Skip to content

s2n bignum import method change #2324

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 15 commits into from
Apr 29, 2025
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
The table of contents is too big for display.
Diff view
Diff view
  •  
  •  
  •  
18 changes: 6 additions & 12 deletions crypto/fipsmodule/CMakeLists.txt
Original file line number Diff line number Diff line change
Expand Up @@ -193,12 +193,12 @@ if((((ARCH STREQUAL "x86_64") AND NOT MY_ASSEMBLER_IS_TOO_OLD_FOR_512AVX) OR

# Set the source directory for s2n-bignum assembly files
if(ARCH STREQUAL "x86_64")
set(S2N_BIGNUM_DIR ${AWSLC_SOURCE_DIR}/third_party/s2n-bignum/x86_att)
set(S2N_BIGNUM_DIR ${AWSLC_SOURCE_DIR}/third_party/s2n-bignum/s2n-bignum-imported/x86_att)
else()
set(S2N_BIGNUM_DIR ${AWSLC_SOURCE_DIR}/third_party/s2n-bignum/arm)
set(S2N_BIGNUM_DIR ${AWSLC_SOURCE_DIR}/third_party/s2n-bignum/s2n-bignum-imported/arm)
endif()

set(S2N_BIGNUM_INCLUDE_DIR ${AWSLC_SOURCE_DIR}/third_party/s2n-bignum/include)
set(S2N_BIGNUM_INCLUDE_DIR ${AWSLC_SOURCE_DIR}/third_party/s2n-bignum/s2n-bignum-imported/include)

# We add s2n-bignum files to a separate list because they need
# to go through C preprocessor in case of the static build.
Expand Down Expand Up @@ -290,16 +290,10 @@ if((((ARCH STREQUAL "x86_64") AND NOT MY_ASSEMBLER_IS_TOO_OLD_FOR_512AVX) OR
generic/bignum_optsub.S
generic/bignum_sqr.S

fastmul/bignum_kmul_16_32_neon.S
fastmul/bignum_kmul_32_64_neon.S
fastmul/bignum_ksqr_16_32_neon.S
fastmul/bignum_ksqr_32_64_neon.S
fastmul/bignum_emontredc_8n_neon.S

generic/bignum_copy_row_from_table.S
generic/bignum_copy_row_from_table_8n_neon.S
generic/bignum_copy_row_from_table_16_neon.S
generic/bignum_copy_row_from_table_32_neon.S
generic/bignum_copy_row_from_table_8n.S
generic/bignum_copy_row_from_table_16.S
generic/bignum_copy_row_from_table_32.S
)
endif()
endif()
Expand Down
23 changes: 10 additions & 13 deletions crypto/fipsmodule/bn/exponentiation.c
Original file line number Diff line number Diff line change
Expand Up @@ -124,11 +124,13 @@
defined(OPENSSL_OPENBSD) || defined(OPENSSL_FREEBSD)) && \
defined(OPENSSL_AARCH64)

#include "../../../third_party/s2n-bignum/include/s2n-bignum_aws-lc.h"
#include "../../../third_party/s2n-bignum/s2n-bignum_aws-lc.h"

#define BN_EXPONENTIATION_S2N_BIGNUM_CAPABLE 1

OPENSSL_INLINE int exponentiation_use_s2n_bignum(void) { return 1; }
OPENSSL_INLINE int exponentiation_use_s2n_bignum(void) {
return CRYPTO_is_NEON_capable();
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

is this moving the capability checks in crypto/fipsmodule/bn/montgomery.c to here instead?

Copy link
Contributor Author

@torben-hansen torben-hansen Apr 25, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Exactly :)

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Scratch that. They are guarding two different things :)

}

#else

Expand All @@ -143,17 +145,12 @@ static void exponentiation_s2n_bignum_copy_from_prebuf(BN_ULONG *dest, int width
#if defined(BN_EXPONENTIATION_S2N_BIGNUM_CAPABLE)

int table_height = 1 << window;
if (CRYPTO_is_NEON_capable()) {
if (width == 32) {
bignum_copy_row_from_table_32_neon(dest, table, table_height, rowidx);
} else if (width == 16) {
bignum_copy_row_from_table_16_neon(dest, table, table_height, rowidx);
} else if (width % 8 == 0) {
bignum_copy_row_from_table_8n_neon(dest, table, table_height, width,
rowidx);
} else {
bignum_copy_row_from_table(dest, table, table_height, width, rowidx);
}
if (width == 32) {
bignum_copy_row_from_table_32(dest, table, table_height, rowidx);
} else if (width == 16) {
bignum_copy_row_from_table_16(dest, table, table_height, rowidx);
} else if (width % 8 == 0) {
bignum_copy_row_from_table_8n(dest, table, table_height, width, rowidx);
} else {
bignum_copy_row_from_table(dest, table, table_height, width, rowidx);
}
Expand Down
42 changes: 16 additions & 26 deletions crypto/fipsmodule/bn/montgomery.c
Original file line number Diff line number Diff line change
Expand Up @@ -127,7 +127,7 @@
defined(OPENSSL_OPENBSD) || defined(OPENSSL_FREEBSD)) && \
defined(OPENSSL_AARCH64) && defined(OPENSSL_BN_ASM_MONT)

#include "../../../third_party/s2n-bignum/include/s2n-bignum_aws-lc.h"
#include "../../../third_party/s2n-bignum/s2n-bignum_aws-lc.h"

#define BN_MONTGOMERY_S2N_BIGNUM_CAPABLE 1

Expand All @@ -137,11 +137,14 @@ OPENSSL_INLINE int montgomery_use_s2n_bignum(unsigned int num) {
// (2) num (which is the number of words) is multiplie of 8, because
// s2n-bignum's bignum_emontredc_8n requires it, and
// (3) The word size is 64 bits.
// (4) CPU has NEON.
assert(S2NBIGNUM_KSQR_16_32_TEMP_NWORDS <= S2NBIGNUM_KMUL_32_64_TEMP_NWORDS &&
S2NBIGNUM_KSQR_32_64_TEMP_NWORDS <= S2NBIGNUM_KMUL_32_64_TEMP_NWORDS &&
S2NBIGNUM_KMUL_16_32_TEMP_NWORDS <= S2NBIGNUM_KMUL_32_64_TEMP_NWORDS);
assert(BN_BITS2 == 64);
return !CRYPTO_is_ARMv8_wide_multiplier_capable() && (num % 8 == 0);
return !CRYPTO_is_ARMv8_wide_multiplier_capable() &&
(num % 8 == 0) &&
CRYPTO_is_NEON_capable();
}

#else
Expand Down Expand Up @@ -454,7 +457,7 @@ static int bn_mod_mul_montgomery_fallback(BIGNUM *r, const BIGNUM *a,
// are equivalent to the arguments of bn_mul_mont.
// montgomery_s2n_bignum_mul_mont works only if num is a multiple of 8.
// montgomery_use_s2n_bignum(num) must be called in advance to check this
// condition.
// condition, as well as other s2n-bignum requirements.
// For num = 32 or num = 16, this uses faster primitives in s2n-bignum.
// montgomery_s2n_bignum_mul_mont allocates S2NBIGNUM_KMUL_32_64_TEMP_NWORDS +
// 2 * BN_MONTGOMERY_MAX_WORDS uint64_t words at the stack.
Expand All @@ -477,34 +480,23 @@ static void montgomery_s2n_bignum_mul_mont(BN_ULONG *rp, const BN_ULONG *ap,
uint64_t w = n0[0];

if (num == 32) {
if (CRYPTO_is_NEON_capable()) {
if (ap == bp)
bignum_ksqr_32_64_neon(mulres, ap, t);
else
bignum_kmul_32_64_neon(mulres, ap, bp, t);
if (ap == bp) {
bignum_ksqr_32_64(mulres, ap, t);
} else {
if (ap == bp)
bignum_ksqr_32_64(mulres, ap, t);
else
bignum_kmul_32_64(mulres, ap, bp, t);
bignum_kmul_32_64(mulres, ap, bp, t);
}
} else if (num == 16) {
if (CRYPTO_is_NEON_capable()) {
if (ap == bp)
bignum_ksqr_16_32_neon(mulres, ap, t);
else
bignum_kmul_16_32_neon(mulres, ap, bp, t);
if (ap == bp) {
bignum_ksqr_16_32(mulres, ap, t);
} else {
if (ap == bp)
bignum_ksqr_16_32(mulres, ap, t);
else
bignum_kmul_16_32(mulres, ap, bp, t);
bignum_kmul_16_32(mulres, ap, bp, t);
}
} else {
if (ap == bp)
if (ap == bp) {
bignum_sqr(num * 2, mulres, num, ap);
else
} else {
bignum_mul(num * 2, mulres, num, ap, num, bp);
}
}

// Do montgomery reduction. We follow the definition of montgomery reduction
Expand All @@ -518,9 +510,7 @@ static void montgomery_s2n_bignum_mul_mont(BN_ULONG *rp, const BN_ULONG *ap,
// A. The result of step 1 >= 2^(64*num), meaning that bignum_emontredc_8n
// returned 1. Since m is less than 2^(64*num), (result of step 1) >= m holds.
// B. The result of step 1 fits in 2^(64*num), and the result >= m.
uint64_t c = CRYPTO_is_NEON_capable() ?
bignum_emontredc_8n_neon(num, mulres, np, w) :
bignum_emontredc_8n(num, mulres, np, w); // c: case A
uint64_t c = bignum_emontredc_8n(num, mulres, np, w); // c: case A
c |= bignum_ge(num, mulres + num, num, np); // c: case B
// Optionally subtract and store the result at rp
bignum_optsub(num, rp, mulres + num, c, np);
Expand Down
2 changes: 1 addition & 1 deletion crypto/fipsmodule/curve25519/curve25519_s2n_bignum_asm.c
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@
#include "../cpucap/internal.h"

#if defined(CURVE25519_S2N_BIGNUM_CAPABLE)
#include "../../../third_party/s2n-bignum/include/s2n-bignum_aws-lc.h"
#include "../../../third_party/s2n-bignum/s2n-bignum_aws-lc.h"

void x25519_scalar_mult_generic_s2n_bignum(
uint8_t out_shared_key[X25519_SHARED_KEY_LEN],
Expand Down
2 changes: 1 addition & 1 deletion crypto/fipsmodule/ec/p256-nistz.c
Original file line number Diff line number Diff line change
Expand Up @@ -34,7 +34,7 @@
#include "ec_nistp.h"

#if defined(EC_NISTP_USE_S2N_BIGNUM)
#include "../../../third_party/s2n-bignum/include/s2n-bignum_aws-lc.h"
#include "../../../third_party/s2n-bignum/s2n-bignum_aws-lc.h"
#endif

#if !defined(OPENSSL_NO_ASM) && \
Expand Down
2 changes: 1 addition & 1 deletion crypto/fipsmodule/ec/p384.c
Original file line number Diff line number Diff line change
Expand Up @@ -19,7 +19,7 @@
#if !defined(OPENSSL_SMALL)

#if defined(EC_NISTP_USE_S2N_BIGNUM)
# include "../../../third_party/s2n-bignum/include/s2n-bignum_aws-lc.h"
# include "../../../third_party/s2n-bignum/s2n-bignum_aws-lc.h"
#else
# if defined(EC_NISTP_USE_64BIT_LIMB)
# include "../../../third_party/fiat/p384_64.h"
Expand Down
2 changes: 1 addition & 1 deletion crypto/fipsmodule/ec/p521.c
Original file line number Diff line number Diff line change
Expand Up @@ -22,7 +22,7 @@
#if !defined(OPENSSL_SMALL)

#if defined(EC_NISTP_USE_S2N_BIGNUM)
# include "../../../third_party/s2n-bignum/include/s2n-bignum_aws-lc.h"
# include "../../../third_party/s2n-bignum/s2n-bignum_aws-lc.h"
#else
# if defined(EC_NISTP_USE_64BIT_LIMB)
# include "../../../third_party/fiat/p521_64.h"
Expand Down
5 changes: 5 additions & 0 deletions third_party/s2n-bignum/META.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,5 @@
name: s2n-bignum-imported
source: awslabs/s2n-bignum.git
commit: 54e1fa5756d6b13961c2f61d90f75426aa25d373
target: main
imported-at: 2025-04-28T17:22:07+0000
Loading
Loading