diff --git a/README.md b/README.md index 6202d5e..401d519 100644 --- a/README.md +++ b/README.md @@ -26,13 +26,13 @@ Python script `x25519.py` Test vectors from https://tools.ietf.org/html/rfc8031#appendix-A Test 1: X25519: q = d*u - Computatation time: 45 ms + Computatation time: 40 ms q [hex/dec] = 66c7fb0d9f7090f777fa8493081ce8a4f174dbbbf9a36f16ba571206d4ddd548 46489245826987382655505058740283756869827209462947799117248009944518788765000 Test 1 passed. Test 2: X25519 + y-coordinate recovery + transform to Edwards-curve (x, y) = Edward(q, r), (q, r) = d*(u, v) - Computatation time: 50 ms + Computatation time: 45 ms x [hex/dec] = 1ce7e6e3a747a25352df2d3155f06427ba389769e37755731dead2b54c5cef03 13074494971479542188989287385397236998770807488645203601973104535274459557635 y [hex/dec] = 4dd1c7c2001c147333ceedf77ebd48b1100e2a95f88cf1f40d1b74ec7279e657 35198739055214410372845858661063095427357109357427482712729161712065293444695 Test 2 passed. @@ -41,23 +41,23 @@ Python script `x25519.py` Python script `ed25519.py` Test 1: Length of message: 0 bytes - Computatation time: 101 ms + Computatation time: 91 ms Test 1 passed. Test 2: Length of message: 1 byte - Computatation time: 101 ms + Computatation time: 91 ms Test 2 passed. Test 3: Length of message: 2 bytes - Computatation time: 101 ms + Computatation time: 91 ms Test 3 passed. Test 4: Length of message: 1023 bytes - Computatation time: 110 ms + Computatation time: 100 ms Test 4 passed. Test 5: Length of message: 64 bytes - Computatation time: 102 ms + Computatation time: 92 ms Test 5 passed. ## Warning diff --git a/mpy-modules/curve25519/arithmetic.c b/mpy-modules/curve25519/arithmetic.c index 39f41e9..b3d5c78 100644 --- a/mpy-modules/curve25519/arithmetic.c +++ b/mpy-modules/curve25519/arithmetic.c @@ -132,7 +132,40 @@ void mul_zx0y0(uint32_t *z, uint32_t x, uint32_t y) { : : "r" (x), "r" (y), "r" (z) : "r5", "r6" ); } - + + +void pu(uint32_t *t, uint32_t u) { + // computes (2^255 -19) * u + __asm__ volatile ( + "MOV r3, 19\n" + "UMULL r5, r6, r3, %1\n" + "MOV r2, 0\n" + "LSRS %1, %1, 1\n" + "RRXS r2, r2\n" + "MOV r3, 0\n" + "SUBS r4, r3, r5\n" + "STMIA %0!, {r4}\n" + "SBCS r4, r3, r6\n" + "STMIA %0!, {r4}\n" + "SBCS r4, r3, r3\n" + "STMIA %0!, {r4}\n" + "SBCS r4, r3, r3\n" + "STMIA %0!, {r4}\n" + "SBCS r4, r3, r3\n" + "STMIA %0!, {r4}\n" + "SBCS r4, r3, r3\n" + "STMIA %0!, {r4}\n" + "SBCS r4, r3, r3\n" + "STMIA %0!, {r4}\n" + "SBCS r4, r2, r3\n" + "STMIA %0!, {r4}\n" + "SBCS r4, %1, r3\n" + "STMIA %0, {r4}\n" + //"SUBS %0, %0, 32\n" + : : "r" (t), "r" (u) : "r2", "r3", "r4", "r5", "r6" + ); +} + void mont_mul_zxy_mod_p(uint32_t *z, uint32_t *x, uint32_t *y, uint32_t *p) { // see Alg. 14.36 HoAC @@ -146,7 +179,8 @@ void mont_mul_zxy_mod_p(uint32_t *z, uint32_t *x, uint32_t *y, uint32_t *p) { u = (a[0] + x[i] * y[0]) * 678152731; mul_zxy(tmp, y, x[i]); a[8] += tmp[8] + add_zxy(a, a, tmp); - mul_zxy(tmp, p, u); + // mul_zxy(tmp, p, u); + pu(tmp, u); a[8] += tmp[8] + add_zxy(a, a, tmp); // A <- (A + xi y + u m) / b for (int j=0; j<8; j++) a[j] = a[j+1]; a[8] = 0; @@ -168,7 +202,8 @@ void mont_mul_zxy0_mod_p(uint32_t *z, uint32_t *x, uint32_t y, uint32_t *p) { u = (a[0] + x[i] * y) * 678152731; mul_zx0y0(tmp, x[i], y); a[8] += tmp[8] + add_zxy(a, a, tmp); - mul_zxy(tmp, p, u); + // mul_zxy(tmp, p, u); + pu(tmp, u); a[8] += tmp[8] + add_zxy(a, a, tmp); // A <- (A + xi y + u m) / b for (int j=0; j<8; j++) a[j] = a[j+1]; a[8] = 0; diff --git a/mpy-modules/curve25519/main.c b/mpy-modules/curve25519/main.c index fb06978..5a5d87d 100644 --- a/mpy-modules/curve25519/main.c +++ b/mpy-modules/curve25519/main.c @@ -1,10 +1,8 @@ // Include the header file to get access to the MicroPython API #include "py/dynruntime.h" -#include "arithmetic.h" #include "ec.h" - // This is the function which will be called from Python STATIC mp_obj_t x25519(mp_obj_t k, mp_obj_t u) { mp_buffer_info_t bufinfo_k, bufinfo_u;