8294997: Improve ECC math operations

djelinski · djelinski · commit 2f60675e0680 · 2022-10-13T10:16:33.000Z
Reviewed-by: xuelei
diff --git a/make/jdk/src/classes/build/tools/intpoly/FieldGen.java b/make/jdk/src/classes/build/tools/intpoly/FieldGen.java
@@ -246,8 +246,7 @@ public int getCoefficient() {
         }
 
         public BigInteger getValue() {
-            return BigInteger.valueOf(2).pow(power)
-                    .multiply(BigInteger.valueOf(coefficient));
+            return BigInteger.valueOf(coefficient).shiftLeft(power);
         }
 
         public String toString() {
@@ -663,14 +662,12 @@ private String generate(FieldParams params) throws IOException {
                 subtract = true;
             }
             String coefExpr = "BigInteger.valueOf(" + coefValue + ")";
-            String powExpr = "BigInteger.valueOf(2).pow(" + t.getPower() + ")";
+            String powExpr = ".shiftLeft(" + t.getPower() + ")";
             String termExpr = "ERROR";
             if (t.getPower() == 0) {
                 termExpr = coefExpr;
-            } else if (coefValue == 1) {
-                termExpr = powExpr;
             } else {
-                termExpr = powExpr + ".multiply(" + coefExpr + ")";
+                termExpr = coefExpr + powExpr;
             }
             if (subtract) {
                 result.appendLine("result = result.subtract(" + termExpr + ");");
diff --git a/src/java.base/share/classes/sun/security/util/math/intpoly/IntegerPolynomial.java b/src/java.base/share/classes/sun/security/util/math/intpoly/IntegerPolynomial.java
@@ -329,9 +329,10 @@ private void setLimbsValue(BigInteger v, long[] limbs) {
     }
 
     protected void setLimbsValuePositive(BigInteger v, long[] limbs) {
-        BigInteger mod = BigInteger.valueOf(1 << bitsPerLimb);
+        assert bitsPerLimb < 32;
+        long limbMask = (1L << bitsPerLimb) - 1;
         for (int i = 0; i < limbs.length; i++) {
-            limbs[i] = v.mod(mod).longValue();
+            limbs[i] = v.intValue() & limbMask;
             v = v.shiftRight(bitsPerLimb);
         }
     }
diff --git a/src/jdk.crypto.ec/share/classes/sun/security/ec/ECOperations.java b/src/jdk.crypto.ec/share/classes/sun/security/ec/ECOperations.java
@@ -304,25 +304,19 @@ private void setDouble(ProjectivePoint.Mutable p, MutableIntegerModuloP t0,
         p.getY().setValue(t2).setProduct(b);
         p.getY().setDifference(p.getZ());
 
-        p.getX().setValue(p.getY()).setProduct(two);
-        p.getY().setSum(p.getX());
-        p.getY().setReduced();
+        p.getY().setProduct(three);
         p.getX().setValue(t1).setDifference(p.getY());
 
         p.getY().setSum(t1);
         p.getY().setProduct(p.getX());
         p.getX().setProduct(t3);
 
-        t3.setValue(t2).setProduct(two);
-        t2.setSum(t3);
+        t2.setProduct(three);
         p.getZ().setProduct(b);
 
-        t2.setReduced();
         p.getZ().setDifference(t2);
         p.getZ().setDifference(t0);
-        t3.setValue(p.getZ()).setProduct(two);
-        p.getZ().setReduced();
-        p.getZ().setSum(t3);
+        p.getZ().setProduct(three);
         t0.setProduct(three);
 
         t0.setDifference(t2);
@@ -382,26 +376,19 @@ private void setSum(ProjectivePoint.Mutable p, AffinePoint p2,
         p.getZ().setProduct(b);
 
         p.getX().setValue(p.getY()).setDifference(p.getZ());
-        p.getX().setReduced();
-        p.getZ().setValue(p.getX()).setProduct(two);
-        p.getX().setSum(p.getZ());
+        p.getX().setProduct(three);
 
         p.getZ().setValue(t1).setDifference(p.getX());
         p.getX().setSum(t1);
         p.getY().setProduct(b);
 
-        t1.setValue(t2).setProduct(two);
-        t2.setSum(t1);
-        t2.setReduced();
+        t2.setProduct(three);
         p.getY().setDifference(t2);
 
         p.getY().setDifference(t0);
-        p.getY().setReduced();
-        t1.setValue(p.getY()).setProduct(two);
-        p.getY().setSum(t1);
+        p.getY().setProduct(three);
 
-        t1.setValue(t0).setProduct(two);
-        t0.setSum(t1);
+        t0.setProduct(three);
         t0.setDifference(t2);
 
         t1.setValue(t4).setProduct(p.getY());
@@ -413,8 +400,8 @@ private void setSum(ProjectivePoint.Mutable p, AffinePoint p2,
         p.getX().setDifference(t1);
 
         p.getZ().setProduct(t4);
-        t1.setValue(t3).setProduct(t0);
-        p.getZ().setSum(t1);
+        t3.setProduct(t0);
+        p.getZ().setSum(t3);
 
     }
 
@@ -453,26 +440,20 @@ private void setSum(ProjectivePoint.Mutable p, ProjectivePoint.Mutable p2,
 
         p.getZ().setValue(t2).setProduct(b);
         p.getX().setValue(p.getY()).setDifference(p.getZ());
-        p.getZ().setValue(p.getX()).setProduct(two);
 
-        p.getX().setSum(p.getZ());
-        p.getX().setReduced();
+        p.getX().setProduct(three);
+
         p.getZ().setValue(t1).setDifference(p.getX());
         p.getX().setSum(t1);
 
         p.getY().setProduct(b);
-        t1.setValue(t2).setSum(t2);
-        t2.setSum(t1);
-        t2.setReduced();
+        t2.setProduct(three);
 
         p.getY().setDifference(t2);
         p.getY().setDifference(t0);
-        p.getY().setReduced();
-        t1.setValue(p.getY()).setSum(p.getY());
+        p.getY().setProduct(three);
 
-        p.getY().setSum(t1);
-        t1.setValue(t0).setProduct(two);
-        t0.setSum(t1);
+        t0.setProduct(three);
 
         t0.setDifference(t2);
         t1.setValue(t4).setProduct(p.getY());
@@ -484,9 +465,9 @@ private void setSum(ProjectivePoint.Mutable p, ProjectivePoint.Mutable p2,
 
         p.getX().setDifference(t1);
         p.getZ().setProduct(t4);
-        t1.setValue(t3).setProduct(t0);
 
-        p.getZ().setSum(t1);
+        t3.setProduct(t0);
+        p.getZ().setSum(t3);
 
     }
 }
diff --git a/src/jdk.crypto.ec/share/classes/sun/security/ec/ed/Ed25519Operations.java b/src/jdk.crypto.ec/share/classes/sun/security/ec/ed/Ed25519Operations.java
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2020, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2020, 2022, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -137,7 +137,7 @@ AffinePoint decodeAffinePoint(Function<String, T> exception,
             throw exception.apply("Invalid point");
         }
 
-        if (xLSB != x.asBigInteger().mod(BigInteger.valueOf(2)).intValue()) {
+        if (xLSB != (x.asBigInteger().intValue() & 1)) {
             x.setAdditiveInverse();
         }
 
diff --git a/src/jdk.crypto.ec/share/classes/sun/security/ec/ed/Ed448Operations.java b/src/jdk.crypto.ec/share/classes/sun/security/ec/ed/Ed448Operations.java
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2020, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2020, 2022, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -127,7 +127,7 @@ AffinePoint decodeAffinePoint(Function<String, T> exception, int xLSB,
             throw exception.apply("Invalid point");
         }
 
-        if (xLSB != x.asBigInteger().mod(TWO).intValue()) {
+        if (xLSB != (x.asBigInteger().intValue() & 1)) {
             x.setAdditiveInverse();
         }
 

Original file line number	Diff line number	Diff line change
`@@ -246,8 +246,7 @@ public int getCoefficient() {`
`246`	`246`	`}`
`247`	`247`
`248`	`248`	`public BigInteger getValue() {`
`249`		`- return BigInteger.valueOf(2).pow(power)`
`250`		`- .multiply(BigInteger.valueOf(coefficient));`
	`249`	`+ return BigInteger.valueOf(coefficient).shiftLeft(power);`
`251`	`250`	`}`
`252`	`251`
`253`	`252`	`public String toString() {`
`@@ -663,14 +662,12 @@ private String generate(FieldParams params) throws IOException {`
`663`	`662`	`subtract = true;`
`664`	`663`	`}`
`665`	`664`	`String coefExpr = "BigInteger.valueOf(" + coefValue + ")";`
`666`		`- String powExpr = "BigInteger.valueOf(2).pow(" + t.getPower() + ")";`
	`665`	`+ String powExpr = ".shiftLeft(" + t.getPower() + ")";`
`667`	`666`	`String termExpr = "ERROR";`
`668`	`667`	`if (t.getPower() == 0) {`
`669`	`668`	`termExpr = coefExpr;`
`670`		`- } else if (coefValue == 1) {`
`671`		`- termExpr = powExpr;`
`672`	`669`	`} else {`
`673`		`- termExpr = powExpr + ".multiply(" + coefExpr + ")";`
	`670`	`+ termExpr = coefExpr + powExpr;`
`674`	`671`	`}`
`675`	`672`	`if (subtract) {`
`676`	`673`	`result.appendLine("result = result.subtract(" + termExpr + ");");`
Original file line number	Diff line number	Diff line change
`@@ -329,9 +329,10 @@ private void setLimbsValue(BigInteger v, long[] limbs) {`
`329`	`329`	`}`
`330`	`330`
`331`	`331`	`protected void setLimbsValuePositive(BigInteger v, long[] limbs) {`
`332`		`- BigInteger mod = BigInteger.valueOf(1 << bitsPerLimb);`
	`332`	`+ assert bitsPerLimb < 32;`
	`333`	`+ long limbMask = (1L << bitsPerLimb) - 1;`
`333`	`334`	`for (int i = 0; i < limbs.length; i++) {`
`334`		`- limbs[i] = v.mod(mod).longValue();`
	`335`	`+ limbs[i] = v.intValue() & limbMask;`
`335`	`336`	`v = v.shiftRight(bitsPerLimb);`
`336`	`337`	`}`
`337`	`338`	`}`
Original file line number	Diff line number	Diff line change
`@@ -1,5 +1,5 @@`
`1`	`1`	`/*`
`2`		`- * Copyright (c) 2020, Oracle and/or its affiliates. All rights reserved.`
	`2`	`+ * Copyright (c) 2020, 2022, Oracle and/or its affiliates. All rights reserved.`
`3`	`3`	`* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.`
`4`	`4`	`*`
`5`	`5`	`* This code is free software; you can redistribute it and/or modify it`
`@@ -137,7 +137,7 @@ AffinePoint decodeAffinePoint(Function<String, T> exception,`
`137`	`137`	`throw exception.apply("Invalid point");`
`138`	`138`	`}`
`139`	`139`
`140`		`- if (xLSB != x.asBigInteger().mod(BigInteger.valueOf(2)).intValue()) {`
	`140`	`+ if (xLSB != (x.asBigInteger().intValue() & 1)) {`
`141`	`141`	`x.setAdditiveInverse();`
`142`	`142`	`}`
`143`	`143`