Curve25519 improvements

Add non-constant time implemenations of mod_inv for x64 and Aarch64
assembly.

Generate base point table, with better formatting, for double smul with
a script.
Increase Bi table size to 32 entries for 64-bit asm.
Minor improvements to double smul.

WOLFSSL_CURVE25519_NOT_USE_ED25519 to not use ed25519 base smul in
curve25519 base smul.

Author: SparkiDev

configure.ac

@@ -10280,6 +10280,12 @@ then
         AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_CURVE25519_USE_ED25519"
         AM_CCASFLAGS="$AM_CCASFLAGS -DWOLFSSL_CURVE25519_USE_ED25519"
     fi
+    if test "$ENABLED_CURVE25519" = "not-ed"
+    then
+        AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_CURVE25519_NOT_USE_ED25519"
+        AM_CCASFLAGS="$AM_CCASFLAGS -DWOLFSSL_CURVE25519_NOT_USE_ED25519"
+    fi
+
 
     AM_CFLAGS="$AM_CFLAGS -DHAVE_CURVE25519"
     AM_CCASFLAGS="$AM_CCASFLAGS -DHAVE_CURVE25519"

wolfcrypt/src/curve25519.c

@@ -75,8 +75,9 @@ const curve25519_set_type curve25519_sets[] = {
     }
 };
 
-#if !defined(WOLFSSL_CURVE25519_USE_ED25519) || \
-    defined(WOLFSSL_CURVE25519_BLINDING)
+#if (!defined(WOLFSSL_CURVE25519_USE_ED25519) && \
+     !(defined(CURVED25519_X64) || (defined(WOLFSSL_ARMASM) && \
+     defined(__aarch64__)))) || defined(WOLFSSL_CURVE25519_BLINDING)
 static const word32 kCurve25519BasePoint[CURVE25519_KEYSIZE/sizeof(word32)] = {
 #ifdef BIG_ENDIAN_ORDER
     0x09000000

wolfcrypt/src/ed25519.c

@@ -822,7 +822,7 @@ static int ed25519_verify_msg_final_with_sha(const byte* sig, word32 sigLen,
     if (ret != 0)
         return ret;
 
-    ge_tobytes(rcheck, &R);
+    ge_tobytes_nct(rcheck, &R);
 #endif /* FREESCALE_LTC_ECC */
 
     /* comparison of R created to R in sig */