Cache pre-computed points for ecp_mul()

Up to 1.25 speedup on ECDSA sign for small curves, but mainly useful as a preparation for fixed-point mult (a few prototypes changed in constness).
2025-11-03 20:33:16 +03:00 · 2013-09-17 19:13:10 +02:00
parent 56cd319f0e
commit 161ef968db
6 changed files with 147 additions and 47 deletions
--- a/include/polarssl/ecdh.h
+++ b/include/polarssl/ecdh.h
@@ -62,7 +62,7 @@ ecdh_context;
 * \return          0 if successful,
 *                  or a POLARSSL_ERR_ECP_XXX or POLARSSL_MPI_XXX error code
 */
-int ecdh_gen_public( const ecp_group *grp, mpi *d, ecp_point *Q,
+int ecdh_gen_public( ecp_group *grp, mpi *d, ecp_point *Q,
                     int (*f_rng)(void *, unsigned char *, size_t),
                     void *p_rng );

@@ -83,7 +83,7 @@ int ecdh_gen_public( const ecp_group *grp, mpi *d, ecp_point *Q,
 *                  countermeasures against potential elaborate timing
 *                  attacks, see \c ecp_mul() for details.
 */
-int ecdh_compute_shared( const ecp_group *grp, mpi *z,
+int ecdh_compute_shared( ecp_group *grp, mpi *z,
                         const ecp_point *Q, const mpi *d,
                         int (*f_rng)(void *, unsigned char *, size_t),
                         void *p_rng );
--- a/include/polarssl/ecdsa.h
+++ b/include/polarssl/ecdsa.h
@@ -63,7 +63,7 @@ extern "C" {
 * \return          0 if successful,
 *                  or a POLARSSL_ERR_ECP_XXX or POLARSSL_MPI_XXX error code
 */
-int ecdsa_sign( const ecp_group *grp, mpi *r, mpi *s,
+int ecdsa_sign( ecp_group *grp, mpi *r, mpi *s,
                const mpi *d, const unsigned char *buf, size_t blen,
                int (*f_rng)(void *, unsigned char *, size_t), void *p_rng );

@@ -81,7 +81,7 @@ int ecdsa_sign( const ecp_group *grp, mpi *r, mpi *s,
 *                  POLARSSL_ERR_ECP_BAD_INPUT_DATA if signature is invalid
 *                  or a POLARSSL_ERR_ECP_XXX or POLARSSL_MPI_XXX error code
 */
-int ecdsa_verify( const ecp_group *grp,
+int ecdsa_verify( ecp_group *grp,
                  const unsigned char *buf, size_t blen,
                  const ecp_point *Q, const mpi *r, const mpi *s);

--- a/include/polarssl/ecp.h
+++ b/include/polarssl/ecp.h
@@ -155,16 +155,15 @@ ecp_keypair;

 /*
 * Maximum window size (actually, NAF width) used for point multipliation.
- * Default: 7.
+ * Default: 8.
 * Minimum value: 2. Maximum value: 8.
 *
 * Result is an array of at most ( 1 << ( POLARSSL_ECP_WINDOW_SIZE - 1 ) )
- * points used for point multiplication, so at most 64 by default.
- * In practice, most curves will use less precomputed points.
+ * points used for point multiplication.
 *
 * Reduction in size may reduce speed for big curves.
 */
-#define POLARSSL_ECP_WINDOW_SIZE    7   /**< Maximum NAF width used. */
+#define POLARSSL_ECP_WINDOW_SIZE    8   /**< Maximum NAF width used. */

 /*
 * Point formats, from RFC 4492's enum ECPointFormat
@@ -472,7 +471,7 @@ int ecp_sub( const ecp_group *grp, ecp_point *R,
 *                  has very low overhead, it is recommended to always provide
 *                  a non-NULL f_rng parameter when using secret inputs.
 */
-int ecp_mul( const ecp_group *grp, ecp_point *R,
+int ecp_mul( ecp_group *grp, ecp_point *R,
             const mpi *m, const ecp_point *P,
             int (*f_rng)(void *, unsigned char *, size_t), void *p_rng );

@@ -531,7 +530,7 @@ int ecp_check_privkey( const ecp_group *grp, const mpi *d );
 *                  in order to ease use with other structures such as
 *                  ecdh_context of ecdsa_context.
 */
-int ecp_gen_keypair( const ecp_group *grp, mpi *d, ecp_point *Q,
+int ecp_gen_keypair( ecp_group *grp, mpi *d, ecp_point *Q,
                     int (*f_rng)(void *, unsigned char *, size_t),
                     void *p_rng );