
#endif

View File

@ -1,6 +1,7 @@
#include <assert.h>
#include "ed25519-donna.h"
#include "memzero.h"
#include "options.h"
/* sqrt(x) is such an integer y that 0 <= y <= p - 1, y % 2 = 0, and y^2 = x (mod p). */
/* d = -121665 / 121666 */
@ -726,5 +727,9 @@ int ge25519_unpack_vartime(ge25519 *r, const unsigned char *s){
}
void ge25519_scalarmult_base_wrapper(ge25519 *r, const bignum256modm s){
#if OPTIMIZE_SIZE_ED25519
ge25519_scalarmult(r, &ge25519_basepoint, s);
#else
ge25519_scalarmult_base_niels(r, ge25519_niels_base_multiples, s);
#endif
}