[8u] RFR: Backport 8208648: ECC Field Arithmetic Enhancements

Alvarez, David alvdavi at amazon.com
Fri Jun 14 21:37:31 UTC 2019


Hi,

Here is the proper RFR for 8208648: ECC Field Arithmetic Enhancements

Sorry for the confusion

Bug: https://bugs.openjdk.java.net/browse/JDK-8208648
Original: http://hg.openjdk.java.net/jdk/jdk/rev/746602d9682f
Webrev: http://cr.openjdk.java.net/~phh/8208648/webrev.8u.00/

JDK-8208648 is marked as jdk8u-critical-yes

This is the second of a chain of three patches, JDK-8181594, JDK-8208648 and JDK-8208698 I will be sending today.

The patch did not apply cleanly. The following conflicts appeared:

sun/security/util/ArrayUtil.java is not present in jdk8u. ArrayUtil is a utility class with static methods. I created the file but only with the static methods that were required for this patch (all of them were included in the original patch).
sun/security/util/math/intpoly/IntegerPolynomial1305.java had a minor conflict due to mismatching of the context lines
sun/security/util/math/intpoly/IntegerPolynomial.java had significant amount of rejections, but they were mostly easy to fix, caused by context mismatching.

Additionally, some of the new implementations of IntegerPolynomial contained an @Override for a method (finalCarryReduceLast) that is not present in the jdk8u version of IntegerPolynomial.java, so I removed the annotation.

Below are the relevant changes I've done to resolve the rejects and compilation errors.

Thanks,
David


diff --git a/src/jdk/src/share/classes/sun/security/util/ArrayUtil.java b/src/jdk/src/share/classes/sun/security/util/ArrayUtil.java
new file mode 100644
index 00000000..5e5fc0aa
--- /dev/null
+++ b/src/jdk/src/share/classes/sun/security/util/ArrayUtil.java
@@ -0,0 +1,51 @@
+/*
+ * Copyright (c) 2018, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.  Oracle designates this
+ * particular file as subject to the "Classpath" exception as provided
+ * by Oracle in the LICENSE file that accompanied this code.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+package sun.security.util;
+
+/**
+ * This class holds the various utility methods for array range checks.
+ */
+
+public final class ArrayUtil {
+
+    private static void swap(byte[] arr, int i, int j) {
+        byte tmp = arr[i];
+        arr[i] = arr[j];
+        arr[j] = tmp;
+    }
+
+    public static void reverse(byte [] arr) {
+        int i = 0;
+        int j = arr.length - 1;
+
+        while (i < j) {
+            swap(arr, i, j);
+            i++;
+            j--;
+        }
+    }
+}
+
diff --git a/src/jdk/src/share/classes/sun/security/util/math/intpoly/IntegerPolynomial.java b/src/jdk/src/share/classes/sun/security/util/math/intpoly/IntegerPolynomial.java
index 1846b9cb..c0eef1f4 100644
--- a/src/jdk/src/share/classes/sun/security/util/math/intpoly/IntegerPolynomial.java
+++ b/src/jdk/src/share/classes/sun/security/util/math/intpoly/IntegerPolynomial.java
@@ -66,9 +66,25 @@ public abstract class IntegerPolynomial implements IntegerFieldModuloP {
     protected final int numLimbs;
     private final BigInteger modulus;
     protected final int bitsPerLimb;
+    private final int maxAdds;
-    // must work when a==r
-    protected abstract void multByInt(long[] a, long b, long[] r);
+    /**
+     * Reduce an IntegerPolynomial representation (a) and store the result
+     * in a. Requires that a.length == numLimbs.
+     */
+    protected abstract void reduce(long[] a);
+
+    /**
+     * Multiply an IntegerPolynomial representation (a) with a long (b) and
+     * store the result in an IntegerPolynomial representation in a. Requires
+     * that a.length == numLimbs.
+     */
+    protected void multByInt(long[] a, long b) {
+        for (int i = 0; i < a.length; i++) {
+            a[i] *= b;
+        }
+        reduce(a);
+    }
     // must work when a==r
     protected abstract void mult(long[] a, long[] b, long[] r);
@@ -78,12 +94,14 @@ public abstract class IntegerPolynomial implements IntegerFieldModuloP {
     IntegerPolynomial(int bitsPerLimb,
                       int numLimbs,
+                      int maxAdds,
                       BigInteger modulus) {
         this.numLimbs = numLimbs;
         this.modulus = modulus;
         this.bitsPerLimb = bitsPerLimb;
+        this.maxAdds = maxAdds;
     }
     protected int getNumLimbs() {
@@ -300,6 +318,27 @@ public abstract class IntegerPolynomial implements IntegerFieldModuloP {
         }
     }
+    /**
+     * Branch-free conditional assignment of b to a. Requires that set is 0 or
+     * 1, and that a.length == b.length. If set==0, then the values of a and b
+     * will be unchanged. If set==1, then the values of b will be assigned to a.
+     * The behavior is undefined if swap has any value other than 0 or 1.
+     */
+    protected static void conditionalAssign(int set, long[] a, long[] b) {
+        int maskValue = 0 - set;
+        for (int i = 0; i < a.length; i++) {
+            long dummyLimbs = maskValue & (a[i] ^ b[i]);
+            a[i] = dummyLimbs ^ a[i];
+        }
+    }
+
+    /**
+     * Branch-free conditional swap of a and b. Requires that swap is 0 or 1,
+     * and that a.length == b.length. If swap==0, then the values of a and b
+     * will be unchanged. If swap==1, then the values of a and b will be
+     * swapped. The behavior is undefined if swap has any value other than
+     * 0 or 1.
+     */
     protected static void conditionalSwap(int swap, long[] a, long[] b) {
         int maskValue = 0 - swap;
         for (int i = 0; i < a.length; i++) {
@@ -428,43 +467,52 @@ public abstract class IntegerPolynomial implements IntegerFieldModuloP {
             long[] newLimbs = new long[limbs.length];
             mult(limbs, b.limbs, newLimbs);
-            return new ImmutableElement(newLimbs, true);
+            return new ImmutableElement(newLimbs, 0);
         }
         @Override
         public ImmutableElement square() {
             long[] newLimbs = new long[limbs.length];
             IntegerPolynomial.this.square(limbs, newLimbs);
-            return new ImmutableElement(newLimbs, true);
+            return new ImmutableElement(newLimbs, 0);
         }
         public void addModPowerTwo(IntegerModuloP arg, byte[] result) {
-            if (!summand) {
+            Element other = (Element) arg;
+            if (!(isSummand() && other.isSummand())) {
                 throw new ArithmeticException("Not a valid summand");
             }
-            Element other = (Element) arg;
             addLimbsModPowerTwo(limbs, other.limbs, result);
         }
         public void asByteArray(byte[] result) {
-            if (!summand) {
+            if (!isSummand()) {
                 throw new ArithmeticException("Not a valid summand");
             }
             limbsToByteArray(limbs, result);
         }
     }
-    private class MutableElement extends Element
+    protected class MutableElement extends Element
         implements MutableIntegerModuloP {
-        protected MutableElement(long[] limbs, boolean summand) {
-            super(limbs, summand);
+        protected MutableElement(long[] limbs, int numAdds) {
+            super(limbs, numAdds);
         }
         @Override
         public ImmutableElement fixed() {
-            return new ImmutableElement(limbs.clone(), summand);
+            return new ImmutableElement(limbs.clone(), numAdds);
+        }
+
+        @Override
+        public void conditionalSet(IntegerModuloP b, int set) {
+
+            Element other = (Element) b;
+
+            conditionalAssign(set, limbs, other.limbs);
+            numAdds = other.numAdds;
         }
         @Override
diff --git a/src/jdk/src/share/classes/sun/security/util/math/intpoly/IntegerPolynomial1305.java b/src/jdk/src/share/classes/sun/security/util/math/intpoly/IntegerPolynomial1305.java
index 2b33ceb2..5cc1dea2 100644
--- a/src/jdk/src/share/classes/sun/security/util/math/intpoly/IntegerPolynomial1305.java
+++ b/src/jdk/src/share/classes/sun/security/util/math/intpoly/IntegerPolynomial1305.java
@@ -59,7 +59,7 @@ public class IntegerPolynomial1305 extends IntegerPolynomial {
     }
     public IntegerPolynomial1305() {
-        super(BITS_PER_LIMB, NUM_LIMBS, MODULUS);
+        super(BITS_PER_LIMB, NUM_LIMBS, 1, MODULUS);
         posModLimbs = setPosModLimbs();
     }
diff --git a/src/jdk/src/share/classes/sun/security/util/math/intpoly/IntegerPolynomialP256.java b/src/jdk/src/share/classes/sun/security/util/math/intpoly/IntegerPolynomialP256.java
index e364db1a..b3591e0c 100644
--- a/src/jdk/src/share/classes/sun/security/util/math/intpoly/IntegerPolynomialP256.java
+++ b/src/jdk/src/share/classes/sun/security/util/math/intpoly/IntegerPolynomialP256.java
@@ -50,7 +50,7 @@ public class IntegerPolynomialP256 extends IntegerPolynomial {
         result = result.subtract(BigInteger.valueOf(1));
         return result;
     }
-    @Override
+    
     protected void finalCarryReduceLast(long[] limbs) {
         long c = limbs[9] >> 22;
         limbs[9] -= c << 22;
diff --git a/src/jdk/src/share/classes/sun/security/util/math/intpoly/IntegerPolynomialP384.java b/src/jdk/src/share/classes/sun/security/util/math/intpoly/IntegerPolynomialP384.java
index 91c3bab5..a726bbe8 100644
--- a/src/jdk/src/share/classes/sun/security/util/math/intpoly/IntegerPolynomialP384.java
+++ b/src/jdk/src/share/classes/sun/security/util/math/intpoly/IntegerPolynomialP384.java
@@ -50,7 +50,7 @@ public class IntegerPolynomialP384 extends IntegerPolynomial {
         result = result.subtract(BigInteger.valueOf(1));
         return result;
     }
-    @Override
+    
     protected void finalCarryReduceLast(long[] limbs) {
         long c = limbs[13] >> 20;
         limbs[13] -= c << 20;
diff --git a/src/jdk/src/share/classes/sun/security/util/math/intpoly/IntegerPolynomialP521.java b/src/jdk/src/share/classes/sun/security/util/math/intpoly/IntegerPolynomialP521.java
index 7899b62e..38fe2ef4 100644
--- a/src/jdk/src/share/classes/sun/security/util/math/intpoly/IntegerPolynomialP521.java
+++ b/src/jdk/src/share/classes/sun/security/util/math/intpoly/IntegerPolynomialP521.java
@@ -47,7 +47,7 @@ public class IntegerPolynomialP521 extends IntegerPolynomial {
         result = result.subtract(BigInteger.valueOf(1));
         return result;
     }
-    @Override
+    
     protected void finalCarryReduceLast(long[] limbs) {
         long c = limbs[18] >> 17;
         limbs[18] -= c << 17;
diff --git a/src/jdk/src/share/classes/sun/security/util/math/intpoly/P256OrderField.java b/src/jdk/src/share/classes/sun/security/util/math/intpoly/P256OrderField.java
index 5831d12e..f43d4cfe 100644
--- a/src/jdk/src/share/classes/sun/security/util/math/intpoly/P256OrderField.java
+++ b/src/jdk/src/share/classes/sun/security/util/math/intpoly/P256OrderField.java
@@ -53,7 +53,7 @@ public class P256OrderField extends IntegerPolynomial {
         result = result.subtract(BigInteger.valueOf(2).pow(208).multiply(BigInteger.valueOf(65536)));
         return result;
     }
-    @Override
+    
     protected void finalCarryReduceLast(long[] limbs) {
         long c = limbs[9] >> 22;
         limbs[9] -= c << 22;
diff --git a/src/jdk/src/share/classes/sun/security/util/math/intpoly/P384OrderField.java b/src/jdk/src/share/classes/sun/security/util/math/intpoly/P384OrderField.java
index 249faabd..1304cd20 100644
--- a/src/jdk/src/share/classes/sun/security/util/math/intpoly/P384OrderField.java
+++ b/src/jdk/src/share/classes/sun/security/util/math/intpoly/P384OrderField.java
@@ -53,7 +53,7 @@ public class P384OrderField extends IntegerPolynomial {
         result = result.subtract(BigInteger.valueOf(2).pow(168).multiply(BigInteger.valueOf(3710130)));
         return result;
     }
-    @Override
+    
     protected void finalCarryReduceLast(long[] limbs) {
         long c = limbs[13] >> 20;
         limbs[13] -= c << 20;
diff --git a/src/jdk/src/share/classes/sun/security/util/math/intpoly/P521OrderField.java b/src/jdk/src/share/classes/sun/security/util/math/intpoly/P521OrderField.java
index 439b7e0d..0e98db08 100644
--- a/src/jdk/src/share/classes/sun/security/util/math/intpoly/P521OrderField.java
+++ b/src/jdk/src/share/classes/sun/security/util/math/intpoly/P521OrderField.java
@@ -56,7 +56,7 @@ public class P521OrderField extends IntegerPolynomial {
         result = result.subtract(BigInteger.valueOf(2).pow(252).multiply(BigInteger.valueOf(91)));
         return result;
     }
-    @Override
+    
     protected void finalCarryReduceLast(long[] limbs) {
         long c = limbs[18] >> 17;
         limbs[18] -= c << 17;





More information about the security-dev mailing list