internal/sm2ec: s390x p256FromMont

internal/sm2ec/sm2p256_asm_s390x.go

@@ -0,0 +1,55 @@
+//go:build !purego
+
+package sm2ec
+
+
+// p256Element is a P-256 base field element in [0, P-1] in the Montgomery
+// domain (with R 2²⁵⁶) as four limbs in little-endian order value.
+type p256Element [4]uint64
+
+// p256OrdElement is a P-256 scalar field element in [0, ord(G)-1] in the
+// Montgomery domain (with R 2²⁵⁶) as four uint64 limbs in little-endian order.
+type p256OrdElement [4]uint64
+
+// Montgomery multiplication. Sets res = in1 * in2 * R⁻¹ mod p.
+//
+//go:noescape
+func p256Mul(res, in1, in2 *p256Element)
+
+// Montgomery square, repeated n times (n >= 1).
+//
+//go:noescape
+func p256Sqr(res, in *p256Element, n int)
+
+// Montgomery multiplication by R⁻¹, or 1 outside the domain.
+// Sets res = in * R⁻¹, bringing res out of the Montgomery domain.
+//
+//go:noescape
+func p256FromMont(res, in *p256Element)
+
+// If cond is not 0, sets val = -val mod p.
+//
+//go:noescape
+func p256NegCond(val *p256Element, cond int)
+
+// If cond is 0, sets res = b, otherwise sets res = a.
+//
+//go:noescape
+func p256MovCond(res, a, b *SM2P256Point, cond int)
+
+//go:noescape
+func p256BigToLittle(res *p256Element, in *[32]byte)
+
+//go:noescape
+func p256LittleToBig(res *[32]byte, in *p256Element)
+
+//go:noescape
+func p256OrdBigToLittle(res *p256OrdElement, in *[32]byte)
+
+//go:noescape
+func p256OrdLittleToBig(res *[32]byte, in *p256OrdElement)
+
+// p256OrdReduce ensures s is in the range [0, ord(G)-1].
+//
+//go:noescape
+func p256OrdReduce(s *p256OrdElement)

internal/sm2ec/sm2p256_asm_s390x_test.go

@@ -0,0 +1,82 @@
+//go:build s390x && !purego
+
+package sm2ec
+
+import (
+	"math/big"
+	"testing"
+)
+
+var bigOne = big.NewInt(1)
+
+// fromBig converts a *big.Int into a format used by this code.
+func fromBig(out *[4]uint64, big *big.Int) {
+	for i := range out {
+		out[i] = 0
+	}
+
+	for i, v := range big.Bits() {
+		out[i] = uint64(v)
+	}
+}
+
+func montFromBig(out *[4]uint64, n *big.Int) {
+	p, _ := new(big.Int).SetString("FFFFFFFEFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF00000000FFFFFFFFFFFFFFFF", 16)
+	r := new(big.Int).Lsh(bigOne, 256)
+	// out = big * R mod P
+	outBig := new(big.Int).Mul(n, r)
+	outBig.Mod(outBig, p)
+	fromBig(out, outBig)
+}
+
+func toBigInt(in *p256Element) *big.Int {
+	var valBytes [32]byte
+	p256LittleToBig(&valBytes, in)
+	return new(big.Int).SetBytes(valBytes[:])
+}
+
+func ordElmToBigInt(in *p256OrdElement) *big.Int {
+	var valBytes [32]byte
+	p256OrdLittleToBig(&valBytes, in)
+	return new(big.Int).SetBytes(valBytes[:])
+}
+
+func testP256FromMont(v *big.Int, t *testing.T) {
+	val := new(p256Element)
+	montFromBig((*[4]uint64)(val), v)
+	res := new(p256Element)
+	p256FromMont(res, val)
+	if toBigInt(res).Cmp(v) != 0 {
+		t.Fatalf("p256FromMont failed for %v", v)
+	}
+}
+
+func TestP256FromMont(t *testing.T) {
+	p, _ := new(big.Int).SetString("FFFFFFFEFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF00000000FFFFFFFFFFFFFFFF", 16)
+	for i := 0; i < 20; i++ {
+		bigVal := big.NewInt(int64(i))
+		testP256FromMont(bigVal, t)
+		bigVal = new(big.Int).Sub(p, big.NewInt(int64(i)))
+		testP256FromMont(bigVal, t)
+	}
+}
+
+func testP256OrderReduce(v *big.Int, t *testing.T) {
+	val := new(p256OrdElement)
+	montFromBig((*[4]uint64)(val), v)
+	p256OrdReduce(val)
+	if ordElmToBigInt(val).Cmp(v) != 0 {
+		t.Fatalf("p256OrdReduce failed for %v", v)
+	}
+}
+
+
+func TestP256OrderReduce(t *testing.T) {
+	p, _ := new(big.Int).SetString("FFFFFFFEFFFFFFFFFFFFFFFFFFFFFFFF7203DF6B21C6052B53BBF40939D54123", 16)
+	for i := 0; i < 20; i++ {
+		bigVal := big.NewInt(int64(i))
+		testP256OrderReduce(bigVal, t)
+		bigVal = new(big.Int).Sub(p, big.NewInt(int64(i)))
+		testP256OrderReduce(bigVal, t)
+	}
+}