ec: Define bn_mul_mont-based scalar operations in Rust.

Take a step towards eliminating `prefixed_export!`.

build.rs

@@ -965,7 +965,6 @@ fn prefix_all_symbols(pp: char, prefix_prefix: &str, prefix: &str) -> String {
         "p384_point_add",
         "p384_point_double",
         "p384_point_mul",
-        "p384_scalar_mul_mont",
         "openssl_poly1305_neon2_addmulmod",
         "openssl_poly1305_neon2_blocks",
         "sha256_block_data_order",

crypto/fipsmodule/ec/gfp_p384.c

@@ -39,16 +39,6 @@ static const BN_ULONG Q[P384_LIMBS] = {
 #endif
 };
 
-static const BN_ULONG N[P384_LIMBS] = {
-#if defined(OPENSSL_64_BIT)
-  0xecec196accc52973, 0x581a0db248b0a77a, 0xc7634d81f4372ddf, 0xffffffffffffffff,
-  0xffffffffffffffff, 0xffffffffffffffff
-#else
-  0xccc52973, 0xecec196a, 0x48b0a77a, 0x581a0db2, 0xf4372ddf, 0xc7634d81,
-  0xffffffff, 0xffffffff, 0xffffffff, 0xffffffff, 0xffffffff, 0xffffffff
-#endif
-};
-
 static const BN_ULONG ONE[P384_LIMBS] = {
 #if defined(OPENSSL_64_BIT)
   0xffffffff00000001, 0xffffffff, 1, 0, 0
@@ -71,10 +61,6 @@ static const BN_ULONG Q_N0[] = {
   BN_MONT_CTX_N0(1, 1)
 };
 
-static const BN_ULONG N_N0[] = {
-  BN_MONT_CTX_N0(0x6ed46089, 0xe88fdc45)
-};
-
 /* XXX: MSVC for x86 warns when it fails to inline these functions it should
  * probably inline. */
 #if defined(_MSC_VER) && !defined(__clang__) && defined(OPENSSL_X86)
@@ -212,13 +198,6 @@ void p384_elem_neg(Elem r, const Elem a) {
 }
 
 
-void p384_scalar_mul_mont(ScalarMont r, const ScalarMont a,
-                              const ScalarMont b) {
-  /* XXX: Inefficient. TODO: Add dedicated multiplication routine. */
-  bn_mul_mont(r, a, b, N, N_N0, P384_LIMBS);
-}
-
-
 /* TODO(perf): Optimize this. */
 
 static void p384_point_select_w5(P384_POINT *out,

src/arithmetic/montgomery.rs

@@ -120,7 +120,7 @@ use crate::{bssl, c, limb::Limb};
 // TODO: Stop calling this from C and un-export it.
 #[allow(deprecated)]
 prefixed_export! {
-    pub(super) unsafe fn bn_mul_mont(
+    pub unsafe fn bn_mul_mont(
         r: *mut Limb,
         a: *const Limb,
         b: *const Limb,
@@ -226,7 +226,7 @@ prefixed_extern! {
 ))]
 prefixed_extern! {
     // `r` and/or 'a' and/or 'b' may alias.
-    pub(super) fn bn_mul_mont(
+    pub fn bn_mul_mont(
         r: *mut Limb,
         a: *const Limb,
         b: *const Limb,

src/ec/suite_b/ops.rs

@@ -687,22 +687,10 @@ mod tests {
         })
     }
 
-    #[test]
-    fn p256_scalar_square_test() {
-        prefixed_extern! {
-            fn p256_scalar_sqr_rep_mont(r: *mut Limb, a: *const Limb, rep: Limb);
-        }
-        scalar_square_test(
-            &p256::SCALAR_OPS,
-            p256_scalar_sqr_rep_mont,
-            test_file!("ops/p256_scalar_square_tests.txt"),
-        );
-    }
-
     // XXX: There's no `p384_scalar_square_test()` because there's no dedicated
     // `p384_scalar_sqr_rep_mont()`.
 
-    fn scalar_square_test(
+    pub(super) fn scalar_square_test(
         ops: &ScalarOps,
         sqr_rep: unsafe extern "C" fn(r: *mut Limb, a: *const Limb, rep: Limb),
         test_file: test::File,

src/ec/suite_b/ops/p256.rs

@@ -310,14 +310,16 @@ prefixed_extern! {
 }
 
 #[cfg(any(target_arch = "aarch64", target_arch = "x86_64"))]
-mod scalar_specialized_ops {
+mod scalar_ops {
+    use crate::limb::Limb;
+
     prefixed_extern! {
-        fn p256_scalar_mul_mont(
+        pub(super) fn p256_scalar_mul_mont(
             r: *mut Limb,   // [COMMON_OPS.num_limbs]
             a: *const Limb, // [COMMON_OPS.num_limbs]
             b: *const Limb, // [COMMON_OPS.num_limbs]
         );
-        fn p256_scalar_sqr_rep_mont(
+        pub(super) fn p256_scalar_sqr_rep_mont(
             r: *mut Limb,   // [COMMON_OPS.num_limbs]
             a: *const Limb, // [COMMON_OPS.num_limbs]
             rep: Limb,
@@ -326,11 +328,18 @@ mod scalar_specialized_ops {
 }
 
 #[cfg(not(any(target_arch = "aarch64", target_arch = "x86_64")))]
-mod scalar_specialized_ops {
-    use super::*;
-    use crate::arithmetic::montgomery::{bn_mul_mont, N0};
-
-    unsafe fn p256_scalar_mul_mont(r: *mut Limb, a: *const Limb, b: *const Limb) {
+mod scalar_ops {
+    use super::COMMON_OPS;
+    use crate::{
+        arithmetic::montgomery::{bn_mul_mont, N0},
+        limb::Limb,
+    };
+
+    pub(super) unsafe extern "C" fn p256_scalar_mul_mont(
+        r: *mut Limb,
+        a: *const Limb,
+        b: *const Limb,
+    ) {
         static N_N0: N0 = N0::precalculated(0x_ccd1c8aa_ee00bc4f);
         bn_mul_mont(
             r,
@@ -342,7 +351,11 @@ mod scalar_specialized_ops {
         );
     }
 
-    unsafe fn p256_scalar_sqr_rep_mont(r: *mut Limb, a: *const Limb, rep: Limb) {
+    pub(super) unsafe extern "C" fn p256_scalar_sqr_rep_mont(
+        r: *mut Limb,
+        a: *const Limb,
+        rep: Limb,
+    ) {
         debug_assert!(rep >= 1);
         p256_scalar_mul_mont(r, a, a);
         for _ in 1..rep {
@@ -351,10 +364,12 @@ mod scalar_specialized_ops {
     }
 }
 
-use scalar_specialized_ops::*;
+use scalar_ops::*;
 
 #[cfg(test)]
 mod tests {
+    use super::{super::tests::scalar_square_test, *};
+
     #[cfg(any(target_arch = "aarch64", target_arch = "x86_64"))]
     #[test]
     fn p256_point_mul_base_vartime_test() {
@@ -365,4 +380,13 @@ mod tests {
             test_file!("p256_point_mul_base_tests.txt"),
         );
     }
+
+    #[test]
+    fn p256_scalar_square_test() {
+        scalar_square_test(
+            &p256::SCALAR_OPS,
+            p256_scalar_sqr_rep_mont,
+            test_file!("p256_scalar_square_tests.txt"),
+        );
+    }
 }

src/ec/suite_b/ops/p384.rs

@@ -278,6 +278,22 @@ unsafe extern "C" fn p384_elem_sqr_mont(
     p384_elem_mul_mont(r, a, a);
 }
 
+unsafe extern "C" fn p384_scalar_mul_mont(
+    r: *mut Limb,   // [COMMON_OPS.num_limbs]
+    a: *const Limb, // [COMMON_OPS.num_limbs]
+    b: *const Limb, // [COMMON_OPS.num_limbs]
+) {
+    static N_N0: N0 = N0::precalculated(0x_6ed46089_e88fdc45);
+    bn_mul_mont(
+        r,
+        a,
+        b,
+        COMMON_OPS.n.limbs.as_ptr(),
+        &N_N0,
+        COMMON_OPS.num_limbs,
+    );
+}
+
 prefixed_extern! {
     fn p384_elem_mul_mont(
         r: *mut Limb,   // [COMMON_OPS.num_limbs]
@@ -296,10 +312,4 @@ prefixed_extern! {
         p_x: *const Limb,      // [COMMON_OPS.num_limbs]
         p_y: *const Limb,      // [COMMON_OPS.num_limbs]
     );
-
-    fn p384_scalar_mul_mont(
-        r: *mut Limb,   // [COMMON_OPS.num_limbs]
-        a: *const Limb, // [COMMON_OPS.num_limbs]
-        b: *const Limb, // [COMMON_OPS.num_limbs]
-    );
 }