ML302-OpenCPU-2.1.0.2006221020-release.7z

/* sp.c * * Copyright (C) 2006-2018 wolfSSL Inc. * * This file is part of wolfSSL. * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2 of the License, or * (at your option) any later version. * * wolfSSL is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ /* Implementation by Sean Parkinson. */ #ifdef HAVE_CONFIG_H #include <config.h> #endif #include <wolfssl/wolfcrypt/settings.h> #include <wolfssl/wolfcrypt/error-crypt.h> #include <wolfssl/wolfcrypt/cpuid.h> #ifdef NO_INLINE #include <wolfssl/wolfcrypt/misc.h> #else #define WOLFSSL_MISC_INCLUDED #include <../src/wolfcrypt/src/misc.c> #endif #if defined(WOLFSSL_HAVE_SP_RSA) || defined(WOLFSSL_HAVE_SP_DH) || \ defined(WOLFSSL_HAVE_SP_ECC) #ifdef RSA_LOW_MEM #define SP_RSA_PRIVATE_EXP_D #ifndef WOLFSSL_SP_SMALL #define WOLFSSL_SP_SMALL #endif #endif #include <wolfssl/wolfcrypt/sp.h> #ifdef WOLFSSL_SP_X86_64_ASM #if defined(WOLFSSL_HAVE_SP_RSA) || defined(WOLFSSL_HAVE_SP_DH) #ifndef WOLFSSL_SP_NO_2048 /* Read big endian unsigned byte aray into r. * * r A single precision integer. * a Byte array. * n Number of bytes in array to read. */ static void sp_2048_from_bin(sp_digit* r, int max, const byte* a, int n) { int i, j = 0, s = 0; r[0] = 0; for (i = n-1; i >= 0; i--) { r[j] |= ((sp_digit)a[i]) << s; if (s >= 56) { r[j] &= 0xffffffffffffffffl; s = 64 - s; if (j + 1 >= max) break; r[++j] = a[i] >> s; s = 8 - s; } else s += 8; } for (j++; j < max; j++) r[j] = 0; } /* Convert an mp_int to an array of sp_digit. * * r A single precision integer. * a A multi-precision integer. */ static void sp_2048_from_mp(sp_digit* r, int max, mp_int* a) { #if DIGIT_BIT == 64 int j; XMEMCPY(r, a->dp, sizeof(sp_digit) * a->used); for (j = a->used; j < max; j++) r[j] = 0; #elif DIGIT_BIT > 64 int i, j = 0, s = 0; r[0] = 0; for (i = 0; i < a->used && j < max; i++) { r[j] |= a->dp[i] << s; r[j] &= 0xffffffffffffffffl; s = 64 - s; if (j + 1 >= max) break; r[++j] = a->dp[i] >> s; while (s + 64 <= DIGIT_BIT) { s += 64; r[j] &= 0xffffffffffffffffl; if (j + 1 >= max) break; if (s < DIGIT_BIT) r[++j] = a->dp[i] >> s; else r[++j] = 0; } s = DIGIT_BIT - s; } for (j++; j < max; j++) r[j] = 0; #else int i, j = 0, s = 0; r[0] = 0; for (i = 0; i < a->used && j < max; i++) { r[j] |= ((sp_digit)a->dp[i]) << s; if (s + DIGIT_BIT >= 64) { r[j] &= 0xffffffffffffffffl; if (j + 1 >= max) break; s = 64 - s; if (s == DIGIT_BIT) { r[++j] = 0; s = 0; } else { r[++j] = a->dp[i] >> s; s = DIGIT_BIT - s; } } else s += DIGIT_BIT; } for (j++; j < max; j++) r[j] = 0; #endif } /* Write r as big endian to byte aray. * Fixed length number of bytes written: 256 * * r A single precision integer. * a Byte array. */ static void sp_2048_to_bin(sp_digit* r, byte* a) { int i, j, s = 0, b; j = 2048 / 8 - 1; a[j] = 0; for (i=0; i<32 && j>=0; i++) { b = 0; a[j--] |= r[i] << s; b += 8 - s; if (j < 0) break; while (b < 64) { a[j--] = r[i] >> b; b += 8; if (j < 0) break; } s = 8 - (b - 64); if (j >= 0) a[j] = 0; if (s != 0) j++; } } /* Multiply a and b into r. (r = a * b) * * r A single precision integer. * a A single precision integer. * b A single precision integer. */ SP_NOINLINE static void sp_2048_mul_16(sp_digit* r, const sp_digit* a, const sp_digit* b) { sp_digit tmp[16]; __asm__ __volatile__ ( "# A[0] * B[0]\n\t" "movq 0(%[b]), %%rax\n\t" "mulq 0(%[a])\n\t" "xorq %%r8, %%r8\n\t" "movq %%rax, (%[tmp])\n\t" "movq %%rdx, %%rcx\n\t" "# A[0] * B[1]\n\t" "movq 8(%[b]), %%rax\n\t" "mulq 0(%[a])\n\t" "xorq %%rbx, %%rbx\n\t" "addq %%rax, %%rcx\n\t" "adcq %%rdx, %%r8\n\t" "adcq $0, %%rbx\n\t" "# A[1] * B[0]\n\t" "movq 0(%[b]), %%rax\n\t" "mulq 8(%[a])\n\t" "addq %%rax, %%rcx\n\t" "adcq %%rdx, %%r8\n\t" "adcq $0, %%rbx\n\t" "movq %%rcx, 8(%[tmp])\n\t" "# A[0] * B[2]\n\t" "movq 16(%[b]), %%rax\n\t" "mulq 0(%[a])\n\t" "xorq %%rcx, %%rcx\n\t" "addq %%rax, %%r8\n\t" "adcq %%rdx, %%rbx\n\t" "adcq $0, %%rcx\n\t" "# A[1] * B[1]\n\t" "movq 8(%[b]), %%rax\n\t" "mulq 8(%[a])\n\t" "addq %%rax, %%r8\n\t" "adcq %%rdx, %%rbx\n\t" "adcq $0, %%rcx\n\t" "# A[2] * B[0]\n\t" "movq 0(%[b]), %%rax\n\t" "mulq 16(%[a])\n\t" "addq %%rax, %%r8\n\t" "adcq %%rdx, %%rbx\n\t" "adcq $0, %%rcx\n\t" "movq %%r8, 16(%[tmp])\n\t" "# A[0] * B[3]\n\t" "movq 24(%[b]), %%rax\n\t" "mulq 0(%[a])\n\t" "xorq %%r8, %%r8\n\t" "addq %%rax, %%rbx\n\t" "adcq %%rdx, %%rcx\n\t" "adcq $0, %%r8\n\t" "# A[1] * B[2]\n\t" "movq 16(%[b]), %%rax\n\t" "mulq 8(%[a])\n\t" "addq %%rax, %%rbx\n\t" "adcq %%rdx, %%rcx\n\t" "adcq $0, %%r8\n\t" "# A[2] * B[1]\n\t" "movq 8(%[b]), %%rax\n\t" "mulq 16(%[a])\n\t" "addq %%rax, %%rbx\n\t" "adcq %%rdx, %%rcx\n\t" "adcq $0, %%r8\n\t" "# A[3] * B[0]\n\t" "movq 0(%[b]), %%rax\n\t" "mulq 24(%[a])\n\t" "addq %%rax, %%rbx\n\t" "adcq %%rdx, %%rcx\n\t" "adcq $0, %%r8\n\t" "movq %%rbx, 24(%[tmp])\n\t" "# A[0] * B[4]\n\t" "movq 32(%[b]), %%rax\n\t" "mulq 0(%[a])\n\t" "xorq %%rbx, %%rbx\n\t" "addq %%rax, %%rcx\n\t" "adcq %%rdx, %%r8\n\t" "adcq $0, %%rbx\n\t" "# A[1] * B[3]\n\t" "movq 24(%[b]), %%rax\n\t" "mulq 8(%[a])\n\t" "addq %%rax, %%rcx\n\t" "adcq %%rdx, %%r8\n\t" "adcq $0, %%rbx\n\t" "# A[2] * B[2]\n\t" "movq 16(%[b]), %%rax\n\t" "mulq 16(%[a])\n\t" "addq %%rax, %%rcx\n\t" "adcq %%rdx, %%r8\n\t" "adcq $0, %%rbx\n\t" "# A[3] * B[1]\n\t" "movq 8(%[b]), %%rax\n\t" "mulq 24(%[a])\n\t" "addq %%rax, %%rcx\n\t" "adcq %%rdx, %%r8\n\t" "adcq $0, %%rbx\n\t" "# A[4] * B[0]\n\t" "movq 0(%[b]), %%rax\n\t" "mulq 32(%[a])\n\t" "addq %%rax, %%rcx\n\t" "adcq %%rdx, %%r8\n\t" "adcq $0, %%rbx\n\t" "movq %%rcx, 32(%[tmp])\n\t" "# A[0] *