wolfSSL SSL/TLS library, support up to TLS1.3
Dependents: CyaSSL-Twitter-OAuth4Tw Example-client-tls-cert TwitterReader TweetTest ... more
wolfcrypt/src/tfm.c@17:a5f916481144, 2020-06-05 (annotated)
- Committer:
- wolfSSL
- Date:
- Fri Jun 05 00:11:07 2020 +0000
- Revision:
- 17:a5f916481144
- Parent:
- 16:8e0d178b1d1e
wolfSSL 4.4.0
Who changed what in which revision?
User | Revision | Line number | New contents of line |
---|---|---|---|
wolfSSL | 15:117db924cf7c | 1 | /* tfm.c |
wolfSSL | 15:117db924cf7c | 2 | * |
wolfSSL | 16:8e0d178b1d1e | 3 | * Copyright (C) 2006-2020 wolfSSL Inc. |
wolfSSL | 15:117db924cf7c | 4 | * |
wolfSSL | 15:117db924cf7c | 5 | * This file is part of wolfSSL. |
wolfSSL | 15:117db924cf7c | 6 | * |
wolfSSL | 15:117db924cf7c | 7 | * wolfSSL is free software; you can redistribute it and/or modify |
wolfSSL | 15:117db924cf7c | 8 | * it under the terms of the GNU General Public License as published by |
wolfSSL | 15:117db924cf7c | 9 | * the Free Software Foundation; either version 2 of the License, or |
wolfSSL | 15:117db924cf7c | 10 | * (at your option) any later version. |
wolfSSL | 15:117db924cf7c | 11 | * |
wolfSSL | 15:117db924cf7c | 12 | * wolfSSL is distributed in the hope that it will be useful, |
wolfSSL | 15:117db924cf7c | 13 | * but WITHOUT ANY WARRANTY; without even the implied warranty of |
wolfSSL | 15:117db924cf7c | 14 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
wolfSSL | 15:117db924cf7c | 15 | * GNU General Public License for more details. |
wolfSSL | 15:117db924cf7c | 16 | * |
wolfSSL | 15:117db924cf7c | 17 | * You should have received a copy of the GNU General Public License |
wolfSSL | 15:117db924cf7c | 18 | * along with this program; if not, write to the Free Software |
wolfSSL | 15:117db924cf7c | 19 | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA |
wolfSSL | 15:117db924cf7c | 20 | */ |
wolfSSL | 15:117db924cf7c | 21 | |
wolfSSL | 15:117db924cf7c | 22 | |
wolfSSL | 15:117db924cf7c | 23 | |
wolfSSL | 15:117db924cf7c | 24 | /* |
wolfSSL | 15:117db924cf7c | 25 | * Based on public domain TomsFastMath 0.10 by Tom St Denis, tomstdenis@iahu.ca, |
wolfSSL | 15:117db924cf7c | 26 | * http://math.libtomcrypt.com |
wolfSSL | 15:117db924cf7c | 27 | */ |
wolfSSL | 15:117db924cf7c | 28 | |
wolfSSL | 15:117db924cf7c | 29 | /** |
wolfSSL | 15:117db924cf7c | 30 | * Edited by Moises Guimaraes (moises@wolfssl.com) |
wolfSSL | 15:117db924cf7c | 31 | * to fit wolfSSL's needs. |
wolfSSL | 15:117db924cf7c | 32 | */ |
wolfSSL | 15:117db924cf7c | 33 | |
wolfSSL | 15:117db924cf7c | 34 | #ifdef HAVE_CONFIG_H |
wolfSSL | 15:117db924cf7c | 35 | #include <config.h> |
wolfSSL | 15:117db924cf7c | 36 | #endif |
wolfSSL | 15:117db924cf7c | 37 | |
wolfSSL | 15:117db924cf7c | 38 | /* in case user set USE_FAST_MATH there */ |
wolfSSL | 15:117db924cf7c | 39 | #include <wolfssl/wolfcrypt/settings.h> |
wolfSSL | 15:117db924cf7c | 40 | #ifdef NO_INLINE |
wolfSSL | 15:117db924cf7c | 41 | #include <wolfssl/wolfcrypt/misc.h> |
wolfSSL | 15:117db924cf7c | 42 | #else |
wolfSSL | 15:117db924cf7c | 43 | #define WOLFSSL_MISC_INCLUDED |
wolfSSL | 15:117db924cf7c | 44 | #include <wolfcrypt/src/misc.c> |
wolfSSL | 15:117db924cf7c | 45 | #endif |
wolfSSL | 15:117db924cf7c | 46 | |
wolfSSL | 15:117db924cf7c | 47 | #ifdef USE_FAST_MATH |
wolfSSL | 15:117db924cf7c | 48 | |
wolfSSL | 15:117db924cf7c | 49 | #include <wolfssl/wolfcrypt/random.h> |
wolfSSL | 15:117db924cf7c | 50 | #include <wolfssl/wolfcrypt/tfm.h> |
wolfSSL | 15:117db924cf7c | 51 | #include <wolfcrypt/src/asm.c> /* will define asm MACROS or C ones */ |
wolfSSL | 15:117db924cf7c | 52 | #include <wolfssl/wolfcrypt/wolfmath.h> /* common functions */ |
wolfSSL | 15:117db924cf7c | 53 | |
wolfSSL | 15:117db924cf7c | 54 | #if defined(FREESCALE_LTC_TFM) |
wolfSSL | 15:117db924cf7c | 55 | #include <wolfssl/wolfcrypt/port/nxp/ksdk_port.h> |
wolfSSL | 15:117db924cf7c | 56 | #endif |
wolfSSL | 15:117db924cf7c | 57 | #ifdef WOLFSSL_DEBUG_MATH |
wolfSSL | 15:117db924cf7c | 58 | #include <stdio.h> |
wolfSSL | 15:117db924cf7c | 59 | #endif |
wolfSSL | 15:117db924cf7c | 60 | |
wolfSSL | 16:8e0d178b1d1e | 61 | #ifdef USE_WINDOWS_API |
wolfSSL | 16:8e0d178b1d1e | 62 | #pragma warning(disable:4127) |
wolfSSL | 16:8e0d178b1d1e | 63 | /* Disables the warning: |
wolfSSL | 16:8e0d178b1d1e | 64 | * 4127: conditional expression is constant |
wolfSSL | 16:8e0d178b1d1e | 65 | * in this file. |
wolfSSL | 16:8e0d178b1d1e | 66 | */ |
wolfSSL | 16:8e0d178b1d1e | 67 | #endif |
wolfSSL | 16:8e0d178b1d1e | 68 | |
wolfSSL | 16:8e0d178b1d1e | 69 | #if defined(WOLFSSL_HAVE_SP_RSA) || defined(WOLFSSL_HAVE_SP_DH) |
wolfSSL | 16:8e0d178b1d1e | 70 | #ifdef __cplusplus |
wolfSSL | 16:8e0d178b1d1e | 71 | extern "C" { |
wolfSSL | 16:8e0d178b1d1e | 72 | #endif |
wolfSSL | 16:8e0d178b1d1e | 73 | WOLFSSL_LOCAL int sp_ModExp_1024(mp_int* base, mp_int* exp, mp_int* mod, |
wolfSSL | 16:8e0d178b1d1e | 74 | mp_int* res); |
wolfSSL | 16:8e0d178b1d1e | 75 | WOLFSSL_LOCAL int sp_ModExp_1536(mp_int* base, mp_int* exp, mp_int* mod, |
wolfSSL | 16:8e0d178b1d1e | 76 | mp_int* res); |
wolfSSL | 16:8e0d178b1d1e | 77 | WOLFSSL_LOCAL int sp_ModExp_2048(mp_int* base, mp_int* exp, mp_int* mod, |
wolfSSL | 16:8e0d178b1d1e | 78 | mp_int* res); |
wolfSSL | 16:8e0d178b1d1e | 79 | WOLFSSL_LOCAL int sp_ModExp_3072(mp_int* base, mp_int* exp, mp_int* mod, |
wolfSSL | 16:8e0d178b1d1e | 80 | mp_int* res); |
wolfSSL | 16:8e0d178b1d1e | 81 | WOLFSSL_LOCAL int sp_ModExp_4096(mp_int* base, mp_int* exp, mp_int* mod, |
wolfSSL | 16:8e0d178b1d1e | 82 | mp_int* res); |
wolfSSL | 16:8e0d178b1d1e | 83 | #ifdef __cplusplus |
wolfSSL | 16:8e0d178b1d1e | 84 | } /* extern "C" */ |
wolfSSL | 16:8e0d178b1d1e | 85 | #endif |
wolfSSL | 16:8e0d178b1d1e | 86 | #endif |
wolfSSL | 16:8e0d178b1d1e | 87 | |
wolfSSL | 16:8e0d178b1d1e | 88 | |
wolfSSL | 16:8e0d178b1d1e | 89 | #ifndef WOLFSSL_SP_MATH |
wolfSSL | 15:117db924cf7c | 90 | /* math settings check */ |
wolfSSL | 15:117db924cf7c | 91 | word32 CheckRunTimeSettings(void) |
wolfSSL | 15:117db924cf7c | 92 | { |
wolfSSL | 15:117db924cf7c | 93 | return CTC_SETTINGS; |
wolfSSL | 15:117db924cf7c | 94 | } |
wolfSSL | 16:8e0d178b1d1e | 95 | #endif |
wolfSSL | 15:117db924cf7c | 96 | |
wolfSSL | 15:117db924cf7c | 97 | /* math settings size check */ |
wolfSSL | 15:117db924cf7c | 98 | word32 CheckRunTimeFastMath(void) |
wolfSSL | 15:117db924cf7c | 99 | { |
wolfSSL | 15:117db924cf7c | 100 | return FP_SIZE; |
wolfSSL | 15:117db924cf7c | 101 | } |
wolfSSL | 15:117db924cf7c | 102 | |
wolfSSL | 15:117db924cf7c | 103 | |
wolfSSL | 15:117db924cf7c | 104 | /* Functions */ |
wolfSSL | 15:117db924cf7c | 105 | |
wolfSSL | 15:117db924cf7c | 106 | void fp_add(fp_int *a, fp_int *b, fp_int *c) |
wolfSSL | 15:117db924cf7c | 107 | { |
wolfSSL | 15:117db924cf7c | 108 | int sa, sb; |
wolfSSL | 15:117db924cf7c | 109 | |
wolfSSL | 15:117db924cf7c | 110 | /* get sign of both inputs */ |
wolfSSL | 15:117db924cf7c | 111 | sa = a->sign; |
wolfSSL | 15:117db924cf7c | 112 | sb = b->sign; |
wolfSSL | 15:117db924cf7c | 113 | |
wolfSSL | 15:117db924cf7c | 114 | /* handle two cases, not four */ |
wolfSSL | 15:117db924cf7c | 115 | if (sa == sb) { |
wolfSSL | 15:117db924cf7c | 116 | /* both positive or both negative */ |
wolfSSL | 15:117db924cf7c | 117 | /* add their magnitudes, copy the sign */ |
wolfSSL | 15:117db924cf7c | 118 | c->sign = sa; |
wolfSSL | 15:117db924cf7c | 119 | s_fp_add (a, b, c); |
wolfSSL | 15:117db924cf7c | 120 | } else { |
wolfSSL | 15:117db924cf7c | 121 | /* one positive, the other negative */ |
wolfSSL | 15:117db924cf7c | 122 | /* subtract the one with the greater magnitude from */ |
wolfSSL | 15:117db924cf7c | 123 | /* the one of the lesser magnitude. The result gets */ |
wolfSSL | 15:117db924cf7c | 124 | /* the sign of the one with the greater magnitude. */ |
wolfSSL | 15:117db924cf7c | 125 | if (fp_cmp_mag (a, b) == FP_LT) { |
wolfSSL | 15:117db924cf7c | 126 | c->sign = sb; |
wolfSSL | 15:117db924cf7c | 127 | s_fp_sub (b, a, c); |
wolfSSL | 15:117db924cf7c | 128 | } else { |
wolfSSL | 15:117db924cf7c | 129 | c->sign = sa; |
wolfSSL | 15:117db924cf7c | 130 | s_fp_sub (a, b, c); |
wolfSSL | 15:117db924cf7c | 131 | } |
wolfSSL | 15:117db924cf7c | 132 | } |
wolfSSL | 15:117db924cf7c | 133 | } |
wolfSSL | 15:117db924cf7c | 134 | |
wolfSSL | 15:117db924cf7c | 135 | /* unsigned addition */ |
wolfSSL | 15:117db924cf7c | 136 | void s_fp_add(fp_int *a, fp_int *b, fp_int *c) |
wolfSSL | 15:117db924cf7c | 137 | { |
wolfSSL | 15:117db924cf7c | 138 | int x, y, oldused; |
wolfSSL | 15:117db924cf7c | 139 | fp_word t; |
wolfSSL | 15:117db924cf7c | 140 | |
wolfSSL | 15:117db924cf7c | 141 | y = MAX(a->used, b->used); |
wolfSSL | 15:117db924cf7c | 142 | oldused = MIN(c->used, FP_SIZE); /* help static analysis w/ largest size */ |
wolfSSL | 15:117db924cf7c | 143 | c->used = y; |
wolfSSL | 15:117db924cf7c | 144 | |
wolfSSL | 15:117db924cf7c | 145 | t = 0; |
wolfSSL | 15:117db924cf7c | 146 | for (x = 0; x < y; x++) { |
wolfSSL | 15:117db924cf7c | 147 | t += ((fp_word)a->dp[x]) + ((fp_word)b->dp[x]); |
wolfSSL | 15:117db924cf7c | 148 | c->dp[x] = (fp_digit)t; |
wolfSSL | 15:117db924cf7c | 149 | t >>= DIGIT_BIT; |
wolfSSL | 15:117db924cf7c | 150 | } |
wolfSSL | 15:117db924cf7c | 151 | if (t != 0 && x < FP_SIZE) { |
wolfSSL | 15:117db924cf7c | 152 | c->dp[c->used++] = (fp_digit)t; |
wolfSSL | 15:117db924cf7c | 153 | ++x; |
wolfSSL | 15:117db924cf7c | 154 | } |
wolfSSL | 15:117db924cf7c | 155 | |
wolfSSL | 15:117db924cf7c | 156 | c->used = x; |
wolfSSL | 15:117db924cf7c | 157 | |
wolfSSL | 15:117db924cf7c | 158 | /* zero any excess digits on the destination that we didn't write to */ |
wolfSSL | 15:117db924cf7c | 159 | for (; x < oldused; x++) { |
wolfSSL | 15:117db924cf7c | 160 | c->dp[x] = 0; |
wolfSSL | 15:117db924cf7c | 161 | } |
wolfSSL | 15:117db924cf7c | 162 | fp_clamp(c); |
wolfSSL | 15:117db924cf7c | 163 | } |
wolfSSL | 15:117db924cf7c | 164 | |
wolfSSL | 15:117db924cf7c | 165 | /* c = a - b */ |
wolfSSL | 15:117db924cf7c | 166 | void fp_sub(fp_int *a, fp_int *b, fp_int *c) |
wolfSSL | 15:117db924cf7c | 167 | { |
wolfSSL | 15:117db924cf7c | 168 | int sa, sb; |
wolfSSL | 15:117db924cf7c | 169 | |
wolfSSL | 15:117db924cf7c | 170 | sa = a->sign; |
wolfSSL | 15:117db924cf7c | 171 | sb = b->sign; |
wolfSSL | 15:117db924cf7c | 172 | |
wolfSSL | 15:117db924cf7c | 173 | if (sa != sb) { |
wolfSSL | 15:117db924cf7c | 174 | /* subtract a negative from a positive, OR */ |
wolfSSL | 15:117db924cf7c | 175 | /* subtract a positive from a negative. */ |
wolfSSL | 15:117db924cf7c | 176 | /* In either case, ADD their magnitudes, */ |
wolfSSL | 15:117db924cf7c | 177 | /* and use the sign of the first number. */ |
wolfSSL | 15:117db924cf7c | 178 | c->sign = sa; |
wolfSSL | 15:117db924cf7c | 179 | s_fp_add (a, b, c); |
wolfSSL | 15:117db924cf7c | 180 | } else { |
wolfSSL | 15:117db924cf7c | 181 | /* subtract a positive from a positive, OR */ |
wolfSSL | 15:117db924cf7c | 182 | /* subtract a negative from a negative. */ |
wolfSSL | 15:117db924cf7c | 183 | /* First, take the difference between their */ |
wolfSSL | 15:117db924cf7c | 184 | /* magnitudes, then... */ |
wolfSSL | 15:117db924cf7c | 185 | if (fp_cmp_mag (a, b) != FP_LT) { |
wolfSSL | 15:117db924cf7c | 186 | /* Copy the sign from the first */ |
wolfSSL | 15:117db924cf7c | 187 | c->sign = sa; |
wolfSSL | 15:117db924cf7c | 188 | /* The first has a larger or equal magnitude */ |
wolfSSL | 15:117db924cf7c | 189 | s_fp_sub (a, b, c); |
wolfSSL | 15:117db924cf7c | 190 | } else { |
wolfSSL | 15:117db924cf7c | 191 | /* The result has the *opposite* sign from */ |
wolfSSL | 15:117db924cf7c | 192 | /* the first number. */ |
wolfSSL | 15:117db924cf7c | 193 | c->sign = (sa == FP_ZPOS) ? FP_NEG : FP_ZPOS; |
wolfSSL | 15:117db924cf7c | 194 | /* The second has a larger magnitude */ |
wolfSSL | 15:117db924cf7c | 195 | s_fp_sub (b, a, c); |
wolfSSL | 15:117db924cf7c | 196 | } |
wolfSSL | 15:117db924cf7c | 197 | } |
wolfSSL | 15:117db924cf7c | 198 | } |
wolfSSL | 15:117db924cf7c | 199 | |
wolfSSL | 15:117db924cf7c | 200 | /* unsigned subtraction ||a|| >= ||b|| ALWAYS! */ |
wolfSSL | 15:117db924cf7c | 201 | void s_fp_sub(fp_int *a, fp_int *b, fp_int *c) |
wolfSSL | 15:117db924cf7c | 202 | { |
wolfSSL | 15:117db924cf7c | 203 | int x, oldbused, oldused; |
wolfSSL | 15:117db924cf7c | 204 | fp_word t; |
wolfSSL | 15:117db924cf7c | 205 | |
wolfSSL | 15:117db924cf7c | 206 | oldused = c->used; |
wolfSSL | 15:117db924cf7c | 207 | oldbused = b->used; |
wolfSSL | 15:117db924cf7c | 208 | c->used = a->used; |
wolfSSL | 15:117db924cf7c | 209 | t = 0; |
wolfSSL | 15:117db924cf7c | 210 | for (x = 0; x < oldbused; x++) { |
wolfSSL | 15:117db924cf7c | 211 | t = ((fp_word)a->dp[x]) - (((fp_word)b->dp[x]) + t); |
wolfSSL | 15:117db924cf7c | 212 | c->dp[x] = (fp_digit)t; |
wolfSSL | 15:117db924cf7c | 213 | t = (t >> DIGIT_BIT)&1; |
wolfSSL | 15:117db924cf7c | 214 | } |
wolfSSL | 15:117db924cf7c | 215 | for (; x < a->used; x++) { |
wolfSSL | 15:117db924cf7c | 216 | t = ((fp_word)a->dp[x]) - t; |
wolfSSL | 15:117db924cf7c | 217 | c->dp[x] = (fp_digit)t; |
wolfSSL | 15:117db924cf7c | 218 | t = (t >> DIGIT_BIT)&1; |
wolfSSL | 15:117db924cf7c | 219 | } |
wolfSSL | 15:117db924cf7c | 220 | |
wolfSSL | 15:117db924cf7c | 221 | /* zero any excess digits on the destination that we didn't write to */ |
wolfSSL | 15:117db924cf7c | 222 | for (; x < oldused; x++) { |
wolfSSL | 15:117db924cf7c | 223 | c->dp[x] = 0; |
wolfSSL | 15:117db924cf7c | 224 | } |
wolfSSL | 15:117db924cf7c | 225 | fp_clamp(c); |
wolfSSL | 15:117db924cf7c | 226 | } |
wolfSSL | 15:117db924cf7c | 227 | |
wolfSSL | 15:117db924cf7c | 228 | /* c = a * b */ |
wolfSSL | 16:8e0d178b1d1e | 229 | int fp_mul(fp_int *A, fp_int *B, fp_int *C) |
wolfSSL | 15:117db924cf7c | 230 | { |
wolfSSL | 16:8e0d178b1d1e | 231 | int ret = 0; |
wolfSSL | 15:117db924cf7c | 232 | int y, yy, oldused; |
wolfSSL | 15:117db924cf7c | 233 | |
wolfSSL | 16:8e0d178b1d1e | 234 | #if defined(WOLFSSL_ESP32WROOM32_CRYPT_RSA_PRI) && \ |
wolfSSL | 16:8e0d178b1d1e | 235 | !defined(NO_WOLFSSL_ESP32WROOM32_CRYPT_RSA_PRI) |
wolfSSL | 16:8e0d178b1d1e | 236 | ret = esp_mp_mul(A, B, C); |
wolfSSL | 16:8e0d178b1d1e | 237 | if(ret != -2) return ret; |
wolfSSL | 16:8e0d178b1d1e | 238 | #endif |
wolfSSL | 16:8e0d178b1d1e | 239 | |
wolfSSL | 15:117db924cf7c | 240 | oldused = C->used; |
wolfSSL | 15:117db924cf7c | 241 | |
wolfSSL | 15:117db924cf7c | 242 | y = MAX(A->used, B->used); |
wolfSSL | 15:117db924cf7c | 243 | yy = MIN(A->used, B->used); |
wolfSSL | 15:117db924cf7c | 244 | |
wolfSSL | 15:117db924cf7c | 245 | /* call generic if we're out of range */ |
wolfSSL | 15:117db924cf7c | 246 | if (y + yy > FP_SIZE) { |
wolfSSL | 16:8e0d178b1d1e | 247 | ret = fp_mul_comba(A, B, C); |
wolfSSL | 15:117db924cf7c | 248 | goto clean; |
wolfSSL | 15:117db924cf7c | 249 | } |
wolfSSL | 15:117db924cf7c | 250 | |
wolfSSL | 15:117db924cf7c | 251 | /* pick a comba (unrolled 4/8/16/32 x or rolled) based on the size |
wolfSSL | 15:117db924cf7c | 252 | of the largest input. We also want to avoid doing excess mults if the |
wolfSSL | 15:117db924cf7c | 253 | inputs are not close to the next power of two. That is, for example, |
wolfSSL | 15:117db924cf7c | 254 | if say y=17 then we would do (32-17)^2 = 225 unneeded multiplications |
wolfSSL | 15:117db924cf7c | 255 | */ |
wolfSSL | 15:117db924cf7c | 256 | |
wolfSSL | 15:117db924cf7c | 257 | #if defined(TFM_MUL3) && FP_SIZE >= 6 |
wolfSSL | 15:117db924cf7c | 258 | if (y <= 3) { |
wolfSSL | 16:8e0d178b1d1e | 259 | ret = fp_mul_comba3(A,B,C); |
wolfSSL | 15:117db924cf7c | 260 | goto clean; |
wolfSSL | 15:117db924cf7c | 261 | } |
wolfSSL | 15:117db924cf7c | 262 | #endif |
wolfSSL | 15:117db924cf7c | 263 | #if defined(TFM_MUL4) && FP_SIZE >= 8 |
wolfSSL | 15:117db924cf7c | 264 | if (y == 4) { |
wolfSSL | 16:8e0d178b1d1e | 265 | ret = fp_mul_comba4(A,B,C); |
wolfSSL | 15:117db924cf7c | 266 | goto clean; |
wolfSSL | 15:117db924cf7c | 267 | } |
wolfSSL | 15:117db924cf7c | 268 | #endif |
wolfSSL | 15:117db924cf7c | 269 | #if defined(TFM_MUL6) && FP_SIZE >= 12 |
wolfSSL | 15:117db924cf7c | 270 | if (y <= 6) { |
wolfSSL | 16:8e0d178b1d1e | 271 | ret = fp_mul_comba6(A,B,C); |
wolfSSL | 15:117db924cf7c | 272 | goto clean; |
wolfSSL | 15:117db924cf7c | 273 | } |
wolfSSL | 15:117db924cf7c | 274 | #endif |
wolfSSL | 15:117db924cf7c | 275 | #if defined(TFM_MUL7) && FP_SIZE >= 14 |
wolfSSL | 15:117db924cf7c | 276 | if (y == 7) { |
wolfSSL | 16:8e0d178b1d1e | 277 | ret = fp_mul_comba7(A,B,C); |
wolfSSL | 15:117db924cf7c | 278 | goto clean; |
wolfSSL | 15:117db924cf7c | 279 | } |
wolfSSL | 15:117db924cf7c | 280 | #endif |
wolfSSL | 15:117db924cf7c | 281 | #if defined(TFM_MUL8) && FP_SIZE >= 16 |
wolfSSL | 15:117db924cf7c | 282 | if (y == 8) { |
wolfSSL | 16:8e0d178b1d1e | 283 | ret = fp_mul_comba8(A,B,C); |
wolfSSL | 15:117db924cf7c | 284 | goto clean; |
wolfSSL | 15:117db924cf7c | 285 | } |
wolfSSL | 15:117db924cf7c | 286 | #endif |
wolfSSL | 15:117db924cf7c | 287 | #if defined(TFM_MUL9) && FP_SIZE >= 18 |
wolfSSL | 15:117db924cf7c | 288 | if (y == 9) { |
wolfSSL | 16:8e0d178b1d1e | 289 | ret = fp_mul_comba9(A,B,C); |
wolfSSL | 15:117db924cf7c | 290 | goto clean; |
wolfSSL | 15:117db924cf7c | 291 | } |
wolfSSL | 15:117db924cf7c | 292 | #endif |
wolfSSL | 15:117db924cf7c | 293 | #if defined(TFM_MUL12) && FP_SIZE >= 24 |
wolfSSL | 15:117db924cf7c | 294 | if (y <= 12) { |
wolfSSL | 16:8e0d178b1d1e | 295 | ret = fp_mul_comba12(A,B,C); |
wolfSSL | 15:117db924cf7c | 296 | goto clean; |
wolfSSL | 15:117db924cf7c | 297 | } |
wolfSSL | 15:117db924cf7c | 298 | #endif |
wolfSSL | 15:117db924cf7c | 299 | #if defined(TFM_MUL17) && FP_SIZE >= 34 |
wolfSSL | 15:117db924cf7c | 300 | if (y <= 17) { |
wolfSSL | 16:8e0d178b1d1e | 301 | ret = fp_mul_comba17(A,B,C); |
wolfSSL | 15:117db924cf7c | 302 | goto clean; |
wolfSSL | 15:117db924cf7c | 303 | } |
wolfSSL | 15:117db924cf7c | 304 | #endif |
wolfSSL | 15:117db924cf7c | 305 | |
wolfSSL | 15:117db924cf7c | 306 | #if defined(TFM_SMALL_SET) && FP_SIZE >= 32 |
wolfSSL | 15:117db924cf7c | 307 | if (y <= 16) { |
wolfSSL | 16:8e0d178b1d1e | 308 | ret = fp_mul_comba_small(A,B,C); |
wolfSSL | 15:117db924cf7c | 309 | goto clean; |
wolfSSL | 15:117db924cf7c | 310 | } |
wolfSSL | 15:117db924cf7c | 311 | #endif |
wolfSSL | 15:117db924cf7c | 312 | #if defined(TFM_MUL20) && FP_SIZE >= 40 |
wolfSSL | 15:117db924cf7c | 313 | if (y <= 20) { |
wolfSSL | 16:8e0d178b1d1e | 314 | ret = fp_mul_comba20(A,B,C); |
wolfSSL | 15:117db924cf7c | 315 | goto clean; |
wolfSSL | 15:117db924cf7c | 316 | } |
wolfSSL | 15:117db924cf7c | 317 | #endif |
wolfSSL | 15:117db924cf7c | 318 | #if defined(TFM_MUL24) && FP_SIZE >= 48 |
wolfSSL | 15:117db924cf7c | 319 | if (yy >= 16 && y <= 24) { |
wolfSSL | 16:8e0d178b1d1e | 320 | ret = fp_mul_comba24(A,B,C); |
wolfSSL | 15:117db924cf7c | 321 | goto clean; |
wolfSSL | 15:117db924cf7c | 322 | } |
wolfSSL | 15:117db924cf7c | 323 | #endif |
wolfSSL | 15:117db924cf7c | 324 | #if defined(TFM_MUL28) && FP_SIZE >= 56 |
wolfSSL | 15:117db924cf7c | 325 | if (yy >= 20 && y <= 28) { |
wolfSSL | 16:8e0d178b1d1e | 326 | ret = fp_mul_comba28(A,B,C); |
wolfSSL | 15:117db924cf7c | 327 | goto clean; |
wolfSSL | 15:117db924cf7c | 328 | } |
wolfSSL | 15:117db924cf7c | 329 | #endif |
wolfSSL | 15:117db924cf7c | 330 | #if defined(TFM_MUL32) && FP_SIZE >= 64 |
wolfSSL | 15:117db924cf7c | 331 | if (yy >= 24 && y <= 32) { |
wolfSSL | 16:8e0d178b1d1e | 332 | ret = fp_mul_comba32(A,B,C); |
wolfSSL | 15:117db924cf7c | 333 | goto clean; |
wolfSSL | 15:117db924cf7c | 334 | } |
wolfSSL | 15:117db924cf7c | 335 | #endif |
wolfSSL | 15:117db924cf7c | 336 | #if defined(TFM_MUL48) && FP_SIZE >= 96 |
wolfSSL | 15:117db924cf7c | 337 | if (yy >= 40 && y <= 48) { |
wolfSSL | 16:8e0d178b1d1e | 338 | ret = fp_mul_comba48(A,B,C); |
wolfSSL | 15:117db924cf7c | 339 | goto clean; |
wolfSSL | 15:117db924cf7c | 340 | } |
wolfSSL | 15:117db924cf7c | 341 | #endif |
wolfSSL | 15:117db924cf7c | 342 | #if defined(TFM_MUL64) && FP_SIZE >= 128 |
wolfSSL | 15:117db924cf7c | 343 | if (yy >= 56 && y <= 64) { |
wolfSSL | 16:8e0d178b1d1e | 344 | ret = fp_mul_comba64(A,B,C); |
wolfSSL | 15:117db924cf7c | 345 | goto clean; |
wolfSSL | 15:117db924cf7c | 346 | } |
wolfSSL | 15:117db924cf7c | 347 | #endif |
wolfSSL | 16:8e0d178b1d1e | 348 | ret = fp_mul_comba(A,B,C); |
wolfSSL | 15:117db924cf7c | 349 | |
wolfSSL | 15:117db924cf7c | 350 | clean: |
wolfSSL | 15:117db924cf7c | 351 | /* zero any excess digits on the destination that we didn't write to */ |
wolfSSL | 15:117db924cf7c | 352 | for (y = C->used; y >= 0 && y < oldused; y++) { |
wolfSSL | 15:117db924cf7c | 353 | C->dp[y] = 0; |
wolfSSL | 15:117db924cf7c | 354 | } |
wolfSSL | 16:8e0d178b1d1e | 355 | |
wolfSSL | 16:8e0d178b1d1e | 356 | return ret; |
wolfSSL | 15:117db924cf7c | 357 | } |
wolfSSL | 15:117db924cf7c | 358 | |
wolfSSL | 15:117db924cf7c | 359 | void fp_mul_2(fp_int * a, fp_int * b) |
wolfSSL | 15:117db924cf7c | 360 | { |
wolfSSL | 15:117db924cf7c | 361 | int x, oldused; |
wolfSSL | 15:117db924cf7c | 362 | |
wolfSSL | 15:117db924cf7c | 363 | oldused = b->used; |
wolfSSL | 15:117db924cf7c | 364 | b->used = a->used; |
wolfSSL | 15:117db924cf7c | 365 | |
wolfSSL | 15:117db924cf7c | 366 | { |
wolfSSL | 15:117db924cf7c | 367 | fp_digit r, rr, *tmpa, *tmpb; |
wolfSSL | 15:117db924cf7c | 368 | |
wolfSSL | 15:117db924cf7c | 369 | /* alias for source */ |
wolfSSL | 15:117db924cf7c | 370 | tmpa = a->dp; |
wolfSSL | 15:117db924cf7c | 371 | |
wolfSSL | 15:117db924cf7c | 372 | /* alias for dest */ |
wolfSSL | 15:117db924cf7c | 373 | tmpb = b->dp; |
wolfSSL | 15:117db924cf7c | 374 | |
wolfSSL | 15:117db924cf7c | 375 | /* carry */ |
wolfSSL | 15:117db924cf7c | 376 | r = 0; |
wolfSSL | 15:117db924cf7c | 377 | for (x = 0; x < a->used; x++) { |
wolfSSL | 15:117db924cf7c | 378 | |
wolfSSL | 15:117db924cf7c | 379 | /* get what will be the *next* carry bit from the |
wolfSSL | 15:117db924cf7c | 380 | * MSB of the current digit |
wolfSSL | 15:117db924cf7c | 381 | */ |
wolfSSL | 15:117db924cf7c | 382 | rr = *tmpa >> ((fp_digit)(DIGIT_BIT - 1)); |
wolfSSL | 15:117db924cf7c | 383 | |
wolfSSL | 15:117db924cf7c | 384 | /* now shift up this digit, add in the carry [from the previous] */ |
wolfSSL | 15:117db924cf7c | 385 | *tmpb++ = ((*tmpa++ << ((fp_digit)1)) | r); |
wolfSSL | 15:117db924cf7c | 386 | |
wolfSSL | 15:117db924cf7c | 387 | /* copy the carry that would be from the source |
wolfSSL | 15:117db924cf7c | 388 | * digit into the next iteration |
wolfSSL | 15:117db924cf7c | 389 | */ |
wolfSSL | 15:117db924cf7c | 390 | r = rr; |
wolfSSL | 15:117db924cf7c | 391 | } |
wolfSSL | 15:117db924cf7c | 392 | |
wolfSSL | 15:117db924cf7c | 393 | /* new leading digit? */ |
wolfSSL | 15:117db924cf7c | 394 | if (r != 0 && b->used != (FP_SIZE-1)) { |
wolfSSL | 15:117db924cf7c | 395 | /* add a MSB which is always 1 at this point */ |
wolfSSL | 15:117db924cf7c | 396 | *tmpb = 1; |
wolfSSL | 15:117db924cf7c | 397 | ++(b->used); |
wolfSSL | 15:117db924cf7c | 398 | } |
wolfSSL | 15:117db924cf7c | 399 | |
wolfSSL | 15:117db924cf7c | 400 | /* zero any excess digits on the destination that we didn't write to */ |
wolfSSL | 15:117db924cf7c | 401 | tmpb = b->dp + b->used; |
wolfSSL | 15:117db924cf7c | 402 | for (x = b->used; x < oldused; x++) { |
wolfSSL | 15:117db924cf7c | 403 | *tmpb++ = 0; |
wolfSSL | 15:117db924cf7c | 404 | } |
wolfSSL | 15:117db924cf7c | 405 | } |
wolfSSL | 15:117db924cf7c | 406 | b->sign = a->sign; |
wolfSSL | 15:117db924cf7c | 407 | } |
wolfSSL | 15:117db924cf7c | 408 | |
wolfSSL | 15:117db924cf7c | 409 | /* c = a * b */ |
wolfSSL | 15:117db924cf7c | 410 | void fp_mul_d(fp_int *a, fp_digit b, fp_int *c) |
wolfSSL | 15:117db924cf7c | 411 | { |
wolfSSL | 15:117db924cf7c | 412 | fp_word w; |
wolfSSL | 15:117db924cf7c | 413 | int x, oldused; |
wolfSSL | 15:117db924cf7c | 414 | |
wolfSSL | 15:117db924cf7c | 415 | oldused = c->used; |
wolfSSL | 15:117db924cf7c | 416 | c->used = a->used; |
wolfSSL | 15:117db924cf7c | 417 | c->sign = a->sign; |
wolfSSL | 15:117db924cf7c | 418 | w = 0; |
wolfSSL | 15:117db924cf7c | 419 | for (x = 0; x < a->used; x++) { |
wolfSSL | 15:117db924cf7c | 420 | w = ((fp_word)a->dp[x]) * ((fp_word)b) + w; |
wolfSSL | 15:117db924cf7c | 421 | c->dp[x] = (fp_digit)w; |
wolfSSL | 15:117db924cf7c | 422 | w = w >> DIGIT_BIT; |
wolfSSL | 15:117db924cf7c | 423 | } |
wolfSSL | 15:117db924cf7c | 424 | if (w != 0 && (a->used != FP_SIZE)) { |
wolfSSL | 15:117db924cf7c | 425 | c->dp[c->used++] = (fp_digit) w; |
wolfSSL | 15:117db924cf7c | 426 | ++x; |
wolfSSL | 15:117db924cf7c | 427 | } |
wolfSSL | 15:117db924cf7c | 428 | |
wolfSSL | 15:117db924cf7c | 429 | /* zero any excess digits on the destination that we didn't write to */ |
wolfSSL | 16:8e0d178b1d1e | 430 | /* also checking FP_SIZE here for static analysis */ |
wolfSSL | 16:8e0d178b1d1e | 431 | for (; x < oldused && x < FP_SIZE; x++) { |
wolfSSL | 15:117db924cf7c | 432 | c->dp[x] = 0; |
wolfSSL | 15:117db924cf7c | 433 | } |
wolfSSL | 15:117db924cf7c | 434 | fp_clamp(c); |
wolfSSL | 15:117db924cf7c | 435 | } |
wolfSSL | 15:117db924cf7c | 436 | |
wolfSSL | 15:117db924cf7c | 437 | /* c = a * 2**d */ |
wolfSSL | 15:117db924cf7c | 438 | void fp_mul_2d(fp_int *a, int b, fp_int *c) |
wolfSSL | 15:117db924cf7c | 439 | { |
wolfSSL | 15:117db924cf7c | 440 | fp_digit carry, carrytmp, shift; |
wolfSSL | 15:117db924cf7c | 441 | int x; |
wolfSSL | 15:117db924cf7c | 442 | |
wolfSSL | 15:117db924cf7c | 443 | /* copy it */ |
wolfSSL | 15:117db924cf7c | 444 | fp_copy(a, c); |
wolfSSL | 15:117db924cf7c | 445 | |
wolfSSL | 15:117db924cf7c | 446 | /* handle whole digits */ |
wolfSSL | 15:117db924cf7c | 447 | if (b >= DIGIT_BIT) { |
wolfSSL | 15:117db924cf7c | 448 | fp_lshd(c, b/DIGIT_BIT); |
wolfSSL | 15:117db924cf7c | 449 | } |
wolfSSL | 15:117db924cf7c | 450 | b %= DIGIT_BIT; |
wolfSSL | 15:117db924cf7c | 451 | |
wolfSSL | 15:117db924cf7c | 452 | /* shift the digits */ |
wolfSSL | 15:117db924cf7c | 453 | if (b != 0) { |
wolfSSL | 15:117db924cf7c | 454 | carry = 0; |
wolfSSL | 15:117db924cf7c | 455 | shift = DIGIT_BIT - b; |
wolfSSL | 15:117db924cf7c | 456 | for (x = 0; x < c->used; x++) { |
wolfSSL | 15:117db924cf7c | 457 | carrytmp = c->dp[x] >> shift; |
wolfSSL | 15:117db924cf7c | 458 | c->dp[x] = (c->dp[x] << b) + carry; |
wolfSSL | 15:117db924cf7c | 459 | carry = carrytmp; |
wolfSSL | 15:117db924cf7c | 460 | } |
wolfSSL | 15:117db924cf7c | 461 | /* store last carry if room */ |
wolfSSL | 15:117db924cf7c | 462 | if (carry && x < FP_SIZE) { |
wolfSSL | 15:117db924cf7c | 463 | c->dp[c->used++] = carry; |
wolfSSL | 15:117db924cf7c | 464 | } |
wolfSSL | 15:117db924cf7c | 465 | } |
wolfSSL | 15:117db924cf7c | 466 | fp_clamp(c); |
wolfSSL | 15:117db924cf7c | 467 | } |
wolfSSL | 15:117db924cf7c | 468 | |
wolfSSL | 15:117db924cf7c | 469 | /* generic PxQ multiplier */ |
wolfSSL | 15:117db924cf7c | 470 | #if defined(HAVE_INTEL_MULX) |
wolfSSL | 15:117db924cf7c | 471 | |
wolfSSL | 16:8e0d178b1d1e | 472 | WC_INLINE static int fp_mul_comba_mulx(fp_int *A, fp_int *B, fp_int *C) |
wolfSSL | 15:117db924cf7c | 473 | |
wolfSSL | 15:117db924cf7c | 474 | { |
wolfSSL | 15:117db924cf7c | 475 | int ix, iy, iz, pa; |
wolfSSL | 16:8e0d178b1d1e | 476 | fp_int *dst; |
wolfSSL | 16:8e0d178b1d1e | 477 | #ifndef WOLFSSL_SMALL_STACK |
wolfSSL | 16:8e0d178b1d1e | 478 | fp_int tmp[1]; |
wolfSSL | 16:8e0d178b1d1e | 479 | #else |
wolfSSL | 16:8e0d178b1d1e | 480 | fp_int *tmp; |
wolfSSL | 16:8e0d178b1d1e | 481 | #endif |
wolfSSL | 16:8e0d178b1d1e | 482 | |
wolfSSL | 16:8e0d178b1d1e | 483 | /* Variables used but not seen by cppcheck. */ |
wolfSSL | 16:8e0d178b1d1e | 484 | (void)ix; (void)iy; (void)iz; |
wolfSSL | 16:8e0d178b1d1e | 485 | |
wolfSSL | 16:8e0d178b1d1e | 486 | #ifdef WOLFSSL_SMALL_STACK |
wolfSSL | 16:8e0d178b1d1e | 487 | tmp = (fp_int*)XMALLOC(sizeof(fp_int), NULL, DYNAMIC_TYPE_BIGINT); |
wolfSSL | 16:8e0d178b1d1e | 488 | if (tmp == NULL) |
wolfSSL | 16:8e0d178b1d1e | 489 | return FP_MEM; |
wolfSSL | 16:8e0d178b1d1e | 490 | #endif |
wolfSSL | 15:117db924cf7c | 491 | |
wolfSSL | 15:117db924cf7c | 492 | /* get size of output and trim */ |
wolfSSL | 15:117db924cf7c | 493 | pa = A->used + B->used; |
wolfSSL | 15:117db924cf7c | 494 | if (pa >= FP_SIZE) { |
wolfSSL | 15:117db924cf7c | 495 | pa = FP_SIZE-1; |
wolfSSL | 15:117db924cf7c | 496 | } |
wolfSSL | 15:117db924cf7c | 497 | |
wolfSSL | 15:117db924cf7c | 498 | /* Always take branch to use tmp variable. This avoids a cache attack for |
wolfSSL | 15:117db924cf7c | 499 | * determining if C equals A */ |
wolfSSL | 15:117db924cf7c | 500 | if (1) { |
wolfSSL | 16:8e0d178b1d1e | 501 | fp_init(tmp); |
wolfSSL | 16:8e0d178b1d1e | 502 | dst = tmp; |
wolfSSL | 15:117db924cf7c | 503 | } |
wolfSSL | 15:117db924cf7c | 504 | |
wolfSSL | 15:117db924cf7c | 505 | TFM_INTEL_MUL_COMBA(A, B, dst) ; |
wolfSSL | 15:117db924cf7c | 506 | |
wolfSSL | 15:117db924cf7c | 507 | dst->used = pa; |
wolfSSL | 15:117db924cf7c | 508 | dst->sign = A->sign ^ B->sign; |
wolfSSL | 15:117db924cf7c | 509 | fp_clamp(dst); |
wolfSSL | 15:117db924cf7c | 510 | fp_copy(dst, C); |
wolfSSL | 16:8e0d178b1d1e | 511 | |
wolfSSL | 16:8e0d178b1d1e | 512 | #ifdef WOLFSSL_SMALL_STACK |
wolfSSL | 16:8e0d178b1d1e | 513 | XFREE(tmp, NULL, DYNAMIC_TYPE_BIGINT); |
wolfSSL | 16:8e0d178b1d1e | 514 | #endif |
wolfSSL | 16:8e0d178b1d1e | 515 | |
wolfSSL | 16:8e0d178b1d1e | 516 | return FP_OKAY; |
wolfSSL | 15:117db924cf7c | 517 | } |
wolfSSL | 15:117db924cf7c | 518 | #endif |
wolfSSL | 15:117db924cf7c | 519 | |
wolfSSL | 16:8e0d178b1d1e | 520 | int fp_mul_comba(fp_int *A, fp_int *B, fp_int *C) |
wolfSSL | 15:117db924cf7c | 521 | { |
wolfSSL | 16:8e0d178b1d1e | 522 | int ret = 0; |
wolfSSL | 15:117db924cf7c | 523 | int ix, iy, iz, tx, ty, pa; |
wolfSSL | 15:117db924cf7c | 524 | fp_digit c0, c1, c2, *tmpx, *tmpy; |
wolfSSL | 16:8e0d178b1d1e | 525 | fp_int *dst; |
wolfSSL | 16:8e0d178b1d1e | 526 | #ifndef WOLFSSL_SMALL_STACK |
wolfSSL | 16:8e0d178b1d1e | 527 | fp_int tmp[1]; |
wolfSSL | 16:8e0d178b1d1e | 528 | #else |
wolfSSL | 16:8e0d178b1d1e | 529 | fp_int *tmp; |
wolfSSL | 16:8e0d178b1d1e | 530 | #endif |
wolfSSL | 16:8e0d178b1d1e | 531 | |
wolfSSL | 16:8e0d178b1d1e | 532 | IF_HAVE_INTEL_MULX(ret = fp_mul_comba_mulx(A, B, C), return ret) ; |
wolfSSL | 16:8e0d178b1d1e | 533 | |
wolfSSL | 16:8e0d178b1d1e | 534 | #ifdef WOLFSSL_SMALL_STACK |
wolfSSL | 16:8e0d178b1d1e | 535 | tmp = (fp_int*)XMALLOC(sizeof(fp_int), NULL, DYNAMIC_TYPE_BIGINT); |
wolfSSL | 16:8e0d178b1d1e | 536 | if (tmp == NULL) |
wolfSSL | 16:8e0d178b1d1e | 537 | return FP_MEM; |
wolfSSL | 16:8e0d178b1d1e | 538 | #endif |
wolfSSL | 15:117db924cf7c | 539 | |
wolfSSL | 15:117db924cf7c | 540 | COMBA_START; |
wolfSSL | 15:117db924cf7c | 541 | COMBA_CLEAR; |
wolfSSL | 15:117db924cf7c | 542 | |
wolfSSL | 15:117db924cf7c | 543 | /* get size of output and trim */ |
wolfSSL | 15:117db924cf7c | 544 | pa = A->used + B->used; |
wolfSSL | 15:117db924cf7c | 545 | if (pa >= FP_SIZE) { |
wolfSSL | 15:117db924cf7c | 546 | pa = FP_SIZE-1; |
wolfSSL | 15:117db924cf7c | 547 | } |
wolfSSL | 15:117db924cf7c | 548 | |
wolfSSL | 15:117db924cf7c | 549 | /* Always take branch to use tmp variable. This avoids a cache attack for |
wolfSSL | 15:117db924cf7c | 550 | * determining if C equals A */ |
wolfSSL | 15:117db924cf7c | 551 | if (1) { |
wolfSSL | 16:8e0d178b1d1e | 552 | fp_init(tmp); |
wolfSSL | 16:8e0d178b1d1e | 553 | dst = tmp; |
wolfSSL | 15:117db924cf7c | 554 | } |
wolfSSL | 15:117db924cf7c | 555 | |
wolfSSL | 15:117db924cf7c | 556 | for (ix = 0; ix < pa; ix++) { |
wolfSSL | 15:117db924cf7c | 557 | /* get offsets into the two bignums */ |
wolfSSL | 15:117db924cf7c | 558 | ty = MIN(ix, (B->used > 0 ? B->used - 1 : 0)); |
wolfSSL | 15:117db924cf7c | 559 | tx = ix - ty; |
wolfSSL | 15:117db924cf7c | 560 | |
wolfSSL | 15:117db924cf7c | 561 | /* setup temp aliases */ |
wolfSSL | 15:117db924cf7c | 562 | tmpx = A->dp + tx; |
wolfSSL | 15:117db924cf7c | 563 | tmpy = B->dp + ty; |
wolfSSL | 15:117db924cf7c | 564 | |
wolfSSL | 15:117db924cf7c | 565 | /* this is the number of times the loop will iterate, essentially its |
wolfSSL | 15:117db924cf7c | 566 | while (tx++ < a->used && ty-- >= 0) { ... } |
wolfSSL | 15:117db924cf7c | 567 | */ |
wolfSSL | 15:117db924cf7c | 568 | iy = MIN(A->used-tx, ty+1); |
wolfSSL | 15:117db924cf7c | 569 | |
wolfSSL | 15:117db924cf7c | 570 | /* execute loop */ |
wolfSSL | 15:117db924cf7c | 571 | COMBA_FORWARD; |
wolfSSL | 15:117db924cf7c | 572 | for (iz = 0; iz < iy; ++iz) { |
wolfSSL | 15:117db924cf7c | 573 | fp_digit _tmpx = *tmpx++; |
wolfSSL | 15:117db924cf7c | 574 | fp_digit _tmpy = *tmpy--; |
wolfSSL | 15:117db924cf7c | 575 | MULADD(_tmpx, _tmpy); |
wolfSSL | 15:117db924cf7c | 576 | } |
wolfSSL | 15:117db924cf7c | 577 | |
wolfSSL | 15:117db924cf7c | 578 | /* store term */ |
wolfSSL | 15:117db924cf7c | 579 | COMBA_STORE(dst->dp[ix]); |
wolfSSL | 15:117db924cf7c | 580 | } |
wolfSSL | 15:117db924cf7c | 581 | COMBA_FINI; |
wolfSSL | 15:117db924cf7c | 582 | |
wolfSSL | 15:117db924cf7c | 583 | dst->used = pa; |
wolfSSL | 15:117db924cf7c | 584 | dst->sign = A->sign ^ B->sign; |
wolfSSL | 15:117db924cf7c | 585 | fp_clamp(dst); |
wolfSSL | 15:117db924cf7c | 586 | fp_copy(dst, C); |
wolfSSL | 16:8e0d178b1d1e | 587 | |
wolfSSL | 16:8e0d178b1d1e | 588 | /* Variables used but not seen by cppcheck. */ |
wolfSSL | 16:8e0d178b1d1e | 589 | (void)c0; (void)c1; (void)c2; |
wolfSSL | 16:8e0d178b1d1e | 590 | |
wolfSSL | 16:8e0d178b1d1e | 591 | #ifdef WOLFSSL_SMALL_STACK |
wolfSSL | 16:8e0d178b1d1e | 592 | XFREE(tmp, NULL, DYNAMIC_TYPE_BIGINT); |
wolfSSL | 16:8e0d178b1d1e | 593 | #endif |
wolfSSL | 16:8e0d178b1d1e | 594 | return ret; |
wolfSSL | 15:117db924cf7c | 595 | } |
wolfSSL | 15:117db924cf7c | 596 | |
wolfSSL | 15:117db924cf7c | 597 | /* a/b => cb + d == a */ |
wolfSSL | 15:117db924cf7c | 598 | int fp_div(fp_int *a, fp_int *b, fp_int *c, fp_int *d) |
wolfSSL | 15:117db924cf7c | 599 | { |
wolfSSL | 15:117db924cf7c | 600 | int n, t, i, norm, neg; |
wolfSSL | 16:8e0d178b1d1e | 601 | #ifndef WOLFSSL_SMALL_STACK |
wolfSSL | 16:8e0d178b1d1e | 602 | fp_int q[1], x[1], y[1], t1[1], t2[1]; |
wolfSSL | 16:8e0d178b1d1e | 603 | #else |
wolfSSL | 16:8e0d178b1d1e | 604 | fp_int *q, *x, *y, *t1, *t2; |
wolfSSL | 16:8e0d178b1d1e | 605 | #endif |
wolfSSL | 15:117db924cf7c | 606 | |
wolfSSL | 15:117db924cf7c | 607 | /* is divisor zero ? */ |
wolfSSL | 15:117db924cf7c | 608 | if (fp_iszero (b) == FP_YES) { |
wolfSSL | 15:117db924cf7c | 609 | return FP_VAL; |
wolfSSL | 15:117db924cf7c | 610 | } |
wolfSSL | 15:117db924cf7c | 611 | |
wolfSSL | 15:117db924cf7c | 612 | /* if a < b then q=0, r = a */ |
wolfSSL | 15:117db924cf7c | 613 | if (fp_cmp_mag (a, b) == FP_LT) { |
wolfSSL | 15:117db924cf7c | 614 | if (d != NULL) { |
wolfSSL | 15:117db924cf7c | 615 | fp_copy (a, d); |
wolfSSL | 15:117db924cf7c | 616 | } |
wolfSSL | 15:117db924cf7c | 617 | if (c != NULL) { |
wolfSSL | 15:117db924cf7c | 618 | fp_zero (c); |
wolfSSL | 15:117db924cf7c | 619 | } |
wolfSSL | 15:117db924cf7c | 620 | return FP_OKAY; |
wolfSSL | 15:117db924cf7c | 621 | } |
wolfSSL | 15:117db924cf7c | 622 | |
wolfSSL | 16:8e0d178b1d1e | 623 | #ifdef WOLFSSL_SMALL_STACK |
wolfSSL | 16:8e0d178b1d1e | 624 | q = (fp_int*)XMALLOC(sizeof(fp_int) * 5, NULL, DYNAMIC_TYPE_BIGINT); |
wolfSSL | 16:8e0d178b1d1e | 625 | if (q == NULL) { |
wolfSSL | 16:8e0d178b1d1e | 626 | return FP_MEM; |
wolfSSL | 16:8e0d178b1d1e | 627 | } |
wolfSSL | 16:8e0d178b1d1e | 628 | x = &q[1]; y = &q[2]; t1 = &q[3]; t2 = &q[4]; |
wolfSSL | 16:8e0d178b1d1e | 629 | #endif |
wolfSSL | 16:8e0d178b1d1e | 630 | |
wolfSSL | 16:8e0d178b1d1e | 631 | fp_init(q); |
wolfSSL | 16:8e0d178b1d1e | 632 | q->used = a->used + 2; |
wolfSSL | 16:8e0d178b1d1e | 633 | |
wolfSSL | 16:8e0d178b1d1e | 634 | fp_init(t1); |
wolfSSL | 16:8e0d178b1d1e | 635 | fp_init(t2); |
wolfSSL | 16:8e0d178b1d1e | 636 | fp_init_copy(x, a); |
wolfSSL | 16:8e0d178b1d1e | 637 | fp_init_copy(y, b); |
wolfSSL | 15:117db924cf7c | 638 | |
wolfSSL | 15:117db924cf7c | 639 | /* fix the sign */ |
wolfSSL | 15:117db924cf7c | 640 | neg = (a->sign == b->sign) ? FP_ZPOS : FP_NEG; |
wolfSSL | 16:8e0d178b1d1e | 641 | x->sign = y->sign = FP_ZPOS; |
wolfSSL | 15:117db924cf7c | 642 | |
wolfSSL | 15:117db924cf7c | 643 | /* normalize both x and y, ensure that y >= b/2, [b == 2**DIGIT_BIT] */ |
wolfSSL | 16:8e0d178b1d1e | 644 | norm = fp_count_bits(y) % DIGIT_BIT; |
wolfSSL | 15:117db924cf7c | 645 | if (norm < (int)(DIGIT_BIT-1)) { |
wolfSSL | 15:117db924cf7c | 646 | norm = (DIGIT_BIT-1) - norm; |
wolfSSL | 16:8e0d178b1d1e | 647 | fp_mul_2d (x, norm, x); |
wolfSSL | 16:8e0d178b1d1e | 648 | fp_mul_2d (y, norm, y); |
wolfSSL | 15:117db924cf7c | 649 | } else { |
wolfSSL | 15:117db924cf7c | 650 | norm = 0; |
wolfSSL | 15:117db924cf7c | 651 | } |
wolfSSL | 15:117db924cf7c | 652 | |
wolfSSL | 15:117db924cf7c | 653 | /* note hac does 0 based, so if used==5 then its 0,1,2,3,4, e.g. use 4 */ |
wolfSSL | 16:8e0d178b1d1e | 654 | n = x->used - 1; |
wolfSSL | 16:8e0d178b1d1e | 655 | t = y->used - 1; |
wolfSSL | 15:117db924cf7c | 656 | |
wolfSSL | 15:117db924cf7c | 657 | /* while (x >= y*b**n-t) do { q[n-t] += 1; x -= y*b**{n-t} } */ |
wolfSSL | 16:8e0d178b1d1e | 658 | fp_lshd (y, n - t); /* y = y*b**{n-t} */ |
wolfSSL | 16:8e0d178b1d1e | 659 | |
wolfSSL | 16:8e0d178b1d1e | 660 | while (fp_cmp (x, y) != FP_LT) { |
wolfSSL | 16:8e0d178b1d1e | 661 | ++(q->dp[n - t]); |
wolfSSL | 16:8e0d178b1d1e | 662 | fp_sub (x, y, x); |
wolfSSL | 15:117db924cf7c | 663 | } |
wolfSSL | 15:117db924cf7c | 664 | |
wolfSSL | 15:117db924cf7c | 665 | /* reset y by shifting it back down */ |
wolfSSL | 16:8e0d178b1d1e | 666 | fp_rshd (y, n - t); |
wolfSSL | 15:117db924cf7c | 667 | |
wolfSSL | 15:117db924cf7c | 668 | /* step 3. for i from n down to (t + 1) */ |
wolfSSL | 15:117db924cf7c | 669 | for (i = n; i >= (t + 1); i--) { |
wolfSSL | 16:8e0d178b1d1e | 670 | if (i > x->used) { |
wolfSSL | 15:117db924cf7c | 671 | continue; |
wolfSSL | 15:117db924cf7c | 672 | } |
wolfSSL | 15:117db924cf7c | 673 | |
wolfSSL | 15:117db924cf7c | 674 | /* step 3.1 if xi == yt then set q{i-t-1} to b-1, |
wolfSSL | 15:117db924cf7c | 675 | * otherwise set q{i-t-1} to (xi*b + x{i-1})/yt */ |
wolfSSL | 16:8e0d178b1d1e | 676 | if (x->dp[i] == y->dp[t]) { |
wolfSSL | 16:8e0d178b1d1e | 677 | q->dp[i - t - 1] = (fp_digit) ((((fp_word)1) << DIGIT_BIT) - 1); |
wolfSSL | 15:117db924cf7c | 678 | } else { |
wolfSSL | 15:117db924cf7c | 679 | fp_word tmp; |
wolfSSL | 16:8e0d178b1d1e | 680 | tmp = ((fp_word) x->dp[i]) << ((fp_word) DIGIT_BIT); |
wolfSSL | 16:8e0d178b1d1e | 681 | tmp |= ((fp_word) x->dp[i - 1]); |
wolfSSL | 16:8e0d178b1d1e | 682 | tmp /= ((fp_word)y->dp[t]); |
wolfSSL | 16:8e0d178b1d1e | 683 | q->dp[i - t - 1] = (fp_digit) (tmp); |
wolfSSL | 15:117db924cf7c | 684 | } |
wolfSSL | 15:117db924cf7c | 685 | |
wolfSSL | 15:117db924cf7c | 686 | /* while (q{i-t-1} * (yt * b + y{t-1})) > |
wolfSSL | 15:117db924cf7c | 687 | xi * b**2 + xi-1 * b + xi-2 |
wolfSSL | 15:117db924cf7c | 688 | |
wolfSSL | 15:117db924cf7c | 689 | do q{i-t-1} -= 1; |
wolfSSL | 15:117db924cf7c | 690 | */ |
wolfSSL | 16:8e0d178b1d1e | 691 | q->dp[i - t - 1] = (q->dp[i - t - 1] + 1); |
wolfSSL | 15:117db924cf7c | 692 | do { |
wolfSSL | 16:8e0d178b1d1e | 693 | q->dp[i - t - 1] = (q->dp[i - t - 1] - 1); |
wolfSSL | 15:117db924cf7c | 694 | |
wolfSSL | 15:117db924cf7c | 695 | /* find left hand */ |
wolfSSL | 16:8e0d178b1d1e | 696 | fp_zero (t1); |
wolfSSL | 16:8e0d178b1d1e | 697 | t1->dp[0] = (t - 1 < 0) ? 0 : y->dp[t - 1]; |
wolfSSL | 16:8e0d178b1d1e | 698 | t1->dp[1] = y->dp[t]; |
wolfSSL | 16:8e0d178b1d1e | 699 | t1->used = 2; |
wolfSSL | 16:8e0d178b1d1e | 700 | fp_mul_d (t1, q->dp[i - t - 1], t1); |
wolfSSL | 15:117db924cf7c | 701 | |
wolfSSL | 15:117db924cf7c | 702 | /* find right hand */ |
wolfSSL | 16:8e0d178b1d1e | 703 | t2->dp[0] = (i - 2 < 0) ? 0 : x->dp[i - 2]; |
wolfSSL | 16:8e0d178b1d1e | 704 | t2->dp[1] = (i - 1 < 0) ? 0 : x->dp[i - 1]; |
wolfSSL | 16:8e0d178b1d1e | 705 | t2->dp[2] = x->dp[i]; |
wolfSSL | 16:8e0d178b1d1e | 706 | t2->used = 3; |
wolfSSL | 16:8e0d178b1d1e | 707 | } while (fp_cmp_mag(t1, t2) == FP_GT); |
wolfSSL | 15:117db924cf7c | 708 | |
wolfSSL | 15:117db924cf7c | 709 | /* step 3.3 x = x - q{i-t-1} * y * b**{i-t-1} */ |
wolfSSL | 16:8e0d178b1d1e | 710 | fp_mul_d (y, q->dp[i - t - 1], t1); |
wolfSSL | 16:8e0d178b1d1e | 711 | fp_lshd (t1, i - t - 1); |
wolfSSL | 16:8e0d178b1d1e | 712 | fp_sub (x, t1, x); |
wolfSSL | 15:117db924cf7c | 713 | |
wolfSSL | 15:117db924cf7c | 714 | /* if x < 0 then { x = x + y*b**{i-t-1}; q{i-t-1} -= 1; } */ |
wolfSSL | 16:8e0d178b1d1e | 715 | if (x->sign == FP_NEG) { |
wolfSSL | 16:8e0d178b1d1e | 716 | fp_copy (y, t1); |
wolfSSL | 16:8e0d178b1d1e | 717 | fp_lshd (t1, i - t - 1); |
wolfSSL | 16:8e0d178b1d1e | 718 | fp_add (x, t1, x); |
wolfSSL | 16:8e0d178b1d1e | 719 | q->dp[i - t - 1] = q->dp[i - t - 1] - 1; |
wolfSSL | 15:117db924cf7c | 720 | } |
wolfSSL | 15:117db924cf7c | 721 | } |
wolfSSL | 15:117db924cf7c | 722 | |
wolfSSL | 15:117db924cf7c | 723 | /* now q is the quotient and x is the remainder |
wolfSSL | 15:117db924cf7c | 724 | * [which we have to normalize] |
wolfSSL | 15:117db924cf7c | 725 | */ |
wolfSSL | 15:117db924cf7c | 726 | |
wolfSSL | 15:117db924cf7c | 727 | /* get sign before writing to c */ |
wolfSSL | 16:8e0d178b1d1e | 728 | x->sign = x->used == 0 ? FP_ZPOS : a->sign; |
wolfSSL | 15:117db924cf7c | 729 | |
wolfSSL | 15:117db924cf7c | 730 | if (c != NULL) { |
wolfSSL | 16:8e0d178b1d1e | 731 | fp_clamp (q); |
wolfSSL | 16:8e0d178b1d1e | 732 | fp_copy (q, c); |
wolfSSL | 15:117db924cf7c | 733 | c->sign = neg; |
wolfSSL | 15:117db924cf7c | 734 | } |
wolfSSL | 15:117db924cf7c | 735 | |
wolfSSL | 15:117db924cf7c | 736 | if (d != NULL) { |
wolfSSL | 16:8e0d178b1d1e | 737 | fp_div_2d (x, norm, x, NULL); |
wolfSSL | 15:117db924cf7c | 738 | |
wolfSSL | 15:117db924cf7c | 739 | /* zero any excess digits on the destination that we didn't write to */ |
wolfSSL | 16:8e0d178b1d1e | 740 | for (i = b->used; i < x->used; i++) { |
wolfSSL | 16:8e0d178b1d1e | 741 | x->dp[i] = 0; |
wolfSSL | 15:117db924cf7c | 742 | } |
wolfSSL | 16:8e0d178b1d1e | 743 | fp_clamp(x); |
wolfSSL | 16:8e0d178b1d1e | 744 | fp_copy (x, d); |
wolfSSL | 15:117db924cf7c | 745 | } |
wolfSSL | 15:117db924cf7c | 746 | |
wolfSSL | 16:8e0d178b1d1e | 747 | #ifdef WOLFSSL_SMALL_STACK |
wolfSSL | 16:8e0d178b1d1e | 748 | XFREE(q, NULL, DYNAMIC_TYPE_BIGINT); |
wolfSSL | 16:8e0d178b1d1e | 749 | #endif |
wolfSSL | 15:117db924cf7c | 750 | return FP_OKAY; |
wolfSSL | 15:117db924cf7c | 751 | } |
wolfSSL | 15:117db924cf7c | 752 | |
wolfSSL | 15:117db924cf7c | 753 | /* b = a/2 */ |
wolfSSL | 15:117db924cf7c | 754 | void fp_div_2(fp_int * a, fp_int * b) |
wolfSSL | 15:117db924cf7c | 755 | { |
wolfSSL | 15:117db924cf7c | 756 | int x, oldused; |
wolfSSL | 15:117db924cf7c | 757 | |
wolfSSL | 15:117db924cf7c | 758 | oldused = b->used; |
wolfSSL | 15:117db924cf7c | 759 | b->used = a->used; |
wolfSSL | 15:117db924cf7c | 760 | { |
wolfSSL | 15:117db924cf7c | 761 | fp_digit r, rr, *tmpa, *tmpb; |
wolfSSL | 15:117db924cf7c | 762 | |
wolfSSL | 15:117db924cf7c | 763 | /* source alias */ |
wolfSSL | 15:117db924cf7c | 764 | tmpa = a->dp + b->used - 1; |
wolfSSL | 15:117db924cf7c | 765 | |
wolfSSL | 15:117db924cf7c | 766 | /* dest alias */ |
wolfSSL | 15:117db924cf7c | 767 | tmpb = b->dp + b->used - 1; |
wolfSSL | 15:117db924cf7c | 768 | |
wolfSSL | 15:117db924cf7c | 769 | /* carry */ |
wolfSSL | 15:117db924cf7c | 770 | r = 0; |
wolfSSL | 15:117db924cf7c | 771 | for (x = b->used - 1; x >= 0; x--) { |
wolfSSL | 15:117db924cf7c | 772 | /* get the carry for the next iteration */ |
wolfSSL | 15:117db924cf7c | 773 | rr = *tmpa & 1; |
wolfSSL | 15:117db924cf7c | 774 | |
wolfSSL | 15:117db924cf7c | 775 | /* shift the current digit, add in carry and store */ |
wolfSSL | 15:117db924cf7c | 776 | *tmpb-- = (*tmpa-- >> 1) | (r << (DIGIT_BIT - 1)); |
wolfSSL | 15:117db924cf7c | 777 | |
wolfSSL | 15:117db924cf7c | 778 | /* forward carry to next iteration */ |
wolfSSL | 15:117db924cf7c | 779 | r = rr; |
wolfSSL | 15:117db924cf7c | 780 | } |
wolfSSL | 15:117db924cf7c | 781 | |
wolfSSL | 15:117db924cf7c | 782 | /* zero any excess digits on the destination that we didn't write to */ |
wolfSSL | 15:117db924cf7c | 783 | tmpb = b->dp + b->used; |
wolfSSL | 15:117db924cf7c | 784 | for (x = b->used; x < oldused; x++) { |
wolfSSL | 15:117db924cf7c | 785 | *tmpb++ = 0; |
wolfSSL | 15:117db924cf7c | 786 | } |
wolfSSL | 15:117db924cf7c | 787 | } |
wolfSSL | 15:117db924cf7c | 788 | b->sign = a->sign; |
wolfSSL | 15:117db924cf7c | 789 | fp_clamp (b); |
wolfSSL | 15:117db924cf7c | 790 | } |
wolfSSL | 15:117db924cf7c | 791 | |
wolfSSL | 15:117db924cf7c | 792 | /* c = a / 2**b */ |
wolfSSL | 15:117db924cf7c | 793 | void fp_div_2d(fp_int *a, int b, fp_int *c, fp_int *d) |
wolfSSL | 15:117db924cf7c | 794 | { |
wolfSSL | 15:117db924cf7c | 795 | int D; |
wolfSSL | 15:117db924cf7c | 796 | |
wolfSSL | 15:117db924cf7c | 797 | /* if the shift count is <= 0 then we do no work */ |
wolfSSL | 15:117db924cf7c | 798 | if (b <= 0) { |
wolfSSL | 15:117db924cf7c | 799 | fp_copy (a, c); |
wolfSSL | 15:117db924cf7c | 800 | if (d != NULL) { |
wolfSSL | 15:117db924cf7c | 801 | fp_zero (d); |
wolfSSL | 15:117db924cf7c | 802 | } |
wolfSSL | 15:117db924cf7c | 803 | return; |
wolfSSL | 15:117db924cf7c | 804 | } |
wolfSSL | 15:117db924cf7c | 805 | |
wolfSSL | 16:8e0d178b1d1e | 806 | /* get the remainder before a is changed in calculating c */ |
wolfSSL | 16:8e0d178b1d1e | 807 | if (a == c && d != NULL) { |
wolfSSL | 16:8e0d178b1d1e | 808 | fp_mod_2d (a, b, d); |
wolfSSL | 15:117db924cf7c | 809 | } |
wolfSSL | 15:117db924cf7c | 810 | |
wolfSSL | 15:117db924cf7c | 811 | /* copy */ |
wolfSSL | 15:117db924cf7c | 812 | fp_copy(a, c); |
wolfSSL | 15:117db924cf7c | 813 | |
wolfSSL | 15:117db924cf7c | 814 | /* shift by as many digits in the bit count */ |
wolfSSL | 15:117db924cf7c | 815 | if (b >= (int)DIGIT_BIT) { |
wolfSSL | 15:117db924cf7c | 816 | fp_rshd (c, b / DIGIT_BIT); |
wolfSSL | 15:117db924cf7c | 817 | } |
wolfSSL | 15:117db924cf7c | 818 | |
wolfSSL | 15:117db924cf7c | 819 | /* shift any bit count < DIGIT_BIT */ |
wolfSSL | 15:117db924cf7c | 820 | D = (b % DIGIT_BIT); |
wolfSSL | 15:117db924cf7c | 821 | if (D != 0) { |
wolfSSL | 15:117db924cf7c | 822 | fp_rshb(c, D); |
wolfSSL | 15:117db924cf7c | 823 | } |
wolfSSL | 16:8e0d178b1d1e | 824 | |
wolfSSL | 16:8e0d178b1d1e | 825 | /* get the remainder if a is not changed in calculating c */ |
wolfSSL | 16:8e0d178b1d1e | 826 | if (a != c && d != NULL) { |
wolfSSL | 16:8e0d178b1d1e | 827 | fp_mod_2d (a, b, d); |
wolfSSL | 16:8e0d178b1d1e | 828 | } |
wolfSSL | 16:8e0d178b1d1e | 829 | |
wolfSSL | 15:117db924cf7c | 830 | fp_clamp (c); |
wolfSSL | 15:117db924cf7c | 831 | } |
wolfSSL | 15:117db924cf7c | 832 | |
wolfSSL | 15:117db924cf7c | 833 | /* c = a mod b, 0 <= c < b */ |
wolfSSL | 15:117db924cf7c | 834 | int fp_mod(fp_int *a, fp_int *b, fp_int *c) |
wolfSSL | 15:117db924cf7c | 835 | { |
wolfSSL | 16:8e0d178b1d1e | 836 | #ifndef WOLFSSL_SMALL_STACK |
wolfSSL | 16:8e0d178b1d1e | 837 | fp_int t[1]; |
wolfSSL | 16:8e0d178b1d1e | 838 | #else |
wolfSSL | 16:8e0d178b1d1e | 839 | fp_int *t; |
wolfSSL | 16:8e0d178b1d1e | 840 | #endif |
wolfSSL | 15:117db924cf7c | 841 | int err; |
wolfSSL | 15:117db924cf7c | 842 | |
wolfSSL | 16:8e0d178b1d1e | 843 | #ifdef WOLFSSL_SMALL_STACK |
wolfSSL | 16:8e0d178b1d1e | 844 | t = (fp_int*)XMALLOC(sizeof(fp_int), NULL, DYNAMIC_TYPE_BIGINT); |
wolfSSL | 16:8e0d178b1d1e | 845 | if (t == NULL) |
wolfSSL | 16:8e0d178b1d1e | 846 | return FP_MEM; |
wolfSSL | 16:8e0d178b1d1e | 847 | #endif |
wolfSSL | 16:8e0d178b1d1e | 848 | |
wolfSSL | 16:8e0d178b1d1e | 849 | fp_init(t); |
wolfSSL | 16:8e0d178b1d1e | 850 | err = fp_div(a, b, NULL, t); |
wolfSSL | 16:8e0d178b1d1e | 851 | if (err == FP_OKAY) { |
wolfSSL | 16:8e0d178b1d1e | 852 | if (t->sign != b->sign) { |
wolfSSL | 16:8e0d178b1d1e | 853 | fp_add(t, b, c); |
wolfSSL | 16:8e0d178b1d1e | 854 | } else { |
wolfSSL | 16:8e0d178b1d1e | 855 | fp_copy(t, c); |
wolfSSL | 16:8e0d178b1d1e | 856 | } |
wolfSSL | 15:117db924cf7c | 857 | } |
wolfSSL | 16:8e0d178b1d1e | 858 | |
wolfSSL | 16:8e0d178b1d1e | 859 | #ifdef WOLFSSL_SMALL_STACK |
wolfSSL | 16:8e0d178b1d1e | 860 | XFREE(t, NULL, DYNAMIC_TYPE_BIGINT); |
wolfSSL | 16:8e0d178b1d1e | 861 | #endif |
wolfSSL | 16:8e0d178b1d1e | 862 | return err; |
wolfSSL | 15:117db924cf7c | 863 | } |
wolfSSL | 15:117db924cf7c | 864 | |
wolfSSL | 15:117db924cf7c | 865 | /* c = a mod 2**d */ |
wolfSSL | 15:117db924cf7c | 866 | void fp_mod_2d(fp_int *a, int b, fp_int *c) |
wolfSSL | 15:117db924cf7c | 867 | { |
wolfSSL | 15:117db924cf7c | 868 | int x; |
wolfSSL | 15:117db924cf7c | 869 | |
wolfSSL | 15:117db924cf7c | 870 | /* zero if count less than or equal to zero */ |
wolfSSL | 15:117db924cf7c | 871 | if (b <= 0) { |
wolfSSL | 15:117db924cf7c | 872 | fp_zero(c); |
wolfSSL | 15:117db924cf7c | 873 | return; |
wolfSSL | 15:117db924cf7c | 874 | } |
wolfSSL | 15:117db924cf7c | 875 | |
wolfSSL | 15:117db924cf7c | 876 | /* get copy of input */ |
wolfSSL | 15:117db924cf7c | 877 | fp_copy(a, c); |
wolfSSL | 15:117db924cf7c | 878 | |
wolfSSL | 15:117db924cf7c | 879 | /* if 2**d is larger than we just return */ |
wolfSSL | 15:117db924cf7c | 880 | if (b >= (DIGIT_BIT * a->used)) { |
wolfSSL | 15:117db924cf7c | 881 | return; |
wolfSSL | 15:117db924cf7c | 882 | } |
wolfSSL | 15:117db924cf7c | 883 | |
wolfSSL | 15:117db924cf7c | 884 | /* zero digits above the last digit of the modulus */ |
wolfSSL | 15:117db924cf7c | 885 | for (x = (b / DIGIT_BIT) + ((b % DIGIT_BIT) == 0 ? 0 : 1); x < c->used; x++) { |
wolfSSL | 15:117db924cf7c | 886 | c->dp[x] = 0; |
wolfSSL | 15:117db924cf7c | 887 | } |
wolfSSL | 15:117db924cf7c | 888 | /* clear the digit that is not completely outside/inside the modulus */ |
wolfSSL | 15:117db924cf7c | 889 | c->dp[b / DIGIT_BIT] &= ~((fp_digit)0) >> (DIGIT_BIT - b); |
wolfSSL | 15:117db924cf7c | 890 | fp_clamp (c); |
wolfSSL | 15:117db924cf7c | 891 | } |
wolfSSL | 15:117db924cf7c | 892 | |
wolfSSL | 15:117db924cf7c | 893 | static int fp_invmod_slow (fp_int * a, fp_int * b, fp_int * c) |
wolfSSL | 15:117db924cf7c | 894 | { |
wolfSSL | 16:8e0d178b1d1e | 895 | #ifndef WOLFSSL_SMALL_STACK |
wolfSSL | 16:8e0d178b1d1e | 896 | fp_int x[1], y[1], u[1], v[1], A[1], B[1], C[1], D[1]; |
wolfSSL | 16:8e0d178b1d1e | 897 | #else |
wolfSSL | 16:8e0d178b1d1e | 898 | fp_int *x, *y, *u, *v, *A, *B, *C, *D; |
wolfSSL | 16:8e0d178b1d1e | 899 | #endif |
wolfSSL | 16:8e0d178b1d1e | 900 | int err; |
wolfSSL | 15:117db924cf7c | 901 | |
wolfSSL | 15:117db924cf7c | 902 | /* b cannot be negative */ |
wolfSSL | 15:117db924cf7c | 903 | if (b->sign == FP_NEG || fp_iszero(b) == FP_YES) { |
wolfSSL | 15:117db924cf7c | 904 | return FP_VAL; |
wolfSSL | 15:117db924cf7c | 905 | } |
wolfSSL | 16:8e0d178b1d1e | 906 | if (fp_iszero(a) == FP_YES) { |
wolfSSL | 16:8e0d178b1d1e | 907 | return FP_VAL; |
wolfSSL | 16:8e0d178b1d1e | 908 | } |
wolfSSL | 16:8e0d178b1d1e | 909 | |
wolfSSL | 16:8e0d178b1d1e | 910 | #ifdef WOLFSSL_SMALL_STACK |
wolfSSL | 16:8e0d178b1d1e | 911 | x = (fp_int*)XMALLOC(sizeof(fp_int) * 8, NULL, DYNAMIC_TYPE_BIGINT); |
wolfSSL | 16:8e0d178b1d1e | 912 | if (x == NULL) { |
wolfSSL | 16:8e0d178b1d1e | 913 | return FP_MEM; |
wolfSSL | 16:8e0d178b1d1e | 914 | } |
wolfSSL | 16:8e0d178b1d1e | 915 | y = &x[1]; u = &x[2]; v = &x[3]; A = &x[4]; B = &x[5]; C = &x[6]; D = &x[7]; |
wolfSSL | 16:8e0d178b1d1e | 916 | #endif |
wolfSSL | 15:117db924cf7c | 917 | |
wolfSSL | 15:117db924cf7c | 918 | /* init temps */ |
wolfSSL | 16:8e0d178b1d1e | 919 | fp_init(x); fp_init(y); |
wolfSSL | 16:8e0d178b1d1e | 920 | fp_init(u); fp_init(v); |
wolfSSL | 16:8e0d178b1d1e | 921 | fp_init(A); fp_init(B); |
wolfSSL | 16:8e0d178b1d1e | 922 | fp_init(C); fp_init(D); |
wolfSSL | 15:117db924cf7c | 923 | |
wolfSSL | 15:117db924cf7c | 924 | /* x = a, y = b */ |
wolfSSL | 16:8e0d178b1d1e | 925 | if ((err = fp_mod(a, b, x)) != FP_OKAY) { |
wolfSSL | 16:8e0d178b1d1e | 926 | #ifdef WOLFSSL_SMALL_STACK |
wolfSSL | 16:8e0d178b1d1e | 927 | XFREE(x, NULL, DYNAMIC_TYPE_BIGINT); |
wolfSSL | 16:8e0d178b1d1e | 928 | #endif |
wolfSSL | 16:8e0d178b1d1e | 929 | return err; |
wolfSSL | 15:117db924cf7c | 930 | } |
wolfSSL | 16:8e0d178b1d1e | 931 | fp_copy(b, y); |
wolfSSL | 15:117db924cf7c | 932 | |
wolfSSL | 15:117db924cf7c | 933 | /* 2. [modified] if x,y are both even then return an error! */ |
wolfSSL | 16:8e0d178b1d1e | 934 | if (fp_iseven(x) == FP_YES && fp_iseven(y) == FP_YES) { |
wolfSSL | 16:8e0d178b1d1e | 935 | #ifdef WOLFSSL_SMALL_STACK |
wolfSSL | 16:8e0d178b1d1e | 936 | XFREE(x, NULL, DYNAMIC_TYPE_BIGINT); |
wolfSSL | 16:8e0d178b1d1e | 937 | #endif |
wolfSSL | 15:117db924cf7c | 938 | return FP_VAL; |
wolfSSL | 15:117db924cf7c | 939 | } |
wolfSSL | 15:117db924cf7c | 940 | |
wolfSSL | 15:117db924cf7c | 941 | /* 3. u=x, v=y, A=1, B=0, C=0,D=1 */ |
wolfSSL | 16:8e0d178b1d1e | 942 | fp_copy (x, u); |
wolfSSL | 16:8e0d178b1d1e | 943 | fp_copy (y, v); |
wolfSSL | 16:8e0d178b1d1e | 944 | fp_set (A, 1); |
wolfSSL | 16:8e0d178b1d1e | 945 | fp_set (D, 1); |
wolfSSL | 15:117db924cf7c | 946 | |
wolfSSL | 15:117db924cf7c | 947 | top: |
wolfSSL | 15:117db924cf7c | 948 | /* 4. while u is even do */ |
wolfSSL | 16:8e0d178b1d1e | 949 | while (fp_iseven (u) == FP_YES) { |
wolfSSL | 15:117db924cf7c | 950 | /* 4.1 u = u/2 */ |
wolfSSL | 16:8e0d178b1d1e | 951 | fp_div_2 (u, u); |
wolfSSL | 15:117db924cf7c | 952 | |
wolfSSL | 15:117db924cf7c | 953 | /* 4.2 if A or B is odd then */ |
wolfSSL | 16:8e0d178b1d1e | 954 | if (fp_isodd (A) == FP_YES || fp_isodd (B) == FP_YES) { |
wolfSSL | 15:117db924cf7c | 955 | /* A = (A+y)/2, B = (B-x)/2 */ |
wolfSSL | 16:8e0d178b1d1e | 956 | fp_add (A, y, A); |
wolfSSL | 16:8e0d178b1d1e | 957 | fp_sub (B, x, B); |
wolfSSL | 15:117db924cf7c | 958 | } |
wolfSSL | 15:117db924cf7c | 959 | /* A = A/2, B = B/2 */ |
wolfSSL | 16:8e0d178b1d1e | 960 | fp_div_2 (A, A); |
wolfSSL | 16:8e0d178b1d1e | 961 | fp_div_2 (B, B); |
wolfSSL | 15:117db924cf7c | 962 | } |
wolfSSL | 15:117db924cf7c | 963 | |
wolfSSL | 15:117db924cf7c | 964 | /* 5. while v is even do */ |
wolfSSL | 16:8e0d178b1d1e | 965 | while (fp_iseven (v) == FP_YES) { |
wolfSSL | 15:117db924cf7c | 966 | /* 5.1 v = v/2 */ |
wolfSSL | 16:8e0d178b1d1e | 967 | fp_div_2 (v, v); |
wolfSSL | 15:117db924cf7c | 968 | |
wolfSSL | 15:117db924cf7c | 969 | /* 5.2 if C or D is odd then */ |
wolfSSL | 16:8e0d178b1d1e | 970 | if (fp_isodd (C) == FP_YES || fp_isodd (D) == FP_YES) { |
wolfSSL | 15:117db924cf7c | 971 | /* C = (C+y)/2, D = (D-x)/2 */ |
wolfSSL | 16:8e0d178b1d1e | 972 | fp_add (C, y, C); |
wolfSSL | 16:8e0d178b1d1e | 973 | fp_sub (D, x, D); |
wolfSSL | 15:117db924cf7c | 974 | } |
wolfSSL | 15:117db924cf7c | 975 | /* C = C/2, D = D/2 */ |
wolfSSL | 16:8e0d178b1d1e | 976 | fp_div_2 (C, C); |
wolfSSL | 16:8e0d178b1d1e | 977 | fp_div_2 (D, D); |
wolfSSL | 15:117db924cf7c | 978 | } |
wolfSSL | 15:117db924cf7c | 979 | |
wolfSSL | 15:117db924cf7c | 980 | /* 6. if u >= v then */ |
wolfSSL | 16:8e0d178b1d1e | 981 | if (fp_cmp (u, v) != FP_LT) { |
wolfSSL | 15:117db924cf7c | 982 | /* u = u - v, A = A - C, B = B - D */ |
wolfSSL | 16:8e0d178b1d1e | 983 | fp_sub (u, v, u); |
wolfSSL | 16:8e0d178b1d1e | 984 | fp_sub (A, C, A); |
wolfSSL | 16:8e0d178b1d1e | 985 | fp_sub (B, D, B); |
wolfSSL | 15:117db924cf7c | 986 | } else { |
wolfSSL | 15:117db924cf7c | 987 | /* v - v - u, C = C - A, D = D - B */ |
wolfSSL | 16:8e0d178b1d1e | 988 | fp_sub (v, u, v); |
wolfSSL | 16:8e0d178b1d1e | 989 | fp_sub (C, A, C); |
wolfSSL | 16:8e0d178b1d1e | 990 | fp_sub (D, B, D); |
wolfSSL | 15:117db924cf7c | 991 | } |
wolfSSL | 15:117db924cf7c | 992 | |
wolfSSL | 15:117db924cf7c | 993 | /* if not zero goto step 4 */ |
wolfSSL | 16:8e0d178b1d1e | 994 | if (fp_iszero (u) == FP_NO) |
wolfSSL | 15:117db924cf7c | 995 | goto top; |
wolfSSL | 15:117db924cf7c | 996 | |
wolfSSL | 15:117db924cf7c | 997 | /* now a = C, b = D, gcd == g*v */ |
wolfSSL | 15:117db924cf7c | 998 | |
wolfSSL | 15:117db924cf7c | 999 | /* if v != 1 then there is no inverse */ |
wolfSSL | 16:8e0d178b1d1e | 1000 | if (fp_cmp_d (v, 1) != FP_EQ) { |
wolfSSL | 16:8e0d178b1d1e | 1001 | #ifdef WOLFSSL_SMALL_STACK |
wolfSSL | 16:8e0d178b1d1e | 1002 | XFREE(x, NULL, DYNAMIC_TYPE_BIGINT); |
wolfSSL | 16:8e0d178b1d1e | 1003 | #endif |
wolfSSL | 15:117db924cf7c | 1004 | return FP_VAL; |
wolfSSL | 15:117db924cf7c | 1005 | } |
wolfSSL | 15:117db924cf7c | 1006 | |
wolfSSL | 15:117db924cf7c | 1007 | /* if its too low */ |
wolfSSL | 16:8e0d178b1d1e | 1008 | while (fp_cmp_d(C, 0) == FP_LT) { |
wolfSSL | 16:8e0d178b1d1e | 1009 | fp_add(C, b, C); |
wolfSSL | 15:117db924cf7c | 1010 | } |
wolfSSL | 15:117db924cf7c | 1011 | |
wolfSSL | 15:117db924cf7c | 1012 | /* too big */ |
wolfSSL | 16:8e0d178b1d1e | 1013 | while (fp_cmp_mag(C, b) != FP_LT) { |
wolfSSL | 16:8e0d178b1d1e | 1014 | fp_sub(C, b, C); |
wolfSSL | 15:117db924cf7c | 1015 | } |
wolfSSL | 15:117db924cf7c | 1016 | |
wolfSSL | 15:117db924cf7c | 1017 | /* C is now the inverse */ |
wolfSSL | 16:8e0d178b1d1e | 1018 | fp_copy(C, c); |
wolfSSL | 16:8e0d178b1d1e | 1019 | #ifdef WOLFSSL_SMALL_STACK |
wolfSSL | 16:8e0d178b1d1e | 1020 | XFREE(x, NULL, DYNAMIC_TYPE_BIGINT); |
wolfSSL | 16:8e0d178b1d1e | 1021 | #endif |
wolfSSL | 15:117db924cf7c | 1022 | return FP_OKAY; |
wolfSSL | 15:117db924cf7c | 1023 | } |
wolfSSL | 15:117db924cf7c | 1024 | |
wolfSSL | 15:117db924cf7c | 1025 | /* c = 1/a (mod b) for odd b only */ |
wolfSSL | 15:117db924cf7c | 1026 | int fp_invmod(fp_int *a, fp_int *b, fp_int *c) |
wolfSSL | 15:117db924cf7c | 1027 | { |
wolfSSL | 16:8e0d178b1d1e | 1028 | #ifndef WOLFSSL_SMALL_STACK |
wolfSSL | 16:8e0d178b1d1e | 1029 | fp_int x[1], y[1], u[1], v[1], B[1], D[1]; |
wolfSSL | 16:8e0d178b1d1e | 1030 | #else |
wolfSSL | 16:8e0d178b1d1e | 1031 | fp_int *x, *y, *u, *v, *B, *D; |
wolfSSL | 16:8e0d178b1d1e | 1032 | #endif |
wolfSSL | 15:117db924cf7c | 1033 | int neg; |
wolfSSL | 16:8e0d178b1d1e | 1034 | int err; |
wolfSSL | 16:8e0d178b1d1e | 1035 | |
wolfSSL | 16:8e0d178b1d1e | 1036 | if (b->sign == FP_NEG || fp_iszero(b) == FP_YES) { |
wolfSSL | 16:8e0d178b1d1e | 1037 | return FP_VAL; |
wolfSSL | 16:8e0d178b1d1e | 1038 | } |
wolfSSL | 16:8e0d178b1d1e | 1039 | |
wolfSSL | 16:8e0d178b1d1e | 1040 | /* [modified] sanity check on "a" */ |
wolfSSL | 16:8e0d178b1d1e | 1041 | if (fp_iszero(a) == FP_YES) { |
wolfSSL | 16:8e0d178b1d1e | 1042 | return FP_VAL; /* can not divide by 0 here */ |
wolfSSL | 16:8e0d178b1d1e | 1043 | } |
wolfSSL | 15:117db924cf7c | 1044 | |
wolfSSL | 15:117db924cf7c | 1045 | /* 2. [modified] b must be odd */ |
wolfSSL | 16:8e0d178b1d1e | 1046 | if (fp_iseven(b) == FP_YES) { |
wolfSSL | 15:117db924cf7c | 1047 | return fp_invmod_slow(a,b,c); |
wolfSSL | 15:117db924cf7c | 1048 | } |
wolfSSL | 15:117db924cf7c | 1049 | |
wolfSSL | 16:8e0d178b1d1e | 1050 | #ifdef WOLFSSL_SMALL_STACK |
wolfSSL | 16:8e0d178b1d1e | 1051 | x = (fp_int*)XMALLOC(sizeof(fp_int) * 6, NULL, DYNAMIC_TYPE_BIGINT); |
wolfSSL | 16:8e0d178b1d1e | 1052 | if (x == NULL) { |
wolfSSL | 16:8e0d178b1d1e | 1053 | return FP_MEM; |
wolfSSL | 16:8e0d178b1d1e | 1054 | } |
wolfSSL | 16:8e0d178b1d1e | 1055 | y = &x[1]; u = &x[2]; v = &x[3]; B = &x[4]; D = &x[5]; |
wolfSSL | 16:8e0d178b1d1e | 1056 | #endif |
wolfSSL | 16:8e0d178b1d1e | 1057 | |
wolfSSL | 15:117db924cf7c | 1058 | /* init all our temps */ |
wolfSSL | 16:8e0d178b1d1e | 1059 | fp_init(x); fp_init(y); |
wolfSSL | 16:8e0d178b1d1e | 1060 | fp_init(u); fp_init(v); |
wolfSSL | 16:8e0d178b1d1e | 1061 | fp_init(B); fp_init(D); |
wolfSSL | 16:8e0d178b1d1e | 1062 | |
wolfSSL | 16:8e0d178b1d1e | 1063 | if (fp_cmp(a, b) != MP_LT) { |
wolfSSL | 16:8e0d178b1d1e | 1064 | err = mp_mod(a, b, y); |
wolfSSL | 16:8e0d178b1d1e | 1065 | if (err != FP_OKAY) { |
wolfSSL | 16:8e0d178b1d1e | 1066 | #ifdef WOLFSSL_SMALL_STACK |
wolfSSL | 16:8e0d178b1d1e | 1067 | XFREE(x, NULL, DYNAMIC_TYPE_BIGINT); |
wolfSSL | 16:8e0d178b1d1e | 1068 | #endif |
wolfSSL | 16:8e0d178b1d1e | 1069 | return err; |
wolfSSL | 16:8e0d178b1d1e | 1070 | } |
wolfSSL | 16:8e0d178b1d1e | 1071 | a = y; |
wolfSSL | 16:8e0d178b1d1e | 1072 | } |
wolfSSL | 16:8e0d178b1d1e | 1073 | |
wolfSSL | 16:8e0d178b1d1e | 1074 | if (fp_iszero(a) == FP_YES) { |
wolfSSL | 16:8e0d178b1d1e | 1075 | #ifdef WOLFSSL_SMALL_STACK |
wolfSSL | 16:8e0d178b1d1e | 1076 | XFREE(x, NULL, DYNAMIC_TYPE_BIGINT); |
wolfSSL | 16:8e0d178b1d1e | 1077 | #endif |
wolfSSL | 16:8e0d178b1d1e | 1078 | return FP_VAL; |
wolfSSL | 16:8e0d178b1d1e | 1079 | } |
wolfSSL | 15:117db924cf7c | 1080 | |
wolfSSL | 15:117db924cf7c | 1081 | /* x == modulus, y == value to invert */ |
wolfSSL | 16:8e0d178b1d1e | 1082 | fp_copy(b, x); |
wolfSSL | 15:117db924cf7c | 1083 | |
wolfSSL | 15:117db924cf7c | 1084 | /* we need y = |a| */ |
wolfSSL | 16:8e0d178b1d1e | 1085 | fp_abs(a, y); |
wolfSSL | 15:117db924cf7c | 1086 | |
wolfSSL | 15:117db924cf7c | 1087 | /* 3. u=x, v=y, A=1, B=0, C=0,D=1 */ |
wolfSSL | 16:8e0d178b1d1e | 1088 | fp_copy(x, u); |
wolfSSL | 16:8e0d178b1d1e | 1089 | fp_copy(y, v); |
wolfSSL | 16:8e0d178b1d1e | 1090 | fp_set (D, 1); |
wolfSSL | 15:117db924cf7c | 1091 | |
wolfSSL | 15:117db924cf7c | 1092 | top: |
wolfSSL | 15:117db924cf7c | 1093 | /* 4. while u is even do */ |
wolfSSL | 16:8e0d178b1d1e | 1094 | while (fp_iseven (u) == FP_YES) { |
wolfSSL | 15:117db924cf7c | 1095 | /* 4.1 u = u/2 */ |
wolfSSL | 16:8e0d178b1d1e | 1096 | fp_div_2 (u, u); |
wolfSSL | 15:117db924cf7c | 1097 | |
wolfSSL | 15:117db924cf7c | 1098 | /* 4.2 if B is odd then */ |
wolfSSL | 16:8e0d178b1d1e | 1099 | if (fp_isodd (B) == FP_YES) { |
wolfSSL | 16:8e0d178b1d1e | 1100 | fp_sub (B, x, B); |
wolfSSL | 15:117db924cf7c | 1101 | } |
wolfSSL | 15:117db924cf7c | 1102 | /* B = B/2 */ |
wolfSSL | 16:8e0d178b1d1e | 1103 | fp_div_2 (B, B); |
wolfSSL | 15:117db924cf7c | 1104 | } |
wolfSSL | 15:117db924cf7c | 1105 | |
wolfSSL | 15:117db924cf7c | 1106 | /* 5. while v is even do */ |
wolfSSL | 16:8e0d178b1d1e | 1107 | while (fp_iseven (v) == FP_YES) { |
wolfSSL | 15:117db924cf7c | 1108 | /* 5.1 v = v/2 */ |
wolfSSL | 16:8e0d178b1d1e | 1109 | fp_div_2 (v, v); |
wolfSSL | 15:117db924cf7c | 1110 | |
wolfSSL | 15:117db924cf7c | 1111 | /* 5.2 if D is odd then */ |
wolfSSL | 16:8e0d178b1d1e | 1112 | if (fp_isodd (D) == FP_YES) { |
wolfSSL | 15:117db924cf7c | 1113 | /* D = (D-x)/2 */ |
wolfSSL | 16:8e0d178b1d1e | 1114 | fp_sub (D, x, D); |
wolfSSL | 15:117db924cf7c | 1115 | } |
wolfSSL | 15:117db924cf7c | 1116 | /* D = D/2 */ |
wolfSSL | 16:8e0d178b1d1e | 1117 | fp_div_2 (D, D); |
wolfSSL | 15:117db924cf7c | 1118 | } |
wolfSSL | 15:117db924cf7c | 1119 | |
wolfSSL | 15:117db924cf7c | 1120 | /* 6. if u >= v then */ |
wolfSSL | 16:8e0d178b1d1e | 1121 | if (fp_cmp (u, v) != FP_LT) { |
wolfSSL | 15:117db924cf7c | 1122 | /* u = u - v, B = B - D */ |
wolfSSL | 16:8e0d178b1d1e | 1123 | fp_sub (u, v, u); |
wolfSSL | 16:8e0d178b1d1e | 1124 | fp_sub (B, D, B); |
wolfSSL | 15:117db924cf7c | 1125 | } else { |
wolfSSL | 15:117db924cf7c | 1126 | /* v - v - u, D = D - B */ |
wolfSSL | 16:8e0d178b1d1e | 1127 | fp_sub (v, u, v); |
wolfSSL | 16:8e0d178b1d1e | 1128 | fp_sub (D, B, D); |
wolfSSL | 15:117db924cf7c | 1129 | } |
wolfSSL | 15:117db924cf7c | 1130 | |
wolfSSL | 15:117db924cf7c | 1131 | /* if not zero goto step 4 */ |
wolfSSL | 16:8e0d178b1d1e | 1132 | if (fp_iszero (u) == FP_NO) { |
wolfSSL | 15:117db924cf7c | 1133 | goto top; |
wolfSSL | 15:117db924cf7c | 1134 | } |
wolfSSL | 15:117db924cf7c | 1135 | |
wolfSSL | 15:117db924cf7c | 1136 | /* now a = C, b = D, gcd == g*v */ |
wolfSSL | 15:117db924cf7c | 1137 | |
wolfSSL | 15:117db924cf7c | 1138 | /* if v != 1 then there is no inverse */ |
wolfSSL | 16:8e0d178b1d1e | 1139 | if (fp_cmp_d (v, 1) != FP_EQ) { |
wolfSSL | 16:8e0d178b1d1e | 1140 | #ifdef WOLFSSL_SMALL_STACK |
wolfSSL | 16:8e0d178b1d1e | 1141 | XFREE(x, NULL, DYNAMIC_TYPE_BIGINT); |
wolfSSL | 16:8e0d178b1d1e | 1142 | #endif |
wolfSSL | 15:117db924cf7c | 1143 | return FP_VAL; |
wolfSSL | 15:117db924cf7c | 1144 | } |
wolfSSL | 15:117db924cf7c | 1145 | |
wolfSSL | 15:117db924cf7c | 1146 | /* b is now the inverse */ |
wolfSSL | 15:117db924cf7c | 1147 | neg = a->sign; |
wolfSSL | 16:8e0d178b1d1e | 1148 | while (D->sign == FP_NEG) { |
wolfSSL | 16:8e0d178b1d1e | 1149 | fp_add (D, b, D); |
wolfSSL | 15:117db924cf7c | 1150 | } |
wolfSSL | 15:117db924cf7c | 1151 | /* too big */ |
wolfSSL | 16:8e0d178b1d1e | 1152 | while (fp_cmp_mag(D, b) != FP_LT) { |
wolfSSL | 16:8e0d178b1d1e | 1153 | fp_sub(D, b, D); |
wolfSSL | 15:117db924cf7c | 1154 | } |
wolfSSL | 16:8e0d178b1d1e | 1155 | fp_copy (D, c); |
wolfSSL | 15:117db924cf7c | 1156 | c->sign = neg; |
wolfSSL | 16:8e0d178b1d1e | 1157 | #ifdef WOLFSSL_SMALL_STACK |
wolfSSL | 16:8e0d178b1d1e | 1158 | XFREE(x, NULL, DYNAMIC_TYPE_BIGINT); |
wolfSSL | 16:8e0d178b1d1e | 1159 | #endif |
wolfSSL | 16:8e0d178b1d1e | 1160 | return FP_OKAY; |
wolfSSL | 16:8e0d178b1d1e | 1161 | } |
wolfSSL | 16:8e0d178b1d1e | 1162 | |
wolfSSL | 16:8e0d178b1d1e | 1163 | #define CT_INV_MOD_PRE_CNT 8 |
wolfSSL | 16:8e0d178b1d1e | 1164 | |
wolfSSL | 16:8e0d178b1d1e | 1165 | /* modulus (b) must be greater than 2 and a prime */ |
wolfSSL | 16:8e0d178b1d1e | 1166 | int fp_invmod_mont_ct(fp_int *a, fp_int *b, fp_int *c, fp_digit mp) |
wolfSSL | 16:8e0d178b1d1e | 1167 | { |
wolfSSL | 16:8e0d178b1d1e | 1168 | int i, j; |
wolfSSL | 16:8e0d178b1d1e | 1169 | #ifndef WOLFSSL_SMALL_STACK |
wolfSSL | 16:8e0d178b1d1e | 1170 | fp_int t[1], e[1]; |
wolfSSL | 16:8e0d178b1d1e | 1171 | fp_int pre[CT_INV_MOD_PRE_CNT]; |
wolfSSL | 16:8e0d178b1d1e | 1172 | #else |
wolfSSL | 16:8e0d178b1d1e | 1173 | fp_int* t; |
wolfSSL | 16:8e0d178b1d1e | 1174 | fp_int* e; |
wolfSSL | 16:8e0d178b1d1e | 1175 | fp_int* pre; |
wolfSSL | 16:8e0d178b1d1e | 1176 | #endif |
wolfSSL | 16:8e0d178b1d1e | 1177 | |
wolfSSL | 16:8e0d178b1d1e | 1178 | #ifdef WOLFSSL_SMALL_STACK |
wolfSSL | 16:8e0d178b1d1e | 1179 | t = (fp_int*)XMALLOC(sizeof(fp_int) * (2 + CT_INV_MOD_PRE_CNT), NULL, |
wolfSSL | 16:8e0d178b1d1e | 1180 | DYNAMIC_TYPE_BIGINT); |
wolfSSL | 16:8e0d178b1d1e | 1181 | if (t == NULL) |
wolfSSL | 16:8e0d178b1d1e | 1182 | return FP_MEM; |
wolfSSL | 16:8e0d178b1d1e | 1183 | e = t + 1; |
wolfSSL | 16:8e0d178b1d1e | 1184 | pre = t + 2; |
wolfSSL | 16:8e0d178b1d1e | 1185 | #endif |
wolfSSL | 16:8e0d178b1d1e | 1186 | |
wolfSSL | 16:8e0d178b1d1e | 1187 | fp_init(t); |
wolfSSL | 16:8e0d178b1d1e | 1188 | fp_init(e); |
wolfSSL | 16:8e0d178b1d1e | 1189 | |
wolfSSL | 16:8e0d178b1d1e | 1190 | fp_init(&pre[0]); |
wolfSSL | 16:8e0d178b1d1e | 1191 | fp_copy(a, &pre[0]); |
wolfSSL | 16:8e0d178b1d1e | 1192 | for (i = 1; i < CT_INV_MOD_PRE_CNT; i++) { |
wolfSSL | 16:8e0d178b1d1e | 1193 | fp_init(&pre[i]); |
wolfSSL | 16:8e0d178b1d1e | 1194 | fp_sqr(&pre[i-1], &pre[i]); |
wolfSSL | 16:8e0d178b1d1e | 1195 | fp_montgomery_reduce(&pre[i], b, mp); |
wolfSSL | 16:8e0d178b1d1e | 1196 | fp_mul(&pre[i], a, &pre[i]); |
wolfSSL | 16:8e0d178b1d1e | 1197 | fp_montgomery_reduce(&pre[i], b, mp); |
wolfSSL | 16:8e0d178b1d1e | 1198 | } |
wolfSSL | 16:8e0d178b1d1e | 1199 | |
wolfSSL | 16:8e0d178b1d1e | 1200 | fp_sub_d(b, 2, e); |
wolfSSL | 16:8e0d178b1d1e | 1201 | /* Highest bit is always set. */ |
wolfSSL | 16:8e0d178b1d1e | 1202 | for (i = fp_count_bits(e)-2, j = 1; i >= 0; i--, j++) { |
wolfSSL | 16:8e0d178b1d1e | 1203 | if (!fp_is_bit_set(e, i) || j == CT_INV_MOD_PRE_CNT) |
wolfSSL | 16:8e0d178b1d1e | 1204 | break; |
wolfSSL | 16:8e0d178b1d1e | 1205 | } |
wolfSSL | 16:8e0d178b1d1e | 1206 | fp_copy(&pre[j-1], t); |
wolfSSL | 16:8e0d178b1d1e | 1207 | for (j = 0; i >= 0; i--) { |
wolfSSL | 16:8e0d178b1d1e | 1208 | int set = fp_is_bit_set(e, i); |
wolfSSL | 16:8e0d178b1d1e | 1209 | |
wolfSSL | 16:8e0d178b1d1e | 1210 | if ((j == CT_INV_MOD_PRE_CNT) || (!set && j > 0)) { |
wolfSSL | 16:8e0d178b1d1e | 1211 | fp_mul(t, &pre[j-1], t); |
wolfSSL | 16:8e0d178b1d1e | 1212 | fp_montgomery_reduce(t, b, mp); |
wolfSSL | 16:8e0d178b1d1e | 1213 | j = 0; |
wolfSSL | 16:8e0d178b1d1e | 1214 | } |
wolfSSL | 16:8e0d178b1d1e | 1215 | fp_sqr(t, t); |
wolfSSL | 16:8e0d178b1d1e | 1216 | fp_montgomery_reduce(t, b, mp); |
wolfSSL | 16:8e0d178b1d1e | 1217 | j += set; |
wolfSSL | 16:8e0d178b1d1e | 1218 | } |
wolfSSL | 16:8e0d178b1d1e | 1219 | if (j > 0) { |
wolfSSL | 16:8e0d178b1d1e | 1220 | fp_mul(t, &pre[j-1], c); |
wolfSSL | 16:8e0d178b1d1e | 1221 | fp_montgomery_reduce(c, b, mp); |
wolfSSL | 16:8e0d178b1d1e | 1222 | } |
wolfSSL | 16:8e0d178b1d1e | 1223 | else |
wolfSSL | 16:8e0d178b1d1e | 1224 | fp_copy(t, c); |
wolfSSL | 16:8e0d178b1d1e | 1225 | |
wolfSSL | 16:8e0d178b1d1e | 1226 | #ifdef WOLFSSL_SMALL_STACK |
wolfSSL | 16:8e0d178b1d1e | 1227 | XFREE(t, NULL, DYNAMIC_TYPE_BIGINT); |
wolfSSL | 16:8e0d178b1d1e | 1228 | #endif |
wolfSSL | 15:117db924cf7c | 1229 | return FP_OKAY; |
wolfSSL | 15:117db924cf7c | 1230 | } |
wolfSSL | 15:117db924cf7c | 1231 | |
wolfSSL | 15:117db924cf7c | 1232 | /* d = a * b (mod c) */ |
wolfSSL | 15:117db924cf7c | 1233 | int fp_mulmod(fp_int *a, fp_int *b, fp_int *c, fp_int *d) |
wolfSSL | 15:117db924cf7c | 1234 | { |
wolfSSL | 15:117db924cf7c | 1235 | int err; |
wolfSSL | 16:8e0d178b1d1e | 1236 | #ifndef WOLFSSL_SMALL_STACK |
wolfSSL | 16:8e0d178b1d1e | 1237 | fp_int t[1]; |
wolfSSL | 16:8e0d178b1d1e | 1238 | #else |
wolfSSL | 16:8e0d178b1d1e | 1239 | fp_int *t; |
wolfSSL | 16:8e0d178b1d1e | 1240 | #endif |
wolfSSL | 16:8e0d178b1d1e | 1241 | |
wolfSSL | 16:8e0d178b1d1e | 1242 | #ifdef WOLFSSL_SMALL_STACK |
wolfSSL | 16:8e0d178b1d1e | 1243 | t = (fp_int*)XMALLOC(sizeof(fp_int), NULL, DYNAMIC_TYPE_BIGINT); |
wolfSSL | 16:8e0d178b1d1e | 1244 | if (t == NULL) |
wolfSSL | 16:8e0d178b1d1e | 1245 | return FP_MEM; |
wolfSSL | 15:117db924cf7c | 1246 | #endif |
wolfSSL | 16:8e0d178b1d1e | 1247 | |
wolfSSL | 16:8e0d178b1d1e | 1248 | fp_init(t); |
wolfSSL | 16:8e0d178b1d1e | 1249 | err = fp_mul(a, b, t); |
wolfSSL | 16:8e0d178b1d1e | 1250 | if (err == FP_OKAY) { |
wolfSSL | 16:8e0d178b1d1e | 1251 | #if defined(ALT_ECC_SIZE) || defined(HAVE_WOLF_BIGINT) |
wolfSSL | 16:8e0d178b1d1e | 1252 | if (d->size < FP_SIZE) { |
wolfSSL | 16:8e0d178b1d1e | 1253 | err = fp_mod(t, c, t); |
wolfSSL | 16:8e0d178b1d1e | 1254 | fp_copy(t, d); |
wolfSSL | 16:8e0d178b1d1e | 1255 | } else |
wolfSSL | 16:8e0d178b1d1e | 1256 | #endif |
wolfSSL | 16:8e0d178b1d1e | 1257 | { |
wolfSSL | 16:8e0d178b1d1e | 1258 | err = fp_mod(t, c, d); |
wolfSSL | 16:8e0d178b1d1e | 1259 | } |
wolfSSL | 15:117db924cf7c | 1260 | } |
wolfSSL | 15:117db924cf7c | 1261 | |
wolfSSL | 16:8e0d178b1d1e | 1262 | #ifdef WOLFSSL_SMALL_STACK |
wolfSSL | 16:8e0d178b1d1e | 1263 | XFREE(t, NULL, DYNAMIC_TYPE_BIGINT); |
wolfSSL | 16:8e0d178b1d1e | 1264 | #endif |
wolfSSL | 15:117db924cf7c | 1265 | return err; |
wolfSSL | 15:117db924cf7c | 1266 | } |
wolfSSL | 15:117db924cf7c | 1267 | |
wolfSSL | 15:117db924cf7c | 1268 | /* d = a - b (mod c) */ |
wolfSSL | 15:117db924cf7c | 1269 | int fp_submod(fp_int *a, fp_int *b, fp_int *c, fp_int *d) |
wolfSSL | 15:117db924cf7c | 1270 | { |
wolfSSL | 15:117db924cf7c | 1271 | int err; |
wolfSSL | 16:8e0d178b1d1e | 1272 | #ifndef WOLFSSL_SMALL_STACK |
wolfSSL | 16:8e0d178b1d1e | 1273 | fp_int t[1]; |
wolfSSL | 16:8e0d178b1d1e | 1274 | #else |
wolfSSL | 16:8e0d178b1d1e | 1275 | fp_int *t; |
wolfSSL | 16:8e0d178b1d1e | 1276 | #endif |
wolfSSL | 16:8e0d178b1d1e | 1277 | |
wolfSSL | 16:8e0d178b1d1e | 1278 | #ifdef WOLFSSL_SMALL_STACK |
wolfSSL | 16:8e0d178b1d1e | 1279 | t = (fp_int*)XMALLOC(sizeof(fp_int), NULL, DYNAMIC_TYPE_BIGINT); |
wolfSSL | 16:8e0d178b1d1e | 1280 | if (t == NULL) |
wolfSSL | 16:8e0d178b1d1e | 1281 | return FP_MEM; |
wolfSSL | 16:8e0d178b1d1e | 1282 | #endif |
wolfSSL | 16:8e0d178b1d1e | 1283 | |
wolfSSL | 16:8e0d178b1d1e | 1284 | fp_init(t); |
wolfSSL | 16:8e0d178b1d1e | 1285 | fp_sub(a, b, t); |
wolfSSL | 15:117db924cf7c | 1286 | #if defined(ALT_ECC_SIZE) || defined(HAVE_WOLF_BIGINT) |
wolfSSL | 15:117db924cf7c | 1287 | if (d->size < FP_SIZE) { |
wolfSSL | 16:8e0d178b1d1e | 1288 | err = fp_mod(t, c, t); |
wolfSSL | 16:8e0d178b1d1e | 1289 | fp_copy(t, d); |
wolfSSL | 15:117db924cf7c | 1290 | } else |
wolfSSL | 15:117db924cf7c | 1291 | #endif |
wolfSSL | 15:117db924cf7c | 1292 | { |
wolfSSL | 16:8e0d178b1d1e | 1293 | err = fp_mod(t, c, d); |
wolfSSL | 15:117db924cf7c | 1294 | } |
wolfSSL | 15:117db924cf7c | 1295 | |
wolfSSL | 16:8e0d178b1d1e | 1296 | #ifdef WOLFSSL_SMALL_STACK |
wolfSSL | 16:8e0d178b1d1e | 1297 | XFREE(t, NULL, DYNAMIC_TYPE_BIGINT); |
wolfSSL | 16:8e0d178b1d1e | 1298 | #endif |
wolfSSL | 15:117db924cf7c | 1299 | return err; |
wolfSSL | 15:117db924cf7c | 1300 | } |
wolfSSL | 15:117db924cf7c | 1301 | |
wolfSSL | 15:117db924cf7c | 1302 | /* d = a + b (mod c) */ |
wolfSSL | 15:117db924cf7c | 1303 | int fp_addmod(fp_int *a, fp_int *b, fp_int *c, fp_int *d) |
wolfSSL | 15:117db924cf7c | 1304 | { |
wolfSSL | 15:117db924cf7c | 1305 | int err; |
wolfSSL | 16:8e0d178b1d1e | 1306 | #ifndef WOLFSSL_SMALL_STACK |
wolfSSL | 16:8e0d178b1d1e | 1307 | fp_int t[1]; |
wolfSSL | 16:8e0d178b1d1e | 1308 | #else |
wolfSSL | 16:8e0d178b1d1e | 1309 | fp_int *t; |
wolfSSL | 16:8e0d178b1d1e | 1310 | #endif |
wolfSSL | 16:8e0d178b1d1e | 1311 | |
wolfSSL | 16:8e0d178b1d1e | 1312 | #ifdef WOLFSSL_SMALL_STACK |
wolfSSL | 16:8e0d178b1d1e | 1313 | t = (fp_int*)XMALLOC(sizeof(fp_int), NULL, DYNAMIC_TYPE_BIGINT); |
wolfSSL | 16:8e0d178b1d1e | 1314 | if (t == NULL) |
wolfSSL | 16:8e0d178b1d1e | 1315 | return FP_MEM; |
wolfSSL | 16:8e0d178b1d1e | 1316 | #endif |
wolfSSL | 16:8e0d178b1d1e | 1317 | |
wolfSSL | 16:8e0d178b1d1e | 1318 | fp_init(t); |
wolfSSL | 16:8e0d178b1d1e | 1319 | fp_add(a, b, t); |
wolfSSL | 15:117db924cf7c | 1320 | #if defined(ALT_ECC_SIZE) || defined(HAVE_WOLF_BIGINT) |
wolfSSL | 15:117db924cf7c | 1321 | if (d->size < FP_SIZE) { |
wolfSSL | 16:8e0d178b1d1e | 1322 | err = fp_mod(t, c, t); |
wolfSSL | 16:8e0d178b1d1e | 1323 | fp_copy(t, d); |
wolfSSL | 15:117db924cf7c | 1324 | } else |
wolfSSL | 15:117db924cf7c | 1325 | #endif |
wolfSSL | 15:117db924cf7c | 1326 | { |
wolfSSL | 16:8e0d178b1d1e | 1327 | err = fp_mod(t, c, d); |
wolfSSL | 15:117db924cf7c | 1328 | } |
wolfSSL | 15:117db924cf7c | 1329 | |
wolfSSL | 16:8e0d178b1d1e | 1330 | #ifdef WOLFSSL_SMALL_STACK |
wolfSSL | 16:8e0d178b1d1e | 1331 | XFREE(t, NULL, DYNAMIC_TYPE_BIGINT); |
wolfSSL | 16:8e0d178b1d1e | 1332 | #endif |
wolfSSL | 15:117db924cf7c | 1333 | return err; |
wolfSSL | 15:117db924cf7c | 1334 | } |
wolfSSL | 15:117db924cf7c | 1335 | |
wolfSSL | 15:117db924cf7c | 1336 | #ifdef TFM_TIMING_RESISTANT |
wolfSSL | 15:117db924cf7c | 1337 | |
wolfSSL | 16:8e0d178b1d1e | 1338 | #ifdef WC_RSA_NONBLOCK |
wolfSSL | 16:8e0d178b1d1e | 1339 | |
wolfSSL | 16:8e0d178b1d1e | 1340 | #ifdef WC_RSA_NONBLOCK_TIME |
wolfSSL | 16:8e0d178b1d1e | 1341 | /* User can override the check-time at build-time using the |
wolfSSL | 16:8e0d178b1d1e | 1342 | * FP_EXPTMOD_NB_CHECKTIME macro to define your own function */ |
wolfSSL | 16:8e0d178b1d1e | 1343 | #ifndef FP_EXPTMOD_NB_CHECKTIME |
wolfSSL | 16:8e0d178b1d1e | 1344 | /* instruction count for each type of operation */ |
wolfSSL | 16:8e0d178b1d1e | 1345 | /* array lookup is using TFM_EXPTMOD_NB_* states */ |
wolfSSL | 16:8e0d178b1d1e | 1346 | static const word32 exptModNbInst[TFM_EXPTMOD_NB_COUNT] = { |
wolfSSL | 16:8e0d178b1d1e | 1347 | #ifdef TFM_PPC32 |
wolfSSL | 16:8e0d178b1d1e | 1348 | #ifdef _DEBUG |
wolfSSL | 16:8e0d178b1d1e | 1349 | 11098, 8701, 3971, 178394, 858093, 1040, 822, 178056, 181574, 90883, 184339, 236813 |
wolfSSL | 16:8e0d178b1d1e | 1350 | #else |
wolfSSL | 16:8e0d178b1d1e | 1351 | 7050, 2554, 3187, 43178, 200422, 384, 275, 43024, 43550, 30450, 46270, 61376 |
wolfSSL | 16:8e0d178b1d1e | 1352 | #endif |
wolfSSL | 16:8e0d178b1d1e | 1353 | #elif defined(TFM_X86_64) |
wolfSSL | 16:8e0d178b1d1e | 1354 | #ifdef _DEBUG |
wolfSSL | 16:8e0d178b1d1e | 1355 | 954, 2377, 858, 19027, 90840, 287, 407, 20140, 7874, 11385, 8005, 6151 |
wolfSSL | 16:8e0d178b1d1e | 1356 | #else |
wolfSSL | 16:8e0d178b1d1e | 1357 | 765, 1007, 771, 5216, 34993, 248, 193, 4975, 4201, 3947, 4275, 3811 |
wolfSSL | 16:8e0d178b1d1e | 1358 | #endif |
wolfSSL | 16:8e0d178b1d1e | 1359 | #else /* software only fast math */ |
wolfSSL | 16:8e0d178b1d1e | 1360 | #ifdef _DEBUG |
wolfSSL | 16:8e0d178b1d1e | 1361 | 798, 2245, 802, 16657, 66920, 352, 186, 16997, 16145, 12789, 16742, 15006 |
wolfSSL | 16:8e0d178b1d1e | 1362 | #else |
wolfSSL | 16:8e0d178b1d1e | 1363 | 775, 1084, 783, 4692, 37510, 207, 183, 4374, 4392, 3097, 4442, 4079 |
wolfSSL | 16:8e0d178b1d1e | 1364 | #endif |
wolfSSL | 16:8e0d178b1d1e | 1365 | #endif |
wolfSSL | 16:8e0d178b1d1e | 1366 | }; |
wolfSSL | 16:8e0d178b1d1e | 1367 | |
wolfSSL | 16:8e0d178b1d1e | 1368 | static int fp_exptmod_nb_checktime(exptModNb_t* nb) |
wolfSSL | 16:8e0d178b1d1e | 1369 | { |
wolfSSL | 16:8e0d178b1d1e | 1370 | word32 totalInst; |
wolfSSL | 16:8e0d178b1d1e | 1371 | |
wolfSSL | 16:8e0d178b1d1e | 1372 | /* if no max time has been set then stop (do not block) */ |
wolfSSL | 16:8e0d178b1d1e | 1373 | if (nb->maxBlockInst == 0 || nb->state >= TFM_EXPTMOD_NB_COUNT) { |
wolfSSL | 16:8e0d178b1d1e | 1374 | return TFM_EXPTMOD_NB_STOP; |
wolfSSL | 16:8e0d178b1d1e | 1375 | } |
wolfSSL | 16:8e0d178b1d1e | 1376 | |
wolfSSL | 16:8e0d178b1d1e | 1377 | /* if instruction table not set then use maxBlockInst as simple counter */ |
wolfSSL | 16:8e0d178b1d1e | 1378 | if (exptModNbInst[nb->state] == 0) { |
wolfSSL | 16:8e0d178b1d1e | 1379 | if (++nb->totalInst < nb->maxBlockInst) |
wolfSSL | 16:8e0d178b1d1e | 1380 | return TFM_EXPTMOD_NB_CONTINUE; |
wolfSSL | 16:8e0d178b1d1e | 1381 | |
wolfSSL | 16:8e0d178b1d1e | 1382 | nb->totalInst = 0; /* reset counter */ |
wolfSSL | 16:8e0d178b1d1e | 1383 | return TFM_EXPTMOD_NB_STOP; |
wolfSSL | 16:8e0d178b1d1e | 1384 | } |
wolfSSL | 16:8e0d178b1d1e | 1385 | |
wolfSSL | 16:8e0d178b1d1e | 1386 | /* get total instruction count including next operation */ |
wolfSSL | 16:8e0d178b1d1e | 1387 | totalInst = nb->totalInst + exptModNbInst[nb->state]; |
wolfSSL | 16:8e0d178b1d1e | 1388 | /* if the next operation can completed within the maximum then continue */ |
wolfSSL | 16:8e0d178b1d1e | 1389 | if (totalInst <= nb->maxBlockInst) { |
wolfSSL | 16:8e0d178b1d1e | 1390 | return TFM_EXPTMOD_NB_CONTINUE; |
wolfSSL | 16:8e0d178b1d1e | 1391 | } |
wolfSSL | 16:8e0d178b1d1e | 1392 | |
wolfSSL | 16:8e0d178b1d1e | 1393 | return TFM_EXPTMOD_NB_STOP; |
wolfSSL | 16:8e0d178b1d1e | 1394 | } |
wolfSSL | 16:8e0d178b1d1e | 1395 | #define FP_EXPTMOD_NB_CHECKTIME(nb) fp_exptmod_nb_checktime((nb)) |
wolfSSL | 16:8e0d178b1d1e | 1396 | #endif /* !FP_EXPTMOD_NB_CHECKTIME */ |
wolfSSL | 16:8e0d178b1d1e | 1397 | #endif /* WC_RSA_NONBLOCK_TIME */ |
wolfSSL | 16:8e0d178b1d1e | 1398 | |
wolfSSL | 16:8e0d178b1d1e | 1399 | /* non-blocking version of timing resistant fp_exptmod function */ |
wolfSSL | 16:8e0d178b1d1e | 1400 | /* supports cache resistance */ |
wolfSSL | 16:8e0d178b1d1e | 1401 | int fp_exptmod_nb(exptModNb_t* nb, fp_int* G, fp_int* X, fp_int* P, fp_int* Y) |
wolfSSL | 16:8e0d178b1d1e | 1402 | { |
wolfSSL | 16:8e0d178b1d1e | 1403 | int err, ret = FP_WOULDBLOCK; |
wolfSSL | 16:8e0d178b1d1e | 1404 | |
wolfSSL | 16:8e0d178b1d1e | 1405 | if (nb == NULL) |
wolfSSL | 16:8e0d178b1d1e | 1406 | return FP_VAL; |
wolfSSL | 16:8e0d178b1d1e | 1407 | |
wolfSSL | 16:8e0d178b1d1e | 1408 | #ifdef WC_RSA_NONBLOCK_TIME |
wolfSSL | 16:8e0d178b1d1e | 1409 | nb->totalInst = 0; |
wolfSSL | 16:8e0d178b1d1e | 1410 | do { |
wolfSSL | 16:8e0d178b1d1e | 1411 | nb->totalInst += exptModNbInst[nb->state]; |
wolfSSL | 16:8e0d178b1d1e | 1412 | #endif |
wolfSSL | 16:8e0d178b1d1e | 1413 | |
wolfSSL | 16:8e0d178b1d1e | 1414 | switch (nb->state) { |
wolfSSL | 16:8e0d178b1d1e | 1415 | case TFM_EXPTMOD_NB_INIT: |
wolfSSL | 16:8e0d178b1d1e | 1416 | /* now setup montgomery */ |
wolfSSL | 16:8e0d178b1d1e | 1417 | if ((err = fp_montgomery_setup(P, &nb->mp)) != FP_OKAY) { |
wolfSSL | 16:8e0d178b1d1e | 1418 | nb->state = TFM_EXPTMOD_NB_INIT; |
wolfSSL | 16:8e0d178b1d1e | 1419 | return err; |
wolfSSL | 16:8e0d178b1d1e | 1420 | } |
wolfSSL | 16:8e0d178b1d1e | 1421 | |
wolfSSL | 16:8e0d178b1d1e | 1422 | /* init ints */ |
wolfSSL | 16:8e0d178b1d1e | 1423 | fp_init(&nb->R[0]); |
wolfSSL | 16:8e0d178b1d1e | 1424 | fp_init(&nb->R[1]); |
wolfSSL | 16:8e0d178b1d1e | 1425 | #ifndef WC_NO_CACHE_RESISTANT |
wolfSSL | 16:8e0d178b1d1e | 1426 | fp_init(&nb->R[2]); |
wolfSSL | 16:8e0d178b1d1e | 1427 | #endif |
wolfSSL | 16:8e0d178b1d1e | 1428 | nb->state = TFM_EXPTMOD_NB_MONT; |
wolfSSL | 16:8e0d178b1d1e | 1429 | break; |
wolfSSL | 16:8e0d178b1d1e | 1430 | |
wolfSSL | 16:8e0d178b1d1e | 1431 | case TFM_EXPTMOD_NB_MONT: |
wolfSSL | 16:8e0d178b1d1e | 1432 | /* mod m -> R[0] */ |
wolfSSL | 16:8e0d178b1d1e | 1433 | fp_montgomery_calc_normalization(&nb->R[0], P); |
wolfSSL | 16:8e0d178b1d1e | 1434 | |
wolfSSL | 16:8e0d178b1d1e | 1435 | nb->state = TFM_EXPTMOD_NB_MONT_RED; |
wolfSSL | 16:8e0d178b1d1e | 1436 | break; |
wolfSSL | 16:8e0d178b1d1e | 1437 | |
wolfSSL | 16:8e0d178b1d1e | 1438 | case TFM_EXPTMOD_NB_MONT_RED: |
wolfSSL | 16:8e0d178b1d1e | 1439 | /* reduce G -> R[1] */ |
wolfSSL | 16:8e0d178b1d1e | 1440 | if (fp_cmp_mag(P, G) != FP_GT) { |
wolfSSL | 16:8e0d178b1d1e | 1441 | /* G > P so we reduce it first */ |
wolfSSL | 16:8e0d178b1d1e | 1442 | fp_mod(G, P, &nb->R[1]); |
wolfSSL | 16:8e0d178b1d1e | 1443 | } else { |
wolfSSL | 16:8e0d178b1d1e | 1444 | fp_copy(G, &nb->R[1]); |
wolfSSL | 16:8e0d178b1d1e | 1445 | } |
wolfSSL | 16:8e0d178b1d1e | 1446 | |
wolfSSL | 16:8e0d178b1d1e | 1447 | nb->state = TFM_EXPTMOD_NB_MONT_MUL; |
wolfSSL | 16:8e0d178b1d1e | 1448 | break; |
wolfSSL | 16:8e0d178b1d1e | 1449 | |
wolfSSL | 16:8e0d178b1d1e | 1450 | case TFM_EXPTMOD_NB_MONT_MUL: |
wolfSSL | 16:8e0d178b1d1e | 1451 | /* G (R[1]) * m (R[0]) */ |
wolfSSL | 16:8e0d178b1d1e | 1452 | err = fp_mul(&nb->R[1], &nb->R[0], &nb->R[1]); |
wolfSSL | 16:8e0d178b1d1e | 1453 | if (err != FP_OKAY) { |
wolfSSL | 16:8e0d178b1d1e | 1454 | nb->state = TFM_EXPTMOD_NB_INIT; |
wolfSSL | 16:8e0d178b1d1e | 1455 | return err; |
wolfSSL | 16:8e0d178b1d1e | 1456 | } |
wolfSSL | 16:8e0d178b1d1e | 1457 | |
wolfSSL | 16:8e0d178b1d1e | 1458 | nb->state = TFM_EXPTMOD_NB_MONT_MOD; |
wolfSSL | 16:8e0d178b1d1e | 1459 | break; |
wolfSSL | 16:8e0d178b1d1e | 1460 | |
wolfSSL | 16:8e0d178b1d1e | 1461 | case TFM_EXPTMOD_NB_MONT_MOD: |
wolfSSL | 16:8e0d178b1d1e | 1462 | /* mod m */ |
wolfSSL | 16:8e0d178b1d1e | 1463 | err = fp_div(&nb->R[1], P, NULL, &nb->R[1]); |
wolfSSL | 16:8e0d178b1d1e | 1464 | if (err != FP_OKAY) { |
wolfSSL | 16:8e0d178b1d1e | 1465 | nb->state = TFM_EXPTMOD_NB_INIT; |
wolfSSL | 16:8e0d178b1d1e | 1466 | return err; |
wolfSSL | 16:8e0d178b1d1e | 1467 | } |
wolfSSL | 16:8e0d178b1d1e | 1468 | |
wolfSSL | 16:8e0d178b1d1e | 1469 | nb->state = TFM_EXPTMOD_NB_MONT_MODCHK; |
wolfSSL | 16:8e0d178b1d1e | 1470 | break; |
wolfSSL | 16:8e0d178b1d1e | 1471 | |
wolfSSL | 16:8e0d178b1d1e | 1472 | case TFM_EXPTMOD_NB_MONT_MODCHK: |
wolfSSL | 16:8e0d178b1d1e | 1473 | /* m matches sign of (G * R mod m) */ |
wolfSSL | 16:8e0d178b1d1e | 1474 | if (nb->R[1].sign != P->sign) { |
wolfSSL | 16:8e0d178b1d1e | 1475 | fp_add(&nb->R[1], P, &nb->R[1]); |
wolfSSL | 16:8e0d178b1d1e | 1476 | } |
wolfSSL | 16:8e0d178b1d1e | 1477 | |
wolfSSL | 16:8e0d178b1d1e | 1478 | /* set initial mode and bit cnt */ |
wolfSSL | 16:8e0d178b1d1e | 1479 | nb->bitcnt = 1; |
wolfSSL | 16:8e0d178b1d1e | 1480 | nb->buf = 0; |
wolfSSL | 16:8e0d178b1d1e | 1481 | nb->digidx = X->used - 1; |
wolfSSL | 16:8e0d178b1d1e | 1482 | |
wolfSSL | 16:8e0d178b1d1e | 1483 | nb->state = TFM_EXPTMOD_NB_NEXT; |
wolfSSL | 16:8e0d178b1d1e | 1484 | break; |
wolfSSL | 16:8e0d178b1d1e | 1485 | |
wolfSSL | 16:8e0d178b1d1e | 1486 | case TFM_EXPTMOD_NB_NEXT: |
wolfSSL | 16:8e0d178b1d1e | 1487 | /* grab next digit as required */ |
wolfSSL | 16:8e0d178b1d1e | 1488 | if (--nb->bitcnt == 0) { |
wolfSSL | 16:8e0d178b1d1e | 1489 | /* if nb->digidx == -1 we are out of digits so break */ |
wolfSSL | 16:8e0d178b1d1e | 1490 | if (nb->digidx == -1) { |
wolfSSL | 16:8e0d178b1d1e | 1491 | nb->state = TFM_EXPTMOD_NB_RED; |
wolfSSL | 16:8e0d178b1d1e | 1492 | break; |
wolfSSL | 16:8e0d178b1d1e | 1493 | } |
wolfSSL | 16:8e0d178b1d1e | 1494 | /* read next digit and reset nb->bitcnt */ |
wolfSSL | 16:8e0d178b1d1e | 1495 | nb->buf = X->dp[nb->digidx--]; |
wolfSSL | 16:8e0d178b1d1e | 1496 | nb->bitcnt = (int)DIGIT_BIT; |
wolfSSL | 16:8e0d178b1d1e | 1497 | } |
wolfSSL | 16:8e0d178b1d1e | 1498 | |
wolfSSL | 16:8e0d178b1d1e | 1499 | /* grab the next msb from the exponent */ |
wolfSSL | 16:8e0d178b1d1e | 1500 | nb->y = (int)(nb->buf >> (DIGIT_BIT - 1)) & 1; |
wolfSSL | 16:8e0d178b1d1e | 1501 | nb->buf <<= (fp_digit)1; |
wolfSSL | 16:8e0d178b1d1e | 1502 | nb->state = TFM_EXPTMOD_NB_MUL; |
wolfSSL | 16:8e0d178b1d1e | 1503 | FALL_THROUGH; |
wolfSSL | 16:8e0d178b1d1e | 1504 | |
wolfSSL | 16:8e0d178b1d1e | 1505 | case TFM_EXPTMOD_NB_MUL: |
wolfSSL | 16:8e0d178b1d1e | 1506 | fp_mul(&nb->R[0], &nb->R[1], &nb->R[nb->y^1]); |
wolfSSL | 16:8e0d178b1d1e | 1507 | nb->state = TFM_EXPTMOD_NB_MUL_RED; |
wolfSSL | 16:8e0d178b1d1e | 1508 | break; |
wolfSSL | 16:8e0d178b1d1e | 1509 | |
wolfSSL | 16:8e0d178b1d1e | 1510 | case TFM_EXPTMOD_NB_MUL_RED: |
wolfSSL | 16:8e0d178b1d1e | 1511 | fp_montgomery_reduce(&nb->R[nb->y^1], P, nb->mp); |
wolfSSL | 16:8e0d178b1d1e | 1512 | nb->state = TFM_EXPTMOD_NB_SQR; |
wolfSSL | 16:8e0d178b1d1e | 1513 | break; |
wolfSSL | 16:8e0d178b1d1e | 1514 | |
wolfSSL | 16:8e0d178b1d1e | 1515 | case TFM_EXPTMOD_NB_SQR: |
wolfSSL | 16:8e0d178b1d1e | 1516 | #ifdef WC_NO_CACHE_RESISTANT |
wolfSSL | 16:8e0d178b1d1e | 1517 | fp_sqr(&nb->R[nb->y], &nb->R[nb->y]); |
wolfSSL | 16:8e0d178b1d1e | 1518 | #else |
wolfSSL | 16:8e0d178b1d1e | 1519 | fp_copy((fp_int*) ( ((wolfssl_word)&nb->R[0] & wc_off_on_addr[nb->y^1]) + |
wolfSSL | 16:8e0d178b1d1e | 1520 | ((wolfssl_word)&nb->R[1] & wc_off_on_addr[nb->y]) ), |
wolfSSL | 16:8e0d178b1d1e | 1521 | &nb->R[2]); |
wolfSSL | 16:8e0d178b1d1e | 1522 | fp_sqr(&nb->R[2], &nb->R[2]); |
wolfSSL | 16:8e0d178b1d1e | 1523 | #endif /* WC_NO_CACHE_RESISTANT */ |
wolfSSL | 16:8e0d178b1d1e | 1524 | |
wolfSSL | 16:8e0d178b1d1e | 1525 | nb->state = TFM_EXPTMOD_NB_SQR_RED; |
wolfSSL | 16:8e0d178b1d1e | 1526 | break; |
wolfSSL | 16:8e0d178b1d1e | 1527 | |
wolfSSL | 16:8e0d178b1d1e | 1528 | case TFM_EXPTMOD_NB_SQR_RED: |
wolfSSL | 16:8e0d178b1d1e | 1529 | #ifdef WC_NO_CACHE_RESISTANT |
wolfSSL | 16:8e0d178b1d1e | 1530 | fp_montgomery_reduce(&nb->R[nb->y], P, nb->mp); |
wolfSSL | 16:8e0d178b1d1e | 1531 | #else |
wolfSSL | 16:8e0d178b1d1e | 1532 | fp_montgomery_reduce(&nb->R[2], P, nb->mp); |
wolfSSL | 16:8e0d178b1d1e | 1533 | fp_copy(&nb->R[2], |
wolfSSL | 16:8e0d178b1d1e | 1534 | (fp_int*) ( ((wolfssl_word)&nb->R[0] & wc_off_on_addr[nb->y^1]) + |
wolfSSL | 16:8e0d178b1d1e | 1535 | ((wolfssl_word)&nb->R[1] & wc_off_on_addr[nb->y]) ) ); |
wolfSSL | 16:8e0d178b1d1e | 1536 | #endif /* WC_NO_CACHE_RESISTANT */ |
wolfSSL | 16:8e0d178b1d1e | 1537 | |
wolfSSL | 16:8e0d178b1d1e | 1538 | nb->state = TFM_EXPTMOD_NB_NEXT; |
wolfSSL | 16:8e0d178b1d1e | 1539 | break; |
wolfSSL | 16:8e0d178b1d1e | 1540 | |
wolfSSL | 16:8e0d178b1d1e | 1541 | case TFM_EXPTMOD_NB_RED: |
wolfSSL | 16:8e0d178b1d1e | 1542 | /* final reduce */ |
wolfSSL | 16:8e0d178b1d1e | 1543 | fp_montgomery_reduce(&nb->R[0], P, nb->mp); |
wolfSSL | 16:8e0d178b1d1e | 1544 | fp_copy(&nb->R[0], Y); |
wolfSSL | 16:8e0d178b1d1e | 1545 | |
wolfSSL | 16:8e0d178b1d1e | 1546 | nb->state = TFM_EXPTMOD_NB_INIT; |
wolfSSL | 16:8e0d178b1d1e | 1547 | ret = FP_OKAY; |
wolfSSL | 16:8e0d178b1d1e | 1548 | break; |
wolfSSL | 16:8e0d178b1d1e | 1549 | } /* switch */ |
wolfSSL | 16:8e0d178b1d1e | 1550 | |
wolfSSL | 16:8e0d178b1d1e | 1551 | #ifdef WC_RSA_NONBLOCK_TIME |
wolfSSL | 16:8e0d178b1d1e | 1552 | /* determine if maximum blocking time has been reached */ |
wolfSSL | 16:8e0d178b1d1e | 1553 | } while (ret == FP_WOULDBLOCK && |
wolfSSL | 16:8e0d178b1d1e | 1554 | FP_EXPTMOD_NB_CHECKTIME(nb) == TFM_EXPTMOD_NB_CONTINUE); |
wolfSSL | 16:8e0d178b1d1e | 1555 | #endif |
wolfSSL | 16:8e0d178b1d1e | 1556 | |
wolfSSL | 16:8e0d178b1d1e | 1557 | return ret; |
wolfSSL | 16:8e0d178b1d1e | 1558 | } |
wolfSSL | 16:8e0d178b1d1e | 1559 | |
wolfSSL | 16:8e0d178b1d1e | 1560 | #endif /* WC_RSA_NONBLOCK */ |
wolfSSL | 16:8e0d178b1d1e | 1561 | |
wolfSSL | 16:8e0d178b1d1e | 1562 | |
wolfSSL | 15:117db924cf7c | 1563 | /* timing resistant montgomery ladder based exptmod |
wolfSSL | 15:117db924cf7c | 1564 | Based on work by Marc Joye, Sung-Ming Yen, "The Montgomery Powering Ladder", |
wolfSSL | 15:117db924cf7c | 1565 | Cryptographic Hardware and Embedded Systems, CHES 2002 |
wolfSSL | 15:117db924cf7c | 1566 | */ |
wolfSSL | 16:8e0d178b1d1e | 1567 | static int _fp_exptmod_ct(fp_int * G, fp_int * X, int digits, fp_int * P, |
wolfSSL | 16:8e0d178b1d1e | 1568 | fp_int * Y) |
wolfSSL | 15:117db924cf7c | 1569 | { |
wolfSSL | 16:8e0d178b1d1e | 1570 | #ifndef WOLFSSL_SMALL_STACK |
wolfSSL | 15:117db924cf7c | 1571 | #ifdef WC_NO_CACHE_RESISTANT |
wolfSSL | 15:117db924cf7c | 1572 | fp_int R[2]; |
wolfSSL | 15:117db924cf7c | 1573 | #else |
wolfSSL | 15:117db924cf7c | 1574 | fp_int R[3]; /* need a temp for cache resistance */ |
wolfSSL | 15:117db924cf7c | 1575 | #endif |
wolfSSL | 16:8e0d178b1d1e | 1576 | #else |
wolfSSL | 16:8e0d178b1d1e | 1577 | fp_int *R; |
wolfSSL | 16:8e0d178b1d1e | 1578 | #endif |
wolfSSL | 15:117db924cf7c | 1579 | fp_digit buf, mp; |
wolfSSL | 15:117db924cf7c | 1580 | int err, bitcnt, digidx, y; |
wolfSSL | 15:117db924cf7c | 1581 | |
wolfSSL | 15:117db924cf7c | 1582 | /* now setup montgomery */ |
wolfSSL | 15:117db924cf7c | 1583 | if ((err = fp_montgomery_setup (P, &mp)) != FP_OKAY) { |
wolfSSL | 15:117db924cf7c | 1584 | return err; |
wolfSSL | 15:117db924cf7c | 1585 | } |
wolfSSL | 15:117db924cf7c | 1586 | |
wolfSSL | 16:8e0d178b1d1e | 1587 | #ifdef WOLFSSL_SMALL_STACK |
wolfSSL | 16:8e0d178b1d1e | 1588 | #ifndef WC_NO_CACHE_RESISTANT |
wolfSSL | 16:8e0d178b1d1e | 1589 | R = (fp_int*)XMALLOC(sizeof(fp_int) * 3, NULL, DYNAMIC_TYPE_BIGINT); |
wolfSSL | 16:8e0d178b1d1e | 1590 | #else |
wolfSSL | 16:8e0d178b1d1e | 1591 | R = (fp_int*)XMALLOC(sizeof(fp_int) * 2, NULL, DYNAMIC_TYPE_BIGINT); |
wolfSSL | 16:8e0d178b1d1e | 1592 | #endif |
wolfSSL | 16:8e0d178b1d1e | 1593 | if (R == NULL) |
wolfSSL | 16:8e0d178b1d1e | 1594 | return FP_MEM; |
wolfSSL | 16:8e0d178b1d1e | 1595 | #endif |
wolfSSL | 15:117db924cf7c | 1596 | fp_init(&R[0]); |
wolfSSL | 15:117db924cf7c | 1597 | fp_init(&R[1]); |
wolfSSL | 15:117db924cf7c | 1598 | #ifndef WC_NO_CACHE_RESISTANT |
wolfSSL | 15:117db924cf7c | 1599 | fp_init(&R[2]); |
wolfSSL | 15:117db924cf7c | 1600 | #endif |
wolfSSL | 15:117db924cf7c | 1601 | |
wolfSSL | 15:117db924cf7c | 1602 | /* now we need R mod m */ |
wolfSSL | 15:117db924cf7c | 1603 | fp_montgomery_calc_normalization (&R[0], P); |
wolfSSL | 15:117db924cf7c | 1604 | |
wolfSSL | 15:117db924cf7c | 1605 | /* now set R[0][1] to G * R mod m */ |
wolfSSL | 15:117db924cf7c | 1606 | if (fp_cmp_mag(P, G) != FP_GT) { |
wolfSSL | 15:117db924cf7c | 1607 | /* G > P so we reduce it first */ |
wolfSSL | 15:117db924cf7c | 1608 | fp_mod(G, P, &R[1]); |
wolfSSL | 15:117db924cf7c | 1609 | } else { |
wolfSSL | 15:117db924cf7c | 1610 | fp_copy(G, &R[1]); |
wolfSSL | 15:117db924cf7c | 1611 | } |
wolfSSL | 15:117db924cf7c | 1612 | fp_mulmod (&R[1], &R[0], P, &R[1]); |
wolfSSL | 15:117db924cf7c | 1613 | |
wolfSSL | 15:117db924cf7c | 1614 | /* for j = t-1 downto 0 do |
wolfSSL | 15:117db924cf7c | 1615 | r_!k = R0*R1; r_k = r_k^2 |
wolfSSL | 15:117db924cf7c | 1616 | */ |
wolfSSL | 15:117db924cf7c | 1617 | |
wolfSSL | 15:117db924cf7c | 1618 | /* set initial mode and bit cnt */ |
wolfSSL | 15:117db924cf7c | 1619 | bitcnt = 1; |
wolfSSL | 15:117db924cf7c | 1620 | buf = 0; |
wolfSSL | 16:8e0d178b1d1e | 1621 | digidx = digits - 1; |
wolfSSL | 15:117db924cf7c | 1622 | |
wolfSSL | 15:117db924cf7c | 1623 | for (;;) { |
wolfSSL | 15:117db924cf7c | 1624 | /* grab next digit as required */ |
wolfSSL | 15:117db924cf7c | 1625 | if (--bitcnt == 0) { |
wolfSSL | 15:117db924cf7c | 1626 | /* if digidx == -1 we are out of digits so break */ |
wolfSSL | 15:117db924cf7c | 1627 | if (digidx == -1) { |
wolfSSL | 15:117db924cf7c | 1628 | break; |
wolfSSL | 15:117db924cf7c | 1629 | } |
wolfSSL | 15:117db924cf7c | 1630 | /* read next digit and reset bitcnt */ |
wolfSSL | 15:117db924cf7c | 1631 | buf = X->dp[digidx--]; |
wolfSSL | 15:117db924cf7c | 1632 | bitcnt = (int)DIGIT_BIT; |
wolfSSL | 15:117db924cf7c | 1633 | } |
wolfSSL | 15:117db924cf7c | 1634 | |
wolfSSL | 15:117db924cf7c | 1635 | /* grab the next msb from the exponent */ |
wolfSSL | 15:117db924cf7c | 1636 | y = (int)(buf >> (DIGIT_BIT - 1)) & 1; |
wolfSSL | 15:117db924cf7c | 1637 | buf <<= (fp_digit)1; |
wolfSSL | 15:117db924cf7c | 1638 | |
wolfSSL | 15:117db924cf7c | 1639 | /* do ops */ |
wolfSSL | 16:8e0d178b1d1e | 1640 | err = fp_mul(&R[0], &R[1], &R[y^1]); |
wolfSSL | 16:8e0d178b1d1e | 1641 | if (err != FP_OKAY) { |
wolfSSL | 16:8e0d178b1d1e | 1642 | #ifdef WOLFSSL_SMALL_STACK |
wolfSSL | 16:8e0d178b1d1e | 1643 | XFREE(R, NULL, DYNAMIC_TYPE_BIGINT); |
wolfSSL | 16:8e0d178b1d1e | 1644 | #endif |
wolfSSL | 16:8e0d178b1d1e | 1645 | return err; |
wolfSSL | 16:8e0d178b1d1e | 1646 | } |
wolfSSL | 16:8e0d178b1d1e | 1647 | err = fp_montgomery_reduce(&R[y^1], P, mp); |
wolfSSL | 16:8e0d178b1d1e | 1648 | if (err != FP_OKAY) { |
wolfSSL | 16:8e0d178b1d1e | 1649 | #ifdef WOLFSSL_SMALL_STACK |
wolfSSL | 16:8e0d178b1d1e | 1650 | XFREE(R, NULL, DYNAMIC_TYPE_BIGINT); |
wolfSSL | 16:8e0d178b1d1e | 1651 | #endif |
wolfSSL | 16:8e0d178b1d1e | 1652 | return err; |
wolfSSL | 16:8e0d178b1d1e | 1653 | } |
wolfSSL | 15:117db924cf7c | 1654 | |
wolfSSL | 15:117db924cf7c | 1655 | #ifdef WC_NO_CACHE_RESISTANT |
wolfSSL | 16:8e0d178b1d1e | 1656 | err = fp_sqr(&R[y], &R[y]); |
wolfSSL | 16:8e0d178b1d1e | 1657 | if (err != FP_OKAY) { |
wolfSSL | 16:8e0d178b1d1e | 1658 | #ifdef WOLFSSL_SMALL_STACK |
wolfSSL | 16:8e0d178b1d1e | 1659 | XFREE(R, NULL, DYNAMIC_TYPE_BIGINT); |
wolfSSL | 16:8e0d178b1d1e | 1660 | #endif |
wolfSSL | 16:8e0d178b1d1e | 1661 | return err; |
wolfSSL | 16:8e0d178b1d1e | 1662 | } |
wolfSSL | 16:8e0d178b1d1e | 1663 | err = fp_montgomery_reduce(&R[y], P, mp); |
wolfSSL | 16:8e0d178b1d1e | 1664 | if (err != FP_OKAY) { |
wolfSSL | 16:8e0d178b1d1e | 1665 | #ifdef WOLFSSL_SMALL_STACK |
wolfSSL | 16:8e0d178b1d1e | 1666 | XFREE(R, NULL, DYNAMIC_TYPE_BIGINT); |
wolfSSL | 16:8e0d178b1d1e | 1667 | #endif |
wolfSSL | 16:8e0d178b1d1e | 1668 | return err; |
wolfSSL | 16:8e0d178b1d1e | 1669 | } |
wolfSSL | 15:117db924cf7c | 1670 | #else |
wolfSSL | 15:117db924cf7c | 1671 | /* instead of using R[y] for sqr, which leaks key bit to cache monitor, |
wolfSSL | 15:117db924cf7c | 1672 | * use R[2] as temp, make sure address calc is constant, keep |
wolfSSL | 15:117db924cf7c | 1673 | * &R[0] and &R[1] in cache */ |
wolfSSL | 15:117db924cf7c | 1674 | fp_copy((fp_int*) ( ((wolfssl_word)&R[0] & wc_off_on_addr[y^1]) + |
wolfSSL | 15:117db924cf7c | 1675 | ((wolfssl_word)&R[1] & wc_off_on_addr[y]) ), |
wolfSSL | 15:117db924cf7c | 1676 | &R[2]); |
wolfSSL | 16:8e0d178b1d1e | 1677 | err = fp_sqr(&R[2], &R[2]); |
wolfSSL | 16:8e0d178b1d1e | 1678 | if (err != FP_OKAY) { |
wolfSSL | 16:8e0d178b1d1e | 1679 | #ifdef WOLFSSL_SMALL_STACK |
wolfSSL | 16:8e0d178b1d1e | 1680 | XFREE(R, NULL, DYNAMIC_TYPE_BIGINT); |
wolfSSL | 16:8e0d178b1d1e | 1681 | #endif |
wolfSSL | 16:8e0d178b1d1e | 1682 | return err; |
wolfSSL | 16:8e0d178b1d1e | 1683 | } |
wolfSSL | 16:8e0d178b1d1e | 1684 | err = fp_montgomery_reduce(&R[2], P, mp); |
wolfSSL | 16:8e0d178b1d1e | 1685 | if (err != FP_OKAY) { |
wolfSSL | 16:8e0d178b1d1e | 1686 | #ifdef WOLFSSL_SMALL_STACK |
wolfSSL | 16:8e0d178b1d1e | 1687 | XFREE(R, NULL, DYNAMIC_TYPE_BIGINT); |
wolfSSL | 16:8e0d178b1d1e | 1688 | #endif |
wolfSSL | 16:8e0d178b1d1e | 1689 | return err; |
wolfSSL | 16:8e0d178b1d1e | 1690 | } |
wolfSSL | 15:117db924cf7c | 1691 | fp_copy(&R[2], |
wolfSSL | 15:117db924cf7c | 1692 | (fp_int*) ( ((wolfssl_word)&R[0] & wc_off_on_addr[y^1]) + |
wolfSSL | 15:117db924cf7c | 1693 | ((wolfssl_word)&R[1] & wc_off_on_addr[y]) ) ); |
wolfSSL | 15:117db924cf7c | 1694 | #endif /* WC_NO_CACHE_RESISTANT */ |
wolfSSL | 15:117db924cf7c | 1695 | } |
wolfSSL | 15:117db924cf7c | 1696 | |
wolfSSL | 16:8e0d178b1d1e | 1697 | err = fp_montgomery_reduce(&R[0], P, mp); |
wolfSSL | 15:117db924cf7c | 1698 | fp_copy(&R[0], Y); |
wolfSSL | 16:8e0d178b1d1e | 1699 | #ifdef WOLFSSL_SMALL_STACK |
wolfSSL | 16:8e0d178b1d1e | 1700 | XFREE(R, NULL, DYNAMIC_TYPE_BIGINT); |
wolfSSL | 16:8e0d178b1d1e | 1701 | #endif |
wolfSSL | 16:8e0d178b1d1e | 1702 | return err; |
wolfSSL | 15:117db924cf7c | 1703 | } |
wolfSSL | 15:117db924cf7c | 1704 | |
wolfSSL | 16:8e0d178b1d1e | 1705 | #endif /* TFM_TIMING_RESISTANT */ |
wolfSSL | 15:117db924cf7c | 1706 | |
wolfSSL | 15:117db924cf7c | 1707 | /* y = g**x (mod b) |
wolfSSL | 15:117db924cf7c | 1708 | * Some restrictions... x must be positive and < b |
wolfSSL | 15:117db924cf7c | 1709 | */ |
wolfSSL | 16:8e0d178b1d1e | 1710 | static int _fp_exptmod_nct(fp_int * G, fp_int * X, fp_int * P, fp_int * Y) |
wolfSSL | 15:117db924cf7c | 1711 | { |
wolfSSL | 16:8e0d178b1d1e | 1712 | fp_int *res; |
wolfSSL | 16:8e0d178b1d1e | 1713 | fp_int *M; |
wolfSSL | 15:117db924cf7c | 1714 | fp_digit buf, mp; |
wolfSSL | 15:117db924cf7c | 1715 | int err, bitbuf, bitcpy, bitcnt, mode, digidx, x, y, winsize; |
wolfSSL | 15:117db924cf7c | 1716 | |
wolfSSL | 15:117db924cf7c | 1717 | /* find window size */ |
wolfSSL | 15:117db924cf7c | 1718 | x = fp_count_bits (X); |
wolfSSL | 15:117db924cf7c | 1719 | if (x <= 21) { |
wolfSSL | 15:117db924cf7c | 1720 | winsize = 1; |
wolfSSL | 15:117db924cf7c | 1721 | } else if (x <= 36) { |
wolfSSL | 15:117db924cf7c | 1722 | winsize = 3; |
wolfSSL | 15:117db924cf7c | 1723 | } else if (x <= 140) { |
wolfSSL | 15:117db924cf7c | 1724 | winsize = 4; |
wolfSSL | 15:117db924cf7c | 1725 | } else if (x <= 450) { |
wolfSSL | 15:117db924cf7c | 1726 | winsize = 5; |
wolfSSL | 15:117db924cf7c | 1727 | } else { |
wolfSSL | 15:117db924cf7c | 1728 | winsize = 6; |
wolfSSL | 15:117db924cf7c | 1729 | } |
wolfSSL | 15:117db924cf7c | 1730 | |
wolfSSL | 15:117db924cf7c | 1731 | /* now setup montgomery */ |
wolfSSL | 15:117db924cf7c | 1732 | if ((err = fp_montgomery_setup (P, &mp)) != FP_OKAY) { |
wolfSSL | 15:117db924cf7c | 1733 | return err; |
wolfSSL | 15:117db924cf7c | 1734 | } |
wolfSSL | 15:117db924cf7c | 1735 | |
wolfSSL | 16:8e0d178b1d1e | 1736 | /* only allocate space for what's needed for window plus res */ |
wolfSSL | 16:8e0d178b1d1e | 1737 | M = (fp_int*)XMALLOC(sizeof(fp_int)*((1 << winsize) + 1), NULL, |
wolfSSL | 16:8e0d178b1d1e | 1738 | DYNAMIC_TYPE_BIGINT); |
wolfSSL | 15:117db924cf7c | 1739 | if (M == NULL) { |
wolfSSL | 15:117db924cf7c | 1740 | return FP_MEM; |
wolfSSL | 15:117db924cf7c | 1741 | } |
wolfSSL | 16:8e0d178b1d1e | 1742 | res = &M[1 << winsize]; |
wolfSSL | 15:117db924cf7c | 1743 | |
wolfSSL | 15:117db924cf7c | 1744 | /* init M array */ |
wolfSSL | 15:117db924cf7c | 1745 | for(x = 0; x < (1 << winsize); x++) |
wolfSSL | 15:117db924cf7c | 1746 | fp_init(&M[x]); |
wolfSSL | 15:117db924cf7c | 1747 | |
wolfSSL | 15:117db924cf7c | 1748 | /* setup result */ |
wolfSSL | 16:8e0d178b1d1e | 1749 | fp_init(res); |
wolfSSL | 15:117db924cf7c | 1750 | |
wolfSSL | 15:117db924cf7c | 1751 | /* create M table |
wolfSSL | 15:117db924cf7c | 1752 | * |
wolfSSL | 15:117db924cf7c | 1753 | * The M table contains powers of the input base, e.g. M[x] = G^x mod P |
wolfSSL | 15:117db924cf7c | 1754 | * |
wolfSSL | 15:117db924cf7c | 1755 | * The first half of the table is not computed though except for M[0] and M[1] |
wolfSSL | 15:117db924cf7c | 1756 | */ |
wolfSSL | 15:117db924cf7c | 1757 | |
wolfSSL | 15:117db924cf7c | 1758 | /* now we need R mod m */ |
wolfSSL | 16:8e0d178b1d1e | 1759 | fp_montgomery_calc_normalization (res, P); |
wolfSSL | 15:117db924cf7c | 1760 | |
wolfSSL | 15:117db924cf7c | 1761 | /* now set M[1] to G * R mod m */ |
wolfSSL | 15:117db924cf7c | 1762 | if (fp_cmp_mag(P, G) != FP_GT) { |
wolfSSL | 15:117db924cf7c | 1763 | /* G > P so we reduce it first */ |
wolfSSL | 15:117db924cf7c | 1764 | fp_mod(G, P, &M[1]); |
wolfSSL | 15:117db924cf7c | 1765 | } else { |
wolfSSL | 15:117db924cf7c | 1766 | fp_copy(G, &M[1]); |
wolfSSL | 15:117db924cf7c | 1767 | } |
wolfSSL | 16:8e0d178b1d1e | 1768 | fp_mulmod (&M[1], res, P, &M[1]); |
wolfSSL | 15:117db924cf7c | 1769 | |
wolfSSL | 15:117db924cf7c | 1770 | /* compute the value at M[1<<(winsize-1)] by |
wolfSSL | 15:117db924cf7c | 1771 | * squaring M[1] (winsize-1) times */ |
wolfSSL | 15:117db924cf7c | 1772 | fp_copy (&M[1], &M[1 << (winsize - 1)]); |
wolfSSL | 15:117db924cf7c | 1773 | for (x = 0; x < (winsize - 1); x++) { |
wolfSSL | 15:117db924cf7c | 1774 | fp_sqr (&M[1 << (winsize - 1)], &M[1 << (winsize - 1)]); |
wolfSSL | 16:8e0d178b1d1e | 1775 | err = fp_montgomery_reduce (&M[1 << (winsize - 1)], P, mp); |
wolfSSL | 16:8e0d178b1d1e | 1776 | if (err != FP_OKAY) { |
wolfSSL | 16:8e0d178b1d1e | 1777 | XFREE(M, NULL, DYNAMIC_TYPE_BIGINT); |
wolfSSL | 16:8e0d178b1d1e | 1778 | return err; |
wolfSSL | 16:8e0d178b1d1e | 1779 | } |
wolfSSL | 15:117db924cf7c | 1780 | } |
wolfSSL | 15:117db924cf7c | 1781 | |
wolfSSL | 15:117db924cf7c | 1782 | /* create upper table */ |
wolfSSL | 15:117db924cf7c | 1783 | for (x = (1 << (winsize - 1)) + 1; x < (1 << winsize); x++) { |
wolfSSL | 16:8e0d178b1d1e | 1784 | err = fp_mul(&M[x - 1], &M[1], &M[x]); |
wolfSSL | 16:8e0d178b1d1e | 1785 | if (err != FP_OKAY) { |
wolfSSL | 16:8e0d178b1d1e | 1786 | XFREE(M, NULL, DYNAMIC_TYPE_BIGINT); |
wolfSSL | 16:8e0d178b1d1e | 1787 | return err; |
wolfSSL | 16:8e0d178b1d1e | 1788 | } |
wolfSSL | 16:8e0d178b1d1e | 1789 | err = fp_montgomery_reduce(&M[x], P, mp); |
wolfSSL | 16:8e0d178b1d1e | 1790 | if (err != FP_OKAY) { |
wolfSSL | 16:8e0d178b1d1e | 1791 | XFREE(M, NULL, DYNAMIC_TYPE_BIGINT); |
wolfSSL | 16:8e0d178b1d1e | 1792 | return err; |
wolfSSL | 16:8e0d178b1d1e | 1793 | } |
wolfSSL | 15:117db924cf7c | 1794 | } |
wolfSSL | 15:117db924cf7c | 1795 | |
wolfSSL | 15:117db924cf7c | 1796 | /* set initial mode and bit cnt */ |
wolfSSL | 15:117db924cf7c | 1797 | mode = 0; |
wolfSSL | 16:8e0d178b1d1e | 1798 | bitcnt = (x % DIGIT_BIT) + 1; |
wolfSSL | 15:117db924cf7c | 1799 | buf = 0; |
wolfSSL | 15:117db924cf7c | 1800 | digidx = X->used - 1; |
wolfSSL | 15:117db924cf7c | 1801 | bitcpy = 0; |
wolfSSL | 15:117db924cf7c | 1802 | bitbuf = 0; |
wolfSSL | 15:117db924cf7c | 1803 | |
wolfSSL | 15:117db924cf7c | 1804 | for (;;) { |
wolfSSL | 15:117db924cf7c | 1805 | /* grab next digit as required */ |
wolfSSL | 15:117db924cf7c | 1806 | if (--bitcnt == 0) { |
wolfSSL | 15:117db924cf7c | 1807 | /* if digidx == -1 we are out of digits so break */ |
wolfSSL | 15:117db924cf7c | 1808 | if (digidx == -1) { |
wolfSSL | 15:117db924cf7c | 1809 | break; |
wolfSSL | 15:117db924cf7c | 1810 | } |
wolfSSL | 15:117db924cf7c | 1811 | /* read next digit and reset bitcnt */ |
wolfSSL | 15:117db924cf7c | 1812 | buf = X->dp[digidx--]; |
wolfSSL | 15:117db924cf7c | 1813 | bitcnt = (int)DIGIT_BIT; |
wolfSSL | 15:117db924cf7c | 1814 | } |
wolfSSL | 15:117db924cf7c | 1815 | |
wolfSSL | 15:117db924cf7c | 1816 | /* grab the next msb from the exponent */ |
wolfSSL | 15:117db924cf7c | 1817 | y = (int)(buf >> (DIGIT_BIT - 1)) & 1; |
wolfSSL | 15:117db924cf7c | 1818 | buf <<= (fp_digit)1; |
wolfSSL | 15:117db924cf7c | 1819 | |
wolfSSL | 15:117db924cf7c | 1820 | /* if the bit is zero and mode == 0 then we ignore it |
wolfSSL | 15:117db924cf7c | 1821 | * These represent the leading zero bits before the first 1 bit |
wolfSSL | 15:117db924cf7c | 1822 | * in the exponent. Technically this opt is not required but it |
wolfSSL | 15:117db924cf7c | 1823 | * does lower the # of trivial squaring/reductions used |
wolfSSL | 15:117db924cf7c | 1824 | */ |
wolfSSL | 15:117db924cf7c | 1825 | if (mode == 0 && y == 0) { |
wolfSSL | 15:117db924cf7c | 1826 | continue; |
wolfSSL | 15:117db924cf7c | 1827 | } |
wolfSSL | 15:117db924cf7c | 1828 | |
wolfSSL | 15:117db924cf7c | 1829 | /* if the bit is zero and mode == 1 then we square */ |
wolfSSL | 15:117db924cf7c | 1830 | if (mode == 1 && y == 0) { |
wolfSSL | 16:8e0d178b1d1e | 1831 | err = fp_sqr(res, res); |
wolfSSL | 16:8e0d178b1d1e | 1832 | if (err != FP_OKAY) { |
wolfSSL | 16:8e0d178b1d1e | 1833 | XFREE(M, NULL, DYNAMIC_TYPE_BIGINT); |
wolfSSL | 16:8e0d178b1d1e | 1834 | return err; |
wolfSSL | 16:8e0d178b1d1e | 1835 | } |
wolfSSL | 16:8e0d178b1d1e | 1836 | fp_montgomery_reduce(res, P, mp); |
wolfSSL | 16:8e0d178b1d1e | 1837 | if (err != FP_OKAY) { |
wolfSSL | 16:8e0d178b1d1e | 1838 | XFREE(M, NULL, DYNAMIC_TYPE_BIGINT); |
wolfSSL | 16:8e0d178b1d1e | 1839 | return err; |
wolfSSL | 16:8e0d178b1d1e | 1840 | } |
wolfSSL | 15:117db924cf7c | 1841 | continue; |
wolfSSL | 15:117db924cf7c | 1842 | } |
wolfSSL | 15:117db924cf7c | 1843 | |
wolfSSL | 15:117db924cf7c | 1844 | /* else we add it to the window */ |
wolfSSL | 15:117db924cf7c | 1845 | bitbuf |= (y << (winsize - ++bitcpy)); |
wolfSSL | 15:117db924cf7c | 1846 | mode = 2; |
wolfSSL | 15:117db924cf7c | 1847 | |
wolfSSL | 15:117db924cf7c | 1848 | if (bitcpy == winsize) { |
wolfSSL | 15:117db924cf7c | 1849 | /* ok window is filled so square as required and multiply */ |
wolfSSL | 15:117db924cf7c | 1850 | /* square first */ |
wolfSSL | 15:117db924cf7c | 1851 | for (x = 0; x < winsize; x++) { |
wolfSSL | 16:8e0d178b1d1e | 1852 | err = fp_sqr(res, res); |
wolfSSL | 16:8e0d178b1d1e | 1853 | if (err != FP_OKAY) { |
wolfSSL | 16:8e0d178b1d1e | 1854 | XFREE(M, NULL, DYNAMIC_TYPE_BIGINT); |
wolfSSL | 16:8e0d178b1d1e | 1855 | return err; |
wolfSSL | 16:8e0d178b1d1e | 1856 | } |
wolfSSL | 16:8e0d178b1d1e | 1857 | err = fp_montgomery_reduce(res, P, mp); |
wolfSSL | 16:8e0d178b1d1e | 1858 | if (err != FP_OKAY) { |
wolfSSL | 16:8e0d178b1d1e | 1859 | XFREE(M, NULL, DYNAMIC_TYPE_BIGINT); |
wolfSSL | 16:8e0d178b1d1e | 1860 | return err; |
wolfSSL | 16:8e0d178b1d1e | 1861 | } |
wolfSSL | 15:117db924cf7c | 1862 | } |
wolfSSL | 15:117db924cf7c | 1863 | |
wolfSSL | 15:117db924cf7c | 1864 | /* then multiply */ |
wolfSSL | 16:8e0d178b1d1e | 1865 | err = fp_mul(res, &M[bitbuf], res); |
wolfSSL | 16:8e0d178b1d1e | 1866 | if (err != FP_OKAY) { |
wolfSSL | 16:8e0d178b1d1e | 1867 | XFREE(M, NULL, DYNAMIC_TYPE_BIGINT); |
wolfSSL | 16:8e0d178b1d1e | 1868 | return err; |
wolfSSL | 16:8e0d178b1d1e | 1869 | } |
wolfSSL | 16:8e0d178b1d1e | 1870 | err = fp_montgomery_reduce(res, P, mp); |
wolfSSL | 16:8e0d178b1d1e | 1871 | if (err != FP_OKAY) { |
wolfSSL | 16:8e0d178b1d1e | 1872 | XFREE(M, NULL, DYNAMIC_TYPE_BIGINT); |
wolfSSL | 16:8e0d178b1d1e | 1873 | return err; |
wolfSSL | 16:8e0d178b1d1e | 1874 | } |
wolfSSL | 15:117db924cf7c | 1875 | |
wolfSSL | 15:117db924cf7c | 1876 | /* empty window and reset */ |
wolfSSL | 15:117db924cf7c | 1877 | bitcpy = 0; |
wolfSSL | 15:117db924cf7c | 1878 | bitbuf = 0; |
wolfSSL | 15:117db924cf7c | 1879 | mode = 1; |
wolfSSL | 15:117db924cf7c | 1880 | } |
wolfSSL | 15:117db924cf7c | 1881 | } |
wolfSSL | 15:117db924cf7c | 1882 | |
wolfSSL | 15:117db924cf7c | 1883 | /* if bits remain then square/multiply */ |
wolfSSL | 15:117db924cf7c | 1884 | if (mode == 2 && bitcpy > 0) { |
wolfSSL | 15:117db924cf7c | 1885 | /* square then multiply if the bit is set */ |
wolfSSL | 15:117db924cf7c | 1886 | for (x = 0; x < bitcpy; x++) { |
wolfSSL | 16:8e0d178b1d1e | 1887 | err = fp_sqr(res, res); |
wolfSSL | 16:8e0d178b1d1e | 1888 | if (err != FP_OKAY) { |
wolfSSL | 16:8e0d178b1d1e | 1889 | XFREE(M, NULL, DYNAMIC_TYPE_BIGINT); |
wolfSSL | 16:8e0d178b1d1e | 1890 | return err; |
wolfSSL | 16:8e0d178b1d1e | 1891 | } |
wolfSSL | 16:8e0d178b1d1e | 1892 | err = fp_montgomery_reduce(res, P, mp); |
wolfSSL | 16:8e0d178b1d1e | 1893 | if (err != FP_OKAY) { |
wolfSSL | 16:8e0d178b1d1e | 1894 | XFREE(M, NULL, DYNAMIC_TYPE_BIGINT); |
wolfSSL | 16:8e0d178b1d1e | 1895 | return err; |
wolfSSL | 16:8e0d178b1d1e | 1896 | } |
wolfSSL | 15:117db924cf7c | 1897 | |
wolfSSL | 15:117db924cf7c | 1898 | /* get next bit of the window */ |
wolfSSL | 15:117db924cf7c | 1899 | bitbuf <<= 1; |
wolfSSL | 15:117db924cf7c | 1900 | if ((bitbuf & (1 << winsize)) != 0) { |
wolfSSL | 15:117db924cf7c | 1901 | /* then multiply */ |
wolfSSL | 16:8e0d178b1d1e | 1902 | err = fp_mul(res, &M[1], res); |
wolfSSL | 16:8e0d178b1d1e | 1903 | if (err != FP_OKAY) { |
wolfSSL | 16:8e0d178b1d1e | 1904 | XFREE(M, NULL, DYNAMIC_TYPE_BIGINT); |
wolfSSL | 16:8e0d178b1d1e | 1905 | return err; |
wolfSSL | 16:8e0d178b1d1e | 1906 | } |
wolfSSL | 16:8e0d178b1d1e | 1907 | err = fp_montgomery_reduce(res, P, mp); |
wolfSSL | 16:8e0d178b1d1e | 1908 | if (err != FP_OKAY) { |
wolfSSL | 16:8e0d178b1d1e | 1909 | XFREE(M, NULL, DYNAMIC_TYPE_BIGINT); |
wolfSSL | 16:8e0d178b1d1e | 1910 | return err; |
wolfSSL | 16:8e0d178b1d1e | 1911 | } |
wolfSSL | 15:117db924cf7c | 1912 | } |
wolfSSL | 15:117db924cf7c | 1913 | } |
wolfSSL | 15:117db924cf7c | 1914 | } |
wolfSSL | 15:117db924cf7c | 1915 | |
wolfSSL | 15:117db924cf7c | 1916 | /* fixup result if Montgomery reduction is used |
wolfSSL | 15:117db924cf7c | 1917 | * recall that any value in a Montgomery system is |
wolfSSL | 15:117db924cf7c | 1918 | * actually multiplied by R mod n. So we have |
wolfSSL | 15:117db924cf7c | 1919 | * to reduce one more time to cancel out the factor |
wolfSSL | 15:117db924cf7c | 1920 | * of R. |
wolfSSL | 15:117db924cf7c | 1921 | */ |
wolfSSL | 16:8e0d178b1d1e | 1922 | err = fp_montgomery_reduce(res, P, mp); |
wolfSSL | 15:117db924cf7c | 1923 | |
wolfSSL | 15:117db924cf7c | 1924 | /* swap res with Y */ |
wolfSSL | 16:8e0d178b1d1e | 1925 | fp_copy (res, Y); |
wolfSSL | 16:8e0d178b1d1e | 1926 | |
wolfSSL | 16:8e0d178b1d1e | 1927 | XFREE(M, NULL, DYNAMIC_TYPE_BIGINT); |
wolfSSL | 16:8e0d178b1d1e | 1928 | return err; |
wolfSSL | 16:8e0d178b1d1e | 1929 | } |
wolfSSL | 16:8e0d178b1d1e | 1930 | |
wolfSSL | 16:8e0d178b1d1e | 1931 | |
wolfSSL | 16:8e0d178b1d1e | 1932 | #ifdef TFM_TIMING_RESISTANT |
wolfSSL | 16:8e0d178b1d1e | 1933 | #if DIGIT_BIT <= 16 |
wolfSSL | 16:8e0d178b1d1e | 1934 | #define WINSIZE 2 |
wolfSSL | 16:8e0d178b1d1e | 1935 | #elif DIGIT_BIT <= 32 |
wolfSSL | 16:8e0d178b1d1e | 1936 | #define WINSIZE 3 |
wolfSSL | 16:8e0d178b1d1e | 1937 | #elif DIGIT_BIT <= 64 |
wolfSSL | 16:8e0d178b1d1e | 1938 | #define WINSIZE 4 |
wolfSSL | 16:8e0d178b1d1e | 1939 | #elif DIGIT_BIT <= 128 |
wolfSSL | 16:8e0d178b1d1e | 1940 | #define WINSIZE 5 |
wolfSSL | 16:8e0d178b1d1e | 1941 | #endif |
wolfSSL | 16:8e0d178b1d1e | 1942 | |
wolfSSL | 16:8e0d178b1d1e | 1943 | /* y = 2**x (mod b) |
wolfSSL | 16:8e0d178b1d1e | 1944 | * Some restrictions... x must be positive and < b |
wolfSSL | 16:8e0d178b1d1e | 1945 | */ |
wolfSSL | 16:8e0d178b1d1e | 1946 | static int _fp_exptmod_base_2(fp_int * X, int digits, fp_int * P, |
wolfSSL | 16:8e0d178b1d1e | 1947 | fp_int * Y) |
wolfSSL | 16:8e0d178b1d1e | 1948 | { |
wolfSSL | 16:8e0d178b1d1e | 1949 | fp_digit buf, mp; |
wolfSSL | 16:8e0d178b1d1e | 1950 | int err, bitbuf, bitcpy, bitcnt, digidx, x, y; |
wolfSSL | 16:8e0d178b1d1e | 1951 | #ifdef WOLFSSL_SMALL_STACK |
wolfSSL | 16:8e0d178b1d1e | 1952 | fp_int *res; |
wolfSSL | 16:8e0d178b1d1e | 1953 | fp_int *tmp; |
wolfSSL | 16:8e0d178b1d1e | 1954 | #else |
wolfSSL | 16:8e0d178b1d1e | 1955 | fp_int res[1]; |
wolfSSL | 16:8e0d178b1d1e | 1956 | fp_int tmp[1]; |
wolfSSL | 16:8e0d178b1d1e | 1957 | #endif |
wolfSSL | 15:117db924cf7c | 1958 | |
wolfSSL | 15:117db924cf7c | 1959 | #ifdef WOLFSSL_SMALL_STACK |
wolfSSL | 16:8e0d178b1d1e | 1960 | res = (fp_int*)XMALLOC(2*sizeof(fp_int), NULL, DYNAMIC_TYPE_TMP_BUFFER); |
wolfSSL | 16:8e0d178b1d1e | 1961 | if (res == NULL) { |
wolfSSL | 16:8e0d178b1d1e | 1962 | return FP_MEM; |
wolfSSL | 16:8e0d178b1d1e | 1963 | } |
wolfSSL | 16:8e0d178b1d1e | 1964 | tmp = &res[1]; |
wolfSSL | 16:8e0d178b1d1e | 1965 | #endif |
wolfSSL | 16:8e0d178b1d1e | 1966 | |
wolfSSL | 16:8e0d178b1d1e | 1967 | /* now setup montgomery */ |
wolfSSL | 16:8e0d178b1d1e | 1968 | if ((err = fp_montgomery_setup(P, &mp)) != FP_OKAY) { |
wolfSSL | 16:8e0d178b1d1e | 1969 | #ifdef WOLFSSL_SMALL_STACK |
wolfSSL | 16:8e0d178b1d1e | 1970 | XFREE(res, NULL, DYNAMIC_TYPE_TMP_BUFFER); |
wolfSSL | 16:8e0d178b1d1e | 1971 | #endif |
wolfSSL | 16:8e0d178b1d1e | 1972 | return err; |
wolfSSL | 16:8e0d178b1d1e | 1973 | } |
wolfSSL | 16:8e0d178b1d1e | 1974 | |
wolfSSL | 16:8e0d178b1d1e | 1975 | /* setup result */ |
wolfSSL | 16:8e0d178b1d1e | 1976 | fp_init(res); |
wolfSSL | 16:8e0d178b1d1e | 1977 | fp_init(tmp); |
wolfSSL | 16:8e0d178b1d1e | 1978 | |
wolfSSL | 16:8e0d178b1d1e | 1979 | fp_mul_2d(P, 1 << WINSIZE, tmp); |
wolfSSL | 16:8e0d178b1d1e | 1980 | |
wolfSSL | 16:8e0d178b1d1e | 1981 | /* now we need R mod m */ |
wolfSSL | 16:8e0d178b1d1e | 1982 | fp_montgomery_calc_normalization(res, P); |
wolfSSL | 16:8e0d178b1d1e | 1983 | |
wolfSSL | 16:8e0d178b1d1e | 1984 | /* Get the top bits left over after taking WINSIZE bits starting at the |
wolfSSL | 16:8e0d178b1d1e | 1985 | * least-significant. |
wolfSSL | 16:8e0d178b1d1e | 1986 | */ |
wolfSSL | 16:8e0d178b1d1e | 1987 | digidx = digits - 1; |
wolfSSL | 16:8e0d178b1d1e | 1988 | bitcpy = (digits * DIGIT_BIT) % WINSIZE; |
wolfSSL | 16:8e0d178b1d1e | 1989 | if (bitcpy > 0) { |
wolfSSL | 16:8e0d178b1d1e | 1990 | bitcnt = (int)DIGIT_BIT - bitcpy; |
wolfSSL | 16:8e0d178b1d1e | 1991 | buf = X->dp[digidx--]; |
wolfSSL | 16:8e0d178b1d1e | 1992 | bitbuf = (int)(buf >> bitcnt); |
wolfSSL | 16:8e0d178b1d1e | 1993 | /* Multiply montgomery representation of 1 by 2 ^ top */ |
wolfSSL | 16:8e0d178b1d1e | 1994 | fp_mul_2d(res, bitbuf, res); |
wolfSSL | 16:8e0d178b1d1e | 1995 | fp_add(res, tmp, res); |
wolfSSL | 16:8e0d178b1d1e | 1996 | err = fp_mod(res, P, res); |
wolfSSL | 16:8e0d178b1d1e | 1997 | if (err != FP_OKAY) { |
wolfSSL | 16:8e0d178b1d1e | 1998 | #ifdef WOLFSSL_SMALL_STACK |
wolfSSL | 16:8e0d178b1d1e | 1999 | XFREE(res, NULL, DYNAMIC_TYPE_TMP_BUFFER); |
wolfSSL | 16:8e0d178b1d1e | 2000 | #endif |
wolfSSL | 16:8e0d178b1d1e | 2001 | return err; |
wolfSSL | 16:8e0d178b1d1e | 2002 | } |
wolfSSL | 16:8e0d178b1d1e | 2003 | /* Move out bits used */ |
wolfSSL | 16:8e0d178b1d1e | 2004 | buf <<= bitcpy; |
wolfSSL | 16:8e0d178b1d1e | 2005 | bitcnt++; |
wolfSSL | 16:8e0d178b1d1e | 2006 | } |
wolfSSL | 16:8e0d178b1d1e | 2007 | else { |
wolfSSL | 16:8e0d178b1d1e | 2008 | bitcnt = 1; |
wolfSSL | 16:8e0d178b1d1e | 2009 | buf = 0; |
wolfSSL | 16:8e0d178b1d1e | 2010 | } |
wolfSSL | 16:8e0d178b1d1e | 2011 | |
wolfSSL | 16:8e0d178b1d1e | 2012 | /* empty window and reset */ |
wolfSSL | 16:8e0d178b1d1e | 2013 | bitbuf = 0; |
wolfSSL | 16:8e0d178b1d1e | 2014 | bitcpy = 0; |
wolfSSL | 16:8e0d178b1d1e | 2015 | |
wolfSSL | 16:8e0d178b1d1e | 2016 | for (;;) { |
wolfSSL | 16:8e0d178b1d1e | 2017 | /* grab next digit as required */ |
wolfSSL | 16:8e0d178b1d1e | 2018 | if (--bitcnt == 0) { |
wolfSSL | 16:8e0d178b1d1e | 2019 | /* if digidx == -1 we are out of digits so break */ |
wolfSSL | 16:8e0d178b1d1e | 2020 | if (digidx == -1) { |
wolfSSL | 16:8e0d178b1d1e | 2021 | break; |
wolfSSL | 16:8e0d178b1d1e | 2022 | } |
wolfSSL | 16:8e0d178b1d1e | 2023 | /* read next digit and reset bitcnt */ |
wolfSSL | 16:8e0d178b1d1e | 2024 | buf = X->dp[digidx--]; |
wolfSSL | 16:8e0d178b1d1e | 2025 | bitcnt = (int)DIGIT_BIT; |
wolfSSL | 16:8e0d178b1d1e | 2026 | } |
wolfSSL | 16:8e0d178b1d1e | 2027 | |
wolfSSL | 16:8e0d178b1d1e | 2028 | /* grab the next msb from the exponent */ |
wolfSSL | 16:8e0d178b1d1e | 2029 | y = (int)(buf >> (DIGIT_BIT - 1)) & 1; |
wolfSSL | 16:8e0d178b1d1e | 2030 | buf <<= (fp_digit)1; |
wolfSSL | 16:8e0d178b1d1e | 2031 | /* add bit to the window */ |
wolfSSL | 16:8e0d178b1d1e | 2032 | bitbuf |= (y << (WINSIZE - ++bitcpy)); |
wolfSSL | 16:8e0d178b1d1e | 2033 | |
wolfSSL | 16:8e0d178b1d1e | 2034 | if (bitcpy == WINSIZE) { |
wolfSSL | 16:8e0d178b1d1e | 2035 | /* ok window is filled so square as required and multiply */ |
wolfSSL | 16:8e0d178b1d1e | 2036 | /* square first */ |
wolfSSL | 16:8e0d178b1d1e | 2037 | for (x = 0; x < WINSIZE; x++) { |
wolfSSL | 16:8e0d178b1d1e | 2038 | err = fp_sqr(res, res); |
wolfSSL | 16:8e0d178b1d1e | 2039 | if (err != FP_OKAY) { |
wolfSSL | 16:8e0d178b1d1e | 2040 | #ifdef WOLFSSL_SMALL_STACK |
wolfSSL | 16:8e0d178b1d1e | 2041 | XFREE(res, NULL, DYNAMIC_TYPE_TMP_BUFFER); |
wolfSSL | 16:8e0d178b1d1e | 2042 | #endif |
wolfSSL | 16:8e0d178b1d1e | 2043 | return err; |
wolfSSL | 16:8e0d178b1d1e | 2044 | } |
wolfSSL | 16:8e0d178b1d1e | 2045 | err = fp_montgomery_reduce(res, P, mp); |
wolfSSL | 16:8e0d178b1d1e | 2046 | if (err != FP_OKAY) { |
wolfSSL | 16:8e0d178b1d1e | 2047 | #ifdef WOLFSSL_SMALL_STACK |
wolfSSL | 16:8e0d178b1d1e | 2048 | XFREE(res, NULL, DYNAMIC_TYPE_TMP_BUFFER); |
wolfSSL | 16:8e0d178b1d1e | 2049 | #endif |
wolfSSL | 16:8e0d178b1d1e | 2050 | return err; |
wolfSSL | 16:8e0d178b1d1e | 2051 | } |
wolfSSL | 16:8e0d178b1d1e | 2052 | } |
wolfSSL | 16:8e0d178b1d1e | 2053 | |
wolfSSL | 16:8e0d178b1d1e | 2054 | /* then multiply by 2^bitbuf */ |
wolfSSL | 16:8e0d178b1d1e | 2055 | fp_mul_2d(res, bitbuf, res); |
wolfSSL | 16:8e0d178b1d1e | 2056 | /* Add in value to make mod operation take same time */ |
wolfSSL | 16:8e0d178b1d1e | 2057 | fp_add(res, tmp, res); |
wolfSSL | 16:8e0d178b1d1e | 2058 | err = fp_mod(res, P, res); |
wolfSSL | 16:8e0d178b1d1e | 2059 | if (err != FP_OKAY) { |
wolfSSL | 16:8e0d178b1d1e | 2060 | #ifdef WOLFSSL_SMALL_STACK |
wolfSSL | 16:8e0d178b1d1e | 2061 | XFREE(res, NULL, DYNAMIC_TYPE_TMP_BUFFER); |
wolfSSL | 16:8e0d178b1d1e | 2062 | #endif |
wolfSSL | 16:8e0d178b1d1e | 2063 | return err; |
wolfSSL | 16:8e0d178b1d1e | 2064 | } |
wolfSSL | 16:8e0d178b1d1e | 2065 | |
wolfSSL | 16:8e0d178b1d1e | 2066 | /* empty window and reset */ |
wolfSSL | 16:8e0d178b1d1e | 2067 | bitcpy = 0; |
wolfSSL | 16:8e0d178b1d1e | 2068 | bitbuf = 0; |
wolfSSL | 16:8e0d178b1d1e | 2069 | } |
wolfSSL | 16:8e0d178b1d1e | 2070 | } |
wolfSSL | 16:8e0d178b1d1e | 2071 | |
wolfSSL | 16:8e0d178b1d1e | 2072 | /* fixup result if Montgomery reduction is used |
wolfSSL | 16:8e0d178b1d1e | 2073 | * recall that any value in a Montgomery system is |
wolfSSL | 16:8e0d178b1d1e | 2074 | * actually multiplied by R mod n. So we have |
wolfSSL | 16:8e0d178b1d1e | 2075 | * to reduce one more time to cancel out the factor |
wolfSSL | 16:8e0d178b1d1e | 2076 | * of R. |
wolfSSL | 16:8e0d178b1d1e | 2077 | */ |
wolfSSL | 16:8e0d178b1d1e | 2078 | err = fp_montgomery_reduce(res, P, mp); |
wolfSSL | 16:8e0d178b1d1e | 2079 | |
wolfSSL | 16:8e0d178b1d1e | 2080 | /* swap res with Y */ |
wolfSSL | 16:8e0d178b1d1e | 2081 | fp_copy(res, Y); |
wolfSSL | 16:8e0d178b1d1e | 2082 | |
wolfSSL | 16:8e0d178b1d1e | 2083 | #ifdef WOLFSSL_SMALL_STACK |
wolfSSL | 16:8e0d178b1d1e | 2084 | XFREE(res, NULL, DYNAMIC_TYPE_TMP_BUFFER); |
wolfSSL | 15:117db924cf7c | 2085 | #endif |
wolfSSL | 16:8e0d178b1d1e | 2086 | return err; |
wolfSSL | 15:117db924cf7c | 2087 | } |
wolfSSL | 15:117db924cf7c | 2088 | |
wolfSSL | 16:8e0d178b1d1e | 2089 | #undef WINSIZE |
wolfSSL | 16:8e0d178b1d1e | 2090 | #else |
wolfSSL | 16:8e0d178b1d1e | 2091 | #if DIGIT_BIT < 16 |
wolfSSL | 16:8e0d178b1d1e | 2092 | #define WINSIZE 3 |
wolfSSL | 16:8e0d178b1d1e | 2093 | #elif DIGIT_BIT < 32 |
wolfSSL | 16:8e0d178b1d1e | 2094 | #define WINSIZE 4 |
wolfSSL | 16:8e0d178b1d1e | 2095 | #elif DIGIT_BIT < 64 |
wolfSSL | 16:8e0d178b1d1e | 2096 | #define WINSIZE 5 |
wolfSSL | 16:8e0d178b1d1e | 2097 | #elif DIGIT_BIT < 128 |
wolfSSL | 16:8e0d178b1d1e | 2098 | #define WINSIZE 6 |
wolfSSL | 16:8e0d178b1d1e | 2099 | #elif DIGIT_BIT == 128 |
wolfSSL | 16:8e0d178b1d1e | 2100 | #define WINSIZE 7 |
wolfSSL | 16:8e0d178b1d1e | 2101 | #endif |
wolfSSL | 16:8e0d178b1d1e | 2102 | |
wolfSSL | 16:8e0d178b1d1e | 2103 | /* y = 2**x (mod b) |
wolfSSL | 16:8e0d178b1d1e | 2104 | * Some restrictions... x must be positive and < b |
wolfSSL | 16:8e0d178b1d1e | 2105 | */ |
wolfSSL | 16:8e0d178b1d1e | 2106 | static int _fp_exptmod_base_2(fp_int * X, int digits, fp_int * P, |
wolfSSL | 16:8e0d178b1d1e | 2107 | fp_int * Y) |
wolfSSL | 16:8e0d178b1d1e | 2108 | { |
wolfSSL | 16:8e0d178b1d1e | 2109 | fp_digit buf, mp; |
wolfSSL | 16:8e0d178b1d1e | 2110 | int err, bitbuf, bitcpy, bitcnt, digidx, x, y; |
wolfSSL | 16:8e0d178b1d1e | 2111 | #ifdef WOLFSSL_SMALL_STACK |
wolfSSL | 16:8e0d178b1d1e | 2112 | fp_int *res; |
wolfSSL | 16:8e0d178b1d1e | 2113 | #else |
wolfSSL | 16:8e0d178b1d1e | 2114 | fp_int res[1]; |
wolfSSL | 16:8e0d178b1d1e | 2115 | #endif |
wolfSSL | 16:8e0d178b1d1e | 2116 | |
wolfSSL | 16:8e0d178b1d1e | 2117 | #ifdef WOLFSSL_SMALL_STACK |
wolfSSL | 16:8e0d178b1d1e | 2118 | res = (fp_int*)XMALLOC(sizeof(fp_int), NULL, DYNAMIC_TYPE_TMP_BUFFER); |
wolfSSL | 16:8e0d178b1d1e | 2119 | if (res == NULL) { |
wolfSSL | 16:8e0d178b1d1e | 2120 | return FP_MEM; |
wolfSSL | 16:8e0d178b1d1e | 2121 | } |
wolfSSL | 16:8e0d178b1d1e | 2122 | #endif |
wolfSSL | 16:8e0d178b1d1e | 2123 | |
wolfSSL | 16:8e0d178b1d1e | 2124 | /* now setup montgomery */ |
wolfSSL | 16:8e0d178b1d1e | 2125 | if ((err = fp_montgomery_setup(P, &mp)) != FP_OKAY) { |
wolfSSL | 16:8e0d178b1d1e | 2126 | return err; |
wolfSSL | 16:8e0d178b1d1e | 2127 | } |
wolfSSL | 16:8e0d178b1d1e | 2128 | |
wolfSSL | 16:8e0d178b1d1e | 2129 | /* setup result */ |
wolfSSL | 16:8e0d178b1d1e | 2130 | fp_init(res); |
wolfSSL | 16:8e0d178b1d1e | 2131 | |
wolfSSL | 16:8e0d178b1d1e | 2132 | /* now we need R mod m */ |
wolfSSL | 16:8e0d178b1d1e | 2133 | fp_montgomery_calc_normalization(res, P); |
wolfSSL | 16:8e0d178b1d1e | 2134 | |
wolfSSL | 16:8e0d178b1d1e | 2135 | /* Get the top bits left over after taking WINSIZE bits starting at the |
wolfSSL | 16:8e0d178b1d1e | 2136 | * least-significant. |
wolfSSL | 16:8e0d178b1d1e | 2137 | */ |
wolfSSL | 16:8e0d178b1d1e | 2138 | digidx = digits - 1; |
wolfSSL | 16:8e0d178b1d1e | 2139 | bitcpy = (digits * DIGIT_BIT) % WINSIZE; |
wolfSSL | 16:8e0d178b1d1e | 2140 | if (bitcpy > 0) { |
wolfSSL | 16:8e0d178b1d1e | 2141 | bitcnt = (int)DIGIT_BIT - bitcpy; |
wolfSSL | 16:8e0d178b1d1e | 2142 | buf = X->dp[digidx--]; |
wolfSSL | 16:8e0d178b1d1e | 2143 | bitbuf = (int)(buf >> bitcnt); |
wolfSSL | 16:8e0d178b1d1e | 2144 | /* Multiply montgomery representation of 1 by 2 ^ top */ |
wolfSSL | 16:8e0d178b1d1e | 2145 | fp_mul_2d(res, bitbuf, res); |
wolfSSL | 16:8e0d178b1d1e | 2146 | err = fp_mod(res, P, res); |
wolfSSL | 16:8e0d178b1d1e | 2147 | if (err != FP_OKAY) { |
wolfSSL | 16:8e0d178b1d1e | 2148 | #ifdef WOLFSSL_SMALL_STACK |
wolfSSL | 16:8e0d178b1d1e | 2149 | XFREE(res, NULL, DYNAMIC_TYPE_TMP_BUFFER); |
wolfSSL | 16:8e0d178b1d1e | 2150 | #endif |
wolfSSL | 16:8e0d178b1d1e | 2151 | return err; |
wolfSSL | 16:8e0d178b1d1e | 2152 | } |
wolfSSL | 16:8e0d178b1d1e | 2153 | /* Move out bits used */ |
wolfSSL | 16:8e0d178b1d1e | 2154 | buf <<= bitcpy; |
wolfSSL | 16:8e0d178b1d1e | 2155 | bitcnt++; |
wolfSSL | 16:8e0d178b1d1e | 2156 | } |
wolfSSL | 16:8e0d178b1d1e | 2157 | else { |
wolfSSL | 16:8e0d178b1d1e | 2158 | bitcnt = 1; |
wolfSSL | 16:8e0d178b1d1e | 2159 | buf = 0; |
wolfSSL | 16:8e0d178b1d1e | 2160 | } |
wolfSSL | 16:8e0d178b1d1e | 2161 | |
wolfSSL | 16:8e0d178b1d1e | 2162 | /* empty window and reset */ |
wolfSSL | 16:8e0d178b1d1e | 2163 | bitbuf = 0; |
wolfSSL | 16:8e0d178b1d1e | 2164 | bitcpy = 0; |
wolfSSL | 16:8e0d178b1d1e | 2165 | |
wolfSSL | 16:8e0d178b1d1e | 2166 | for (;;) { |
wolfSSL | 16:8e0d178b1d1e | 2167 | /* grab next digit as required */ |
wolfSSL | 16:8e0d178b1d1e | 2168 | if (--bitcnt == 0) { |
wolfSSL | 16:8e0d178b1d1e | 2169 | /* if digidx == -1 we are out of digits so break */ |
wolfSSL | 16:8e0d178b1d1e | 2170 | if (digidx == -1) { |
wolfSSL | 16:8e0d178b1d1e | 2171 | break; |
wolfSSL | 16:8e0d178b1d1e | 2172 | } |
wolfSSL | 16:8e0d178b1d1e | 2173 | /* read next digit and reset bitcnt */ |
wolfSSL | 16:8e0d178b1d1e | 2174 | buf = X->dp[digidx--]; |
wolfSSL | 16:8e0d178b1d1e | 2175 | bitcnt = (int)DIGIT_BIT; |
wolfSSL | 16:8e0d178b1d1e | 2176 | } |
wolfSSL | 16:8e0d178b1d1e | 2177 | |
wolfSSL | 16:8e0d178b1d1e | 2178 | /* grab the next msb from the exponent */ |
wolfSSL | 16:8e0d178b1d1e | 2179 | y = (int)(buf >> (DIGIT_BIT - 1)) & 1; |
wolfSSL | 16:8e0d178b1d1e | 2180 | buf <<= (fp_digit)1; |
wolfSSL | 16:8e0d178b1d1e | 2181 | /* add bit to the window */ |
wolfSSL | 16:8e0d178b1d1e | 2182 | bitbuf |= (y << (WINSIZE - ++bitcpy)); |
wolfSSL | 16:8e0d178b1d1e | 2183 | |
wolfSSL | 16:8e0d178b1d1e | 2184 | if (bitcpy == WINSIZE) { |
wolfSSL | 16:8e0d178b1d1e | 2185 | /* ok window is filled so square as required and multiply */ |
wolfSSL | 16:8e0d178b1d1e | 2186 | /* square first */ |
wolfSSL | 16:8e0d178b1d1e | 2187 | for (x = 0; x < WINSIZE; x++) { |
wolfSSL | 16:8e0d178b1d1e | 2188 | err = fp_sqr(res, res); |
wolfSSL | 16:8e0d178b1d1e | 2189 | if (err != FP_OKAY) { |
wolfSSL | 16:8e0d178b1d1e | 2190 | #ifdef WOLFSSL_SMALL_STACK |
wolfSSL | 16:8e0d178b1d1e | 2191 | XFREE(res, NULL, DYNAMIC_TYPE_TMP_BUFFER); |
wolfSSL | 16:8e0d178b1d1e | 2192 | #endif |
wolfSSL | 16:8e0d178b1d1e | 2193 | return err; |
wolfSSL | 16:8e0d178b1d1e | 2194 | } |
wolfSSL | 16:8e0d178b1d1e | 2195 | err = fp_montgomery_reduce(res, P, mp); |
wolfSSL | 16:8e0d178b1d1e | 2196 | if (err != FP_OKAY) { |
wolfSSL | 16:8e0d178b1d1e | 2197 | #ifdef WOLFSSL_SMALL_STACK |
wolfSSL | 16:8e0d178b1d1e | 2198 | XFREE(res, NULL, DYNAMIC_TYPE_TMP_BUFFER); |
wolfSSL | 16:8e0d178b1d1e | 2199 | #endif |
wolfSSL | 16:8e0d178b1d1e | 2200 | return err; |
wolfSSL | 16:8e0d178b1d1e | 2201 | } |
wolfSSL | 16:8e0d178b1d1e | 2202 | } |
wolfSSL | 16:8e0d178b1d1e | 2203 | |
wolfSSL | 16:8e0d178b1d1e | 2204 | /* then multiply by 2^bitbuf */ |
wolfSSL | 16:8e0d178b1d1e | 2205 | fp_mul_2d(res, bitbuf, res); |
wolfSSL | 16:8e0d178b1d1e | 2206 | err = fp_mod(res, P, res); |
wolfSSL | 16:8e0d178b1d1e | 2207 | if (err != FP_OKAY) { |
wolfSSL | 16:8e0d178b1d1e | 2208 | #ifdef WOLFSSL_SMALL_STACK |
wolfSSL | 16:8e0d178b1d1e | 2209 | XFREE(res, NULL, DYNAMIC_TYPE_TMP_BUFFER); |
wolfSSL | 16:8e0d178b1d1e | 2210 | #endif |
wolfSSL | 16:8e0d178b1d1e | 2211 | return err; |
wolfSSL | 16:8e0d178b1d1e | 2212 | } |
wolfSSL | 16:8e0d178b1d1e | 2213 | |
wolfSSL | 16:8e0d178b1d1e | 2214 | /* empty window and reset */ |
wolfSSL | 16:8e0d178b1d1e | 2215 | bitcpy = 0; |
wolfSSL | 16:8e0d178b1d1e | 2216 | bitbuf = 0; |
wolfSSL | 16:8e0d178b1d1e | 2217 | } |
wolfSSL | 16:8e0d178b1d1e | 2218 | } |
wolfSSL | 16:8e0d178b1d1e | 2219 | |
wolfSSL | 16:8e0d178b1d1e | 2220 | /* fixup result if Montgomery reduction is used |
wolfSSL | 16:8e0d178b1d1e | 2221 | * recall that any value in a Montgomery system is |
wolfSSL | 16:8e0d178b1d1e | 2222 | * actually multiplied by R mod n. So we have |
wolfSSL | 16:8e0d178b1d1e | 2223 | * to reduce one more time to cancel out the factor |
wolfSSL | 16:8e0d178b1d1e | 2224 | * of R. |
wolfSSL | 16:8e0d178b1d1e | 2225 | */ |
wolfSSL | 16:8e0d178b1d1e | 2226 | err = fp_montgomery_reduce(res, P, mp); |
wolfSSL | 16:8e0d178b1d1e | 2227 | |
wolfSSL | 16:8e0d178b1d1e | 2228 | /* swap res with Y */ |
wolfSSL | 16:8e0d178b1d1e | 2229 | fp_copy(res, Y); |
wolfSSL | 16:8e0d178b1d1e | 2230 | |
wolfSSL | 16:8e0d178b1d1e | 2231 | #ifdef WOLFSSL_SMALL_STACK |
wolfSSL | 16:8e0d178b1d1e | 2232 | XFREE(res, NULL, DYNAMIC_TYPE_TMP_BUFFER); |
wolfSSL | 16:8e0d178b1d1e | 2233 | #endif |
wolfSSL | 16:8e0d178b1d1e | 2234 | return err; |
wolfSSL | 16:8e0d178b1d1e | 2235 | } |
wolfSSL | 16:8e0d178b1d1e | 2236 | |
wolfSSL | 16:8e0d178b1d1e | 2237 | #undef WINSIZE |
wolfSSL | 16:8e0d178b1d1e | 2238 | #endif |
wolfSSL | 16:8e0d178b1d1e | 2239 | |
wolfSSL | 15:117db924cf7c | 2240 | |
wolfSSL | 15:117db924cf7c | 2241 | int fp_exptmod(fp_int * G, fp_int * X, fp_int * P, fp_int * Y) |
wolfSSL | 15:117db924cf7c | 2242 | { |
wolfSSL | 16:8e0d178b1d1e | 2243 | |
wolfSSL | 16:8e0d178b1d1e | 2244 | #if defined(WOLFSSL_ESP32WROOM32_CRYPT_RSA_PRI) && \ |
wolfSSL | 16:8e0d178b1d1e | 2245 | !defined(NO_WOLFSSL_ESP32WROOM32_CRYPT_RSA_PRI) |
wolfSSL | 16:8e0d178b1d1e | 2246 | int x = fp_count_bits (X); |
wolfSSL | 16:8e0d178b1d1e | 2247 | #endif |
wolfSSL | 16:8e0d178b1d1e | 2248 | |
wolfSSL | 16:8e0d178b1d1e | 2249 | /* handle modulus of zero and prevent overflows */ |
wolfSSL | 16:8e0d178b1d1e | 2250 | if (fp_iszero(P) || (P->used > (FP_SIZE/2))) { |
wolfSSL | 16:8e0d178b1d1e | 2251 | return FP_VAL; |
wolfSSL | 16:8e0d178b1d1e | 2252 | } |
wolfSSL | 16:8e0d178b1d1e | 2253 | if (fp_isone(P)) { |
wolfSSL | 16:8e0d178b1d1e | 2254 | fp_set(Y, 0); |
wolfSSL | 16:8e0d178b1d1e | 2255 | return FP_OKAY; |
wolfSSL | 16:8e0d178b1d1e | 2256 | } |
wolfSSL | 16:8e0d178b1d1e | 2257 | if (fp_iszero(X)) { |
wolfSSL | 16:8e0d178b1d1e | 2258 | fp_set(Y, 1); |
wolfSSL | 16:8e0d178b1d1e | 2259 | return FP_OKAY; |
wolfSSL | 16:8e0d178b1d1e | 2260 | } |
wolfSSL | 16:8e0d178b1d1e | 2261 | if (fp_iszero(G)) { |
wolfSSL | 16:8e0d178b1d1e | 2262 | fp_set(Y, 0); |
wolfSSL | 16:8e0d178b1d1e | 2263 | return FP_OKAY; |
wolfSSL | 16:8e0d178b1d1e | 2264 | } |
wolfSSL | 16:8e0d178b1d1e | 2265 | |
wolfSSL | 16:8e0d178b1d1e | 2266 | #if defined(WOLFSSL_ESP32WROOM32_CRYPT_RSA_PRI) && \ |
wolfSSL | 16:8e0d178b1d1e | 2267 | !defined(NO_WOLFSSL_ESP32WROOM32_CRYPT_RSA_PRI) |
wolfSSL | 16:8e0d178b1d1e | 2268 | if(x > EPS_RSA_EXPT_XBTIS) { |
wolfSSL | 16:8e0d178b1d1e | 2269 | return esp_mp_exptmod(G, X, x, P, Y); |
wolfSSL | 16:8e0d178b1d1e | 2270 | } |
wolfSSL | 16:8e0d178b1d1e | 2271 | #endif |
wolfSSL | 16:8e0d178b1d1e | 2272 | |
wolfSSL | 16:8e0d178b1d1e | 2273 | if (X->sign == FP_NEG) { |
wolfSSL | 16:8e0d178b1d1e | 2274 | #ifndef POSITIVE_EXP_ONLY /* reduce stack if assume no negatives */ |
wolfSSL | 16:8e0d178b1d1e | 2275 | int err; |
wolfSSL | 16:8e0d178b1d1e | 2276 | #ifndef WOLFSSL_SMALL_STACK |
wolfSSL | 16:8e0d178b1d1e | 2277 | fp_int tmp[2]; |
wolfSSL | 16:8e0d178b1d1e | 2278 | #else |
wolfSSL | 16:8e0d178b1d1e | 2279 | fp_int *tmp; |
wolfSSL | 16:8e0d178b1d1e | 2280 | #endif |
wolfSSL | 16:8e0d178b1d1e | 2281 | |
wolfSSL | 16:8e0d178b1d1e | 2282 | #ifdef WOLFSSL_SMALL_STACK |
wolfSSL | 16:8e0d178b1d1e | 2283 | tmp = (fp_int*)XMALLOC(sizeof(fp_int) * 2, NULL, DYNAMIC_TYPE_BIGINT); |
wolfSSL | 16:8e0d178b1d1e | 2284 | if (tmp == NULL) |
wolfSSL | 16:8e0d178b1d1e | 2285 | return FP_MEM; |
wolfSSL | 16:8e0d178b1d1e | 2286 | #endif |
wolfSSL | 16:8e0d178b1d1e | 2287 | |
wolfSSL | 16:8e0d178b1d1e | 2288 | /* yes, copy G and invmod it */ |
wolfSSL | 16:8e0d178b1d1e | 2289 | fp_init_copy(&tmp[0], G); |
wolfSSL | 16:8e0d178b1d1e | 2290 | fp_init_copy(&tmp[1], P); |
wolfSSL | 16:8e0d178b1d1e | 2291 | tmp[1].sign = FP_ZPOS; |
wolfSSL | 16:8e0d178b1d1e | 2292 | err = fp_invmod(&tmp[0], &tmp[1], &tmp[0]); |
wolfSSL | 16:8e0d178b1d1e | 2293 | if (err == FP_OKAY) { |
wolfSSL | 16:8e0d178b1d1e | 2294 | fp_copy(X, &tmp[1]); |
wolfSSL | 16:8e0d178b1d1e | 2295 | tmp[1].sign = FP_ZPOS; |
wolfSSL | 16:8e0d178b1d1e | 2296 | #ifdef TFM_TIMING_RESISTANT |
wolfSSL | 16:8e0d178b1d1e | 2297 | err = _fp_exptmod_ct(&tmp[0], &tmp[1], tmp[1].used, P, Y); |
wolfSSL | 16:8e0d178b1d1e | 2298 | #else |
wolfSSL | 16:8e0d178b1d1e | 2299 | err = _fp_exptmod_nct(&tmp[0], &tmp[1], P, Y); |
wolfSSL | 16:8e0d178b1d1e | 2300 | #endif |
wolfSSL | 16:8e0d178b1d1e | 2301 | if (P->sign == FP_NEG) { |
wolfSSL | 16:8e0d178b1d1e | 2302 | fp_add(Y, P, Y); |
wolfSSL | 16:8e0d178b1d1e | 2303 | } |
wolfSSL | 16:8e0d178b1d1e | 2304 | } |
wolfSSL | 16:8e0d178b1d1e | 2305 | #ifdef WOLFSSL_SMALL_STACK |
wolfSSL | 16:8e0d178b1d1e | 2306 | XFREE(tmp, NULL, DYNAMIC_TYPE_TMP_BUFFER); |
wolfSSL | 16:8e0d178b1d1e | 2307 | #endif |
wolfSSL | 16:8e0d178b1d1e | 2308 | return err; |
wolfSSL | 16:8e0d178b1d1e | 2309 | #else |
wolfSSL | 16:8e0d178b1d1e | 2310 | return FP_VAL; |
wolfSSL | 16:8e0d178b1d1e | 2311 | #endif |
wolfSSL | 16:8e0d178b1d1e | 2312 | } |
wolfSSL | 16:8e0d178b1d1e | 2313 | else if (G->used == 1 && G->dp[0] == 2) { |
wolfSSL | 16:8e0d178b1d1e | 2314 | return _fp_exptmod_base_2(X, X->used, P, Y); |
wolfSSL | 16:8e0d178b1d1e | 2315 | } |
wolfSSL | 16:8e0d178b1d1e | 2316 | else { |
wolfSSL | 16:8e0d178b1d1e | 2317 | /* Positive exponent so just exptmod */ |
wolfSSL | 16:8e0d178b1d1e | 2318 | #ifdef TFM_TIMING_RESISTANT |
wolfSSL | 16:8e0d178b1d1e | 2319 | return _fp_exptmod_ct(G, X, X->used, P, Y); |
wolfSSL | 16:8e0d178b1d1e | 2320 | #else |
wolfSSL | 16:8e0d178b1d1e | 2321 | return _fp_exptmod_nct(G, X, P, Y); |
wolfSSL | 16:8e0d178b1d1e | 2322 | #endif |
wolfSSL | 16:8e0d178b1d1e | 2323 | } |
wolfSSL | 16:8e0d178b1d1e | 2324 | } |
wolfSSL | 16:8e0d178b1d1e | 2325 | |
wolfSSL | 16:8e0d178b1d1e | 2326 | int fp_exptmod_ex(fp_int * G, fp_int * X, int digits, fp_int * P, fp_int * Y) |
wolfSSL | 16:8e0d178b1d1e | 2327 | { |
wolfSSL | 16:8e0d178b1d1e | 2328 | |
wolfSSL | 16:8e0d178b1d1e | 2329 | #if defined(WOLFSSL_ESP32WROOM32_CRYPT_RSA_PRI) && \ |
wolfSSL | 16:8e0d178b1d1e | 2330 | !defined(NO_WOLFSSL_ESP32WROOM32_CRYPT_RSA_PRI) |
wolfSSL | 16:8e0d178b1d1e | 2331 | int x = fp_count_bits (X); |
wolfSSL | 16:8e0d178b1d1e | 2332 | #endif |
wolfSSL | 16:8e0d178b1d1e | 2333 | |
wolfSSL | 16:8e0d178b1d1e | 2334 | if (fp_iszero(G)) { |
wolfSSL | 16:8e0d178b1d1e | 2335 | fp_set(G, 0); |
wolfSSL | 16:8e0d178b1d1e | 2336 | return FP_OKAY; |
wolfSSL | 16:8e0d178b1d1e | 2337 | } |
wolfSSL | 16:8e0d178b1d1e | 2338 | |
wolfSSL | 15:117db924cf7c | 2339 | /* prevent overflows */ |
wolfSSL | 15:117db924cf7c | 2340 | if (P->used > (FP_SIZE/2)) { |
wolfSSL | 15:117db924cf7c | 2341 | return FP_VAL; |
wolfSSL | 15:117db924cf7c | 2342 | } |
wolfSSL | 15:117db924cf7c | 2343 | |
wolfSSL | 16:8e0d178b1d1e | 2344 | #if defined(WOLFSSL_ESP32WROOM32_CRYPT_RSA_PRI) && \ |
wolfSSL | 16:8e0d178b1d1e | 2345 | !defined(NO_WOLFSSL_ESP32WROOM32_CRYPT_RSA_PRI) |
wolfSSL | 16:8e0d178b1d1e | 2346 | if(x > EPS_RSA_EXPT_XBTIS) { |
wolfSSL | 16:8e0d178b1d1e | 2347 | return esp_mp_exptmod(G, X, x, P, Y); |
wolfSSL | 16:8e0d178b1d1e | 2348 | } |
wolfSSL | 16:8e0d178b1d1e | 2349 | #endif |
wolfSSL | 16:8e0d178b1d1e | 2350 | |
wolfSSL | 15:117db924cf7c | 2351 | if (X->sign == FP_NEG) { |
wolfSSL | 15:117db924cf7c | 2352 | #ifndef POSITIVE_EXP_ONLY /* reduce stack if assume no negatives */ |
wolfSSL | 15:117db924cf7c | 2353 | int err; |
wolfSSL | 16:8e0d178b1d1e | 2354 | #ifndef WOLFSSL_SMALL_STACK |
wolfSSL | 16:8e0d178b1d1e | 2355 | fp_int tmp[2]; |
wolfSSL | 16:8e0d178b1d1e | 2356 | #else |
wolfSSL | 16:8e0d178b1d1e | 2357 | fp_int *tmp; |
wolfSSL | 16:8e0d178b1d1e | 2358 | #endif |
wolfSSL | 16:8e0d178b1d1e | 2359 | |
wolfSSL | 16:8e0d178b1d1e | 2360 | #ifdef WOLFSSL_SMALL_STACK |
wolfSSL | 16:8e0d178b1d1e | 2361 | tmp = (fp_int*)XMALLOC(sizeof(fp_int) * 2, NULL, DYNAMIC_TYPE_TMP_BUFFER); |
wolfSSL | 16:8e0d178b1d1e | 2362 | if (tmp == NULL) |
wolfSSL | 16:8e0d178b1d1e | 2363 | return FP_MEM; |
wolfSSL | 16:8e0d178b1d1e | 2364 | #endif |
wolfSSL | 15:117db924cf7c | 2365 | |
wolfSSL | 15:117db924cf7c | 2366 | /* yes, copy G and invmod it */ |
wolfSSL | 16:8e0d178b1d1e | 2367 | fp_init_copy(&tmp[0], G); |
wolfSSL | 16:8e0d178b1d1e | 2368 | fp_init_copy(&tmp[1], P); |
wolfSSL | 16:8e0d178b1d1e | 2369 | tmp[1].sign = FP_ZPOS; |
wolfSSL | 16:8e0d178b1d1e | 2370 | err = fp_invmod(&tmp[0], &tmp[1], &tmp[0]); |
wolfSSL | 16:8e0d178b1d1e | 2371 | if (err == FP_OKAY) { |
wolfSSL | 16:8e0d178b1d1e | 2372 | X->sign = FP_ZPOS; |
wolfSSL | 16:8e0d178b1d1e | 2373 | #ifdef TFM_TIMING_RESISTANT |
wolfSSL | 16:8e0d178b1d1e | 2374 | err = _fp_exptmod_ct(&tmp[0], X, digits, P, Y); |
wolfSSL | 16:8e0d178b1d1e | 2375 | #else |
wolfSSL | 16:8e0d178b1d1e | 2376 | err = _fp_exptmod_nct(&tmp[0], X, P, Y); |
wolfSSL | 16:8e0d178b1d1e | 2377 | (void)digits; |
wolfSSL | 16:8e0d178b1d1e | 2378 | #endif |
wolfSSL | 16:8e0d178b1d1e | 2379 | if (X != Y) { |
wolfSSL | 16:8e0d178b1d1e | 2380 | X->sign = FP_NEG; |
wolfSSL | 16:8e0d178b1d1e | 2381 | } |
wolfSSL | 16:8e0d178b1d1e | 2382 | if (P->sign == FP_NEG) { |
wolfSSL | 16:8e0d178b1d1e | 2383 | fp_add(Y, P, Y); |
wolfSSL | 16:8e0d178b1d1e | 2384 | } |
wolfSSL | 15:117db924cf7c | 2385 | } |
wolfSSL | 16:8e0d178b1d1e | 2386 | #ifdef WOLFSSL_SMALL_STACK |
wolfSSL | 16:8e0d178b1d1e | 2387 | XFREE(tmp, NULL, DYNAMIC_TYPE_BIGINT); |
wolfSSL | 16:8e0d178b1d1e | 2388 | #endif |
wolfSSL | 15:117db924cf7c | 2389 | return err; |
wolfSSL | 15:117db924cf7c | 2390 | #else |
wolfSSL | 15:117db924cf7c | 2391 | return FP_VAL; |
wolfSSL | 15:117db924cf7c | 2392 | #endif |
wolfSSL | 15:117db924cf7c | 2393 | } |
wolfSSL | 15:117db924cf7c | 2394 | else { |
wolfSSL | 15:117db924cf7c | 2395 | /* Positive exponent so just exptmod */ |
wolfSSL | 16:8e0d178b1d1e | 2396 | #ifdef TFM_TIMING_RESISTANT |
wolfSSL | 16:8e0d178b1d1e | 2397 | return _fp_exptmod_ct(G, X, digits, P, Y); |
wolfSSL | 16:8e0d178b1d1e | 2398 | #else |
wolfSSL | 16:8e0d178b1d1e | 2399 | return _fp_exptmod_nct(G, X, P, Y); |
wolfSSL | 16:8e0d178b1d1e | 2400 | #endif |
wolfSSL | 16:8e0d178b1d1e | 2401 | } |
wolfSSL | 16:8e0d178b1d1e | 2402 | } |
wolfSSL | 16:8e0d178b1d1e | 2403 | |
wolfSSL | 16:8e0d178b1d1e | 2404 | int fp_exptmod_nct(fp_int * G, fp_int * X, fp_int * P, fp_int * Y) |
wolfSSL | 16:8e0d178b1d1e | 2405 | { |
wolfSSL | 16:8e0d178b1d1e | 2406 | #if defined(WOLFSSL_ESP32WROOM32_CRYPT_RSA_PRI) && \ |
wolfSSL | 16:8e0d178b1d1e | 2407 | !defined(NO_WOLFSSL_ESP32WROOM32_CRYPT_RSA_PRI) |
wolfSSL | 16:8e0d178b1d1e | 2408 | int x = fp_count_bits (X); |
wolfSSL | 16:8e0d178b1d1e | 2409 | #endif |
wolfSSL | 16:8e0d178b1d1e | 2410 | |
wolfSSL | 16:8e0d178b1d1e | 2411 | if (fp_iszero(G)) { |
wolfSSL | 16:8e0d178b1d1e | 2412 | fp_set(G, 0); |
wolfSSL | 16:8e0d178b1d1e | 2413 | return FP_OKAY; |
wolfSSL | 16:8e0d178b1d1e | 2414 | } |
wolfSSL | 16:8e0d178b1d1e | 2415 | |
wolfSSL | 16:8e0d178b1d1e | 2416 | /* prevent overflows */ |
wolfSSL | 16:8e0d178b1d1e | 2417 | if (P->used > (FP_SIZE/2)) { |
wolfSSL | 16:8e0d178b1d1e | 2418 | return FP_VAL; |
wolfSSL | 16:8e0d178b1d1e | 2419 | } |
wolfSSL | 16:8e0d178b1d1e | 2420 | |
wolfSSL | 16:8e0d178b1d1e | 2421 | #if defined(WOLFSSL_ESP32WROOM32_CRYPT_RSA_PRI) && \ |
wolfSSL | 16:8e0d178b1d1e | 2422 | !defined(NO_WOLFSSL_ESP32WROOM32_CRYPT_RSA_PRI) |
wolfSSL | 16:8e0d178b1d1e | 2423 | if(x > EPS_RSA_EXPT_XBTIS) { |
wolfSSL | 16:8e0d178b1d1e | 2424 | return esp_mp_exptmod(G, X, x, P, Y); |
wolfSSL | 16:8e0d178b1d1e | 2425 | } |
wolfSSL | 16:8e0d178b1d1e | 2426 | #endif |
wolfSSL | 16:8e0d178b1d1e | 2427 | |
wolfSSL | 16:8e0d178b1d1e | 2428 | if (X->sign == FP_NEG) { |
wolfSSL | 16:8e0d178b1d1e | 2429 | #ifndef POSITIVE_EXP_ONLY /* reduce stack if assume no negatives */ |
wolfSSL | 16:8e0d178b1d1e | 2430 | int err; |
wolfSSL | 16:8e0d178b1d1e | 2431 | #ifndef WOLFSSL_SMALL_STACK |
wolfSSL | 16:8e0d178b1d1e | 2432 | fp_int tmp[2]; |
wolfSSL | 16:8e0d178b1d1e | 2433 | #else |
wolfSSL | 16:8e0d178b1d1e | 2434 | fp_int *tmp; |
wolfSSL | 16:8e0d178b1d1e | 2435 | #endif |
wolfSSL | 16:8e0d178b1d1e | 2436 | |
wolfSSL | 16:8e0d178b1d1e | 2437 | #ifdef WOLFSSL_SMALL_STACK |
wolfSSL | 16:8e0d178b1d1e | 2438 | tmp = (fp_int*)XMALLOC(sizeof(fp_int) * 2, NULL, DYNAMIC_TYPE_TMP_BUFFER); |
wolfSSL | 16:8e0d178b1d1e | 2439 | if (tmp == NULL) |
wolfSSL | 16:8e0d178b1d1e | 2440 | return FP_MEM; |
wolfSSL | 16:8e0d178b1d1e | 2441 | #endif |
wolfSSL | 16:8e0d178b1d1e | 2442 | |
wolfSSL | 16:8e0d178b1d1e | 2443 | /* yes, copy G and invmod it */ |
wolfSSL | 16:8e0d178b1d1e | 2444 | fp_init_copy(&tmp[0], G); |
wolfSSL | 16:8e0d178b1d1e | 2445 | fp_init_copy(&tmp[1], P); |
wolfSSL | 16:8e0d178b1d1e | 2446 | tmp[1].sign = FP_ZPOS; |
wolfSSL | 16:8e0d178b1d1e | 2447 | err = fp_invmod(&tmp[0], &tmp[1], &tmp[0]); |
wolfSSL | 16:8e0d178b1d1e | 2448 | if (err == FP_OKAY) { |
wolfSSL | 16:8e0d178b1d1e | 2449 | X->sign = FP_ZPOS; |
wolfSSL | 16:8e0d178b1d1e | 2450 | err = _fp_exptmod_nct(&tmp[0], X, P, Y); |
wolfSSL | 16:8e0d178b1d1e | 2451 | if (X != Y) { |
wolfSSL | 16:8e0d178b1d1e | 2452 | X->sign = FP_NEG; |
wolfSSL | 16:8e0d178b1d1e | 2453 | } |
wolfSSL | 16:8e0d178b1d1e | 2454 | if (P->sign == FP_NEG) { |
wolfSSL | 16:8e0d178b1d1e | 2455 | fp_add(Y, P, Y); |
wolfSSL | 16:8e0d178b1d1e | 2456 | } |
wolfSSL | 16:8e0d178b1d1e | 2457 | } |
wolfSSL | 16:8e0d178b1d1e | 2458 | #ifdef WOLFSSL_SMALL_STACK |
wolfSSL | 16:8e0d178b1d1e | 2459 | XFREE(tmp, NULL, DYNAMIC_TYPE_BIGINT); |
wolfSSL | 16:8e0d178b1d1e | 2460 | #endif |
wolfSSL | 16:8e0d178b1d1e | 2461 | return err; |
wolfSSL | 16:8e0d178b1d1e | 2462 | #else |
wolfSSL | 16:8e0d178b1d1e | 2463 | return FP_VAL; |
wolfSSL | 16:8e0d178b1d1e | 2464 | #endif |
wolfSSL | 16:8e0d178b1d1e | 2465 | } |
wolfSSL | 16:8e0d178b1d1e | 2466 | else { |
wolfSSL | 16:8e0d178b1d1e | 2467 | /* Positive exponent so just exptmod */ |
wolfSSL | 16:8e0d178b1d1e | 2468 | return _fp_exptmod_nct(G, X, P, Y); |
wolfSSL | 15:117db924cf7c | 2469 | } |
wolfSSL | 15:117db924cf7c | 2470 | } |
wolfSSL | 15:117db924cf7c | 2471 | |
wolfSSL | 15:117db924cf7c | 2472 | /* computes a = 2**b */ |
wolfSSL | 15:117db924cf7c | 2473 | void fp_2expt(fp_int *a, int b) |
wolfSSL | 15:117db924cf7c | 2474 | { |
wolfSSL | 15:117db924cf7c | 2475 | int z; |
wolfSSL | 15:117db924cf7c | 2476 | |
wolfSSL | 15:117db924cf7c | 2477 | /* zero a as per default */ |
wolfSSL | 15:117db924cf7c | 2478 | fp_zero (a); |
wolfSSL | 15:117db924cf7c | 2479 | |
wolfSSL | 15:117db924cf7c | 2480 | if (b < 0) { |
wolfSSL | 15:117db924cf7c | 2481 | return; |
wolfSSL | 15:117db924cf7c | 2482 | } |
wolfSSL | 15:117db924cf7c | 2483 | |
wolfSSL | 15:117db924cf7c | 2484 | z = b / DIGIT_BIT; |
wolfSSL | 15:117db924cf7c | 2485 | if (z >= FP_SIZE) { |
wolfSSL | 15:117db924cf7c | 2486 | return; |
wolfSSL | 15:117db924cf7c | 2487 | } |
wolfSSL | 15:117db924cf7c | 2488 | |
wolfSSL | 15:117db924cf7c | 2489 | /* set the used count of where the bit will go */ |
wolfSSL | 15:117db924cf7c | 2490 | a->used = z + 1; |
wolfSSL | 15:117db924cf7c | 2491 | |
wolfSSL | 15:117db924cf7c | 2492 | /* put the single bit in its place */ |
wolfSSL | 15:117db924cf7c | 2493 | a->dp[z] = ((fp_digit)1) << (b % DIGIT_BIT); |
wolfSSL | 15:117db924cf7c | 2494 | } |
wolfSSL | 15:117db924cf7c | 2495 | |
wolfSSL | 15:117db924cf7c | 2496 | /* b = a*a */ |
wolfSSL | 16:8e0d178b1d1e | 2497 | int fp_sqr(fp_int *A, fp_int *B) |
wolfSSL | 15:117db924cf7c | 2498 | { |
wolfSSL | 16:8e0d178b1d1e | 2499 | int err; |
wolfSSL | 15:117db924cf7c | 2500 | int y, oldused; |
wolfSSL | 15:117db924cf7c | 2501 | |
wolfSSL | 15:117db924cf7c | 2502 | oldused = B->used; |
wolfSSL | 15:117db924cf7c | 2503 | y = A->used; |
wolfSSL | 15:117db924cf7c | 2504 | |
wolfSSL | 15:117db924cf7c | 2505 | /* call generic if we're out of range */ |
wolfSSL | 15:117db924cf7c | 2506 | if (y + y > FP_SIZE) { |
wolfSSL | 16:8e0d178b1d1e | 2507 | err = fp_sqr_comba(A, B); |
wolfSSL | 15:117db924cf7c | 2508 | goto clean; |
wolfSSL | 15:117db924cf7c | 2509 | } |
wolfSSL | 15:117db924cf7c | 2510 | |
wolfSSL | 15:117db924cf7c | 2511 | #if defined(TFM_SQR3) && FP_SIZE >= 6 |
wolfSSL | 15:117db924cf7c | 2512 | if (y <= 3) { |
wolfSSL | 16:8e0d178b1d1e | 2513 | err = fp_sqr_comba3(A,B); |
wolfSSL | 15:117db924cf7c | 2514 | goto clean; |
wolfSSL | 15:117db924cf7c | 2515 | } |
wolfSSL | 15:117db924cf7c | 2516 | #endif |
wolfSSL | 15:117db924cf7c | 2517 | #if defined(TFM_SQR4) && FP_SIZE >= 8 |
wolfSSL | 15:117db924cf7c | 2518 | if (y == 4) { |
wolfSSL | 16:8e0d178b1d1e | 2519 | err = fp_sqr_comba4(A,B); |
wolfSSL | 15:117db924cf7c | 2520 | goto clean; |
wolfSSL | 15:117db924cf7c | 2521 | } |
wolfSSL | 15:117db924cf7c | 2522 | #endif |
wolfSSL | 15:117db924cf7c | 2523 | #if defined(TFM_SQR6) && FP_SIZE >= 12 |
wolfSSL | 15:117db924cf7c | 2524 | if (y <= 6) { |
wolfSSL | 16:8e0d178b1d1e | 2525 | err = fp_sqr_comba6(A,B); |
wolfSSL | 15:117db924cf7c | 2526 | goto clean; |
wolfSSL | 15:117db924cf7c | 2527 | } |
wolfSSL | 15:117db924cf7c | 2528 | #endif |
wolfSSL | 15:117db924cf7c | 2529 | #if defined(TFM_SQR7) && FP_SIZE >= 14 |
wolfSSL | 15:117db924cf7c | 2530 | if (y == 7) { |
wolfSSL | 16:8e0d178b1d1e | 2531 | err = fp_sqr_comba7(A,B); |
wolfSSL | 15:117db924cf7c | 2532 | goto clean; |
wolfSSL | 15:117db924cf7c | 2533 | } |
wolfSSL | 15:117db924cf7c | 2534 | #endif |
wolfSSL | 15:117db924cf7c | 2535 | #if defined(TFM_SQR8) && FP_SIZE >= 16 |
wolfSSL | 15:117db924cf7c | 2536 | if (y == 8) { |
wolfSSL | 16:8e0d178b1d1e | 2537 | err = fp_sqr_comba8(A,B); |
wolfSSL | 15:117db924cf7c | 2538 | goto clean; |
wolfSSL | 15:117db924cf7c | 2539 | } |
wolfSSL | 15:117db924cf7c | 2540 | #endif |
wolfSSL | 15:117db924cf7c | 2541 | #if defined(TFM_SQR9) && FP_SIZE >= 18 |
wolfSSL | 15:117db924cf7c | 2542 | if (y == 9) { |
wolfSSL | 16:8e0d178b1d1e | 2543 | err = fp_sqr_comba9(A,B); |
wolfSSL | 15:117db924cf7c | 2544 | goto clean; |
wolfSSL | 15:117db924cf7c | 2545 | } |
wolfSSL | 15:117db924cf7c | 2546 | #endif |
wolfSSL | 15:117db924cf7c | 2547 | #if defined(TFM_SQR12) && FP_SIZE >= 24 |
wolfSSL | 15:117db924cf7c | 2548 | if (y <= 12) { |
wolfSSL | 16:8e0d178b1d1e | 2549 | err = fp_sqr_comba12(A,B); |
wolfSSL | 15:117db924cf7c | 2550 | goto clean; |
wolfSSL | 15:117db924cf7c | 2551 | } |
wolfSSL | 15:117db924cf7c | 2552 | #endif |
wolfSSL | 15:117db924cf7c | 2553 | #if defined(TFM_SQR17) && FP_SIZE >= 34 |
wolfSSL | 15:117db924cf7c | 2554 | if (y <= 17) { |
wolfSSL | 16:8e0d178b1d1e | 2555 | err = fp_sqr_comba17(A,B); |
wolfSSL | 15:117db924cf7c | 2556 | goto clean; |
wolfSSL | 15:117db924cf7c | 2557 | } |
wolfSSL | 15:117db924cf7c | 2558 | #endif |
wolfSSL | 15:117db924cf7c | 2559 | #if defined(TFM_SMALL_SET) |
wolfSSL | 15:117db924cf7c | 2560 | if (y <= 16) { |
wolfSSL | 16:8e0d178b1d1e | 2561 | err = fp_sqr_comba_small(A,B); |
wolfSSL | 15:117db924cf7c | 2562 | goto clean; |
wolfSSL | 15:117db924cf7c | 2563 | } |
wolfSSL | 15:117db924cf7c | 2564 | #endif |
wolfSSL | 15:117db924cf7c | 2565 | #if defined(TFM_SQR20) && FP_SIZE >= 40 |
wolfSSL | 15:117db924cf7c | 2566 | if (y <= 20) { |
wolfSSL | 16:8e0d178b1d1e | 2567 | err = fp_sqr_comba20(A,B); |
wolfSSL | 15:117db924cf7c | 2568 | goto clean; |
wolfSSL | 15:117db924cf7c | 2569 | } |
wolfSSL | 15:117db924cf7c | 2570 | #endif |
wolfSSL | 15:117db924cf7c | 2571 | #if defined(TFM_SQR24) && FP_SIZE >= 48 |
wolfSSL | 15:117db924cf7c | 2572 | if (y <= 24) { |
wolfSSL | 16:8e0d178b1d1e | 2573 | err = fp_sqr_comba24(A,B); |
wolfSSL | 15:117db924cf7c | 2574 | goto clean; |
wolfSSL | 15:117db924cf7c | 2575 | } |
wolfSSL | 15:117db924cf7c | 2576 | #endif |
wolfSSL | 15:117db924cf7c | 2577 | #if defined(TFM_SQR28) && FP_SIZE >= 56 |
wolfSSL | 15:117db924cf7c | 2578 | if (y <= 28) { |
wolfSSL | 16:8e0d178b1d1e | 2579 | err = fp_sqr_comba28(A,B); |
wolfSSL | 15:117db924cf7c | 2580 | goto clean; |
wolfSSL | 15:117db924cf7c | 2581 | } |
wolfSSL | 15:117db924cf7c | 2582 | #endif |
wolfSSL | 15:117db924cf7c | 2583 | #if defined(TFM_SQR32) && FP_SIZE >= 64 |
wolfSSL | 15:117db924cf7c | 2584 | if (y <= 32) { |
wolfSSL | 16:8e0d178b1d1e | 2585 | err = fp_sqr_comba32(A,B); |
wolfSSL | 15:117db924cf7c | 2586 | goto clean; |
wolfSSL | 15:117db924cf7c | 2587 | } |
wolfSSL | 15:117db924cf7c | 2588 | #endif |
wolfSSL | 15:117db924cf7c | 2589 | #if defined(TFM_SQR48) && FP_SIZE >= 96 |
wolfSSL | 15:117db924cf7c | 2590 | if (y <= 48) { |
wolfSSL | 16:8e0d178b1d1e | 2591 | err = fp_sqr_comba48(A,B); |
wolfSSL | 15:117db924cf7c | 2592 | goto clean; |
wolfSSL | 15:117db924cf7c | 2593 | } |
wolfSSL | 15:117db924cf7c | 2594 | #endif |
wolfSSL | 15:117db924cf7c | 2595 | #if defined(TFM_SQR64) && FP_SIZE >= 128 |
wolfSSL | 15:117db924cf7c | 2596 | if (y <= 64) { |
wolfSSL | 16:8e0d178b1d1e | 2597 | err = fp_sqr_comba64(A,B); |
wolfSSL | 15:117db924cf7c | 2598 | goto clean; |
wolfSSL | 15:117db924cf7c | 2599 | } |
wolfSSL | 15:117db924cf7c | 2600 | #endif |
wolfSSL | 16:8e0d178b1d1e | 2601 | err = fp_sqr_comba(A, B); |
wolfSSL | 15:117db924cf7c | 2602 | |
wolfSSL | 15:117db924cf7c | 2603 | clean: |
wolfSSL | 15:117db924cf7c | 2604 | /* zero any excess digits on the destination that we didn't write to */ |
wolfSSL | 15:117db924cf7c | 2605 | for (y = B->used; y >= 0 && y < oldused; y++) { |
wolfSSL | 15:117db924cf7c | 2606 | B->dp[y] = 0; |
wolfSSL | 15:117db924cf7c | 2607 | } |
wolfSSL | 16:8e0d178b1d1e | 2608 | |
wolfSSL | 16:8e0d178b1d1e | 2609 | return err; |
wolfSSL | 15:117db924cf7c | 2610 | } |
wolfSSL | 15:117db924cf7c | 2611 | |
wolfSSL | 15:117db924cf7c | 2612 | /* generic comba squarer */ |
wolfSSL | 16:8e0d178b1d1e | 2613 | int fp_sqr_comba(fp_int *A, fp_int *B) |
wolfSSL | 15:117db924cf7c | 2614 | { |
wolfSSL | 15:117db924cf7c | 2615 | int pa, ix, iz; |
wolfSSL | 15:117db924cf7c | 2616 | fp_digit c0, c1, c2; |
wolfSSL | 15:117db924cf7c | 2617 | #ifdef TFM_ISO |
wolfSSL | 15:117db924cf7c | 2618 | fp_word tt; |
wolfSSL | 15:117db924cf7c | 2619 | #endif |
wolfSSL | 16:8e0d178b1d1e | 2620 | fp_int *dst; |
wolfSSL | 16:8e0d178b1d1e | 2621 | #ifndef WOLFSSL_SMALL_STACK |
wolfSSL | 16:8e0d178b1d1e | 2622 | fp_int tmp[1]; |
wolfSSL | 16:8e0d178b1d1e | 2623 | #else |
wolfSSL | 16:8e0d178b1d1e | 2624 | fp_int *tmp; |
wolfSSL | 16:8e0d178b1d1e | 2625 | #endif |
wolfSSL | 16:8e0d178b1d1e | 2626 | |
wolfSSL | 16:8e0d178b1d1e | 2627 | #ifdef WOLFSSL_SMALL_STACK |
wolfSSL | 16:8e0d178b1d1e | 2628 | tmp = (fp_int*)XMALLOC(sizeof(fp_int), NULL, DYNAMIC_TYPE_BIGINT); |
wolfSSL | 16:8e0d178b1d1e | 2629 | if (tmp == NULL) |
wolfSSL | 16:8e0d178b1d1e | 2630 | return FP_MEM; |
wolfSSL | 16:8e0d178b1d1e | 2631 | #endif |
wolfSSL | 15:117db924cf7c | 2632 | |
wolfSSL | 15:117db924cf7c | 2633 | /* get size of output and trim */ |
wolfSSL | 15:117db924cf7c | 2634 | pa = A->used + A->used; |
wolfSSL | 15:117db924cf7c | 2635 | if (pa >= FP_SIZE) { |
wolfSSL | 15:117db924cf7c | 2636 | pa = FP_SIZE-1; |
wolfSSL | 15:117db924cf7c | 2637 | } |
wolfSSL | 15:117db924cf7c | 2638 | |
wolfSSL | 15:117db924cf7c | 2639 | /* number of output digits to produce */ |
wolfSSL | 15:117db924cf7c | 2640 | COMBA_START; |
wolfSSL | 15:117db924cf7c | 2641 | COMBA_CLEAR; |
wolfSSL | 15:117db924cf7c | 2642 | |
wolfSSL | 15:117db924cf7c | 2643 | if (A == B) { |
wolfSSL | 16:8e0d178b1d1e | 2644 | fp_init(tmp); |
wolfSSL | 16:8e0d178b1d1e | 2645 | dst = tmp; |
wolfSSL | 15:117db924cf7c | 2646 | } else { |
wolfSSL | 15:117db924cf7c | 2647 | fp_zero(B); |
wolfSSL | 15:117db924cf7c | 2648 | dst = B; |
wolfSSL | 15:117db924cf7c | 2649 | } |
wolfSSL | 15:117db924cf7c | 2650 | |
wolfSSL | 15:117db924cf7c | 2651 | for (ix = 0; ix < pa; ix++) { |
wolfSSL | 15:117db924cf7c | 2652 | int tx, ty, iy; |
wolfSSL | 15:117db924cf7c | 2653 | fp_digit *tmpy, *tmpx; |
wolfSSL | 15:117db924cf7c | 2654 | |
wolfSSL | 15:117db924cf7c | 2655 | /* get offsets into the two bignums */ |
wolfSSL | 15:117db924cf7c | 2656 | ty = MIN(A->used-1, ix); |
wolfSSL | 15:117db924cf7c | 2657 | tx = ix - ty; |
wolfSSL | 15:117db924cf7c | 2658 | |
wolfSSL | 15:117db924cf7c | 2659 | /* setup temp aliases */ |
wolfSSL | 15:117db924cf7c | 2660 | tmpx = A->dp + tx; |
wolfSSL | 15:117db924cf7c | 2661 | tmpy = A->dp + ty; |
wolfSSL | 15:117db924cf7c | 2662 | |
wolfSSL | 15:117db924cf7c | 2663 | /* this is the number of times the loop will iterate, |
wolfSSL | 15:117db924cf7c | 2664 | while (tx++ < a->used && ty-- >= 0) { ... } |
wolfSSL | 15:117db924cf7c | 2665 | */ |
wolfSSL | 15:117db924cf7c | 2666 | iy = MIN(A->used-tx, ty+1); |
wolfSSL | 15:117db924cf7c | 2667 | |
wolfSSL | 15:117db924cf7c | 2668 | /* now for squaring tx can never equal ty |
wolfSSL | 15:117db924cf7c | 2669 | * we halve the distance since they approach |
wolfSSL | 15:117db924cf7c | 2670 | * at a rate of 2x and we have to round because |
wolfSSL | 15:117db924cf7c | 2671 | * odd cases need to be executed |
wolfSSL | 15:117db924cf7c | 2672 | */ |
wolfSSL | 15:117db924cf7c | 2673 | iy = MIN(iy, (ty-tx+1)>>1); |
wolfSSL | 15:117db924cf7c | 2674 | |
wolfSSL | 15:117db924cf7c | 2675 | /* forward carries */ |
wolfSSL | 15:117db924cf7c | 2676 | COMBA_FORWARD; |
wolfSSL | 15:117db924cf7c | 2677 | |
wolfSSL | 15:117db924cf7c | 2678 | /* execute loop */ |
wolfSSL | 15:117db924cf7c | 2679 | for (iz = 0; iz < iy; iz++) { |
wolfSSL | 15:117db924cf7c | 2680 | SQRADD2(*tmpx++, *tmpy--); |
wolfSSL | 15:117db924cf7c | 2681 | } |
wolfSSL | 15:117db924cf7c | 2682 | |
wolfSSL | 15:117db924cf7c | 2683 | /* even columns have the square term in them */ |
wolfSSL | 15:117db924cf7c | 2684 | if ((ix&1) == 0) { |
wolfSSL | 15:117db924cf7c | 2685 | /* TAO change COMBA_ADD back to SQRADD */ |
wolfSSL | 15:117db924cf7c | 2686 | SQRADD(A->dp[ix>>1], A->dp[ix>>1]); |
wolfSSL | 15:117db924cf7c | 2687 | } |
wolfSSL | 15:117db924cf7c | 2688 | |
wolfSSL | 15:117db924cf7c | 2689 | /* store it */ |
wolfSSL | 15:117db924cf7c | 2690 | COMBA_STORE(dst->dp[ix]); |
wolfSSL | 15:117db924cf7c | 2691 | } |
wolfSSL | 15:117db924cf7c | 2692 | |
wolfSSL | 15:117db924cf7c | 2693 | COMBA_FINI; |
wolfSSL | 15:117db924cf7c | 2694 | |
wolfSSL | 15:117db924cf7c | 2695 | /* setup dest */ |
wolfSSL | 15:117db924cf7c | 2696 | dst->used = pa; |
wolfSSL | 15:117db924cf7c | 2697 | fp_clamp (dst); |
wolfSSL | 15:117db924cf7c | 2698 | if (dst != B) { |
wolfSSL | 15:117db924cf7c | 2699 | fp_copy(dst, B); |
wolfSSL | 15:117db924cf7c | 2700 | } |
wolfSSL | 16:8e0d178b1d1e | 2701 | |
wolfSSL | 16:8e0d178b1d1e | 2702 | /* Variables used but not seen by cppcheck. */ |
wolfSSL | 16:8e0d178b1d1e | 2703 | (void)c0; (void)c1; (void)c2; |
wolfSSL | 16:8e0d178b1d1e | 2704 | #ifdef TFM_ISO |
wolfSSL | 16:8e0d178b1d1e | 2705 | (void)tt; |
wolfSSL | 16:8e0d178b1d1e | 2706 | #endif |
wolfSSL | 16:8e0d178b1d1e | 2707 | |
wolfSSL | 16:8e0d178b1d1e | 2708 | #ifdef WOLFSSL_SMALL_STACK |
wolfSSL | 16:8e0d178b1d1e | 2709 | XFREE(tmp, NULL, DYNAMIC_TYPE_BIGINT); |
wolfSSL | 16:8e0d178b1d1e | 2710 | #endif |
wolfSSL | 16:8e0d178b1d1e | 2711 | return FP_OKAY; |
wolfSSL | 15:117db924cf7c | 2712 | } |
wolfSSL | 15:117db924cf7c | 2713 | |
wolfSSL | 15:117db924cf7c | 2714 | int fp_cmp(fp_int *a, fp_int *b) |
wolfSSL | 15:117db924cf7c | 2715 | { |
wolfSSL | 15:117db924cf7c | 2716 | if (a->sign == FP_NEG && b->sign == FP_ZPOS) { |
wolfSSL | 15:117db924cf7c | 2717 | return FP_LT; |
wolfSSL | 15:117db924cf7c | 2718 | } else if (a->sign == FP_ZPOS && b->sign == FP_NEG) { |
wolfSSL | 15:117db924cf7c | 2719 | return FP_GT; |
wolfSSL | 15:117db924cf7c | 2720 | } else { |
wolfSSL | 15:117db924cf7c | 2721 | /* compare digits */ |
wolfSSL | 15:117db924cf7c | 2722 | if (a->sign == FP_NEG) { |
wolfSSL | 15:117db924cf7c | 2723 | /* if negative compare opposite direction */ |
wolfSSL | 15:117db924cf7c | 2724 | return fp_cmp_mag(b, a); |
wolfSSL | 15:117db924cf7c | 2725 | } else { |
wolfSSL | 15:117db924cf7c | 2726 | return fp_cmp_mag(a, b); |
wolfSSL | 15:117db924cf7c | 2727 | } |
wolfSSL | 15:117db924cf7c | 2728 | } |
wolfSSL | 15:117db924cf7c | 2729 | } |
wolfSSL | 15:117db924cf7c | 2730 | |
wolfSSL | 15:117db924cf7c | 2731 | /* compare against a single digit */ |
wolfSSL | 15:117db924cf7c | 2732 | int fp_cmp_d(fp_int *a, fp_digit b) |
wolfSSL | 15:117db924cf7c | 2733 | { |
wolfSSL | 15:117db924cf7c | 2734 | /* special case for zero*/ |
wolfSSL | 15:117db924cf7c | 2735 | if (a->used == 0 && b == 0) |
wolfSSL | 15:117db924cf7c | 2736 | return FP_EQ; |
wolfSSL | 15:117db924cf7c | 2737 | |
wolfSSL | 15:117db924cf7c | 2738 | /* compare based on sign */ |
wolfSSL | 15:117db924cf7c | 2739 | if ((b && a->used == 0) || a->sign == FP_NEG) { |
wolfSSL | 15:117db924cf7c | 2740 | return FP_LT; |
wolfSSL | 15:117db924cf7c | 2741 | } |
wolfSSL | 15:117db924cf7c | 2742 | |
wolfSSL | 15:117db924cf7c | 2743 | /* compare based on magnitude */ |
wolfSSL | 15:117db924cf7c | 2744 | if (a->used > 1) { |
wolfSSL | 15:117db924cf7c | 2745 | return FP_GT; |
wolfSSL | 15:117db924cf7c | 2746 | } |
wolfSSL | 15:117db924cf7c | 2747 | |
wolfSSL | 15:117db924cf7c | 2748 | /* compare the only digit of a to b */ |
wolfSSL | 15:117db924cf7c | 2749 | if (a->dp[0] > b) { |
wolfSSL | 15:117db924cf7c | 2750 | return FP_GT; |
wolfSSL | 15:117db924cf7c | 2751 | } else if (a->dp[0] < b) { |
wolfSSL | 15:117db924cf7c | 2752 | return FP_LT; |
wolfSSL | 15:117db924cf7c | 2753 | } else { |
wolfSSL | 15:117db924cf7c | 2754 | return FP_EQ; |
wolfSSL | 15:117db924cf7c | 2755 | } |
wolfSSL | 15:117db924cf7c | 2756 | |
wolfSSL | 15:117db924cf7c | 2757 | } |
wolfSSL | 15:117db924cf7c | 2758 | |
wolfSSL | 15:117db924cf7c | 2759 | int fp_cmp_mag(fp_int *a, fp_int *b) |
wolfSSL | 15:117db924cf7c | 2760 | { |
wolfSSL | 15:117db924cf7c | 2761 | int x; |
wolfSSL | 15:117db924cf7c | 2762 | |
wolfSSL | 15:117db924cf7c | 2763 | if (a->used > b->used) { |
wolfSSL | 15:117db924cf7c | 2764 | return FP_GT; |
wolfSSL | 15:117db924cf7c | 2765 | } else if (a->used < b->used) { |
wolfSSL | 15:117db924cf7c | 2766 | return FP_LT; |
wolfSSL | 15:117db924cf7c | 2767 | } else { |
wolfSSL | 15:117db924cf7c | 2768 | for (x = a->used - 1; x >= 0; x--) { |
wolfSSL | 15:117db924cf7c | 2769 | if (a->dp[x] > b->dp[x]) { |
wolfSSL | 15:117db924cf7c | 2770 | return FP_GT; |
wolfSSL | 15:117db924cf7c | 2771 | } else if (a->dp[x] < b->dp[x]) { |
wolfSSL | 15:117db924cf7c | 2772 | return FP_LT; |
wolfSSL | 15:117db924cf7c | 2773 | } |
wolfSSL | 15:117db924cf7c | 2774 | } |
wolfSSL | 15:117db924cf7c | 2775 | } |
wolfSSL | 15:117db924cf7c | 2776 | return FP_EQ; |
wolfSSL | 15:117db924cf7c | 2777 | } |
wolfSSL | 15:117db924cf7c | 2778 | |
wolfSSL | 15:117db924cf7c | 2779 | /* sets up the montgomery reduction */ |
wolfSSL | 15:117db924cf7c | 2780 | int fp_montgomery_setup(fp_int *a, fp_digit *rho) |
wolfSSL | 15:117db924cf7c | 2781 | { |
wolfSSL | 15:117db924cf7c | 2782 | fp_digit x, b; |
wolfSSL | 15:117db924cf7c | 2783 | |
wolfSSL | 15:117db924cf7c | 2784 | /* fast inversion mod 2**k |
wolfSSL | 15:117db924cf7c | 2785 | * |
wolfSSL | 15:117db924cf7c | 2786 | * Based on the fact that |
wolfSSL | 15:117db924cf7c | 2787 | * |
wolfSSL | 15:117db924cf7c | 2788 | * XA = 1 (mod 2**n) => (X(2-XA)) A = 1 (mod 2**2n) |
wolfSSL | 15:117db924cf7c | 2789 | * => 2*X*A - X*X*A*A = 1 |
wolfSSL | 15:117db924cf7c | 2790 | * => 2*(1) - (1) = 1 |
wolfSSL | 15:117db924cf7c | 2791 | */ |
wolfSSL | 15:117db924cf7c | 2792 | b = a->dp[0]; |
wolfSSL | 15:117db924cf7c | 2793 | |
wolfSSL | 15:117db924cf7c | 2794 | if ((b & 1) == 0) { |
wolfSSL | 15:117db924cf7c | 2795 | return FP_VAL; |
wolfSSL | 15:117db924cf7c | 2796 | } |
wolfSSL | 15:117db924cf7c | 2797 | |
wolfSSL | 15:117db924cf7c | 2798 | x = (((b + 2) & 4) << 1) + b; /* here x*a==1 mod 2**4 */ |
wolfSSL | 15:117db924cf7c | 2799 | x *= 2 - b * x; /* here x*a==1 mod 2**8 */ |
wolfSSL | 15:117db924cf7c | 2800 | x *= 2 - b * x; /* here x*a==1 mod 2**16 */ |
wolfSSL | 15:117db924cf7c | 2801 | x *= 2 - b * x; /* here x*a==1 mod 2**32 */ |
wolfSSL | 15:117db924cf7c | 2802 | #ifdef FP_64BIT |
wolfSSL | 15:117db924cf7c | 2803 | x *= 2 - b * x; /* here x*a==1 mod 2**64 */ |
wolfSSL | 15:117db924cf7c | 2804 | #endif |
wolfSSL | 15:117db924cf7c | 2805 | |
wolfSSL | 15:117db924cf7c | 2806 | /* rho = -1/m mod b */ |
wolfSSL | 15:117db924cf7c | 2807 | *rho = (fp_digit) (((fp_word) 1 << ((fp_word) DIGIT_BIT)) - ((fp_word)x)); |
wolfSSL | 15:117db924cf7c | 2808 | |
wolfSSL | 15:117db924cf7c | 2809 | return FP_OKAY; |
wolfSSL | 15:117db924cf7c | 2810 | } |
wolfSSL | 15:117db924cf7c | 2811 | |
wolfSSL | 15:117db924cf7c | 2812 | /* computes a = B**n mod b without division or multiplication useful for |
wolfSSL | 15:117db924cf7c | 2813 | * normalizing numbers in a Montgomery system. |
wolfSSL | 15:117db924cf7c | 2814 | */ |
wolfSSL | 15:117db924cf7c | 2815 | void fp_montgomery_calc_normalization(fp_int *a, fp_int *b) |
wolfSSL | 15:117db924cf7c | 2816 | { |
wolfSSL | 15:117db924cf7c | 2817 | int x, bits; |
wolfSSL | 15:117db924cf7c | 2818 | |
wolfSSL | 15:117db924cf7c | 2819 | /* how many bits of last digit does b use */ |
wolfSSL | 15:117db924cf7c | 2820 | bits = fp_count_bits (b) % DIGIT_BIT; |
wolfSSL | 15:117db924cf7c | 2821 | if (!bits) bits = DIGIT_BIT; |
wolfSSL | 15:117db924cf7c | 2822 | |
wolfSSL | 15:117db924cf7c | 2823 | /* compute A = B^(n-1) * 2^(bits-1) */ |
wolfSSL | 15:117db924cf7c | 2824 | if (b->used > 1) { |
wolfSSL | 15:117db924cf7c | 2825 | fp_2expt (a, (b->used - 1) * DIGIT_BIT + bits - 1); |
wolfSSL | 15:117db924cf7c | 2826 | } else { |
wolfSSL | 15:117db924cf7c | 2827 | fp_set(a, 1); |
wolfSSL | 15:117db924cf7c | 2828 | bits = 1; |
wolfSSL | 15:117db924cf7c | 2829 | } |
wolfSSL | 15:117db924cf7c | 2830 | |
wolfSSL | 15:117db924cf7c | 2831 | /* now compute C = A * B mod b */ |
wolfSSL | 15:117db924cf7c | 2832 | for (x = bits - 1; x < (int)DIGIT_BIT; x++) { |
wolfSSL | 15:117db924cf7c | 2833 | fp_mul_2 (a, a); |
wolfSSL | 15:117db924cf7c | 2834 | if (fp_cmp_mag (a, b) != FP_LT) { |
wolfSSL | 15:117db924cf7c | 2835 | s_fp_sub (a, b, a); |
wolfSSL | 15:117db924cf7c | 2836 | } |
wolfSSL | 15:117db924cf7c | 2837 | } |
wolfSSL | 15:117db924cf7c | 2838 | } |
wolfSSL | 15:117db924cf7c | 2839 | |
wolfSSL | 15:117db924cf7c | 2840 | |
wolfSSL | 15:117db924cf7c | 2841 | #ifdef TFM_SMALL_MONT_SET |
wolfSSL | 15:117db924cf7c | 2842 | #include "fp_mont_small.i" |
wolfSSL | 15:117db924cf7c | 2843 | #endif |
wolfSSL | 15:117db924cf7c | 2844 | |
wolfSSL | 15:117db924cf7c | 2845 | #ifdef HAVE_INTEL_MULX |
wolfSSL | 15:117db924cf7c | 2846 | static WC_INLINE void innermul8_mulx(fp_digit *c_mulx, fp_digit *cy_mulx, fp_digit *tmpm, fp_digit mu) |
wolfSSL | 15:117db924cf7c | 2847 | { |
wolfSSL | 15:117db924cf7c | 2848 | fp_digit cy = *cy_mulx ; |
wolfSSL | 15:117db924cf7c | 2849 | INNERMUL8_MULX ; |
wolfSSL | 15:117db924cf7c | 2850 | *cy_mulx = cy ; |
wolfSSL | 15:117db924cf7c | 2851 | } |
wolfSSL | 15:117db924cf7c | 2852 | |
wolfSSL | 15:117db924cf7c | 2853 | /* computes x/R == x (mod N) via Montgomery Reduction */ |
wolfSSL | 16:8e0d178b1d1e | 2854 | static int fp_montgomery_reduce_mulx(fp_int *a, fp_int *m, fp_digit mp) |
wolfSSL | 15:117db924cf7c | 2855 | { |
wolfSSL | 16:8e0d178b1d1e | 2856 | #ifndef WOLFSSL_SMALL_STACK |
wolfSSL | 16:8e0d178b1d1e | 2857 | fp_digit c[FP_SIZE+1]; |
wolfSSL | 16:8e0d178b1d1e | 2858 | #else |
wolfSSL | 16:8e0d178b1d1e | 2859 | fp_digit *c; |
wolfSSL | 16:8e0d178b1d1e | 2860 | #endif |
wolfSSL | 16:8e0d178b1d1e | 2861 | fp_digit *_c, *tmpm, mu = 0; |
wolfSSL | 15:117db924cf7c | 2862 | int oldused, x, y, pa; |
wolfSSL | 15:117db924cf7c | 2863 | |
wolfSSL | 15:117db924cf7c | 2864 | /* bail if too large */ |
wolfSSL | 15:117db924cf7c | 2865 | if (m->used > (FP_SIZE/2)) { |
wolfSSL | 15:117db924cf7c | 2866 | (void)mu; /* shut up compiler */ |
wolfSSL | 16:8e0d178b1d1e | 2867 | return FP_OKAY; |
wolfSSL | 15:117db924cf7c | 2868 | } |
wolfSSL | 15:117db924cf7c | 2869 | |
wolfSSL | 15:117db924cf7c | 2870 | #ifdef TFM_SMALL_MONT_SET |
wolfSSL | 15:117db924cf7c | 2871 | if (m->used <= 16) { |
wolfSSL | 16:8e0d178b1d1e | 2872 | return fp_montgomery_reduce_small(a, m, mp); |
wolfSSL | 15:117db924cf7c | 2873 | } |
wolfSSL | 15:117db924cf7c | 2874 | #endif |
wolfSSL | 15:117db924cf7c | 2875 | |
wolfSSL | 16:8e0d178b1d1e | 2876 | #ifdef WOLFSSL_SMALL_STACK |
wolfSSL | 16:8e0d178b1d1e | 2877 | /* only allocate space for what's needed for window plus res */ |
wolfSSL | 16:8e0d178b1d1e | 2878 | c = (fp_digit*)XMALLOC(sizeof(fp_digit)*(FP_SIZE + 1), NULL, DYNAMIC_TYPE_BIGINT); |
wolfSSL | 16:8e0d178b1d1e | 2879 | if (c == NULL) { |
wolfSSL | 16:8e0d178b1d1e | 2880 | return FP_MEM; |
wolfSSL | 16:8e0d178b1d1e | 2881 | } |
wolfSSL | 16:8e0d178b1d1e | 2882 | #endif |
wolfSSL | 15:117db924cf7c | 2883 | |
wolfSSL | 15:117db924cf7c | 2884 | /* now zero the buff */ |
wolfSSL | 16:8e0d178b1d1e | 2885 | XMEMSET(c, 0, sizeof(fp_digit)*(FP_SIZE + 1)); |
wolfSSL | 15:117db924cf7c | 2886 | pa = m->used; |
wolfSSL | 15:117db924cf7c | 2887 | |
wolfSSL | 15:117db924cf7c | 2888 | /* copy the input */ |
wolfSSL | 15:117db924cf7c | 2889 | oldused = a->used; |
wolfSSL | 15:117db924cf7c | 2890 | for (x = 0; x < oldused; x++) { |
wolfSSL | 15:117db924cf7c | 2891 | c[x] = a->dp[x]; |
wolfSSL | 15:117db924cf7c | 2892 | } |
wolfSSL | 15:117db924cf7c | 2893 | MONT_START; |
wolfSSL | 15:117db924cf7c | 2894 | |
wolfSSL | 15:117db924cf7c | 2895 | for (x = 0; x < pa; x++) { |
wolfSSL | 15:117db924cf7c | 2896 | fp_digit cy = 0; |
wolfSSL | 15:117db924cf7c | 2897 | /* get Mu for this round */ |
wolfSSL | 15:117db924cf7c | 2898 | LOOP_START; |
wolfSSL | 15:117db924cf7c | 2899 | _c = c + x; |
wolfSSL | 15:117db924cf7c | 2900 | tmpm = m->dp; |
wolfSSL | 15:117db924cf7c | 2901 | y = 0; |
wolfSSL | 15:117db924cf7c | 2902 | for (; y < (pa & ~7); y += 8) { |
wolfSSL | 15:117db924cf7c | 2903 | innermul8_mulx(_c, &cy, tmpm, mu) ; |
wolfSSL | 15:117db924cf7c | 2904 | _c += 8; |
wolfSSL | 15:117db924cf7c | 2905 | tmpm += 8; |
wolfSSL | 15:117db924cf7c | 2906 | } |
wolfSSL | 15:117db924cf7c | 2907 | for (; y < pa; y++) { |
wolfSSL | 15:117db924cf7c | 2908 | INNERMUL; |
wolfSSL | 15:117db924cf7c | 2909 | ++_c; |
wolfSSL | 15:117db924cf7c | 2910 | } |
wolfSSL | 15:117db924cf7c | 2911 | LOOP_END; |
wolfSSL | 15:117db924cf7c | 2912 | while (cy) { |
wolfSSL | 15:117db924cf7c | 2913 | PROPCARRY; |
wolfSSL | 15:117db924cf7c | 2914 | ++_c; |
wolfSSL | 15:117db924cf7c | 2915 | } |
wolfSSL | 15:117db924cf7c | 2916 | } |
wolfSSL | 15:117db924cf7c | 2917 | |
wolfSSL | 15:117db924cf7c | 2918 | /* now copy out */ |
wolfSSL | 15:117db924cf7c | 2919 | _c = c + pa; |
wolfSSL | 15:117db924cf7c | 2920 | tmpm = a->dp; |
wolfSSL | 15:117db924cf7c | 2921 | for (x = 0; x < pa+1; x++) { |
wolfSSL | 15:117db924cf7c | 2922 | *tmpm++ = *_c++; |
wolfSSL | 15:117db924cf7c | 2923 | } |
wolfSSL | 15:117db924cf7c | 2924 | |
wolfSSL | 15:117db924cf7c | 2925 | /* zero any excess digits on the destination that we didn't write to */ |
wolfSSL | 15:117db924cf7c | 2926 | for (; x < oldused; x++) { |
wolfSSL | 15:117db924cf7c | 2927 | *tmpm++ = 0; |
wolfSSL | 15:117db924cf7c | 2928 | } |
wolfSSL | 15:117db924cf7c | 2929 | |
wolfSSL | 15:117db924cf7c | 2930 | MONT_FINI; |
wolfSSL | 15:117db924cf7c | 2931 | |
wolfSSL | 15:117db924cf7c | 2932 | a->used = pa+1; |
wolfSSL | 15:117db924cf7c | 2933 | fp_clamp(a); |
wolfSSL | 15:117db924cf7c | 2934 | |
wolfSSL | 15:117db924cf7c | 2935 | /* if A >= m then A = A - m */ |
wolfSSL | 15:117db924cf7c | 2936 | if (fp_cmp_mag (a, m) != FP_LT) { |
wolfSSL | 15:117db924cf7c | 2937 | s_fp_sub (a, m, a); |
wolfSSL | 15:117db924cf7c | 2938 | } |
wolfSSL | 16:8e0d178b1d1e | 2939 | |
wolfSSL | 16:8e0d178b1d1e | 2940 | #ifdef WOLFSSL_SMALL_STACK |
wolfSSL | 16:8e0d178b1d1e | 2941 | XFREE(c, NULL, DYNAMIC_TYPE_BIGINT); |
wolfSSL | 16:8e0d178b1d1e | 2942 | #endif |
wolfSSL | 16:8e0d178b1d1e | 2943 | return FP_OKAY; |
wolfSSL | 15:117db924cf7c | 2944 | } |
wolfSSL | 15:117db924cf7c | 2945 | #endif |
wolfSSL | 15:117db924cf7c | 2946 | |
wolfSSL | 15:117db924cf7c | 2947 | /* computes x/R == x (mod N) via Montgomery Reduction */ |
wolfSSL | 16:8e0d178b1d1e | 2948 | int fp_montgomery_reduce(fp_int *a, fp_int *m, fp_digit mp) |
wolfSSL | 15:117db924cf7c | 2949 | { |
wolfSSL | 16:8e0d178b1d1e | 2950 | #ifndef WOLFSSL_SMALL_STACK |
wolfSSL | 16:8e0d178b1d1e | 2951 | fp_digit c[FP_SIZE+1]; |
wolfSSL | 16:8e0d178b1d1e | 2952 | #else |
wolfSSL | 16:8e0d178b1d1e | 2953 | fp_digit *c; |
wolfSSL | 16:8e0d178b1d1e | 2954 | #endif |
wolfSSL | 16:8e0d178b1d1e | 2955 | fp_digit *_c, *tmpm, mu = 0; |
wolfSSL | 16:8e0d178b1d1e | 2956 | int oldused, x, y, pa, err = 0; |
wolfSSL | 16:8e0d178b1d1e | 2957 | |
wolfSSL | 16:8e0d178b1d1e | 2958 | IF_HAVE_INTEL_MULX(err = fp_montgomery_reduce_mulx(a, m, mp), return err) ; |
wolfSSL | 16:8e0d178b1d1e | 2959 | (void)err; |
wolfSSL | 15:117db924cf7c | 2960 | |
wolfSSL | 15:117db924cf7c | 2961 | /* bail if too large */ |
wolfSSL | 15:117db924cf7c | 2962 | if (m->used > (FP_SIZE/2)) { |
wolfSSL | 15:117db924cf7c | 2963 | (void)mu; /* shut up compiler */ |
wolfSSL | 16:8e0d178b1d1e | 2964 | return FP_OKAY; |
wolfSSL | 15:117db924cf7c | 2965 | } |
wolfSSL | 15:117db924cf7c | 2966 | |
wolfSSL | 15:117db924cf7c | 2967 | #ifdef TFM_SMALL_MONT_SET |
wolfSSL | 15:117db924cf7c | 2968 | if (m->used <= 16) { |
wolfSSL | 16:8e0d178b1d1e | 2969 | return fp_montgomery_reduce_small(a, m, mp); |
wolfSSL | 15:117db924cf7c | 2970 | } |
wolfSSL | 15:117db924cf7c | 2971 | #endif |
wolfSSL | 15:117db924cf7c | 2972 | |
wolfSSL | 16:8e0d178b1d1e | 2973 | #ifdef WOLFSSL_SMALL_STACK |
wolfSSL | 16:8e0d178b1d1e | 2974 | /* only allocate space for what's needed for window plus res */ |
wolfSSL | 16:8e0d178b1d1e | 2975 | c = (fp_digit*)XMALLOC(sizeof(fp_digit)*(FP_SIZE + 1), NULL, DYNAMIC_TYPE_BIGINT); |
wolfSSL | 16:8e0d178b1d1e | 2976 | if (c == NULL) { |
wolfSSL | 16:8e0d178b1d1e | 2977 | return FP_MEM; |
wolfSSL | 16:8e0d178b1d1e | 2978 | } |
wolfSSL | 16:8e0d178b1d1e | 2979 | #endif |
wolfSSL | 15:117db924cf7c | 2980 | |
wolfSSL | 15:117db924cf7c | 2981 | /* now zero the buff */ |
wolfSSL | 16:8e0d178b1d1e | 2982 | XMEMSET(c, 0, sizeof(fp_digit)*(FP_SIZE + 1)); |
wolfSSL | 15:117db924cf7c | 2983 | pa = m->used; |
wolfSSL | 15:117db924cf7c | 2984 | |
wolfSSL | 15:117db924cf7c | 2985 | /* copy the input */ |
wolfSSL | 15:117db924cf7c | 2986 | oldused = a->used; |
wolfSSL | 15:117db924cf7c | 2987 | for (x = 0; x < oldused; x++) { |
wolfSSL | 15:117db924cf7c | 2988 | c[x] = a->dp[x]; |
wolfSSL | 15:117db924cf7c | 2989 | } |
wolfSSL | 15:117db924cf7c | 2990 | MONT_START; |
wolfSSL | 15:117db924cf7c | 2991 | |
wolfSSL | 15:117db924cf7c | 2992 | for (x = 0; x < pa; x++) { |
wolfSSL | 15:117db924cf7c | 2993 | fp_digit cy = 0; |
wolfSSL | 15:117db924cf7c | 2994 | /* get Mu for this round */ |
wolfSSL | 15:117db924cf7c | 2995 | LOOP_START; |
wolfSSL | 15:117db924cf7c | 2996 | _c = c + x; |
wolfSSL | 15:117db924cf7c | 2997 | tmpm = m->dp; |
wolfSSL | 15:117db924cf7c | 2998 | y = 0; |
wolfSSL | 15:117db924cf7c | 2999 | #if defined(INNERMUL8) |
wolfSSL | 15:117db924cf7c | 3000 | for (; y < (pa & ~7); y += 8) { |
wolfSSL | 15:117db924cf7c | 3001 | INNERMUL8 ; |
wolfSSL | 15:117db924cf7c | 3002 | _c += 8; |
wolfSSL | 15:117db924cf7c | 3003 | tmpm += 8; |
wolfSSL | 15:117db924cf7c | 3004 | } |
wolfSSL | 15:117db924cf7c | 3005 | #endif |
wolfSSL | 15:117db924cf7c | 3006 | for (; y < pa; y++) { |
wolfSSL | 15:117db924cf7c | 3007 | INNERMUL; |
wolfSSL | 15:117db924cf7c | 3008 | ++_c; |
wolfSSL | 15:117db924cf7c | 3009 | } |
wolfSSL | 15:117db924cf7c | 3010 | LOOP_END; |
wolfSSL | 15:117db924cf7c | 3011 | while (cy) { |
wolfSSL | 15:117db924cf7c | 3012 | PROPCARRY; |
wolfSSL | 15:117db924cf7c | 3013 | ++_c; |
wolfSSL | 15:117db924cf7c | 3014 | } |
wolfSSL | 15:117db924cf7c | 3015 | } |
wolfSSL | 15:117db924cf7c | 3016 | |
wolfSSL | 15:117db924cf7c | 3017 | /* now copy out */ |
wolfSSL | 15:117db924cf7c | 3018 | _c = c + pa; |
wolfSSL | 15:117db924cf7c | 3019 | tmpm = a->dp; |
wolfSSL | 15:117db924cf7c | 3020 | for (x = 0; x < pa+1; x++) { |
wolfSSL | 15:117db924cf7c | 3021 | *tmpm++ = *_c++; |
wolfSSL | 15:117db924cf7c | 3022 | } |
wolfSSL | 15:117db924cf7c | 3023 | |
wolfSSL | 15:117db924cf7c | 3024 | /* zero any excess digits on the destination that we didn't write to */ |
wolfSSL | 15:117db924cf7c | 3025 | for (; x < oldused; x++) { |
wolfSSL | 15:117db924cf7c | 3026 | *tmpm++ = 0; |
wolfSSL | 15:117db924cf7c | 3027 | } |
wolfSSL | 15:117db924cf7c | 3028 | |
wolfSSL | 15:117db924cf7c | 3029 | MONT_FINI; |
wolfSSL | 15:117db924cf7c | 3030 | |
wolfSSL | 15:117db924cf7c | 3031 | a->used = pa+1; |
wolfSSL | 15:117db924cf7c | 3032 | fp_clamp(a); |
wolfSSL | 15:117db924cf7c | 3033 | |
wolfSSL | 15:117db924cf7c | 3034 | /* if A >= m then A = A - m */ |
wolfSSL | 15:117db924cf7c | 3035 | if (fp_cmp_mag (a, m) != FP_LT) { |
wolfSSL | 15:117db924cf7c | 3036 | s_fp_sub (a, m, a); |
wolfSSL | 15:117db924cf7c | 3037 | } |
wolfSSL | 16:8e0d178b1d1e | 3038 | |
wolfSSL | 16:8e0d178b1d1e | 3039 | #ifdef WOLFSSL_SMALL_STACK |
wolfSSL | 16:8e0d178b1d1e | 3040 | XFREE(c, NULL, DYNAMIC_TYPE_BIGINT); |
wolfSSL | 16:8e0d178b1d1e | 3041 | #endif |
wolfSSL | 16:8e0d178b1d1e | 3042 | return FP_OKAY; |
wolfSSL | 15:117db924cf7c | 3043 | } |
wolfSSL | 15:117db924cf7c | 3044 | |
wolfSSL | 15:117db924cf7c | 3045 | void fp_read_unsigned_bin(fp_int *a, const unsigned char *b, int c) |
wolfSSL | 15:117db924cf7c | 3046 | { |
wolfSSL | 15:117db924cf7c | 3047 | #if defined(ALT_ECC_SIZE) || defined(HAVE_WOLF_BIGINT) |
wolfSSL | 15:117db924cf7c | 3048 | const word32 maxC = (a->size * sizeof(fp_digit)); |
wolfSSL | 15:117db924cf7c | 3049 | #else |
wolfSSL | 15:117db924cf7c | 3050 | const word32 maxC = (FP_SIZE * sizeof(fp_digit)); |
wolfSSL | 15:117db924cf7c | 3051 | #endif |
wolfSSL | 15:117db924cf7c | 3052 | |
wolfSSL | 15:117db924cf7c | 3053 | /* zero the int */ |
wolfSSL | 15:117db924cf7c | 3054 | fp_zero (a); |
wolfSSL | 15:117db924cf7c | 3055 | |
wolfSSL | 15:117db924cf7c | 3056 | /* if input b excess max, then truncate */ |
wolfSSL | 15:117db924cf7c | 3057 | if (c > 0 && (word32)c > maxC) { |
wolfSSL | 15:117db924cf7c | 3058 | int excess = (c - maxC); |
wolfSSL | 15:117db924cf7c | 3059 | c -= excess; |
wolfSSL | 15:117db924cf7c | 3060 | b += excess; |
wolfSSL | 15:117db924cf7c | 3061 | } |
wolfSSL | 15:117db924cf7c | 3062 | |
wolfSSL | 15:117db924cf7c | 3063 | /* If we know the endianness of this architecture, and we're using |
wolfSSL | 15:117db924cf7c | 3064 | 32-bit fp_digits, we can optimize this */ |
wolfSSL | 15:117db924cf7c | 3065 | #if (defined(LITTLE_ENDIAN_ORDER) || defined(BIG_ENDIAN_ORDER)) && \ |
wolfSSL | 15:117db924cf7c | 3066 | defined(FP_32BIT) |
wolfSSL | 15:117db924cf7c | 3067 | /* But not for both simultaneously */ |
wolfSSL | 15:117db924cf7c | 3068 | #if defined(LITTLE_ENDIAN_ORDER) && defined(BIG_ENDIAN_ORDER) |
wolfSSL | 15:117db924cf7c | 3069 | #error Both LITTLE_ENDIAN_ORDER and BIG_ENDIAN_ORDER defined. |
wolfSSL | 15:117db924cf7c | 3070 | #endif |
wolfSSL | 15:117db924cf7c | 3071 | { |
wolfSSL | 15:117db924cf7c | 3072 | unsigned char *pd = (unsigned char *)a->dp; |
wolfSSL | 15:117db924cf7c | 3073 | |
wolfSSL | 15:117db924cf7c | 3074 | a->used = (c + sizeof(fp_digit) - 1)/sizeof(fp_digit); |
wolfSSL | 15:117db924cf7c | 3075 | /* read the bytes in */ |
wolfSSL | 15:117db924cf7c | 3076 | #ifdef BIG_ENDIAN_ORDER |
wolfSSL | 15:117db924cf7c | 3077 | { |
wolfSSL | 15:117db924cf7c | 3078 | /* Use Duff's device to unroll the loop. */ |
wolfSSL | 15:117db924cf7c | 3079 | int idx = (c - 1) & ~3; |
wolfSSL | 15:117db924cf7c | 3080 | switch (c % 4) { |
wolfSSL | 16:8e0d178b1d1e | 3081 | case 0: do { pd[idx+0] = *b++; // fallthrough |
wolfSSL | 16:8e0d178b1d1e | 3082 | case 3: pd[idx+1] = *b++; // fallthrough |
wolfSSL | 16:8e0d178b1d1e | 3083 | case 2: pd[idx+2] = *b++; // fallthrough |
wolfSSL | 16:8e0d178b1d1e | 3084 | case 1: pd[idx+3] = *b++; // fallthrough |
wolfSSL | 15:117db924cf7c | 3085 | idx -= 4; |
wolfSSL | 15:117db924cf7c | 3086 | } while ((c -= 4) > 0); |
wolfSSL | 15:117db924cf7c | 3087 | } |
wolfSSL | 15:117db924cf7c | 3088 | } |
wolfSSL | 15:117db924cf7c | 3089 | #else |
wolfSSL | 15:117db924cf7c | 3090 | for (c -= 1; c >= 0; c -= 1) { |
wolfSSL | 15:117db924cf7c | 3091 | pd[c] = *b++; |
wolfSSL | 15:117db924cf7c | 3092 | } |
wolfSSL | 15:117db924cf7c | 3093 | #endif |
wolfSSL | 15:117db924cf7c | 3094 | } |
wolfSSL | 15:117db924cf7c | 3095 | #else |
wolfSSL | 15:117db924cf7c | 3096 | /* read the bytes in */ |
wolfSSL | 15:117db924cf7c | 3097 | for (; c > 0; c--) { |
wolfSSL | 15:117db924cf7c | 3098 | fp_mul_2d (a, 8, a); |
wolfSSL | 15:117db924cf7c | 3099 | a->dp[0] |= *b++; |
wolfSSL | 15:117db924cf7c | 3100 | |
wolfSSL | 15:117db924cf7c | 3101 | if (a->used == 0) { |
wolfSSL | 15:117db924cf7c | 3102 | a->used = 1; |
wolfSSL | 15:117db924cf7c | 3103 | } |
wolfSSL | 15:117db924cf7c | 3104 | } |
wolfSSL | 15:117db924cf7c | 3105 | #endif |
wolfSSL | 15:117db924cf7c | 3106 | fp_clamp (a); |
wolfSSL | 15:117db924cf7c | 3107 | } |
wolfSSL | 15:117db924cf7c | 3108 | |
wolfSSL | 15:117db924cf7c | 3109 | int fp_to_unsigned_bin_at_pos(int x, fp_int *t, unsigned char *b) |
wolfSSL | 15:117db924cf7c | 3110 | { |
wolfSSL | 15:117db924cf7c | 3111 | #if DIGIT_BIT == 64 || DIGIT_BIT == 32 |
wolfSSL | 15:117db924cf7c | 3112 | int i, j; |
wolfSSL | 15:117db924cf7c | 3113 | fp_digit n; |
wolfSSL | 15:117db924cf7c | 3114 | |
wolfSSL | 15:117db924cf7c | 3115 | for (j=0,i=0; i<t->used-1; ) { |
wolfSSL | 15:117db924cf7c | 3116 | b[x++] = (unsigned char)(t->dp[i] >> j); |
wolfSSL | 15:117db924cf7c | 3117 | j += 8; |
wolfSSL | 15:117db924cf7c | 3118 | i += j == DIGIT_BIT; |
wolfSSL | 15:117db924cf7c | 3119 | j &= DIGIT_BIT - 1; |
wolfSSL | 15:117db924cf7c | 3120 | } |
wolfSSL | 15:117db924cf7c | 3121 | n = t->dp[i]; |
wolfSSL | 15:117db924cf7c | 3122 | while (n != 0) { |
wolfSSL | 15:117db924cf7c | 3123 | b[x++] = (unsigned char)n; |
wolfSSL | 15:117db924cf7c | 3124 | n >>= 8; |
wolfSSL | 15:117db924cf7c | 3125 | } |
wolfSSL | 15:117db924cf7c | 3126 | return x; |
wolfSSL | 15:117db924cf7c | 3127 | #else |
wolfSSL | 15:117db924cf7c | 3128 | while (fp_iszero (t) == FP_NO) { |
wolfSSL | 15:117db924cf7c | 3129 | b[x++] = (unsigned char) (t->dp[0] & 255); |
wolfSSL | 15:117db924cf7c | 3130 | fp_div_2d (t, 8, t, NULL); |
wolfSSL | 15:117db924cf7c | 3131 | } |
wolfSSL | 15:117db924cf7c | 3132 | return x; |
wolfSSL | 15:117db924cf7c | 3133 | #endif |
wolfSSL | 15:117db924cf7c | 3134 | } |
wolfSSL | 15:117db924cf7c | 3135 | |
wolfSSL | 16:8e0d178b1d1e | 3136 | int fp_to_unsigned_bin(fp_int *a, unsigned char *b) |
wolfSSL | 15:117db924cf7c | 3137 | { |
wolfSSL | 15:117db924cf7c | 3138 | int x; |
wolfSSL | 16:8e0d178b1d1e | 3139 | #ifndef WOLFSSL_SMALL_STACK |
wolfSSL | 16:8e0d178b1d1e | 3140 | fp_int t[1]; |
wolfSSL | 16:8e0d178b1d1e | 3141 | #else |
wolfSSL | 16:8e0d178b1d1e | 3142 | fp_int *t; |
wolfSSL | 16:8e0d178b1d1e | 3143 | #endif |
wolfSSL | 16:8e0d178b1d1e | 3144 | |
wolfSSL | 16:8e0d178b1d1e | 3145 | #ifdef WOLFSSL_SMALL_STACK |
wolfSSL | 16:8e0d178b1d1e | 3146 | t = (fp_int*)XMALLOC(sizeof(fp_int), NULL, DYNAMIC_TYPE_BIGINT); |
wolfSSL | 16:8e0d178b1d1e | 3147 | if (t == NULL) |
wolfSSL | 16:8e0d178b1d1e | 3148 | return FP_MEM; |
wolfSSL | 16:8e0d178b1d1e | 3149 | #endif |
wolfSSL | 16:8e0d178b1d1e | 3150 | |
wolfSSL | 16:8e0d178b1d1e | 3151 | fp_init_copy(t, a); |
wolfSSL | 16:8e0d178b1d1e | 3152 | |
wolfSSL | 16:8e0d178b1d1e | 3153 | x = fp_to_unsigned_bin_at_pos(0, t, b); |
wolfSSL | 15:117db924cf7c | 3154 | fp_reverse (b, x); |
wolfSSL | 16:8e0d178b1d1e | 3155 | |
wolfSSL | 16:8e0d178b1d1e | 3156 | #ifdef WOLFSSL_SMALL_STACK |
wolfSSL | 16:8e0d178b1d1e | 3157 | XFREE(t, NULL, DYNAMIC_TYPE_BIGINT); |
wolfSSL | 16:8e0d178b1d1e | 3158 | #endif |
wolfSSL | 16:8e0d178b1d1e | 3159 | return FP_OKAY; |
wolfSSL | 16:8e0d178b1d1e | 3160 | } |
wolfSSL | 16:8e0d178b1d1e | 3161 | |
wolfSSL | 16:8e0d178b1d1e | 3162 | int fp_to_unsigned_bin_len(fp_int *a, unsigned char *b, int c) |
wolfSSL | 16:8e0d178b1d1e | 3163 | { |
wolfSSL | 16:8e0d178b1d1e | 3164 | #if DIGIT_BIT == 64 || DIGIT_BIT == 32 |
wolfSSL | 16:8e0d178b1d1e | 3165 | int i, j, x; |
wolfSSL | 16:8e0d178b1d1e | 3166 | |
wolfSSL | 16:8e0d178b1d1e | 3167 | for (x=c-1,j=0,i=0; x >= 0; x--) { |
wolfSSL | 16:8e0d178b1d1e | 3168 | b[x] = (unsigned char)(a->dp[i] >> j); |
wolfSSL | 16:8e0d178b1d1e | 3169 | j += 8; |
wolfSSL | 16:8e0d178b1d1e | 3170 | i += j == DIGIT_BIT; |
wolfSSL | 16:8e0d178b1d1e | 3171 | j &= DIGIT_BIT - 1; |
wolfSSL | 16:8e0d178b1d1e | 3172 | } |
wolfSSL | 16:8e0d178b1d1e | 3173 | |
wolfSSL | 16:8e0d178b1d1e | 3174 | return FP_OKAY; |
wolfSSL | 16:8e0d178b1d1e | 3175 | #else |
wolfSSL | 16:8e0d178b1d1e | 3176 | int x; |
wolfSSL | 16:8e0d178b1d1e | 3177 | #ifndef WOLFSSL_SMALL_STACK |
wolfSSL | 16:8e0d178b1d1e | 3178 | fp_int t[1]; |
wolfSSL | 16:8e0d178b1d1e | 3179 | #else |
wolfSSL | 16:8e0d178b1d1e | 3180 | fp_int *t; |
wolfSSL | 16:8e0d178b1d1e | 3181 | #endif |
wolfSSL | 16:8e0d178b1d1e | 3182 | |
wolfSSL | 16:8e0d178b1d1e | 3183 | #ifdef WOLFSSL_SMALL_STACK |
wolfSSL | 16:8e0d178b1d1e | 3184 | t = (fp_int*)XMALLOC(sizeof(fp_int), NULL, DYNAMIC_TYPE_BIGINT); |
wolfSSL | 16:8e0d178b1d1e | 3185 | if (t == NULL) |
wolfSSL | 16:8e0d178b1d1e | 3186 | return FP_MEM; |
wolfSSL | 16:8e0d178b1d1e | 3187 | #endif |
wolfSSL | 16:8e0d178b1d1e | 3188 | |
wolfSSL | 16:8e0d178b1d1e | 3189 | fp_init_copy(t, a); |
wolfSSL | 16:8e0d178b1d1e | 3190 | |
wolfSSL | 16:8e0d178b1d1e | 3191 | for (x = 0; x < c; x++) { |
wolfSSL | 16:8e0d178b1d1e | 3192 | b[x] = (unsigned char) (t->dp[0] & 255); |
wolfSSL | 16:8e0d178b1d1e | 3193 | fp_div_2d (t, 8, t, NULL); |
wolfSSL | 16:8e0d178b1d1e | 3194 | } |
wolfSSL | 16:8e0d178b1d1e | 3195 | fp_reverse (b, x); |
wolfSSL | 16:8e0d178b1d1e | 3196 | |
wolfSSL | 16:8e0d178b1d1e | 3197 | #ifdef WOLFSSL_SMALL_STACK |
wolfSSL | 16:8e0d178b1d1e | 3198 | XFREE(t, NULL, DYNAMIC_TYPE_BIGINT); |
wolfSSL | 16:8e0d178b1d1e | 3199 | #endif |
wolfSSL | 16:8e0d178b1d1e | 3200 | return FP_OKAY; |
wolfSSL | 16:8e0d178b1d1e | 3201 | #endif |
wolfSSL | 15:117db924cf7c | 3202 | } |
wolfSSL | 15:117db924cf7c | 3203 | |
wolfSSL | 15:117db924cf7c | 3204 | int fp_unsigned_bin_size(fp_int *a) |
wolfSSL | 15:117db924cf7c | 3205 | { |
wolfSSL | 15:117db924cf7c | 3206 | int size = fp_count_bits (a); |
wolfSSL | 15:117db924cf7c | 3207 | return (size / 8 + ((size & 7) != 0 ? 1 : 0)); |
wolfSSL | 15:117db924cf7c | 3208 | } |
wolfSSL | 15:117db924cf7c | 3209 | |
wolfSSL | 15:117db924cf7c | 3210 | void fp_set(fp_int *a, fp_digit b) |
wolfSSL | 15:117db924cf7c | 3211 | { |
wolfSSL | 15:117db924cf7c | 3212 | fp_zero(a); |
wolfSSL | 15:117db924cf7c | 3213 | a->dp[0] = b; |
wolfSSL | 15:117db924cf7c | 3214 | a->used = a->dp[0] ? 1 : 0; |
wolfSSL | 15:117db924cf7c | 3215 | } |
wolfSSL | 15:117db924cf7c | 3216 | |
wolfSSL | 15:117db924cf7c | 3217 | |
wolfSSL | 15:117db924cf7c | 3218 | #ifndef MP_SET_CHUNK_BITS |
wolfSSL | 15:117db924cf7c | 3219 | #define MP_SET_CHUNK_BITS 4 |
wolfSSL | 15:117db924cf7c | 3220 | #endif |
wolfSSL | 15:117db924cf7c | 3221 | void fp_set_int(fp_int *a, unsigned long b) |
wolfSSL | 15:117db924cf7c | 3222 | { |
wolfSSL | 15:117db924cf7c | 3223 | int x; |
wolfSSL | 15:117db924cf7c | 3224 | |
wolfSSL | 15:117db924cf7c | 3225 | /* use direct fp_set if b is less than fp_digit max */ |
wolfSSL | 15:117db924cf7c | 3226 | if (b < FP_DIGIT_MAX) { |
wolfSSL | 15:117db924cf7c | 3227 | fp_set (a, (fp_digit)b); |
wolfSSL | 15:117db924cf7c | 3228 | return; |
wolfSSL | 15:117db924cf7c | 3229 | } |
wolfSSL | 15:117db924cf7c | 3230 | |
wolfSSL | 15:117db924cf7c | 3231 | fp_zero (a); |
wolfSSL | 15:117db924cf7c | 3232 | |
wolfSSL | 15:117db924cf7c | 3233 | /* set chunk bits at a time */ |
wolfSSL | 15:117db924cf7c | 3234 | for (x = 0; x < (int)(sizeof(b) * 8) / MP_SET_CHUNK_BITS; x++) { |
wolfSSL | 15:117db924cf7c | 3235 | fp_mul_2d (a, MP_SET_CHUNK_BITS, a); |
wolfSSL | 15:117db924cf7c | 3236 | |
wolfSSL | 15:117db924cf7c | 3237 | /* OR in the top bits of the source */ |
wolfSSL | 15:117db924cf7c | 3238 | a->dp[0] |= (b >> ((sizeof(b) * 8) - MP_SET_CHUNK_BITS)) & |
wolfSSL | 15:117db924cf7c | 3239 | ((1 << MP_SET_CHUNK_BITS) - 1); |
wolfSSL | 15:117db924cf7c | 3240 | |
wolfSSL | 15:117db924cf7c | 3241 | /* shift the source up to the next chunk bits */ |
wolfSSL | 15:117db924cf7c | 3242 | b <<= MP_SET_CHUNK_BITS; |
wolfSSL | 15:117db924cf7c | 3243 | |
wolfSSL | 15:117db924cf7c | 3244 | /* ensure that digits are not clamped off */ |
wolfSSL | 15:117db924cf7c | 3245 | a->used += 1; |
wolfSSL | 15:117db924cf7c | 3246 | } |
wolfSSL | 15:117db924cf7c | 3247 | |
wolfSSL | 15:117db924cf7c | 3248 | /* clamp digits */ |
wolfSSL | 15:117db924cf7c | 3249 | fp_clamp(a); |
wolfSSL | 15:117db924cf7c | 3250 | } |
wolfSSL | 15:117db924cf7c | 3251 | |
wolfSSL | 15:117db924cf7c | 3252 | /* check if a bit is set */ |
wolfSSL | 15:117db924cf7c | 3253 | int fp_is_bit_set (fp_int *a, fp_digit b) |
wolfSSL | 15:117db924cf7c | 3254 | { |
wolfSSL | 15:117db924cf7c | 3255 | fp_digit i; |
wolfSSL | 15:117db924cf7c | 3256 | |
wolfSSL | 15:117db924cf7c | 3257 | if (b > FP_MAX_BITS) |
wolfSSL | 15:117db924cf7c | 3258 | return 0; |
wolfSSL | 15:117db924cf7c | 3259 | else |
wolfSSL | 15:117db924cf7c | 3260 | i = b/DIGIT_BIT; |
wolfSSL | 15:117db924cf7c | 3261 | |
wolfSSL | 15:117db924cf7c | 3262 | if ((fp_digit)a->used < i) |
wolfSSL | 15:117db924cf7c | 3263 | return 0; |
wolfSSL | 15:117db924cf7c | 3264 | |
wolfSSL | 15:117db924cf7c | 3265 | return (int)((a->dp[i] >> b%DIGIT_BIT) & (fp_digit)1); |
wolfSSL | 15:117db924cf7c | 3266 | } |
wolfSSL | 15:117db924cf7c | 3267 | |
wolfSSL | 15:117db924cf7c | 3268 | /* set the b bit of a */ |
wolfSSL | 15:117db924cf7c | 3269 | int fp_set_bit (fp_int * a, fp_digit b) |
wolfSSL | 15:117db924cf7c | 3270 | { |
wolfSSL | 15:117db924cf7c | 3271 | fp_digit i; |
wolfSSL | 15:117db924cf7c | 3272 | |
wolfSSL | 15:117db924cf7c | 3273 | if (b > FP_MAX_BITS) |
wolfSSL | 15:117db924cf7c | 3274 | return 0; |
wolfSSL | 15:117db924cf7c | 3275 | else |
wolfSSL | 15:117db924cf7c | 3276 | i = b/DIGIT_BIT; |
wolfSSL | 15:117db924cf7c | 3277 | |
wolfSSL | 15:117db924cf7c | 3278 | /* set the used count of where the bit will go if required */ |
wolfSSL | 15:117db924cf7c | 3279 | if (a->used < (int)(i+1)) |
wolfSSL | 15:117db924cf7c | 3280 | a->used = (int)(i+1); |
wolfSSL | 15:117db924cf7c | 3281 | |
wolfSSL | 15:117db924cf7c | 3282 | /* put the single bit in its place */ |
wolfSSL | 15:117db924cf7c | 3283 | a->dp[i] |= ((fp_digit)1) << (b % DIGIT_BIT); |
wolfSSL | 15:117db924cf7c | 3284 | |
wolfSSL | 15:117db924cf7c | 3285 | return MP_OKAY; |
wolfSSL | 15:117db924cf7c | 3286 | } |
wolfSSL | 15:117db924cf7c | 3287 | |
wolfSSL | 15:117db924cf7c | 3288 | int fp_count_bits (fp_int * a) |
wolfSSL | 15:117db924cf7c | 3289 | { |
wolfSSL | 15:117db924cf7c | 3290 | int r; |
wolfSSL | 15:117db924cf7c | 3291 | fp_digit q; |
wolfSSL | 15:117db924cf7c | 3292 | |
wolfSSL | 15:117db924cf7c | 3293 | /* shortcut */ |
wolfSSL | 15:117db924cf7c | 3294 | if (a->used == 0) { |
wolfSSL | 15:117db924cf7c | 3295 | return 0; |
wolfSSL | 15:117db924cf7c | 3296 | } |
wolfSSL | 15:117db924cf7c | 3297 | |
wolfSSL | 15:117db924cf7c | 3298 | /* get number of digits and add that */ |
wolfSSL | 15:117db924cf7c | 3299 | r = (a->used - 1) * DIGIT_BIT; |
wolfSSL | 15:117db924cf7c | 3300 | |
wolfSSL | 15:117db924cf7c | 3301 | /* take the last digit and count the bits in it */ |
wolfSSL | 15:117db924cf7c | 3302 | q = a->dp[a->used - 1]; |
wolfSSL | 15:117db924cf7c | 3303 | while (q > ((fp_digit) 0)) { |
wolfSSL | 15:117db924cf7c | 3304 | ++r; |
wolfSSL | 15:117db924cf7c | 3305 | q >>= ((fp_digit) 1); |
wolfSSL | 15:117db924cf7c | 3306 | } |
wolfSSL | 15:117db924cf7c | 3307 | |
wolfSSL | 15:117db924cf7c | 3308 | return r; |
wolfSSL | 15:117db924cf7c | 3309 | } |
wolfSSL | 15:117db924cf7c | 3310 | |
wolfSSL | 15:117db924cf7c | 3311 | int fp_leading_bit(fp_int *a) |
wolfSSL | 15:117db924cf7c | 3312 | { |
wolfSSL | 15:117db924cf7c | 3313 | int bit = 0; |
wolfSSL | 15:117db924cf7c | 3314 | |
wolfSSL | 15:117db924cf7c | 3315 | if (a->used != 0) { |
wolfSSL | 15:117db924cf7c | 3316 | fp_digit q = a->dp[a->used - 1]; |
wolfSSL | 15:117db924cf7c | 3317 | int qSz = sizeof(fp_digit); |
wolfSSL | 15:117db924cf7c | 3318 | |
wolfSSL | 15:117db924cf7c | 3319 | while (qSz > 0) { |
wolfSSL | 15:117db924cf7c | 3320 | if ((unsigned char)q != 0) |
wolfSSL | 15:117db924cf7c | 3321 | bit = (q & 0x80) != 0; |
wolfSSL | 15:117db924cf7c | 3322 | q >>= 8; |
wolfSSL | 15:117db924cf7c | 3323 | qSz--; |
wolfSSL | 15:117db924cf7c | 3324 | } |
wolfSSL | 15:117db924cf7c | 3325 | } |
wolfSSL | 15:117db924cf7c | 3326 | |
wolfSSL | 15:117db924cf7c | 3327 | return bit; |
wolfSSL | 15:117db924cf7c | 3328 | } |
wolfSSL | 15:117db924cf7c | 3329 | |
wolfSSL | 15:117db924cf7c | 3330 | void fp_lshd(fp_int *a, int x) |
wolfSSL | 15:117db924cf7c | 3331 | { |
wolfSSL | 15:117db924cf7c | 3332 | int y; |
wolfSSL | 15:117db924cf7c | 3333 | |
wolfSSL | 15:117db924cf7c | 3334 | /* move up and truncate as required */ |
wolfSSL | 15:117db924cf7c | 3335 | y = MIN(a->used + x - 1, (int)(FP_SIZE-1)); |
wolfSSL | 15:117db924cf7c | 3336 | |
wolfSSL | 15:117db924cf7c | 3337 | /* store new size */ |
wolfSSL | 15:117db924cf7c | 3338 | a->used = y + 1; |
wolfSSL | 15:117db924cf7c | 3339 | |
wolfSSL | 15:117db924cf7c | 3340 | /* move digits */ |
wolfSSL | 15:117db924cf7c | 3341 | for (; y >= x; y--) { |
wolfSSL | 15:117db924cf7c | 3342 | a->dp[y] = a->dp[y-x]; |
wolfSSL | 15:117db924cf7c | 3343 | } |
wolfSSL | 15:117db924cf7c | 3344 | |
wolfSSL | 15:117db924cf7c | 3345 | /* zero lower digits */ |
wolfSSL | 15:117db924cf7c | 3346 | for (; y >= 0; y--) { |
wolfSSL | 15:117db924cf7c | 3347 | a->dp[y] = 0; |
wolfSSL | 15:117db924cf7c | 3348 | } |
wolfSSL | 15:117db924cf7c | 3349 | |
wolfSSL | 15:117db924cf7c | 3350 | /* clamp digits */ |
wolfSSL | 15:117db924cf7c | 3351 | fp_clamp(a); |
wolfSSL | 15:117db924cf7c | 3352 | } |
wolfSSL | 15:117db924cf7c | 3353 | |
wolfSSL | 15:117db924cf7c | 3354 | |
wolfSSL | 15:117db924cf7c | 3355 | /* right shift by bit count */ |
wolfSSL | 15:117db924cf7c | 3356 | void fp_rshb(fp_int *c, int x) |
wolfSSL | 15:117db924cf7c | 3357 | { |
wolfSSL | 15:117db924cf7c | 3358 | fp_digit *tmpc, mask, shift; |
wolfSSL | 15:117db924cf7c | 3359 | fp_digit r, rr; |
wolfSSL | 15:117db924cf7c | 3360 | fp_digit D = x; |
wolfSSL | 15:117db924cf7c | 3361 | |
wolfSSL | 16:8e0d178b1d1e | 3362 | if (fp_iszero(c)) return; |
wolfSSL | 16:8e0d178b1d1e | 3363 | |
wolfSSL | 15:117db924cf7c | 3364 | /* mask */ |
wolfSSL | 15:117db924cf7c | 3365 | mask = (((fp_digit)1) << D) - 1; |
wolfSSL | 15:117db924cf7c | 3366 | |
wolfSSL | 15:117db924cf7c | 3367 | /* shift for lsb */ |
wolfSSL | 15:117db924cf7c | 3368 | shift = DIGIT_BIT - D; |
wolfSSL | 15:117db924cf7c | 3369 | |
wolfSSL | 15:117db924cf7c | 3370 | /* alias */ |
wolfSSL | 15:117db924cf7c | 3371 | tmpc = c->dp + (c->used - 1); |
wolfSSL | 15:117db924cf7c | 3372 | |
wolfSSL | 15:117db924cf7c | 3373 | /* carry */ |
wolfSSL | 15:117db924cf7c | 3374 | r = 0; |
wolfSSL | 15:117db924cf7c | 3375 | for (x = c->used - 1; x >= 0; x--) { |
wolfSSL | 15:117db924cf7c | 3376 | /* get the lower bits of this word in a temp */ |
wolfSSL | 15:117db924cf7c | 3377 | rr = *tmpc & mask; |
wolfSSL | 15:117db924cf7c | 3378 | |
wolfSSL | 15:117db924cf7c | 3379 | /* shift the current word and mix in the carry bits from previous word */ |
wolfSSL | 15:117db924cf7c | 3380 | *tmpc = (*tmpc >> D) | (r << shift); |
wolfSSL | 15:117db924cf7c | 3381 | --tmpc; |
wolfSSL | 15:117db924cf7c | 3382 | |
wolfSSL | 15:117db924cf7c | 3383 | /* set the carry to the carry bits of the current word found above */ |
wolfSSL | 15:117db924cf7c | 3384 | r = rr; |
wolfSSL | 15:117db924cf7c | 3385 | } |
wolfSSL | 15:117db924cf7c | 3386 | |
wolfSSL | 15:117db924cf7c | 3387 | /* clamp digits */ |
wolfSSL | 15:117db924cf7c | 3388 | fp_clamp(c); |
wolfSSL | 15:117db924cf7c | 3389 | } |
wolfSSL | 15:117db924cf7c | 3390 | |
wolfSSL | 15:117db924cf7c | 3391 | |
wolfSSL | 15:117db924cf7c | 3392 | void fp_rshd(fp_int *a, int x) |
wolfSSL | 15:117db924cf7c | 3393 | { |
wolfSSL | 15:117db924cf7c | 3394 | int y; |
wolfSSL | 15:117db924cf7c | 3395 | |
wolfSSL | 15:117db924cf7c | 3396 | /* too many digits just zero and return */ |
wolfSSL | 15:117db924cf7c | 3397 | if (x >= a->used) { |
wolfSSL | 15:117db924cf7c | 3398 | fp_zero(a); |
wolfSSL | 15:117db924cf7c | 3399 | return; |
wolfSSL | 15:117db924cf7c | 3400 | } |
wolfSSL | 15:117db924cf7c | 3401 | |
wolfSSL | 15:117db924cf7c | 3402 | /* shift */ |
wolfSSL | 15:117db924cf7c | 3403 | for (y = 0; y < a->used - x; y++) { |
wolfSSL | 15:117db924cf7c | 3404 | a->dp[y] = a->dp[y+x]; |
wolfSSL | 15:117db924cf7c | 3405 | } |
wolfSSL | 15:117db924cf7c | 3406 | |
wolfSSL | 15:117db924cf7c | 3407 | /* zero rest */ |
wolfSSL | 15:117db924cf7c | 3408 | for (; y < a->used; y++) { |
wolfSSL | 15:117db924cf7c | 3409 | a->dp[y] = 0; |
wolfSSL | 15:117db924cf7c | 3410 | } |
wolfSSL | 15:117db924cf7c | 3411 | |
wolfSSL | 15:117db924cf7c | 3412 | /* decrement count */ |
wolfSSL | 15:117db924cf7c | 3413 | a->used -= x; |
wolfSSL | 15:117db924cf7c | 3414 | fp_clamp(a); |
wolfSSL | 15:117db924cf7c | 3415 | } |
wolfSSL | 15:117db924cf7c | 3416 | |
wolfSSL | 15:117db924cf7c | 3417 | /* reverse an array, used for radix code */ |
wolfSSL | 15:117db924cf7c | 3418 | void fp_reverse (unsigned char *s, int len) |
wolfSSL | 15:117db924cf7c | 3419 | { |
wolfSSL | 15:117db924cf7c | 3420 | int ix, iy; |
wolfSSL | 15:117db924cf7c | 3421 | unsigned char t; |
wolfSSL | 15:117db924cf7c | 3422 | |
wolfSSL | 15:117db924cf7c | 3423 | ix = 0; |
wolfSSL | 15:117db924cf7c | 3424 | iy = len - 1; |
wolfSSL | 15:117db924cf7c | 3425 | while (ix < iy) { |
wolfSSL | 15:117db924cf7c | 3426 | t = s[ix]; |
wolfSSL | 15:117db924cf7c | 3427 | s[ix] = s[iy]; |
wolfSSL | 15:117db924cf7c | 3428 | s[iy] = t; |
wolfSSL | 15:117db924cf7c | 3429 | ++ix; |
wolfSSL | 15:117db924cf7c | 3430 | --iy; |
wolfSSL | 15:117db924cf7c | 3431 | } |
wolfSSL | 15:117db924cf7c | 3432 | } |
wolfSSL | 15:117db924cf7c | 3433 | |
wolfSSL | 15:117db924cf7c | 3434 | |
wolfSSL | 15:117db924cf7c | 3435 | /* c = a - b */ |
wolfSSL | 16:8e0d178b1d1e | 3436 | int fp_sub_d(fp_int *a, fp_digit b, fp_int *c) |
wolfSSL | 15:117db924cf7c | 3437 | { |
wolfSSL | 16:8e0d178b1d1e | 3438 | #ifndef WOLFSSL_SMALL_STACK |
wolfSSL | 16:8e0d178b1d1e | 3439 | fp_int tmp[1]; |
wolfSSL | 16:8e0d178b1d1e | 3440 | #else |
wolfSSL | 16:8e0d178b1d1e | 3441 | fp_int *tmp; |
wolfSSL | 16:8e0d178b1d1e | 3442 | #endif |
wolfSSL | 16:8e0d178b1d1e | 3443 | |
wolfSSL | 16:8e0d178b1d1e | 3444 | #ifdef WOLFSSL_SMALL_STACK |
wolfSSL | 16:8e0d178b1d1e | 3445 | tmp = (fp_int*)XMALLOC(sizeof(fp_int), NULL, DYNAMIC_TYPE_BIGINT); |
wolfSSL | 16:8e0d178b1d1e | 3446 | if (tmp == NULL) |
wolfSSL | 16:8e0d178b1d1e | 3447 | return FP_MEM; |
wolfSSL | 16:8e0d178b1d1e | 3448 | #endif |
wolfSSL | 16:8e0d178b1d1e | 3449 | |
wolfSSL | 16:8e0d178b1d1e | 3450 | fp_init(tmp); |
wolfSSL | 16:8e0d178b1d1e | 3451 | fp_set(tmp, b); |
wolfSSL | 15:117db924cf7c | 3452 | #if defined(ALT_ECC_SIZE) || defined(HAVE_WOLF_BIGINT) |
wolfSSL | 15:117db924cf7c | 3453 | if (c->size < FP_SIZE) { |
wolfSSL | 16:8e0d178b1d1e | 3454 | fp_sub(a, tmp, tmp); |
wolfSSL | 16:8e0d178b1d1e | 3455 | fp_copy(tmp, c); |
wolfSSL | 15:117db924cf7c | 3456 | } else |
wolfSSL | 15:117db924cf7c | 3457 | #endif |
wolfSSL | 15:117db924cf7c | 3458 | { |
wolfSSL | 16:8e0d178b1d1e | 3459 | fp_sub(a, tmp, c); |
wolfSSL | 15:117db924cf7c | 3460 | } |
wolfSSL | 16:8e0d178b1d1e | 3461 | |
wolfSSL | 16:8e0d178b1d1e | 3462 | #ifdef WOLFSSL_SMALL_STACK |
wolfSSL | 16:8e0d178b1d1e | 3463 | XFREE(tmp, NULL, DYNAMIC_TYPE_BIGINT); |
wolfSSL | 16:8e0d178b1d1e | 3464 | #endif |
wolfSSL | 16:8e0d178b1d1e | 3465 | return FP_OKAY; |
wolfSSL | 15:117db924cf7c | 3466 | } |
wolfSSL | 15:117db924cf7c | 3467 | |
wolfSSL | 15:117db924cf7c | 3468 | |
wolfSSL | 15:117db924cf7c | 3469 | /* wolfSSL callers from normal lib */ |
wolfSSL | 15:117db924cf7c | 3470 | |
wolfSSL | 15:117db924cf7c | 3471 | /* init a new mp_int */ |
wolfSSL | 15:117db924cf7c | 3472 | int mp_init (mp_int * a) |
wolfSSL | 15:117db924cf7c | 3473 | { |
wolfSSL | 15:117db924cf7c | 3474 | if (a) |
wolfSSL | 15:117db924cf7c | 3475 | fp_init(a); |
wolfSSL | 15:117db924cf7c | 3476 | return MP_OKAY; |
wolfSSL | 15:117db924cf7c | 3477 | } |
wolfSSL | 15:117db924cf7c | 3478 | |
wolfSSL | 15:117db924cf7c | 3479 | void fp_init(fp_int *a) |
wolfSSL | 15:117db924cf7c | 3480 | { |
wolfSSL | 15:117db924cf7c | 3481 | #if defined(ALT_ECC_SIZE) || defined(HAVE_WOLF_BIGINT) |
wolfSSL | 15:117db924cf7c | 3482 | a->size = FP_SIZE; |
wolfSSL | 15:117db924cf7c | 3483 | #endif |
wolfSSL | 15:117db924cf7c | 3484 | #ifdef HAVE_WOLF_BIGINT |
wolfSSL | 15:117db924cf7c | 3485 | wc_bigint_init(&a->raw); |
wolfSSL | 15:117db924cf7c | 3486 | #endif |
wolfSSL | 15:117db924cf7c | 3487 | fp_zero(a); |
wolfSSL | 15:117db924cf7c | 3488 | } |
wolfSSL | 15:117db924cf7c | 3489 | |
wolfSSL | 15:117db924cf7c | 3490 | void fp_zero(fp_int *a) |
wolfSSL | 15:117db924cf7c | 3491 | { |
wolfSSL | 16:8e0d178b1d1e | 3492 | int size; |
wolfSSL | 15:117db924cf7c | 3493 | a->used = 0; |
wolfSSL | 15:117db924cf7c | 3494 | a->sign = FP_ZPOS; |
wolfSSL | 15:117db924cf7c | 3495 | #if defined(ALT_ECC_SIZE) || defined(HAVE_WOLF_BIGINT) |
wolfSSL | 15:117db924cf7c | 3496 | size = a->size; |
wolfSSL | 16:8e0d178b1d1e | 3497 | #else |
wolfSSL | 16:8e0d178b1d1e | 3498 | size = FP_SIZE; |
wolfSSL | 15:117db924cf7c | 3499 | #endif |
wolfSSL | 15:117db924cf7c | 3500 | XMEMSET(a->dp, 0, size * sizeof(fp_digit)); |
wolfSSL | 15:117db924cf7c | 3501 | } |
wolfSSL | 15:117db924cf7c | 3502 | |
wolfSSL | 15:117db924cf7c | 3503 | void fp_clear(fp_int *a) |
wolfSSL | 15:117db924cf7c | 3504 | { |
wolfSSL | 16:8e0d178b1d1e | 3505 | int size; |
wolfSSL | 15:117db924cf7c | 3506 | a->used = 0; |
wolfSSL | 15:117db924cf7c | 3507 | a->sign = FP_ZPOS; |
wolfSSL | 15:117db924cf7c | 3508 | #if defined(ALT_ECC_SIZE) || defined(HAVE_WOLF_BIGINT) |
wolfSSL | 15:117db924cf7c | 3509 | size = a->size; |
wolfSSL | 16:8e0d178b1d1e | 3510 | #else |
wolfSSL | 16:8e0d178b1d1e | 3511 | size = FP_SIZE; |
wolfSSL | 15:117db924cf7c | 3512 | #endif |
wolfSSL | 15:117db924cf7c | 3513 | XMEMSET(a->dp, 0, size * sizeof(fp_digit)); |
wolfSSL | 15:117db924cf7c | 3514 | fp_free(a); |
wolfSSL | 15:117db924cf7c | 3515 | } |
wolfSSL | 15:117db924cf7c | 3516 | |
wolfSSL | 15:117db924cf7c | 3517 | void fp_forcezero (mp_int * a) |
wolfSSL | 15:117db924cf7c | 3518 | { |
wolfSSL | 16:8e0d178b1d1e | 3519 | int size; |
wolfSSL | 15:117db924cf7c | 3520 | a->used = 0; |
wolfSSL | 15:117db924cf7c | 3521 | a->sign = FP_ZPOS; |
wolfSSL | 15:117db924cf7c | 3522 | #if defined(ALT_ECC_SIZE) || defined(HAVE_WOLF_BIGINT) |
wolfSSL | 15:117db924cf7c | 3523 | size = a->size; |
wolfSSL | 16:8e0d178b1d1e | 3524 | #else |
wolfSSL | 16:8e0d178b1d1e | 3525 | size = FP_SIZE; |
wolfSSL | 15:117db924cf7c | 3526 | #endif |
wolfSSL | 15:117db924cf7c | 3527 | ForceZero(a->dp, size * sizeof(fp_digit)); |
wolfSSL | 15:117db924cf7c | 3528 | #ifdef HAVE_WOLF_BIGINT |
wolfSSL | 15:117db924cf7c | 3529 | wc_bigint_zero(&a->raw); |
wolfSSL | 15:117db924cf7c | 3530 | #endif |
wolfSSL | 15:117db924cf7c | 3531 | fp_free(a); |
wolfSSL | 15:117db924cf7c | 3532 | } |
wolfSSL | 15:117db924cf7c | 3533 | |
wolfSSL | 15:117db924cf7c | 3534 | void mp_forcezero (mp_int * a) |
wolfSSL | 15:117db924cf7c | 3535 | { |
wolfSSL | 15:117db924cf7c | 3536 | fp_forcezero(a); |
wolfSSL | 15:117db924cf7c | 3537 | } |
wolfSSL | 15:117db924cf7c | 3538 | |
wolfSSL | 15:117db924cf7c | 3539 | void fp_free(fp_int* a) |
wolfSSL | 15:117db924cf7c | 3540 | { |
wolfSSL | 15:117db924cf7c | 3541 | #ifdef HAVE_WOLF_BIGINT |
wolfSSL | 15:117db924cf7c | 3542 | wc_bigint_free(&a->raw); |
wolfSSL | 15:117db924cf7c | 3543 | #else |
wolfSSL | 15:117db924cf7c | 3544 | (void)a; |
wolfSSL | 15:117db924cf7c | 3545 | #endif |
wolfSSL | 15:117db924cf7c | 3546 | } |
wolfSSL | 15:117db924cf7c | 3547 | |
wolfSSL | 15:117db924cf7c | 3548 | |
wolfSSL | 15:117db924cf7c | 3549 | /* clear one (frees) */ |
wolfSSL | 15:117db924cf7c | 3550 | void mp_clear (mp_int * a) |
wolfSSL | 15:117db924cf7c | 3551 | { |
wolfSSL | 15:117db924cf7c | 3552 | if (a == NULL) |
wolfSSL | 15:117db924cf7c | 3553 | return; |
wolfSSL | 15:117db924cf7c | 3554 | fp_clear(a); |
wolfSSL | 15:117db924cf7c | 3555 | } |
wolfSSL | 15:117db924cf7c | 3556 | |
wolfSSL | 15:117db924cf7c | 3557 | void mp_free(mp_int* a) |
wolfSSL | 15:117db924cf7c | 3558 | { |
wolfSSL | 15:117db924cf7c | 3559 | fp_free(a); |
wolfSSL | 15:117db924cf7c | 3560 | } |
wolfSSL | 15:117db924cf7c | 3561 | |
wolfSSL | 15:117db924cf7c | 3562 | /* handle up to 6 inits */ |
wolfSSL | 15:117db924cf7c | 3563 | int mp_init_multi(mp_int* a, mp_int* b, mp_int* c, mp_int* d, |
wolfSSL | 15:117db924cf7c | 3564 | mp_int* e, mp_int* f) |
wolfSSL | 15:117db924cf7c | 3565 | { |
wolfSSL | 15:117db924cf7c | 3566 | if (a) |
wolfSSL | 15:117db924cf7c | 3567 | fp_init(a); |
wolfSSL | 15:117db924cf7c | 3568 | if (b) |
wolfSSL | 15:117db924cf7c | 3569 | fp_init(b); |
wolfSSL | 15:117db924cf7c | 3570 | if (c) |
wolfSSL | 15:117db924cf7c | 3571 | fp_init(c); |
wolfSSL | 15:117db924cf7c | 3572 | if (d) |
wolfSSL | 15:117db924cf7c | 3573 | fp_init(d); |
wolfSSL | 15:117db924cf7c | 3574 | if (e) |
wolfSSL | 15:117db924cf7c | 3575 | fp_init(e); |
wolfSSL | 15:117db924cf7c | 3576 | if (f) |
wolfSSL | 15:117db924cf7c | 3577 | fp_init(f); |
wolfSSL | 15:117db924cf7c | 3578 | |
wolfSSL | 15:117db924cf7c | 3579 | return MP_OKAY; |
wolfSSL | 15:117db924cf7c | 3580 | } |
wolfSSL | 15:117db924cf7c | 3581 | |
wolfSSL | 15:117db924cf7c | 3582 | /* high level addition (handles signs) */ |
wolfSSL | 15:117db924cf7c | 3583 | int mp_add (mp_int * a, mp_int * b, mp_int * c) |
wolfSSL | 15:117db924cf7c | 3584 | { |
wolfSSL | 15:117db924cf7c | 3585 | fp_add(a, b, c); |
wolfSSL | 15:117db924cf7c | 3586 | return MP_OKAY; |
wolfSSL | 15:117db924cf7c | 3587 | } |
wolfSSL | 15:117db924cf7c | 3588 | |
wolfSSL | 15:117db924cf7c | 3589 | /* high level subtraction (handles signs) */ |
wolfSSL | 15:117db924cf7c | 3590 | int mp_sub (mp_int * a, mp_int * b, mp_int * c) |
wolfSSL | 15:117db924cf7c | 3591 | { |
wolfSSL | 15:117db924cf7c | 3592 | fp_sub(a, b, c); |
wolfSSL | 15:117db924cf7c | 3593 | return MP_OKAY; |
wolfSSL | 15:117db924cf7c | 3594 | } |
wolfSSL | 15:117db924cf7c | 3595 | |
wolfSSL | 15:117db924cf7c | 3596 | /* high level multiplication (handles sign) */ |
wolfSSL | 15:117db924cf7c | 3597 | #if defined(FREESCALE_LTC_TFM) |
wolfSSL | 15:117db924cf7c | 3598 | int wolfcrypt_mp_mul(mp_int * a, mp_int * b, mp_int * c) |
wolfSSL | 15:117db924cf7c | 3599 | #else |
wolfSSL | 15:117db924cf7c | 3600 | int mp_mul (mp_int * a, mp_int * b, mp_int * c) |
wolfSSL | 15:117db924cf7c | 3601 | #endif |
wolfSSL | 15:117db924cf7c | 3602 | { |
wolfSSL | 16:8e0d178b1d1e | 3603 | return fp_mul(a, b, c); |
wolfSSL | 15:117db924cf7c | 3604 | } |
wolfSSL | 15:117db924cf7c | 3605 | |
wolfSSL | 15:117db924cf7c | 3606 | int mp_mul_d (mp_int * a, mp_digit b, mp_int * c) |
wolfSSL | 15:117db924cf7c | 3607 | { |
wolfSSL | 15:117db924cf7c | 3608 | fp_mul_d(a, b, c); |
wolfSSL | 15:117db924cf7c | 3609 | return MP_OKAY; |
wolfSSL | 15:117db924cf7c | 3610 | } |
wolfSSL | 15:117db924cf7c | 3611 | |
wolfSSL | 15:117db924cf7c | 3612 | /* d = a * b (mod c) */ |
wolfSSL | 15:117db924cf7c | 3613 | #if defined(FREESCALE_LTC_TFM) |
wolfSSL | 15:117db924cf7c | 3614 | int wolfcrypt_mp_mulmod (mp_int * a, mp_int * b, mp_int * c, mp_int * d) |
wolfSSL | 15:117db924cf7c | 3615 | #else |
wolfSSL | 15:117db924cf7c | 3616 | int mp_mulmod (mp_int * a, mp_int * b, mp_int * c, mp_int * d) |
wolfSSL | 15:117db924cf7c | 3617 | #endif |
wolfSSL | 15:117db924cf7c | 3618 | { |
wolfSSL | 16:8e0d178b1d1e | 3619 | #if defined(WOLFSSL_ESP32WROOM32_CRYPT_RSA_PRI) && \ |
wolfSSL | 16:8e0d178b1d1e | 3620 | !defined(NO_WOLFSSL_ESP32WROOM32_CRYPT_RSA_PRI) |
wolfSSL | 16:8e0d178b1d1e | 3621 | int A = fp_count_bits (a); |
wolfSSL | 16:8e0d178b1d1e | 3622 | int B = fp_count_bits (b); |
wolfSSL | 16:8e0d178b1d1e | 3623 | |
wolfSSL | 16:8e0d178b1d1e | 3624 | if( A >= ESP_RSA_MULM_BITS && B >= ESP_RSA_MULM_BITS) |
wolfSSL | 16:8e0d178b1d1e | 3625 | return esp_mp_mulmod(a, b, c, d); |
wolfSSL | 16:8e0d178b1d1e | 3626 | else |
wolfSSL | 16:8e0d178b1d1e | 3627 | #endif |
wolfSSL | 16:8e0d178b1d1e | 3628 | return fp_mulmod(a, b, c, d); |
wolfSSL | 15:117db924cf7c | 3629 | } |
wolfSSL | 15:117db924cf7c | 3630 | |
wolfSSL | 15:117db924cf7c | 3631 | /* d = a - b (mod c) */ |
wolfSSL | 15:117db924cf7c | 3632 | int mp_submod(mp_int *a, mp_int *b, mp_int *c, mp_int *d) |
wolfSSL | 15:117db924cf7c | 3633 | { |
wolfSSL | 15:117db924cf7c | 3634 | return fp_submod(a, b, c, d); |
wolfSSL | 15:117db924cf7c | 3635 | } |
wolfSSL | 15:117db924cf7c | 3636 | |
wolfSSL | 15:117db924cf7c | 3637 | /* d = a + b (mod c) */ |
wolfSSL | 15:117db924cf7c | 3638 | int mp_addmod(mp_int *a, mp_int *b, mp_int *c, mp_int *d) |
wolfSSL | 15:117db924cf7c | 3639 | { |
wolfSSL | 15:117db924cf7c | 3640 | return fp_addmod(a, b, c, d); |
wolfSSL | 15:117db924cf7c | 3641 | } |
wolfSSL | 15:117db924cf7c | 3642 | |
wolfSSL | 15:117db924cf7c | 3643 | /* c = a mod b, 0 <= c < b */ |
wolfSSL | 15:117db924cf7c | 3644 | #if defined(FREESCALE_LTC_TFM) |
wolfSSL | 15:117db924cf7c | 3645 | int wolfcrypt_mp_mod (mp_int * a, mp_int * b, mp_int * c) |
wolfSSL | 15:117db924cf7c | 3646 | #else |
wolfSSL | 15:117db924cf7c | 3647 | int mp_mod (mp_int * a, mp_int * b, mp_int * c) |
wolfSSL | 15:117db924cf7c | 3648 | #endif |
wolfSSL | 15:117db924cf7c | 3649 | { |
wolfSSL | 15:117db924cf7c | 3650 | return fp_mod (a, b, c); |
wolfSSL | 15:117db924cf7c | 3651 | } |
wolfSSL | 15:117db924cf7c | 3652 | |
wolfSSL | 15:117db924cf7c | 3653 | /* hac 14.61, pp608 */ |
wolfSSL | 15:117db924cf7c | 3654 | #if defined(FREESCALE_LTC_TFM) |
wolfSSL | 15:117db924cf7c | 3655 | int wolfcrypt_mp_invmod (mp_int * a, mp_int * b, mp_int * c) |
wolfSSL | 15:117db924cf7c | 3656 | #else |
wolfSSL | 15:117db924cf7c | 3657 | int mp_invmod (mp_int * a, mp_int * b, mp_int * c) |
wolfSSL | 15:117db924cf7c | 3658 | #endif |
wolfSSL | 15:117db924cf7c | 3659 | { |
wolfSSL | 15:117db924cf7c | 3660 | return fp_invmod(a, b, c); |
wolfSSL | 15:117db924cf7c | 3661 | } |
wolfSSL | 15:117db924cf7c | 3662 | |
wolfSSL | 16:8e0d178b1d1e | 3663 | /* hac 14.61, pp608 */ |
wolfSSL | 16:8e0d178b1d1e | 3664 | int mp_invmod_mont_ct (mp_int * a, mp_int * b, mp_int * c, mp_digit mp) |
wolfSSL | 16:8e0d178b1d1e | 3665 | { |
wolfSSL | 16:8e0d178b1d1e | 3666 | return fp_invmod_mont_ct(a, b, c, mp); |
wolfSSL | 16:8e0d178b1d1e | 3667 | } |
wolfSSL | 16:8e0d178b1d1e | 3668 | |
wolfSSL | 15:117db924cf7c | 3669 | /* this is a shell function that calls either the normal or Montgomery |
wolfSSL | 15:117db924cf7c | 3670 | * exptmod functions. Originally the call to the montgomery code was |
wolfSSL | 16:8e0d178b1d1e | 3671 | * embedded in the normal function but that wasted a lot of stack space |
wolfSSL | 15:117db924cf7c | 3672 | * for nothing (since 99% of the time the Montgomery code would be called) |
wolfSSL | 15:117db924cf7c | 3673 | */ |
wolfSSL | 15:117db924cf7c | 3674 | #if defined(FREESCALE_LTC_TFM) |
wolfSSL | 15:117db924cf7c | 3675 | int wolfcrypt_mp_exptmod (mp_int * G, mp_int * X, mp_int * P, mp_int * Y) |
wolfSSL | 15:117db924cf7c | 3676 | #else |
wolfSSL | 15:117db924cf7c | 3677 | int mp_exptmod (mp_int * G, mp_int * X, mp_int * P, mp_int * Y) |
wolfSSL | 15:117db924cf7c | 3678 | #endif |
wolfSSL | 15:117db924cf7c | 3679 | { |
wolfSSL | 15:117db924cf7c | 3680 | return fp_exptmod(G, X, P, Y); |
wolfSSL | 15:117db924cf7c | 3681 | } |
wolfSSL | 15:117db924cf7c | 3682 | |
wolfSSL | 16:8e0d178b1d1e | 3683 | int mp_exptmod_ex (mp_int * G, mp_int * X, int digits, mp_int * P, mp_int * Y) |
wolfSSL | 16:8e0d178b1d1e | 3684 | { |
wolfSSL | 16:8e0d178b1d1e | 3685 | return fp_exptmod_ex(G, X, digits, P, Y); |
wolfSSL | 16:8e0d178b1d1e | 3686 | } |
wolfSSL | 16:8e0d178b1d1e | 3687 | |
wolfSSL | 16:8e0d178b1d1e | 3688 | int mp_exptmod_nct (mp_int * G, mp_int * X, mp_int * P, mp_int * Y) |
wolfSSL | 16:8e0d178b1d1e | 3689 | { |
wolfSSL | 16:8e0d178b1d1e | 3690 | return fp_exptmod_nct(G, X, P, Y); |
wolfSSL | 16:8e0d178b1d1e | 3691 | } |
wolfSSL | 16:8e0d178b1d1e | 3692 | |
wolfSSL | 16:8e0d178b1d1e | 3693 | |
wolfSSL | 15:117db924cf7c | 3694 | /* compare two ints (signed)*/ |
wolfSSL | 15:117db924cf7c | 3695 | int mp_cmp (mp_int * a, mp_int * b) |
wolfSSL | 15:117db924cf7c | 3696 | { |
wolfSSL | 15:117db924cf7c | 3697 | return fp_cmp(a, b); |
wolfSSL | 15:117db924cf7c | 3698 | } |
wolfSSL | 15:117db924cf7c | 3699 | |
wolfSSL | 15:117db924cf7c | 3700 | /* compare a digit */ |
wolfSSL | 15:117db924cf7c | 3701 | int mp_cmp_d(mp_int * a, mp_digit b) |
wolfSSL | 15:117db924cf7c | 3702 | { |
wolfSSL | 15:117db924cf7c | 3703 | return fp_cmp_d(a, b); |
wolfSSL | 15:117db924cf7c | 3704 | } |
wolfSSL | 15:117db924cf7c | 3705 | |
wolfSSL | 15:117db924cf7c | 3706 | /* get the size for an unsigned equivalent */ |
wolfSSL | 15:117db924cf7c | 3707 | int mp_unsigned_bin_size (mp_int * a) |
wolfSSL | 15:117db924cf7c | 3708 | { |
wolfSSL | 15:117db924cf7c | 3709 | return fp_unsigned_bin_size(a); |
wolfSSL | 15:117db924cf7c | 3710 | } |
wolfSSL | 15:117db924cf7c | 3711 | |
wolfSSL | 15:117db924cf7c | 3712 | int mp_to_unsigned_bin_at_pos(int x, fp_int *t, unsigned char *b) |
wolfSSL | 15:117db924cf7c | 3713 | { |
wolfSSL | 15:117db924cf7c | 3714 | return fp_to_unsigned_bin_at_pos(x, t, b); |
wolfSSL | 15:117db924cf7c | 3715 | } |
wolfSSL | 15:117db924cf7c | 3716 | |
wolfSSL | 15:117db924cf7c | 3717 | /* store in unsigned [big endian] format */ |
wolfSSL | 15:117db924cf7c | 3718 | int mp_to_unsigned_bin (mp_int * a, unsigned char *b) |
wolfSSL | 15:117db924cf7c | 3719 | { |
wolfSSL | 16:8e0d178b1d1e | 3720 | return fp_to_unsigned_bin(a,b); |
wolfSSL | 15:117db924cf7c | 3721 | } |
wolfSSL | 15:117db924cf7c | 3722 | |
wolfSSL | 16:8e0d178b1d1e | 3723 | int mp_to_unsigned_bin_len(mp_int * a, unsigned char *b, int c) |
wolfSSL | 16:8e0d178b1d1e | 3724 | { |
wolfSSL | 16:8e0d178b1d1e | 3725 | return fp_to_unsigned_bin_len(a, b, c); |
wolfSSL | 16:8e0d178b1d1e | 3726 | } |
wolfSSL | 15:117db924cf7c | 3727 | /* reads a unsigned char array, assumes the msb is stored first [big endian] */ |
wolfSSL | 15:117db924cf7c | 3728 | int mp_read_unsigned_bin (mp_int * a, const unsigned char *b, int c) |
wolfSSL | 15:117db924cf7c | 3729 | { |
wolfSSL | 15:117db924cf7c | 3730 | fp_read_unsigned_bin(a, b, c); |
wolfSSL | 15:117db924cf7c | 3731 | return MP_OKAY; |
wolfSSL | 15:117db924cf7c | 3732 | } |
wolfSSL | 15:117db924cf7c | 3733 | |
wolfSSL | 15:117db924cf7c | 3734 | |
wolfSSL | 15:117db924cf7c | 3735 | int mp_sub_d(fp_int *a, fp_digit b, fp_int *c) |
wolfSSL | 15:117db924cf7c | 3736 | { |
wolfSSL | 16:8e0d178b1d1e | 3737 | return fp_sub_d(a, b, c); |
wolfSSL | 15:117db924cf7c | 3738 | } |
wolfSSL | 15:117db924cf7c | 3739 | |
wolfSSL | 15:117db924cf7c | 3740 | int mp_mul_2d(fp_int *a, int b, fp_int *c) |
wolfSSL | 15:117db924cf7c | 3741 | { |
wolfSSL | 15:117db924cf7c | 3742 | fp_mul_2d(a, b, c); |
wolfSSL | 15:117db924cf7c | 3743 | return MP_OKAY; |
wolfSSL | 15:117db924cf7c | 3744 | } |
wolfSSL | 15:117db924cf7c | 3745 | |
wolfSSL | 15:117db924cf7c | 3746 | int mp_2expt(fp_int* a, int b) |
wolfSSL | 15:117db924cf7c | 3747 | { |
wolfSSL | 15:117db924cf7c | 3748 | fp_2expt(a, b); |
wolfSSL | 15:117db924cf7c | 3749 | return MP_OKAY; |
wolfSSL | 15:117db924cf7c | 3750 | } |
wolfSSL | 15:117db924cf7c | 3751 | |
wolfSSL | 15:117db924cf7c | 3752 | int mp_div(fp_int * a, fp_int * b, fp_int * c, fp_int * d) |
wolfSSL | 15:117db924cf7c | 3753 | { |
wolfSSL | 15:117db924cf7c | 3754 | return fp_div(a, b, c, d); |
wolfSSL | 15:117db924cf7c | 3755 | } |
wolfSSL | 15:117db924cf7c | 3756 | |
wolfSSL | 15:117db924cf7c | 3757 | int mp_div_2d(fp_int* a, int b, fp_int* c, fp_int* d) |
wolfSSL | 15:117db924cf7c | 3758 | { |
wolfSSL | 15:117db924cf7c | 3759 | fp_div_2d(a, b, c, d); |
wolfSSL | 15:117db924cf7c | 3760 | return MP_OKAY; |
wolfSSL | 15:117db924cf7c | 3761 | } |
wolfSSL | 15:117db924cf7c | 3762 | |
wolfSSL | 15:117db924cf7c | 3763 | void fp_copy(fp_int *a, fp_int *b) |
wolfSSL | 15:117db924cf7c | 3764 | { |
wolfSSL | 15:117db924cf7c | 3765 | /* if source and destination are different */ |
wolfSSL | 15:117db924cf7c | 3766 | if (a != b) { |
wolfSSL | 15:117db924cf7c | 3767 | #if defined(ALT_ECC_SIZE) || defined(HAVE_WOLF_BIGINT) |
wolfSSL | 15:117db924cf7c | 3768 | /* verify a will fit in b */ |
wolfSSL | 15:117db924cf7c | 3769 | if (b->size >= a->used) { |
wolfSSL | 15:117db924cf7c | 3770 | int x, oldused; |
wolfSSL | 15:117db924cf7c | 3771 | oldused = b->used; |
wolfSSL | 15:117db924cf7c | 3772 | b->used = a->used; |
wolfSSL | 15:117db924cf7c | 3773 | b->sign = a->sign; |
wolfSSL | 15:117db924cf7c | 3774 | |
wolfSSL | 15:117db924cf7c | 3775 | XMEMCPY(b->dp, a->dp, a->used * sizeof(fp_digit)); |
wolfSSL | 15:117db924cf7c | 3776 | |
wolfSSL | 15:117db924cf7c | 3777 | /* zero any excess digits on the destination that we didn't write to */ |
wolfSSL | 15:117db924cf7c | 3778 | for (x = b->used; x >= 0 && x < oldused; x++) { |
wolfSSL | 15:117db924cf7c | 3779 | b->dp[x] = 0; |
wolfSSL | 15:117db924cf7c | 3780 | } |
wolfSSL | 15:117db924cf7c | 3781 | } |
wolfSSL | 15:117db924cf7c | 3782 | else { |
wolfSSL | 15:117db924cf7c | 3783 | /* TODO: Handle error case */ |
wolfSSL | 15:117db924cf7c | 3784 | } |
wolfSSL | 15:117db924cf7c | 3785 | #else |
wolfSSL | 15:117db924cf7c | 3786 | /* all dp's are same size, so do straight copy */ |
wolfSSL | 15:117db924cf7c | 3787 | b->used = a->used; |
wolfSSL | 15:117db924cf7c | 3788 | b->sign = a->sign; |
wolfSSL | 15:117db924cf7c | 3789 | XMEMCPY(b->dp, a->dp, FP_SIZE * sizeof(fp_digit)); |
wolfSSL | 15:117db924cf7c | 3790 | #endif |
wolfSSL | 15:117db924cf7c | 3791 | } |
wolfSSL | 15:117db924cf7c | 3792 | } |
wolfSSL | 15:117db924cf7c | 3793 | |
wolfSSL | 15:117db924cf7c | 3794 | void fp_init_copy(fp_int *a, fp_int* b) |
wolfSSL | 15:117db924cf7c | 3795 | { |
wolfSSL | 15:117db924cf7c | 3796 | if (a != b) { |
wolfSSL | 15:117db924cf7c | 3797 | fp_init(a); |
wolfSSL | 15:117db924cf7c | 3798 | fp_copy(b, a); |
wolfSSL | 15:117db924cf7c | 3799 | } |
wolfSSL | 15:117db924cf7c | 3800 | } |
wolfSSL | 15:117db924cf7c | 3801 | |
wolfSSL | 15:117db924cf7c | 3802 | /* fast math wrappers */ |
wolfSSL | 15:117db924cf7c | 3803 | int mp_copy(fp_int* a, fp_int* b) |
wolfSSL | 15:117db924cf7c | 3804 | { |
wolfSSL | 15:117db924cf7c | 3805 | fp_copy(a, b); |
wolfSSL | 15:117db924cf7c | 3806 | return MP_OKAY; |
wolfSSL | 15:117db924cf7c | 3807 | } |
wolfSSL | 15:117db924cf7c | 3808 | |
wolfSSL | 15:117db924cf7c | 3809 | int mp_isodd(mp_int* a) |
wolfSSL | 15:117db924cf7c | 3810 | { |
wolfSSL | 15:117db924cf7c | 3811 | return fp_isodd(a); |
wolfSSL | 15:117db924cf7c | 3812 | } |
wolfSSL | 15:117db924cf7c | 3813 | |
wolfSSL | 15:117db924cf7c | 3814 | int mp_iszero(mp_int* a) |
wolfSSL | 15:117db924cf7c | 3815 | { |
wolfSSL | 15:117db924cf7c | 3816 | return fp_iszero(a); |
wolfSSL | 15:117db924cf7c | 3817 | } |
wolfSSL | 15:117db924cf7c | 3818 | |
wolfSSL | 15:117db924cf7c | 3819 | int mp_count_bits (mp_int* a) |
wolfSSL | 15:117db924cf7c | 3820 | { |
wolfSSL | 15:117db924cf7c | 3821 | return fp_count_bits(a); |
wolfSSL | 15:117db924cf7c | 3822 | } |
wolfSSL | 15:117db924cf7c | 3823 | |
wolfSSL | 15:117db924cf7c | 3824 | int mp_leading_bit (mp_int* a) |
wolfSSL | 15:117db924cf7c | 3825 | { |
wolfSSL | 15:117db924cf7c | 3826 | return fp_leading_bit(a); |
wolfSSL | 15:117db924cf7c | 3827 | } |
wolfSSL | 15:117db924cf7c | 3828 | |
wolfSSL | 15:117db924cf7c | 3829 | void mp_rshb (mp_int* a, int x) |
wolfSSL | 15:117db924cf7c | 3830 | { |
wolfSSL | 15:117db924cf7c | 3831 | fp_rshb(a, x); |
wolfSSL | 15:117db924cf7c | 3832 | } |
wolfSSL | 15:117db924cf7c | 3833 | |
wolfSSL | 15:117db924cf7c | 3834 | void mp_rshd (mp_int* a, int x) |
wolfSSL | 15:117db924cf7c | 3835 | { |
wolfSSL | 15:117db924cf7c | 3836 | fp_rshd(a, x); |
wolfSSL | 15:117db924cf7c | 3837 | } |
wolfSSL | 15:117db924cf7c | 3838 | |
wolfSSL | 15:117db924cf7c | 3839 | int mp_set_int(mp_int *a, unsigned long b) |
wolfSSL | 15:117db924cf7c | 3840 | { |
wolfSSL | 15:117db924cf7c | 3841 | fp_set_int(a, b); |
wolfSSL | 15:117db924cf7c | 3842 | return MP_OKAY; |
wolfSSL | 15:117db924cf7c | 3843 | } |
wolfSSL | 15:117db924cf7c | 3844 | |
wolfSSL | 15:117db924cf7c | 3845 | int mp_is_bit_set (mp_int *a, mp_digit b) |
wolfSSL | 15:117db924cf7c | 3846 | { |
wolfSSL | 15:117db924cf7c | 3847 | return fp_is_bit_set(a, b); |
wolfSSL | 15:117db924cf7c | 3848 | } |
wolfSSL | 15:117db924cf7c | 3849 | |
wolfSSL | 15:117db924cf7c | 3850 | int mp_set_bit(mp_int *a, mp_digit b) |
wolfSSL | 15:117db924cf7c | 3851 | { |
wolfSSL | 15:117db924cf7c | 3852 | return fp_set_bit(a, b); |
wolfSSL | 15:117db924cf7c | 3853 | } |
wolfSSL | 15:117db924cf7c | 3854 | |
wolfSSL | 16:8e0d178b1d1e | 3855 | #if defined(WOLFSSL_KEY_GEN) || defined (HAVE_ECC) || !defined(NO_DH) || \ |
wolfSSL | 16:8e0d178b1d1e | 3856 | !defined(NO_DSA) || !defined(NO_RSA) |
wolfSSL | 15:117db924cf7c | 3857 | |
wolfSSL | 15:117db924cf7c | 3858 | /* c = a * a (mod b) */ |
wolfSSL | 15:117db924cf7c | 3859 | int fp_sqrmod(fp_int *a, fp_int *b, fp_int *c) |
wolfSSL | 15:117db924cf7c | 3860 | { |
wolfSSL | 15:117db924cf7c | 3861 | int err; |
wolfSSL | 16:8e0d178b1d1e | 3862 | #ifndef WOLFSSL_SMALL_STACK |
wolfSSL | 16:8e0d178b1d1e | 3863 | fp_int t[1]; |
wolfSSL | 16:8e0d178b1d1e | 3864 | #else |
wolfSSL | 16:8e0d178b1d1e | 3865 | fp_int *t; |
wolfSSL | 16:8e0d178b1d1e | 3866 | #endif |
wolfSSL | 16:8e0d178b1d1e | 3867 | |
wolfSSL | 16:8e0d178b1d1e | 3868 | #ifdef WOLFSSL_SMALL_STACK |
wolfSSL | 16:8e0d178b1d1e | 3869 | t = (fp_int*)XMALLOC(sizeof(fp_int), NULL, DYNAMIC_TYPE_BIGINT); |
wolfSSL | 16:8e0d178b1d1e | 3870 | if (t == NULL) |
wolfSSL | 16:8e0d178b1d1e | 3871 | return FP_MEM; |
wolfSSL | 16:8e0d178b1d1e | 3872 | #endif |
wolfSSL | 16:8e0d178b1d1e | 3873 | |
wolfSSL | 16:8e0d178b1d1e | 3874 | fp_init(t); |
wolfSSL | 16:8e0d178b1d1e | 3875 | err = fp_sqr(a, t); |
wolfSSL | 16:8e0d178b1d1e | 3876 | if (err == FP_OKAY) { |
wolfSSL | 16:8e0d178b1d1e | 3877 | #if defined(ALT_ECC_SIZE) || defined(HAVE_WOLF_BIGINT) |
wolfSSL | 16:8e0d178b1d1e | 3878 | if (c->size < FP_SIZE) { |
wolfSSL | 16:8e0d178b1d1e | 3879 | err = fp_mod(t, b, t); |
wolfSSL | 16:8e0d178b1d1e | 3880 | fp_copy(t, c); |
wolfSSL | 16:8e0d178b1d1e | 3881 | } |
wolfSSL | 16:8e0d178b1d1e | 3882 | else |
wolfSSL | 16:8e0d178b1d1e | 3883 | #endif |
wolfSSL | 16:8e0d178b1d1e | 3884 | { |
wolfSSL | 16:8e0d178b1d1e | 3885 | err = fp_mod(t, b, c); |
wolfSSL | 16:8e0d178b1d1e | 3886 | } |
wolfSSL | 15:117db924cf7c | 3887 | } |
wolfSSL | 16:8e0d178b1d1e | 3888 | |
wolfSSL | 16:8e0d178b1d1e | 3889 | #ifdef WOLFSSL_SMALL_STACK |
wolfSSL | 16:8e0d178b1d1e | 3890 | XFREE(t, NULL, DYNAMIC_TYPE_BIGINT); |
wolfSSL | 15:117db924cf7c | 3891 | #endif |
wolfSSL | 15:117db924cf7c | 3892 | return err; |
wolfSSL | 15:117db924cf7c | 3893 | } |
wolfSSL | 15:117db924cf7c | 3894 | |
wolfSSL | 15:117db924cf7c | 3895 | /* fast math conversion */ |
wolfSSL | 15:117db924cf7c | 3896 | int mp_sqrmod(mp_int *a, mp_int *b, mp_int *c) |
wolfSSL | 15:117db924cf7c | 3897 | { |
wolfSSL | 15:117db924cf7c | 3898 | return fp_sqrmod(a, b, c); |
wolfSSL | 15:117db924cf7c | 3899 | } |
wolfSSL | 15:117db924cf7c | 3900 | |
wolfSSL | 15:117db924cf7c | 3901 | /* fast math conversion */ |
wolfSSL | 15:117db924cf7c | 3902 | int mp_montgomery_calc_normalization(mp_int *a, mp_int *b) |
wolfSSL | 15:117db924cf7c | 3903 | { |
wolfSSL | 15:117db924cf7c | 3904 | fp_montgomery_calc_normalization(a, b); |
wolfSSL | 15:117db924cf7c | 3905 | return MP_OKAY; |
wolfSSL | 15:117db924cf7c | 3906 | } |
wolfSSL | 15:117db924cf7c | 3907 | |
wolfSSL | 15:117db924cf7c | 3908 | #endif /* WOLFSSL_KEYGEN || HAVE_ECC */ |
wolfSSL | 15:117db924cf7c | 3909 | |
wolfSSL | 15:117db924cf7c | 3910 | |
wolfSSL | 16:8e0d178b1d1e | 3911 | #if defined(WC_MP_TO_RADIX) || !defined(NO_DH) || !defined(NO_DSA) || \ |
wolfSSL | 16:8e0d178b1d1e | 3912 | !defined(NO_RSA) |
wolfSSL | 15:117db924cf7c | 3913 | |
wolfSSL | 15:117db924cf7c | 3914 | #ifdef WOLFSSL_KEY_GEN |
wolfSSL | 15:117db924cf7c | 3915 | /* swap the elements of two integers, for cases where you can't simply swap the |
wolfSSL | 15:117db924cf7c | 3916 | * mp_int pointers around |
wolfSSL | 15:117db924cf7c | 3917 | */ |
wolfSSL | 16:8e0d178b1d1e | 3918 | static int fp_exch (fp_int * a, fp_int * b) |
wolfSSL | 15:117db924cf7c | 3919 | { |
wolfSSL | 16:8e0d178b1d1e | 3920 | #ifndef WOLFSSL_SMALL_STACK |
wolfSSL | 16:8e0d178b1d1e | 3921 | fp_int t[1]; |
wolfSSL | 16:8e0d178b1d1e | 3922 | #else |
wolfSSL | 16:8e0d178b1d1e | 3923 | fp_int *t; |
wolfSSL | 16:8e0d178b1d1e | 3924 | #endif |
wolfSSL | 16:8e0d178b1d1e | 3925 | |
wolfSSL | 16:8e0d178b1d1e | 3926 | #ifdef WOLFSSL_SMALL_STACK |
wolfSSL | 16:8e0d178b1d1e | 3927 | t = (fp_int*)XMALLOC(sizeof(fp_int), NULL, DYNAMIC_TYPE_BIGINT); |
wolfSSL | 16:8e0d178b1d1e | 3928 | if (t == NULL) |
wolfSSL | 16:8e0d178b1d1e | 3929 | return FP_MEM; |
wolfSSL | 16:8e0d178b1d1e | 3930 | #endif |
wolfSSL | 16:8e0d178b1d1e | 3931 | |
wolfSSL | 16:8e0d178b1d1e | 3932 | *t = *a; |
wolfSSL | 15:117db924cf7c | 3933 | *a = *b; |
wolfSSL | 16:8e0d178b1d1e | 3934 | *b = *t; |
wolfSSL | 16:8e0d178b1d1e | 3935 | |
wolfSSL | 16:8e0d178b1d1e | 3936 | #ifdef WOLFSSL_SMALL_STACK |
wolfSSL | 16:8e0d178b1d1e | 3937 | XFREE(t, NULL, DYNAMIC_TYPE_BIGINT); |
wolfSSL | 16:8e0d178b1d1e | 3938 | #endif |
wolfSSL | 16:8e0d178b1d1e | 3939 | return FP_OKAY; |
wolfSSL | 15:117db924cf7c | 3940 | } |
wolfSSL | 15:117db924cf7c | 3941 | #endif |
wolfSSL | 15:117db924cf7c | 3942 | |
wolfSSL | 15:117db924cf7c | 3943 | static const int lnz[16] = { |
wolfSSL | 15:117db924cf7c | 3944 | 4, 0, 1, 0, 2, 0, 1, 0, 3, 0, 1, 0, 2, 0, 1, 0 |
wolfSSL | 15:117db924cf7c | 3945 | }; |
wolfSSL | 15:117db924cf7c | 3946 | |
wolfSSL | 15:117db924cf7c | 3947 | /* Counts the number of lsbs which are zero before the first zero bit */ |
wolfSSL | 15:117db924cf7c | 3948 | int fp_cnt_lsb(fp_int *a) |
wolfSSL | 15:117db924cf7c | 3949 | { |
wolfSSL | 15:117db924cf7c | 3950 | int x; |
wolfSSL | 15:117db924cf7c | 3951 | fp_digit q, qq; |
wolfSSL | 15:117db924cf7c | 3952 | |
wolfSSL | 15:117db924cf7c | 3953 | /* easy out */ |
wolfSSL | 15:117db924cf7c | 3954 | if (fp_iszero(a) == FP_YES) { |
wolfSSL | 15:117db924cf7c | 3955 | return 0; |
wolfSSL | 15:117db924cf7c | 3956 | } |
wolfSSL | 15:117db924cf7c | 3957 | |
wolfSSL | 15:117db924cf7c | 3958 | /* scan lower digits until non-zero */ |
wolfSSL | 15:117db924cf7c | 3959 | for (x = 0; x < a->used && a->dp[x] == 0; x++) {} |
wolfSSL | 15:117db924cf7c | 3960 | q = a->dp[x]; |
wolfSSL | 15:117db924cf7c | 3961 | x *= DIGIT_BIT; |
wolfSSL | 15:117db924cf7c | 3962 | |
wolfSSL | 15:117db924cf7c | 3963 | /* now scan this digit until a 1 is found */ |
wolfSSL | 15:117db924cf7c | 3964 | if ((q & 1) == 0) { |
wolfSSL | 15:117db924cf7c | 3965 | do { |
wolfSSL | 15:117db924cf7c | 3966 | qq = q & 15; |
wolfSSL | 15:117db924cf7c | 3967 | x += lnz[qq]; |
wolfSSL | 15:117db924cf7c | 3968 | q >>= 4; |
wolfSSL | 15:117db924cf7c | 3969 | } while (qq == 0); |
wolfSSL | 15:117db924cf7c | 3970 | } |
wolfSSL | 15:117db924cf7c | 3971 | return x; |
wolfSSL | 15:117db924cf7c | 3972 | } |
wolfSSL | 15:117db924cf7c | 3973 | |
wolfSSL | 15:117db924cf7c | 3974 | |
wolfSSL | 15:117db924cf7c | 3975 | static int s_is_power_of_two(fp_digit b, int *p) |
wolfSSL | 15:117db924cf7c | 3976 | { |
wolfSSL | 15:117db924cf7c | 3977 | int x; |
wolfSSL | 15:117db924cf7c | 3978 | |
wolfSSL | 15:117db924cf7c | 3979 | /* fast return if no power of two */ |
wolfSSL | 15:117db924cf7c | 3980 | if ((b==0) || (b & (b-1))) { |
wolfSSL | 15:117db924cf7c | 3981 | return FP_NO; |
wolfSSL | 15:117db924cf7c | 3982 | } |
wolfSSL | 15:117db924cf7c | 3983 | |
wolfSSL | 15:117db924cf7c | 3984 | for (x = 0; x < DIGIT_BIT; x++) { |
wolfSSL | 15:117db924cf7c | 3985 | if (b == (((fp_digit)1)<<x)) { |
wolfSSL | 15:117db924cf7c | 3986 | *p = x; |
wolfSSL | 15:117db924cf7c | 3987 | return FP_YES; |
wolfSSL | 15:117db924cf7c | 3988 | } |
wolfSSL | 15:117db924cf7c | 3989 | } |
wolfSSL | 15:117db924cf7c | 3990 | return FP_NO; |
wolfSSL | 15:117db924cf7c | 3991 | } |
wolfSSL | 15:117db924cf7c | 3992 | |
wolfSSL | 15:117db924cf7c | 3993 | /* a/b => cb + d == a */ |
wolfSSL | 15:117db924cf7c | 3994 | static int fp_div_d(fp_int *a, fp_digit b, fp_int *c, fp_digit *d) |
wolfSSL | 15:117db924cf7c | 3995 | { |
wolfSSL | 16:8e0d178b1d1e | 3996 | #ifndef WOLFSSL_SMALL_STACK |
wolfSSL | 16:8e0d178b1d1e | 3997 | fp_int q[1]; |
wolfSSL | 16:8e0d178b1d1e | 3998 | #else |
wolfSSL | 16:8e0d178b1d1e | 3999 | fp_int *q; |
wolfSSL | 16:8e0d178b1d1e | 4000 | #endif |
wolfSSL | 15:117db924cf7c | 4001 | fp_word w; |
wolfSSL | 15:117db924cf7c | 4002 | fp_digit t; |
wolfSSL | 15:117db924cf7c | 4003 | int ix; |
wolfSSL | 15:117db924cf7c | 4004 | |
wolfSSL | 15:117db924cf7c | 4005 | /* cannot divide by zero */ |
wolfSSL | 15:117db924cf7c | 4006 | if (b == 0) { |
wolfSSL | 15:117db924cf7c | 4007 | return FP_VAL; |
wolfSSL | 15:117db924cf7c | 4008 | } |
wolfSSL | 15:117db924cf7c | 4009 | |
wolfSSL | 15:117db924cf7c | 4010 | /* quick outs */ |
wolfSSL | 15:117db924cf7c | 4011 | if (b == 1 || fp_iszero(a) == FP_YES) { |
wolfSSL | 15:117db924cf7c | 4012 | if (d != NULL) { |
wolfSSL | 15:117db924cf7c | 4013 | *d = 0; |
wolfSSL | 15:117db924cf7c | 4014 | } |
wolfSSL | 15:117db924cf7c | 4015 | if (c != NULL) { |
wolfSSL | 15:117db924cf7c | 4016 | fp_copy(a, c); |
wolfSSL | 15:117db924cf7c | 4017 | } |
wolfSSL | 15:117db924cf7c | 4018 | return FP_OKAY; |
wolfSSL | 15:117db924cf7c | 4019 | } |
wolfSSL | 15:117db924cf7c | 4020 | |
wolfSSL | 15:117db924cf7c | 4021 | /* power of two ? */ |
wolfSSL | 15:117db924cf7c | 4022 | if (s_is_power_of_two(b, &ix) == FP_YES) { |
wolfSSL | 15:117db924cf7c | 4023 | if (d != NULL) { |
wolfSSL | 15:117db924cf7c | 4024 | *d = a->dp[0] & ((((fp_digit)1)<<ix) - 1); |
wolfSSL | 15:117db924cf7c | 4025 | } |
wolfSSL | 15:117db924cf7c | 4026 | if (c != NULL) { |
wolfSSL | 15:117db924cf7c | 4027 | fp_div_2d(a, ix, c, NULL); |
wolfSSL | 15:117db924cf7c | 4028 | } |
wolfSSL | 15:117db924cf7c | 4029 | return FP_OKAY; |
wolfSSL | 15:117db924cf7c | 4030 | } |
wolfSSL | 15:117db924cf7c | 4031 | |
wolfSSL | 16:8e0d178b1d1e | 4032 | #ifdef WOLFSSL_SMALL_STACK |
wolfSSL | 16:8e0d178b1d1e | 4033 | q = (fp_int*)XMALLOC(sizeof(fp_int), NULL, DYNAMIC_TYPE_BIGINT); |
wolfSSL | 16:8e0d178b1d1e | 4034 | if (q == NULL) |
wolfSSL | 16:8e0d178b1d1e | 4035 | return FP_MEM; |
wolfSSL | 16:8e0d178b1d1e | 4036 | #endif |
wolfSSL | 16:8e0d178b1d1e | 4037 | |
wolfSSL | 16:8e0d178b1d1e | 4038 | fp_init(q); |
wolfSSL | 16:8e0d178b1d1e | 4039 | |
wolfSSL | 15:117db924cf7c | 4040 | if (c != NULL) { |
wolfSSL | 16:8e0d178b1d1e | 4041 | q->used = a->used; |
wolfSSL | 16:8e0d178b1d1e | 4042 | q->sign = a->sign; |
wolfSSL | 15:117db924cf7c | 4043 | } |
wolfSSL | 15:117db924cf7c | 4044 | |
wolfSSL | 15:117db924cf7c | 4045 | w = 0; |
wolfSSL | 15:117db924cf7c | 4046 | for (ix = a->used - 1; ix >= 0; ix--) { |
wolfSSL | 15:117db924cf7c | 4047 | w = (w << ((fp_word)DIGIT_BIT)) | ((fp_word)a->dp[ix]); |
wolfSSL | 15:117db924cf7c | 4048 | |
wolfSSL | 15:117db924cf7c | 4049 | if (w >= b) { |
wolfSSL | 15:117db924cf7c | 4050 | t = (fp_digit)(w / b); |
wolfSSL | 15:117db924cf7c | 4051 | w -= ((fp_word)t) * ((fp_word)b); |
wolfSSL | 15:117db924cf7c | 4052 | } else { |
wolfSSL | 15:117db924cf7c | 4053 | t = 0; |
wolfSSL | 15:117db924cf7c | 4054 | } |
wolfSSL | 15:117db924cf7c | 4055 | if (c != NULL) |
wolfSSL | 16:8e0d178b1d1e | 4056 | q->dp[ix] = (fp_digit)t; |
wolfSSL | 15:117db924cf7c | 4057 | } |
wolfSSL | 15:117db924cf7c | 4058 | |
wolfSSL | 15:117db924cf7c | 4059 | if (d != NULL) { |
wolfSSL | 15:117db924cf7c | 4060 | *d = (fp_digit)w; |
wolfSSL | 15:117db924cf7c | 4061 | } |
wolfSSL | 15:117db924cf7c | 4062 | |
wolfSSL | 15:117db924cf7c | 4063 | if (c != NULL) { |
wolfSSL | 16:8e0d178b1d1e | 4064 | fp_clamp(q); |
wolfSSL | 16:8e0d178b1d1e | 4065 | fp_copy(q, c); |
wolfSSL | 15:117db924cf7c | 4066 | } |
wolfSSL | 15:117db924cf7c | 4067 | |
wolfSSL | 16:8e0d178b1d1e | 4068 | #ifdef WOLFSSL_SMALL_STACK |
wolfSSL | 16:8e0d178b1d1e | 4069 | XFREE(q, NULL, DYNAMIC_TYPE_BIGINT); |
wolfSSL | 16:8e0d178b1d1e | 4070 | #endif |
wolfSSL | 15:117db924cf7c | 4071 | return FP_OKAY; |
wolfSSL | 15:117db924cf7c | 4072 | } |
wolfSSL | 15:117db924cf7c | 4073 | |
wolfSSL | 15:117db924cf7c | 4074 | |
wolfSSL | 15:117db924cf7c | 4075 | /* c = a mod b, 0 <= c < b */ |
wolfSSL | 15:117db924cf7c | 4076 | static int fp_mod_d(fp_int *a, fp_digit b, fp_digit *c) |
wolfSSL | 15:117db924cf7c | 4077 | { |
wolfSSL | 15:117db924cf7c | 4078 | return fp_div_d(a, b, NULL, c); |
wolfSSL | 15:117db924cf7c | 4079 | } |
wolfSSL | 15:117db924cf7c | 4080 | |
wolfSSL | 15:117db924cf7c | 4081 | int mp_mod_d(fp_int *a, fp_digit b, fp_digit *c) |
wolfSSL | 15:117db924cf7c | 4082 | { |
wolfSSL | 15:117db924cf7c | 4083 | return fp_mod_d(a, b, c); |
wolfSSL | 15:117db924cf7c | 4084 | } |
wolfSSL | 15:117db924cf7c | 4085 | |
wolfSSL | 16:8e0d178b1d1e | 4086 | #endif /* WC_MP_TO_RADIX || !NO_DH || !NO_DSA || !NO_RSA */ |
wolfSSL | 16:8e0d178b1d1e | 4087 | |
wolfSSL | 16:8e0d178b1d1e | 4088 | |
wolfSSL | 16:8e0d178b1d1e | 4089 | #if !defined(NO_DH) || !defined(NO_DSA) || !defined(NO_RSA) || \ |
wolfSSL | 16:8e0d178b1d1e | 4090 | defined(WOLFSSL_KEY_GEN) |
wolfSSL | 16:8e0d178b1d1e | 4091 | |
wolfSSL | 16:8e0d178b1d1e | 4092 | static int fp_isprime_ex(fp_int *a, int t, int* result); |
wolfSSL | 15:117db924cf7c | 4093 | |
wolfSSL | 15:117db924cf7c | 4094 | |
wolfSSL | 15:117db924cf7c | 4095 | int mp_prime_is_prime(mp_int* a, int t, int* result) |
wolfSSL | 15:117db924cf7c | 4096 | { |
wolfSSL | 16:8e0d178b1d1e | 4097 | return fp_isprime_ex(a, t, result); |
wolfSSL | 15:117db924cf7c | 4098 | } |
wolfSSL | 15:117db924cf7c | 4099 | |
wolfSSL | 15:117db924cf7c | 4100 | /* Miller-Rabin test of "a" to the base of "b" as described in |
wolfSSL | 15:117db924cf7c | 4101 | * HAC pp. 139 Algorithm 4.24 |
wolfSSL | 15:117db924cf7c | 4102 | * |
wolfSSL | 15:117db924cf7c | 4103 | * Sets result to 0 if definitely composite or 1 if probably prime. |
wolfSSL | 15:117db924cf7c | 4104 | * Randomly the chance of error is no more than 1/4 and often |
wolfSSL | 15:117db924cf7c | 4105 | * very much lower. |
wolfSSL | 15:117db924cf7c | 4106 | */ |
wolfSSL | 16:8e0d178b1d1e | 4107 | static int fp_prime_miller_rabin_ex(fp_int * a, fp_int * b, int *result, |
wolfSSL | 16:8e0d178b1d1e | 4108 | fp_int *n1, fp_int *y, fp_int *r) |
wolfSSL | 15:117db924cf7c | 4109 | { |
wolfSSL | 16:8e0d178b1d1e | 4110 | int s, j; |
wolfSSL | 16:8e0d178b1d1e | 4111 | int err; |
wolfSSL | 15:117db924cf7c | 4112 | |
wolfSSL | 15:117db924cf7c | 4113 | /* default */ |
wolfSSL | 15:117db924cf7c | 4114 | *result = FP_NO; |
wolfSSL | 15:117db924cf7c | 4115 | |
wolfSSL | 15:117db924cf7c | 4116 | /* ensure b > 1 */ |
wolfSSL | 15:117db924cf7c | 4117 | if (fp_cmp_d(b, 1) != FP_GT) { |
wolfSSL | 16:8e0d178b1d1e | 4118 | return FP_OKAY; |
wolfSSL | 15:117db924cf7c | 4119 | } |
wolfSSL | 15:117db924cf7c | 4120 | |
wolfSSL | 15:117db924cf7c | 4121 | /* get n1 = a - 1 */ |
wolfSSL | 16:8e0d178b1d1e | 4122 | fp_copy(a, n1); |
wolfSSL | 16:8e0d178b1d1e | 4123 | err = fp_sub_d(n1, 1, n1); |
wolfSSL | 16:8e0d178b1d1e | 4124 | if (err != FP_OKAY) { |
wolfSSL | 16:8e0d178b1d1e | 4125 | return err; |
wolfSSL | 16:8e0d178b1d1e | 4126 | } |
wolfSSL | 15:117db924cf7c | 4127 | |
wolfSSL | 15:117db924cf7c | 4128 | /* set 2**s * r = n1 */ |
wolfSSL | 16:8e0d178b1d1e | 4129 | fp_copy(n1, r); |
wolfSSL | 15:117db924cf7c | 4130 | |
wolfSSL | 15:117db924cf7c | 4131 | /* count the number of least significant bits |
wolfSSL | 15:117db924cf7c | 4132 | * which are zero |
wolfSSL | 15:117db924cf7c | 4133 | */ |
wolfSSL | 16:8e0d178b1d1e | 4134 | s = fp_cnt_lsb(r); |
wolfSSL | 15:117db924cf7c | 4135 | |
wolfSSL | 15:117db924cf7c | 4136 | /* now divide n - 1 by 2**s */ |
wolfSSL | 16:8e0d178b1d1e | 4137 | fp_div_2d (r, s, r, NULL); |
wolfSSL | 15:117db924cf7c | 4138 | |
wolfSSL | 15:117db924cf7c | 4139 | /* compute y = b**r mod a */ |
wolfSSL | 16:8e0d178b1d1e | 4140 | fp_zero(y); |
wolfSSL | 16:8e0d178b1d1e | 4141 | #if (defined(WOLFSSL_HAVE_SP_RSA) && !defined(WOLFSSL_RSA_PUBLIC_ONLY)) || \ |
wolfSSL | 16:8e0d178b1d1e | 4142 | defined(WOLFSSL_HAVE_SP_DH) |
wolfSSL | 16:8e0d178b1d1e | 4143 | #ifndef WOLFSSL_SP_NO_2048 |
wolfSSL | 16:8e0d178b1d1e | 4144 | if (fp_count_bits(a) == 1024) |
wolfSSL | 16:8e0d178b1d1e | 4145 | sp_ModExp_1024(b, r, a, y); |
wolfSSL | 16:8e0d178b1d1e | 4146 | else if (fp_count_bits(a) == 2048) |
wolfSSL | 16:8e0d178b1d1e | 4147 | sp_ModExp_2048(b, r, a, y); |
wolfSSL | 16:8e0d178b1d1e | 4148 | else |
wolfSSL | 16:8e0d178b1d1e | 4149 | #endif |
wolfSSL | 16:8e0d178b1d1e | 4150 | #ifndef WOLFSSL_SP_NO_3072 |
wolfSSL | 16:8e0d178b1d1e | 4151 | if (fp_count_bits(a) == 1536) |
wolfSSL | 16:8e0d178b1d1e | 4152 | sp_ModExp_1536(b, r, a, y); |
wolfSSL | 16:8e0d178b1d1e | 4153 | else if (fp_count_bits(a) == 3072) |
wolfSSL | 16:8e0d178b1d1e | 4154 | sp_ModExp_3072(b, r, a, y); |
wolfSSL | 16:8e0d178b1d1e | 4155 | else |
wolfSSL | 16:8e0d178b1d1e | 4156 | #endif |
wolfSSL | 16:8e0d178b1d1e | 4157 | #ifdef WOLFSSL_SP_4096 |
wolfSSL | 16:8e0d178b1d1e | 4158 | if (fp_count_bits(a) == 4096) |
wolfSSL | 16:8e0d178b1d1e | 4159 | sp_ModExp_4096(b, r, a, y); |
wolfSSL | 16:8e0d178b1d1e | 4160 | else |
wolfSSL | 16:8e0d178b1d1e | 4161 | #endif |
wolfSSL | 16:8e0d178b1d1e | 4162 | #endif |
wolfSSL | 16:8e0d178b1d1e | 4163 | fp_exptmod(b, r, a, y); |
wolfSSL | 15:117db924cf7c | 4164 | |
wolfSSL | 15:117db924cf7c | 4165 | /* if y != 1 and y != n1 do */ |
wolfSSL | 16:8e0d178b1d1e | 4166 | if (fp_cmp_d (y, 1) != FP_EQ && fp_cmp (y, n1) != FP_EQ) { |
wolfSSL | 15:117db924cf7c | 4167 | j = 1; |
wolfSSL | 15:117db924cf7c | 4168 | /* while j <= s-1 and y != n1 */ |
wolfSSL | 16:8e0d178b1d1e | 4169 | while ((j <= (s - 1)) && fp_cmp (y, n1) != FP_EQ) { |
wolfSSL | 16:8e0d178b1d1e | 4170 | fp_sqrmod (y, a, y); |
wolfSSL | 15:117db924cf7c | 4171 | |
wolfSSL | 15:117db924cf7c | 4172 | /* if y == 1 then composite */ |
wolfSSL | 16:8e0d178b1d1e | 4173 | if (fp_cmp_d (y, 1) == FP_EQ) { |
wolfSSL | 16:8e0d178b1d1e | 4174 | return FP_OKAY; |
wolfSSL | 15:117db924cf7c | 4175 | } |
wolfSSL | 15:117db924cf7c | 4176 | ++j; |
wolfSSL | 15:117db924cf7c | 4177 | } |
wolfSSL | 15:117db924cf7c | 4178 | |
wolfSSL | 15:117db924cf7c | 4179 | /* if y != n1 then composite */ |
wolfSSL | 16:8e0d178b1d1e | 4180 | if (fp_cmp (y, n1) != FP_EQ) { |
wolfSSL | 16:8e0d178b1d1e | 4181 | return FP_OKAY; |
wolfSSL | 15:117db924cf7c | 4182 | } |
wolfSSL | 15:117db924cf7c | 4183 | } |
wolfSSL | 15:117db924cf7c | 4184 | |
wolfSSL | 15:117db924cf7c | 4185 | /* probably prime now */ |
wolfSSL | 15:117db924cf7c | 4186 | *result = FP_YES; |
wolfSSL | 16:8e0d178b1d1e | 4187 | |
wolfSSL | 16:8e0d178b1d1e | 4188 | return FP_OKAY; |
wolfSSL | 16:8e0d178b1d1e | 4189 | } |
wolfSSL | 16:8e0d178b1d1e | 4190 | |
wolfSSL | 16:8e0d178b1d1e | 4191 | static int fp_prime_miller_rabin(fp_int * a, fp_int * b, int *result) |
wolfSSL | 16:8e0d178b1d1e | 4192 | { |
wolfSSL | 16:8e0d178b1d1e | 4193 | int err; |
wolfSSL | 16:8e0d178b1d1e | 4194 | #ifndef WOLFSSL_SMALL_STACK |
wolfSSL | 16:8e0d178b1d1e | 4195 | fp_int n1[1], y[1], r[1]; |
wolfSSL | 16:8e0d178b1d1e | 4196 | #else |
wolfSSL | 16:8e0d178b1d1e | 4197 | fp_int *n1, *y, *r; |
wolfSSL | 16:8e0d178b1d1e | 4198 | #endif |
wolfSSL | 16:8e0d178b1d1e | 4199 | |
wolfSSL | 16:8e0d178b1d1e | 4200 | #ifdef WOLFSSL_SMALL_STACK |
wolfSSL | 16:8e0d178b1d1e | 4201 | n1 = (fp_int*)XMALLOC(sizeof(fp_int) * 3, NULL, DYNAMIC_TYPE_BIGINT); |
wolfSSL | 16:8e0d178b1d1e | 4202 | if (n1 == NULL) { |
wolfSSL | 16:8e0d178b1d1e | 4203 | return FP_MEM; |
wolfSSL | 16:8e0d178b1d1e | 4204 | } |
wolfSSL | 16:8e0d178b1d1e | 4205 | y = &n1[1]; r = &n1[2]; |
wolfSSL | 16:8e0d178b1d1e | 4206 | #endif |
wolfSSL | 16:8e0d178b1d1e | 4207 | |
wolfSSL | 16:8e0d178b1d1e | 4208 | fp_init(n1); |
wolfSSL | 16:8e0d178b1d1e | 4209 | fp_init(y); |
wolfSSL | 16:8e0d178b1d1e | 4210 | fp_init(r); |
wolfSSL | 16:8e0d178b1d1e | 4211 | |
wolfSSL | 16:8e0d178b1d1e | 4212 | err = fp_prime_miller_rabin_ex(a, b, result, n1, y, r); |
wolfSSL | 16:8e0d178b1d1e | 4213 | |
wolfSSL | 16:8e0d178b1d1e | 4214 | fp_clear(n1); |
wolfSSL | 16:8e0d178b1d1e | 4215 | fp_clear(y); |
wolfSSL | 16:8e0d178b1d1e | 4216 | fp_clear(r); |
wolfSSL | 16:8e0d178b1d1e | 4217 | |
wolfSSL | 16:8e0d178b1d1e | 4218 | #ifdef WOLFSSL_SMALL_STACK |
wolfSSL | 16:8e0d178b1d1e | 4219 | XFREE(n1, NULL, DYNAMIC_TYPE_BIGINT); |
wolfSSL | 16:8e0d178b1d1e | 4220 | #endif |
wolfSSL | 16:8e0d178b1d1e | 4221 | |
wolfSSL | 16:8e0d178b1d1e | 4222 | return err; |
wolfSSL | 15:117db924cf7c | 4223 | } |
wolfSSL | 15:117db924cf7c | 4224 | |
wolfSSL | 15:117db924cf7c | 4225 | |
wolfSSL | 15:117db924cf7c | 4226 | /* a few primes */ |
wolfSSL | 15:117db924cf7c | 4227 | static const fp_digit primes[FP_PRIME_SIZE] = { |
wolfSSL | 15:117db924cf7c | 4228 | 0x0002, 0x0003, 0x0005, 0x0007, 0x000B, 0x000D, 0x0011, 0x0013, |
wolfSSL | 15:117db924cf7c | 4229 | 0x0017, 0x001D, 0x001F, 0x0025, 0x0029, 0x002B, 0x002F, 0x0035, |
wolfSSL | 15:117db924cf7c | 4230 | 0x003B, 0x003D, 0x0043, 0x0047, 0x0049, 0x004F, 0x0053, 0x0059, |
wolfSSL | 15:117db924cf7c | 4231 | 0x0061, 0x0065, 0x0067, 0x006B, 0x006D, 0x0071, 0x007F, 0x0083, |
wolfSSL | 15:117db924cf7c | 4232 | 0x0089, 0x008B, 0x0095, 0x0097, 0x009D, 0x00A3, 0x00A7, 0x00AD, |
wolfSSL | 15:117db924cf7c | 4233 | 0x00B3, 0x00B5, 0x00BF, 0x00C1, 0x00C5, 0x00C7, 0x00D3, 0x00DF, |
wolfSSL | 15:117db924cf7c | 4234 | 0x00E3, 0x00E5, 0x00E9, 0x00EF, 0x00F1, 0x00FB, 0x0101, 0x0107, |
wolfSSL | 15:117db924cf7c | 4235 | 0x010D, 0x010F, 0x0115, 0x0119, 0x011B, 0x0125, 0x0133, 0x0137, |
wolfSSL | 15:117db924cf7c | 4236 | |
wolfSSL | 15:117db924cf7c | 4237 | 0x0139, 0x013D, 0x014B, 0x0151, 0x015B, 0x015D, 0x0161, 0x0167, |
wolfSSL | 15:117db924cf7c | 4238 | 0x016F, 0x0175, 0x017B, 0x017F, 0x0185, 0x018D, 0x0191, 0x0199, |
wolfSSL | 15:117db924cf7c | 4239 | 0x01A3, 0x01A5, 0x01AF, 0x01B1, 0x01B7, 0x01BB, 0x01C1, 0x01C9, |
wolfSSL | 15:117db924cf7c | 4240 | 0x01CD, 0x01CF, 0x01D3, 0x01DF, 0x01E7, 0x01EB, 0x01F3, 0x01F7, |
wolfSSL | 15:117db924cf7c | 4241 | 0x01FD, 0x0209, 0x020B, 0x021D, 0x0223, 0x022D, 0x0233, 0x0239, |
wolfSSL | 15:117db924cf7c | 4242 | 0x023B, 0x0241, 0x024B, 0x0251, 0x0257, 0x0259, 0x025F, 0x0265, |
wolfSSL | 15:117db924cf7c | 4243 | 0x0269, 0x026B, 0x0277, 0x0281, 0x0283, 0x0287, 0x028D, 0x0293, |
wolfSSL | 15:117db924cf7c | 4244 | 0x0295, 0x02A1, 0x02A5, 0x02AB, 0x02B3, 0x02BD, 0x02C5, 0x02CF, |
wolfSSL | 15:117db924cf7c | 4245 | |
wolfSSL | 15:117db924cf7c | 4246 | 0x02D7, 0x02DD, 0x02E3, 0x02E7, 0x02EF, 0x02F5, 0x02F9, 0x0301, |
wolfSSL | 15:117db924cf7c | 4247 | 0x0305, 0x0313, 0x031D, 0x0329, 0x032B, 0x0335, 0x0337, 0x033B, |
wolfSSL | 15:117db924cf7c | 4248 | 0x033D, 0x0347, 0x0355, 0x0359, 0x035B, 0x035F, 0x036D, 0x0371, |
wolfSSL | 15:117db924cf7c | 4249 | 0x0373, 0x0377, 0x038B, 0x038F, 0x0397, 0x03A1, 0x03A9, 0x03AD, |
wolfSSL | 15:117db924cf7c | 4250 | 0x03B3, 0x03B9, 0x03C7, 0x03CB, 0x03D1, 0x03D7, 0x03DF, 0x03E5, |
wolfSSL | 15:117db924cf7c | 4251 | 0x03F1, 0x03F5, 0x03FB, 0x03FD, 0x0407, 0x0409, 0x040F, 0x0419, |
wolfSSL | 15:117db924cf7c | 4252 | 0x041B, 0x0425, 0x0427, 0x042D, 0x043F, 0x0443, 0x0445, 0x0449, |
wolfSSL | 15:117db924cf7c | 4253 | 0x044F, 0x0455, 0x045D, 0x0463, 0x0469, 0x047F, 0x0481, 0x048B, |
wolfSSL | 15:117db924cf7c | 4254 | |
wolfSSL | 15:117db924cf7c | 4255 | 0x0493, 0x049D, 0x04A3, 0x04A9, 0x04B1, 0x04BD, 0x04C1, 0x04C7, |
wolfSSL | 15:117db924cf7c | 4256 | 0x04CD, 0x04CF, 0x04D5, 0x04E1, 0x04EB, 0x04FD, 0x04FF, 0x0503, |
wolfSSL | 15:117db924cf7c | 4257 | 0x0509, 0x050B, 0x0511, 0x0515, 0x0517, 0x051B, 0x0527, 0x0529, |
wolfSSL | 15:117db924cf7c | 4258 | 0x052F, 0x0551, 0x0557, 0x055D, 0x0565, 0x0577, 0x0581, 0x058F, |
wolfSSL | 15:117db924cf7c | 4259 | 0x0593, 0x0595, 0x0599, 0x059F, 0x05A7, 0x05AB, 0x05AD, 0x05B3, |
wolfSSL | 15:117db924cf7c | 4260 | 0x05BF, 0x05C9, 0x05CB, 0x05CF, 0x05D1, 0x05D5, 0x05DB, 0x05E7, |
wolfSSL | 15:117db924cf7c | 4261 | 0x05F3, 0x05FB, 0x0607, 0x060D, 0x0611, 0x0617, 0x061F, 0x0623, |
wolfSSL | 15:117db924cf7c | 4262 | 0x062B, 0x062F, 0x063D, 0x0641, 0x0647, 0x0649, 0x064D, 0x0653 |
wolfSSL | 15:117db924cf7c | 4263 | }; |
wolfSSL | 15:117db924cf7c | 4264 | |
wolfSSL | 16:8e0d178b1d1e | 4265 | int fp_isprime_ex(fp_int *a, int t, int* result) |
wolfSSL | 15:117db924cf7c | 4266 | { |
wolfSSL | 16:8e0d178b1d1e | 4267 | #ifndef WOLFSSL_SMALL_STACK |
wolfSSL | 16:8e0d178b1d1e | 4268 | fp_int b[1]; |
wolfSSL | 16:8e0d178b1d1e | 4269 | #else |
wolfSSL | 16:8e0d178b1d1e | 4270 | fp_int *b; |
wolfSSL | 16:8e0d178b1d1e | 4271 | #endif |
wolfSSL | 15:117db924cf7c | 4272 | fp_digit d; |
wolfSSL | 15:117db924cf7c | 4273 | int r, res; |
wolfSSL | 15:117db924cf7c | 4274 | |
wolfSSL | 15:117db924cf7c | 4275 | if (t <= 0 || t > FP_PRIME_SIZE) { |
wolfSSL | 16:8e0d178b1d1e | 4276 | *result = FP_NO; |
wolfSSL | 16:8e0d178b1d1e | 4277 | return FP_VAL; |
wolfSSL | 16:8e0d178b1d1e | 4278 | } |
wolfSSL | 16:8e0d178b1d1e | 4279 | |
wolfSSL | 16:8e0d178b1d1e | 4280 | if (fp_isone(a)) { |
wolfSSL | 16:8e0d178b1d1e | 4281 | *result = FP_NO; |
wolfSSL | 16:8e0d178b1d1e | 4282 | return FP_OKAY; |
wolfSSL | 16:8e0d178b1d1e | 4283 | } |
wolfSSL | 16:8e0d178b1d1e | 4284 | |
wolfSSL | 16:8e0d178b1d1e | 4285 | /* check against primes table */ |
wolfSSL | 16:8e0d178b1d1e | 4286 | for (r = 0; r < FP_PRIME_SIZE; r++) { |
wolfSSL | 16:8e0d178b1d1e | 4287 | if (fp_cmp_d(a, primes[r]) == FP_EQ) { |
wolfSSL | 16:8e0d178b1d1e | 4288 | *result = FP_YES; |
wolfSSL | 16:8e0d178b1d1e | 4289 | return FP_OKAY; |
wolfSSL | 16:8e0d178b1d1e | 4290 | } |
wolfSSL | 15:117db924cf7c | 4291 | } |
wolfSSL | 15:117db924cf7c | 4292 | |
wolfSSL | 15:117db924cf7c | 4293 | /* do trial division */ |
wolfSSL | 15:117db924cf7c | 4294 | for (r = 0; r < FP_PRIME_SIZE; r++) { |
wolfSSL | 15:117db924cf7c | 4295 | res = fp_mod_d(a, primes[r], &d); |
wolfSSL | 15:117db924cf7c | 4296 | if (res != MP_OKAY || d == 0) { |
wolfSSL | 16:8e0d178b1d1e | 4297 | *result = FP_NO; |
wolfSSL | 16:8e0d178b1d1e | 4298 | return FP_OKAY; |
wolfSSL | 16:8e0d178b1d1e | 4299 | } |
wolfSSL | 16:8e0d178b1d1e | 4300 | } |
wolfSSL | 16:8e0d178b1d1e | 4301 | |
wolfSSL | 16:8e0d178b1d1e | 4302 | #ifdef WOLFSSL_SMALL_STACK |
wolfSSL | 16:8e0d178b1d1e | 4303 | b = (fp_int*)XMALLOC(sizeof(fp_int), NULL, DYNAMIC_TYPE_BIGINT); |
wolfSSL | 16:8e0d178b1d1e | 4304 | if (b == NULL) |
wolfSSL | 16:8e0d178b1d1e | 4305 | return FP_MEM; |
wolfSSL | 16:8e0d178b1d1e | 4306 | #endif |
wolfSSL | 16:8e0d178b1d1e | 4307 | /* now do 't' miller rabins */ |
wolfSSL | 16:8e0d178b1d1e | 4308 | fp_init(b); |
wolfSSL | 16:8e0d178b1d1e | 4309 | for (r = 0; r < t; r++) { |
wolfSSL | 16:8e0d178b1d1e | 4310 | fp_set(b, primes[r]); |
wolfSSL | 16:8e0d178b1d1e | 4311 | fp_prime_miller_rabin(a, b, &res); |
wolfSSL | 16:8e0d178b1d1e | 4312 | if (res == FP_NO) { |
wolfSSL | 16:8e0d178b1d1e | 4313 | *result = FP_NO; |
wolfSSL | 16:8e0d178b1d1e | 4314 | #ifdef WOLFSSL_SMALL_STACK |
wolfSSL | 16:8e0d178b1d1e | 4315 | XFREE(b, NULL, DYNAMIC_TYPE_BIGINT); |
wolfSSL | 16:8e0d178b1d1e | 4316 | #endif |
wolfSSL | 16:8e0d178b1d1e | 4317 | return FP_OKAY; |
wolfSSL | 15:117db924cf7c | 4318 | } |
wolfSSL | 15:117db924cf7c | 4319 | } |
wolfSSL | 16:8e0d178b1d1e | 4320 | *result = FP_YES; |
wolfSSL | 16:8e0d178b1d1e | 4321 | #ifdef WOLFSSL_SMALL_STACK |
wolfSSL | 16:8e0d178b1d1e | 4322 | XFREE(b, NULL, DYNAMIC_TYPE_BIGINT); |
wolfSSL | 16:8e0d178b1d1e | 4323 | #endif |
wolfSSL | 16:8e0d178b1d1e | 4324 | return FP_OKAY; |
wolfSSL | 15:117db924cf7c | 4325 | } |
wolfSSL | 15:117db924cf7c | 4326 | |
wolfSSL | 16:8e0d178b1d1e | 4327 | |
wolfSSL | 16:8e0d178b1d1e | 4328 | int mp_prime_is_prime_ex(mp_int* a, int t, int* result, WC_RNG* rng) |
wolfSSL | 15:117db924cf7c | 4329 | { |
wolfSSL | 16:8e0d178b1d1e | 4330 | int ret = FP_YES; |
wolfSSL | 16:8e0d178b1d1e | 4331 | fp_digit d; |
wolfSSL | 16:8e0d178b1d1e | 4332 | int i; |
wolfSSL | 16:8e0d178b1d1e | 4333 | |
wolfSSL | 16:8e0d178b1d1e | 4334 | if (a == NULL || result == NULL || rng == NULL) |
wolfSSL | 16:8e0d178b1d1e | 4335 | return FP_VAL; |
wolfSSL | 16:8e0d178b1d1e | 4336 | |
wolfSSL | 16:8e0d178b1d1e | 4337 | if (fp_isone(a)) { |
wolfSSL | 16:8e0d178b1d1e | 4338 | *result = FP_NO; |
wolfSSL | 16:8e0d178b1d1e | 4339 | return FP_OKAY; |
wolfSSL | 16:8e0d178b1d1e | 4340 | } |
wolfSSL | 16:8e0d178b1d1e | 4341 | |
wolfSSL | 16:8e0d178b1d1e | 4342 | /* check against primes table */ |
wolfSSL | 16:8e0d178b1d1e | 4343 | for (i = 0; i < FP_PRIME_SIZE; i++) { |
wolfSSL | 16:8e0d178b1d1e | 4344 | if (fp_cmp_d(a, primes[i]) == FP_EQ) { |
wolfSSL | 16:8e0d178b1d1e | 4345 | *result = FP_YES; |
wolfSSL | 16:8e0d178b1d1e | 4346 | return FP_OKAY; |
wolfSSL | 16:8e0d178b1d1e | 4347 | } |
wolfSSL | 16:8e0d178b1d1e | 4348 | } |
wolfSSL | 16:8e0d178b1d1e | 4349 | |
wolfSSL | 16:8e0d178b1d1e | 4350 | /* do trial division */ |
wolfSSL | 16:8e0d178b1d1e | 4351 | for (i = 0; i < FP_PRIME_SIZE; i++) { |
wolfSSL | 16:8e0d178b1d1e | 4352 | if (fp_mod_d(a, primes[i], &d) == MP_OKAY) { |
wolfSSL | 16:8e0d178b1d1e | 4353 | if (d == 0) { |
wolfSSL | 16:8e0d178b1d1e | 4354 | *result = FP_NO; |
wolfSSL | 16:8e0d178b1d1e | 4355 | return FP_OKAY; |
wolfSSL | 16:8e0d178b1d1e | 4356 | } |
wolfSSL | 16:8e0d178b1d1e | 4357 | } |
wolfSSL | 16:8e0d178b1d1e | 4358 | else |
wolfSSL | 16:8e0d178b1d1e | 4359 | return FP_VAL; |
wolfSSL | 16:8e0d178b1d1e | 4360 | } |
wolfSSL | 16:8e0d178b1d1e | 4361 | |
wolfSSL | 16:8e0d178b1d1e | 4362 | #ifndef WC_NO_RNG |
wolfSSL | 16:8e0d178b1d1e | 4363 | /* now do a miller rabin with up to t random numbers, this should |
wolfSSL | 16:8e0d178b1d1e | 4364 | * give a (1/4)^t chance of a false prime. */ |
wolfSSL | 16:8e0d178b1d1e | 4365 | { |
wolfSSL | 16:8e0d178b1d1e | 4366 | #ifndef WOLFSSL_SMALL_STACK |
wolfSSL | 16:8e0d178b1d1e | 4367 | fp_int b[1], c[1], n1[1], y[1], r[1]; |
wolfSSL | 16:8e0d178b1d1e | 4368 | byte base[FP_MAX_PRIME_SIZE]; |
wolfSSL | 16:8e0d178b1d1e | 4369 | #else |
wolfSSL | 16:8e0d178b1d1e | 4370 | fp_int *b, *c, *n1, *y, *r; |
wolfSSL | 16:8e0d178b1d1e | 4371 | byte* base; |
wolfSSL | 16:8e0d178b1d1e | 4372 | #endif |
wolfSSL | 16:8e0d178b1d1e | 4373 | word32 baseSz; |
wolfSSL | 16:8e0d178b1d1e | 4374 | int err; |
wolfSSL | 16:8e0d178b1d1e | 4375 | |
wolfSSL | 16:8e0d178b1d1e | 4376 | baseSz = fp_count_bits(a); |
wolfSSL | 16:8e0d178b1d1e | 4377 | /* The base size is the number of bits / 8. One is added if the number |
wolfSSL | 16:8e0d178b1d1e | 4378 | * of bits isn't an even 8. */ |
wolfSSL | 16:8e0d178b1d1e | 4379 | baseSz = (baseSz / 8) + ((baseSz % 8) ? 1 : 0); |
wolfSSL | 16:8e0d178b1d1e | 4380 | |
wolfSSL | 16:8e0d178b1d1e | 4381 | #ifndef WOLFSSL_SMALL_STACK |
wolfSSL | 16:8e0d178b1d1e | 4382 | if (baseSz > sizeof(base)) |
wolfSSL | 16:8e0d178b1d1e | 4383 | return FP_MEM; |
wolfSSL | 16:8e0d178b1d1e | 4384 | #else |
wolfSSL | 16:8e0d178b1d1e | 4385 | base = (byte*)XMALLOC(baseSz, NULL, DYNAMIC_TYPE_TMP_BUFFER); |
wolfSSL | 16:8e0d178b1d1e | 4386 | if (base == NULL) |
wolfSSL | 16:8e0d178b1d1e | 4387 | return FP_MEM; |
wolfSSL | 16:8e0d178b1d1e | 4388 | |
wolfSSL | 16:8e0d178b1d1e | 4389 | b = (fp_int*)XMALLOC(sizeof(fp_int) * 5, NULL, DYNAMIC_TYPE_BIGINT); |
wolfSSL | 16:8e0d178b1d1e | 4390 | if (b == NULL) { |
wolfSSL | 16:8e0d178b1d1e | 4391 | return FP_MEM; |
wolfSSL | 16:8e0d178b1d1e | 4392 | } |
wolfSSL | 16:8e0d178b1d1e | 4393 | c = &b[1]; n1 = &b[2]; y= &b[3]; r = &b[4]; |
wolfSSL | 16:8e0d178b1d1e | 4394 | #endif |
wolfSSL | 16:8e0d178b1d1e | 4395 | |
wolfSSL | 16:8e0d178b1d1e | 4396 | fp_init(b); |
wolfSSL | 16:8e0d178b1d1e | 4397 | fp_init(c); |
wolfSSL | 16:8e0d178b1d1e | 4398 | fp_init(n1); |
wolfSSL | 16:8e0d178b1d1e | 4399 | fp_init(y); |
wolfSSL | 16:8e0d178b1d1e | 4400 | fp_init(r); |
wolfSSL | 16:8e0d178b1d1e | 4401 | |
wolfSSL | 16:8e0d178b1d1e | 4402 | err = fp_sub_d(a, 2, c); |
wolfSSL | 16:8e0d178b1d1e | 4403 | if (err != FP_OKAY) { |
wolfSSL | 16:8e0d178b1d1e | 4404 | #ifdef WOLFSSL_SMALL_STACK |
wolfSSL | 16:8e0d178b1d1e | 4405 | XFREE(b, NULL, DYNAMIC_TYPE_BIGINT); |
wolfSSL | 16:8e0d178b1d1e | 4406 | XFREE(base, NULL, DYNAMIC_TYPE_TMP_BUFFER); |
wolfSSL | 16:8e0d178b1d1e | 4407 | #endif |
wolfSSL | 16:8e0d178b1d1e | 4408 | return err; |
wolfSSL | 16:8e0d178b1d1e | 4409 | } |
wolfSSL | 16:8e0d178b1d1e | 4410 | while (t > 0) { |
wolfSSL | 16:8e0d178b1d1e | 4411 | if ((err = wc_RNG_GenerateBlock(rng, base, baseSz)) != 0) { |
wolfSSL | 16:8e0d178b1d1e | 4412 | #ifdef WOLFSSL_SMALL_STACK |
wolfSSL | 16:8e0d178b1d1e | 4413 | XFREE(b, NULL, DYNAMIC_TYPE_BIGINT); |
wolfSSL | 16:8e0d178b1d1e | 4414 | XFREE(base, NULL, DYNAMIC_TYPE_TMP_BUFFER); |
wolfSSL | 16:8e0d178b1d1e | 4415 | #endif |
wolfSSL | 16:8e0d178b1d1e | 4416 | return err; |
wolfSSL | 16:8e0d178b1d1e | 4417 | } |
wolfSSL | 16:8e0d178b1d1e | 4418 | |
wolfSSL | 16:8e0d178b1d1e | 4419 | fp_read_unsigned_bin(b, base, baseSz); |
wolfSSL | 16:8e0d178b1d1e | 4420 | if (fp_cmp_d(b, 2) != FP_GT || fp_cmp(b, c) != FP_LT) { |
wolfSSL | 16:8e0d178b1d1e | 4421 | continue; |
wolfSSL | 16:8e0d178b1d1e | 4422 | } |
wolfSSL | 16:8e0d178b1d1e | 4423 | |
wolfSSL | 16:8e0d178b1d1e | 4424 | fp_prime_miller_rabin_ex(a, b, &ret, n1, y, r); |
wolfSSL | 16:8e0d178b1d1e | 4425 | if (ret == FP_NO) |
wolfSSL | 16:8e0d178b1d1e | 4426 | break; |
wolfSSL | 16:8e0d178b1d1e | 4427 | fp_zero(b); |
wolfSSL | 16:8e0d178b1d1e | 4428 | t--; |
wolfSSL | 16:8e0d178b1d1e | 4429 | } |
wolfSSL | 16:8e0d178b1d1e | 4430 | |
wolfSSL | 16:8e0d178b1d1e | 4431 | fp_clear(n1); |
wolfSSL | 16:8e0d178b1d1e | 4432 | fp_clear(y); |
wolfSSL | 16:8e0d178b1d1e | 4433 | fp_clear(r); |
wolfSSL | 16:8e0d178b1d1e | 4434 | fp_clear(b); |
wolfSSL | 16:8e0d178b1d1e | 4435 | fp_clear(c); |
wolfSSL | 16:8e0d178b1d1e | 4436 | #ifdef WOLFSSL_SMALL_STACK |
wolfSSL | 16:8e0d178b1d1e | 4437 | XFREE(b, NULL, DYNAMIC_TYPE_BIGINT); |
wolfSSL | 16:8e0d178b1d1e | 4438 | XFREE(base, NULL, DYNAMIC_TYPE_TMP_BUFFER); |
wolfSSL | 16:8e0d178b1d1e | 4439 | #endif |
wolfSSL | 16:8e0d178b1d1e | 4440 | } |
wolfSSL | 16:8e0d178b1d1e | 4441 | #else |
wolfSSL | 16:8e0d178b1d1e | 4442 | (void)t; |
wolfSSL | 16:8e0d178b1d1e | 4443 | #endif /* !WC_NO_RNG */ |
wolfSSL | 16:8e0d178b1d1e | 4444 | |
wolfSSL | 16:8e0d178b1d1e | 4445 | *result = ret; |
wolfSSL | 16:8e0d178b1d1e | 4446 | return FP_OKAY; |
wolfSSL | 15:117db924cf7c | 4447 | } |
wolfSSL | 16:8e0d178b1d1e | 4448 | #endif /* !NO_RSA || !NO_DSA || !NO_DH || WOLFSSL_KEY_GEN */ |
wolfSSL | 16:8e0d178b1d1e | 4449 | |
wolfSSL | 16:8e0d178b1d1e | 4450 | |
wolfSSL | 16:8e0d178b1d1e | 4451 | #ifdef WOLFSSL_KEY_GEN |
wolfSSL | 16:8e0d178b1d1e | 4452 | |
wolfSSL | 16:8e0d178b1d1e | 4453 | static int fp_gcd(fp_int *a, fp_int *b, fp_int *c); |
wolfSSL | 16:8e0d178b1d1e | 4454 | static int fp_lcm(fp_int *a, fp_int *b, fp_int *c); |
wolfSSL | 16:8e0d178b1d1e | 4455 | static int fp_randprime(fp_int* N, int len, WC_RNG* rng, void* heap); |
wolfSSL | 16:8e0d178b1d1e | 4456 | |
wolfSSL | 16:8e0d178b1d1e | 4457 | int mp_gcd(fp_int *a, fp_int *b, fp_int *c) |
wolfSSL | 16:8e0d178b1d1e | 4458 | { |
wolfSSL | 16:8e0d178b1d1e | 4459 | return fp_gcd(a, b, c); |
wolfSSL | 16:8e0d178b1d1e | 4460 | } |
wolfSSL | 16:8e0d178b1d1e | 4461 | |
wolfSSL | 16:8e0d178b1d1e | 4462 | |
wolfSSL | 16:8e0d178b1d1e | 4463 | int mp_lcm(fp_int *a, fp_int *b, fp_int *c) |
wolfSSL | 16:8e0d178b1d1e | 4464 | { |
wolfSSL | 16:8e0d178b1d1e | 4465 | return fp_lcm(a, b, c); |
wolfSSL | 16:8e0d178b1d1e | 4466 | } |
wolfSSL | 16:8e0d178b1d1e | 4467 | |
wolfSSL | 16:8e0d178b1d1e | 4468 | int mp_rand_prime(mp_int* N, int len, WC_RNG* rng, void* heap) |
wolfSSL | 16:8e0d178b1d1e | 4469 | { |
wolfSSL | 16:8e0d178b1d1e | 4470 | int err; |
wolfSSL | 16:8e0d178b1d1e | 4471 | |
wolfSSL | 16:8e0d178b1d1e | 4472 | err = fp_randprime(N, len, rng, heap); |
wolfSSL | 16:8e0d178b1d1e | 4473 | switch(err) { |
wolfSSL | 16:8e0d178b1d1e | 4474 | case FP_VAL: |
wolfSSL | 16:8e0d178b1d1e | 4475 | return MP_VAL; |
wolfSSL | 16:8e0d178b1d1e | 4476 | case FP_MEM: |
wolfSSL | 16:8e0d178b1d1e | 4477 | return MP_MEM; |
wolfSSL | 16:8e0d178b1d1e | 4478 | default: |
wolfSSL | 16:8e0d178b1d1e | 4479 | break; |
wolfSSL | 16:8e0d178b1d1e | 4480 | } |
wolfSSL | 16:8e0d178b1d1e | 4481 | |
wolfSSL | 16:8e0d178b1d1e | 4482 | return MP_OKAY; |
wolfSSL | 16:8e0d178b1d1e | 4483 | } |
wolfSSL | 16:8e0d178b1d1e | 4484 | |
wolfSSL | 16:8e0d178b1d1e | 4485 | int mp_exch (mp_int * a, mp_int * b) |
wolfSSL | 16:8e0d178b1d1e | 4486 | { |
wolfSSL | 16:8e0d178b1d1e | 4487 | return fp_exch(a, b); |
wolfSSL | 16:8e0d178b1d1e | 4488 | } |
wolfSSL | 16:8e0d178b1d1e | 4489 | |
wolfSSL | 16:8e0d178b1d1e | 4490 | |
wolfSSL | 15:117db924cf7c | 4491 | |
wolfSSL | 15:117db924cf7c | 4492 | int fp_randprime(fp_int* N, int len, WC_RNG* rng, void* heap) |
wolfSSL | 15:117db924cf7c | 4493 | { |
wolfSSL | 15:117db924cf7c | 4494 | static const int USE_BBS = 1; |
wolfSSL | 15:117db924cf7c | 4495 | int err, type; |
wolfSSL | 16:8e0d178b1d1e | 4496 | int isPrime = FP_YES; |
wolfSSL | 16:8e0d178b1d1e | 4497 | /* Assume the candidate is probably prime and then test until |
wolfSSL | 16:8e0d178b1d1e | 4498 | * it is proven composite. */ |
wolfSSL | 15:117db924cf7c | 4499 | byte* buf; |
wolfSSL | 15:117db924cf7c | 4500 | |
wolfSSL | 16:8e0d178b1d1e | 4501 | (void)heap; |
wolfSSL | 16:8e0d178b1d1e | 4502 | |
wolfSSL | 15:117db924cf7c | 4503 | /* get type */ |
wolfSSL | 15:117db924cf7c | 4504 | if (len < 0) { |
wolfSSL | 15:117db924cf7c | 4505 | type = USE_BBS; |
wolfSSL | 15:117db924cf7c | 4506 | len = -len; |
wolfSSL | 15:117db924cf7c | 4507 | } else { |
wolfSSL | 15:117db924cf7c | 4508 | type = 0; |
wolfSSL | 15:117db924cf7c | 4509 | } |
wolfSSL | 15:117db924cf7c | 4510 | |
wolfSSL | 15:117db924cf7c | 4511 | /* allow sizes between 2 and 512 bytes for a prime size */ |
wolfSSL | 15:117db924cf7c | 4512 | if (len < 2 || len > 512) { |
wolfSSL | 15:117db924cf7c | 4513 | return FP_VAL; |
wolfSSL | 15:117db924cf7c | 4514 | } |
wolfSSL | 15:117db924cf7c | 4515 | |
wolfSSL | 15:117db924cf7c | 4516 | /* allocate buffer to work with */ |
wolfSSL | 15:117db924cf7c | 4517 | buf = (byte*)XMALLOC(len, heap, DYNAMIC_TYPE_TMP_BUFFER); |
wolfSSL | 15:117db924cf7c | 4518 | if (buf == NULL) { |
wolfSSL | 15:117db924cf7c | 4519 | return FP_MEM; |
wolfSSL | 15:117db924cf7c | 4520 | } |
wolfSSL | 15:117db924cf7c | 4521 | XMEMSET(buf, 0, len); |
wolfSSL | 15:117db924cf7c | 4522 | |
wolfSSL | 15:117db924cf7c | 4523 | do { |
wolfSSL | 15:117db924cf7c | 4524 | #ifdef SHOW_GEN |
wolfSSL | 15:117db924cf7c | 4525 | printf("."); |
wolfSSL | 15:117db924cf7c | 4526 | fflush(stdout); |
wolfSSL | 15:117db924cf7c | 4527 | #endif |
wolfSSL | 15:117db924cf7c | 4528 | /* generate value */ |
wolfSSL | 15:117db924cf7c | 4529 | err = wc_RNG_GenerateBlock(rng, buf, len); |
wolfSSL | 15:117db924cf7c | 4530 | if (err != 0) { |
wolfSSL | 15:117db924cf7c | 4531 | XFREE(buf, heap, DYNAMIC_TYPE_TMP_BUFFER); |
wolfSSL | 15:117db924cf7c | 4532 | return FP_VAL; |
wolfSSL | 15:117db924cf7c | 4533 | } |
wolfSSL | 15:117db924cf7c | 4534 | |
wolfSSL | 15:117db924cf7c | 4535 | /* munge bits */ |
wolfSSL | 15:117db924cf7c | 4536 | buf[0] |= 0x80 | 0x40; |
wolfSSL | 15:117db924cf7c | 4537 | buf[len-1] |= 0x01 | ((type & USE_BBS) ? 0x02 : 0x00); |
wolfSSL | 15:117db924cf7c | 4538 | |
wolfSSL | 15:117db924cf7c | 4539 | /* load value */ |
wolfSSL | 15:117db924cf7c | 4540 | fp_read_unsigned_bin(N, buf, len); |
wolfSSL | 15:117db924cf7c | 4541 | |
wolfSSL | 15:117db924cf7c | 4542 | /* test */ |
wolfSSL | 16:8e0d178b1d1e | 4543 | /* Running Miller-Rabin up to 3 times gives us a 2^{-80} chance |
wolfSSL | 16:8e0d178b1d1e | 4544 | * of a 1024-bit candidate being a false positive, when it is our |
wolfSSL | 16:8e0d178b1d1e | 4545 | * prime candidate. (Note 4.49 of Handbook of Applied Cryptography.) |
wolfSSL | 16:8e0d178b1d1e | 4546 | * Using 8 because we've always used 8 */ |
wolfSSL | 16:8e0d178b1d1e | 4547 | mp_prime_is_prime_ex(N, 8, &isPrime, rng); |
wolfSSL | 16:8e0d178b1d1e | 4548 | } while (isPrime == FP_NO); |
wolfSSL | 15:117db924cf7c | 4549 | |
wolfSSL | 15:117db924cf7c | 4550 | XMEMSET(buf, 0, len); |
wolfSSL | 15:117db924cf7c | 4551 | XFREE(buf, heap, DYNAMIC_TYPE_TMP_BUFFER); |
wolfSSL | 15:117db924cf7c | 4552 | |
wolfSSL | 15:117db924cf7c | 4553 | return FP_OKAY; |
wolfSSL | 15:117db924cf7c | 4554 | } |
wolfSSL | 15:117db924cf7c | 4555 | |
wolfSSL | 15:117db924cf7c | 4556 | /* c = [a, b] */ |
wolfSSL | 16:8e0d178b1d1e | 4557 | int fp_lcm(fp_int *a, fp_int *b, fp_int *c) |
wolfSSL | 15:117db924cf7c | 4558 | { |
wolfSSL | 16:8e0d178b1d1e | 4559 | int err; |
wolfSSL | 16:8e0d178b1d1e | 4560 | #ifndef WOLFSSL_SMALL_STACK |
wolfSSL | 16:8e0d178b1d1e | 4561 | fp_int t[2]; |
wolfSSL | 16:8e0d178b1d1e | 4562 | #else |
wolfSSL | 16:8e0d178b1d1e | 4563 | fp_int *t; |
wolfSSL | 16:8e0d178b1d1e | 4564 | #endif |
wolfSSL | 16:8e0d178b1d1e | 4565 | |
wolfSSL | 16:8e0d178b1d1e | 4566 | #ifdef WOLFSSL_SMALL_STACK |
wolfSSL | 16:8e0d178b1d1e | 4567 | t = (fp_int*)XMALLOC(sizeof(fp_int) * 2, NULL, DYNAMIC_TYPE_BIGINT); |
wolfSSL | 16:8e0d178b1d1e | 4568 | if (t == NULL) { |
wolfSSL | 16:8e0d178b1d1e | 4569 | return FP_MEM; |
wolfSSL | 15:117db924cf7c | 4570 | } |
wolfSSL | 16:8e0d178b1d1e | 4571 | #endif |
wolfSSL | 16:8e0d178b1d1e | 4572 | |
wolfSSL | 16:8e0d178b1d1e | 4573 | fp_init(&t[0]); |
wolfSSL | 16:8e0d178b1d1e | 4574 | fp_init(&t[1]); |
wolfSSL | 16:8e0d178b1d1e | 4575 | err = fp_gcd(a, b, &t[0]); |
wolfSSL | 16:8e0d178b1d1e | 4576 | if (err == FP_OKAY) { |
wolfSSL | 16:8e0d178b1d1e | 4577 | if (fp_cmp_mag(a, b) == FP_GT) { |
wolfSSL | 16:8e0d178b1d1e | 4578 | err = fp_div(a, &t[0], &t[1], NULL); |
wolfSSL | 16:8e0d178b1d1e | 4579 | if (err == FP_OKAY) |
wolfSSL | 16:8e0d178b1d1e | 4580 | err = fp_mul(b, &t[1], c); |
wolfSSL | 16:8e0d178b1d1e | 4581 | } else { |
wolfSSL | 16:8e0d178b1d1e | 4582 | err = fp_div(b, &t[0], &t[1], NULL); |
wolfSSL | 16:8e0d178b1d1e | 4583 | if (err == FP_OKAY) |
wolfSSL | 16:8e0d178b1d1e | 4584 | err = fp_mul(a, &t[1], c); |
wolfSSL | 16:8e0d178b1d1e | 4585 | } |
wolfSSL | 16:8e0d178b1d1e | 4586 | } |
wolfSSL | 16:8e0d178b1d1e | 4587 | |
wolfSSL | 16:8e0d178b1d1e | 4588 | #ifdef WOLFSSL_SMALL_STACK |
wolfSSL | 16:8e0d178b1d1e | 4589 | XFREE(t, NULL, DYNAMIC_TYPE_BIGINT); |
wolfSSL | 16:8e0d178b1d1e | 4590 | #endif |
wolfSSL | 16:8e0d178b1d1e | 4591 | return err; |
wolfSSL | 15:117db924cf7c | 4592 | } |
wolfSSL | 15:117db924cf7c | 4593 | |
wolfSSL | 15:117db924cf7c | 4594 | |
wolfSSL | 15:117db924cf7c | 4595 | |
wolfSSL | 15:117db924cf7c | 4596 | /* c = (a, b) */ |
wolfSSL | 16:8e0d178b1d1e | 4597 | int fp_gcd(fp_int *a, fp_int *b, fp_int *c) |
wolfSSL | 15:117db924cf7c | 4598 | { |
wolfSSL | 16:8e0d178b1d1e | 4599 | #ifndef WOLFSSL_SMALL_STACK |
wolfSSL | 16:8e0d178b1d1e | 4600 | fp_int u[1], v[1], r[1]; |
wolfSSL | 16:8e0d178b1d1e | 4601 | #else |
wolfSSL | 16:8e0d178b1d1e | 4602 | fp_int *u, *v, *r; |
wolfSSL | 16:8e0d178b1d1e | 4603 | #endif |
wolfSSL | 15:117db924cf7c | 4604 | |
wolfSSL | 15:117db924cf7c | 4605 | /* either zero than gcd is the largest */ |
wolfSSL | 15:117db924cf7c | 4606 | if (fp_iszero (a) == FP_YES && fp_iszero (b) == FP_NO) { |
wolfSSL | 15:117db924cf7c | 4607 | fp_abs (b, c); |
wolfSSL | 16:8e0d178b1d1e | 4608 | return FP_OKAY; |
wolfSSL | 15:117db924cf7c | 4609 | } |
wolfSSL | 15:117db924cf7c | 4610 | if (fp_iszero (a) == FP_NO && fp_iszero (b) == FP_YES) { |
wolfSSL | 15:117db924cf7c | 4611 | fp_abs (a, c); |
wolfSSL | 16:8e0d178b1d1e | 4612 | return FP_OKAY; |
wolfSSL | 15:117db924cf7c | 4613 | } |
wolfSSL | 15:117db924cf7c | 4614 | |
wolfSSL | 15:117db924cf7c | 4615 | /* optimized. At this point if a == 0 then |
wolfSSL | 15:117db924cf7c | 4616 | * b must equal zero too |
wolfSSL | 15:117db924cf7c | 4617 | */ |
wolfSSL | 15:117db924cf7c | 4618 | if (fp_iszero (a) == FP_YES) { |
wolfSSL | 15:117db924cf7c | 4619 | fp_zero(c); |
wolfSSL | 16:8e0d178b1d1e | 4620 | return FP_OKAY; |
wolfSSL | 15:117db924cf7c | 4621 | } |
wolfSSL | 15:117db924cf7c | 4622 | |
wolfSSL | 16:8e0d178b1d1e | 4623 | #ifdef WOLFSSL_SMALL_STACK |
wolfSSL | 16:8e0d178b1d1e | 4624 | u = (fp_int*)XMALLOC(sizeof(fp_int) * 3, NULL, DYNAMIC_TYPE_BIGINT); |
wolfSSL | 16:8e0d178b1d1e | 4625 | if (u == NULL) { |
wolfSSL | 16:8e0d178b1d1e | 4626 | return FP_MEM; |
wolfSSL | 16:8e0d178b1d1e | 4627 | } |
wolfSSL | 16:8e0d178b1d1e | 4628 | v = &u[1]; r = &u[2]; |
wolfSSL | 16:8e0d178b1d1e | 4629 | #endif |
wolfSSL | 16:8e0d178b1d1e | 4630 | |
wolfSSL | 15:117db924cf7c | 4631 | /* sort inputs */ |
wolfSSL | 15:117db924cf7c | 4632 | if (fp_cmp_mag(a, b) != FP_LT) { |
wolfSSL | 16:8e0d178b1d1e | 4633 | fp_init_copy(u, a); |
wolfSSL | 16:8e0d178b1d1e | 4634 | fp_init_copy(v, b); |
wolfSSL | 15:117db924cf7c | 4635 | } else { |
wolfSSL | 16:8e0d178b1d1e | 4636 | fp_init_copy(u, b); |
wolfSSL | 16:8e0d178b1d1e | 4637 | fp_init_copy(v, a); |
wolfSSL | 15:117db924cf7c | 4638 | } |
wolfSSL | 15:117db924cf7c | 4639 | |
wolfSSL | 16:8e0d178b1d1e | 4640 | u->sign = FP_ZPOS; |
wolfSSL | 16:8e0d178b1d1e | 4641 | v->sign = FP_ZPOS; |
wolfSSL | 16:8e0d178b1d1e | 4642 | |
wolfSSL | 16:8e0d178b1d1e | 4643 | fp_init(r); |
wolfSSL | 16:8e0d178b1d1e | 4644 | while (fp_iszero(v) == FP_NO) { |
wolfSSL | 16:8e0d178b1d1e | 4645 | fp_mod(u, v, r); |
wolfSSL | 16:8e0d178b1d1e | 4646 | fp_copy(v, u); |
wolfSSL | 16:8e0d178b1d1e | 4647 | fp_copy(r, v); |
wolfSSL | 15:117db924cf7c | 4648 | } |
wolfSSL | 16:8e0d178b1d1e | 4649 | fp_copy(u, c); |
wolfSSL | 16:8e0d178b1d1e | 4650 | |
wolfSSL | 16:8e0d178b1d1e | 4651 | #ifdef WOLFSSL_SMALL_STACK |
wolfSSL | 16:8e0d178b1d1e | 4652 | XFREE(u, NULL, DYNAMIC_TYPE_BIGINT); |
wolfSSL | 16:8e0d178b1d1e | 4653 | #endif |
wolfSSL | 16:8e0d178b1d1e | 4654 | return FP_OKAY; |
wolfSSL | 15:117db924cf7c | 4655 | } |
wolfSSL | 15:117db924cf7c | 4656 | |
wolfSSL | 15:117db924cf7c | 4657 | #endif /* WOLFSSL_KEY_GEN */ |
wolfSSL | 15:117db924cf7c | 4658 | |
wolfSSL | 15:117db924cf7c | 4659 | |
wolfSSL | 15:117db924cf7c | 4660 | #if defined(HAVE_ECC) || !defined(NO_PWDBASED) || defined(OPENSSL_EXTRA) || \ |
wolfSSL | 16:8e0d178b1d1e | 4661 | defined(WC_RSA_BLINDING) || !defined(NO_DSA) || \ |
wolfSSL | 16:8e0d178b1d1e | 4662 | (!defined(NO_RSA) && !defined(NO_RSA_BOUNDS_CHECK)) |
wolfSSL | 15:117db924cf7c | 4663 | /* c = a + b */ |
wolfSSL | 15:117db924cf7c | 4664 | void fp_add_d(fp_int *a, fp_digit b, fp_int *c) |
wolfSSL | 15:117db924cf7c | 4665 | { |
wolfSSL | 16:8e0d178b1d1e | 4666 | #ifndef WOLFSSL_SMALL_STACK |
wolfSSL | 15:117db924cf7c | 4667 | fp_int tmp; |
wolfSSL | 15:117db924cf7c | 4668 | fp_init(&tmp); |
wolfSSL | 15:117db924cf7c | 4669 | fp_set(&tmp, b); |
wolfSSL | 15:117db924cf7c | 4670 | fp_add(a, &tmp, c); |
wolfSSL | 16:8e0d178b1d1e | 4671 | #else |
wolfSSL | 16:8e0d178b1d1e | 4672 | int i; |
wolfSSL | 16:8e0d178b1d1e | 4673 | fp_word t = b; |
wolfSSL | 16:8e0d178b1d1e | 4674 | |
wolfSSL | 16:8e0d178b1d1e | 4675 | fp_copy(a, c); |
wolfSSL | 16:8e0d178b1d1e | 4676 | for (i = 0; t != 0 && i < FP_SIZE && i < c->used; i++) { |
wolfSSL | 16:8e0d178b1d1e | 4677 | t += c->dp[i]; |
wolfSSL | 16:8e0d178b1d1e | 4678 | c->dp[i] = (fp_digit)t; |
wolfSSL | 16:8e0d178b1d1e | 4679 | t >>= DIGIT_BIT; |
wolfSSL | 16:8e0d178b1d1e | 4680 | } |
wolfSSL | 16:8e0d178b1d1e | 4681 | if (i == c->used && i < FP_SIZE && t != 0) { |
wolfSSL | 16:8e0d178b1d1e | 4682 | c->dp[i] = t; |
wolfSSL | 16:8e0d178b1d1e | 4683 | c->used++; |
wolfSSL | 16:8e0d178b1d1e | 4684 | } |
wolfSSL | 16:8e0d178b1d1e | 4685 | #endif |
wolfSSL | 15:117db924cf7c | 4686 | } |
wolfSSL | 15:117db924cf7c | 4687 | |
wolfSSL | 15:117db924cf7c | 4688 | /* external compatibility */ |
wolfSSL | 15:117db924cf7c | 4689 | int mp_add_d(fp_int *a, fp_digit b, fp_int *c) |
wolfSSL | 15:117db924cf7c | 4690 | { |
wolfSSL | 15:117db924cf7c | 4691 | fp_add_d(a, b, c); |
wolfSSL | 15:117db924cf7c | 4692 | return MP_OKAY; |
wolfSSL | 15:117db924cf7c | 4693 | } |
wolfSSL | 15:117db924cf7c | 4694 | |
wolfSSL | 16:8e0d178b1d1e | 4695 | #endif /* HAVE_ECC || !NO_PWDBASED || OPENSSL_EXTRA || WC_RSA_BLINDING || |
wolfSSL | 16:8e0d178b1d1e | 4696 | !NO_DSA || (!NO_RSA && !NO_RSA_BOUNDS_CHECK) */ |
wolfSSL | 15:117db924cf7c | 4697 | |
wolfSSL | 15:117db924cf7c | 4698 | |
wolfSSL | 15:117db924cf7c | 4699 | #if !defined(NO_DSA) || defined(HAVE_ECC) || defined(WOLFSSL_KEY_GEN) || \ |
wolfSSL | 15:117db924cf7c | 4700 | defined(HAVE_COMP_KEY) || defined(WOLFSSL_DEBUG_MATH) || \ |
wolfSSL | 16:8e0d178b1d1e | 4701 | defined(DEBUG_WOLFSSL) || defined(OPENSSL_EXTRA) || defined(WC_MP_TO_RADIX) |
wolfSSL | 15:117db924cf7c | 4702 | |
wolfSSL | 15:117db924cf7c | 4703 | /* chars used in radix conversions */ |
wolfSSL | 16:8e0d178b1d1e | 4704 | static wcchar fp_s_rmap = "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ" |
wolfSSL | 15:117db924cf7c | 4705 | "abcdefghijklmnopqrstuvwxyz+/"; |
wolfSSL | 15:117db924cf7c | 4706 | #endif |
wolfSSL | 15:117db924cf7c | 4707 | |
wolfSSL | 15:117db924cf7c | 4708 | #if !defined(NO_DSA) || defined(HAVE_ECC) |
wolfSSL | 15:117db924cf7c | 4709 | #if DIGIT_BIT == 64 || DIGIT_BIT == 32 |
wolfSSL | 15:117db924cf7c | 4710 | static int fp_read_radix_16(fp_int *a, const char *str) |
wolfSSL | 15:117db924cf7c | 4711 | { |
wolfSSL | 15:117db924cf7c | 4712 | int i, j, k, neg; |
wolfSSL | 15:117db924cf7c | 4713 | char ch; |
wolfSSL | 15:117db924cf7c | 4714 | |
wolfSSL | 15:117db924cf7c | 4715 | /* if the leading digit is a |
wolfSSL | 15:117db924cf7c | 4716 | * minus set the sign to negative. |
wolfSSL | 15:117db924cf7c | 4717 | */ |
wolfSSL | 15:117db924cf7c | 4718 | if (*str == '-') { |
wolfSSL | 15:117db924cf7c | 4719 | ++str; |
wolfSSL | 15:117db924cf7c | 4720 | neg = FP_NEG; |
wolfSSL | 15:117db924cf7c | 4721 | } else { |
wolfSSL | 15:117db924cf7c | 4722 | neg = FP_ZPOS; |
wolfSSL | 15:117db924cf7c | 4723 | } |
wolfSSL | 15:117db924cf7c | 4724 | |
wolfSSL | 15:117db924cf7c | 4725 | j = 0; |
wolfSSL | 15:117db924cf7c | 4726 | k = 0; |
wolfSSL | 15:117db924cf7c | 4727 | for (i = (int)(XSTRLEN(str) - 1); i >= 0; i--) { |
wolfSSL | 15:117db924cf7c | 4728 | ch = str[i]; |
wolfSSL | 15:117db924cf7c | 4729 | if (ch >= '0' && ch <= '9') |
wolfSSL | 15:117db924cf7c | 4730 | ch -= '0'; |
wolfSSL | 15:117db924cf7c | 4731 | else if (ch >= 'A' && ch <= 'F') |
wolfSSL | 15:117db924cf7c | 4732 | ch -= 'A' - 10; |
wolfSSL | 15:117db924cf7c | 4733 | else if (ch >= 'a' && ch <= 'f') |
wolfSSL | 15:117db924cf7c | 4734 | ch -= 'a' - 10; |
wolfSSL | 15:117db924cf7c | 4735 | else |
wolfSSL | 15:117db924cf7c | 4736 | return FP_VAL; |
wolfSSL | 15:117db924cf7c | 4737 | |
wolfSSL | 15:117db924cf7c | 4738 | a->dp[k] |= ((fp_digit)ch) << j; |
wolfSSL | 15:117db924cf7c | 4739 | j += 4; |
wolfSSL | 15:117db924cf7c | 4740 | k += j == DIGIT_BIT; |
wolfSSL | 15:117db924cf7c | 4741 | j &= DIGIT_BIT - 1; |
wolfSSL | 15:117db924cf7c | 4742 | } |
wolfSSL | 15:117db924cf7c | 4743 | |
wolfSSL | 15:117db924cf7c | 4744 | a->used = k + 1; |
wolfSSL | 15:117db924cf7c | 4745 | fp_clamp(a); |
wolfSSL | 15:117db924cf7c | 4746 | /* set the sign only if a != 0 */ |
wolfSSL | 15:117db924cf7c | 4747 | if (fp_iszero(a) != FP_YES) { |
wolfSSL | 15:117db924cf7c | 4748 | a->sign = neg; |
wolfSSL | 15:117db924cf7c | 4749 | } |
wolfSSL | 15:117db924cf7c | 4750 | return FP_OKAY; |
wolfSSL | 15:117db924cf7c | 4751 | } |
wolfSSL | 15:117db924cf7c | 4752 | #endif |
wolfSSL | 15:117db924cf7c | 4753 | |
wolfSSL | 15:117db924cf7c | 4754 | static int fp_read_radix(fp_int *a, const char *str, int radix) |
wolfSSL | 15:117db924cf7c | 4755 | { |
wolfSSL | 15:117db924cf7c | 4756 | int y, neg; |
wolfSSL | 15:117db924cf7c | 4757 | char ch; |
wolfSSL | 15:117db924cf7c | 4758 | |
wolfSSL | 15:117db924cf7c | 4759 | /* set the integer to the default of zero */ |
wolfSSL | 15:117db924cf7c | 4760 | fp_zero (a); |
wolfSSL | 15:117db924cf7c | 4761 | |
wolfSSL | 15:117db924cf7c | 4762 | #if DIGIT_BIT == 64 || DIGIT_BIT == 32 |
wolfSSL | 15:117db924cf7c | 4763 | if (radix == 16) |
wolfSSL | 15:117db924cf7c | 4764 | return fp_read_radix_16(a, str); |
wolfSSL | 15:117db924cf7c | 4765 | #endif |
wolfSSL | 15:117db924cf7c | 4766 | |
wolfSSL | 15:117db924cf7c | 4767 | /* make sure the radix is ok */ |
wolfSSL | 15:117db924cf7c | 4768 | if (radix < 2 || radix > 64) { |
wolfSSL | 15:117db924cf7c | 4769 | return FP_VAL; |
wolfSSL | 15:117db924cf7c | 4770 | } |
wolfSSL | 15:117db924cf7c | 4771 | |
wolfSSL | 15:117db924cf7c | 4772 | /* if the leading digit is a |
wolfSSL | 15:117db924cf7c | 4773 | * minus set the sign to negative. |
wolfSSL | 15:117db924cf7c | 4774 | */ |
wolfSSL | 15:117db924cf7c | 4775 | if (*str == '-') { |
wolfSSL | 15:117db924cf7c | 4776 | ++str; |
wolfSSL | 15:117db924cf7c | 4777 | neg = FP_NEG; |
wolfSSL | 15:117db924cf7c | 4778 | } else { |
wolfSSL | 15:117db924cf7c | 4779 | neg = FP_ZPOS; |
wolfSSL | 15:117db924cf7c | 4780 | } |
wolfSSL | 15:117db924cf7c | 4781 | |
wolfSSL | 15:117db924cf7c | 4782 | /* process each digit of the string */ |
wolfSSL | 15:117db924cf7c | 4783 | while (*str) { |
wolfSSL | 15:117db924cf7c | 4784 | /* if the radix <= 36 the conversion is case insensitive |
wolfSSL | 15:117db924cf7c | 4785 | * this allows numbers like 1AB and 1ab to represent the same value |
wolfSSL | 15:117db924cf7c | 4786 | * [e.g. in hex] |
wolfSSL | 15:117db924cf7c | 4787 | */ |
wolfSSL | 15:117db924cf7c | 4788 | ch = (char)((radix <= 36) ? XTOUPPER((unsigned char)*str) : *str); |
wolfSSL | 15:117db924cf7c | 4789 | for (y = 0; y < 64; y++) { |
wolfSSL | 15:117db924cf7c | 4790 | if (ch == fp_s_rmap[y]) { |
wolfSSL | 15:117db924cf7c | 4791 | break; |
wolfSSL | 15:117db924cf7c | 4792 | } |
wolfSSL | 15:117db924cf7c | 4793 | } |
wolfSSL | 15:117db924cf7c | 4794 | |
wolfSSL | 15:117db924cf7c | 4795 | /* if the char was found in the map |
wolfSSL | 15:117db924cf7c | 4796 | * and is less than the given radix add it |
wolfSSL | 15:117db924cf7c | 4797 | * to the number, otherwise exit the loop. |
wolfSSL | 15:117db924cf7c | 4798 | */ |
wolfSSL | 15:117db924cf7c | 4799 | if (y < radix) { |
wolfSSL | 15:117db924cf7c | 4800 | fp_mul_d (a, (fp_digit) radix, a); |
wolfSSL | 15:117db924cf7c | 4801 | fp_add_d (a, (fp_digit) y, a); |
wolfSSL | 15:117db924cf7c | 4802 | } else { |
wolfSSL | 15:117db924cf7c | 4803 | break; |
wolfSSL | 15:117db924cf7c | 4804 | } |
wolfSSL | 15:117db924cf7c | 4805 | ++str; |
wolfSSL | 15:117db924cf7c | 4806 | } |
wolfSSL | 15:117db924cf7c | 4807 | |
wolfSSL | 15:117db924cf7c | 4808 | /* set the sign only if a != 0 */ |
wolfSSL | 15:117db924cf7c | 4809 | if (fp_iszero(a) != FP_YES) { |
wolfSSL | 15:117db924cf7c | 4810 | a->sign = neg; |
wolfSSL | 15:117db924cf7c | 4811 | } |
wolfSSL | 15:117db924cf7c | 4812 | return FP_OKAY; |
wolfSSL | 15:117db924cf7c | 4813 | } |
wolfSSL | 15:117db924cf7c | 4814 | |
wolfSSL | 15:117db924cf7c | 4815 | /* fast math conversion */ |
wolfSSL | 15:117db924cf7c | 4816 | int mp_read_radix(mp_int *a, const char *str, int radix) |
wolfSSL | 15:117db924cf7c | 4817 | { |
wolfSSL | 15:117db924cf7c | 4818 | return fp_read_radix(a, str, radix); |
wolfSSL | 15:117db924cf7c | 4819 | } |
wolfSSL | 15:117db924cf7c | 4820 | |
wolfSSL | 15:117db924cf7c | 4821 | #endif /* !defined(NO_DSA) || defined(HAVE_ECC) */ |
wolfSSL | 15:117db924cf7c | 4822 | |
wolfSSL | 15:117db924cf7c | 4823 | #ifdef HAVE_ECC |
wolfSSL | 15:117db924cf7c | 4824 | |
wolfSSL | 15:117db924cf7c | 4825 | /* fast math conversion */ |
wolfSSL | 15:117db924cf7c | 4826 | int mp_sqr(fp_int *A, fp_int *B) |
wolfSSL | 15:117db924cf7c | 4827 | { |
wolfSSL | 16:8e0d178b1d1e | 4828 | return fp_sqr(A, B); |
wolfSSL | 15:117db924cf7c | 4829 | } |
wolfSSL | 15:117db924cf7c | 4830 | |
wolfSSL | 15:117db924cf7c | 4831 | /* fast math conversion */ |
wolfSSL | 15:117db924cf7c | 4832 | int mp_montgomery_reduce(fp_int *a, fp_int *m, fp_digit mp) |
wolfSSL | 15:117db924cf7c | 4833 | { |
wolfSSL | 16:8e0d178b1d1e | 4834 | return fp_montgomery_reduce(a, m, mp); |
wolfSSL | 15:117db924cf7c | 4835 | } |
wolfSSL | 15:117db924cf7c | 4836 | |
wolfSSL | 15:117db924cf7c | 4837 | |
wolfSSL | 15:117db924cf7c | 4838 | /* fast math conversion */ |
wolfSSL | 15:117db924cf7c | 4839 | int mp_montgomery_setup(fp_int *a, fp_digit *rho) |
wolfSSL | 15:117db924cf7c | 4840 | { |
wolfSSL | 15:117db924cf7c | 4841 | return fp_montgomery_setup(a, rho); |
wolfSSL | 15:117db924cf7c | 4842 | } |
wolfSSL | 15:117db924cf7c | 4843 | |
wolfSSL | 15:117db924cf7c | 4844 | int mp_div_2(fp_int * a, fp_int * b) |
wolfSSL | 15:117db924cf7c | 4845 | { |
wolfSSL | 15:117db924cf7c | 4846 | fp_div_2(a, b); |
wolfSSL | 15:117db924cf7c | 4847 | return MP_OKAY; |
wolfSSL | 15:117db924cf7c | 4848 | } |
wolfSSL | 15:117db924cf7c | 4849 | |
wolfSSL | 15:117db924cf7c | 4850 | |
wolfSSL | 15:117db924cf7c | 4851 | int mp_init_copy(fp_int * a, fp_int * b) |
wolfSSL | 15:117db924cf7c | 4852 | { |
wolfSSL | 15:117db924cf7c | 4853 | fp_init_copy(a, b); |
wolfSSL | 15:117db924cf7c | 4854 | return MP_OKAY; |
wolfSSL | 15:117db924cf7c | 4855 | } |
wolfSSL | 15:117db924cf7c | 4856 | |
wolfSSL | 15:117db924cf7c | 4857 | #ifdef HAVE_COMP_KEY |
wolfSSL | 15:117db924cf7c | 4858 | |
wolfSSL | 15:117db924cf7c | 4859 | int mp_cnt_lsb(fp_int* a) |
wolfSSL | 15:117db924cf7c | 4860 | { |
wolfSSL | 15:117db924cf7c | 4861 | return fp_cnt_lsb(a); |
wolfSSL | 15:117db924cf7c | 4862 | } |
wolfSSL | 15:117db924cf7c | 4863 | |
wolfSSL | 15:117db924cf7c | 4864 | #endif /* HAVE_COMP_KEY */ |
wolfSSL | 15:117db924cf7c | 4865 | |
wolfSSL | 15:117db924cf7c | 4866 | #endif /* HAVE_ECC */ |
wolfSSL | 15:117db924cf7c | 4867 | |
wolfSSL | 16:8e0d178b1d1e | 4868 | #if defined(HAVE_ECC) || !defined(NO_RSA) || !defined(NO_DSA) || \ |
wolfSSL | 16:8e0d178b1d1e | 4869 | defined(WOLFSSL_KEY_GEN) |
wolfSSL | 15:117db924cf7c | 4870 | /* fast math conversion */ |
wolfSSL | 15:117db924cf7c | 4871 | int mp_set(fp_int *a, fp_digit b) |
wolfSSL | 15:117db924cf7c | 4872 | { |
wolfSSL | 15:117db924cf7c | 4873 | fp_set(a,b); |
wolfSSL | 15:117db924cf7c | 4874 | return MP_OKAY; |
wolfSSL | 15:117db924cf7c | 4875 | } |
wolfSSL | 15:117db924cf7c | 4876 | #endif |
wolfSSL | 15:117db924cf7c | 4877 | |
wolfSSL | 16:8e0d178b1d1e | 4878 | #ifdef WC_MP_TO_RADIX |
wolfSSL | 15:117db924cf7c | 4879 | |
wolfSSL | 15:117db924cf7c | 4880 | /* returns size of ASCII representation */ |
wolfSSL | 15:117db924cf7c | 4881 | int mp_radix_size (mp_int *a, int radix, int *size) |
wolfSSL | 15:117db924cf7c | 4882 | { |
wolfSSL | 16:8e0d178b1d1e | 4883 | int res, digs; |
wolfSSL | 15:117db924cf7c | 4884 | fp_digit d; |
wolfSSL | 16:8e0d178b1d1e | 4885 | #ifndef WOLFSSL_SMALL_STACK |
wolfSSL | 16:8e0d178b1d1e | 4886 | fp_int t[1]; |
wolfSSL | 16:8e0d178b1d1e | 4887 | #else |
wolfSSL | 16:8e0d178b1d1e | 4888 | fp_int *t; |
wolfSSL | 16:8e0d178b1d1e | 4889 | #endif |
wolfSSL | 15:117db924cf7c | 4890 | |
wolfSSL | 15:117db924cf7c | 4891 | *size = 0; |
wolfSSL | 15:117db924cf7c | 4892 | |
wolfSSL | 15:117db924cf7c | 4893 | /* special case for binary */ |
wolfSSL | 15:117db924cf7c | 4894 | if (radix == 2) { |
wolfSSL | 15:117db924cf7c | 4895 | *size = fp_count_bits (a) + (a->sign == FP_NEG ? 1 : 0) + 1; |
wolfSSL | 15:117db924cf7c | 4896 | return FP_YES; |
wolfSSL | 15:117db924cf7c | 4897 | } |
wolfSSL | 15:117db924cf7c | 4898 | |
wolfSSL | 15:117db924cf7c | 4899 | /* make sure the radix is in range */ |
wolfSSL | 15:117db924cf7c | 4900 | if (radix < 2 || radix > 64) { |
wolfSSL | 15:117db924cf7c | 4901 | return FP_VAL; |
wolfSSL | 15:117db924cf7c | 4902 | } |
wolfSSL | 15:117db924cf7c | 4903 | |
wolfSSL | 15:117db924cf7c | 4904 | if (fp_iszero(a) == MP_YES) { |
wolfSSL | 15:117db924cf7c | 4905 | *size = 2; |
wolfSSL | 15:117db924cf7c | 4906 | return FP_OKAY; |
wolfSSL | 15:117db924cf7c | 4907 | } |
wolfSSL | 15:117db924cf7c | 4908 | |
wolfSSL | 15:117db924cf7c | 4909 | /* digs is the digit count */ |
wolfSSL | 15:117db924cf7c | 4910 | digs = 0; |
wolfSSL | 15:117db924cf7c | 4911 | |
wolfSSL | 15:117db924cf7c | 4912 | /* if it's negative add one for the sign */ |
wolfSSL | 15:117db924cf7c | 4913 | if (a->sign == FP_NEG) { |
wolfSSL | 15:117db924cf7c | 4914 | ++digs; |
wolfSSL | 15:117db924cf7c | 4915 | } |
wolfSSL | 15:117db924cf7c | 4916 | |
wolfSSL | 16:8e0d178b1d1e | 4917 | #ifdef WOLFSSL_SMALL_STACK |
wolfSSL | 16:8e0d178b1d1e | 4918 | t = (fp_int*)XMALLOC(sizeof(fp_int), NULL, DYNAMIC_TYPE_BIGINT); |
wolfSSL | 16:8e0d178b1d1e | 4919 | if (t == NULL) |
wolfSSL | 16:8e0d178b1d1e | 4920 | return FP_MEM; |
wolfSSL | 16:8e0d178b1d1e | 4921 | #endif |
wolfSSL | 16:8e0d178b1d1e | 4922 | |
wolfSSL | 15:117db924cf7c | 4923 | /* init a copy of the input */ |
wolfSSL | 16:8e0d178b1d1e | 4924 | fp_init_copy (t, a); |
wolfSSL | 15:117db924cf7c | 4925 | |
wolfSSL | 15:117db924cf7c | 4926 | /* force temp to positive */ |
wolfSSL | 16:8e0d178b1d1e | 4927 | t->sign = FP_ZPOS; |
wolfSSL | 15:117db924cf7c | 4928 | |
wolfSSL | 15:117db924cf7c | 4929 | /* fetch out all of the digits */ |
wolfSSL | 16:8e0d178b1d1e | 4930 | while (fp_iszero (t) == FP_NO) { |
wolfSSL | 16:8e0d178b1d1e | 4931 | if ((res = fp_div_d (t, (mp_digit) radix, t, &d)) != FP_OKAY) { |
wolfSSL | 16:8e0d178b1d1e | 4932 | fp_zero (t); |
wolfSSL | 16:8e0d178b1d1e | 4933 | #ifdef WOLFSSL_SMALL_STACK |
wolfSSL | 16:8e0d178b1d1e | 4934 | XFREE(t, NULL, DYNAMIC_TYPE_BIGINT); |
wolfSSL | 16:8e0d178b1d1e | 4935 | #endif |
wolfSSL | 15:117db924cf7c | 4936 | return res; |
wolfSSL | 15:117db924cf7c | 4937 | } |
wolfSSL | 15:117db924cf7c | 4938 | ++digs; |
wolfSSL | 15:117db924cf7c | 4939 | } |
wolfSSL | 16:8e0d178b1d1e | 4940 | fp_zero (t); |
wolfSSL | 15:117db924cf7c | 4941 | |
wolfSSL | 15:117db924cf7c | 4942 | /* return digs + 1, the 1 is for the NULL byte that would be required. */ |
wolfSSL | 15:117db924cf7c | 4943 | *size = digs + 1; |
wolfSSL | 16:8e0d178b1d1e | 4944 | #ifdef WOLFSSL_SMALL_STACK |
wolfSSL | 16:8e0d178b1d1e | 4945 | XFREE(t, NULL, DYNAMIC_TYPE_BIGINT); |
wolfSSL | 16:8e0d178b1d1e | 4946 | #endif |
wolfSSL | 15:117db924cf7c | 4947 | return FP_OKAY; |
wolfSSL | 15:117db924cf7c | 4948 | } |
wolfSSL | 15:117db924cf7c | 4949 | |
wolfSSL | 15:117db924cf7c | 4950 | /* stores a bignum as a ASCII string in a given radix (2..64) */ |
wolfSSL | 15:117db924cf7c | 4951 | int mp_toradix (mp_int *a, char *str, int radix) |
wolfSSL | 15:117db924cf7c | 4952 | { |
wolfSSL | 16:8e0d178b1d1e | 4953 | int res, digs; |
wolfSSL | 15:117db924cf7c | 4954 | fp_digit d; |
wolfSSL | 16:8e0d178b1d1e | 4955 | char *_s = str; |
wolfSSL | 16:8e0d178b1d1e | 4956 | #ifndef WOLFSSL_SMALL_STACK |
wolfSSL | 16:8e0d178b1d1e | 4957 | fp_int t[1]; |
wolfSSL | 16:8e0d178b1d1e | 4958 | #else |
wolfSSL | 16:8e0d178b1d1e | 4959 | fp_int *t; |
wolfSSL | 16:8e0d178b1d1e | 4960 | #endif |
wolfSSL | 15:117db924cf7c | 4961 | |
wolfSSL | 15:117db924cf7c | 4962 | /* check range of the radix */ |
wolfSSL | 15:117db924cf7c | 4963 | if (radix < 2 || radix > 64) { |
wolfSSL | 15:117db924cf7c | 4964 | return FP_VAL; |
wolfSSL | 15:117db924cf7c | 4965 | } |
wolfSSL | 15:117db924cf7c | 4966 | |
wolfSSL | 15:117db924cf7c | 4967 | /* quick out if its zero */ |
wolfSSL | 15:117db924cf7c | 4968 | if (fp_iszero(a) == FP_YES) { |
wolfSSL | 15:117db924cf7c | 4969 | *str++ = '0'; |
wolfSSL | 15:117db924cf7c | 4970 | *str = '\0'; |
wolfSSL | 16:8e0d178b1d1e | 4971 | return FP_OKAY; |
wolfSSL | 15:117db924cf7c | 4972 | } |
wolfSSL | 15:117db924cf7c | 4973 | |
wolfSSL | 16:8e0d178b1d1e | 4974 | #ifdef WOLFSSL_SMALL_STACK |
wolfSSL | 16:8e0d178b1d1e | 4975 | t = (fp_int*)XMALLOC(sizeof(fp_int), NULL, DYNAMIC_TYPE_BIGINT); |
wolfSSL | 16:8e0d178b1d1e | 4976 | if (t == NULL) |
wolfSSL | 16:8e0d178b1d1e | 4977 | return FP_MEM; |
wolfSSL | 16:8e0d178b1d1e | 4978 | #endif |
wolfSSL | 16:8e0d178b1d1e | 4979 | |
wolfSSL | 15:117db924cf7c | 4980 | /* init a copy of the input */ |
wolfSSL | 16:8e0d178b1d1e | 4981 | fp_init_copy (t, a); |
wolfSSL | 15:117db924cf7c | 4982 | |
wolfSSL | 15:117db924cf7c | 4983 | /* if it is negative output a - */ |
wolfSSL | 16:8e0d178b1d1e | 4984 | if (t->sign == FP_NEG) { |
wolfSSL | 15:117db924cf7c | 4985 | ++_s; |
wolfSSL | 15:117db924cf7c | 4986 | *str++ = '-'; |
wolfSSL | 16:8e0d178b1d1e | 4987 | t->sign = FP_ZPOS; |
wolfSSL | 15:117db924cf7c | 4988 | } |
wolfSSL | 15:117db924cf7c | 4989 | |
wolfSSL | 15:117db924cf7c | 4990 | digs = 0; |
wolfSSL | 16:8e0d178b1d1e | 4991 | while (fp_iszero (t) == FP_NO) { |
wolfSSL | 16:8e0d178b1d1e | 4992 | if ((res = fp_div_d (t, (fp_digit) radix, t, &d)) != FP_OKAY) { |
wolfSSL | 16:8e0d178b1d1e | 4993 | fp_zero (t); |
wolfSSL | 16:8e0d178b1d1e | 4994 | #ifdef WOLFSSL_SMALL_STACK |
wolfSSL | 16:8e0d178b1d1e | 4995 | XFREE(t, NULL, DYNAMIC_TYPE_BIGINT); |
wolfSSL | 16:8e0d178b1d1e | 4996 | #endif |
wolfSSL | 15:117db924cf7c | 4997 | return res; |
wolfSSL | 15:117db924cf7c | 4998 | } |
wolfSSL | 15:117db924cf7c | 4999 | *str++ = fp_s_rmap[d]; |
wolfSSL | 15:117db924cf7c | 5000 | ++digs; |
wolfSSL | 15:117db924cf7c | 5001 | } |
wolfSSL | 16:8e0d178b1d1e | 5002 | #ifndef WC_DISABLE_RADIX_ZERO_PAD |
wolfSSL | 16:8e0d178b1d1e | 5003 | /* For hexadecimal output, add zero padding when number of digits is odd */ |
wolfSSL | 16:8e0d178b1d1e | 5004 | if ((digs & 1) && (radix == 16)) { |
wolfSSL | 16:8e0d178b1d1e | 5005 | *str++ = fp_s_rmap[0]; |
wolfSSL | 16:8e0d178b1d1e | 5006 | ++digs; |
wolfSSL | 16:8e0d178b1d1e | 5007 | } |
wolfSSL | 16:8e0d178b1d1e | 5008 | #endif |
wolfSSL | 15:117db924cf7c | 5009 | /* reverse the digits of the string. In this case _s points |
wolfSSL | 15:117db924cf7c | 5010 | * to the first digit [excluding the sign] of the number] |
wolfSSL | 15:117db924cf7c | 5011 | */ |
wolfSSL | 15:117db924cf7c | 5012 | fp_reverse ((unsigned char *)_s, digs); |
wolfSSL | 15:117db924cf7c | 5013 | |
wolfSSL | 15:117db924cf7c | 5014 | /* append a NULL so the string is properly terminated */ |
wolfSSL | 15:117db924cf7c | 5015 | *str = '\0'; |
wolfSSL | 15:117db924cf7c | 5016 | |
wolfSSL | 16:8e0d178b1d1e | 5017 | fp_zero (t); |
wolfSSL | 16:8e0d178b1d1e | 5018 | #ifdef WOLFSSL_SMALL_STACK |
wolfSSL | 16:8e0d178b1d1e | 5019 | XFREE(t, NULL, DYNAMIC_TYPE_BIGINT); |
wolfSSL | 16:8e0d178b1d1e | 5020 | #endif |
wolfSSL | 15:117db924cf7c | 5021 | return FP_OKAY; |
wolfSSL | 15:117db924cf7c | 5022 | } |
wolfSSL | 15:117db924cf7c | 5023 | |
wolfSSL | 15:117db924cf7c | 5024 | #ifdef WOLFSSL_DEBUG_MATH |
wolfSSL | 15:117db924cf7c | 5025 | void mp_dump(const char* desc, mp_int* a, byte verbose) |
wolfSSL | 15:117db924cf7c | 5026 | { |
wolfSSL | 15:117db924cf7c | 5027 | char buffer[FP_SIZE * sizeof(fp_digit) * 2]; |
wolfSSL | 16:8e0d178b1d1e | 5028 | int size; |
wolfSSL | 15:117db924cf7c | 5029 | |
wolfSSL | 15:117db924cf7c | 5030 | #if defined(ALT_ECC_SIZE) || defined(HAVE_WOLF_BIGINT) |
wolfSSL | 15:117db924cf7c | 5031 | size = a->size; |
wolfSSL | 16:8e0d178b1d1e | 5032 | #else |
wolfSSL | 16:8e0d178b1d1e | 5033 | size = FP_SIZE; |
wolfSSL | 15:117db924cf7c | 5034 | #endif |
wolfSSL | 15:117db924cf7c | 5035 | |
wolfSSL | 15:117db924cf7c | 5036 | printf("%s: ptr=%p, used=%d, sign=%d, size=%d, fpd=%d\n", |
wolfSSL | 15:117db924cf7c | 5037 | desc, a, a->used, a->sign, size, (int)sizeof(fp_digit)); |
wolfSSL | 15:117db924cf7c | 5038 | |
wolfSSL | 15:117db924cf7c | 5039 | mp_tohex(a, buffer); |
wolfSSL | 15:117db924cf7c | 5040 | printf(" %s\n ", buffer); |
wolfSSL | 15:117db924cf7c | 5041 | |
wolfSSL | 15:117db924cf7c | 5042 | if (verbose) { |
wolfSSL | 15:117db924cf7c | 5043 | int i; |
wolfSSL | 15:117db924cf7c | 5044 | for(i=0; i<size * (int)sizeof(fp_digit); i++) { |
wolfSSL | 15:117db924cf7c | 5045 | printf("%x ", *(((byte*)a->dp) + i)); |
wolfSSL | 15:117db924cf7c | 5046 | } |
wolfSSL | 15:117db924cf7c | 5047 | printf("\n"); |
wolfSSL | 15:117db924cf7c | 5048 | } |
wolfSSL | 15:117db924cf7c | 5049 | } |
wolfSSL | 15:117db924cf7c | 5050 | #endif /* WOLFSSL_DEBUG_MATH */ |
wolfSSL | 15:117db924cf7c | 5051 | |
wolfSSL | 16:8e0d178b1d1e | 5052 | #endif /* WC_MP_TO_RADIX */ |
wolfSSL | 15:117db924cf7c | 5053 | |
wolfSSL | 15:117db924cf7c | 5054 | |
wolfSSL | 15:117db924cf7c | 5055 | int mp_abs(mp_int* a, mp_int* b) |
wolfSSL | 15:117db924cf7c | 5056 | { |
wolfSSL | 15:117db924cf7c | 5057 | fp_abs(a, b); |
wolfSSL | 15:117db924cf7c | 5058 | return FP_OKAY; |
wolfSSL | 15:117db924cf7c | 5059 | } |
wolfSSL | 15:117db924cf7c | 5060 | |
wolfSSL | 15:117db924cf7c | 5061 | |
wolfSSL | 15:117db924cf7c | 5062 | int mp_lshd (mp_int * a, int b) |
wolfSSL | 15:117db924cf7c | 5063 | { |
wolfSSL | 15:117db924cf7c | 5064 | fp_lshd(a, b); |
wolfSSL | 15:117db924cf7c | 5065 | return FP_OKAY; |
wolfSSL | 15:117db924cf7c | 5066 | } |
wolfSSL | 15:117db924cf7c | 5067 | |
wolfSSL | 15:117db924cf7c | 5068 | #endif /* USE_FAST_MATH */ |
wolfSSL | 15:117db924cf7c | 5069 |