Centralize the pcurves reduction correction step

Rohde-Schwarz · Jan 26, 2025 · 69d4cae · 69d4cae
1 parent 20d7412
commit 69d4cae
Show file tree

Hide file tree

Showing 6 changed files with 16 additions and 20 deletions.
diff --git a/src/lib/math/mp/mp_core.h b/src/lib/math/mp/mp_core.h
@@ -10,6 +10,7 @@
 #ifndef BOTAN_MP_CORE_OPS_H_
 #define BOTAN_MP_CORE_OPS_H_
 
+#include <botan/assert.h>
 #include <botan/exceptn.h>
 #include <botan/mem_ops.h>
 #include <botan/types.h>
@@ -1120,6 +1121,16 @@ constexpr std::array<W, N> redc_crandall(std::span<const W, 2 * N> z) {
    return r;
 }
 
+/**
+* Set r to r - C. Then if r < 0, add P to r
+*/
+template <size_t N, WordType W>
+constexpr inline void bigint_correct_redc(std::array<W, N>& r, const std::array<W, N>& P, const std::array<W, N>& C) {
+   // TODO look into combining the two operations for important values of N
+   W borrow = bigint_sub2(r.data(), N, C.data(), N);
+   bigint_cnd_add(borrow, r.data(), N, P.data(), N);
+}
+
 }  // namespace Botan
 
 #endif
diff --git a/src/lib/math/pcurves/pcurves_secp192r1/pcurves_secp192r1.cpp b/src/lib/math/pcurves/pcurves_secp192r1/pcurves_secp192r1.cpp
@@ -57,10 +57,7 @@ class Secp192r1Rep final {
 
          BOTAN_DEBUG_ASSERT(S <= 3);
 
-         const auto correction = p192_mul_mod_192(S);
-         W borrow = bigint_sub2(r.data(), N, correction.data(), N);
-
-         bigint_cnd_add(borrow, r.data(), N, P.data(), N);
+         bigint_correct_redc<N>(r, P, p192_mul_mod_192(S));
 
          return r;
       }

diff --git a/src/lib/math/pcurves/pcurves_secp224r1/pcurves_secp224r1.cpp b/src/lib/math/pcurves/pcurves_secp224r1/pcurves_secp224r1.cpp
@@ -61,10 +61,7 @@ class Secp224r1Rep final {
 
          BOTAN_DEBUG_ASSERT(S <= 2);
 
-         const auto correction = p224_mul_mod_224(S);
-         W borrow = bigint_sub2(r.data(), N, correction.data(), N);
-
-         bigint_cnd_add(borrow, r.data(), N, P.data(), N);
+         bigint_correct_redc<N>(r, P, p224_mul_mod_224(S));
 
          return r;
       }

diff --git a/src/lib/math/pcurves/pcurves_secp256r1/pcurves_secp256r1.cpp b/src/lib/math/pcurves/pcurves_secp256r1/pcurves_secp256r1.cpp
@@ -69,10 +69,7 @@ class Secp256r1Rep final {
 
          BOTAN_DEBUG_ASSERT(S <= 8);
 
-         const auto correction = p256_mul_mod_256(S);
-         W borrow = bigint_sub2(r.data(), N, correction.data(), N);
-
-         bigint_cnd_add(borrow, r.data(), N, P.data(), N);
+         bigint_correct_redc<N>(r, P, p256_mul_mod_256(S));
 
          return r;
       }

diff --git a/src/lib/math/pcurves/pcurves_secp384r1/pcurves_secp384r1.cpp b/src/lib/math/pcurves/pcurves_secp384r1/pcurves_secp384r1.cpp
@@ -80,10 +80,7 @@ class Secp384r1Rep final {
 
          BOTAN_DEBUG_ASSERT(S <= 4);
 
-         const auto correction = p384_mul_mod_384(S);
-         W borrow = bigint_sub2(r.data(), N, correction.data(), N);
-
-         bigint_cnd_add(borrow, r.data(), N, P.data(), N);
+         bigint_correct_redc<N>(r, P, p384_mul_mod_384(S));
 
          return r;
       }

diff --git a/src/lib/math/pcurves/pcurves_sm2p256v1/pcurves_sm2p256v1.cpp b/src/lib/math/pcurves/pcurves_sm2p256v1/pcurves_sm2p256v1.cpp
@@ -63,10 +63,7 @@ class Sm2p256v1Rep final {
          sum.accum(S7);
          const auto S = sum.final_carry(0);
 
-         const auto correction = sm2_mul_mod_256(S);
-         W borrow = bigint_sub2(r.data(), N, correction.data(), N);
-
-         bigint_cnd_add(borrow, r.data(), N, P.data(), N);
+         bigint_correct_redc<N>(r, P, sm2_mul_mod_256(S));
 
          return r;
       }