12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576777879808182838485868788899091929394959697989910010110210310410510610710810911011111211311411511611711811912012112212312412512612712812913013113213313413513613713813914014114214314414514614714814915015115215315415515615715815916016116216316416516616716816917017117217317417517617717817918018118218318418518618718818919019119219319419519619719819920020120220320420520620720820921021121221321421521621721821922022122222322422522622722822923023123223323423523623723823924024124224324424524624724824925025125225325425525625725825926026126226326426526626726826927027127227327427527627727827928028128228328428528628728828929029129229329429529629729829930030130230330430530630730830931031131231331431531631731831932032132232332432532632732832933033133233333433533633733833934034134234334434534634734834935035135235335435535635735835936036136236336436536636736836937037137237337437537637737837938038138238338438538638738838939039139239339439539639739839940040140240340440540640740840941041141241341441541641741841942042142242342442542642742842943043143243343443543643743843944044144244344444544644744844945045145245345445545645745845946046146246346446546646746846947047147247347447547647747847948048148248348448548648748848949049149249349449549649749849950050150250350450550650750850951051151251351451551651751851952052152252352452552652752852953053153253353453553653753853954054154254354454554654754854955055155255355455555655755855956056156256356456556656756856957057157257357457557657757857958058158258358458558658758858959059159259359459559659759859960060160260360460560660760860961061161261361461561661761861962062162262362462562662762862963063163263363463563663763863964064164264364464564664764864965065165265365465565665765865966066166266366466566666766866967067167267367467567667767867968068168268368468568668768868969069169269369469569669769869970070170270370470570670770870971071171271371471571671771871972072172272372472572672772872973073173273373473573673773873974074174274374474574674774874975075175275375475575675775875976076176276376476576676776876977077177277377477577677777877978078178278378478578678778878979079179279379479579679779879980080180280380480580680780880981081181281381481581681781881982082182282382482582682782882983083183283383483583683783883984084184284384484584684784884985085185285385485585685785885986086186286386486586686786886987087187287387487587687787887988088188288388488588688788888989089189289389489589689789889990090190290390490590690790890991091191291391491591691791891992092192292392492592692792892993093193293393493593693793893994094194294394494594694794894995095195295395495595695795895996096196296396496596696796896997097197297397497597697797897998098198298398498598698798898999099199299399499599699799899910001001100210031004100510061007100810091010101110121013101410151016101710181019102010211022102310241025102610271028102910301031103210331034103510361037103810391040104110421043104410451046104710481049105010511052105310541055105610571058105910601061106210631064106510661067106810691070107110721073107410751076107710781079108010811082108310841085108610871088108910901091109210931094109510961097109810991100110111021103110411051106110711081109111011111112111311141115111611171118111911201121112211231124112511261127112811291130113111321133113411351136113711381139114011411142114311441145114611471148114911501151115211531154115511561157115811591160116111621163116411651166116711681169117011711172117311741175117611771178117911801181118211831184118511861187118811891190119111921193119411951196119711981199120012011202120312041205120612071208120912101211121212131214121512161217121812191220122112221223122412251226122712281229123012311232123312341235123612371238123912401241124212431244124512461247124812491250125112521253125412551256125712581259126012611262126312641265126612671268126912701271127212731274127512761277127812791280128112821283128412851286128712881289129012911292129312941295129612971298129913001301130213031304130513061307130813091310131113121313131413151316131713181319132013211322132313241325132613271328132913301331133213331334133513361337133813391340134113421343134413451346134713481349135013511352135313541355135613571358135913601361136213631364136513661367136813691370137113721373137413751376137713781379138013811382138313841385138613871388138913901391139213931394139513961397139813991400140114021403140414051406140714081409141014111412141314141415141614171418141914201421142214231424142514261427142814291430143114321433143414351436143714381439144014411442144314441445144614471448144914501451145214531454145514561457145814591460146114621463146414651466146714681469147014711472147314741475147614771478147914801481148214831484148514861487148814891490149114921493149414951496149714981499150015011502150315041505150615071508150915101511151215131514151515161517151815191520152115221523152415251526152715281529153015311532153315341535153615371538153915401541154215431544154515461547154815491550155115521553155415551556155715581559156015611562156315641565156615671568156915701571157215731574157515761577157815791580158115821583158415851586158715881589159015911592159315941595159615971598159916001601160216031604160516061607160816091610161116121613161416151616161716181619162016211622162316241625162616271628162916301631163216331634163516361637163816391640164116421643164416451646164716481649165016511652165316541655165616571658165916601661166216631664166516661667166816691670167116721673167416751676167716781679168016811682168316841685168616871688168916901691169216931694169516961697169816991700170117021703170417051706170717081709171017111712171317141715171617171718171917201721172217231724172517261727172817291730173117321733173417351736173717381739174017411742174317441745174617471748174917501751175217531754175517561757175817591760176117621763176417651766176717681769177017711772177317741775177617771778177917801781178217831784178517861787178817891790179117921793179417951796179717981799180018011802180318041805180618071808180918101811181218131814181518161817181818191820182118221823182418251826182718281829183018311832183318341835183618371838183918401841184218431844184518461847184818491850185118521853185418551856185718581859186018611862186318641865186618671868186918701871187218731874187518761877187818791880188118821883188418851886188718881889189018911892189318941895189618971898189919001901190219031904190519061907190819091910191119121913191419151916191719181919192019211922192319241925192619271928192919301931193219331934193519361937193819391940194119421943194419451946194719481949195019511952195319541955195619571958195919601961196219631964196519661967196819691970197119721973197419751976197719781979198019811982198319841985198619871988198919901991199219931994199519961997199819992000200120022003200420052006200720082009201020112012201320142015201620172018201920202021202220232024202520262027202820292030203120322033203420352036203720382039204020412042204320442045204620472048204920502051205220532054205520562057205820592060206120622063206420652066206720682069207020712072207320742075207620772078207920802081208220832084208520862087208820892090209120922093209420952096209720982099210021012102210321042105210621072108210921102111211221132114211521162117211821192120212121222123212421252126212721282129213021312132213321342135213621372138213921402141214221432144214521462147214821492150215121522153215421552156215721582159216021612162216321642165216621672168216921702171217221732174217521762177217821792180218121822183218421852186218721882189219021912192219321942195219621972198219922002201220222032204220522062207220822092210221122122213221422152216221722182219222022212222222322242225222622272228222922302231223222332234223522362237223822392240224122422243224422452246224722482249225022512252225322542255225622572258225922602261226222632264226522662267226822692270227122722273227422752276227722782279228022812282228322842285228622872288228922902291229222932294229522962297229822992300230123022303230423052306230723082309231023112312231323142315231623172318231923202321232223232324232523262327232823292330233123322333233423352336233723382339234023412342234323442345234623472348234923502351235223532354235523562357235823592360236123622363236423652366236723682369237023712372237323742375237623772378237923802381238223832384238523862387238823892390239123922393239423952396239723982399240024012402240324042405240624072408240924102411241224132414241524162417241824192420242124222423242424252426242724282429243024312432243324342435243624372438243924402441244224432444244524462447244824492450245124522453245424552456245724582459246024612462246324642465246624672468246924702471247224732474247524762477247824792480248124822483248424852486248724882489249024912492249324942495249624972498249925002501250225032504250525062507250825092510251125122513251425152516251725182519252025212522252325242525252625272528252925302531253225332534253525362537253825392540254125422543254425452546254725482549255025512552255325542555255625572558255925602561256225632564256525662567256825692570257125722573257425752576257725782579258025812582258325842585258625872588258925902591259225932594259525962597259825992600260126022603260426052606260726082609261026112612261326142615261626172618261926202621262226232624262526262627262826292630263126322633263426352636263726382639264026412642264326442645264626472648264926502651265226532654265526562657265826592660266126622663266426652666266726682669267026712672267326742675267626772678267926802681268226832684268526862687268826892690269126922693269426952696269726982699270027012702270327042705270627072708270927102711271227132714271527162717271827192720272127222723272427252726272727282729273027312732273327342735273627372738273927402741274227432744274527462747274827492750275127522753275427552756275727582759276027612762276327642765276627672768276927702771277227732774277527762777277827792780278127822783278427852786278727882789279027912792279327942795279627972798279928002801280228032804280528062807280828092810281128122813281428152816281728182819282028212822282328242825282628272828282928302831283228332834283528362837283828392840284128422843284428452846284728482849285028512852285328542855285628572858285928602861286228632864286528662867286828692870287128722873287428752876287728782879288028812882288328842885288628872888288928902891289228932894289528962897289828992900290129022903290429052906290729082909291029112912291329142915291629172918291929202921292229232924292529262927292829292930293129322933293429352936293729382939294029412942294329442945294629472948294929502951295229532954295529562957295829592960296129622963296429652966296729682969297029712972297329742975297629772978297929802981298229832984298529862987298829892990299129922993299429952996299729982999300030013002300330043005300630073008300930103011301230133014301530163017301830193020302130223023302430253026302730283029303030313032303330343035303630373038303930403041304230433044304530463047304830493050305130523053305430553056305730583059306030613062306330643065306630673068306930703071307230733074307530763077307830793080308130823083308430853086308730883089309030913092309330943095309630973098309931003101310231033104310531063107310831093110311131123113311431153116311731183119312031213122312331243125312631273128312931303131313231333134313531363137313831393140314131423143314431453146314731483149315031513152315331543155315631573158315931603161316231633164316531663167316831693170317131723173317431753176317731783179318031813182318331843185318631873188318931903191319231933194319531963197319831993200320132023203320432053206320732083209321032113212321332143215321632173218321932203221322232233224322532263227322832293230323132323233323432353236323732383239324032413242324332443245324632473248324932503251325232533254325532563257325832593260326132623263326432653266326732683269327032713272327332743275327632773278327932803281328232833284328532863287328832893290329132923293329432953296329732983299330033013302330333043305330633073308330933103311331233133314331533163317331833193320332133223323332433253326332733283329333033313332333333343335333633373338333933403341334233433344334533463347334833493350335133523353335433553356335733583359336033613362336333643365336633673368336933703371337233733374337533763377337833793380338133823383338433853386338733883389339033913392339333943395339633973398339934003401340234033404340534063407340834093410341134123413341434153416341734183419342034213422342334243425342634273428342934303431343234333434343534363437343834393440344134423443344434453446344734483449345034513452345334543455345634573458345934603461346234633464346534663467346834693470347134723473347434753476347734783479348034813482348334843485348634873488348934903491349234933494349534963497349834993500350135023503350435053506350735083509351035113512351335143515351635173518351935203521352235233524352535263527352835293530353135323533353435353536353735383539354035413542354335443545354635473548354935503551355235533554355535563557355835593560356135623563356435653566356735683569357035713572357335743575357635773578357935803581358235833584358535863587358835893590359135923593359435953596359735983599360036013602360336043605360636073608360936103611361236133614361536163617361836193620362136223623362436253626362736283629363036313632363336343635363636373638363936403641364236433644364536463647364836493650365136523653365436553656365736583659366036613662366336643665366636673668366936703671367236733674367536763677367836793680368136823683368436853686368736883689369036913692369336943695369636973698369937003701370237033704370537063707370837093710371137123713371437153716371737183719372037213722372337243725372637273728372937303731373237333734373537363737373837393740374137423743374437453746374737483749375037513752375337543755375637573758375937603761376237633764376537663767376837693770377137723773377437753776377737783779378037813782378337843785378637873788378937903791379237933794379537963797379837993800380138023803380438053806380738083809381038113812381338143815381638173818381938203821382238233824382538263827382838293830383138323833383438353836383738383839384038413842384338443845384638473848384938503851385238533854385538563857385838593860386138623863386438653866386738683869387038713872387338743875387638773878387938803881388238833884388538863887388838893890389138923893389438953896389738983899390039013902390339043905390639073908390939103911391239133914391539163917391839193920392139223923392439253926392739283929393039313932393339343935393639373938393939403941394239433944394539463947394839493950395139523953395439553956395739583959396039613962396339643965396639673968396939703971397239733974397539763977397839793980398139823983398439853986398739883989399039913992399339943995399639973998399940004001400240034004400540064007400840094010401140124013401440154016401740184019402040214022402340244025402640274028402940304031403240334034403540364037403840394040404140424043404440454046404740484049405040514052405340544055405640574058405940604061406240634064406540664067406840694070407140724073407440754076407740784079408040814082408340844085408640874088408940904091409240934094409540964097409840994100410141024103410441054106410741084109411041114112411341144115411641174118411941204121412241234124412541264127412841294130413141324133413441354136413741384139414041414142414341444145414641474148414941504151415241534154415541564157415841594160416141624163416441654166416741684169417041714172417341744175417641774178417941804181418241834184418541864187418841894190419141924193419441954196419741984199420042014202420342044205420642074208420942104211421242134214421542164217421842194220422142224223422442254226422742284229423042314232423342344235423642374238423942404241424242434244424542464247424842494250425142524253425442554256425742584259426042614262426342644265426642674268426942704271427242734274427542764277427842794280428142824283428442854286428742884289429042914292429342944295429642974298429943004301430243034304430543064307430843094310431143124313431443154316431743184319432043214322432343244325432643274328432943304331433243334334433543364337433843394340434143424343434443454346434743484349435043514352435343544355435643574358435943604361436243634364436543664367436843694370437143724373437443754376437743784379438043814382438343844385438643874388438943904391439243934394439543964397439843994400440144024403440444054406440744084409441044114412441344144415441644174418441944204421442244234424442544264427442844294430443144324433443444354436443744384439444044414442444344444445444644474448444944504451445244534454445544564457445844594460446144624463446444654466446744684469447044714472447344744475447644774478447944804481448244834484448544864487448844894490449144924493449444954496449744984499450045014502450345044505450645074508450945104511451245134514451545164517451845194520452145224523452445254526452745284529453045314532453345344535453645374538453945404541454245434544454545464547454845494550455145524553455445554556455745584559456045614562456345644565456645674568456945704571457245734574457545764577457845794580458145824583458445854586458745884589459045914592459345944595459645974598459946004601460246034604460546064607460846094610461146124613461446154616461746184619462046214622462346244625462646274628462946304631463246334634463546364637463846394640464146424643464446454646464746484649465046514652465346544655465646574658465946604661466246634664466546664667466846694670467146724673467446754676467746784679468046814682468346844685468646874688468946904691469246934694469546964697469846994700470147024703470447054706470747084709471047114712471347144715471647174718471947204721472247234724472547264727472847294730473147324733473447354736473747384739474047414742474347444745474647474748474947504751475247534754475547564757475847594760476147624763476447654766476747684769477047714772477347744775477647774778477947804781478247834784478547864787478847894790479147924793479447954796479747984799480048014802480348044805480648074808480948104811481248134814481548164817481848194820482148224823482448254826482748284829483048314832483348344835483648374838483948404841484248434844484548464847484848494850485148524853485448554856485748584859486048614862486348644865486648674868486948704871487248734874487548764877487848794880488148824883488448854886488748884889489048914892489348944895489648974898489949004901490249034904490549064907490849094910491149124913491449154916491749184919492049214922492349244925492649274928492949304931493249334934493549364937493849394940494149424943494449454946494749484949495049514952495349544955495649574958495949604961496249634964496549664967496849694970497149724973497449754976497749784979498049814982498349844985498649874988498949904991499249934994499549964997499849995000500150025003500450055006500750085009501050115012501350145015501650175018501950205021502250235024502550265027502850295030503150325033503450355036503750385039504050415042504350445045504650475048504950505051505250535054505550565057505850595060506150625063506450655066506750685069507050715072507350745075507650775078507950805081508250835084508550865087508850895090509150925093509450955096509750985099510051015102510351045105510651075108510951105111511251135114511551165117511851195120512151225123512451255126512751285129513051315132513351345135513651375138513951405141514251435144514551465147514851495150515151525153515451555156515751585159516051615162516351645165516651675168516951705171517251735174517551765177517851795180518151825183518451855186518751885189519051915192519351945195519651975198519952005201520252035204520552065207520852095210521152125213521452155216521752185219522052215222522352245225522652275228522952305231523252335234523552365237523852395240524152425243524452455246524752485249525052515252525352545255525652575258525952605261526252635264526552665267526852695270527152725273527452755276527752785279528052815282528352845285528652875288528952905291529252935294529552965297529852995300530153025303530453055306530753085309531053115312531353145315531653175318531953205321532253235324532553265327532853295330533153325333533453355336533753385339534053415342534353445345534653475348534953505351535253535354535553565357535853595360536153625363536453655366536753685369537053715372537353745375537653775378537953805381538253835384538553865387538853895390539153925393539453955396539753985399540054015402540354045405540654075408540954105411541254135414541554165417541854195420542154225423542454255426542754285429543054315432543354345435543654375438543954405441544254435444544554465447544854495450545154525453545454555456545754585459546054615462546354645465546654675468546954705471547254735474547554765477547854795480548154825483548454855486548754885489549054915492549354945495549654975498549955005501550255035504550555065507550855095510551155125513551455155516551755185519552055215522552355245525552655275528552955305531553255335534553555365537553855395540554155425543554455455546554755485549555055515552555355545555555655575558555955605561556255635564556555665567556855695570557155725573557455755576557755785579558055815582558355845585558655875588558955905591559255935594559555965597559855995600560156025603560456055606560756085609561056115612561356145615561656175618561956205621562256235624562556265627562856295630563156325633563456355636563756385639564056415642564356445645564656475648564956505651565256535654565556565657565856595660566156625663566456655666566756685669567056715672567356745675567656775678567956805681568256835684568556865687568856895690569156925693569456955696569756985699570057015702570357045705570657075708570957105711571257135714571557165717571857195720572157225723572457255726572757285729573057315732573357345735573657375738573957405741574257435744574557465747574857495750575157525753575457555756575757585759576057615762576357645765576657675768576957705771577257735774577557765777577857795780578157825783578457855786578757885789579057915792579357945795579657975798579958005801580258035804580558065807580858095810581158125813581458155816581758185819582058215822582358245825582658275828582958305831583258335834583558365837583858395840584158425843584458455846584758485849585058515852585358545855585658575858585958605861586258635864586558665867586858695870587158725873587458755876587758785879588058815882588358845885588658875888588958905891589258935894589558965897589858995900590159025903590459055906590759085909591059115912591359145915591659175918591959205921592259235924592559265927592859295930593159325933593459355936593759385939594059415942594359445945594659475948594959505951595259535954595559565957595859595960596159625963596459655966596759685969597059715972597359745975597659775978597959805981598259835984598559865987598859895990599159925993599459955996599759985999600060016002600360046005600660076008600960106011601260136014601560166017601860196020602160226023602460256026602760286029603060316032603360346035603660376038603960406041604260436044604560466047604860496050605160526053605460556056605760586059606060616062606360646065606660676068606960706071607260736074607560766077607860796080608160826083608460856086608760886089609060916092609360946095609660976098609961006101610261036104610561066107610861096110611161126113611461156116611761186119612061216122612361246125612661276128612961306131613261336134613561366137613861396140614161426143614461456146614761486149615061516152615361546155615661576158615961606161616261636164616561666167616861696170617161726173617461756176617761786179618061816182618361846185618661876188618961906191619261936194619561966197619861996200620162026203620462056206620762086209621062116212621362146215621662176218621962206221622262236224622562266227622862296230623162326233623462356236623762386239624062416242624362446245624662476248624962506251625262536254625562566257625862596260626162626263626462656266626762686269627062716272627362746275627662776278627962806281628262836284628562866287628862896290629162926293629462956296629762986299630063016302630363046305630663076308630963106311631263136314631563166317631863196320632163226323632463256326632763286329633063316332633363346335633663376338633963406341634263436344634563466347634863496350635163526353635463556356635763586359636063616362636363646365636663676368636963706371637263736374637563766377637863796380638163826383638463856386638763886389639063916392639363946395639663976398639964006401640264036404640564066407640864096410641164126413641464156416641764186419642064216422642364246425642664276428642964306431643264336434643564366437643864396440644164426443644464456446644764486449645064516452645364546455645664576458645964606461646264636464646564666467646864696470647164726473647464756476647764786479648064816482648364846485648664876488648964906491649264936494649564966497649864996500650165026503650465056506650765086509651065116512651365146515651665176518651965206521652265236524652565266527652865296530653165326533653465356536653765386539654065416542654365446545654665476548654965506551655265536554655565566557655865596560656165626563656465656566656765686569657065716572657365746575657665776578657965806581658265836584658565866587658865896590659165926593659465956596659765986599660066016602660366046605660666076608660966106611661266136614661566166617661866196620662166226623662466256626662766286629663066316632663366346635663666376638663966406641664266436644664566466647664866496650665166526653665466556656665766586659666066616662666366646665666666676668666966706671667266736674667566766677667866796680668166826683668466856686668766886689669066916692669366946695669666976698669967006701670267036704670567066707670867096710671167126713671467156716671767186719672067216722672367246725672667276728672967306731673267336734673567366737673867396740674167426743674467456746674767486749675067516752675367546755675667576758675967606761676267636764676567666767676867696770677167726773677467756776677767786779678067816782678367846785678667876788678967906791679267936794679567966797679867996800680168026803680468056806680768086809681068116812681368146815681668176818681968206821682268236824682568266827682868296830683168326833683468356836683768386839684068416842684368446845684668476848684968506851685268536854685568566857685868596860686168626863686468656866686768686869687068716872687368746875687668776878687968806881688268836884688568866887688868896890689168926893689468956896689768986899690069016902690369046905690669076908690969106911691269136914691569166917691869196920692169226923692469256926692769286929693069316932693369346935693669376938693969406941694269436944694569466947694869496950695169526953695469556956695769586959696069616962696369646965696669676968696969706971697269736974697569766977697869796980698169826983698469856986698769886989699069916992699369946995699669976998699970007001700270037004700570067007700870097010701170127013701470157016701770187019702070217022702370247025702670277028702970307031703270337034703570367037703870397040704170427043704470457046704770487049705070517052705370547055705670577058705970607061706270637064706570667067706870697070707170727073707470757076707770787079708070817082708370847085708670877088708970907091709270937094709570967097709870997100710171027103710471057106710771087109711071117112711371147115711671177118711971207121712271237124712571267127712871297130713171327133713471357136713771387139714071417142714371447145714671477148714971507151715271537154715571567157715871597160716171627163716471657166716771687169717071717172717371747175717671777178717971807181718271837184718571867187718871897190719171927193719471957196719771987199720072017202720372047205720672077208720972107211721272137214721572167217721872197220722172227223722472257226722772287229723072317232723372347235723672377238723972407241724272437244724572467247724872497250725172527253725472557256725772587259726072617262726372647265726672677268726972707271727272737274727572767277727872797280728172827283728472857286728772887289729072917292729372947295729672977298729973007301730273037304730573067307730873097310731173127313731473157316731773187319732073217322732373247325732673277328732973307331733273337334733573367337733873397340734173427343734473457346734773487349735073517352735373547355735673577358735973607361736273637364736573667367736873697370737173727373737473757376737773787379738073817382738373847385738673877388738973907391739273937394739573967397739873997400740174027403740474057406740774087409741074117412741374147415741674177418741974207421742274237424742574267427742874297430743174327433743474357436743774387439744074417442744374447445744674477448744974507451745274537454745574567457745874597460746174627463746474657466746774687469747074717472747374747475747674777478747974807481748274837484748574867487748874897490749174927493749474957496749774987499750075017502750375047505750675077508750975107511751275137514751575167517751875197520752175227523752475257526752775287529753075317532753375347535753675377538753975407541754275437544754575467547754875497550755175527553755475557556755775587559756075617562756375647565756675677568756975707571757275737574757575767577757875797580758175827583758475857586758775887589759075917592759375947595759675977598759976007601760276037604760576067607760876097610761176127613761476157616761776187619762076217622762376247625762676277628762976307631763276337634763576367637763876397640764176427643764476457646764776487649765076517652765376547655765676577658765976607661766276637664766576667667766876697670767176727673767476757676767776787679768076817682768376847685768676877688768976907691769276937694769576967697769876997700770177027703770477057706770777087709771077117712771377147715771677177718771977207721772277237724772577267727772877297730773177327733773477357736773777387739774077417742774377447745774677477748774977507751775277537754775577567757775877597760776177627763776477657766776777687769777077717772777377747775777677777778777977807781778277837784778577867787778877897790779177927793779477957796779777987799780078017802780378047805780678077808780978107811781278137814781578167817781878197820782178227823782478257826782778287829783078317832783378347835783678377838783978407841784278437844784578467847784878497850785178527853785478557856785778587859786078617862786378647865786678677868786978707871787278737874787578767877787878797880788178827883788478857886788778887889789078917892789378947895789678977898789979007901790279037904790579067907790879097910791179127913791479157916791779187919792079217922792379247925792679277928792979307931793279337934793579367937793879397940794179427943794479457946794779487949795079517952795379547955795679577958795979607961796279637964796579667967796879697970797179727973797479757976797779787979798079817982798379847985798679877988798979907991799279937994799579967997799879998000800180028003800480058006800780088009801080118012801380148015801680178018801980208021802280238024802580268027802880298030803180328033803480358036803780388039804080418042804380448045804680478048804980508051805280538054805580568057805880598060806180628063806480658066806780688069807080718072807380748075807680778078807980808081808280838084808580868087808880898090809180928093809480958096809780988099810081018102810381048105810681078108810981108111811281138114811581168117811881198120812181228123812481258126812781288129813081318132813381348135813681378138813981408141814281438144814581468147814881498150815181528153815481558156815781588159816081618162816381648165816681678168816981708171817281738174817581768177817881798180818181828183818481858186818781888189819081918192819381948195819681978198819982008201820282038204820582068207820882098210821182128213821482158216821782188219822082218222822382248225822682278228822982308231823282338234823582368237823882398240824182428243824482458246824782488249825082518252825382548255825682578258825982608261826282638264826582668267826882698270827182728273827482758276827782788279828082818282828382848285828682878288828982908291829282938294829582968297829882998300830183028303830483058306830783088309831083118312831383148315831683178318831983208321832283238324832583268327832883298330833183328333833483358336833783388339834083418342834383448345834683478348834983508351835283538354835583568357835883598360836183628363836483658366836783688369837083718372837383748375837683778378837983808381838283838384838583868387838883898390839183928393839483958396839783988399840084018402840384048405840684078408840984108411841284138414841584168417841884198420842184228423842484258426842784288429843084318432843384348435843684378438843984408441844284438444844584468447844884498450845184528453845484558456845784588459846084618462846384648465846684678468846984708471847284738474847584768477847884798480848184828483848484858486848784888489849084918492849384948495849684978498849985008501850285038504850585068507850885098510851185128513851485158516851785188519852085218522852385248525852685278528852985308531853285338534853585368537853885398540854185428543854485458546854785488549855085518552855385548555855685578558855985608561856285638564856585668567856885698570857185728573857485758576857785788579858085818582858385848585858685878588858985908591859285938594859585968597859885998600860186028603860486058606860786088609861086118612861386148615861686178618861986208621862286238624862586268627862886298630863186328633863486358636863786388639864086418642864386448645864686478648864986508651865286538654865586568657865886598660866186628663866486658666866786688669867086718672867386748675867686778678867986808681868286838684868586868687868886898690869186928693869486958696869786988699870087018702870387048705870687078708870987108711871287138714871587168717871887198720872187228723872487258726872787288729873087318732873387348735873687378738873987408741874287438744874587468747874887498750875187528753875487558756875787588759876087618762876387648765876687678768876987708771877287738774877587768777877887798780878187828783878487858786878787888789879087918792879387948795879687978798879988008801880288038804880588068807880888098810881188128813881488158816881788188819882088218822882388248825882688278828882988308831883288338834883588368837883888398840884188428843884488458846884788488849885088518852885388548855885688578858885988608861886288638864886588668867886888698870887188728873887488758876887788788879888088818882888388848885888688878888888988908891889288938894889588968897889888998900890189028903890489058906890789088909891089118912891389148915891689178918891989208921892289238924892589268927892889298930893189328933893489358936893789388939894089418942894389448945894689478948894989508951895289538954895589568957895889598960896189628963896489658966896789688969897089718972897389748975897689778978897989808981898289838984898589868987898889898990899189928993899489958996899789988999900090019002900390049005900690079008900990109011901290139014901590169017901890199020902190229023902490259026902790289029903090319032903390349035903690379038903990409041904290439044904590469047904890499050905190529053905490559056905790589059906090619062906390649065906690679068906990709071907290739074907590769077907890799080908190829083908490859086908790889089909090919092909390949095909690979098909991009101910291039104910591069107910891099110911191129113911491159116911791189119912091219122912391249125912691279128912991309131913291339134913591369137913891399140914191429143914491459146914791489149915091519152915391549155915691579158915991609161916291639164916591669167916891699170917191729173917491759176917791789179918091819182918391849185918691879188918991909191919291939194919591969197919891999200920192029203920492059206920792089209921092119212921392149215921692179218921992209221922292239224922592269227922892299230923192329233923492359236923792389239924092419242924392449245924692479248924992509251925292539254925592569257925892599260926192629263926492659266926792689269927092719272927392749275927692779278927992809281928292839284928592869287928892899290929192929293929492959296929792989299930093019302930393049305930693079308930993109311931293139314931593169317931893199320932193229323932493259326932793289329933093319332933393349335933693379338933993409341934293439344934593469347934893499350935193529353935493559356935793589359936093619362936393649365936693679368936993709371937293739374937593769377937893799380938193829383938493859386938793889389939093919392939393949395939693979398939994009401940294039404940594069407940894099410941194129413941494159416941794189419942094219422942394249425942694279428942994309431943294339434943594369437943894399440944194429443944494459446944794489449945094519452945394549455945694579458945994609461946294639464946594669467946894699470947194729473947494759476947794789479948094819482948394849485948694879488948994909491949294939494949594969497949894999500950195029503950495059506950795089509951095119512951395149515951695179518951995209521952295239524952595269527952895299530953195329533953495359536953795389539954095419542954395449545954695479548954995509551955295539554955595569557955895599560956195629563956495659566956795689569957095719572957395749575957695779578957995809581958295839584958595869587958895899590959195929593959495959596959795989599960096019602960396049605960696079608960996109611961296139614961596169617961896199620962196229623962496259626962796289629963096319632963396349635963696379638963996409641964296439644964596469647964896499650965196529653965496559656965796589659966096619662966396649665966696679668966996709671967296739674967596769677967896799680968196829683968496859686968796889689969096919692969396949695969696979698969997009701970297039704970597069707970897099710971197129713971497159716971797189719972097219722972397249725972697279728972997309731973297339734973597369737973897399740974197429743974497459746974797489749975097519752975397549755975697579758975997609761976297639764976597669767976897699770977197729773977497759776977797789779978097819782978397849785978697879788978997909791979297939794979597969797979897999800980198029803980498059806980798089809981098119812981398149815981698179818981998209821982298239824982598269827982898299830983198329833983498359836983798389839984098419842984398449845984698479848984998509851985298539854985598569857985898599860986198629863986498659866986798689869987098719872987398749875987698779878987998809881988298839884988598869887988898899890989198929893989498959896989798989899990099019902990399049905990699079908990999109911991299139914991599169917991899199920992199229923992499259926992799289929993099319932993399349935993699379938993999409941994299439944994599469947994899499950995199529953995499559956995799589959996099619962996399649965996699679968996999709971997299739974997599769977997899799980998199829983998499859986998799889989999099919992999399949995999699979998999910000100011000210003100041000510006100071000810009100101001110012100131001410015100161001710018100191002010021100221002310024100251002610027100281002910030100311003210033100341003510036100371003810039100401004110042100431004410045100461004710048100491005010051100521005310054100551005610057100581005910060100611006210063100641006510066100671006810069100701007110072100731007410075100761007710078100791008010081100821008310084100851008610087100881008910090100911009210093100941009510096100971009810099101001010110102101031010410105101061010710108101091011010111101121011310114101151011610117101181011910120101211012210123101241012510126101271012810129101301013110132101331013410135101361013710138101391014010141101421014310144101451014610147101481014910150101511015210153101541015510156101571015810159101601016110162101631016410165101661016710168101691017010171101721017310174101751017610177101781017910180101811018210183101841018510186101871018810189101901019110192101931019410195101961019710198101991020010201102021020310204102051020610207102081020910210102111021210213102141021510216102171021810219102201022110222102231022410225102261022710228102291023010231102321023310234102351023610237102381023910240102411024210243102441024510246102471024810249102501025110252102531025410255102561025710258102591026010261102621026310264102651026610267102681026910270102711027210273102741027510276102771027810279102801028110282102831028410285102861028710288102891029010291102921029310294102951029610297102981029910300103011030210303103041030510306103071030810309103101031110312103131031410315103161031710318103191032010321103221032310324103251032610327103281032910330103311033210333103341033510336103371033810339103401034110342103431034410345103461034710348103491035010351103521035310354103551035610357103581035910360103611036210363103641036510366103671036810369103701037110372103731037410375103761037710378103791038010381103821038310384103851038610387103881038910390103911039210393103941039510396103971039810399104001040110402104031040410405104061040710408104091041010411104121041310414104151041610417104181041910420104211042210423104241042510426104271042810429104301043110432104331043410435104361043710438104391044010441104421044310444104451044610447104481044910450104511045210453104541045510456104571045810459104601046110462104631046410465104661046710468104691047010471104721047310474104751047610477104781047910480104811048210483104841048510486104871048810489104901049110492104931049410495104961049710498104991050010501105021050310504105051050610507105081050910510105111051210513105141051510516105171051810519105201052110522105231052410525105261052710528105291053010531105321053310534105351053610537105381053910540105411054210543105441054510546105471054810549105501055110552105531055410555105561055710558105591056010561105621056310564105651056610567105681056910570105711057210573105741057510576105771057810579105801058110582105831058410585105861058710588105891059010591105921059310594105951059610597105981059910600106011060210603106041060510606106071060810609106101061110612106131061410615106161061710618106191062010621106221062310624106251062610627106281062910630106311063210633106341063510636106371063810639106401064110642106431064410645106461064710648106491065010651106521065310654106551065610657106581065910660106611066210663106641066510666106671066810669106701067110672106731067410675106761067710678106791068010681106821068310684106851068610687106881068910690106911069210693106941069510696106971069810699107001070110702107031070410705107061070710708107091071010711107121071310714107151071610717107181071910720107211072210723107241072510726107271072810729107301073110732107331073410735107361073710738107391074010741107421074310744107451074610747107481074910750107511075210753107541075510756107571075810759107601076110762107631076410765107661076710768107691077010771107721077310774107751077610777107781077910780107811078210783107841078510786107871078810789107901079110792107931079410795107961079710798107991080010801108021080310804108051080610807108081080910810108111081210813108141081510816108171081810819108201082110822108231082410825108261082710828108291083010831108321083310834108351083610837108381083910840108411084210843108441084510846108471084810849108501085110852108531085410855108561085710858108591086010861108621086310864108651086610867108681086910870108711087210873108741087510876108771087810879108801088110882108831088410885108861088710888108891089010891108921089310894108951089610897108981089910900109011090210903109041090510906109071090810909109101091110912109131091410915109161091710918109191092010921109221092310924109251092610927109281092910930109311093210933109341093510936109371093810939109401094110942109431094410945109461094710948109491095010951109521095310954109551095610957109581095910960109611096210963109641096510966109671096810969109701097110972109731097410975109761097710978109791098010981109821098310984109851098610987109881098910990109911099210993109941099510996109971099810999110001100111002110031100411005110061100711008110091101011011110121101311014110151101611017110181101911020110211102211023110241102511026110271102811029110301103111032110331103411035110361103711038110391104011041110421104311044110451104611047110481104911050110511105211053110541105511056110571105811059110601106111062110631106411065110661106711068110691107011071110721107311074110751107611077110781107911080110811108211083110841108511086110871108811089110901109111092110931109411095110961109711098110991110011101111021110311104111051110611107111081110911110111111111211113111141111511116111171111811119111201112111122111231112411125111261112711128111291113011131111321113311134111351113611137111381113911140111411114211143111441114511146111471114811149111501115111152111531115411155111561115711158111591116011161111621116311164111651116611167111681116911170111711117211173111741117511176111771117811179111801118111182111831118411185111861118711188111891119011191111921119311194111951119611197111981119911200112011120211203112041120511206112071120811209112101121111212112131121411215112161121711218112191122011221112221122311224112251122611227112281122911230112311123211233112341123511236112371123811239112401124111242112431124411245112461124711248112491125011251112521125311254112551125611257112581125911260112611126211263112641126511266112671126811269112701127111272112731127411275112761127711278112791128011281112821128311284112851128611287112881128911290112911129211293112941129511296112971129811299113001130111302113031130411305113061130711308113091131011311113121131311314113151131611317113181131911320113211132211323113241132511326113271132811329113301133111332113331133411335113361133711338113391134011341113421134311344113451134611347113481134911350113511135211353113541135511356113571135811359113601136111362113631136411365113661136711368113691137011371113721137311374113751137611377113781137911380113811138211383113841138511386113871138811389113901139111392113931139411395113961139711398113991140011401114021140311404114051140611407114081140911410114111141211413114141141511416114171141811419114201142111422114231142411425114261142711428114291143011431114321143311434114351143611437114381143911440114411144211443114441144511446114471144811449114501145111452114531145411455114561145711458114591146011461114621146311464114651146611467114681146911470114711147211473114741147511476114771147811479114801148111482114831148411485114861148711488114891149011491114921149311494114951149611497114981149911500115011150211503115041150511506115071150811509115101151111512115131151411515115161151711518115191152011521115221152311524115251152611527115281152911530115311153211533115341153511536115371153811539115401154111542115431154411545115461154711548115491155011551115521155311554115551155611557115581155911560115611156211563115641156511566115671156811569115701157111572115731157411575115761157711578115791158011581115821158311584115851158611587115881158911590115911159211593115941159511596115971159811599116001160111602116031160411605116061160711608116091161011611116121161311614116151161611617116181161911620116211162211623116241162511626116271162811629116301163111632116331163411635116361163711638116391164011641116421164311644116451164611647116481164911650116511165211653116541165511656116571165811659116601166111662116631166411665116661166711668116691167011671116721167311674116751167611677116781167911680116811168211683116841168511686116871168811689116901169111692116931169411695116961169711698116991170011701117021170311704117051170611707117081170911710117111171211713117141171511716117171171811719117201172111722117231172411725117261172711728117291173011731117321173311734117351173611737117381173911740117411174211743117441174511746117471174811749117501175111752117531175411755117561175711758117591176011761117621176311764117651176611767117681176911770117711177211773117741177511776117771177811779117801178111782117831178411785117861178711788117891179011791117921179311794117951179611797117981179911800118011180211803118041180511806118071180811809118101181111812118131181411815118161181711818118191182011821118221182311824118251182611827118281182911830118311183211833118341183511836118371183811839118401184111842118431184411845118461184711848118491185011851118521185311854118551185611857118581185911860118611186211863118641186511866118671186811869118701187111872118731187411875118761187711878118791188011881118821188311884118851188611887118881188911890118911189211893118941189511896118971189811899119001190111902119031190411905119061190711908119091191011911119121191311914119151191611917119181191911920119211192211923119241192511926119271192811929119301193111932119331193411935119361193711938119391194011941119421194311944119451194611947119481194911950119511195211953119541195511956119571195811959119601196111962119631196411965119661196711968119691197011971119721197311974119751197611977119781197911980119811198211983119841198511986119871198811989119901199111992119931199411995119961199711998119991200012001120021200312004120051200612007120081200912010120111201212013120141201512016120171201812019120201202112022120231202412025120261202712028120291203012031120321203312034120351203612037120381203912040120411204212043120441204512046120471204812049120501205112052120531205412055120561205712058120591206012061120621206312064120651206612067120681206912070120711207212073120741207512076120771207812079120801208112082120831208412085120861208712088120891209012091120921209312094120951209612097120981209912100121011210212103121041210512106121071210812109121101211112112121131211412115121161211712118121191212012121121221212312124121251212612127121281212912130121311213212133121341213512136121371213812139121401214112142121431214412145121461214712148121491215012151121521215312154121551215612157121581215912160121611216212163121641216512166121671216812169121701217112172121731217412175121761217712178121791218012181121821218312184121851218612187121881218912190121911219212193121941219512196121971219812199122001220112202122031220412205122061220712208122091221012211122121221312214122151221612217122181221912220122211222212223122241222512226122271222812229122301223112232122331223412235122361223712238122391224012241122421224312244122451224612247122481224912250122511225212253122541225512256122571225812259122601226112262122631226412265122661226712268122691227012271122721227312274122751227612277122781227912280122811228212283122841228512286122871228812289122901229112292122931229412295122961229712298122991230012301123021230312304123051230612307123081230912310123111231212313123141231512316123171231812319123201232112322123231232412325123261232712328123291233012331123321233312334123351233612337123381233912340123411234212343123441234512346123471234812349123501235112352123531235412355123561235712358123591236012361123621236312364123651236612367123681236912370123711237212373123741237512376123771237812379123801238112382123831238412385123861238712388123891239012391123921239312394123951239612397123981239912400124011240212403124041240512406124071240812409124101241112412124131241412415124161241712418124191242012421124221242312424124251242612427124281242912430124311243212433124341243512436124371243812439124401244112442124431244412445124461244712448124491245012451124521245312454124551245612457124581245912460124611246212463124641246512466124671246812469124701247112472124731247412475124761247712478124791248012481124821248312484124851248612487124881248912490124911249212493124941249512496124971249812499125001250112502125031250412505125061250712508125091251012511125121251312514125151251612517125181251912520125211252212523125241252512526125271252812529125301253112532125331253412535125361253712538125391254012541125421254312544125451254612547125481254912550125511255212553125541255512556125571255812559125601256112562125631256412565125661256712568125691257012571125721257312574125751257612577125781257912580125811258212583125841258512586125871258812589125901259112592125931259412595125961259712598125991260012601126021260312604126051260612607126081260912610126111261212613126141261512616126171261812619126201262112622126231262412625126261262712628126291263012631126321263312634126351263612637126381263912640126411264212643126441264512646126471264812649126501265112652126531265412655126561265712658126591266012661126621266312664126651266612667126681266912670126711267212673126741267512676126771267812679126801268112682126831268412685126861268712688126891269012691126921269312694126951269612697126981269912700127011270212703127041270512706127071270812709127101271112712127131271412715127161271712718127191272012721127221272312724127251272612727127281272912730127311273212733127341273512736127371273812739127401274112742127431274412745127461274712748127491275012751127521275312754127551275612757127581275912760127611276212763127641276512766127671276812769127701277112772127731277412775127761277712778127791278012781127821278312784127851278612787127881278912790127911279212793127941279512796127971279812799128001280112802128031280412805128061280712808128091281012811128121281312814128151281612817128181281912820128211282212823128241282512826128271282812829128301283112832128331283412835128361283712838128391284012841128421284312844128451284612847128481284912850128511285212853128541285512856128571285812859128601286112862128631286412865128661286712868128691287012871128721287312874128751287612877128781287912880128811288212883128841288512886128871288812889128901289112892128931289412895128961289712898128991290012901129021290312904129051290612907129081290912910129111291212913129141291512916129171291812919129201292112922129231292412925129261292712928129291293012931129321293312934129351293612937129381293912940129411294212943129441294512946129471294812949129501295112952129531295412955129561295712958129591296012961129621296312964129651296612967129681296912970129711297212973129741297512976129771297812979129801298112982129831298412985129861298712988129891299012991129921299312994129951299612997129981299913000130011300213003130041300513006130071300813009130101301113012130131301413015130161301713018130191302013021130221302313024130251302613027130281302913030130311303213033130341303513036130371303813039130401304113042130431304413045130461304713048130491305013051130521305313054130551305613057130581305913060130611306213063130641306513066130671306813069130701307113072130731307413075130761307713078130791308013081130821308313084130851308613087130881308913090130911309213093130941309513096130971309813099131001310113102131031310413105131061310713108131091311013111131121311313114131151311613117131181311913120131211312213123131241312513126131271312813129131301313113132131331313413135131361313713138131391314013141131421314313144131451314613147131481314913150131511315213153131541315513156131571315813159131601316113162131631316413165131661316713168131691317013171131721317313174131751317613177131781317913180131811318213183131841318513186131871318813189131901319113192131931319413195131961319713198131991320013201132021320313204132051320613207132081320913210132111321213213132141321513216132171321813219132201322113222132231322413225132261322713228132291323013231132321323313234132351323613237132381323913240132411324213243132441324513246132471324813249132501325113252132531325413255132561325713258132591326013261132621326313264132651326613267132681326913270132711327213273132741327513276132771327813279132801328113282132831328413285132861328713288132891329013291132921329313294132951329613297132981329913300133011330213303133041330513306133071330813309133101331113312133131331413315133161331713318133191332013321133221332313324133251332613327133281332913330133311333213333133341333513336133371333813339133401334113342133431334413345133461334713348133491335013351133521335313354133551335613357133581335913360133611336213363133641336513366133671336813369133701337113372133731337413375133761337713378133791338013381133821338313384133851338613387133881338913390133911339213393133941339513396133971339813399134001340113402134031340413405134061340713408134091341013411134121341313414134151341613417134181341913420134211342213423134241342513426134271342813429134301343113432134331343413435134361343713438134391344013441134421344313444134451344613447134481344913450134511345213453134541345513456134571345813459134601346113462134631346413465134661346713468134691347013471134721347313474134751347613477134781347913480134811348213483134841348513486134871348813489134901349113492134931349413495134961349713498134991350013501135021350313504135051350613507135081350913510135111351213513135141351513516135171351813519135201352113522135231352413525135261352713528135291353013531135321353313534135351353613537135381353913540135411354213543135441354513546135471354813549135501355113552135531355413555135561355713558135591356013561135621356313564135651356613567135681356913570135711357213573135741357513576135771357813579135801358113582135831358413585135861358713588135891359013591135921359313594135951359613597135981359913600136011360213603136041360513606136071360813609136101361113612136131361413615136161361713618136191362013621136221362313624136251362613627136281362913630136311363213633136341363513636136371363813639136401364113642136431364413645136461364713648136491365013651136521365313654136551365613657136581365913660136611366213663136641366513666136671366813669136701367113672136731367413675136761367713678136791368013681136821368313684136851368613687136881368913690136911369213693136941369513696136971369813699137001370113702137031370413705137061370713708137091371013711137121371313714137151371613717137181371913720137211372213723137241372513726137271372813729137301373113732137331373413735137361373713738137391374013741137421374313744137451374613747137481374913750137511375213753137541375513756137571375813759137601376113762137631376413765137661376713768137691377013771137721377313774137751377613777137781377913780137811378213783137841378513786137871378813789137901379113792137931379413795137961379713798137991380013801138021380313804138051380613807138081380913810138111381213813138141381513816138171381813819138201382113822138231382413825138261382713828138291383013831138321383313834138351383613837138381383913840138411384213843138441384513846138471384813849138501385113852138531385413855138561385713858138591386013861138621386313864138651386613867138681386913870138711387213873138741387513876138771387813879138801388113882138831388413885138861388713888138891389013891138921389313894138951389613897138981389913900139011390213903139041390513906139071390813909139101391113912139131391413915139161391713918139191392013921139221392313924139251392613927139281392913930139311393213933139341393513936139371393813939139401394113942139431394413945139461394713948139491395013951139521395313954139551395613957139581395913960139611396213963139641396513966139671396813969139701397113972139731397413975139761397713978139791398013981139821398313984139851398613987139881398913990139911399213993139941399513996139971399813999140001400114002140031400414005140061400714008140091401014011140121401314014140151401614017140181401914020140211402214023140241402514026140271402814029140301403114032140331403414035140361403714038140391404014041140421404314044140451404614047140481404914050140511405214053140541405514056140571405814059140601406114062140631406414065140661406714068140691407014071140721407314074140751407614077140781407914080140811408214083140841408514086140871408814089140901409114092140931409414095140961409714098140991410014101141021410314104141051410614107141081410914110141111411214113141141411514116141171411814119141201412114122141231412414125141261412714128141291413014131141321413314134141351413614137141381413914140141411414214143141441414514146141471414814149141501415114152141531415414155141561415714158141591416014161141621416314164141651416614167141681416914170141711417214173141741417514176141771417814179141801418114182141831418414185141861418714188141891419014191141921419314194141951419614197141981419914200142011420214203142041420514206142071420814209142101421114212142131421414215142161421714218142191422014221142221422314224142251422614227142281422914230142311423214233142341423514236142371423814239142401424114242142431424414245142461424714248142491425014251142521425314254142551425614257142581425914260142611426214263142641426514266142671426814269142701427114272142731427414275142761427714278142791428014281142821428314284142851428614287142881428914290142911429214293142941429514296142971429814299143001430114302143031430414305143061430714308143091431014311143121431314314143151431614317143181431914320143211432214323143241432514326143271432814329143301433114332143331433414335143361433714338143391434014341143421434314344143451434614347143481434914350143511435214353143541435514356143571435814359143601436114362143631436414365143661436714368143691437014371143721437314374143751437614377143781437914380143811438214383143841438514386143871438814389143901439114392143931439414395143961439714398143991440014401144021440314404144051440614407144081440914410144111441214413144141441514416144171441814419144201442114422144231442414425144261442714428144291443014431144321443314434144351443614437144381443914440144411444214443144441444514446144471444814449144501445114452144531445414455144561445714458144591446014461144621446314464144651446614467144681446914470144711447214473144741447514476144771447814479144801448114482144831448414485144861448714488144891449014491144921449314494144951449614497144981449914500145011450214503145041450514506145071450814509145101451114512145131451414515145161451714518145191452014521145221452314524145251452614527145281452914530145311453214533145341453514536145371453814539145401454114542145431454414545145461454714548145491455014551145521455314554145551455614557145581455914560145611456214563145641456514566145671456814569145701457114572145731457414575145761457714578145791458014581145821458314584145851458614587145881458914590145911459214593145941459514596145971459814599146001460114602146031460414605146061460714608146091461014611146121461314614146151461614617146181461914620146211462214623146241462514626146271462814629146301463114632146331463414635146361463714638146391464014641146421464314644146451464614647146481464914650146511465214653146541465514656146571465814659146601466114662146631466414665146661466714668146691467014671146721467314674146751467614677146781467914680146811468214683146841468514686146871468814689146901469114692146931469414695146961469714698146991470014701147021470314704147051470614707147081470914710147111471214713147141471514716147171471814719147201472114722147231472414725147261472714728147291473014731147321473314734147351473614737147381473914740147411474214743147441474514746147471474814749147501475114752147531475414755147561475714758147591476014761147621476314764147651476614767147681476914770147711477214773147741477514776147771477814779147801478114782147831478414785147861478714788147891479014791147921479314794147951479614797147981479914800148011480214803148041480514806148071480814809148101481114812148131481414815148161481714818148191482014821148221482314824148251482614827148281482914830148311483214833148341483514836148371483814839148401484114842148431484414845148461484714848148491485014851148521485314854148551485614857148581485914860148611486214863148641486514866148671486814869148701487114872148731487414875148761487714878148791488014881148821488314884148851488614887148881488914890148911489214893148941489514896148971489814899149001490114902149031490414905149061490714908149091491014911149121491314914149151491614917149181491914920149211492214923149241492514926149271492814929149301493114932149331493414935149361493714938149391494014941149421494314944149451494614947149481494914950149511495214953149541495514956149571495814959149601496114962149631496414965149661496714968149691497014971149721497314974149751497614977149781497914980149811498214983149841498514986149871498814989149901499114992149931499414995149961499714998149991500015001150021500315004150051500615007150081500915010150111501215013150141501515016150171501815019150201502115022150231502415025150261502715028150291503015031150321503315034150351503615037150381503915040150411504215043150441504515046150471504815049150501505115052150531505415055150561505715058150591506015061150621506315064150651506615067150681506915070150711507215073150741507515076150771507815079150801508115082150831508415085150861508715088150891509015091150921509315094150951509615097150981509915100151011510215103151041510515106151071510815109151101511115112151131511415115151161511715118151191512015121151221512315124151251512615127151281512915130151311513215133151341513515136151371513815139151401514115142151431514415145151461514715148151491515015151151521515315154151551515615157151581515915160151611516215163151641516515166151671516815169151701517115172151731517415175151761517715178151791518015181151821518315184151851518615187151881518915190151911519215193151941519515196151971519815199152001520115202152031520415205152061520715208152091521015211152121521315214152151521615217152181521915220152211522215223152241522515226152271522815229152301523115232152331523415235152361523715238152391524015241152421524315244152451524615247152481524915250152511525215253152541525515256152571525815259152601526115262152631526415265152661526715268152691527015271152721527315274152751527615277152781527915280152811528215283152841528515286152871528815289152901529115292152931529415295152961529715298152991530015301153021530315304153051530615307153081530915310153111531215313153141531515316153171531815319153201532115322153231532415325153261532715328153291533015331153321533315334153351533615337153381533915340153411534215343153441534515346153471534815349153501535115352153531535415355153561535715358153591536015361153621536315364153651536615367153681536915370153711537215373153741537515376153771537815379153801538115382153831538415385153861538715388153891539015391153921539315394153951539615397153981539915400154011540215403154041540515406154071540815409154101541115412154131541415415154161541715418154191542015421154221542315424154251542615427154281542915430154311543215433154341543515436154371543815439154401544115442154431544415445154461544715448154491545015451154521545315454154551545615457154581545915460154611546215463154641546515466154671546815469154701547115472154731547415475154761547715478154791548015481154821548315484154851548615487154881548915490154911549215493154941549515496154971549815499155001550115502155031550415505155061550715508155091551015511155121551315514155151551615517155181551915520155211552215523155241552515526155271552815529155301553115532155331553415535155361553715538155391554015541155421554315544155451554615547155481554915550155511555215553155541555515556155571555815559155601556115562155631556415565155661556715568155691557015571155721557315574155751557615577155781557915580155811558215583155841558515586155871558815589155901559115592155931559415595155961559715598155991560015601156021560315604156051560615607156081560915610156111561215613156141561515616156171561815619156201562115622156231562415625156261562715628156291563015631156321563315634156351563615637156381563915640156411564215643156441564515646156471564815649156501565115652156531565415655156561565715658156591566015661156621566315664156651566615667156681566915670156711567215673156741567515676156771567815679156801568115682156831568415685156861568715688156891569015691156921569315694156951569615697156981569915700157011570215703157041570515706157071570815709157101571115712157131571415715157161571715718157191572015721157221572315724157251572615727157281572915730157311573215733157341573515736157371573815739157401574115742157431574415745157461574715748157491575015751157521575315754157551575615757157581575915760157611576215763157641576515766157671576815769157701577115772157731577415775157761577715778157791578015781157821578315784157851578615787157881578915790157911579215793157941579515796157971579815799158001580115802158031580415805158061580715808158091581015811158121581315814158151581615817158181581915820158211582215823158241582515826158271582815829158301583115832158331583415835158361583715838158391584015841158421584315844158451584615847158481584915850158511585215853158541585515856158571585815859158601586115862158631586415865158661586715868158691587015871158721587315874158751587615877158781587915880158811588215883158841588515886158871588815889158901589115892158931589415895158961589715898158991590015901159021590315904159051590615907159081590915910159111591215913159141591515916159171591815919159201592115922159231592415925159261592715928159291593015931159321593315934159351593615937159381593915940159411594215943159441594515946159471594815949159501595115952159531595415955159561595715958159591596015961159621596315964159651596615967159681596915970159711597215973159741597515976159771597815979159801598115982159831598415985159861598715988159891599015991159921599315994159951599615997159981599916000160011600216003160041600516006160071600816009160101601116012160131601416015160161601716018160191602016021160221602316024160251602616027160281602916030160311603216033160341603516036160371603816039160401604116042160431604416045160461604716048160491605016051160521605316054160551605616057160581605916060160611606216063160641606516066160671606816069160701607116072160731607416075160761607716078160791608016081160821608316084160851608616087160881608916090160911609216093160941609516096160971609816099161001610116102161031610416105161061610716108161091611016111161121611316114161151611616117161181611916120161211612216123161241612516126161271612816129161301613116132161331613416135161361613716138161391614016141161421614316144161451614616147161481614916150161511615216153161541615516156161571615816159161601616116162161631616416165161661616716168161691617016171161721617316174161751617616177161781617916180161811618216183161841618516186161871618816189161901619116192161931619416195161961619716198161991620016201162021620316204162051620616207162081620916210162111621216213162141621516216162171621816219162201622116222162231622416225162261622716228162291623016231162321623316234162351623616237162381623916240162411624216243162441624516246162471624816249162501625116252162531625416255162561625716258162591626016261162621626316264162651626616267162681626916270162711627216273162741627516276162771627816279162801628116282162831628416285162861628716288162891629016291162921629316294162951629616297162981629916300163011630216303163041630516306163071630816309163101631116312163131631416315163161631716318163191632016321163221632316324163251632616327163281632916330163311633216333163341633516336163371633816339163401634116342163431634416345163461634716348163491635016351163521635316354163551635616357163581635916360163611636216363163641636516366163671636816369163701637116372163731637416375163761637716378163791638016381163821638316384163851638616387163881638916390163911639216393163941639516396163971639816399164001640116402164031640416405164061640716408164091641016411164121641316414164151641616417164181641916420164211642216423164241642516426164271642816429164301643116432164331643416435164361643716438164391644016441164421644316444164451644616447164481644916450 |
- /* sp_int.c
- *
- * Copyright (C) 2006-2022 wolfSSL Inc.
- *
- * This file is part of wolfSSL.
- *
- * wolfSSL is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * wolfSSL is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
- */
- /* Implementation by Sean Parkinson. */
- /*
- DESCRIPTION
- This library provides single precision (SP) integer math functions.
- */
- #ifdef HAVE_CONFIG_H
- #include <config.h>
- #endif
- #include <wolfssl/wolfcrypt/settings.h>
- #if defined(WOLFSSL_SP_MATH) || defined(WOLFSSL_SP_MATH_ALL)
- #include <wolfssl/wolfcrypt/error-crypt.h>
- #ifdef NO_INLINE
- #include <wolfssl/wolfcrypt/misc.h>
- #else
- #define WOLFSSL_MISC_INCLUDED
- #include <wolfcrypt/src/misc.c>
- #endif
- /* SP Build Options:
- * WOLFSSL_HAVE_SP_RSA: Enable SP RSA support
- * WOLFSSL_HAVE_SP_DH: Enable SP DH support
- * WOLFSSL_HAVE_SP_ECC: Enable SP ECC support
- * WOLFSSL_SP_MATH: Use only single precision math and algorithms
- * it supports (no fastmath tfm.c or normal integer.c)
- * WOLFSSL_SP_MATH_ALL Implementation of all MP functions
- * (replacement for tfm.c and integer.c)
- * WOLFSSL_SP_SMALL: Use smaller version of code and avoid large
- * stack variables
- * WOLFSSL_SP_NO_MALLOC: Always use stack, no heap XMALLOC/XFREE allowed
- * WOLFSSL_SP_NO_2048: Disable RSA/DH 2048-bit support
- * WOLFSSL_SP_NO_3072: Disable RSA/DH 3072-bit support
- * WOLFSSL_SP_4096: Enable RSA/RH 4096-bit support
- * WOLFSSL_SP_NO_256 Disable ECC 256-bit SECP256R1 support
- * WOLFSSL_SP_384 Enable ECC 384-bit SECP384R1 support
- * WOLFSSL_SP_521 Enable ECC 521-bit SECP521R1 support
- * WOLFSSL_SP_ASM Enable assembly speedups (detect platform)
- * WOLFSSL_SP_X86_64_ASM Enable Intel x64 assembly implementation
- * WOLFSSL_SP_ARM32_ASM Enable Aarch32 assembly implementation
- * WOLFSSL_SP_ARM64_ASM Enable Aarch64 assembly implementation
- * WOLFSSL_SP_ARM_CORTEX_M_ASM Enable Cortex-M assembly implementation
- * WOLFSSL_SP_ARM_THUMB_ASM Enable ARM Thumb assembly implementation
- * (used with -mthumb)
- * WOLFSSL_SP_X86_64 Enable Intel x86 64-bit assembly speedups
- * WOLFSSL_SP_X86 Enable Intel x86 assembly speedups
- * WOLFSSL_SP_ARM64 Enable Aarch64 assembly speedups
- * WOLFSSL_SP_ARM32 Enable ARM32 assembly speedups
- * WOLFSSL_SP_ARM32_UDIV Enable word divide asm that uses UDIV instr
- * WOLFSSL_SP_ARM_THUMB Enable ARM Thumb assembly speedups
- * (explicitly uses register 'r7')
- * WOLFSSL_SP_PPC64 Enable PPC64 assembly speedups
- * WOLFSSL_SP_PPC Enable PPC assembly speedups
- * WOLFSSL_SP_MIPS64 Enable MIPS64 assembly speedups
- * WOLFSSL_SP_MIPS Enable MIPS assembly speedups
- * WOLFSSL_SP_RISCV64 Enable RISCV64 assembly speedups
- * WOLFSSL_SP_RISCV32 Enable RISCV32 assembly speedups
- * WOLFSSL_SP_S390X Enable S390X assembly speedups
- * SP_WORD_SIZE Force 32 or 64 bit mode
- * WOLFSSL_SP_NONBLOCK Enables "non blocking" mode for SP math, which
- * will return FP_WOULDBLOCK for long operations and function must be
- * called again until complete.
- * WOLFSSL_SP_FAST_NCT_EXPTMOD Enables the faster non-constant time modular
- * exponentation implementation.
- * WOLFSSL_SP_INT_NEGATIVE Enables negative values to be used.
- * WOLFSSL_SP_INT_DIGIT_ALIGN Enable when unaligned access of sp_int_digit
- * pointer is not allowed.
- * WOLFSSL_SP_NO_DYN_STACK Disable use of dynamic stack items.
- * Used with small code size and not small stack.
- * WOLFSSL_SP_FAST_MODEXP Allow fast mod_exp with small C code
- */
- /* TODO: WOLFSSL_SP_SMALL is incompatible with clang-12+ -Os. */
- #if defined(__clang__) && defined(__clang_major__) && \
- (__clang_major__ >= 12) && defined(WOLFSSL_SP_SMALL)
- #undef WOLFSSL_SP_SMALL
- #endif
- #include <wolfssl/wolfcrypt/sp_int.h>
- /* DECL_SP_INT: Declare one variable of type 'sp_int'. */
- #if (defined(WOLFSSL_SMALL_STACK) || defined(SP_ALLOC)) && \
- !defined(WOLFSSL_SP_NO_MALLOC)
- /* Declare a variable that will be assigned a value on XMALLOC. */
- #define DECL_SP_INT(n, s) \
- sp_int* n = NULL
- #else
- #if defined(__STDC_VERSION__) && (__STDC_VERSION__ >= 199901L) && \
- defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SP_NO_DYN_STACK)
- /* Declare a variable on the stack with the required data size. */
- #define DECL_SP_INT(n, s) \
- byte n##d[MP_INT_SIZEOF(s)]; \
- sp_int* n = (sp_int*)n##d
- #else
- /* Declare a variable on the stack. */
- #define DECL_SP_INT(n, s) \
- sp_int n[1]
- #endif
- #endif
- /* ALLOC_SP_INT: Allocate an 'sp_int' of reqired size. */
- #if (defined(WOLFSSL_SMALL_STACK) || defined(SP_ALLOC)) && \
- !defined(WOLFSSL_SP_NO_MALLOC)
- /* Dynamically allocate just enough data to support size. */
- #define ALLOC_SP_INT(n, s, err, h) \
- do { \
- if ((err) == MP_OKAY) { \
- (n) = (sp_int*)XMALLOC(MP_INT_SIZEOF(s), (h), DYNAMIC_TYPE_BIGINT); \
- if ((n) == NULL) { \
- (err) = MP_MEM; \
- } \
- } \
- } \
- while (0)
- /* Dynamically allocate just enough data to support size - and set size. */
- #define ALLOC_SP_INT_SIZE(n, s, err, h) \
- do { \
- ALLOC_SP_INT(n, s, err, h); \
- if ((err) == MP_OKAY) { \
- (n)->size = (s); \
- } \
- } \
- while (0)
- #else
- /* Array declared on stack - nothing to do. */
- #define ALLOC_SP_INT(n, s, err, h)
- /* Array declared on stack - set the size field. */
- #define ALLOC_SP_INT_SIZE(n, s, err, h) \
- n->size = s;
- #endif
- /* FREE_SP_INT: Free an 'sp_int' variable. */
- #if (defined(WOLFSSL_SMALL_STACK) || defined(SP_ALLOC)) && \
- !defined(WOLFSSL_SP_NO_MALLOC)
- /* Free dynamically allocated data. */
- #define FREE_SP_INT(n, h) \
- do { \
- if ((n) != NULL) { \
- XFREE(n, h, DYNAMIC_TYPE_BIGINT); \
- } \
- } \
- while (0)
- #else
- /* Nothing to do as declared on stack. */
- #define FREE_SP_INT(n, h)
- #endif
- /* DECL_SP_INT_ARRAY: Declare array of 'sp_int'. */
- #if (defined(WOLFSSL_SMALL_STACK) || defined(SP_ALLOC)) && \
- !defined(WOLFSSL_SP_NO_MALLOC)
- /* Declare a variable that will be assigned a value on XMALLOC. */
- #define DECL_SP_INT_ARRAY(n, s, c) \
- sp_int* n##d = NULL; \
- sp_int* (n)[c] = { NULL, }
- #else
- #if defined(__STDC_VERSION__) && (__STDC_VERSION__ >= 199901L) && \
- defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SP_NO_DYN_STACK)
- /* Declare a variable on the stack with the required data size. */
- #define DECL_SP_INT_ARRAY(n, s, c) \
- byte n##d[MP_INT_SIZEOF(s) * (c)]; \
- sp_int* (n)[c]
- #else
- /* Declare a variable on the stack. */
- #define DECL_SP_INT_ARRAY(n, s, c) \
- sp_int n##d[c]; \
- sp_int* (n)[c]
- #endif
- #endif
- /* ALLOC_SP_INT_ARRAY: Allocate an array of 'sp_int's of reqired size. */
- #if (defined(WOLFSSL_SMALL_STACK) || defined(SP_ALLOC)) && \
- !defined(WOLFSSL_SP_NO_MALLOC)
- /* Dynamically allocate just enough data to support multiple sp_ints of the
- * required size. Use pointers into data to make up array and set sizes.
- */
- #define ALLOC_SP_INT_ARRAY(n, s, c, err, h) \
- do { \
- if ((err) == MP_OKAY) { \
- n##d = (sp_int*)XMALLOC(MP_INT_SIZEOF(s) * (c), (h), \
- DYNAMIC_TYPE_BIGINT); \
- if (n##d == NULL) { \
- (err) = MP_MEM; \
- } \
- else { \
- int n##ii; \
- (n)[0] = n##d; \
- (n)[0]->size = (s); \
- for (n##ii = 1; n##ii < (c); n##ii++) { \
- (n)[n##ii] = MP_INT_NEXT((n)[n##ii-1], s); \
- (n)[n##ii]->size = (s); \
- } \
- } \
- } \
- } \
- while (0)
- #else
- #if defined(__STDC_VERSION__) && (__STDC_VERSION__ >= 199901L) && \
- defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SP_NO_DYN_STACK)
- /* Data declared on stack that supports multiple sp_ints of the
- * required size. Use pointers into data to make up array and set sizes.
- */
- #define ALLOC_SP_INT_ARRAY(n, s, c, err, h) \
- do { \
- if ((err) == MP_OKAY) { \
- int n##ii; \
- (n)[0] = (sp_int*)n##d; \
- (n)[0]->size = (s); \
- for (n##ii = 1; n##ii < (c); n##ii++) { \
- (n)[n##ii] = MP_INT_NEXT((n)[n##ii-1], s); \
- (n)[n##ii]->size = (s); \
- } \
- } \
- } \
- while (0)
- #else
- /* Data declared on stack that supports multiple sp_ints of the
- * required size. Set into array and set sizes.
- */
- #define ALLOC_SP_INT_ARRAY(n, s, c, err, h) \
- do { \
- if ((err) == MP_OKAY) { \
- int n##ii; \
- for (n##ii = 0; n##ii < (c); n##ii++) { \
- (n)[n##ii] = &n##d[n##ii]; \
- (n)[n##ii]->size = (s); \
- } \
- } \
- } \
- while (0)
- #endif
- #endif
- /* FREE_SP_INT_ARRAY: Free an array of 'sp_int'. */
- #if (defined(WOLFSSL_SMALL_STACK) || defined(SP_ALLOC)) && \
- !defined(WOLFSSL_SP_NO_MALLOC)
- /* Free data variable that was dynamically allocated. */
- #define FREE_SP_INT_ARRAY(n, h) \
- do { \
- if (n##d != NULL) { \
- XFREE(n##d, h, DYNAMIC_TYPE_BIGINT); \
- } \
- } \
- while (0)
- #else
- /* Nothing to do as data declared on stack. */
- #define FREE_SP_INT_ARRAY(n, h)
- #endif
- #ifndef WOLFSSL_NO_ASM
- #ifdef __IAR_SYSTEMS_ICC__
- #define __asm__ asm
- #define __volatile__ volatile
- #endif /* __IAR_SYSTEMS_ICC__ */
- #ifdef __KEIL__
- #define __asm__ __asm
- #define __volatile__ volatile
- #endif
- #if defined(WOLFSSL_SP_X86_64) && SP_WORD_SIZE == 64
- /*
- * CPU: x86_64
- */
- /* Multiply va by vb and store double size result in: vh | vl */
- #define SP_ASM_MUL(vl, vh, va, vb) \
- __asm__ __volatile__ ( \
- "movq %[b], %%rax \n\t" \
- "mulq %[a] \n\t" \
- "movq %%rax, %[l] \n\t" \
- "movq %%rdx, %[h] \n\t" \
- : [h] "+r" (vh), [l] "+r" (vl) \
- : [a] "m" (va), [b] "m" (vb) \
- : "memory", "%rax", "%rdx", "cc" \
- )
- /* Multiply va by vb and store double size result in: vo | vh | vl */
- #define SP_ASM_MUL_SET(vl, vh, vo, va, vb) \
- __asm__ __volatile__ ( \
- "movq %[b], %%rax \n\t" \
- "mulq %[a] \n\t" \
- "movq $0 , %[o] \n\t" \
- "movq %%rax, %[l] \n\t" \
- "movq %%rdx, %[h] \n\t" \
- : [l] "+r" (vl), [h] "+r" (vh), [o] "=r" (vo) \
- : [a] "m" (va), [b] "m" (vb) \
- : "%rax", "%rdx", "cc" \
- )
- /* Multiply va by vb and add double size result into: vo | vh | vl */
- #define SP_ASM_MUL_ADD(vl, vh, vo, va, vb) \
- __asm__ __volatile__ ( \
- "movq %[b], %%rax \n\t" \
- "mulq %[a] \n\t" \
- "addq %%rax, %[l] \n\t" \
- "adcq %%rdx, %[h] \n\t" \
- "adcq $0 , %[o] \n\t" \
- : [l] "+r" (vl), [h] "+r" (vh), [o] "+r" (vo) \
- : [a] "m" (va), [b] "m" (vb) \
- : "%rax", "%rdx", "cc" \
- )
- /* Multiply va by vb and add double size result into: vh | vl */
- #define SP_ASM_MUL_ADD_NO(vl, vh, va, vb) \
- __asm__ __volatile__ ( \
- "movq %[b], %%rax \n\t" \
- "mulq %[a] \n\t" \
- "addq %%rax, %[l] \n\t" \
- "adcq %%rdx, %[h] \n\t" \
- : [l] "+r" (vl), [h] "+r" (vh) \
- : [a] "m" (va), [b] "m" (vb) \
- : "%rax", "%rdx", "cc" \
- )
- /* Multiply va by vb and add double size result twice into: vo | vh | vl */
- #define SP_ASM_MUL_ADD2(vl, vh, vo, va, vb) \
- __asm__ __volatile__ ( \
- "movq %[b], %%rax \n\t" \
- "mulq %[a] \n\t" \
- "addq %%rax, %[l] \n\t" \
- "adcq %%rdx, %[h] \n\t" \
- "adcq $0 , %[o] \n\t" \
- "addq %%rax, %[l] \n\t" \
- "adcq %%rdx, %[h] \n\t" \
- "adcq $0 , %[o] \n\t" \
- : [l] "+r" (vl), [h] "+r" (vh), [o] "+r" (vo) \
- : [a] "m" (va), [b] "m" (vb) \
- : "%rax", "%rdx", "cc" \
- )
- /* Multiply va by vb and add double size result twice into: vo | vh | vl
- * Assumes first add will not overflow vh | vl
- */
- #define SP_ASM_MUL_ADD2_NO(vl, vh, vo, va, vb) \
- __asm__ __volatile__ ( \
- "movq %[b], %%rax \n\t" \
- "mulq %[a] \n\t" \
- "addq %%rax, %[l] \n\t" \
- "adcq %%rdx, %[h] \n\t" \
- "addq %%rax, %[l] \n\t" \
- "adcq %%rdx, %[h] \n\t" \
- "adcq $0 , %[o] \n\t" \
- : [l] "+r" (vl), [h] "+r" (vh), [o] "+r" (vo) \
- : [a] "m" (va), [b] "m" (vb) \
- : "%rax", "%rdx", "cc" \
- )
- /* Square va and store double size result in: vh | vl */
- #define SP_ASM_SQR(vl, vh, va) \
- __asm__ __volatile__ ( \
- "movq %[a], %%rax \n\t" \
- "mulq %%rax \n\t" \
- "movq %%rax, %[l] \n\t" \
- "movq %%rdx, %[h] \n\t" \
- : [h] "+r" (vh), [l] "+r" (vl) \
- : [a] "m" (va) \
- : "memory", "%rax", "%rdx", "cc" \
- )
- /* Square va and add double size result into: vo | vh | vl */
- #define SP_ASM_SQR_ADD(vl, vh, vo, va) \
- __asm__ __volatile__ ( \
- "movq %[a], %%rax \n\t" \
- "mulq %%rax \n\t" \
- "addq %%rax, %[l] \n\t" \
- "adcq %%rdx, %[h] \n\t" \
- "adcq $0 , %[o] \n\t" \
- : [l] "+r" (vl), [h] "+r" (vh), [o] "+r" (vo) \
- : [a] "m" (va) \
- : "%rax", "%rdx", "cc" \
- )
- /* Square va and add double size result into: vh | vl */
- #define SP_ASM_SQR_ADD_NO(vl, vh, va) \
- __asm__ __volatile__ ( \
- "movq %[a], %%rax \n\t" \
- "mulq %%rax \n\t" \
- "addq %%rax, %[l] \n\t" \
- "adcq %%rdx, %[h] \n\t" \
- : [l] "+r" (vl), [h] "+r" (vh) \
- : [a] "m" (va) \
- : "%rax", "%rdx", "cc" \
- )
- /* Add va into: vh | vl */
- #define SP_ASM_ADDC(vl, vh, va) \
- __asm__ __volatile__ ( \
- "addq %[a], %[l] \n\t" \
- "adcq $0 , %[h] \n\t" \
- : [l] "+r" (vl), [h] "+r" (vh) \
- : [a] "m" (va) \
- : "cc" \
- )
- /* Add va, variable in a register, into: vh | vl */
- #define SP_ASM_ADDC_REG(vl, vh, va) \
- __asm__ __volatile__ ( \
- "addq %[a], %[l] \n\t" \
- "adcq $0 , %[h] \n\t" \
- : [l] "+r" (vl), [h] "+r" (vh) \
- : [a] "r" (va) \
- : "cc" \
- )
- /* Sub va from: vh | vl */
- #define SP_ASM_SUBC(vl, vh, va) \
- __asm__ __volatile__ ( \
- "subq %[a], %[l] \n\t" \
- "sbbq $0 , %[h] \n\t" \
- : [l] "+r" (vl), [h] "+r" (vh) \
- : [a] "m" (va) \
- : "cc" \
- )
- /* Add two times vc | vb | va into vo | vh | vl */
- #define SP_ASM_ADD_DBL_3(vl, vh, vo, va, vb, vc) \
- __asm__ __volatile__ ( \
- "addq %[a], %[l] \n\t" \
- "adcq %[b], %[h] \n\t" \
- "adcq %[c], %[o] \n\t" \
- "addq %[a], %[l] \n\t" \
- "adcq %[b], %[h] \n\t" \
- "adcq %[c], %[o] \n\t" \
- : [l] "+r" (vl), [h] "+r" (vh), [o] "+r" (vo) \
- : [a] "r" (va), [b] "r" (vb), [c] "r" (vc) \
- : "%rax", "%rdx", "cc" \
- )
- #ifndef WOLFSSL_SP_DIV_WORD_HALF
- /* Divide a two digit number by a digit number and return. (hi | lo) / d
- *
- * Using divq instruction on Intel x64.
- *
- * @param [in] hi SP integer digit. High digit of the dividend.
- * @param [in] lo SP integer digit. Lower digit of the dividend.
- * @param [in] d SP integer digit. Number to divide by.
- * @return The division result.
- */
- static WC_INLINE sp_int_digit sp_div_word(sp_int_digit hi, sp_int_digit lo,
- sp_int_digit d)
- {
- __asm__ __volatile__ (
- "divq %2"
- : "+a" (lo)
- : "d" (hi), "r" (d)
- : "cc"
- );
- return lo;
- }
- #define SP_ASM_DIV_WORD
- #endif
- #define SP_INT_ASM_AVAILABLE
- #endif /* WOLFSSL_SP_X86_64 && SP_WORD_SIZE == 64 */
- #if defined(WOLFSSL_SP_X86) && SP_WORD_SIZE == 32
- /*
- * CPU: x86
- */
- /* Multiply va by vb and store double size result in: vh | vl */
- #define SP_ASM_MUL(vl, vh, va, vb) \
- __asm__ __volatile__ ( \
- "movl %[b], %%eax \n\t" \
- "mull %[a] \n\t" \
- "movl %%eax, %[l] \n\t" \
- "movl %%edx, %[h] \n\t" \
- : [h] "+r" (vh), [l] "+r" (vl) \
- : [a] "m" (va), [b] "m" (vb) \
- : "memory", "eax", "edx", "cc" \
- )
- /* Multiply va by vb and store double size result in: vo | vh | vl */
- #define SP_ASM_MUL_SET(vl, vh, vo, va, vb) \
- __asm__ __volatile__ ( \
- "movl %[b], %%eax \n\t" \
- "mull %[a] \n\t" \
- "movl $0 , %[o] \n\t" \
- "movl %%eax, %[l] \n\t" \
- "movl %%edx, %[h] \n\t" \
- : [l] "+r" (vl), [h] "+r" (vh), [o] "=r" (vo) \
- : [a] "m" (va), [b] "m" (vb) \
- : "eax", "edx", "cc" \
- )
- /* Multiply va by vb and add double size result into: vo | vh | vl */
- #define SP_ASM_MUL_ADD(vl, vh, vo, va, vb) \
- __asm__ __volatile__ ( \
- "movl %[b], %%eax \n\t" \
- "mull %[a] \n\t" \
- "addl %%eax, %[l] \n\t" \
- "adcl %%edx, %[h] \n\t" \
- "adcl $0 , %[o] \n\t" \
- : [l] "+rm" (vl), [h] "+rm" (vh), [o] "+rm" (vo) \
- : [a] "r" (va), [b] "r" (vb) \
- : "eax", "edx", "cc" \
- )
- /* Multiply va by vb and add double size result into: vh | vl */
- #define SP_ASM_MUL_ADD_NO(vl, vh, va, vb) \
- __asm__ __volatile__ ( \
- "movl %[b], %%eax \n\t" \
- "mull %[a] \n\t" \
- "addl %%eax, %[l] \n\t" \
- "adcl %%edx, %[h] \n\t" \
- : [l] "+r" (vl), [h] "+r" (vh) \
- : [a] "m" (va), [b] "m" (vb) \
- : "eax", "edx", "cc" \
- )
- /* Multiply va by vb and add double size result twice into: vo | vh | vl */
- #define SP_ASM_MUL_ADD2(vl, vh, vo, va, vb) \
- __asm__ __volatile__ ( \
- "movl %[b], %%eax \n\t" \
- "mull %[a] \n\t" \
- "addl %%eax, %[l] \n\t" \
- "adcl %%edx, %[h] \n\t" \
- "adcl $0 , %[o] \n\t" \
- "addl %%eax, %[l] \n\t" \
- "adcl %%edx, %[h] \n\t" \
- "adcl $0 , %[o] \n\t" \
- : [l] "+rm" (vl), [h] "+rm" (vh), [o] "+rm" (vo) \
- : [a] "r" (va), [b] "r" (vb) \
- : "eax", "edx", "cc" \
- )
- /* Multiply va by vb and add double size result twice into: vo | vh | vl
- * Assumes first add will not overflow vh | vl
- */
- #define SP_ASM_MUL_ADD2_NO(vl, vh, vo, va, vb) \
- __asm__ __volatile__ ( \
- "movl %[b], %%eax \n\t" \
- "mull %[a] \n\t" \
- "addl %%eax, %[l] \n\t" \
- "adcl %%edx, %[h] \n\t" \
- "addl %%eax, %[l] \n\t" \
- "adcl %%edx, %[h] \n\t" \
- "adcl $0 , %[o] \n\t" \
- : [l] "+r" (vl), [h] "+r" (vh), [o] "+r" (vo) \
- : [a] "m" (va), [b] "m" (vb) \
- : "eax", "edx", "cc" \
- )
- /* Square va and store double size result in: vh | vl */
- #define SP_ASM_SQR(vl, vh, va) \
- __asm__ __volatile__ ( \
- "movl %[a], %%eax \n\t" \
- "mull %%eax \n\t" \
- "movl %%eax, %[l] \n\t" \
- "movl %%edx, %[h] \n\t" \
- : [h] "+r" (vh), [l] "+r" (vl) \
- : [a] "m" (va) \
- : "memory", "eax", "edx", "cc" \
- )
- /* Square va and add double size result into: vo | vh | vl */
- #define SP_ASM_SQR_ADD(vl, vh, vo, va) \
- __asm__ __volatile__ ( \
- "movl %[a], %%eax \n\t" \
- "mull %%eax \n\t" \
- "addl %%eax, %[l] \n\t" \
- "adcl %%edx, %[h] \n\t" \
- "adcl $0 , %[o] \n\t" \
- : [l] "+rm" (vl), [h] "+rm" (vh), [o] "+rm" (vo) \
- : [a] "m" (va) \
- : "eax", "edx", "cc" \
- )
- /* Square va and add double size result into: vh | vl */
- #define SP_ASM_SQR_ADD_NO(vl, vh, va) \
- __asm__ __volatile__ ( \
- "movl %[a], %%eax \n\t" \
- "mull %%eax \n\t" \
- "addl %%eax, %[l] \n\t" \
- "adcl %%edx, %[h] \n\t" \
- : [l] "+r" (vl), [h] "+r" (vh) \
- : [a] "m" (va) \
- : "eax", "edx", "cc" \
- )
- /* Add va into: vh | vl */
- #define SP_ASM_ADDC(vl, vh, va) \
- __asm__ __volatile__ ( \
- "addl %[a], %[l] \n\t" \
- "adcl $0 , %[h] \n\t" \
- : [l] "+r" (vl), [h] "+r" (vh) \
- : [a] "m" (va) \
- : "cc" \
- )
- /* Add va, variable in a register, into: vh | vl */
- #define SP_ASM_ADDC_REG(vl, vh, va) \
- __asm__ __volatile__ ( \
- "addl %[a], %[l] \n\t" \
- "adcl $0 , %[h] \n\t" \
- : [l] "+r" (vl), [h] "+r" (vh) \
- : [a] "r" (va) \
- : "cc" \
- )
- /* Sub va from: vh | vl */
- #define SP_ASM_SUBC(vl, vh, va) \
- __asm__ __volatile__ ( \
- "subl %[a], %[l] \n\t" \
- "sbbl $0 , %[h] \n\t" \
- : [l] "+r" (vl), [h] "+r" (vh) \
- : [a] "m" (va) \
- : "cc" \
- )
- /* Add two times vc | vb | va into vo | vh | vl */
- #define SP_ASM_ADD_DBL_3(vl, vh, vo, va, vb, vc) \
- __asm__ __volatile__ ( \
- "addl %[a], %[l] \n\t" \
- "adcl %[b], %[h] \n\t" \
- "adcl %[c], %[o] \n\t" \
- "addl %[a], %[l] \n\t" \
- "adcl %[b], %[h] \n\t" \
- "adcl %[c], %[o] \n\t" \
- : [l] "+r" (vl), [h] "+r" (vh), [o] "+r" (vo) \
- : [a] "r" (va), [b] "r" (vb), [c] "r" (vc) \
- : "cc" \
- )
- #ifndef WOLFSSL_SP_DIV_WORD_HALF
- /* Divide a two digit number by a digit number and return. (hi | lo) / d
- *
- * Using divl instruction on Intel x64.
- *
- * @param [in] hi SP integer digit. High digit of the dividend.
- * @param [in] lo SP integer digit. Lower digit of the dividend.
- * @param [in] d SP integer digit. Number to divide by.
- * @return The division result.
- */
- static WC_INLINE sp_int_digit sp_div_word(sp_int_digit hi, sp_int_digit lo,
- sp_int_digit d)
- {
- __asm__ __volatile__ (
- "divl %2"
- : "+a" (lo)
- : "d" (hi), "r" (d)
- : "cc"
- );
- return lo;
- }
- #define SP_ASM_DIV_WORD
- #endif
- #define SP_INT_ASM_AVAILABLE
- #endif /* WOLFSSL_SP_X86 && SP_WORD_SIZE == 32 */
- #if defined(WOLFSSL_SP_ARM64) && SP_WORD_SIZE == 64
- /*
- * CPU: Aarch64
- */
- /* Multiply va by vb and store double size result in: vh | vl */
- #define SP_ASM_MUL(vl, vh, va, vb) \
- __asm__ __volatile__ ( \
- "mul %[l], %[a], %[b] \n\t" \
- "umulh %[h], %[a], %[b] \n\t" \
- : [h] "+r" (vh), [l] "+r" (vl) \
- : [a] "r" (va), [b] "r" (vb) \
- : "memory", "cc" \
- )
- /* Multiply va by vb and store double size result in: vo | vh | vl */
- #define SP_ASM_MUL_SET(vl, vh, vo, va, vb) \
- __asm__ __volatile__ ( \
- "mul x8, %[a], %[b] \n\t" \
- "umulh %[h], %[a], %[b] \n\t" \
- "mov %[l], x8 \n\t" \
- "mov %[o], xzr \n\t" \
- : [l] "+r" (vl), [h] "+r" (vh), [o] "=r" (vo) \
- : [a] "r" (va), [b] "r" (vb) \
- : "x8" \
- )
- /* Multiply va by vb and add double size result into: vo | vh | vl */
- #define SP_ASM_MUL_ADD(vl, vh, vo, va, vb) \
- __asm__ __volatile__ ( \
- "mul x8, %[a], %[b] \n\t" \
- "umulh x9, %[a], %[b] \n\t" \
- "adds %[l], %[l], x8 \n\t" \
- "adcs %[h], %[h], x9 \n\t" \
- "adc %[o], %[o], xzr \n\t" \
- : [l] "+r" (vl), [h] "+r" (vh), [o] "+r" (vo) \
- : [a] "r" (va), [b] "r" (vb) \
- : "x8", "x9", "cc" \
- )
- /* Multiply va by vb and add double size result into: vh | vl */
- #define SP_ASM_MUL_ADD_NO(vl, vh, va, vb) \
- __asm__ __volatile__ ( \
- "mul x8, %[a], %[b] \n\t" \
- "umulh x9, %[a], %[b] \n\t" \
- "adds %[l], %[l], x8 \n\t" \
- "adc %[h], %[h], x9 \n\t" \
- : [l] "+r" (vl), [h] "+r" (vh) \
- : [a] "r" (va), [b] "r" (vb) \
- : "x8", "x9", "cc" \
- )
- /* Multiply va by vb and add double size result twice into: vo | vh | vl */
- #define SP_ASM_MUL_ADD2(vl, vh, vo, va, vb) \
- __asm__ __volatile__ ( \
- "mul x8, %[a], %[b] \n\t" \
- "umulh x9, %[a], %[b] \n\t" \
- "adds %[l], %[l], x8 \n\t" \
- "adcs %[h], %[h], x9 \n\t" \
- "adc %[o], %[o], xzr \n\t" \
- "adds %[l], %[l], x8 \n\t" \
- "adcs %[h], %[h], x9 \n\t" \
- "adc %[o], %[o], xzr \n\t" \
- : [l] "+r" (vl), [h] "+r" (vh), [o] "+r" (vo) \
- : [a] "r" (va), [b] "r" (vb) \
- : "x8", "x9", "cc" \
- )
- /* Multiply va by vb and add double size result twice into: vo | vh | vl
- * Assumes first add will not overflow vh | vl
- */
- #define SP_ASM_MUL_ADD2_NO(vl, vh, vo, va, vb) \
- __asm__ __volatile__ ( \
- "mul x8, %[a], %[b] \n\t" \
- "umulh x9, %[a], %[b] \n\t" \
- "adds %[l], %[l], x8 \n\t" \
- "adc %[h], %[h], x9 \n\t" \
- "adds %[l], %[l], x8 \n\t" \
- "adcs %[h], %[h], x9 \n\t" \
- "adc %[o], %[o], xzr \n\t" \
- : [l] "+r" (vl), [h] "+r" (vh), [o] "+r" (vo) \
- : [a] "r" (va), [b] "r" (vb) \
- : "x8", "x9", "cc" \
- )
- /* Square va and store double size result in: vh | vl */
- #define SP_ASM_SQR(vl, vh, va) \
- __asm__ __volatile__ ( \
- "mul %[l], %[a], %[a] \n\t" \
- "umulh %[h], %[a], %[a] \n\t" \
- : [h] "+r" (vh), [l] "+r" (vl) \
- : [a] "r" (va) \
- : "memory" \
- )
- /* Square va and add double size result into: vo | vh | vl */
- #define SP_ASM_SQR_ADD(vl, vh, vo, va) \
- __asm__ __volatile__ ( \
- "mul x8, %[a], %[a] \n\t" \
- "umulh x9, %[a], %[a] \n\t" \
- "adds %[l], %[l], x8 \n\t" \
- "adcs %[h], %[h], x9 \n\t" \
- "adc %[o], %[o], xzr \n\t" \
- : [l] "+r" (vl), [h] "+r" (vh), [o] "+r" (vo) \
- : [a] "r" (va) \
- : "x8", "x9", "cc" \
- )
- /* Square va and add double size result into: vh | vl */
- #define SP_ASM_SQR_ADD_NO(vl, vh, va) \
- __asm__ __volatile__ ( \
- "mul x8, %[a], %[a] \n\t" \
- "umulh x9, %[a], %[a] \n\t" \
- "adds %[l], %[l], x8 \n\t" \
- "adc %[h], %[h], x9 \n\t" \
- : [l] "+r" (vl), [h] "+r" (vh) \
- : [a] "r" (va) \
- : "x8", "x9", "cc" \
- )
- /* Add va into: vh | vl */
- #define SP_ASM_ADDC(vl, vh, va) \
- __asm__ __volatile__ ( \
- "adds %[l], %[l], %[a] \n\t" \
- "adc %[h], %[h], xzr \n\t" \
- : [l] "+r" (vl), [h] "+r" (vh) \
- : [a] "r" (va) \
- : "cc" \
- )
- /* Sub va from: vh | vl */
- #define SP_ASM_SUBC(vl, vh, va) \
- __asm__ __volatile__ ( \
- "subs %[l], %[l], %[a] \n\t" \
- "sbc %[h], %[h], xzr \n\t" \
- : [l] "+r" (vl), [h] "+r" (vh) \
- : [a] "r" (va) \
- : "cc" \
- )
- /* Add two times vc | vb | va into vo | vh | vl */
- #define SP_ASM_ADD_DBL_3(vl, vh, vo, va, vb, vc) \
- __asm__ __volatile__ ( \
- "adds %[l], %[l], %[a] \n\t" \
- "adcs %[h], %[h], %[b] \n\t" \
- "adc %[o], %[o], %[c] \n\t" \
- "adds %[l], %[l], %[a] \n\t" \
- "adcs %[h], %[h], %[b] \n\t" \
- "adc %[o], %[o], %[c] \n\t" \
- : [l] "+r" (vl), [h] "+r" (vh), [o] "+r" (vo) \
- : [a] "r" (va), [b] "r" (vb), [c] "r" (vc) \
- : "cc" \
- )
- #ifndef WOLFSSL_SP_DIV_WORD_HALF
- /* Divide a two digit number by a digit number and return. (hi | lo) / d
- *
- * Using udiv instruction on Aarch64.
- * Constant time.
- *
- * @param [in] hi SP integer digit. High digit of the dividend.
- * @param [in] lo SP integer digit. Lower digit of the dividend.
- * @param [in] d SP integer digit. Number to divide by.
- * @return The division result.
- */
- static WC_INLINE sp_int_digit sp_div_word(sp_int_digit hi, sp_int_digit lo,
- sp_int_digit d)
- {
- __asm__ __volatile__ (
- "lsr x3, %[d], 48\n\t"
- "mov x5, 16\n\t"
- "cmp x3, 0\n\t"
- "mov x4, 63\n\t"
- "csel x3, x5, xzr, eq\n\t"
- "sub x4, x4, x3\n\t"
- "lsl %[d], %[d], x3\n\t"
- "lsl %[hi], %[hi], x3\n\t"
- "lsr x5, %[lo], x4\n\t"
- "lsl %[lo], %[lo], x3\n\t"
- "orr %[hi], %[hi], x5, lsr 1\n\t"
- "lsr x5, %[d], 32\n\t"
- "add x5, x5, 1\n\t"
- "udiv x3, %[hi], x5\n\t"
- "lsl x6, x3, 32\n\t"
- "mul x4, %[d], x6\n\t"
- "umulh x3, %[d], x6\n\t"
- "subs %[lo], %[lo], x4\n\t"
- "sbc %[hi], %[hi], x3\n\t"
- "udiv x3, %[hi], x5\n\t"
- "lsl x3, x3, 32\n\t"
- "add x6, x6, x3\n\t"
- "mul x4, %[d], x3\n\t"
- "umulh x3, %[d], x3\n\t"
- "subs %[lo], %[lo], x4\n\t"
- "sbc %[hi], %[hi], x3\n\t"
- "lsr x3, %[lo], 32\n\t"
- "orr x3, x3, %[hi], lsl 32\n\t"
- "udiv x3, x3, x5\n\t"
- "add x6, x6, x3\n\t"
- "mul x4, %[d], x3\n\t"
- "umulh x3, %[d], x3\n\t"
- "subs %[lo], %[lo], x4\n\t"
- "sbc %[hi], %[hi], x3\n\t"
- "lsr x3, %[lo], 32\n\t"
- "orr x3, x3, %[hi], lsl 32\n\t"
- "udiv x3, x3, x5\n\t"
- "add x6, x6, x3\n\t"
- "mul x4, %[d], x3\n\t"
- "sub %[lo], %[lo], x4\n\t"
- "udiv x3, %[lo], %[d]\n\t"
- "add %[hi], x6, x3\n\t"
- : [hi] "+r" (hi), [lo] "+r" (lo), [d] "+r" (d)
- :
- : "x3", "x4", "x5", "x6"
- );
- return hi;
- }
- #define SP_ASM_DIV_WORD
- #endif
- #define SP_INT_ASM_AVAILABLE
- #endif /* WOLFSSL_SP_ARM64 && SP_WORD_SIZE == 64 */
- #if (defined(WOLFSSL_SP_ARM32) || defined(WOLFSSL_SP_ARM_CORTEX_M)) && \
- SP_WORD_SIZE == 32
- /*
- * CPU: ARM32 or Cortex-M4 and similar
- */
- /* Multiply va by vb and store double size result in: vh | vl */
- #define SP_ASM_MUL(vl, vh, va, vb) \
- __asm__ __volatile__ ( \
- "umull %[l], %[h], %[a], %[b] \n\t" \
- : [h] "+r" (vh), [l] "+r" (vl) \
- : [a] "r" (va), [b] "r" (vb) \
- : "memory" \
- )
- /* Multiply va by vb and store double size result in: vo | vh | vl */
- #define SP_ASM_MUL_SET(vl, vh, vo, va, vb) \
- __asm__ __volatile__ ( \
- "umull %[l], %[h], %[a], %[b] \n\t" \
- "mov %[o], #0 \n\t" \
- : [l] "+r" (vl), [h] "+r" (vh), [o] "=r" (vo) \
- : [a] "r" (va), [b] "r" (vb) \
- : \
- )
- /* Multiply va by vb and add double size result into: vo | vh | vl */
- #define SP_ASM_MUL_ADD(vl, vh, vo, va, vb) \
- __asm__ __volatile__ ( \
- "umull r8, r9, %[a], %[b] \n\t" \
- "adds %[l], %[l], r8 \n\t" \
- "adcs %[h], %[h], r9 \n\t" \
- "adc %[o], %[o], #0 \n\t" \
- : [l] "+r" (vl), [h] "+r" (vh), [o] "+r" (vo) \
- : [a] "r" (va), [b] "r" (vb) \
- : "r8", "r9", "cc" \
- )
- /* Multiply va by vb and add double size result into: vh | vl */
- #define SP_ASM_MUL_ADD_NO(vl, vh, va, vb) \
- __asm__ __volatile__ ( \
- "umlal %[l], %[h], %[a], %[b] \n\t" \
- : [l] "+r" (vl), [h] "+r" (vh) \
- : [a] "r" (va), [b] "r" (vb) \
- : \
- )
- /* Multiply va by vb and add double size result twice into: vo | vh | vl */
- #define SP_ASM_MUL_ADD2(vl, vh, vo, va, vb) \
- __asm__ __volatile__ ( \
- "umull r8, r9, %[a], %[b] \n\t" \
- "adds %[l], %[l], r8 \n\t" \
- "adcs %[h], %[h], r9 \n\t" \
- "adc %[o], %[o], #0 \n\t" \
- "adds %[l], %[l], r8 \n\t" \
- "adcs %[h], %[h], r9 \n\t" \
- "adc %[o], %[o], #0 \n\t" \
- : [l] "+r" (vl), [h] "+r" (vh), [o] "+r" (vo) \
- : [a] "r" (va), [b] "r" (vb) \
- : "r8", "r9", "cc" \
- )
- /* Multiply va by vb and add double size result twice into: vo | vh | vl
- * Assumes first add will not overflow vh | vl
- */
- #define SP_ASM_MUL_ADD2_NO(vl, vh, vo, va, vb) \
- __asm__ __volatile__ ( \
- "umull r8, r9, %[a], %[b] \n\t" \
- "adds %[l], %[l], r8 \n\t" \
- "adc %[h], %[h], r9 \n\t" \
- "adds %[l], %[l], r8 \n\t" \
- "adcs %[h], %[h], r9 \n\t" \
- "adc %[o], %[o], #0 \n\t" \
- : [l] "+r" (vl), [h] "+r" (vh), [o] "+r" (vo) \
- : [a] "r" (va), [b] "r" (vb) \
- : "r8", "r9", "cc" \
- )
- /* Square va and store double size result in: vh | vl */
- #define SP_ASM_SQR(vl, vh, va) \
- __asm__ __volatile__ ( \
- "umull %[l], %[h], %[a], %[a] \n\t" \
- : [h] "+r" (vh), [l] "+r" (vl) \
- : [a] "r" (va) \
- : "memory" \
- )
- /* Square va and add double size result into: vo | vh | vl */
- #define SP_ASM_SQR_ADD(vl, vh, vo, va) \
- __asm__ __volatile__ ( \
- "umull r8, r9, %[a], %[a] \n\t" \
- "adds %[l], %[l], r8 \n\t" \
- "adcs %[h], %[h], r9 \n\t" \
- "adc %[o], %[o], #0 \n\t" \
- : [l] "+r" (vl), [h] "+r" (vh), [o] "+r" (vo) \
- : [a] "r" (va) \
- : "r8", "r9", "cc" \
- )
- /* Square va and add double size result into: vh | vl */
- #define SP_ASM_SQR_ADD_NO(vl, vh, va) \
- __asm__ __volatile__ ( \
- "umlal %[l], %[h], %[a], %[a] \n\t" \
- : [l] "+r" (vl), [h] "+r" (vh) \
- : [a] "r" (va) \
- : "cc" \
- )
- /* Add va into: vh | vl */
- #define SP_ASM_ADDC(vl, vh, va) \
- __asm__ __volatile__ ( \
- "adds %[l], %[l], %[a] \n\t" \
- "adc %[h], %[h], #0 \n\t" \
- : [l] "+r" (vl), [h] "+r" (vh) \
- : [a] "r" (va) \
- : "cc" \
- )
- /* Sub va from: vh | vl */
- #define SP_ASM_SUBC(vl, vh, va) \
- __asm__ __volatile__ ( \
- "subs %[l], %[l], %[a] \n\t" \
- "sbc %[h], %[h], #0 \n\t" \
- : [l] "+r" (vl), [h] "+r" (vh) \
- : [a] "r" (va) \
- : "cc" \
- )
- /* Add two times vc | vb | va into vo | vh | vl */
- #define SP_ASM_ADD_DBL_3(vl, vh, vo, va, vb, vc) \
- __asm__ __volatile__ ( \
- "adds %[l], %[l], %[a] \n\t" \
- "adcs %[h], %[h], %[b] \n\t" \
- "adc %[o], %[o], %[c] \n\t" \
- "adds %[l], %[l], %[a] \n\t" \
- "adcs %[h], %[h], %[b] \n\t" \
- "adc %[o], %[o], %[c] \n\t" \
- : [l] "+r" (vl), [h] "+r" (vh), [o] "+r" (vo) \
- : [a] "r" (va), [b] "r" (vb), [c] "r" (vc) \
- : "cc" \
- )
- #ifndef WOLFSSL_SP_DIV_WORD_HALF
- #ifndef WOLFSSL_SP_ARM32_UDIV
- /* Divide a two digit number by a digit number and return. (hi | lo) / d
- *
- * No division instruction used - does operation bit by bit.
- * Constant time.
- *
- * @param [in] hi SP integer digit. High digit of the dividend.
- * @param [in] lo SP integer digit. Lower digit of the dividend.
- * @param [in] d SP integer digit. Number to divide by.
- * @return The division result.
- */
- static WC_INLINE sp_int_digit sp_div_word(sp_int_digit hi, sp_int_digit lo,
- sp_int_digit d)
- {
- sp_int_digit r = 0;
- #if defined(WOLFSSL_SP_ARM_ARCH) && (WOLFSSL_SP_ARM_ARCH < 7)
- static const char debruijn32[32] = {
- 0, 31, 9, 30, 3, 8, 13, 29, 2, 5, 7, 21, 12, 24, 28, 19,
- 1, 10, 4, 14, 6, 22, 25, 20, 11, 15, 23, 26, 16, 27, 17, 18
- };
- static const sp_uint32 debruijn32_mul = 0x076be629;
- #endif
- __asm__ __volatile__ (
- /* Shift d so that top bit is set. */
- #if defined(WOLFSSL_SP_ARM_ARCH) && (WOLFSSL_SP_ARM_ARCH < 7)
- "ldr r4, %[m]\n\t"
- "mov r5, %[d]\n\t"
- "orr r5, r5, r5, lsr #1\n\t"
- "orr r5, r5, r5, lsr #2\n\t"
- "orr r5, r5, r5, lsr #4\n\t"
- "orr r5, r5, r5, lsr #8\n\t"
- "orr r5, r5, r5, lsr #16\n\t"
- "add r5, r5, #1\n\t"
- "mul r5, r5, r4\n\t"
- "lsr r5, r5, #27\n\t"
- "ldrb r5, [%[t], r5]\n\t"
- #else
- "clz r5, %[d]\n\t"
- #endif
- "rsb r6, r5, #31\n\t"
- "lsl %[d], %[d], r5\n\t"
- "lsl %[hi], %[hi], r5\n\t"
- "lsr r9, %[lo], r6\n\t"
- "lsl %[lo], %[lo], r5\n\t"
- "orr %[hi], %[hi], r9, lsr #1\n\t"
- "lsr r5, %[d], #1\n\t"
- "add r5, r5, #1\n\t"
- "mov r6, %[lo]\n\t"
- "mov r9, %[hi]\n\t"
- /* Do top 32 */
- "subs r8, r5, r9\n\t"
- "sbc r8, r8, r8\n\t"
- "add %[r], %[r], %[r]\n\t"
- "sub %[r], %[r], r8\n\t"
- "and r8, r8, r5\n\t"
- "subs r9, r9, r8\n\t"
- /* Next 30 bits */
- "mov r4, #29\n\t"
- "\n1:\n\t"
- "movs r6, r6, lsl #1\n\t"
- "adc r9, r9, r9\n\t"
- "subs r8, r5, r9\n\t"
- "sbc r8, r8, r8\n\t"
- "add %[r], %[r], %[r]\n\t"
- "sub %[r], %[r], r8\n\t"
- "and r8, r8, r5\n\t"
- "subs r9, r9, r8\n\t"
- "subs r4, r4, #1\n\t"
- "bpl 1b\n\t"
- "add %[r], %[r], %[r]\n\t"
- "add %[r], %[r], #1\n\t"
- /* Handle difference has hi word > 0. */
- "umull r4, r5, %[r], %[d]\n\t"
- "subs r4, %[lo], r4\n\t"
- "sbc r5, %[hi], r5\n\t"
- "add %[r], %[r], r5\n\t"
- "umull r4, r5, %[r], %[d]\n\t"
- "subs r4, %[lo], r4\n\t"
- "sbc r5, %[hi], r5\n\t"
- "add %[r], %[r], r5\n\t"
- /* Add 1 to result if bottom half of difference is >= d. */
- "mul r4, %[r], %[d]\n\t"
- "subs r4, %[lo], r4\n\t"
- "subs r9, %[d], r4\n\t"
- "sbc r8, r8, r8\n\t"
- "sub %[r], %[r], r8\n\t"
- "subs r9, r9, #1\n\t"
- "sbc r8, r8, r8\n\t"
- "sub %[r], %[r], r8\n\t"
- : [r] "+r" (r), [hi] "+r" (hi), [lo] "+r" (lo), [d] "+r" (d)
- #if defined(WOLFSSL_SP_ARM_ARCH) && (WOLFSSL_SP_ARM_ARCH < 7)
- : [t] "r" (debruijn32), [m] "m" (debruijn32_mul)
- #else
- :
- #endif
- : "r4", "r5", "r6", "r8", "r9"
- );
- return r;
- }
- #else
- /* Divide a two digit number by a digit number and return. (hi | lo) / d
- *
- * Using udiv instruction on arm32
- * Constant time.
- *
- * @param [in] hi SP integer digit. High digit of the dividend.
- * @param [in] lo SP integer digit. Lower digit of the dividend.
- * @param [in] d SP integer digit. Number to divide by.
- * @return The division result.
- */
- static WC_INLINE sp_int_digit sp_div_word(sp_int_digit hi, sp_int_digit lo,
- sp_int_digit d)
- {
- __asm__ __volatile__ (
- "lsrs r3, %[d], #24\n\t"
- "it eq\n\t"
- "moveq r3, #8\n\t"
- "it ne\n\t"
- "movne r3, #0\n\t"
- "rsb r4, r3, #31\n\t"
- "lsl %[d], %[d], r3\n\t"
- "lsl %[hi], %[hi], r3\n\t"
- "lsr r5, %[lo], r4\n\t"
- "lsl %[lo], %[lo], r3\n\t"
- "orr %[hi], %[hi], r5, lsr #1\n\t"
- "lsr r5, %[d], 16\n\t"
- "add r5, r5, 1\n\t"
- "udiv r3, %[hi], r5\n\t"
- "lsl r6, r3, 16\n\t"
- "umull r4, r3, %[d], r6\n\t"
- "subs %[lo], %[lo], r4\n\t"
- "sbc %[hi], %[hi], r3\n\t"
- "udiv r3, %[hi], r5\n\t"
- "lsl r3, r3, 16\n\t"
- "add r6, r6, r3\n\t"
- "umull r4, r3, %[d], r3\n\t"
- "subs %[lo], %[lo], r4\n\t"
- "sbc %[hi], %[hi], r3\n\t"
- "lsr r3, %[lo], 16\n\t"
- "orr r3, r3, %[hi], lsl 16\n\t"
- "udiv r3, r3, r5\n\t"
- "add r6, r6, r3\n\t"
- "umull r4, r3, %[d], r3\n\t"
- "subs %[lo], %[lo], r4\n\t"
- "sbc %[hi], %[hi], r3\n\t"
- "lsr r3, %[lo], 16\n\t"
- "orr r3, r3, %[hi], lsl 16\n\t"
- "udiv r3, r3, r5\n\t"
- "add r6, r6, r3\n\t"
- "mul r4, %[d], r3\n\t"
- "sub %[lo], %[lo], r4\n\t"
- "udiv r3, %[lo], %[d]\n\t"
- "add %[hi], r6, r3\n\t"
- : [hi] "+r" (hi), [lo] "+r" (lo), [d] "+r" (d)
- :
- : "r3", "r4", "r5", "r6"
- );
- return hi;
- }
- #endif
- #define SP_ASM_DIV_WORD
- #endif
- #define SP_INT_ASM_AVAILABLE
- #endif /* (WOLFSSL_SP_ARM32 || ARM_CORTEX_M) && SP_WORD_SIZE == 32 */
- #if defined(WOLFSSL_SP_ARM_THUMB) && SP_WORD_SIZE == 32
- /*
- * CPU: ARM Thumb (like Cortex-M0)
- */
- /* Compile with -fomit-frame-pointer, or similar, if compiler complains about
- * usage of register 'r7'.
- */
- #if defined(__clang__)
- /* Multiply va by vb and store double size result in: vh | vl */
- #define SP_ASM_MUL(vl, vh, va, vb) \
- __asm__ __volatile__ ( \
- /* al * bl */ \
- "uxth r6, %[a] \n\t" \
- "uxth %[l], %[b] \n\t" \
- "muls %[l], r6 \n\t" \
- /* al * bh */ \
- "lsrs r4, %[b], #16 \n\t" \
- "muls r6, r4 \n\t" \
- "lsrs %[h], r6, #16 \n\t" \
- "lsls r6, r6, #16 \n\t" \
- "adds %[l], %[l], r6 \n\t" \
- "movs r5, #0 \n\t" \
- "adcs %[h], r5 \n\t" \
- /* ah * bh */ \
- "lsrs r6, %[a], #16 \n\t" \
- "muls r4, r6 \n\t" \
- "adds %[h], %[h], r4 \n\t" \
- /* ah * bl */ \
- "uxth r4, %[b] \n\t" \
- "muls r6, r4 \n\t" \
- "lsrs r4, r6, #16 \n\t" \
- "lsls r6, r6, #16 \n\t" \
- "adds %[l], %[l], r6 \n\t" \
- "adcs %[h], r4 \n\t" \
- : [h] "+l" (vh), [l] "+l" (vl) \
- : [a] "l" (va), [b] "l" (vb) \
- : "r4", "r5", "r6", "cc" \
- )
- /* Multiply va by vb and store double size result in: vo | vh | vl */
- #define SP_ASM_MUL_SET(vl, vh, vo, va, vb) \
- __asm__ __volatile__ ( \
- /* al * bl */ \
- "uxth r6, %[a] \n\t" \
- "uxth %[l], %[b] \n\t" \
- "muls %[l], r6 \n\t" \
- /* al * bh */ \
- "lsrs r7, %[b], #16 \n\t" \
- "muls r6, r7 \n\t" \
- "lsrs %[h], r6, #16 \n\t" \
- "lsls r6, r6, #16 \n\t" \
- "adds %[l], %[l], r6 \n\t" \
- "movs %[o], #0 \n\t" \
- "adcs %[h], %[o] \n\t" \
- /* ah * bh */ \
- "lsrs r6, %[a], #16 \n\t" \
- "muls r7, r6 \n\t" \
- "adds %[h], %[h], r7 \n\t" \
- /* ah * bl */ \
- "uxth r7, %[b] \n\t" \
- "muls r6, r7 \n\t" \
- "lsrs r7, r6, #16 \n\t" \
- "lsls r6, r6, #16 \n\t" \
- "adds %[l], %[l], r6 \n\t" \
- "adcs %[h], r7 \n\t" \
- : [l] "+l" (vl), [h] "+l" (vh), [o] "+l" (vo) \
- : [a] "l" (va), [b] "l" (vb) \
- : "r6", "r7", "cc" \
- )
- #ifndef WOLFSSL_SP_SMALL
- /* Multiply va by vb and add double size result into: vo | vh | vl */
- #define SP_ASM_MUL_ADD(vl, vh, vo, va, vb) \
- __asm__ __volatile__ ( \
- /* al * bl */ \
- "uxth r6, %[a] \n\t" \
- "uxth r7, %[b] \n\t" \
- "muls r7, r6 \n\t" \
- "adds %[l], %[l], r7 \n\t" \
- "movs r5, #0 \n\t" \
- "adcs %[h], r5 \n\t" \
- "adcs %[o], r5 \n\t" \
- /* al * bh */ \
- "lsrs r7, %[b], #16 \n\t" \
- "muls r6, r7 \n\t" \
- "lsrs r7, r6, #16 \n\t" \
- "lsls r6, r6, #16 \n\t" \
- "adds %[l], %[l], r6 \n\t" \
- "adcs %[h], r7 \n\t" \
- "adcs %[o], r5 \n\t" \
- /* ah * bh */ \
- "lsrs r6, %[a], #16 \n\t" \
- "lsrs r7, %[b], #16 \n\t" \
- "muls r7, r6 \n\t" \
- "adds %[h], %[h], r7 \n\t" \
- "adcs %[o], r5 \n\t" \
- /* ah * bl */ \
- "uxth r7, %[b] \n\t" \
- "muls r6, r7 \n\t" \
- "lsrs r7, r6, #16 \n\t" \
- "lsls r6, r6, #16 \n\t" \
- "adds %[l], %[l], r6 \n\t" \
- "adcs %[h], r7 \n\t" \
- "adcs %[o], r5 \n\t" \
- : [l] "+l" (vl), [h] "+l" (vh), [o] "+l" (vo) \
- : [a] "l" (va), [b] "l" (vb) \
- : "r5", "r6", "r7", "cc" \
- )
- #else
- /* Multiply va by vb and add double size result into: vo | vh | vl */
- #define SP_ASM_MUL_ADD(vl, vh, vo, va, vb) \
- __asm__ __volatile__ ( \
- /* al * bl */ \
- "uxth r6, %[a] \n\t" \
- "uxth r5, %[b] \n\t" \
- "muls r5, r6 \n\t" \
- "adds %[l], %[l], r5 \n\t" \
- "movs r5, #0 \n\t" \
- "adcs %[h], r5 \n\t" \
- "adcs %[o], r5 \n\t" \
- /* al * bh */ \
- "lsrs r5, %[b], #16 \n\t" \
- "muls r6, r5 \n\t" \
- "lsrs r5, r6, #16 \n\t" \
- "lsls r6, r6, #16 \n\t" \
- "adds %[l], %[l], r6 \n\t" \
- "adcs %[h], r5 \n\t" \
- "movs r5, #0 \n\t" \
- "adcs %[o], r5 \n\t" \
- /* ah * bh */ \
- "lsrs r6, %[a], #16 \n\t" \
- "lsrs r5, %[b], #16 \n\t" \
- "muls r5, r6 \n\t" \
- "adds %[h], %[h], r5 \n\t" \
- "movs r5, #0 \n\t" \
- "adcs %[o], r5 \n\t" \
- /* ah * bl */ \
- "uxth r5, %[b] \n\t" \
- "muls r6, r5 \n\t" \
- "lsrs r5, r6, #16 \n\t" \
- "lsls r6, r6, #16 \n\t" \
- "adds %[l], %[l], r6 \n\t" \
- "adcs %[h], r5 \n\t" \
- "movs r5, #0 \n\t" \
- "adcs %[o], r5 \n\t" \
- : [l] "+l" (vl), [h] "+l" (vh), [o] "+l" (vo) \
- : [a] "l" (va), [b] "l" (vb) \
- : "r5", "r6", "cc" \
- )
- #endif
- /* Multiply va by vb and add double size result into: vh | vl */
- #define SP_ASM_MUL_ADD_NO(vl, vh, va, vb) \
- __asm__ __volatile__ ( \
- /* al * bl */ \
- "uxth r6, %[a] \n\t" \
- "uxth r4, %[b] \n\t" \
- "muls r4, r6 \n\t" \
- "adds %[l], %[l], r4 \n\t" \
- "movs r5, #0 \n\t" \
- "adcs %[h], r5 \n\t" \
- /* al * bh */ \
- "lsrs r4, %[b], #16 \n\t" \
- "muls r6, r4 \n\t" \
- "lsrs r4, r6, #16 \n\t" \
- "lsls r6, r6, #16 \n\t" \
- "adds %[l], %[l], r6 \n\t" \
- "adcs %[h], r4 \n\t" \
- /* ah * bh */ \
- "lsrs r6, %[a], #16 \n\t" \
- "lsrs r4, %[b], #16 \n\t" \
- "muls r4, r6 \n\t" \
- "adds %[h], %[h], r4 \n\t" \
- /* ah * bl */ \
- "uxth r4, %[b] \n\t" \
- "muls r6, r4 \n\t" \
- "lsrs r4, r6, #16 \n\t" \
- "lsls r6, r6, #16 \n\t" \
- "adds %[l], %[l], r6 \n\t" \
- "adcs %[h], r4 \n\t" \
- : [l] "+l" (vl), [h] "+l" (vh) \
- : [a] "l" (va), [b] "l" (vb) \
- : "r4", "r5", "r6", "cc" \
- )
- #ifndef WOLFSSL_SP_SMALL
- /* Multiply va by vb and add double size result twice into: vo | vh | vl */
- #define SP_ASM_MUL_ADD2(vl, vh, vo, va, vb) \
- __asm__ __volatile__ ( \
- /* al * bl */ \
- "uxth r6, %[a] \n\t" \
- "uxth r7, %[b] \n\t" \
- "muls r7, r6 \n\t" \
- "adds %[l], %[l], r7 \n\t" \
- "movs r5, #0 \n\t" \
- "adcs %[h], r5 \n\t" \
- "adcs %[o], r5 \n\t" \
- "adds %[l], %[l], r7 \n\t" \
- "adcs %[h], r5 \n\t" \
- "adcs %[o], r5 \n\t" \
- /* al * bh */ \
- "lsrs r7, %[b], #16 \n\t" \
- "muls r6, r7 \n\t" \
- "lsrs r7, r6, #16 \n\t" \
- "lsls r6, r6, #16 \n\t" \
- "adds %[l], %[l], r6 \n\t" \
- "adcs %[h], r7 \n\t" \
- "adcs %[o], r5 \n\t" \
- "adds %[l], %[l], r6 \n\t" \
- "adcs %[h], r7 \n\t" \
- "adcs %[o], r5 \n\t" \
- /* ah * bh */ \
- "lsrs r6, %[a], #16 \n\t" \
- "lsrs r7, %[b], #16 \n\t" \
- "muls r7, r6 \n\t" \
- "adds %[h], %[h], r7 \n\t" \
- "adcs %[o], r5 \n\t" \
- "adds %[h], %[h], r7 \n\t" \
- "adcs %[o], r5 \n\t" \
- /* ah * bl */ \
- "uxth r7, %[b] \n\t" \
- "muls r6, r7 \n\t" \
- "lsrs r7, r6, #16 \n\t" \
- "lsls r6, r6, #16 \n\t" \
- "adds %[l], %[l], r6 \n\t" \
- "adcs %[h], r7 \n\t" \
- "adcs %[o], r5 \n\t" \
- "adds %[l], %[l], r6 \n\t" \
- "adcs %[h], r7 \n\t" \
- "adcs %[o], r5 \n\t" \
- : [l] "+l" (vl), [h] "+l" (vh), [o] "+l" (vo) \
- : [a] "l" (va), [b] "l" (vb) \
- : "r5", "r6", "r7", "cc" \
- )
- #else
- /* Multiply va by vb and add double size result twice into: vo | vh | vl */
- #define SP_ASM_MUL_ADD2(vl, vh, vo, va, vb) \
- __asm__ __volatile__ ( \
- "movs r8, %[a] \n\t" \
- /* al * bl */ \
- "uxth r6, %[a] \n\t" \
- "uxth r5, %[b] \n\t" \
- "muls r5, r6 \n\t" \
- "adds %[l], %[l], r5 \n\t" \
- "movs %[a], #0 \n\t" \
- "adcs %[h], %[a] \n\t" \
- "adcs %[o], %[a] \n\t" \
- "adds %[l], %[l], r5 \n\t" \
- "adcs %[h], %[a] \n\t" \
- "adcs %[o], %[a] \n\t" \
- /* al * bh */ \
- "lsrs r5, %[b], #16 \n\t" \
- "muls r6, r5 \n\t" \
- "lsrs r5, r6, #16 \n\t" \
- "lsls r6, r6, #16 \n\t" \
- "adds %[l], %[l], r6 \n\t" \
- "adcs %[h], r5 \n\t" \
- "adcs %[o], %[a] \n\t" \
- "adds %[l], %[l], r6 \n\t" \
- "adcs %[h], r5 \n\t" \
- "adcs %[o], %[a] \n\t" \
- /* ah * bh */ \
- "movs %[a], r8 \n\t" \
- "lsrs r6, %[a], #16 \n\t" \
- "lsrs r5, %[b], #16 \n\t" \
- "muls r5, r6 \n\t" \
- "adds %[h], %[h], r5 \n\t" \
- "movs %[a], #0 \n\t" \
- "adcs %[o], %[a] \n\t" \
- "adds %[h], %[h], r5 \n\t" \
- "adcs %[o], %[a] \n\t" \
- /* ah * bl */ \
- "uxth r5, %[b] \n\t" \
- "muls r6, r5 \n\t" \
- "lsrs r5, r6, #16 \n\t" \
- "lsls r6, r6, #16 \n\t" \
- "adds %[l], %[l], r6 \n\t" \
- "adcs %[h], r5 \n\t" \
- "adcs %[o], %[a] \n\t" \
- "adds %[l], %[l], r6 \n\t" \
- "adcs %[h], r5 \n\t" \
- "adcs %[o], %[a] \n\t" \
- "movs %[a], r8 \n\t" \
- : [l] "+l" (vl), [h] "+l" (vh), [o] "+l" (vo) \
- : [a] "l" (va), [b] "l" (vb) \
- : "r5", "r6", "r8", "cc" \
- )
- #endif
- /* Multiply va by vb and add double size result twice into: vo | vh | vl
- * Assumes first add will not overflow vh | vl
- */
- #define SP_ASM_MUL_ADD2_NO(vl, vh, vo, va, vb) \
- __asm__ __volatile__ ( \
- /* al * bl */ \
- "uxth r6, %[a] \n\t" \
- "uxth r7, %[b] \n\t" \
- "muls r7, r6 \n\t" \
- "adds %[l], %[l], r7 \n\t" \
- "movs r5, #0 \n\t" \
- "adcs %[h], r5 \n\t" \
- "adds %[l], %[l], r7 \n\t" \
- "adcs %[h], r5 \n\t" \
- /* al * bh */ \
- "lsrs r7, %[b], #16 \n\t" \
- "muls r6, r7 \n\t" \
- "lsrs r7, r6, #16 \n\t" \
- "lsls r6, r6, #16 \n\t" \
- "adds %[l], %[l], r6 \n\t" \
- "adcs %[h], r7 \n\t" \
- "adds %[l], %[l], r6 \n\t" \
- "adcs %[h], r7 \n\t" \
- "adcs %[o], r5 \n\t" \
- /* ah * bh */ \
- "lsrs r6, %[a], #16 \n\t" \
- "lsrs r7, %[b], #16 \n\t" \
- "muls r7, r6 \n\t" \
- "adds %[h], %[h], r7 \n\t" \
- "adcs %[o], r5 \n\t" \
- "adds %[h], %[h], r7 \n\t" \
- "adcs %[o], r5 \n\t" \
- /* ah * bl */ \
- "uxth r7, %[b] \n\t" \
- "muls r6, r7 \n\t" \
- "lsrs r7, r6, #16 \n\t" \
- "lsls r6, r6, #16 \n\t" \
- "adds %[l], %[l], r6 \n\t" \
- "adcs %[h], r7 \n\t" \
- "adcs %[o], r5 \n\t" \
- "adds %[l], %[l], r6 \n\t" \
- "adcs %[h], r7 \n\t" \
- "adcs %[o], r5 \n\t" \
- : [l] "+l" (vl), [h] "+l" (vh), [o] "+l" (vo) \
- : [a] "l" (va), [b] "l" (vb) \
- : "r5", "r6", "r7", "cc" \
- )
- /* Square va and store double size result in: vh | vl */
- #define SP_ASM_SQR(vl, vh, va) \
- __asm__ __volatile__ ( \
- "lsrs r5, %[a], #16 \n\t" \
- "uxth r6, %[a] \n\t" \
- "mov %[l], r6 \n\t" \
- "mov %[h], r5 \n\t" \
- /* al * al */ \
- "muls %[l], %[l] \n\t" \
- /* ah * ah */ \
- "muls %[h], %[h] \n\t" \
- /* 2 * al * ah */ \
- "muls r6, r5 \n\t" \
- "lsrs r5, r6, #15 \n\t" \
- "lsls r6, r6, #17 \n\t" \
- "adds %[l], %[l], r6 \n\t" \
- "adcs %[h], r5 \n\t" \
- : [h] "+l" (vh), [l] "+l" (vl) \
- : [a] "l" (va) \
- : "r5", "r6", "cc" \
- )
- /* Square va and add double size result into: vo | vh | vl */
- #define SP_ASM_SQR_ADD(vl, vh, vo, va) \
- __asm__ __volatile__ ( \
- "lsrs r4, %[a], #16 \n\t" \
- "uxth r6, %[a] \n\t" \
- /* al * al */ \
- "muls r6, r6 \n\t" \
- /* ah * ah */ \
- "muls r4, r4 \n\t" \
- "adds %[l], %[l], r6 \n\t" \
- "adcs %[h], r4 \n\t" \
- "movs r5, #0 \n\t" \
- "adcs %[o], r5 \n\t" \
- "lsrs r4, %[a], #16 \n\t" \
- "uxth r6, %[a] \n\t" \
- /* 2 * al * ah */ \
- "muls r6, r4 \n\t" \
- "lsrs r4, r6, #15 \n\t" \
- "lsls r6, r6, #17 \n\t" \
- "adds %[l], %[l], r6 \n\t" \
- "adcs %[h], r4 \n\t" \
- "adcs %[o], r5 \n\t" \
- : [l] "+l" (vl), [h] "+l" (vh), [o] "+l" (vo) \
- : [a] "l" (va) \
- : "r4", "r5", "r6", "cc" \
- )
- /* Square va and add double size result into: vh | vl */
- #define SP_ASM_SQR_ADD_NO(vl, vh, va) \
- __asm__ __volatile__ ( \
- "lsrs r7, %[a], #16 \n\t" \
- "uxth r6, %[a] \n\t" \
- /* al * al */ \
- "muls r6, r6 \n\t" \
- /* ah * ah */ \
- "muls r7, r7 \n\t" \
- "adds %[l], %[l], r6 \n\t" \
- "adcs %[h], r7 \n\t" \
- "lsrs r7, %[a], #16 \n\t" \
- "uxth r6, %[a] \n\t" \
- /* 2 * al * ah */ \
- "muls r6, r7 \n\t" \
- "lsrs r7, r6, #15 \n\t" \
- "lsls r6, r6, #17 \n\t" \
- "adds %[l], %[l], r6 \n\t" \
- "adcs %[h], r7 \n\t" \
- : [l] "+l" (vl), [h] "+l" (vh) \
- : [a] "l" (va) \
- : "r6", "r7", "cc" \
- )
- /* Add va into: vh | vl */
- #define SP_ASM_ADDC(vl, vh, va) \
- __asm__ __volatile__ ( \
- "adds %[l], %[l], %[a] \n\t" \
- "movs r5, #0 \n\t" \
- "adcs %[h], r5 \n\t" \
- : [l] "+l" (vl), [h] "+l" (vh) \
- : [a] "l" (va) \
- : "r5", "cc" \
- )
- /* Sub va from: vh | vl */
- #define SP_ASM_SUBC(vl, vh, va) \
- __asm__ __volatile__ ( \
- "subs %[l], %[l], %[a] \n\t" \
- "movs r5, #0 \n\t" \
- "sbcs %[h], r5 \n\t" \
- : [l] "+l" (vl), [h] "+l" (vh) \
- : [a] "l" (va) \
- : "r5", "cc" \
- )
- /* Add two times vc | vb | va into vo | vh | vl */
- #define SP_ASM_ADD_DBL_3(vl, vh, vo, va, vb, vc) \
- __asm__ __volatile__ ( \
- "adds %[l], %[l], %[a] \n\t" \
- "adcs %[h], %[b] \n\t" \
- "adcs %[o], %[c] \n\t" \
- "adds %[l], %[l], %[a] \n\t" \
- "adcs %[h], %[b] \n\t" \
- "adcs %[o], %[c] \n\t" \
- : [l] "+l" (vl), [h] "+l" (vh), [o] "+l" (vo) \
- : [a] "l" (va), [b] "l" (vb), [c] "l" (vc) \
- : "cc" \
- )
- #elif defined(WOLFSSL_KEIL)
- /* Multiply va by vb and store double size result in: vh | vl */
- #define SP_ASM_MUL(vl, vh, va, vb) \
- __asm__ __volatile__ ( \
- /* al * bl */ \
- "uxth r6, %[a] \n\t" \
- "uxth %[l], %[b] \n\t" \
- "muls %[l], r6, %[l] \n\t" \
- /* al * bh */ \
- "lsrs r4, %[b], #16 \n\t" \
- "muls r6, r4, r6 \n\t" \
- "lsrs %[h], r6, #16 \n\t" \
- "lsls r6, r6, #16 \n\t" \
- "adds %[l], %[l], r6 \n\t" \
- "movs r5, #0 \n\t" \
- "adcs %[h], %[h], r5 \n\t" \
- /* ah * bh */ \
- "lsrs r6, %[a], #16 \n\t" \
- "muls r4, r6, r4 \n\t" \
- "adds %[h], %[h], r4 \n\t" \
- /* ah * bl */ \
- "uxth r4, %[b] \n\t" \
- "muls r6, r4, r6 \n\t" \
- "lsrs r4, r6, #16 \n\t" \
- "lsls r6, r6, #16 \n\t" \
- "adds %[l], %[l], r6 \n\t" \
- "adcs %[h], %[h], r4 \n\t" \
- : [h] "+l" (vh), [l] "+l" (vl) \
- : [a] "l" (va), [b] "l" (vb) \
- : "r4", "r5", "r6", "cc" \
- )
- /* Multiply va by vb and store double size result in: vo | vh | vl */
- #define SP_ASM_MUL_SET(vl, vh, vo, va, vb) \
- __asm__ __volatile__ ( \
- /* al * bl */ \
- "uxth r6, %[a] \n\t" \
- "uxth %[l], %[b] \n\t" \
- "muls %[l], r6, %[l] \n\t" \
- /* al * bh */ \
- "lsrs r7, %[b], #16 \n\t" \
- "muls r6, r7, r6 \n\t" \
- "lsrs %[h], r6, #16 \n\t" \
- "lsls r6, r6, #16 \n\t" \
- "adds %[l], %[l], r6 \n\t" \
- "movs %[o], #0 \n\t" \
- "adcs %[h], %[h], %[o] \n\t" \
- /* ah * bh */ \
- "lsrs r6, %[a], #16 \n\t" \
- "muls r7, r6, r7 \n\t" \
- "adds %[h], %[h], r7 \n\t" \
- /* ah * bl */ \
- "uxth r7, %[b] \n\t" \
- "muls r6, r7, r6 \n\t" \
- "lsrs r7, r6, #16 \n\t" \
- "lsls r6, r6, #16 \n\t" \
- "adds %[l], %[l], r6 \n\t" \
- "adcs %[h], %[h], r7 \n\t" \
- : [l] "+l" (vl), [h] "+l" (vh), [o] "+l" (vo) \
- : [a] "l" (va), [b] "l" (vb) \
- : "r6", "r7", "cc" \
- )
- #ifndef WOLFSSL_SP_SMALL
- /* Multiply va by vb and add double size result into: vo | vh | vl */
- #define SP_ASM_MUL_ADD(vl, vh, vo, va, vb) \
- __asm__ __volatile__ ( \
- /* al * bl */ \
- "uxth r6, %[a] \n\t" \
- "uxth r7, %[b] \n\t" \
- "muls r7, r6, r7 \n\t" \
- "adds %[l], %[l], r7 \n\t" \
- "movs r5, #0 \n\t" \
- "adcs %[h], %[h], r5 \n\t" \
- "adcs %[o], %[o], r5 \n\t" \
- /* al * bh */ \
- "lsrs r7, %[b], #16 \n\t" \
- "muls r6, r7, r6 \n\t" \
- "lsrs r7, r6, #16 \n\t" \
- "lsls r6, r6, #16 \n\t" \
- "adds %[l], %[l], r6 \n\t" \
- "adcs %[h], %[h], r7 \n\t" \
- "adcs %[o], %[o], r5 \n\t" \
- /* ah * bh */ \
- "lsrs r6, %[a], #16 \n\t" \
- "lsrs r7, %[b], #16 \n\t" \
- "muls r7, r6, r7 \n\t" \
- "adds %[h], %[h], r7 \n\t" \
- "adcs %[o], %[o], r5 \n\t" \
- /* ah * bl */ \
- "uxth r7, %[b] \n\t" \
- "muls r6, r7, r6 \n\t" \
- "lsrs r7, r6, #16 \n\t" \
- "lsls r6, r6, #16 \n\t" \
- "adds %[l], %[l], r6 \n\t" \
- "adcs %[h], %[h], r7 \n\t" \
- "adcs %[o], %[o], r5 \n\t" \
- : [l] "+l" (vl), [h] "+l" (vh), [o] "+l" (vo) \
- : [a] "l" (va), [b] "l" (vb) \
- : "r5", "r6", "r7", "cc" \
- )
- #else
- #define SP_ASM_MUL_ADD(vl, vh, vo, va, vb) \
- __asm__ __volatile__ ( \
- /* al * bl */ \
- "uxth r6, %[a] \n\t" \
- "uxth r5, %[b] \n\t" \
- "muls r5, r6, r5 \n\t" \
- "adds %[l], %[l], r5 \n\t" \
- "movs r5, #0 \n\t" \
- "adcs %[h], %[h], r5 \n\t" \
- "adcs %[o], %[o], r5 \n\t" \
- /* al * bh */ \
- "lsrs r5, %[b], #16 \n\t" \
- "muls r6, r5, r6 \n\t" \
- "lsrs r5, r6, #16 \n\t" \
- "lsls r6, r6, #16 \n\t" \
- "adds %[l], %[l], r6 \n\t" \
- "adcs %[h], %[h], r5 \n\t" \
- "movs r5, #0 \n\t" \
- "adcs %[o], %[o], r5 \n\t" \
- /* ah * bh */ \
- "lsrs r6, %[a], #16 \n\t" \
- "lsrs r5, %[b], #16 \n\t" \
- "muls r5, r6, r5 \n\t" \
- "adds %[h], %[h], r5 \n\t" \
- "movs r5, #0 \n\t" \
- "adcs %[o], %[o], r5 \n\t" \
- /* ah * bl */ \
- "uxth r5, %[b] \n\t" \
- "muls r6, r5, r6 \n\t" \
- "lsrs r5, r6, #16 \n\t" \
- "lsls r6, r6, #16 \n\t" \
- "adds %[l], %[l], r6 \n\t" \
- "adcs %[h], %[h], r5 \n\t" \
- "movs r5, #0 \n\t" \
- "adcs %[o], %[o], r5 \n\t" \
- : [l] "+l" (vl), [h] "+l" (vh), [o] "+l" (vo) \
- : [a] "l" (va), [b] "l" (vb) \
- : "r5", "r6", "cc" \
- )
- #endif
- /* Multiply va by vb and add double size result into: vh | vl */
- #define SP_ASM_MUL_ADD_NO(vl, vh, va, vb) \
- __asm__ __volatile__ ( \
- /* al * bl */ \
- "uxth r6, %[a] \n\t" \
- "uxth r4, %[b] \n\t" \
- "muls r4, r6, r4 \n\t" \
- "adds %[l], %[l], r4 \n\t" \
- "movs r5, #0 \n\t" \
- "adcs %[h], %[h], r5 \n\t" \
- /* al * bh */ \
- "lsrs r4, %[b], #16 \n\t" \
- "muls r6, r4, r6 \n\t" \
- "lsrs r4, r6, #16 \n\t" \
- "lsls r6, r6, #16 \n\t" \
- "adds %[l], %[l], r6 \n\t" \
- "adcs %[h], %[h], r4 \n\t" \
- /* ah * bh */ \
- "lsrs r6, %[a], #16 \n\t" \
- "lsrs r4, %[b], #16 \n\t" \
- "muls r4, r6, r4 \n\t" \
- "adds %[h], %[h], r4 \n\t" \
- /* ah * bl */ \
- "uxth r4, %[b] \n\t" \
- "muls r6, r4, r6 \n\t" \
- "lsrs r4, r6, #16 \n\t" \
- "lsls r6, r6, #16 \n\t" \
- "adds %[l], %[l], r6 \n\t" \
- "adcs %[h], %[h], r4 \n\t" \
- : [l] "+l" (vl), [h] "+l" (vh) \
- : [a] "l" (va), [b] "l" (vb) \
- : "r4", "r5", "r6", "cc" \
- )
- #ifndef WOLFSSL_SP_SMALL
- /* Multiply va by vb and add double size result twice into: vo | vh | vl */
- #define SP_ASM_MUL_ADD2(vl, vh, vo, va, vb) \
- __asm__ __volatile__ ( \
- /* al * bl */ \
- "uxth r6, %[a] \n\t" \
- "uxth r7, %[b] \n\t" \
- "muls r7, r6, r7 \n\t" \
- "adds %[l], %[l], r7 \n\t" \
- "movs r5, #0 \n\t" \
- "adcs %[h], %[h], r5 \n\t" \
- "adcs %[o], %[o], r5 \n\t" \
- "adds %[l], %[l], r7 \n\t" \
- "adcs %[h], %[h], r5 \n\t" \
- "adcs %[o], %[o], r5 \n\t" \
- /* al * bh */ \
- "lsrs r7, %[b], #16 \n\t" \
- "muls r6, r7, r6 \n\t" \
- "lsrs r7, r6, #16 \n\t" \
- "lsls r6, r6, #16 \n\t" \
- "adds %[l], %[l], r6 \n\t" \
- "adcs %[h], %[h], r7 \n\t" \
- "adcs %[o], %[o], r5 \n\t" \
- "adds %[l], %[l], r6 \n\t" \
- "adcs %[h], %[h], r7 \n\t" \
- "adcs %[o], %[o], r5 \n\t" \
- /* ah * bh */ \
- "lsrs r6, %[a], #16 \n\t" \
- "lsrs r7, %[b], #16 \n\t" \
- "muls r7, r6, r7 \n\t" \
- "adds %[h], %[h], r7 \n\t" \
- "adcs %[o], %[o], r5 \n\t" \
- "adds %[h], %[h], r7 \n\t" \
- "adcs %[o], %[o], r5 \n\t" \
- /* ah * bl */ \
- "uxth r7, %[b] \n\t" \
- "muls r6, r7, r6 \n\t" \
- "lsrs r7, r6, #16 \n\t" \
- "lsls r6, r6, #16 \n\t" \
- "adds %[l], %[l], r6 \n\t" \
- "adcs %[h], %[h], r7 \n\t" \
- "adcs %[o], %[o], r5 \n\t" \
- "adds %[l], %[l], r6 \n\t" \
- "adcs %[h], %[h], r7 \n\t" \
- "adcs %[o], %[o], r5 \n\t" \
- : [l] "+l" (vl), [h] "+l" (vh), [o] "+l" (vo) \
- : [a] "l" (va), [b] "l" (vb) \
- : "r5", "r6", "r7", "cc" \
- )
- #else
- /* Multiply va by vb and add double size result twice into: vo | vh | vl */
- #define SP_ASM_MUL_ADD2(vl, vh, vo, va, vb) \
- __asm__ __volatile__ ( \
- "movs r8, %[a] \n\t" \
- /* al * bl */ \
- "uxth r6, %[a] \n\t" \
- "uxth r5, %[b] \n\t" \
- "muls r5, r6, r5 \n\t" \
- "adds %[l], %[l], r5 \n\t" \
- "movs %[a], #0 \n\t" \
- "adcs %[h], %[h], %[a] \n\t" \
- "adcs %[o], %[o], %[a] \n\t" \
- "adds %[l], %[l], r5 \n\t" \
- "adcs %[h], %[h], %[a] \n\t" \
- "adcs %[o], %[o], %[a] \n\t" \
- /* al * bh */ \
- "lsrs r5, %[b], #16 \n\t" \
- "muls r6, r5, r6 \n\t" \
- "lsrs r5, r6, #16 \n\t" \
- "lsls r6, r6, #16 \n\t" \
- "adds %[l], %[l], r6 \n\t" \
- "adcs %[h], %[h], r5 \n\t" \
- "adcs %[o], %[o], %[a] \n\t" \
- "adds %[l], %[l], r6 \n\t" \
- "adcs %[h], %[h], r5 \n\t" \
- "adcs %[o], %[o], %[a] \n\t" \
- /* ah * bh */ \
- "movs %[a], r8 \n\t" \
- "lsrs r6, %[a], #16 \n\t" \
- "lsrs r5, %[b], #16 \n\t" \
- "muls r5, r6, r5 \n\t" \
- "adds %[h], %[h], r5 \n\t" \
- "movs %[a], #0 \n\t" \
- "adcs %[o], %[o], %[a] \n\t" \
- "adds %[h], %[h], r5 \n\t" \
- "adcs %[o], %[o], %[a] \n\t" \
- /* ah * bl */ \
- "uxth r5, %[b] \n\t" \
- "muls r6, r5, r6 \n\t" \
- "lsrs r5, r6, #16 \n\t" \
- "lsls r6, r6, #16 \n\t" \
- "adds %[l], %[l], r6 \n\t" \
- "adcs %[h], %[h], r5 \n\t" \
- "adcs %[o], %[o], %[a] \n\t" \
- "adds %[l], %[l], r6 \n\t" \
- "adcs %[h], %[h], r5 \n\t" \
- "adcs %[o], %[o], %[a] \n\t" \
- "movs %[a], r8 \n\t" \
- : [l] "+l" (vl), [h] "+l" (vh), [o] "+l" (vo) \
- : [a] "l" (va), [b] "l" (vb) \
- : "r5", "r6", "r8", "cc" \
- )
- #endif
- /* Multiply va by vb and add double size result twice into: vo | vh | vl
- * Assumes first add will not overflow vh | vl
- */
- #define SP_ASM_MUL_ADD2_NO(vl, vh, vo, va, vb) \
- __asm__ __volatile__ ( \
- /* al * bl */ \
- "uxth r6, %[a] \n\t" \
- "uxth r7, %[b] \n\t" \
- "muls r7, r6, r7 \n\t" \
- "adds %[l], %[l], r7 \n\t" \
- "movs r5, #0 \n\t" \
- "adcs %[h], %[h], r5 \n\t" \
- "adds %[l], %[l], r7 \n\t" \
- "adcs %[h], %[h], r5 \n\t" \
- /* al * bh */ \
- "lsrs r7, %[b], #16 \n\t" \
- "muls r6, r7, r6 \n\t" \
- "lsrs r7, r6, #16 \n\t" \
- "lsls r6, r6, #16 \n\t" \
- "adds %[l], %[l], r6 \n\t" \
- "adcs %[h], %[h], r7 \n\t" \
- "adds %[l], %[l], r6 \n\t" \
- "adcs %[h], %[h], r7 \n\t" \
- "adcs %[o], %[o], r5 \n\t" \
- /* ah * bh */ \
- "lsrs r6, %[a], #16 \n\t" \
- "lsrs r7, %[b], #16 \n\t" \
- "muls r7, r6, r7 \n\t" \
- "adds %[h], %[h], r7 \n\t" \
- "adcs %[o], %[o], r5 \n\t" \
- "adds %[h], %[h], r7 \n\t" \
- "adcs %[o], %[o], r5 \n\t" \
- /* ah * bl */ \
- "uxth r7, %[b] \n\t" \
- "muls r6, r7, r6 \n\t" \
- "lsrs r7, r6, #16 \n\t" \
- "lsls r6, r6, #16 \n\t" \
- "adds %[l], %[l], r6 \n\t" \
- "adcs %[h], %[h], r7 \n\t" \
- "adcs %[o], %[o], r5 \n\t" \
- "adds %[l], %[l], r6 \n\t" \
- "adcs %[h], %[h], r7 \n\t" \
- "adcs %[o], %[o], r5 \n\t" \
- : [l] "+l" (vl), [h] "+l" (vh), [o] "+l" (vo) \
- : [a] "l" (va), [b] "l" (vb) \
- : "r5", "r6", "r7", "cc" \
- )
- /* Square va and store double size result in: vh | vl */
- #define SP_ASM_SQR(vl, vh, va) \
- __asm__ __volatile__ ( \
- "lsrs r5, %[a], #16 \n\t" \
- "uxth r6, %[a] \n\t" \
- "mov %[l], r6 \n\t" \
- "mov %[h], r5 \n\t" \
- /* al * al */ \
- "muls %[l], %[l], %[l] \n\t" \
- /* ah * ah */ \
- "muls %[h], %[h], %[h] \n\t" \
- /* 2 * al * ah */ \
- "muls r6, r5, r6 \n\t" \
- "lsrs r5, r6, #15 \n\t" \
- "lsls r6, r6, #17 \n\t" \
- "adds %[l], %[l], r6 \n\t" \
- "adcs %[h], %[h], r5 \n\t" \
- : [h] "+l" (vh), [l] "+l" (vl) \
- : [a] "l" (va) \
- : "r5", "r6", "cc" \
- )
- /* Square va and add double size result into: vo | vh | vl */
- #define SP_ASM_SQR_ADD(vl, vh, vo, va) \
- __asm__ __volatile__ ( \
- "lsrs r4, %[a], #16 \n\t" \
- "uxth r6, %[a] \n\t" \
- /* al * al */ \
- "muls r6, r6, r6 \n\t" \
- /* ah * ah */ \
- "muls r4, r4, r4 \n\t" \
- "adds %[l], %[l], r6 \n\t" \
- "adcs %[h], %[h], r4 \n\t" \
- "movs r5, #0 \n\t" \
- "adcs %[o], %[o], r5 \n\t" \
- "lsrs r4, %[a], #16 \n\t" \
- "uxth r6, %[a] \n\t" \
- /* 2 * al * ah */ \
- "muls r6, r4, r6 \n\t" \
- "lsrs r4, r6, #15 \n\t" \
- "lsls r6, r6, #17 \n\t" \
- "adds %[l], %[l], r6 \n\t" \
- "adcs %[h], %[h], r4 \n\t" \
- "adcs %[o], %[o], r5 \n\t" \
- : [l] "+l" (vl), [h] "+l" (vh), [o] "+l" (vo) \
- : [a] "l" (va) \
- : "r4", "r5", "r6", "cc" \
- )
- /* Square va and add double size result into: vh | vl */
- #define SP_ASM_SQR_ADD_NO(vl, vh, va) \
- __asm__ __volatile__ ( \
- "lsrs r7, %[a], #16 \n\t" \
- "uxth r6, %[a] \n\t" \
- /* al * al */ \
- "muls r6, r6, r6 \n\t" \
- /* ah * ah */ \
- "muls r7, r7, r7 \n\t" \
- "adds %[l], %[l], r6 \n\t" \
- "adcs %[h], %[h], r7 \n\t" \
- "lsrs r7, %[a], #16 \n\t" \
- "uxth r6, %[a] \n\t" \
- /* 2 * al * ah */ \
- "muls r6, r7, r6 \n\t" \
- "lsrs r7, r6, #15 \n\t" \
- "lsls r6, r6, #17 \n\t" \
- "adds %[l], %[l], r6 \n\t" \
- "adcs %[h], %[h], r7 \n\t" \
- : [l] "+l" (vl), [h] "+l" (vh) \
- : [a] "l" (va) \
- : "r6", "r7", "cc" \
- )
- /* Add va into: vh | vl */
- #define SP_ASM_ADDC(vl, vh, va) \
- __asm__ __volatile__ ( \
- "adds %[l], %[l], %[a] \n\t" \
- "movs r5, #0 \n\t" \
- "adcs %[h], %[h], r5 \n\t" \
- : [l] "+l" (vl), [h] "+l" (vh) \
- : [a] "l" (va) \
- : "r5", "cc" \
- )
- /* Sub va from: vh | vl */
- #define SP_ASM_SUBC(vl, vh, va) \
- __asm__ __volatile__ ( \
- "subs %[l], %[l], %[a] \n\t" \
- "movs r5, #0 \n\t" \
- "sbcs %[h], %[h], r5 \n\t" \
- : [l] "+l" (vl), [h] "+l" (vh) \
- : [a] "l" (va) \
- : "r5", "cc" \
- )
- /* Add two times vc | vb | va into vo | vh | vl */
- #define SP_ASM_ADD_DBL_3(vl, vh, vo, va, vb, vc) \
- __asm__ __volatile__ ( \
- "adds %[l], %[l], %[a] \n\t" \
- "adcs %[h], %[h], %[b] \n\t" \
- "adcs %[o], %[o], %[c] \n\t" \
- "adds %[l], %[l], %[a] \n\t" \
- "adcs %[h], %[h], %[b] \n\t" \
- "adcs %[o], %[o], %[c] \n\t" \
- : [l] "+l" (vl), [h] "+l" (vh), [o] "+l" (vo) \
- : [a] "l" (va), [b] "l" (vb), [c] "l" (vc) \
- : "cc" \
- )
- #elif defined(__GNUC__)
- /* Multiply va by vb and store double size result in: vh | vl */
- #define SP_ASM_MUL(vl, vh, va, vb) \
- __asm__ __volatile__ ( \
- /* al * bl */ \
- "uxth r6, %[a] \n\t" \
- "uxth %[l], %[b] \n\t" \
- "mul %[l], r6 \n\t" \
- /* al * bh */ \
- "lsr r4, %[b], #16 \n\t" \
- "mul r6, r4 \n\t" \
- "lsr %[h], r6, #16 \n\t" \
- "lsl r6, r6, #16 \n\t" \
- "add %[l], %[l], r6 \n\t" \
- "mov r5, #0 \n\t" \
- "adc %[h], r5 \n\t" \
- /* ah * bh */ \
- "lsr r6, %[a], #16 \n\t" \
- "mul r4, r6 \n\t" \
- "add %[h], %[h], r4 \n\t" \
- /* ah * bl */ \
- "uxth r4, %[b] \n\t" \
- "mul r6, r4 \n\t" \
- "lsr r4, r6, #16 \n\t" \
- "lsl r6, r6, #16 \n\t" \
- "add %[l], %[l], r6 \n\t" \
- "adc %[h], r4 \n\t" \
- : [h] "+l" (vh), [l] "+l" (vl) \
- : [a] "l" (va), [b] "l" (vb) \
- : "r4", "r5", "r6", "cc" \
- )
- /* Multiply va by vb and store double size result in: vo | vh | vl */
- #define SP_ASM_MUL_SET(vl, vh, vo, va, vb) \
- __asm__ __volatile__ ( \
- /* al * bl */ \
- "uxth r6, %[a] \n\t" \
- "uxth %[l], %[b] \n\t" \
- "mul %[l], r6 \n\t" \
- /* al * bh */ \
- "lsr r7, %[b], #16 \n\t" \
- "mul r6, r7 \n\t" \
- "lsr %[h], r6, #16 \n\t" \
- "lsl r6, r6, #16 \n\t" \
- "add %[l], %[l], r6 \n\t" \
- "mov %[o], #0 \n\t" \
- "adc %[h], %[o] \n\t" \
- /* ah * bh */ \
- "lsr r6, %[a], #16 \n\t" \
- "mul r7, r6 \n\t" \
- "add %[h], %[h], r7 \n\t" \
- /* ah * bl */ \
- "uxth r7, %[b] \n\t" \
- "mul r6, r7 \n\t" \
- "lsr r7, r6, #16 \n\t" \
- "lsl r6, r6, #16 \n\t" \
- "add %[l], %[l], r6 \n\t" \
- "adc %[h], r7 \n\t" \
- : [l] "+l" (vl), [h] "+l" (vh), [o] "+l" (vo) \
- : [a] "l" (va), [b] "l" (vb) \
- : "r6", "r7", "cc" \
- )
- #ifndef WOLFSSL_SP_SMALL
- /* Multiply va by vb and add double size result into: vo | vh | vl */
- #define SP_ASM_MUL_ADD(vl, vh, vo, va, vb) \
- __asm__ __volatile__ ( \
- /* al * bl */ \
- "uxth r6, %[a] \n\t" \
- "uxth r7, %[b] \n\t" \
- "mul r7, r6 \n\t" \
- "add %[l], %[l], r7 \n\t" \
- "mov r5, #0 \n\t" \
- "adc %[h], r5 \n\t" \
- "adc %[o], r5 \n\t" \
- /* al * bh */ \
- "lsr r7, %[b], #16 \n\t" \
- "mul r6, r7 \n\t" \
- "lsr r7, r6, #16 \n\t" \
- "lsl r6, r6, #16 \n\t" \
- "add %[l], %[l], r6 \n\t" \
- "adc %[h], r7 \n\t" \
- "adc %[o], r5 \n\t" \
- /* ah * bh */ \
- "lsr r6, %[a], #16 \n\t" \
- "lsr r7, %[b], #16 \n\t" \
- "mul r7, r6 \n\t" \
- "add %[h], %[h], r7 \n\t" \
- "adc %[o], r5 \n\t" \
- /* ah * bl */ \
- "uxth r7, %[b] \n\t" \
- "mul r6, r7 \n\t" \
- "lsr r7, r6, #16 \n\t" \
- "lsl r6, r6, #16 \n\t" \
- "add %[l], %[l], r6 \n\t" \
- "adc %[h], r7 \n\t" \
- "adc %[o], r5 \n\t" \
- : [l] "+l" (vl), [h] "+l" (vh), [o] "+l" (vo) \
- : [a] "l" (va), [b] "l" (vb) \
- : "r5", "r6", "r7", "cc" \
- )
- #else
- /* Multiply va by vb and add double size result into: vo | vh | vl */
- #define SP_ASM_MUL_ADD(vl, vh, vo, va, vb) \
- __asm__ __volatile__ ( \
- /* al * bl */ \
- "uxth r6, %[a] \n\t" \
- "uxth r5, %[b] \n\t" \
- "mul r5, r6 \n\t" \
- "add %[l], %[l], r5 \n\t" \
- "mov r5, #0 \n\t" \
- "adc %[h], r5 \n\t" \
- "adc %[o], r5 \n\t" \
- /* al * bh */ \
- "lsr r5, %[b], #16 \n\t" \
- "mul r6, r5 \n\t" \
- "lsr r5, r6, #16 \n\t" \
- "lsl r6, r6, #16 \n\t" \
- "add %[l], %[l], r6 \n\t" \
- "adc %[h], r5 \n\t" \
- "mov r5, #0 \n\t" \
- "adc %[o], r5 \n\t" \
- /* ah * bh */ \
- "lsr r6, %[a], #16 \n\t" \
- "lsr r5, %[b], #16 \n\t" \
- "mul r5, r6 \n\t" \
- "add %[h], %[h], r5 \n\t" \
- "mov r5, #0 \n\t" \
- "adc %[o], r5 \n\t" \
- /* ah * bl */ \
- "uxth r5, %[b] \n\t" \
- "mul r6, r5 \n\t" \
- "lsr r5, r6, #16 \n\t" \
- "lsl r6, r6, #16 \n\t" \
- "add %[l], %[l], r6 \n\t" \
- "adc %[h], r5 \n\t" \
- "mov r5, #0 \n\t" \
- "adc %[o], r5 \n\t" \
- : [l] "+l" (vl), [h] "+l" (vh), [o] "+l" (vo) \
- : [a] "l" (va), [b] "l" (vb) \
- : "r5", "r6", "cc" \
- )
- #endif
- /* Multiply va by vb and add double size result into: vh | vl */
- #define SP_ASM_MUL_ADD_NO(vl, vh, va, vb) \
- __asm__ __volatile__ ( \
- /* al * bl */ \
- "uxth r6, %[a] \n\t" \
- "uxth r4, %[b] \n\t" \
- "mul r4, r6 \n\t" \
- "add %[l], %[l], r4 \n\t" \
- "mov r5, #0 \n\t" \
- "adc %[h], r5 \n\t" \
- /* al * bh */ \
- "lsr r4, %[b], #16 \n\t" \
- "mul r6, r4 \n\t" \
- "lsr r4, r6, #16 \n\t" \
- "lsl r6, r6, #16 \n\t" \
- "add %[l], %[l], r6 \n\t" \
- "adc %[h], r4 \n\t" \
- /* ah * bh */ \
- "lsr r6, %[a], #16 \n\t" \
- "lsr r4, %[b], #16 \n\t" \
- "mul r4, r6 \n\t" \
- "add %[h], %[h], r4 \n\t" \
- /* ah * bl */ \
- "uxth r4, %[b] \n\t" \
- "mul r6, r4 \n\t" \
- "lsr r4, r6, #16 \n\t" \
- "lsl r6, r6, #16 \n\t" \
- "add %[l], %[l], r6 \n\t" \
- "adc %[h], r4 \n\t" \
- : [l] "+l" (vl), [h] "+l" (vh) \
- : [a] "l" (va), [b] "l" (vb) \
- : "r4", "r5", "r6", "cc" \
- )
- #ifndef WOLFSSL_SP_SMALL
- /* Multiply va by vb and add double size result twice into: vo | vh | vl */
- #define SP_ASM_MUL_ADD2(vl, vh, vo, va, vb) \
- __asm__ __volatile__ ( \
- /* al * bl */ \
- "uxth r6, %[a] \n\t" \
- "uxth r7, %[b] \n\t" \
- "mul r7, r6 \n\t" \
- "add %[l], %[l], r7 \n\t" \
- "mov r5, #0 \n\t" \
- "adc %[h], r5 \n\t" \
- "adc %[o], r5 \n\t" \
- "add %[l], %[l], r7 \n\t" \
- "adc %[h], r5 \n\t" \
- "adc %[o], r5 \n\t" \
- /* al * bh */ \
- "lsr r7, %[b], #16 \n\t" \
- "mul r6, r7 \n\t" \
- "lsr r7, r6, #16 \n\t" \
- "lsl r6, r6, #16 \n\t" \
- "add %[l], %[l], r6 \n\t" \
- "adc %[h], r7 \n\t" \
- "adc %[o], r5 \n\t" \
- "add %[l], %[l], r6 \n\t" \
- "adc %[h], r7 \n\t" \
- "adc %[o], r5 \n\t" \
- /* ah * bh */ \
- "lsr r6, %[a], #16 \n\t" \
- "lsr r7, %[b], #16 \n\t" \
- "mul r7, r6 \n\t" \
- "add %[h], %[h], r7 \n\t" \
- "adc %[o], r5 \n\t" \
- "add %[h], %[h], r7 \n\t" \
- "adc %[o], r5 \n\t" \
- /* ah * bl */ \
- "uxth r7, %[b] \n\t" \
- "mul r6, r7 \n\t" \
- "lsr r7, r6, #16 \n\t" \
- "lsl r6, r6, #16 \n\t" \
- "add %[l], %[l], r6 \n\t" \
- "adc %[h], r7 \n\t" \
- "adc %[o], r5 \n\t" \
- "add %[l], %[l], r6 \n\t" \
- "adc %[h], r7 \n\t" \
- "adc %[o], r5 \n\t" \
- : [l] "+l" (vl), [h] "+l" (vh), [o] "+l" (vo) \
- : [a] "l" (va), [b] "l" (vb) \
- : "r5", "r6", "r7", "cc" \
- )
- #else
- /* Multiply va by vb and add double size result twice into: vo | vh | vl */
- #define SP_ASM_MUL_ADD2(vl, vh, vo, va, vb) \
- __asm__ __volatile__ ( \
- "mov r8, %[a] \n\t" \
- /* al * bl */ \
- "uxth r6, %[a] \n\t" \
- "uxth r5, %[b] \n\t" \
- "mul r5, r6 \n\t" \
- "add %[l], %[l], r5 \n\t" \
- "mov %[a], #0 \n\t" \
- "adc %[h], %[a] \n\t" \
- "adc %[o], %[a] \n\t" \
- "add %[l], %[l], r5 \n\t" \
- "adc %[h], %[a] \n\t" \
- "adc %[o], %[a] \n\t" \
- /* al * bh */ \
- "lsr r5, %[b], #16 \n\t" \
- "mul r6, r5 \n\t" \
- "lsr r5, r6, #16 \n\t" \
- "lsl r6, r6, #16 \n\t" \
- "add %[l], %[l], r6 \n\t" \
- "adc %[h], r5 \n\t" \
- "adc %[o], %[a] \n\t" \
- "add %[l], %[l], r6 \n\t" \
- "adc %[h], r5 \n\t" \
- "adc %[o], %[a] \n\t" \
- /* ah * bh */ \
- "mov %[a], r8 \n\t" \
- "lsr r6, %[a], #16 \n\t" \
- "lsr r5, %[b], #16 \n\t" \
- "mul r5, r6 \n\t" \
- "add %[h], %[h], r5 \n\t" \
- "mov %[a], #0 \n\t" \
- "adc %[o], %[a] \n\t" \
- "add %[h], %[h], r5 \n\t" \
- "adc %[o], %[a] \n\t" \
- /* ah * bl */ \
- "uxth r5, %[b] \n\t" \
- "mul r6, r5 \n\t" \
- "lsr r5, r6, #16 \n\t" \
- "lsl r6, r6, #16 \n\t" \
- "add %[l], %[l], r6 \n\t" \
- "adc %[h], r5 \n\t" \
- "adc %[o], %[a] \n\t" \
- "add %[l], %[l], r6 \n\t" \
- "adc %[h], r5 \n\t" \
- "adc %[o], %[a] \n\t" \
- "mov %[a], r8 \n\t" \
- : [l] "+l" (vl), [h] "+l" (vh), [o] "+l" (vo) \
- : [a] "l" (va), [b] "l" (vb) \
- : "r5", "r6", "r8", "cc" \
- )
- #endif
- /* Multiply va by vb and add double size result twice into: vo | vh | vl
- * Assumes first add will not overflow vh | vl
- */
- #define SP_ASM_MUL_ADD2_NO(vl, vh, vo, va, vb) \
- __asm__ __volatile__ ( \
- /* al * bl */ \
- "uxth r6, %[a] \n\t" \
- "uxth r7, %[b] \n\t" \
- "mul r7, r6 \n\t" \
- "add %[l], %[l], r7 \n\t" \
- "mov r5, #0 \n\t" \
- "adc %[h], r5 \n\t" \
- "add %[l], %[l], r7 \n\t" \
- "adc %[h], r5 \n\t" \
- /* al * bh */ \
- "lsr r7, %[b], #16 \n\t" \
- "mul r6, r7 \n\t" \
- "lsr r7, r6, #16 \n\t" \
- "lsl r6, r6, #16 \n\t" \
- "add %[l], %[l], r6 \n\t" \
- "adc %[h], r7 \n\t" \
- "add %[l], %[l], r6 \n\t" \
- "adc %[h], r7 \n\t" \
- "adc %[o], r5 \n\t" \
- /* ah * bh */ \
- "lsr r6, %[a], #16 \n\t" \
- "lsr r7, %[b], #16 \n\t" \
- "mul r7, r6 \n\t" \
- "add %[h], %[h], r7 \n\t" \
- "adc %[o], r5 \n\t" \
- "add %[h], %[h], r7 \n\t" \
- "adc %[o], r5 \n\t" \
- /* ah * bl */ \
- "uxth r7, %[b] \n\t" \
- "mul r6, r7 \n\t" \
- "lsr r7, r6, #16 \n\t" \
- "lsl r6, r6, #16 \n\t" \
- "add %[l], %[l], r6 \n\t" \
- "adc %[h], r7 \n\t" \
- "adc %[o], r5 \n\t" \
- "add %[l], %[l], r6 \n\t" \
- "adc %[h], r7 \n\t" \
- "adc %[o], r5 \n\t" \
- : [l] "+l" (vl), [h] "+l" (vh), [o] "+l" (vo) \
- : [a] "l" (va), [b] "l" (vb) \
- : "r5", "r6", "r7", "cc" \
- )
- /* Square va and store double size result in: vh | vl */
- #define SP_ASM_SQR(vl, vh, va) \
- __asm__ __volatile__ ( \
- "lsr r5, %[a], #16 \n\t" \
- "uxth r6, %[a] \n\t" \
- "mov %[l], r6 \n\t" \
- "mov %[h], r5 \n\t" \
- /* al * al */ \
- "mul %[l], %[l] \n\t" \
- /* ah * ah */ \
- "mul %[h], %[h] \n\t" \
- /* 2 * al * ah */ \
- "mul r6, r5 \n\t" \
- "lsr r5, r6, #15 \n\t" \
- "lsl r6, r6, #17 \n\t" \
- "add %[l], %[l], r6 \n\t" \
- "adc %[h], r5 \n\t" \
- : [h] "+l" (vh), [l] "+l" (vl) \
- : [a] "l" (va) \
- : "r5", "r6", "cc" \
- )
- /* Square va and add double size result into: vo | vh | vl */
- #define SP_ASM_SQR_ADD(vl, vh, vo, va) \
- __asm__ __volatile__ ( \
- "lsr r4, %[a], #16 \n\t" \
- "uxth r6, %[a] \n\t" \
- /* al * al */ \
- "mul r6, r6 \n\t" \
- /* ah * ah */ \
- "mul r4, r4 \n\t" \
- "add %[l], %[l], r6 \n\t" \
- "adc %[h], r4 \n\t" \
- "mov r5, #0 \n\t" \
- "adc %[o], r5 \n\t" \
- "lsr r4, %[a], #16 \n\t" \
- "uxth r6, %[a] \n\t" \
- /* 2 * al * ah */ \
- "mul r6, r4 \n\t" \
- "lsr r4, r6, #15 \n\t" \
- "lsl r6, r6, #17 \n\t" \
- "add %[l], %[l], r6 \n\t" \
- "adc %[h], r4 \n\t" \
- "adc %[o], r5 \n\t" \
- : [l] "+l" (vl), [h] "+l" (vh), [o] "+l" (vo) \
- : [a] "l" (va) \
- : "r4", "r5", "r6", "cc" \
- )
- /* Square va and add double size result into: vh | vl */
- #define SP_ASM_SQR_ADD_NO(vl, vh, va) \
- __asm__ __volatile__ ( \
- "lsr r7, %[a], #16 \n\t" \
- "uxth r6, %[a] \n\t" \
- /* al * al */ \
- "mul r6, r6 \n\t" \
- /* ah * ah */ \
- "mul r7, r7 \n\t" \
- "add %[l], %[l], r6 \n\t" \
- "adc %[h], r7 \n\t" \
- "lsr r7, %[a], #16 \n\t" \
- "uxth r6, %[a] \n\t" \
- /* 2 * al * ah */ \
- "mul r6, r7 \n\t" \
- "lsr r7, r6, #15 \n\t" \
- "lsl r6, r6, #17 \n\t" \
- "add %[l], %[l], r6 \n\t" \
- "adc %[h], r7 \n\t" \
- : [l] "+l" (vl), [h] "+l" (vh) \
- : [a] "l" (va) \
- : "r6", "r7", "cc" \
- )
- /* Add va into: vh | vl */
- #define SP_ASM_ADDC(vl, vh, va) \
- __asm__ __volatile__ ( \
- "add %[l], %[l], %[a] \n\t" \
- "mov r5, #0 \n\t" \
- "adc %[h], r5 \n\t" \
- : [l] "+l" (vl), [h] "+l" (vh) \
- : [a] "l" (va) \
- : "r5", "cc" \
- )
- /* Sub va from: vh | vl */
- #define SP_ASM_SUBC(vl, vh, va) \
- __asm__ __volatile__ ( \
- "sub %[l], %[l], %[a] \n\t" \
- "mov r5, #0 \n\t" \
- "sbc %[h], r5 \n\t" \
- : [l] "+l" (vl), [h] "+l" (vh) \
- : [a] "l" (va) \
- : "r5", "cc" \
- )
- /* Add two times vc | vb | va into vo | vh | vl */
- #define SP_ASM_ADD_DBL_3(vl, vh, vo, va, vb, vc) \
- __asm__ __volatile__ ( \
- "add %[l], %[l], %[a] \n\t" \
- "adc %[h], %[b] \n\t" \
- "adc %[o], %[c] \n\t" \
- "add %[l], %[l], %[a] \n\t" \
- "adc %[h], %[b] \n\t" \
- "adc %[o], %[c] \n\t" \
- : [l] "+l" (vl), [h] "+l" (vh), [o] "+l" (vo) \
- : [a] "l" (va), [b] "l" (vb), [c] "l" (vc) \
- : "cc" \
- )
- #endif
- #ifdef WOLFSSL_SP_DIV_WORD_HALF
- /* Divide a two digit number by a digit number and return. (hi | lo) / d
- *
- * No division instruction used - does operation bit by bit.
- * Constant time.
- *
- * @param [in] hi SP integer digit. High digit of the dividend.
- * @param [in] lo SP integer digit. Lower digit of the dividend.
- * @param [in] d SP integer digit. Number to divide by.
- * @return The division result.
- */
- static WC_INLINE sp_int_digit sp_div_word(sp_int_digit hi, sp_int_digit lo,
- sp_int_digit d)
- {
- __asm__ __volatile__ (
- #if defined(__clang__) || defined(WOLFSSL_KEIL)
- "lsrs r3, %[d], #24\n\t"
- #else
- "lsr r3, %[d], #24\n\t"
- #endif
- "beq 2%=f\n\t"
- "\n1%=:\n\t"
- "movs r3, #0\n\t"
- "b 3%=f\n\t"
- "\n2%=:\n\t"
- "mov r3, #8\n\t"
- "\n3%=:\n\t"
- "movs r4, #31\n\t"
- #if defined(__clang__) || defined(WOLFSSL_KEIL)
- "subs r4, r4, r3\n\t"
- #else
- "sub r4, r4, r3\n\t"
- #endif
- #if defined(__clang__) || defined(WOLFSSL_KEIL)
- "lsls %[d], %[d], r3\n\t"
- #else
- "lsl %[d], %[d], r3\n\t"
- #endif
- #if defined(__clang__) || defined(WOLFSSL_KEIL)
- "lsls %[hi], %[hi], r3\n\t"
- #else
- "lsl %[hi], %[hi], r3\n\t"
- #endif
- "mov r5, %[lo]\n\t"
- #if defined(__clang__) || defined(WOLFSSL_KEIL)
- "lsrs r5, r5, r4\n\t"
- #else
- "lsr r5, r5, r4\n\t"
- #endif
- #if defined(__clang__) || defined(WOLFSSL_KEIL)
- "lsls %[lo], %[lo], r3\n\t"
- #else
- "lsl %[lo], %[lo], r3\n\t"
- #endif
- #if defined(__clang__) || defined(WOLFSSL_KEIL)
- "lsrs r5, r5, #1\n\t"
- #else
- "lsr r5, r5, #1\n\t"
- #endif
- #if defined(WOLFSSL_KEIL)
- "orrs %[hi], %[hi], r5\n\t"
- #elif defined(__clang__)
- "orrs %[hi], r5\n\t"
- #else
- "orr %[hi], r5\n\t"
- #endif
- "movs r3, #0\n\t"
- #if defined(__clang__) || defined(WOLFSSL_KEIL)
- "lsrs r5, %[d], #1\n\t"
- #else
- "lsr r5, %[d], #1\n\t"
- #endif
- #if defined(__clang__) || defined(WOLFSSL_KEIL)
- "adds r5, r5, #1\n\t"
- #else
- "add r5, r5, #1\n\t"
- #endif
- "mov r8, %[lo]\n\t"
- "mov r9, %[hi]\n\t"
- /* Do top 32 */
- "movs r6, r5\n\t"
- #if defined(__clang__) || defined(WOLFSSL_KEIL)
- "subs r6, r6, %[hi]\n\t"
- #else
- "sub r6, r6, %[hi]\n\t"
- #endif
- #ifdef WOLFSSL_KEIL
- "sbcs r6, r6, r6\n\t"
- #elif defined(__clang__)
- "sbcs r6, r6\n\t"
- #else
- "sbc r6, r6\n\t"
- #endif
- #if defined(__clang__) || defined(WOLFSSL_KEIL)
- "adds r3, r3, r3\n\t"
- #else
- "add r3, r3, r3\n\t"
- #endif
- #if defined(__clang__) || defined(WOLFSSL_KEIL)
- "subs r3, r3, r6\n\t"
- #else
- "sub r3, r3, r6\n\t"
- #endif
- #ifdef WOLFSSL_KEIL
- "ands r6, r6, r5\n\t"
- #elif defined(__clang__)
- "ands r6, r5\n\t"
- #else
- "and r6, r5\n\t"
- #endif
- #if defined(__clang__) || defined(WOLFSSL_KEIL)
- "subs %[hi], %[hi], r6\n\t"
- #else
- "sub %[hi], %[hi], r6\n\t"
- #endif
- "movs r4, #29\n\t"
- "\n"
- "L_sp_div_word_loop%=:\n\t"
- #if defined(__clang__) || defined(WOLFSSL_KEIL)
- "lsls %[lo], %[lo], #1\n\t"
- #else
- "lsl %[lo], %[lo], #1\n\t"
- #endif
- #ifdef WOLFSSL_KEIL
- "adcs %[hi], %[hi], %[hi]\n\t"
- #elif defined(__clang__)
- "adcs %[hi], %[hi]\n\t"
- #else
- "adc %[hi], %[hi]\n\t"
- #endif
- "movs r6, r5\n\t"
- #if defined(__clang__) || defined(WOLFSSL_KEIL)
- "subs r6, r6, %[hi]\n\t"
- #else
- "sub r6, r6, %[hi]\n\t"
- #endif
- #ifdef WOLFSSL_KEIL
- "sbcs r6, r6, r6\n\t"
- #elif defined(__clang__)
- "sbcs r6, r6\n\t"
- #else
- "sbc r6, r6\n\t"
- #endif
- #if defined(__clang__) || defined(WOLFSSL_KEIL)
- "adds r3, r3, r3\n\t"
- #else
- "add r3, r3, r3\n\t"
- #endif
- #if defined(__clang__) || defined(WOLFSSL_KEIL)
- "subs r3, r3, r6\n\t"
- #else
- "sub r3, r3, r6\n\t"
- #endif
- #ifdef WOLFSSL_KEIL
- "ands r6, r6, r5\n\t"
- #elif defined(__clang__)
- "ands r6, r5\n\t"
- #else
- "and r6, r5\n\t"
- #endif
- #if defined(__clang__) || defined(WOLFSSL_KEIL)
- "subs %[hi], %[hi], r6\n\t"
- #else
- "sub %[hi], %[hi], r6\n\t"
- #endif
- #if defined(__clang__) || defined(WOLFSSL_KEIL)
- "subs r4, r4, #1\n\t"
- #else
- "sub r4, r4, #1\n\t"
- #endif
- "bpl L_sp_div_word_loop%=\n\t"
- "movs r7, #0\n\t"
- #if defined(__clang__) || defined(WOLFSSL_KEIL)
- "adds r3, r3, r3\n\t"
- #else
- "add r3, r3, r3\n\t"
- #endif
- #if defined(__clang__) || defined(WOLFSSL_KEIL)
- "adds r3, r3, #1\n\t"
- #else
- "add r3, r3, #1\n\t"
- #endif
- /* r * d - Start */
- "uxth %[hi], r3\n\t"
- "uxth r4, %[d]\n\t"
- #ifdef WOLFSSL_KEIL
- "muls r4, %[hi], r4\n\t"
- #elif defined(__clang__)
- "muls r4, %[hi]\n\t"
- #else
- "mul r4, %[hi]\n\t"
- #endif
- #if defined(__clang__) || defined(WOLFSSL_KEIL)
- "lsrs r6, %[d], #16\n\t"
- #else
- "lsr r6, %[d], #16\n\t"
- #endif
- #ifdef WOLFSSL_KEIL
- "muls %[hi], r6, %[hi]\n\t"
- #elif defined(__clang__)
- "muls %[hi], r6\n\t"
- #else
- "mul %[hi], r6\n\t"
- #endif
- #if defined(__clang__) || defined(WOLFSSL_KEIL)
- "lsrs r5, %[hi], #16\n\t"
- #else
- "lsr r5, %[hi], #16\n\t"
- #endif
- #if defined(__clang__) || defined(WOLFSSL_KEIL)
- "lsls %[hi], %[hi], #16\n\t"
- #else
- "lsl %[hi], %[hi], #16\n\t"
- #endif
- #if defined(__clang__) || defined(WOLFSSL_KEIL)
- "adds r4, r4, %[hi]\n\t"
- #else
- "add r4, r4, %[hi]\n\t"
- #endif
- #ifdef WOLFSSL_KEIL
- "adcs r5, r5, r7\n\t"
- #elif defined(__clang__)
- "adcs r5, r7\n\t"
- #else
- "adc r5, r7\n\t"
- #endif
- #if defined(__clang__) || defined(WOLFSSL_KEIL)
- "lsrs %[hi], r3, #16\n\t"
- #else
- "lsr %[hi], r3, #16\n\t"
- #endif
- #ifdef WOLFSSL_KEIL
- "muls r6, %[hi], r6\n\t"
- #elif defined(__clang__)
- "muls r6, %[hi]\n\t"
- #else
- "mul r6, %[hi]\n\t"
- #endif
- #if defined(__clang__) || defined(WOLFSSL_KEIL)
- "adds r5, r5, r6\n\t"
- #else
- "add r5, r5, r6\n\t"
- #endif
- "uxth r6, %[d]\n\t"
- #ifdef WOLFSSL_KEIL
- "muls %[hi], r6, %[hi]\n\t"
- #elif defined(__clang__)
- "muls %[hi], r6\n\t"
- #else
- "mul %[hi], r6\n\t"
- #endif
- #if defined(__clang__) || defined(WOLFSSL_KEIL)
- "lsrs r6, %[hi], #16\n\t"
- #else
- "lsr r6, %[hi], #16\n\t"
- #endif
- #if defined(__clang__) || defined(WOLFSSL_KEIL)
- "lsls %[hi], %[hi], #16\n\t"
- #else
- "lsl %[hi], %[hi], #16\n\t"
- #endif
- #if defined(__clang__) || defined(WOLFSSL_KEIL)
- "adds r4, r4, %[hi]\n\t"
- #else
- "add r4, r4, %[hi]\n\t"
- #endif
- #ifdef WOLFSSL_KEIL
- "adcs r5, r5, r6\n\t"
- #elif defined(__clang__)
- "adcs r5, r6\n\t"
- #else
- "adc r5, r6\n\t"
- #endif
- /* r * d - Done */
- "mov %[hi], r8\n\t"
- #if defined(__clang__) || defined(WOLFSSL_KEIL)
- "subs %[hi], %[hi], r4\n\t"
- #else
- "sub %[hi], %[hi], r4\n\t"
- #endif
- "movs r4, %[hi]\n\t"
- "mov %[hi], r9\n\t"
- #ifdef WOLFSSL_KEIL
- "sbcs %[hi], %[hi], r5\n\t"
- #elif defined(__clang__)
- "sbcs %[hi], r5\n\t"
- #else
- "sbc %[hi], r5\n\t"
- #endif
- "movs r5, %[hi]\n\t"
- #if defined(__clang__) || defined(WOLFSSL_KEIL)
- "adds r3, r3, r5\n\t"
- #else
- "add r3, r3, r5\n\t"
- #endif
- /* r * d - Start */
- "uxth %[hi], r3\n\t"
- "uxth r4, %[d]\n\t"
- #ifdef WOLFSSL_KEIL
- "muls r4, %[hi], r4\n\t"
- #elif defined(__clang__)
- "muls r4, %[hi]\n\t"
- #else
- "mul r4, %[hi]\n\t"
- #endif
- #if defined(__clang__) || defined(WOLFSSL_KEIL)
- "lsrs r6, %[d], #16\n\t"
- #else
- "lsr r6, %[d], #16\n\t"
- #endif
- #ifdef WOLFSSL_KEIL
- "muls %[hi], r6, %[hi]\n\t"
- #elif defined(__clang__)
- "muls %[hi], r6\n\t"
- #else
- "mul %[hi], r6\n\t"
- #endif
- #if defined(__clang__) || defined(WOLFSSL_KEIL)
- "lsrs r5, %[hi], #16\n\t"
- #else
- "lsr r5, %[hi], #16\n\t"
- #endif
- #if defined(__clang__) || defined(WOLFSSL_KEIL)
- "lsls %[hi], %[hi], #16\n\t"
- #else
- "lsl %[hi], %[hi], #16\n\t"
- #endif
- #if defined(__clang__) || defined(WOLFSSL_KEIL)
- "adds r4, r4, %[hi]\n\t"
- #else
- "add r4, r4, %[hi]\n\t"
- #endif
- #ifdef WOLFSSL_KEIL
- "adcs r5, r5, r7\n\t"
- #elif defined(__clang__)
- "adcs r5, r7\n\t"
- #else
- "adc r5, r7\n\t"
- #endif
- #if defined(__clang__) || defined(WOLFSSL_KEIL)
- "lsrs %[hi], r3, #16\n\t"
- #else
- "lsr %[hi], r3, #16\n\t"
- #endif
- #ifdef WOLFSSL_KEIL
- "muls r6, %[hi], r6\n\t"
- #elif defined(__clang__)
- "muls r6, %[hi]\n\t"
- #else
- "mul r6, %[hi]\n\t"
- #endif
- #if defined(__clang__) || defined(WOLFSSL_KEIL)
- "adds r5, r5, r6\n\t"
- #else
- "add r5, r5, r6\n\t"
- #endif
- "uxth r6, %[d]\n\t"
- #ifdef WOLFSSL_KEIL
- "muls %[hi], r6, %[hi]\n\t"
- #elif defined(__clang__)
- "muls %[hi], r6\n\t"
- #else
- "mul %[hi], r6\n\t"
- #endif
- #if defined(__clang__) || defined(WOLFSSL_KEIL)
- "lsrs r6, %[hi], #16\n\t"
- #else
- "lsr r6, %[hi], #16\n\t"
- #endif
- #if defined(__clang__) || defined(WOLFSSL_KEIL)
- "lsls %[hi], %[hi], #16\n\t"
- #else
- "lsl %[hi], %[hi], #16\n\t"
- #endif
- #if defined(__clang__) || defined(WOLFSSL_KEIL)
- "adds r4, r4, %[hi]\n\t"
- #else
- "add r4, r4, %[hi]\n\t"
- #endif
- #ifdef WOLFSSL_KEIL
- "adcs r5, r5, r6\n\t"
- #elif defined(__clang__)
- "adcs r5, r6\n\t"
- #else
- "adc r5, r6\n\t"
- #endif
- /* r * d - Done */
- "mov %[hi], r8\n\t"
- "mov r6, r9\n\t"
- #ifdef WOLFSSL_KEIL
- "subs r4, %[hi], r4\n\t"
- #else
- #ifdef __clang__
- "subs r4, %[hi], r4\n\t"
- #else
- "sub r4, %[hi], r4\n\t"
- #endif
- #endif
- #ifdef WOLFSSL_KEIL
- "sbcs r6, r6, r5\n\t"
- #elif defined(__clang__)
- "sbcs r6, r5\n\t"
- #else
- "sbc r6, r5\n\t"
- #endif
- "movs r5, r6\n\t"
- #if defined(__clang__) || defined(WOLFSSL_KEIL)
- "adds r3, r3, r5\n\t"
- #else
- "add r3, r3, r5\n\t"
- #endif
- /* r * d - Start */
- "uxth %[hi], r3\n\t"
- "uxth r4, %[d]\n\t"
- #ifdef WOLFSSL_KEIL
- "muls r4, %[hi], r4\n\t"
- #elif defined(__clang__)
- "muls r4, %[hi]\n\t"
- #else
- "mul r4, %[hi]\n\t"
- #endif
- #if defined(__clang__) || defined(WOLFSSL_KEIL)
- "lsrs r6, %[d], #16\n\t"
- #else
- "lsr r6, %[d], #16\n\t"
- #endif
- #ifdef WOLFSSL_KEIL
- "muls %[hi], r6, %[hi]\n\t"
- #elif defined(__clang__)
- "muls %[hi], r6\n\t"
- #else
- "mul %[hi], r6\n\t"
- #endif
- #if defined(__clang__) || defined(WOLFSSL_KEIL)
- "lsrs r5, %[hi], #16\n\t"
- #else
- "lsr r5, %[hi], #16\n\t"
- #endif
- #if defined(__clang__) || defined(WOLFSSL_KEIL)
- "lsls %[hi], %[hi], #16\n\t"
- #else
- "lsl %[hi], %[hi], #16\n\t"
- #endif
- #if defined(__clang__) || defined(WOLFSSL_KEIL)
- "adds r4, r4, %[hi]\n\t"
- #else
- "add r4, r4, %[hi]\n\t"
- #endif
- #ifdef WOLFSSL_KEIL
- "adcs r5, r5, r7\n\t"
- #elif defined(__clang__)
- "adcs r5, r7\n\t"
- #else
- "adc r5, r7\n\t"
- #endif
- #if defined(__clang__) || defined(WOLFSSL_KEIL)
- "lsrs %[hi], r3, #16\n\t"
- #else
- "lsr %[hi], r3, #16\n\t"
- #endif
- #ifdef WOLFSSL_KEIL
- "muls r6, %[hi], r6\n\t"
- #elif defined(__clang__)
- "muls r6, %[hi]\n\t"
- #else
- "mul r6, %[hi]\n\t"
- #endif
- #if defined(__clang__) || defined(WOLFSSL_KEIL)
- "adds r5, r5, r6\n\t"
- #else
- "add r5, r5, r6\n\t"
- #endif
- "uxth r6, %[d]\n\t"
- #ifdef WOLFSSL_KEIL
- "muls %[hi], r6, %[hi]\n\t"
- #elif defined(__clang__)
- "muls %[hi], r6\n\t"
- #else
- "mul %[hi], r6\n\t"
- #endif
- #if defined(__clang__) || defined(WOLFSSL_KEIL)
- "lsrs r6, %[hi], #16\n\t"
- #else
- "lsr r6, %[hi], #16\n\t"
- #endif
- #if defined(__clang__) || defined(WOLFSSL_KEIL)
- "lsls %[hi], %[hi], #16\n\t"
- #else
- "lsl %[hi], %[hi], #16\n\t"
- #endif
- #if defined(__clang__) || defined(WOLFSSL_KEIL)
- "adds r4, r4, %[hi]\n\t"
- #else
- "add r4, r4, %[hi]\n\t"
- #endif
- #ifdef WOLFSSL_KEIL
- "adcs r5, r5, r6\n\t"
- #elif defined(__clang__)
- "adcs r5, r6\n\t"
- #else
- "adc r5, r6\n\t"
- #endif
- /* r * d - Done */
- "mov %[hi], r8\n\t"
- "mov r6, r9\n\t"
- #ifdef WOLFSSL_KEIL
- "subs r4, %[hi], r4\n\t"
- #else
- #ifdef __clang__
- "subs r4, %[hi], r4\n\t"
- #else
- "sub r4, %[hi], r4\n\t"
- #endif
- #endif
- #ifdef WOLFSSL_KEIL
- "sbcs r6, r6, r5\n\t"
- #elif defined(__clang__)
- "sbcs r6, r5\n\t"
- #else
- "sbc r6, r5\n\t"
- #endif
- "movs r5, r6\n\t"
- #if defined(__clang__) || defined(WOLFSSL_KEIL)
- "adds r3, r3, r5\n\t"
- #else
- "add r3, r3, r5\n\t"
- #endif
- "movs r6, %[d]\n\t"
- #if defined(__clang__) || defined(WOLFSSL_KEIL)
- "subs r6, r6, r4\n\t"
- #else
- "sub r6, r6, r4\n\t"
- #endif
- #ifdef WOLFSSL_KEIL
- "sbcs r6, r6, r6\n\t"
- #elif defined(__clang__)
- "sbcs r6, r6\n\t"
- #else
- "sbc r6, r6\n\t"
- #endif
- #if defined(__clang__) || defined(WOLFSSL_KEIL)
- "subs r3, r3, r6\n\t"
- #else
- "sub r3, r3, r6\n\t"
- #endif
- "movs %[hi], r3\n\t"
- : [hi] "+l" (hi), [lo] "+l" (lo), [d] "+l" (d)
- :
- : "r3", "r4", "r5", "r6", "r7", "r8", "r9"
- );
- return (uint32_t)(size_t)hi;
- }
- #define SP_ASM_DIV_WORD
- #endif /* !WOLFSSL_SP_DIV_WORD_HALF */
- #define SP_INT_ASM_AVAILABLE
- #endif /* WOLFSSL_SP_ARM_THUMB && SP_WORD_SIZE == 32 */
- #if defined(WOLFSSL_SP_PPC64) && SP_WORD_SIZE == 64
- /*
- * CPU: PPC64
- */
- /* Multiply va by vb and store double size result in: vh | vl */
- #define SP_ASM_MUL(vl, vh, va, vb) \
- __asm__ __volatile__ ( \
- "mulld %[l], %[a], %[b] \n\t" \
- "mulhdu %[h], %[a], %[b] \n\t" \
- : [h] "+r" (vh), [l] "+r" (vl) \
- : [a] "r" (va), [b] "r" (vb) \
- : "memory" \
- )
- /* Multiply va by vb and store double size result in: vo | vh | vl */
- #define SP_ASM_MUL_SET(vl, vh, vo, va, vb) \
- __asm__ __volatile__ ( \
- "mulhdu %[h], %[a], %[b] \n\t" \
- "mulld %[l], %[a], %[b] \n\t" \
- "li %[o], 0 \n\t" \
- : [l] "+r" (vl), [h] "+r" (vh), [o] "=r" (vo) \
- : [a] "r" (va), [b] "r" (vb) \
- : \
- )
- /* Multiply va by vb and add double size result into: vo | vh | vl */
- #define SP_ASM_MUL_ADD(vl, vh, vo, va, vb) \
- __asm__ __volatile__ ( \
- "mulld 16, %[a], %[b] \n\t" \
- "mulhdu 17, %[a], %[b] \n\t" \
- "addc %[l], %[l], 16 \n\t" \
- "adde %[h], %[h], 17 \n\t" \
- "addze %[o], %[o] \n\t" \
- : [l] "+r" (vl), [h] "+r" (vh), [o] "+r" (vo) \
- : [a] "r" (va), [b] "r" (vb) \
- : "16", "17", "cc" \
- )
- /* Multiply va by vb and add double size result into: vh | vl */
- #define SP_ASM_MUL_ADD_NO(vl, vh, va, vb) \
- __asm__ __volatile__ ( \
- "mulld 16, %[a], %[b] \n\t" \
- "mulhdu 17, %[a], %[b] \n\t" \
- "addc %[l], %[l], 16 \n\t" \
- "adde %[h], %[h], 17 \n\t" \
- : [l] "+r" (vl), [h] "+r" (vh) \
- : [a] "r" (va), [b] "r" (vb) \
- : "16", "17", "cc" \
- )
- /* Multiply va by vb and add double size result twice into: vo | vh | vl */
- #define SP_ASM_MUL_ADD2(vl, vh, vo, va, vb) \
- __asm__ __volatile__ ( \
- "mulld 16, %[a], %[b] \n\t" \
- "mulhdu 17, %[a], %[b] \n\t" \
- "addc %[l], %[l], 16 \n\t" \
- "adde %[h], %[h], 17 \n\t" \
- "addze %[o], %[o] \n\t" \
- "addc %[l], %[l], 16 \n\t" \
- "adde %[h], %[h], 17 \n\t" \
- "addze %[o], %[o] \n\t" \
- : [l] "+r" (vl), [h] "+r" (vh), [o] "+r" (vo) \
- : [a] "r" (va), [b] "r" (vb) \
- : "16", "17", "cc" \
- )
- /* Multiply va by vb and add double size result twice into: vo | vh | vl
- * Assumes first add will not overflow vh | vl
- */
- #define SP_ASM_MUL_ADD2_NO(vl, vh, vo, va, vb) \
- __asm__ __volatile__ ( \
- "mulld 16, %[a], %[b] \n\t" \
- "mulhdu 17, %[a], %[b] \n\t" \
- "addc %[l], %[l], 16 \n\t" \
- "adde %[h], %[h], 17 \n\t" \
- "addc %[l], %[l], 16 \n\t" \
- "adde %[h], %[h], 17 \n\t" \
- "addze %[o], %[o] \n\t" \
- : [l] "+r" (vl), [h] "+r" (vh), [o] "+r" (vo) \
- : [a] "r" (va), [b] "r" (vb) \
- : "16", "17", "cc" \
- )
- /* Square va and store double size result in: vh | vl */
- #define SP_ASM_SQR(vl, vh, va) \
- __asm__ __volatile__ ( \
- "mulld %[l], %[a], %[a] \n\t" \
- "mulhdu %[h], %[a], %[a] \n\t" \
- : [h] "+r" (vh), [l] "+r" (vl) \
- : [a] "r" (va) \
- : "memory" \
- )
- /* Square va and add double size result into: vo | vh | vl */
- #define SP_ASM_SQR_ADD(vl, vh, vo, va) \
- __asm__ __volatile__ ( \
- "mulld 16, %[a], %[a] \n\t" \
- "mulhdu 17, %[a], %[a] \n\t" \
- "addc %[l], %[l], 16 \n\t" \
- "adde %[h], %[h], 17 \n\t" \
- "addze %[o], %[o] \n\t" \
- : [l] "+r" (vl), [h] "+r" (vh), [o] "+r" (vo) \
- : [a] "r" (va) \
- : "16", "17", "cc" \
- )
- /* Square va and add double size result into: vh | vl */
- #define SP_ASM_SQR_ADD_NO(vl, vh, va) \
- __asm__ __volatile__ ( \
- "mulld 16, %[a], %[a] \n\t" \
- "mulhdu 17, %[a], %[a] \n\t" \
- "addc %[l], %[l], 16 \n\t" \
- "adde %[h], %[h], 17 \n\t" \
- : [l] "+r" (vl), [h] "+r" (vh) \
- : [a] "r" (va) \
- : "16", "17", "cc" \
- )
- /* Add va into: vh | vl */
- #define SP_ASM_ADDC(vl, vh, va) \
- __asm__ __volatile__ ( \
- "addc %[l], %[l], %[a] \n\t" \
- "addze %[h], %[h] \n\t" \
- : [l] "+r" (vl), [h] "+r" (vh) \
- : [a] "r" (va) \
- : "cc" \
- )
- /* Sub va from: vh | vl */
- #define SP_ASM_SUBC(vl, vh, va) \
- __asm__ __volatile__ ( \
- "subfc %[l], %[a], %[l] \n\t" \
- "li 16, 0 \n\t" \
- "subfe %[h], 16, %[h] \n\t" \
- : [l] "+r" (vl), [h] "+r" (vh) \
- : [a] "r" (va) \
- : "16", "cc" \
- )
- /* Add two times vc | vb | va into vo | vh | vl */
- #define SP_ASM_ADD_DBL_3(vl, vh, vo, va, vb, vc) \
- __asm__ __volatile__ ( \
- "addc %[l], %[l], %[a] \n\t" \
- "adde %[h], %[h], %[b] \n\t" \
- "adde %[o], %[o], %[c] \n\t" \
- "addc %[l], %[l], %[a] \n\t" \
- "adde %[h], %[h], %[b] \n\t" \
- "adde %[o], %[o], %[c] \n\t" \
- : [l] "+r" (vl), [h] "+r" (vh), [o] "+r" (vo) \
- : [a] "r" (va), [b] "r" (vb), [c] "r" (vc) \
- : "cc" \
- )
- #define SP_INT_ASM_AVAILABLE
- #endif /* WOLFSSL_SP_PPC64 && SP_WORD_SIZE == 64 */
- #if defined(WOLFSSL_SP_PPC) && SP_WORD_SIZE == 32
- /*
- * CPU: PPC 32-bit
- */
- /* Multiply va by vb and store double size result in: vh | vl */
- #define SP_ASM_MUL(vl, vh, va, vb) \
- __asm__ __volatile__ ( \
- "mullw %[l], %[a], %[b] \n\t" \
- "mulhwu %[h], %[a], %[b] \n\t" \
- : [h] "+r" (vh), [l] "+r" (vl) \
- : [a] "r" (va), [b] "r" (vb) \
- : "memory" \
- )
- /* Multiply va by vb and store double size result in: vo | vh | vl */
- #define SP_ASM_MUL_SET(vl, vh, vo, va, vb) \
- __asm__ __volatile__ ( \
- "mulhwu %[h], %[a], %[b] \n\t" \
- "mullw %[l], %[a], %[b] \n\t" \
- "li %[o], 0 \n\t" \
- : [l] "+r" (vl), [h] "+r" (vh), [o] "=r" (vo) \
- : [a] "r" (va), [b] "r" (vb) \
- : \
- )
- /* Multiply va by vb and add double size result into: vo | vh | vl */
- #define SP_ASM_MUL_ADD(vl, vh, vo, va, vb) \
- __asm__ __volatile__ ( \
- "mullw 16, %[a], %[b] \n\t" \
- "mulhwu 17, %[a], %[b] \n\t" \
- "addc %[l], %[l], 16 \n\t" \
- "adde %[h], %[h], 17 \n\t" \
- "addze %[o], %[o] \n\t" \
- : [l] "+r" (vl), [h] "+r" (vh), [o] "+r" (vo) \
- : [a] "r" (va), [b] "r" (vb) \
- : "16", "17", "cc" \
- )
- /* Multiply va by vb and add double size result into: vh | vl */
- #define SP_ASM_MUL_ADD_NO(vl, vh, va, vb) \
- __asm__ __volatile__ ( \
- "mullw 16, %[a], %[b] \n\t" \
- "mulhwu 17, %[a], %[b] \n\t" \
- "addc %[l], %[l], 16 \n\t" \
- "adde %[h], %[h], 17 \n\t" \
- : [l] "+r" (vl), [h] "+r" (vh) \
- : [a] "r" (va), [b] "r" (vb) \
- : "16", "17", "cc" \
- )
- /* Multiply va by vb and add double size result twice into: vo | vh | vl */
- #define SP_ASM_MUL_ADD2(vl, vh, vo, va, vb) \
- __asm__ __volatile__ ( \
- "mullw 16, %[a], %[b] \n\t" \
- "mulhwu 17, %[a], %[b] \n\t" \
- "addc %[l], %[l], 16 \n\t" \
- "adde %[h], %[h], 17 \n\t" \
- "addze %[o], %[o] \n\t" \
- "addc %[l], %[l], 16 \n\t" \
- "adde %[h], %[h], 17 \n\t" \
- "addze %[o], %[o] \n\t" \
- : [l] "+r" (vl), [h] "+r" (vh), [o] "+r" (vo) \
- : [a] "r" (va), [b] "r" (vb) \
- : "16", "17", "cc" \
- )
- /* Multiply va by vb and add double size result twice into: vo | vh | vl
- * Assumes first add will not overflow vh | vl
- */
- #define SP_ASM_MUL_ADD2_NO(vl, vh, vo, va, vb) \
- __asm__ __volatile__ ( \
- "mullw 16, %[a], %[b] \n\t" \
- "mulhwu 17, %[a], %[b] \n\t" \
- "addc %[l], %[l], 16 \n\t" \
- "adde %[h], %[h], 17 \n\t" \
- "addc %[l], %[l], 16 \n\t" \
- "adde %[h], %[h], 17 \n\t" \
- "addze %[o], %[o] \n\t" \
- : [l] "+r" (vl), [h] "+r" (vh), [o] "+r" (vo) \
- : [a] "r" (va), [b] "r" (vb) \
- : "16", "17", "cc" \
- )
- /* Square va and store double size result in: vh | vl */
- #define SP_ASM_SQR(vl, vh, va) \
- __asm__ __volatile__ ( \
- "mullw %[l], %[a], %[a] \n\t" \
- "mulhwu %[h], %[a], %[a] \n\t" \
- : [h] "+r" (vh), [l] "+r" (vl) \
- : [a] "r" (va) \
- : "memory" \
- )
- /* Square va and add double size result into: vo | vh | vl */
- #define SP_ASM_SQR_ADD(vl, vh, vo, va) \
- __asm__ __volatile__ ( \
- "mullw 16, %[a], %[a] \n\t" \
- "mulhwu 17, %[a], %[a] \n\t" \
- "addc %[l], %[l], 16 \n\t" \
- "adde %[h], %[h], 17 \n\t" \
- "addze %[o], %[o] \n\t" \
- : [l] "+r" (vl), [h] "+r" (vh), [o] "+r" (vo) \
- : [a] "r" (va) \
- : "16", "17", "cc" \
- )
- /* Square va and add double size result into: vh | vl */
- #define SP_ASM_SQR_ADD_NO(vl, vh, va) \
- __asm__ __volatile__ ( \
- "mullw 16, %[a], %[a] \n\t" \
- "mulhwu 17, %[a], %[a] \n\t" \
- "addc %[l], %[l], 16 \n\t" \
- "adde %[h], %[h], 17 \n\t" \
- : [l] "+r" (vl), [h] "+r" (vh) \
- : [a] "r" (va) \
- : "16", "17", "cc" \
- )
- /* Add va into: vh | vl */
- #define SP_ASM_ADDC(vl, vh, va) \
- __asm__ __volatile__ ( \
- "addc %[l], %[l], %[a] \n\t" \
- "addze %[h], %[h] \n\t" \
- : [l] "+r" (vl), [h] "+r" (vh) \
- : [a] "r" (va) \
- : "cc" \
- )
- /* Sub va from: vh | vl */
- #define SP_ASM_SUBC(vl, vh, va) \
- __asm__ __volatile__ ( \
- "subfc %[l], %[a], %[l] \n\t" \
- "li 16, 0 \n\t" \
- "subfe %[h], 16, %[h] \n\t" \
- : [l] "+r" (vl), [h] "+r" (vh) \
- : [a] "r" (va) \
- : "16", "cc" \
- )
- /* Add two times vc | vb | va into vo | vh | vl */
- #define SP_ASM_ADD_DBL_3(vl, vh, vo, va, vb, vc) \
- __asm__ __volatile__ ( \
- "addc %[l], %[l], %[a] \n\t" \
- "adde %[h], %[h], %[b] \n\t" \
- "adde %[o], %[o], %[c] \n\t" \
- "addc %[l], %[l], %[a] \n\t" \
- "adde %[h], %[h], %[b] \n\t" \
- "adde %[o], %[o], %[c] \n\t" \
- : [l] "+r" (vl), [h] "+r" (vh), [o] "+r" (vo) \
- : [a] "r" (va), [b] "r" (vb), [c] "r" (vc) \
- : "cc" \
- )
- #define SP_INT_ASM_AVAILABLE
- #endif /* WOLFSSL_SP_PPC && SP_WORD_SIZE == 64 */
- #if defined(WOLFSSL_SP_MIPS64) && SP_WORD_SIZE == 64
- /*
- * CPU: MIPS 64-bit
- */
- /* Multiply va by vb and store double size result in: vh | vl */
- #define SP_ASM_MUL(vl, vh, va, vb) \
- __asm__ __volatile__ ( \
- "dmultu %[a], %[b] \n\t" \
- "mflo %[l] \n\t" \
- "mfhi %[h] \n\t" \
- : [h] "+r" (vh), [l] "+r" (vl) \
- : [a] "r" (va), [b] "r" (vb) \
- : "memory", "$lo", "$hi" \
- )
- /* Multiply va by vb and store double size result in: vo | vh | vl */
- #define SP_ASM_MUL_SET(vl, vh, vo, va, vb) \
- __asm__ __volatile__ ( \
- "dmultu %[a], %[b] \n\t" \
- "mflo %[l] \n\t" \
- "mfhi %[h] \n\t" \
- "move %[o], $0 \n\t" \
- : [l] "+r" (vl), [h] "+r" (vh), [o] "=r" (vo) \
- : [a] "r" (va), [b] "r" (vb) \
- : "$lo", "$hi" \
- )
- /* Multiply va by vb and add double size result into: vo | vh | vl */
- #define SP_ASM_MUL_ADD(vl, vh, vo, va, vb) \
- __asm__ __volatile__ ( \
- "dmultu %[a], %[b] \n\t" \
- "mflo $10 \n\t" \
- "mfhi $11 \n\t" \
- "daddu %[l], %[l], $10 \n\t" \
- "sltu $12, %[l], $10 \n\t" \
- "daddu %[h], %[h], $12 \n\t" \
- "sltu $12, %[h], $12 \n\t" \
- "daddu %[o], %[o], $12 \n\t" \
- "daddu %[h], %[h], $11 \n\t" \
- "sltu $12, %[h], $11 \n\t" \
- "daddu %[o], %[o], $12 \n\t" \
- : [l] "+r" (vl), [h] "+r" (vh), [o] "+r" (vo) \
- : [a] "r" (va), [b] "r" (vb) \
- : "$10", "$11", "$12", "$lo", "$hi" \
- )
- /* Multiply va by vb and add double size result into: vh | vl */
- #define SP_ASM_MUL_ADD_NO(vl, vh, va, vb) \
- __asm__ __volatile__ ( \
- "dmultu %[a], %[b] \n\t" \
- "mflo $10 \n\t" \
- "mfhi $11 \n\t" \
- "daddu %[l], %[l], $10 \n\t" \
- "sltu $12, %[l], $10 \n\t" \
- "daddu %[h], %[h], $11 \n\t" \
- "daddu %[h], %[h], $12 \n\t" \
- : [l] "+r" (vl), [h] "+r" (vh) \
- : [a] "r" (va), [b] "r" (vb) \
- : "$10", "$11", "$12", "$lo", "$hi" \
- )
- /* Multiply va by vb and add double size result twice into: vo | vh | vl */
- #define SP_ASM_MUL_ADD2(vl, vh, vo, va, vb) \
- __asm__ __volatile__ ( \
- "dmultu %[a], %[b] \n\t" \
- "mflo $10 \n\t" \
- "mfhi $11 \n\t" \
- "daddu %[l], %[l], $10 \n\t" \
- "sltu $12, %[l], $10 \n\t" \
- "daddu %[h], %[h], $12 \n\t" \
- "sltu $12, %[h], $12 \n\t" \
- "daddu %[o], %[o], $12 \n\t" \
- "daddu %[h], %[h], $11 \n\t" \
- "sltu $12, %[h], $11 \n\t" \
- "daddu %[o], %[o], $12 \n\t" \
- "daddu %[l], %[l], $10 \n\t" \
- "sltu $12, %[l], $10 \n\t" \
- "daddu %[h], %[h], $12 \n\t" \
- "sltu $12, %[h], $12 \n\t" \
- "daddu %[o], %[o], $12 \n\t" \
- "daddu %[h], %[h], $11 \n\t" \
- "sltu $12, %[h], $11 \n\t" \
- "daddu %[o], %[o], $12 \n\t" \
- : [l] "+r" (vl), [h] "+r" (vh), [o] "+r" (vo) \
- : [a] "r" (va), [b] "r" (vb) \
- : "$10", "$11", "$12", "$lo", "$hi" \
- )
- /* Multiply va by vb and add double size result twice into: vo | vh | vl
- * Assumes first add will not overflow vh | vl
- */
- #define SP_ASM_MUL_ADD2_NO(vl, vh, vo, va, vb) \
- __asm__ __volatile__ ( \
- "dmultu %[a], %[b] \n\t" \
- "mflo $10 \n\t" \
- "mfhi $11 \n\t" \
- "daddu %[l], %[l], $10 \n\t" \
- "sltu $12, %[l], $10 \n\t" \
- "daddu %[h], %[h], $11 \n\t" \
- "daddu %[h], %[h], $12 \n\t" \
- "daddu %[l], %[l], $10 \n\t" \
- "sltu $12, %[l], $10 \n\t" \
- "daddu %[h], %[h], $12 \n\t" \
- "sltu $12, %[h], $12 \n\t" \
- "daddu %[o], %[o], $12 \n\t" \
- "daddu %[h], %[h], $11 \n\t" \
- "sltu $12, %[h], $11 \n\t" \
- "daddu %[o], %[o], $12 \n\t" \
- : [l] "+r" (vl), [h] "+r" (vh), [o] "+r" (vo) \
- : [a] "r" (va), [b] "r" (vb) \
- : "$10", "$11", "$12", "$lo", "$hi" \
- )
- /* Square va and store double size result in: vh | vl */
- #define SP_ASM_SQR(vl, vh, va) \
- __asm__ __volatile__ ( \
- "dmultu %[a], %[a] \n\t" \
- "mflo %[l] \n\t" \
- "mfhi %[h] \n\t" \
- : [h] "+r" (vh), [l] "+r" (vl) \
- : [a] "r" (va) \
- : "memory", "$lo", "$hi" \
- )
- /* Square va and add double size result into: vo | vh | vl */
- #define SP_ASM_SQR_ADD(vl, vh, vo, va) \
- __asm__ __volatile__ ( \
- "dmultu %[a], %[a] \n\t" \
- "mflo $10 \n\t" \
- "mfhi $11 \n\t" \
- "daddu %[l], %[l], $10 \n\t" \
- "sltu $12, %[l], $10 \n\t" \
- "daddu %[h], %[h], $12 \n\t" \
- "sltu $12, %[h], $12 \n\t" \
- "daddu %[o], %[o], $12 \n\t" \
- "daddu %[h], %[h], $11 \n\t" \
- "sltu $12, %[h], $11 \n\t" \
- "daddu %[o], %[o], $12 \n\t" \
- : [l] "+r" (vl), [h] "+r" (vh), [o] "+r" (vo) \
- : [a] "r" (va) \
- : "$10", "$11", "$12", "$lo", "$hi" \
- )
- /* Square va and add double size result into: vh | vl */
- #define SP_ASM_SQR_ADD_NO(vl, vh, va) \
- __asm__ __volatile__ ( \
- "dmultu %[a], %[a] \n\t" \
- "mflo $10 \n\t" \
- "mfhi $11 \n\t" \
- "daddu %[l], %[l], $10 \n\t" \
- "sltu $12, %[l], $10 \n\t" \
- "daddu %[h], %[h], $11 \n\t" \
- "daddu %[h], %[h], $12 \n\t" \
- : [l] "+r" (vl), [h] "+r" (vh) \
- : [a] "r" (va) \
- : "$10", "$11", "$12", "$lo", "$hi" \
- )
- /* Add va into: vh | vl */
- #define SP_ASM_ADDC(vl, vh, va) \
- __asm__ __volatile__ ( \
- "daddu %[l], %[l], %[a] \n\t" \
- "sltu $12, %[l], %[a] \n\t" \
- "daddu %[h], %[h], $12 \n\t" \
- : [l] "+r" (vl), [h] "+r" (vh) \
- : [a] "r" (va) \
- : "$12" \
- )
- /* Sub va from: vh | vl */
- #define SP_ASM_SUBC(vl, vh, va) \
- __asm__ __volatile__ ( \
- "move $12, %[l] \n\t" \
- "dsubu %[l], $12, %[a] \n\t" \
- "sltu $12, $12, %[l] \n\t" \
- "dsubu %[h], %[h], $12 \n\t" \
- : [l] "+r" (vl), [h] "+r" (vh) \
- : [a] "r" (va) \
- : "$12" \
- )
- /* Add two times vc | vb | va into vo | vh | vl */
- #define SP_ASM_ADD_DBL_3(vl, vh, vo, va, vb, vc) \
- __asm__ __volatile__ ( \
- "daddu %[l], %[l], %[a] \n\t" \
- "sltu $12, %[l], %[a] \n\t" \
- "daddu %[h], %[h], $12 \n\t" \
- "sltu $12, %[h], $12 \n\t" \
- "daddu %[o], %[o], $12 \n\t" \
- "daddu %[h], %[h], %[b] \n\t" \
- "sltu $12, %[h], %[b] \n\t" \
- "daddu %[o], %[o], %[c] \n\t" \
- "daddu %[o], %[o], $12 \n\t" \
- "daddu %[l], %[l], %[a] \n\t" \
- "sltu $12, %[l], %[a] \n\t" \
- "daddu %[h], %[h], $12 \n\t" \
- "sltu $12, %[h], $12 \n\t" \
- "daddu %[o], %[o], $12 \n\t" \
- "daddu %[h], %[h], %[b] \n\t" \
- "sltu $12, %[h], %[b] \n\t" \
- "daddu %[o], %[o], %[c] \n\t" \
- "daddu %[o], %[o], $12 \n\t" \
- : [l] "+r" (vl), [h] "+r" (vh), [o] "+r" (vo) \
- : [a] "r" (va), [b] "r" (vb), [c] "r" (vc) \
- : "$12" \
- )
- #define SP_INT_ASM_AVAILABLE
- #endif /* WOLFSSL_SP_MIPS64 && SP_WORD_SIZE == 64 */
- #if defined(WOLFSSL_SP_MIPS) && SP_WORD_SIZE == 32
- /*
- * CPU: MIPS 32-bit
- */
- /* Multiply va by vb and store double size result in: vh | vl */
- #define SP_ASM_MUL(vl, vh, va, vb) \
- __asm__ __volatile__ ( \
- "multu %[a], %[b] \n\t" \
- "mflo %[l] \n\t" \
- "mfhi %[h] \n\t" \
- : [h] "+r" (vh), [l] "+r" (vl) \
- : [a] "r" (va), [b] "r" (vb) \
- : "memory", "%lo", "%hi" \
- )
- /* Multiply va by vb and store double size result in: vo | vh | vl */
- #define SP_ASM_MUL_SET(vl, vh, vo, va, vb) \
- __asm__ __volatile__ ( \
- "multu %[a], %[b] \n\t" \
- "mflo %[l] \n\t" \
- "mfhi %[h] \n\t" \
- "move %[o], $0 \n\t" \
- : [l] "+r" (vl), [h] "+r" (vh), [o] "=r" (vo) \
- : [a] "r" (va), [b] "r" (vb) \
- : "%lo", "%hi" \
- )
- /* Multiply va by vb and add double size result into: vo | vh | vl */
- #define SP_ASM_MUL_ADD(vl, vh, vo, va, vb) \
- __asm__ __volatile__ ( \
- "multu %[a], %[b] \n\t" \
- "mflo $10 \n\t" \
- "mfhi $11 \n\t" \
- "addu %[l], %[l], $10 \n\t" \
- "sltu $12, %[l], $10 \n\t" \
- "addu %[h], %[h], $12 \n\t" \
- "sltu $12, %[h], $12 \n\t" \
- "addu %[o], %[o], $12 \n\t" \
- "addu %[h], %[h], $11 \n\t" \
- "sltu $12, %[h], $11 \n\t" \
- "addu %[o], %[o], $12 \n\t" \
- : [l] "+r" (vl), [h] "+r" (vh), [o] "+r" (vo) \
- : [a] "r" (va), [b] "r" (vb) \
- : "$10", "$11", "$12", "%lo", "%hi" \
- )
- /* Multiply va by vb and add double size result into: vh | vl */
- #define SP_ASM_MUL_ADD_NO(vl, vh, va, vb) \
- __asm__ __volatile__ ( \
- "multu %[a], %[b] \n\t" \
- "mflo $10 \n\t" \
- "mfhi $11 \n\t" \
- "addu %[l], %[l], $10 \n\t" \
- "sltu $12, %[l], $10 \n\t" \
- "addu %[h], %[h], $11 \n\t" \
- "addu %[h], %[h], $12 \n\t" \
- : [l] "+r" (vl), [h] "+r" (vh) \
- : [a] "r" (va), [b] "r" (vb) \
- : "$10", "$11", "$12", "%lo", "%hi" \
- )
- /* Multiply va by vb and add double size result twice into: vo | vh | vl */
- #define SP_ASM_MUL_ADD2(vl, vh, vo, va, vb) \
- __asm__ __volatile__ ( \
- "multu %[a], %[b] \n\t" \
- "mflo $10 \n\t" \
- "mfhi $11 \n\t" \
- "addu %[l], %[l], $10 \n\t" \
- "sltu $12, %[l], $10 \n\t" \
- "addu %[h], %[h], $12 \n\t" \
- "sltu $12, %[h], $12 \n\t" \
- "addu %[o], %[o], $12 \n\t" \
- "addu %[h], %[h], $11 \n\t" \
- "sltu $12, %[h], $11 \n\t" \
- "addu %[o], %[o], $12 \n\t" \
- "addu %[l], %[l], $10 \n\t" \
- "sltu $12, %[l], $10 \n\t" \
- "addu %[h], %[h], $12 \n\t" \
- "sltu $12, %[h], $12 \n\t" \
- "addu %[o], %[o], $12 \n\t" \
- "addu %[h], %[h], $11 \n\t" \
- "sltu $12, %[h], $11 \n\t" \
- "addu %[o], %[o], $12 \n\t" \
- : [l] "+r" (vl), [h] "+r" (vh), [o] "+r" (vo) \
- : [a] "r" (va), [b] "r" (vb) \
- : "$10", "$11", "$12", "%lo", "%hi" \
- )
- /* Multiply va by vb and add double size result twice into: vo | vh | vl
- * Assumes first add will not overflow vh | vl
- */
- #define SP_ASM_MUL_ADD2_NO(vl, vh, vo, va, vb) \
- __asm__ __volatile__ ( \
- "multu %[a], %[b] \n\t" \
- "mflo $10 \n\t" \
- "mfhi $11 \n\t" \
- "addu %[l], %[l], $10 \n\t" \
- "sltu $12, %[l], $10 \n\t" \
- "addu %[h], %[h], $11 \n\t" \
- "addu %[h], %[h], $12 \n\t" \
- "addu %[l], %[l], $10 \n\t" \
- "sltu $12, %[l], $10 \n\t" \
- "addu %[h], %[h], $12 \n\t" \
- "sltu $12, %[h], $12 \n\t" \
- "addu %[o], %[o], $12 \n\t" \
- "addu %[h], %[h], $11 \n\t" \
- "sltu $12, %[h], $11 \n\t" \
- "addu %[o], %[o], $12 \n\t" \
- : [l] "+r" (vl), [h] "+r" (vh), [o] "+r" (vo) \
- : [a] "r" (va), [b] "r" (vb) \
- : "$10", "$11", "$12", "%lo", "%hi" \
- )
- /* Square va and store double size result in: vh | vl */
- #define SP_ASM_SQR(vl, vh, va) \
- __asm__ __volatile__ ( \
- "multu %[a], %[a] \n\t" \
- "mflo %[l] \n\t" \
- "mfhi %[h] \n\t" \
- : [h] "+r" (vh), [l] "+r" (vl) \
- : [a] "r" (va) \
- : "memory", "%lo", "%hi" \
- )
- /* Square va and add double size result into: vo | vh | vl */
- #define SP_ASM_SQR_ADD(vl, vh, vo, va) \
- __asm__ __volatile__ ( \
- "multu %[a], %[a] \n\t" \
- "mflo $10 \n\t" \
- "mfhi $11 \n\t" \
- "addu %[l], %[l], $10 \n\t" \
- "sltu $12, %[l], $10 \n\t" \
- "addu %[h], %[h], $12 \n\t" \
- "sltu $12, %[h], $12 \n\t" \
- "addu %[o], %[o], $12 \n\t" \
- "addu %[h], %[h], $11 \n\t" \
- "sltu $12, %[h], $11 \n\t" \
- "addu %[o], %[o], $12 \n\t" \
- : [l] "+r" (vl), [h] "+r" (vh), [o] "+r" (vo) \
- : [a] "r" (va) \
- : "$10", "$11", "$12", "%lo", "%hi" \
- )
- /* Square va and add double size result into: vh | vl */
- #define SP_ASM_SQR_ADD_NO(vl, vh, va) \
- __asm__ __volatile__ ( \
- "multu %[a], %[a] \n\t" \
- "mflo $10 \n\t" \
- "mfhi $11 \n\t" \
- "addu %[l], %[l], $10 \n\t" \
- "sltu $12, %[l], $10 \n\t" \
- "addu %[h], %[h], $11 \n\t" \
- "addu %[h], %[h], $12 \n\t" \
- : [l] "+r" (vl), [h] "+r" (vh) \
- : [a] "r" (va) \
- : "$10", "$11", "$12", "%lo", "%hi" \
- )
- /* Add va into: vh | vl */
- #define SP_ASM_ADDC(vl, vh, va) \
- __asm__ __volatile__ ( \
- "addu %[l], %[l], %[a] \n\t" \
- "sltu $12, %[l], %[a] \n\t" \
- "addu %[h], %[h], $12 \n\t" \
- : [l] "+r" (vl), [h] "+r" (vh) \
- : [a] "r" (va) \
- : "$12" \
- )
- /* Sub va from: vh | vl */
- #define SP_ASM_SUBC(vl, vh, va) \
- __asm__ __volatile__ ( \
- "move $12, %[l] \n\t" \
- "subu %[l], $12, %[a] \n\t" \
- "sltu $12, $12, %[l] \n\t" \
- "subu %[h], %[h], $12 \n\t" \
- : [l] "+r" (vl), [h] "+r" (vh) \
- : [a] "r" (va) \
- : "$12" \
- )
- /* Add two times vc | vb | va into vo | vh | vl */
- #define SP_ASM_ADD_DBL_3(vl, vh, vo, va, vb, vc) \
- __asm__ __volatile__ ( \
- "addu %[l], %[l], %[a] \n\t" \
- "sltu $12, %[l], %[a] \n\t" \
- "addu %[h], %[h], $12 \n\t" \
- "sltu $12, %[h], $12 \n\t" \
- "addu %[o], %[o], $12 \n\t" \
- "addu %[h], %[h], %[b] \n\t" \
- "sltu $12, %[h], %[b] \n\t" \
- "addu %[o], %[o], %[c] \n\t" \
- "addu %[o], %[o], $12 \n\t" \
- "addu %[l], %[l], %[a] \n\t" \
- "sltu $12, %[l], %[a] \n\t" \
- "addu %[h], %[h], $12 \n\t" \
- "sltu $12, %[h], $12 \n\t" \
- "addu %[o], %[o], $12 \n\t" \
- "addu %[h], %[h], %[b] \n\t" \
- "sltu $12, %[h], %[b] \n\t" \
- "addu %[o], %[o], %[c] \n\t" \
- "addu %[o], %[o], $12 \n\t" \
- : [l] "+r" (vl), [h] "+r" (vh), [o] "+r" (vo) \
- : [a] "r" (va), [b] "r" (vb), [c] "r" (vc) \
- : "$12" \
- )
- #define SP_INT_ASM_AVAILABLE
- #endif /* WOLFSSL_SP_MIPS && SP_WORD_SIZE == 32 */
- #if defined(WOLFSSL_SP_RISCV64) && SP_WORD_SIZE == 64
- /*
- * CPU: RISCV 64-bit
- */
- /* Multiply va by vb and store double size result in: vh | vl */
- #define SP_ASM_MUL(vl, vh, va, vb) \
- __asm__ __volatile__ ( \
- "mul %[l], %[a], %[b] \n\t" \
- "mulhu %[h], %[a], %[b] \n\t" \
- : [h] "+r" (vh), [l] "+r" (vl) \
- : [a] "r" (va), [b] "r" (vb) \
- : "memory" \
- )
- /* Multiply va by vb and store double size result in: vo | vh | vl */
- #define SP_ASM_MUL_SET(vl, vh, vo, va, vb) \
- __asm__ __volatile__ ( \
- "mulhu %[h], %[a], %[b] \n\t" \
- "mul %[l], %[a], %[b] \n\t" \
- "add %[o], zero, zero \n\t" \
- : [l] "+r" (vl), [h] "+r" (vh), [o] "=r" (vo) \
- : [a] "r" (va), [b] "r" (vb) \
- : \
- )
- /* Multiply va by vb and add double size result into: vo | vh | vl */
- #define SP_ASM_MUL_ADD(vl, vh, vo, va, vb) \
- __asm__ __volatile__ ( \
- "mul a5, %[a], %[b] \n\t" \
- "mulhu a6, %[a], %[b] \n\t" \
- "add %[l], %[l], a5 \n\t" \
- "sltu a7, %[l], a5 \n\t" \
- "add %[h], %[h], a7 \n\t" \
- "sltu a7, %[h], a7 \n\t" \
- "add %[o], %[o], a7 \n\t" \
- "add %[h], %[h], a6 \n\t" \
- "sltu a7, %[h], a6 \n\t" \
- "add %[o], %[o], a7 \n\t" \
- : [l] "+r" (vl), [h] "+r" (vh), [o] "+r" (vo) \
- : [a] "r" (va), [b] "r" (vb) \
- : "a5", "a6", "a7" \
- )
- /* Multiply va by vb and add double size result into: vh | vl */
- #define SP_ASM_MUL_ADD_NO(vl, vh, va, vb) \
- __asm__ __volatile__ ( \
- "mul a5, %[a], %[b] \n\t" \
- "mulhu a6, %[a], %[b] \n\t" \
- "add %[l], %[l], a5 \n\t" \
- "sltu a7, %[l], a5 \n\t" \
- "add %[h], %[h], a6 \n\t" \
- "add %[h], %[h], a7 \n\t" \
- : [l] "+r" (vl), [h] "+r" (vh) \
- : [a] "r" (va), [b] "r" (vb) \
- : "a5", "a6", "a7" \
- )
- /* Multiply va by vb and add double size result twice into: vo | vh | vl */
- #define SP_ASM_MUL_ADD2(vl, vh, vo, va, vb) \
- __asm__ __volatile__ ( \
- "mul a5, %[a], %[b] \n\t" \
- "mulhu a6, %[a], %[b] \n\t" \
- "add %[l], %[l], a5 \n\t" \
- "sltu a7, %[l], a5 \n\t" \
- "add %[h], %[h], a7 \n\t" \
- "sltu a7, %[h], a7 \n\t" \
- "add %[o], %[o], a7 \n\t" \
- "add %[h], %[h], a6 \n\t" \
- "sltu a7, %[h], a6 \n\t" \
- "add %[o], %[o], a7 \n\t" \
- "add %[l], %[l], a5 \n\t" \
- "sltu a7, %[l], a5 \n\t" \
- "add %[h], %[h], a7 \n\t" \
- "sltu a7, %[h], a7 \n\t" \
- "add %[o], %[o], a7 \n\t" \
- "add %[h], %[h], a6 \n\t" \
- "sltu a7, %[h], a6 \n\t" \
- "add %[o], %[o], a7 \n\t" \
- : [l] "+r" (vl), [h] "+r" (vh), [o] "+r" (vo) \
- : [a] "r" (va), [b] "r" (vb) \
- : "a5", "a6", "a7" \
- )
- /* Multiply va by vb and add double size result twice into: vo | vh | vl
- * Assumes first add will not overflow vh | vl
- */
- #define SP_ASM_MUL_ADD2_NO(vl, vh, vo, va, vb) \
- __asm__ __volatile__ ( \
- "mul a5, %[a], %[b] \n\t" \
- "mulhu a6, %[a], %[b] \n\t" \
- "add %[l], %[l], a5 \n\t" \
- "sltu a7, %[l], a5 \n\t" \
- "add %[h], %[h], a6 \n\t" \
- "add %[h], %[h], a7 \n\t" \
- "add %[l], %[l], a5 \n\t" \
- "sltu a7, %[l], a5 \n\t" \
- "add %[h], %[h], a7 \n\t" \
- "sltu a7, %[h], a7 \n\t" \
- "add %[o], %[o], a7 \n\t" \
- "add %[h], %[h], a6 \n\t" \
- "sltu a7, %[h], a6 \n\t" \
- "add %[o], %[o], a7 \n\t" \
- : [l] "+r" (vl), [h] "+r" (vh), [o] "+r" (vo) \
- : [a] "r" (va), [b] "r" (vb) \
- : "a5", "a6", "a7" \
- )
- /* Square va and store double size result in: vh | vl */
- #define SP_ASM_SQR(vl, vh, va) \
- __asm__ __volatile__ ( \
- "mul %[l], %[a], %[a] \n\t" \
- "mulhu %[h], %[a], %[a] \n\t" \
- : [h] "+r" (vh), [l] "+r" (vl) \
- : [a] "r" (va) \
- : "memory" \
- )
- /* Square va and add double size result into: vo | vh | vl */
- #define SP_ASM_SQR_ADD(vl, vh, vo, va) \
- __asm__ __volatile__ ( \
- "mul a5, %[a], %[a] \n\t" \
- "mulhu a6, %[a], %[a] \n\t" \
- "add %[l], %[l], a5 \n\t" \
- "sltu a7, %[l], a5 \n\t" \
- "add %[h], %[h], a7 \n\t" \
- "sltu a7, %[h], a7 \n\t" \
- "add %[o], %[o], a7 \n\t" \
- "add %[h], %[h], a6 \n\t" \
- "sltu a7, %[h], a6 \n\t" \
- "add %[o], %[o], a7 \n\t" \
- : [l] "+r" (vl), [h] "+r" (vh), [o] "+r" (vo) \
- : [a] "r" (va) \
- : "a5", "a6", "a7" \
- )
- /* Square va and add double size result into: vh | vl */
- #define SP_ASM_SQR_ADD_NO(vl, vh, va) \
- __asm__ __volatile__ ( \
- "mul a5, %[a], %[a] \n\t" \
- "mulhu a6, %[a], %[a] \n\t" \
- "add %[l], %[l], a5 \n\t" \
- "sltu a7, %[l], a5 \n\t" \
- "add %[h], %[h], a6 \n\t" \
- "add %[h], %[h], a7 \n\t" \
- : [l] "+r" (vl), [h] "+r" (vh) \
- : [a] "r" (va) \
- : "a5", "a6", "a7" \
- )
- /* Add va into: vh | vl */
- #define SP_ASM_ADDC(vl, vh, va) \
- __asm__ __volatile__ ( \
- "add %[l], %[l], %[a] \n\t" \
- "sltu a7, %[l], %[a] \n\t" \
- "add %[h], %[h], a7 \n\t" \
- : [l] "+r" (vl), [h] "+r" (vh) \
- : [a] "r" (va) \
- : "a7" \
- )
- /* Sub va from: vh | vl */
- #define SP_ASM_SUBC(vl, vh, va) \
- __asm__ __volatile__ ( \
- "add a7, %[l], zero \n\t" \
- "sub %[l], a7, %[a] \n\t" \
- "sltu a7, a7, %[l] \n\t" \
- "sub %[h], %[h], a7 \n\t" \
- : [l] "+r" (vl), [h] "+r" (vh) \
- : [a] "r" (va) \
- : "a7" \
- )
- /* Add two times vc | vb | va into vo | vh | vl */
- #define SP_ASM_ADD_DBL_3(vl, vh, vo, va, vb, vc) \
- __asm__ __volatile__ ( \
- "add %[l], %[l], %[a] \n\t" \
- "sltu a7, %[l], %[a] \n\t" \
- "add %[h], %[h], a7 \n\t" \
- "sltu a7, %[h], a7 \n\t" \
- "add %[o], %[o], a7 \n\t" \
- "add %[h], %[h], %[b] \n\t" \
- "sltu a7, %[h], %[b] \n\t" \
- "add %[o], %[o], %[c] \n\t" \
- "add %[o], %[o], a7 \n\t" \
- "add %[l], %[l], %[a] \n\t" \
- "sltu a7, %[l], %[a] \n\t" \
- "add %[h], %[h], a7 \n\t" \
- "sltu a7, %[h], a7 \n\t" \
- "add %[o], %[o], a7 \n\t" \
- "add %[h], %[h], %[b] \n\t" \
- "sltu a7, %[h], %[b] \n\t" \
- "add %[o], %[o], %[c] \n\t" \
- "add %[o], %[o], a7 \n\t" \
- : [l] "+r" (vl), [h] "+r" (vh), [o] "+r" (vo) \
- : [a] "r" (va), [b] "r" (vb), [c] "r" (vc) \
- : "a7" \
- )
- #define SP_INT_ASM_AVAILABLE
- #endif /* WOLFSSL_SP_RISCV64 && SP_WORD_SIZE == 64 */
- #if defined(WOLFSSL_SP_RISCV32) && SP_WORD_SIZE == 32
- /*
- * CPU: RISCV 32-bit
- */
- /* Multiply va by vb and store double size result in: vh | vl */
- #define SP_ASM_MUL(vl, vh, va, vb) \
- __asm__ __volatile__ ( \
- "mul %[l], %[a], %[b] \n\t" \
- "mulhu %[h], %[a], %[b] \n\t" \
- : [h] "+r" (vh), [l] "+r" (vl) \
- : [a] "r" (va), [b] "r" (vb) \
- : "memory" \
- )
- /* Multiply va by vb and store double size result in: vo | vh | vl */
- #define SP_ASM_MUL_SET(vl, vh, vo, va, vb) \
- __asm__ __volatile__ ( \
- "mulhu %[h], %[a], %[b] \n\t" \
- "mul %[l], %[a], %[b] \n\t" \
- "add %[o], zero, zero \n\t" \
- : [l] "+r" (vl), [h] "+r" (vh), [o] "=r" (vo) \
- : [a] "r" (va), [b] "r" (vb) \
- : \
- )
- /* Multiply va by vb and add double size result into: vo | vh | vl */
- #define SP_ASM_MUL_ADD(vl, vh, vo, va, vb) \
- __asm__ __volatile__ ( \
- "mul a5, %[a], %[b] \n\t" \
- "mulhu a6, %[a], %[b] \n\t" \
- "add %[l], %[l], a5 \n\t" \
- "sltu a7, %[l], a5 \n\t" \
- "add %[h], %[h], a7 \n\t" \
- "sltu a7, %[h], a7 \n\t" \
- "add %[o], %[o], a7 \n\t" \
- "add %[h], %[h], a6 \n\t" \
- "sltu a7, %[h], a6 \n\t" \
- "add %[o], %[o], a7 \n\t" \
- : [l] "+r" (vl), [h] "+r" (vh), [o] "+r" (vo) \
- : [a] "r" (va), [b] "r" (vb) \
- : "a5", "a6", "a7" \
- )
- /* Multiply va by vb and add double size result into: vh | vl */
- #define SP_ASM_MUL_ADD_NO(vl, vh, va, vb) \
- __asm__ __volatile__ ( \
- "mul a5, %[a], %[b] \n\t" \
- "mulhu a6, %[a], %[b] \n\t" \
- "add %[l], %[l], a5 \n\t" \
- "sltu a7, %[l], a5 \n\t" \
- "add %[h], %[h], a6 \n\t" \
- "add %[h], %[h], a7 \n\t" \
- : [l] "+r" (vl), [h] "+r" (vh) \
- : [a] "r" (va), [b] "r" (vb) \
- : "a5", "a6", "a7" \
- )
- /* Multiply va by vb and add double size result twice into: vo | vh | vl */
- #define SP_ASM_MUL_ADD2(vl, vh, vo, va, vb) \
- __asm__ __volatile__ ( \
- "mul a5, %[a], %[b] \n\t" \
- "mulhu a6, %[a], %[b] \n\t" \
- "add %[l], %[l], a5 \n\t" \
- "sltu a7, %[l], a5 \n\t" \
- "add %[h], %[h], a7 \n\t" \
- "sltu a7, %[h], a7 \n\t" \
- "add %[o], %[o], a7 \n\t" \
- "add %[h], %[h], a6 \n\t" \
- "sltu a7, %[h], a6 \n\t" \
- "add %[o], %[o], a7 \n\t" \
- "add %[l], %[l], a5 \n\t" \
- "sltu a7, %[l], a5 \n\t" \
- "add %[h], %[h], a7 \n\t" \
- "sltu a7, %[h], a7 \n\t" \
- "add %[o], %[o], a7 \n\t" \
- "add %[h], %[h], a6 \n\t" \
- "sltu a7, %[h], a6 \n\t" \
- "add %[o], %[o], a7 \n\t" \
- : [l] "+r" (vl), [h] "+r" (vh), [o] "+r" (vo) \
- : [a] "r" (va), [b] "r" (vb) \
- : "a5", "a6", "a7" \
- )
- /* Multiply va by vb and add double size result twice into: vo | vh | vl
- * Assumes first add will not overflow vh | vl
- */
- #define SP_ASM_MUL_ADD2_NO(vl, vh, vo, va, vb) \
- __asm__ __volatile__ ( \
- "mul a5, %[a], %[b] \n\t" \
- "mulhu a6, %[a], %[b] \n\t" \
- "add %[l], %[l], a5 \n\t" \
- "sltu a7, %[l], a5 \n\t" \
- "add %[h], %[h], a6 \n\t" \
- "add %[h], %[h], a7 \n\t" \
- "add %[l], %[l], a5 \n\t" \
- "sltu a7, %[l], a5 \n\t" \
- "add %[h], %[h], a7 \n\t" \
- "sltu a7, %[h], a7 \n\t" \
- "add %[o], %[o], a7 \n\t" \
- "add %[h], %[h], a6 \n\t" \
- "sltu a7, %[h], a6 \n\t" \
- "add %[o], %[o], a7 \n\t" \
- : [l] "+r" (vl), [h] "+r" (vh), [o] "+r" (vo) \
- : [a] "r" (va), [b] "r" (vb) \
- : "a5", "a6", "a7" \
- )
- /* Square va and store double size result in: vh | vl */
- #define SP_ASM_SQR(vl, vh, va) \
- __asm__ __volatile__ ( \
- "mul %[l], %[a], %[a] \n\t" \
- "mulhu %[h], %[a], %[a] \n\t" \
- : [h] "+r" (vh), [l] "+r" (vl) \
- : [a] "r" (va) \
- : "memory" \
- )
- /* Square va and add double size result into: vo | vh | vl */
- #define SP_ASM_SQR_ADD(vl, vh, vo, va) \
- __asm__ __volatile__ ( \
- "mul a5, %[a], %[a] \n\t" \
- "mulhu a6, %[a], %[a] \n\t" \
- "add %[l], %[l], a5 \n\t" \
- "sltu a7, %[l], a5 \n\t" \
- "add %[h], %[h], a7 \n\t" \
- "sltu a7, %[h], a7 \n\t" \
- "add %[o], %[o], a7 \n\t" \
- "add %[h], %[h], a6 \n\t" \
- "sltu a7, %[h], a6 \n\t" \
- "add %[o], %[o], a7 \n\t" \
- : [l] "+r" (vl), [h] "+r" (vh), [o] "+r" (vo) \
- : [a] "r" (va) \
- : "a5", "a6", "a7" \
- )
- /* Square va and add double size result into: vh | vl */
- #define SP_ASM_SQR_ADD_NO(vl, vh, va) \
- __asm__ __volatile__ ( \
- "mul a5, %[a], %[a] \n\t" \
- "mulhu a6, %[a], %[a] \n\t" \
- "add %[l], %[l], a5 \n\t" \
- "sltu a7, %[l], a5 \n\t" \
- "add %[h], %[h], a6 \n\t" \
- "add %[h], %[h], a7 \n\t" \
- : [l] "+r" (vl), [h] "+r" (vh) \
- : [a] "r" (va) \
- : "a5", "a6", "a7" \
- )
- /* Add va into: vh | vl */
- #define SP_ASM_ADDC(vl, vh, va) \
- __asm__ __volatile__ ( \
- "add %[l], %[l], %[a] \n\t" \
- "sltu a7, %[l], %[a] \n\t" \
- "add %[h], %[h], a7 \n\t" \
- : [l] "+r" (vl), [h] "+r" (vh) \
- : [a] "r" (va) \
- : "a7" \
- )
- /* Sub va from: vh | vl */
- #define SP_ASM_SUBC(vl, vh, va) \
- __asm__ __volatile__ ( \
- "add a7, %[l], zero \n\t" \
- "sub %[l], a7, %[a] \n\t" \
- "sltu a7, a7, %[l] \n\t" \
- "sub %[h], %[h], a7 \n\t" \
- : [l] "+r" (vl), [h] "+r" (vh) \
- : [a] "r" (va) \
- : "a7" \
- )
- /* Add two times vc | vb | va into vo | vh | vl */
- #define SP_ASM_ADD_DBL_3(vl, vh, vo, va, vb, vc) \
- __asm__ __volatile__ ( \
- "add %[l], %[l], %[a] \n\t" \
- "sltu a7, %[l], %[a] \n\t" \
- "add %[h], %[h], a7 \n\t" \
- "sltu a7, %[h], a7 \n\t" \
- "add %[o], %[o], a7 \n\t" \
- "add %[h], %[h], %[b] \n\t" \
- "sltu a7, %[h], %[b] \n\t" \
- "add %[o], %[o], %[c] \n\t" \
- "add %[o], %[o], a7 \n\t" \
- "add %[l], %[l], %[a] \n\t" \
- "sltu a7, %[l], %[a] \n\t" \
- "add %[h], %[h], a7 \n\t" \
- "sltu a7, %[h], a7 \n\t" \
- "add %[o], %[o], a7 \n\t" \
- "add %[h], %[h], %[b] \n\t" \
- "sltu a7, %[h], %[b] \n\t" \
- "add %[o], %[o], %[c] \n\t" \
- "add %[o], %[o], a7 \n\t" \
- : [l] "+r" (vl), [h] "+r" (vh), [o] "+r" (vo) \
- : [a] "r" (va), [b] "r" (vb), [c] "r" (vc) \
- : "a7" \
- )
- #define SP_INT_ASM_AVAILABLE
- #endif /* WOLFSSL_SP_RISCV32 && SP_WORD_SIZE == 32 */
- #if defined(WOLFSSL_SP_S390X) && SP_WORD_SIZE == 64
- /*
- * CPU: Intel s390x
- */
- /* Multiply va by vb and store double size result in: vh | vl */
- #define SP_ASM_MUL(vl, vh, va, vb) \
- __asm__ __volatile__ ( \
- "lgr %%r1, %[a] \n\t" \
- "mlgr %%r0, %[b] \n\t" \
- "lgr %[l], %%r1 \n\t" \
- "lgr %[h], %%r0 \n\t" \
- : [h] "+r" (vh), [l] "+r" (vl) \
- : [a] "r" (va), [b] "r" (vb) \
- : "memory", "r0", "r1" \
- )
- /* Multiply va by vb and store double size result in: vo | vh | vl */
- #define SP_ASM_MUL_SET(vl, vh, vo, va, vb) \
- __asm__ __volatile__ ( \
- "lgr %%r1, %[a] \n\t" \
- "mlgr %%r0, %[b] \n\t" \
- "lghi %[o], 0 \n\t" \
- "lgr %[l], %%r1 \n\t" \
- "lgr %[h], %%r0 \n\t" \
- : [l] "+r" (vl), [h] "+r" (vh), [o] "=r" (vo) \
- : [a] "r" (va), [b] "r" (vb) \
- : "r0", "r1" \
- )
- /* Multiply va by vb and add double size result into: vo | vh | vl */
- #define SP_ASM_MUL_ADD(vl, vh, vo, va, vb) \
- __asm__ __volatile__ ( \
- "lghi %%r10, 0 \n\t" \
- "lgr %%r1, %[a] \n\t" \
- "mlgr %%r0, %[b] \n\t" \
- "algr %[l], %%r1 \n\t" \
- "alcgr %[h], %%r0 \n\t" \
- "alcgr %[o], %%r10 \n\t" \
- : [l] "+r" (vl), [h] "+r" (vh), [o] "+r" (vo) \
- : [a] "r" (va), [b] "r" (vb) \
- : "r0", "r1", "r10", "cc" \
- )
- /* Multiply va by vb and add double size result into: vh | vl */
- #define SP_ASM_MUL_ADD_NO(vl, vh, va, vb) \
- __asm__ __volatile__ ( \
- "lgr %%r1, %[a] \n\t" \
- "mlgr %%r0, %[b] \n\t" \
- "algr %[l], %%r1 \n\t" \
- "alcgr %[h], %%r0 \n\t" \
- : [l] "+r" (vl), [h] "+r" (vh) \
- : [a] "r" (va), [b] "r" (vb) \
- : "r0", "r1", "cc" \
- )
- /* Multiply va by vb and add double size result twice into: vo | vh | vl */
- #define SP_ASM_MUL_ADD2(vl, vh, vo, va, vb) \
- __asm__ __volatile__ ( \
- "lghi %%r10, 0 \n\t" \
- "lgr %%r1, %[a] \n\t" \
- "mlgr %%r0, %[b] \n\t" \
- "algr %[l], %%r1 \n\t" \
- "alcgr %[h], %%r0 \n\t" \
- "alcgr %[o], %%r10 \n\t" \
- "algr %[l], %%r1 \n\t" \
- "alcgr %[h], %%r0 \n\t" \
- "alcgr %[o], %%r10 \n\t" \
- : [l] "+r" (vl), [h] "+r" (vh), [o] "+r" (vo) \
- : [a] "r" (va), [b] "r" (vb) \
- : "r0", "r1", "r10", "cc" \
- )
- /* Multiply va by vb and add double size result twice into: vo | vh | vl
- * Assumes first add will not overflow vh | vl
- */
- #define SP_ASM_MUL_ADD2_NO(vl, vh, vo, va, vb) \
- __asm__ __volatile__ ( \
- "lghi %%r10, 0 \n\t" \
- "lgr %%r1, %[a] \n\t" \
- "mlgr %%r0, %[b] \n\t" \
- "algr %[l], %%r1 \n\t" \
- "alcgr %[h], %%r0 \n\t" \
- "algr %[l], %%r1 \n\t" \
- "alcgr %[h], %%r0 \n\t" \
- "alcgr %[o], %%r10 \n\t" \
- : [l] "+r" (vl), [h] "+r" (vh), [o] "+r" (vo) \
- : [a] "r" (va), [b] "r" (vb) \
- : "r0", "r1", "r10", "cc" \
- )
- /* Square va and store double size result in: vh | vl */
- #define SP_ASM_SQR(vl, vh, va) \
- __asm__ __volatile__ ( \
- "lgr %%r1, %[a] \n\t" \
- "mlgr %%r0, %%r1 \n\t" \
- "lgr %[l], %%r1 \n\t" \
- "lgr %[h], %%r0 \n\t" \
- : [h] "+r" (vh), [l] "+r" (vl) \
- : [a] "r" (va) \
- : "memory", "r0", "r1" \
- )
- /* Square va and add double size result into: vo | vh | vl */
- #define SP_ASM_SQR_ADD(vl, vh, vo, va) \
- __asm__ __volatile__ ( \
- "lghi %%r10, 0 \n\t" \
- "lgr %%r1, %[a] \n\t" \
- "mlgr %%r0, %%r1 \n\t" \
- "algr %[l], %%r1 \n\t" \
- "alcgr %[h], %%r0 \n\t" \
- "alcgr %[o], %%r10 \n\t" \
- : [l] "+r" (vl), [h] "+r" (vh), [o] "+r" (vo) \
- : [a] "r" (va) \
- : "r0", "r1", "r10", "cc" \
- )
- /* Square va and add double size result into: vh | vl */
- #define SP_ASM_SQR_ADD_NO(vl, vh, va) \
- __asm__ __volatile__ ( \
- "lgr %%r1, %[a] \n\t" \
- "mlgr %%r0, %%r1 \n\t" \
- "algr %[l], %%r1 \n\t" \
- "alcgr %[h], %%r0 \n\t" \
- : [l] "+r" (vl), [h] "+r" (vh) \
- : [a] "r" (va) \
- : "r0", "r1", "cc" \
- )
- /* Add va into: vh | vl */
- #define SP_ASM_ADDC(vl, vh, va) \
- __asm__ __volatile__ ( \
- "lghi %%r10, 0 \n\t" \
- "algr %[l], %[a] \n\t" \
- "alcgr %[h], %%r10 \n\t" \
- : [l] "+r" (vl), [h] "+r" (vh) \
- : [a] "r" (va) \
- : "r10", "cc" \
- )
- /* Sub va from: vh | vl */
- #define SP_ASM_SUBC(vl, vh, va) \
- __asm__ __volatile__ ( \
- "lghi %%r10, 0 \n\t" \
- "slgr %[l], %[a] \n\t" \
- "slbgr %[h], %%r10 \n\t" \
- : [l] "+r" (vl), [h] "+r" (vh) \
- : [a] "r" (va) \
- : "r10", "cc" \
- )
- /* Add two times vc | vb | va into vo | vh | vl */
- #define SP_ASM_ADD_DBL_3(vl, vh, vo, va, vb, vc) \
- __asm__ __volatile__ ( \
- "algr %[l], %[a] \n\t" \
- "alcgr %[h], %[b] \n\t" \
- "alcgr %[o], %[c] \n\t" \
- "algr %[l], %[a] \n\t" \
- "alcgr %[h], %[b] \n\t" \
- "alcgr %[o], %[c] \n\t" \
- : [l] "+r" (vl), [h] "+r" (vh), [o] "+r" (vo) \
- : [a] "r" (va), [b] "r" (vb), [c] "r" (vc) \
- : "cc" \
- )
- #define SP_INT_ASM_AVAILABLE
- #endif /* WOLFSSL_SP_S390X && SP_WORD_SIZE == 64 */
- #ifdef SP_INT_ASM_AVAILABLE
- #ifndef SP_INT_NO_ASM
- #define SQR_MUL_ASM
- #endif
- #ifndef SP_ASM_ADDC_REG
- #define SP_ASM_ADDC_REG SP_ASM_ADDC
- #endif /* SP_ASM_ADDC_REG */
- #endif /* SQR_MUL_ASM */
- #endif /* !WOLFSSL_NO_ASM */
- #if (!defined(NO_RSA) && !defined(WOLFSSL_RSA_PUBLIC_ONLY)) || \
- !defined(NO_DSA) || !defined(NO_DH) || \
- (defined(HAVE_ECC) && defined(HAVE_COMP_KEY)) || defined(OPENSSL_EXTRA) || \
- (defined(WOLFSSL_SP_MATH_ALL) && !defined(WOLFSSL_RSA_PUBLIC_ONLY))
- #ifndef WC_NO_CACHE_RESISTANT
- /* Mask of address for constant time operations. */
- const size_t sp_off_on_addr[2] =
- {
- (size_t) 0,
- (size_t)-1
- };
- #endif
- #endif
- #if defined(WOLFSSL_HAVE_SP_DH) || defined(WOLFSSL_HAVE_SP_RSA)
- #ifdef __cplusplus
- extern "C" {
- #endif
- /* Modular exponentiation implementations using Single Precision. */
- WOLFSSL_LOCAL int sp_ModExp_1024(sp_int* base, sp_int* exp, sp_int* mod,
- sp_int* res);
- WOLFSSL_LOCAL int sp_ModExp_1536(sp_int* base, sp_int* exp, sp_int* mod,
- sp_int* res);
- WOLFSSL_LOCAL int sp_ModExp_2048(sp_int* base, sp_int* exp, sp_int* mod,
- sp_int* res);
- WOLFSSL_LOCAL int sp_ModExp_3072(sp_int* base, sp_int* exp, sp_int* mod,
- sp_int* res);
- WOLFSSL_LOCAL int sp_ModExp_4096(sp_int* base, sp_int* exp, sp_int* mod,
- sp_int* res);
- #ifdef __cplusplus
- } /* extern "C" */
- #endif
- #endif /* WOLFSSL_HAVE_SP_DH || WOLFSSL_HAVE_SP_RSA */
- #if defined(WOLFSSL_SP_MATH_ALL) || defined(WOLFSSL_HAVE_SP_DH)
- static int _sp_mont_red(sp_int* a, sp_int* m, sp_int_digit mp);
- #endif
- /* Set the multi-precision number to zero.
- *
- * Assumes a is not NULL.
- *
- * @param [out] a SP integer to set to zero.
- */
- static void _sp_zero(sp_int* a)
- {
- a->used = 0;
- a->dp[0] = 0;
- #ifdef WOLFSSL_SP_INT_NEGATIVE
- a->sign = MP_ZPOS;
- #endif
- }
- /* Initialize the multi-precision number to be zero.
- *
- * @param [out] a SP integer.
- *
- * @return MP_OKAY on success.
- * @return MP_VAL when a is NULL.
- */
- int sp_init(sp_int* a)
- {
- int err = MP_OKAY;
- if (a == NULL) {
- err = MP_VAL;
- }
- if (err == MP_OKAY) {
- #ifdef HAVE_WOLF_BIGINT
- wc_bigint_init(&a->raw);
- #endif
- _sp_zero(a);
- a->size = SP_INT_DIGITS;
- }
- return err;
- }
- /* Initialize the multi-precision number to be zero and have a maximum size.
- *
- * @param [out] a SP integer.
- * @param [in] size Number of words to say are available.
- *
- * @return MP_OKAY on success.
- * @return MP_VAL when a is NULL.
- */
- int sp_init_size(sp_int* a, int size)
- {
- int err = sp_init(a);
- if (err == MP_OKAY) {
- a->size = size;
- }
- return err;
- }
- #if !defined(WOLFSSL_RSA_PUBLIC_ONLY) || !defined(NO_DH) || defined(HAVE_ECC)
- /* Initialize up to six multi-precision numbers to be zero.
- *
- * @param [out] n1 SP integer.
- * @param [out] n2 SP integer.
- * @param [out] n3 SP integer.
- * @param [out] n4 SP integer.
- * @param [out] n5 SP integer.
- * @param [out] n6 SP integer.
- *
- * @return MP_OKAY on success.
- */
- int sp_init_multi(sp_int* n1, sp_int* n2, sp_int* n3, sp_int* n4, sp_int* n5,
- sp_int* n6)
- {
- if (n1 != NULL) {
- #ifdef HAVE_WOLF_BIGINT
- wc_bigint_init(&n1->raw);
- #endif
- _sp_zero(n1);
- n1->dp[0] = 0;
- n1->size = SP_INT_DIGITS;
- #ifdef HAVE_WOLF_BIGINT
- wc_bigint_init(&n1->raw);
- #endif
- }
- if (n2 != NULL) {
- #ifdef HAVE_WOLF_BIGINT
- wc_bigint_init(&n2->raw);
- #endif
- _sp_zero(n2);
- n2->dp[0] = 0;
- n2->size = SP_INT_DIGITS;
- #ifdef HAVE_WOLF_BIGINT
- wc_bigint_init(&n2->raw);
- #endif
- }
- if (n3 != NULL) {
- #ifdef HAVE_WOLF_BIGINT
- wc_bigint_init(&n3->raw);
- #endif
- _sp_zero(n3);
- n3->dp[0] = 0;
- n3->size = SP_INT_DIGITS;
- #ifdef HAVE_WOLF_BIGINT
- wc_bigint_init(&n3->raw);
- #endif
- }
- if (n4 != NULL) {
- #ifdef HAVE_WOLF_BIGINT
- wc_bigint_init(&n4->raw);
- #endif
- _sp_zero(n4);
- n4->dp[0] = 0;
- n4->size = SP_INT_DIGITS;
- #ifdef HAVE_WOLF_BIGINT
- wc_bigint_init(&n4->raw);
- #endif
- }
- if (n5 != NULL) {
- #ifdef HAVE_WOLF_BIGINT
- wc_bigint_init(&n5->raw);
- #endif
- _sp_zero(n5);
- n5->dp[0] = 0;
- n5->size = SP_INT_DIGITS;
- #ifdef HAVE_WOLF_BIGINT
- wc_bigint_init(&n5->raw);
- #endif
- }
- if (n6 != NULL) {
- #ifdef HAVE_WOLF_BIGINT
- wc_bigint_init(&n6->raw);
- #endif
- _sp_zero(n6);
- n6->dp[0] = 0;
- n6->size = SP_INT_DIGITS;
- #ifdef HAVE_WOLF_BIGINT
- wc_bigint_init(&n6->raw);
- #endif
- }
- return MP_OKAY;
- }
- #endif /* !WOLFSSL_RSA_PUBLIC_ONLY || !NO_DH || HAVE_ECC */
- /* Free the memory allocated in the multi-precision number.
- *
- * @param [in] a SP integer.
- */
- void sp_free(sp_int* a)
- {
- if (a != NULL) {
- #ifdef HAVE_WOLF_BIGINT
- wc_bigint_free(&a->raw);
- #endif
- }
- }
- #if !defined(WOLFSSL_RSA_VERIFY_ONLY) || !defined(NO_DH) || defined(HAVE_ECC)
- /* Grow multi-precision number to be able to hold l digits.
- * This function does nothing as the number of digits is fixed.
- *
- * @param [in,out] a SP integer.
- * @param [in] l Number of digits to grow to.
- *
- * @return MP_OKAY on success
- * @return MP_MEM if the number of digits requested is more than available.
- */
- int sp_grow(sp_int* a, int l)
- {
- int err = MP_OKAY;
- if (a == NULL) {
- err = MP_VAL;
- }
- if ((err == MP_OKAY) && (l > a->size)) {
- err = MP_MEM;
- }
- if (err == MP_OKAY) {
- int i;
- for (i = a->used; i < l; i++) {
- a->dp[i] = 0;
- }
- }
- return err;
- }
- #endif /* !WOLFSSL_RSA_VERIFY_ONLY || !NO_DH || HAVE_ECC */
- #if !defined(WOLFSSL_RSA_VERIFY_ONLY) || defined(HAVE_ECC)
- /* Set the multi-precision number to zero.
- *
- * @param [out] a SP integer to set to zero.
- */
- void sp_zero(sp_int* a)
- {
- if (a != NULL) {
- _sp_zero(a);
- }
- }
- #endif /* !WOLFSSL_RSA_VERIFY_ONLY */
- /* Clear the data from the multi-precision number and set to zero.
- *
- * @param [out] a SP integer.
- */
- void sp_clear(sp_int* a)
- {
- if (a != NULL) {
- int i;
- for (i = 0; i < a->used; i++) {
- a->dp[i] = 0;
- }
- _sp_zero(a);
- sp_free(a);
- }
- }
- #if !defined(NO_RSA) || !defined(NO_DH) || defined(HAVE_ECC) || !defined(NO_DSA)
- /* Ensure the data in the multi-precision number is zeroed.
- *
- * Use when security sensitive data needs to be wiped.
- *
- * @param [in] a SP integer.
- */
- void sp_forcezero(sp_int* a)
- {
- if (a != NULL) {
- /* Ensure all data zeroized - data not zeroed when used decreases. */
- ForceZero(a->dp, a->used * sizeof(sp_int_digit));
- _sp_zero(a);
- #ifdef HAVE_WOLF_BIGINT
- wc_bigint_zero(&a->raw);
- #endif
- sp_free(a);
- }
- }
- #endif /* !WOLFSSL_RSA_VERIFY_ONLY || !NO_DH || HAVE_ECC */
- #if defined(WOLFSSL_SP_MATH_ALL) || !defined(NO_DH) || defined(HAVE_ECC) || \
- !defined(NO_RSA) || defined(WOLFSSL_KEY_GEN) || defined(HAVE_COMP_KEY)
- /* Copy value of multi-precision number a into r.
- *
- * @param [in] a SP integer - source.
- * @param [out] r SP integer - destination.
- *
- * @return MP_OKAY on success.
- */
- int sp_copy(const sp_int* a, sp_int* r)
- {
- int err = MP_OKAY;
- if ((a == NULL) || (r == NULL)) {
- err = MP_VAL;
- }
- else if (a != r) {
- XMEMCPY(r->dp, a->dp, a->used * sizeof(sp_int_digit));
- if (a->used == 0)
- r->dp[0] = 0;
- r->used = a->used;
- #ifdef WOLFSSL_SP_INT_NEGATIVE
- r->sign = a->sign;
- #endif
- }
- return err;
- }
- #endif
- #if defined(WOLFSSL_SP_MATH_ALL) || (defined(HAVE_ECC) && defined(FP_ECC))
- /* Initializes r and copies in value from a.
- *
- * @param [out] r SP integer - destination.
- * @param [in] a SP integer - source.
- *
- * @return MP_OKAY on success.
- * @return MP_VAL when a or r is NULL.
- */
- int sp_init_copy(sp_int* r, sp_int* a)
- {
- int err;
- err = sp_init(r);
- if (err == MP_OKAY) {
- err = sp_copy(a, r);
- }
- return err;
- }
- #endif /* WOLFSSL_SP_MATH_ALL || (HAVE_ECC && FP_ECC) */
- #if (defined(WOLFSSL_SP_MATH_ALL) && !defined(WOLFSSL_RSA_VERIFY_ONLY)) || \
- !defined(NO_DH) || !defined(NO_DSA)
- /* Exchange the values in a and b.
- *
- * @param [in,out] a SP integer to swap.
- * @param [in,out] b SP integer to swap.
- *
- * @return MP_OKAY on success.
- * @return MP_VAL when a or b is NULL.
- * @return MP_MEM when dynamic memory allocation fails.
- */
- int sp_exch(sp_int* a, sp_int* b)
- {
- int err = MP_OKAY;
- DECL_SP_INT(t, (a != NULL) ? a->used : 1);
- if ((a == NULL) || (b == NULL)) {
- err = MP_VAL;
- }
- if ((err == MP_OKAY) && ((a->size < b->used) || (b->size < a->used))) {
- err = MP_VAL;
- }
- ALLOC_SP_INT(t, a->used, err, NULL);
- if (err == MP_OKAY) {
- int asize = a->size;
- int bsize = b->size;
- XMEMCPY(t, a, MP_INT_SIZEOF(a->used));
- XMEMCPY(a, b, MP_INT_SIZEOF(b->used));
- XMEMCPY(b, t, MP_INT_SIZEOF(t->used));
- a->size = asize;
- b->size = bsize;
- }
- FREE_SP_INT(t, NULL);
- return err;
- }
- #endif /* (WOLFSSL_SP_MATH_ALL && !WOLFSSL_RSA_VERIFY_ONLY) || !NO_DH ||
- * !NO_DSA */
- #if defined(HAVE_ECC) && defined(ECC_TIMING_RESISTANT) && \
- !defined(WC_NO_CACHE_RESISTANT)
- int sp_cond_swap_ct(sp_int * a, sp_int * b, int c, int m)
- {
- int i;
- int err = MP_OKAY;
- sp_int_digit mask = (sp_int_digit)0 - m;
- DECL_SP_INT(t, c);
- ALLOC_SP_INT(t, c, err, NULL);
- if (err == MP_OKAY) {
- t->used = (int)((a->used ^ b->used) & mask);
- #ifdef WOLFSSL_SP_INT_NEGATIVE
- t->sign = (int)((a->sign ^ b->sign) & mask);
- #endif
- for (i = 0; i < c; i++) {
- t->dp[i] = (a->dp[i] ^ b->dp[i]) & mask;
- }
- a->used ^= t->used;
- #ifdef WOLFSSL_SP_INT_NEGATIVE
- a->sign ^= t->sign;
- #endif
- for (i = 0; i < c; i++) {
- a->dp[i] ^= t->dp[i];
- }
- b->used ^= t->used;
- #ifdef WOLFSSL_SP_INT_NEGATIVE
- b->sign ^= b->sign;
- #endif
- for (i = 0; i < c; i++) {
- b->dp[i] ^= t->dp[i];
- }
- }
- FREE_SP_INT(t, NULL);
- return err;
- }
- #endif /* HAVE_ECC && ECC_TIMING_RESISTANT && !WC_NO_CACHE_RESISTANT */
- #ifdef WOLFSSL_SP_INT_NEGATIVE
- /* Calculate the absolute value of the multi-precision number.
- *
- * @param [in] a SP integer to calculate absolute value of.
- * @param [out] r SP integer to hold result.
- *
- * @return MP_OKAY on success.
- * @return MP_VAL when a or r is NULL.
- */
- int sp_abs(sp_int* a, sp_int* r)
- {
- int err;
- err = sp_copy(a, r);
- if (r != NULL) {
- r->sign = MP_ZPOS;
- }
- return err;
- }
- #endif /* WOLFSSL_SP_INT_NEGATIVE */
- #if defined(WOLFSSL_SP_MATH_ALL) || !defined(NO_DH) || defined(HAVE_ECC) || \
- (!defined(NO_RSA) && !defined(WOLFSSL_RSA_VERIFY_ONLY))
- /* Compare absolute value of two multi-precision numbers.
- *
- * @param [in] a SP integer.
- * @param [in] b SP integer.
- *
- * @return MP_GT when a is greater than b.
- * @return MP_LT when a is less than b.
- * @return MP_EQ when a is equals b.
- */
- static int _sp_cmp_abs(sp_int* a, sp_int* b)
- {
- int ret = MP_EQ;
- if (a->used > b->used) {
- ret = MP_GT;
- }
- else if (a->used < b->used) {
- ret = MP_LT;
- }
- else {
- int i;
- for (i = a->used - 1; i >= 0; i--) {
- if (a->dp[i] > b->dp[i]) {
- ret = MP_GT;
- break;
- }
- else if (a->dp[i] < b->dp[i]) {
- ret = MP_LT;
- break;
- }
- }
- }
- return ret;
- }
- #endif
- #if defined(WOLFSSL_SP_MATH_ALL) && !defined(WOLFSSL_RSA_PUBLIC_ONLY)
- /* Compare absolute value of two multi-precision numbers.
- *
- * @param [in] a SP integer.
- * @param [in] b SP integer.
- *
- * @return MP_GT when a is greater than b.
- * @return MP_LT when a is less than b.
- * @return MP_EQ when a is equals b.
- */
- int sp_cmp_mag(sp_int* a, sp_int* b)
- {
- int ret;
- if (a == b) {
- ret = MP_EQ;
- }
- else if (a == NULL) {
- ret = MP_LT;
- }
- else if (b == NULL) {
- ret = MP_GT;
- }
- else
- {
- ret = _sp_cmp_abs(a, b);
- }
- return ret;
- }
- #endif
- #if defined(WOLFSSL_SP_MATH_ALL) || defined(HAVE_ECC) || !defined(NO_DSA) || \
- defined(OPENSSL_EXTRA) || !defined(NO_DH) || \
- (!defined(NO_RSA) && !defined(WOLFSSL_RSA_VERIFY_ONLY))
- /* Compare two multi-precision numbers.
- *
- * Assumes a and b are not NULL.
- *
- * @param [in] a SP integer.
- * @param [in] a SP integer.
- *
- * @return MP_GT when a is greater than b.
- * @return MP_LT when a is less than b.
- * @return MP_EQ when a is equals b.
- */
- static int _sp_cmp(sp_int* a, sp_int* b)
- {
- int ret;
- #ifdef WOLFSSL_SP_INT_NEGATIVE
- if (a->sign == b->sign) {
- #endif
- ret = _sp_cmp_abs(a, b);
- #ifdef WOLFSSL_SP_INT_NEGATIVE
- if (a->sign == MP_NEG) {
- /* MP_GT = 1, MP_LT = -1, MP_EQ = 0
- * Swapping MP_GT and MP_LT results.
- */
- ret = -ret;
- }
- }
- else if (a->sign > b->sign) {
- ret = MP_LT;
- }
- else /* (a->sign < b->sign) */ {
- ret = MP_GT;
- }
- #endif
- return ret;
- }
- #endif
- #if (!defined(NO_RSA) && !defined(WOLFSSL_RSA_VERIFY_ONLY)) || \
- !defined(NO_DSA) || defined(HAVE_ECC) || !defined(NO_DH) || \
- defined(WOLFSSL_SP_MATH_ALL)
- /* Compare two multi-precision numbers.
- *
- * Pointers are compared such that NULL is less than not NULL.
- *
- * @param [in] a SP integer.
- * @param [in] a SP integer.
- *
- * @return MP_GT when a is greater than b.
- * @return MP_LT when a is less than b.
- * @return MP_EQ when a is equals b.
- */
- int sp_cmp(sp_int* a, sp_int* b)
- {
- int ret;
- if (a == b) {
- ret = MP_EQ;
- }
- else if (a == NULL) {
- ret = MP_LT;
- }
- else if (b == NULL) {
- ret = MP_GT;
- }
- else
- {
- ret = _sp_cmp(a, b);
- }
- return ret;
- }
- #endif
- /*************************
- * Bit check/set functions
- *************************/
- #if !defined(WOLFSSL_RSA_VERIFY_ONLY) || (defined(WOLFSSL_SP_MATH_ALL) && \
- defined(HAVE_ECC))
- /* Check if a bit is set
- *
- * When a is NULL, result is 0.
- *
- * @param [in] a SP integer.
- * @param [in] b Bit position to check.
- *
- * @return 0 when bit is not set.
- * @return 1 when bit is set.
- */
- int sp_is_bit_set(sp_int* a, unsigned int b)
- {
- int ret = 0;
- int i = (int)(b >> SP_WORD_SHIFT);
- int s = (int)(b & SP_WORD_MASK);
- if ((a != NULL) && (i < a->used)) {
- ret = (int)((a->dp[i] >> s) & (sp_int_digit)1);
- }
- return ret;
- }
- #endif /* WOLFSSL_RSA_VERIFY_ONLY */
- /* Count the number of bits in the multi-precision number.
- *
- * When a is not NULL, result is 0.
- *
- * @param [in] a SP integer.
- *
- * @return The number of bits in the number.
- */
- int sp_count_bits(const sp_int* a)
- {
- int r = 0;
- if (a != NULL) {
- r = a->used - 1;
- while ((r >= 0) && (a->dp[r] == 0)) {
- r--;
- }
- if (r < 0) {
- r = 0;
- }
- else {
- sp_int_digit d;
- d = a->dp[r];
- r *= SP_WORD_SIZE;
- if (d > SP_HALF_MAX) {
- r += SP_WORD_SIZE;
- while ((d & ((sp_int_digit)1 << (SP_WORD_SIZE - 1))) == 0) {
- r--;
- d <<= 1;
- }
- }
- else {
- while (d != 0) {
- r++;
- d >>= 1;
- }
- }
- }
- }
- return r;
- }
- #if (defined(WOLFSSL_SP_MATH_ALL) && !defined(WOLFSSL_RSA_VERIFY_ONLY) && \
- !defined(WOLFSSL_RSA_PUBLIC_ONLY)) || !defined(NO_DH) || \
- (defined(HAVE_ECC) && defined(FP_ECC)) || \
- (!defined(NO_RSA) && defined(WOLFSSL_KEY_GEN))
- /* Number of entries in array of number of least significant zero bits. */
- #define SP_LNZ_CNT 16
- /* Number of bits the array checks. */
- #define SP_LNZ_BITS 4
- /* Mask to apply to check with array. */
- #define SP_LNZ_MASK 0xf
- /* Number of least significant zero bits in first SP_LNZ_CNT numbers. */
- static const int sp_lnz[SP_LNZ_CNT] = {
- 4, 0, 1, 0, 2, 0, 1, 0, 3, 0, 1, 0, 2, 0, 1, 0
- };
- /* Count the number of least significant zero bits.
- *
- * When a is not NULL, result is 0.
- *
- * @param [in] a SP integer to use.
- *
- * @return Number of leas significant zero bits.
- */
- #if !defined(HAVE_ECC) || !defined(HAVE_COMP_KEY)
- static
- #endif /* !HAVE_ECC || HAVE_COMP_KEY */
- int sp_cnt_lsb(sp_int* a)
- {
- int bc = 0;
- if ((a != NULL) && (!sp_iszero(a))) {
- int i;
- int j;
- int cnt = 0;
- for (i = 0; i < a->used && a->dp[i] == 0; i++, cnt += SP_WORD_SIZE) {
- }
- for (j = 0; j < SP_WORD_SIZE; j += SP_LNZ_BITS) {
- bc = sp_lnz[(a->dp[i] >> j) & SP_LNZ_MASK];
- if (bc != 4) {
- bc += cnt + j;
- break;
- }
- }
- }
- return bc;
- }
- #endif /* WOLFSSL_SP_MATH_ALL || WOLFSSL_HAVE_SP_DH || (HAVE_ECC && FP_ECC) */
- #if !defined(WOLFSSL_RSA_VERIFY_ONLY) || \
- (defined(WOLFSSL_SP_MATH_ALL) && !defined(NO_ASN))
- /* Determine if the most significant byte of the encoded multi-precision number
- * has the top bit set.
- *
- * When A is NULL, result is 0.
- *
- * @param [in] a SP integer.
- *
- * @return 1 when the top bit of top byte is set.
- * @return 0 when the top bit of top byte is not set.
- */
- int sp_leading_bit(sp_int* a)
- {
- int bit = 0;
- if ((a != NULL) && (a->used > 0)) {
- sp_int_digit d = a->dp[a->used - 1];
- #if SP_WORD_SIZE > 8
- while (d > (sp_int_digit)0xff) {
- d >>= 8;
- }
- #endif
- bit = (int)(d >> 7);
- }
- return bit;
- }
- #endif /* !WOLFSSL_RSA_VERIFY_ONLY */
- #if defined(WOLFSSL_SP_MATH_ALL) || defined(WOLFSSL_HAVE_SP_DH) || \
- defined(HAVE_ECC) || defined(WOLFSSL_KEY_GEN) || defined(OPENSSL_EXTRA) || \
- !defined(NO_RSA)
- /* Set a bit of a: a |= 1 << i
- * The field 'used' is updated in a.
- *
- * @param [in,out] a SP integer to set bit into.
- * @param [in] i Index of bit to set.
- *
- * @return MP_OKAY on success.
- * @return MP_VAL when a is NULL or index is too large.
- */
- int sp_set_bit(sp_int* a, int i)
- {
- int err = MP_OKAY;
- int w = (int)(i >> SP_WORD_SHIFT);
- if ((a == NULL) || (w >= a->size)) {
- err = MP_VAL;
- }
- else {
- int s = (int)(i & (SP_WORD_SIZE - 1));
- int j;
- for (j = a->used; j <= w; j++) {
- a->dp[j] = 0;
- }
- a->dp[w] |= (sp_int_digit)1 << s;
- if (a->used <= w) {
- a->used = w + 1;
- }
- }
- return err;
- }
- #endif /* WOLFSSL_SP_MATH_ALL || WOLFSSL_HAVE_SP_DH || HAVE_ECC ||
- * WOLFSSL_KEY_GEN || OPENSSL_EXTRA || !NO_RSA */
- #if (defined(WOLFSSL_SP_MATH_ALL) && !defined(WOLFSSL_RSA_VERIFY_ONLY)) || \
- defined(WOLFSSL_KEY_GEN) || !defined(NO_DH)
- /* Exponentiate 2 to the power of e: a = 2^e
- * This is done by setting the 'e'th bit.
- *
- * @param [out] a SP integer to hold result.
- * @param [in] e Exponent.
- *
- * @return MP_OKAY on success.
- * @return MP_VAL when a is NULL or 2^exponent is too large.
- */
- int sp_2expt(sp_int* a, int e)
- {
- int err = MP_OKAY;
- if (a == NULL) {
- err = MP_VAL;
- }
- if (err == MP_OKAY) {
- _sp_zero(a);
- err = sp_set_bit(a, e);
- }
- return err;
- }
- #endif /* (WOLFSSL_SP_MATH_ALL && !WOLFSSL_RSA_VERIFY_ONLY) ||
- * WOLFSSL_KEY_GEN || !NO_DH */
- /**********************
- * Digit/Long functions
- **********************/
- /* Set the multi-precision number to be the value of the digit.
- *
- * @param [out] a SP integer to become number.
- * @param [in] d Digit to be set.
- *
- * @return MP_OKAY on success.
- * @return MP_VAL when a is NULL.
- */
- int sp_set(sp_int* a, sp_int_digit d)
- {
- int err = MP_OKAY;
- if (a == NULL) {
- err = MP_VAL;
- }
- if (err == MP_OKAY) {
- /* gcc-11 reports out-of-bounds array access if the byte array backing
- * the sp_int* is smaller than sizeof(sp_int), as occurs when
- * WOLFSSL_SP_SMALL.
- */
- PRAGMA_GCC_DIAG_PUSH;
- PRAGMA_GCC("GCC diagnostic ignored \"-Warray-bounds\"");
- a->dp[0] = d;
- a->used = d > 0;
- #ifdef WOLFSSL_SP_INT_NEGATIVE
- a->sign = MP_ZPOS;
- #endif
- PRAGMA_GCC_DIAG_POP;
- }
- return err;
- }
- #if defined(WOLFSSL_SP_MATH_ALL) || !defined(NO_RSA) || defined(OPENSSL_EXTRA)
- /* Set a number into the multi-precision number.
- *
- * Number may be larger than the size of a digit.
- *
- * @param [out] a SP integer to set.
- * @param [in] n Long value to set.
- *
- * @return MP_OKAY on success.
- * @return MP_VAL when a is NULL.
- */
- int sp_set_int(sp_int* a, unsigned long n)
- {
- int err = MP_OKAY;
- if (a == NULL) {
- err = MP_VAL;
- }
- if (err == MP_OKAY) {
- #if SP_WORD_SIZE < SP_ULONG_BITS
- if (n <= (sp_int_digit)SP_DIGIT_MAX) {
- #endif
- a->dp[0] = (sp_int_digit)n;
- a->used = (n != 0);
- #if SP_WORD_SIZE < SP_ULONG_BITS
- }
- else {
- int i;
- for (i = 0; n > 0; i++,n >>= SP_WORD_SIZE) {
- a->dp[i] = (sp_int_digit)n;
- }
- a->used = i;
- }
- #endif
- #ifdef WOLFSSL_SP_INT_NEGATIVE
- a->sign = MP_ZPOS;
- #endif
- }
- return err;
- }
- #endif /* WOLFSSL_SP_MATH_ALL || !NO_RSA */
- #if !defined(WOLFSSL_RSA_VERIFY_ONLY) || \
- (defined(WOLFSSL_SP_MATH_ALL) && !defined(NO_DH))
- /* Compare a one digit number with a multi-precision number.
- *
- * When a is NULL, MP_LT is returned.
- *
- * @param [in] a SP integer to compare.
- * @param [in] d Digit to compare with.
- *
- * @return MP_GT when a is greater than d.
- * @return MP_LT when a is less than d.
- * @return MP_EQ when a is equals d.
- */
- int sp_cmp_d(sp_int* a, sp_int_digit d)
- {
- int ret = MP_EQ;
- if (a == NULL) {
- ret = MP_LT;
- }
- else
- #ifdef WOLFSSL_SP_INT_NEGATIVE
- if (a->sign == MP_NEG) {
- ret = MP_LT;
- }
- else
- #endif
- {
- /* special case for zero*/
- if (a->used == 0) {
- if (d == 0) {
- ret = MP_EQ;
- }
- else {
- ret = MP_LT;
- }
- }
- else if (a->used > 1) {
- ret = MP_GT;
- }
- else {
- if (a->dp[0] > d) {
- ret = MP_GT;
- }
- else if (a->dp[0] < d) {
- ret = MP_LT;
- }
- }
- }
- return ret;
- }
- #endif
- #if !defined(NO_PWDBASED) || defined(WOLFSSL_KEY_GEN) || !defined(NO_DH) || \
- !defined(NO_DSA) || \
- (!defined(NO_RSA) && !defined(WOLFSSL_RSA_VERIFY_ONLY)) || \
- defined(OPENSSL_EXTRA)
- #define WOLFSSL_SP_ADD_D
- #endif
- #if (!defined(NO_RSA) && !defined(WOLFSSL_RSA_VERIFY_ONLY)) || \
- !defined(NO_DH) || defined(HAVE_ECC) || !defined(NO_DSA)
- #define WOLFSSL_SP_SUB_D
- #endif
- #if defined(WOLFSSL_SP_MATH_ALL) && !defined(NO_RSA) && \
- !defined(WOLFSSL_RSA_VERIFY_ONLY)
- #define WOLFSSL_SP_READ_RADIX_10
- #endif
- #if defined(HAVE_ECC) || !defined(NO_DSA) || defined(OPENSSL_EXTRA) || \
- (!defined(NO_RSA) && !defined(WOLFSSL_RSA_VERIFY_ONLY) && \
- !defined(WOLFSSL_RSA_PUBLIC_ONLY))
- #define WOLFSSL_SP_INVMOD
- #endif
- #if defined(WOLFSSL_SP_MATH_ALL) && defined(HAVE_ECC)
- #define WOLFSSL_SP_INVMOD_MONT_CT
- #endif
- #if (defined(WOLFSSL_SP_MATH_ALL) && !defined(WOLFSSL_RSA_VERIFY_ONLY) && \
- !defined(WOLFSSL_RSA_PUBLIC_ONLY)) || !defined(NO_DH) || \
- (!defined(NO_RSA) && defined(WOLFSSL_KEY_GEN))
- #define WOLFSSL_SP_PRIME_GEN
- #endif
- #if defined(WOLFSSL_SP_ADD_D) || (defined(WOLFSSL_SP_INT_NEGATIVE) && \
- defined(WOLFSSL_SP_SUB_D)) || defined(WOLFSSL_SP_READ_RADIX_10)
- /* Add a one digit number to the multi-precision number.
- *
- * @param [in] a SP integer be added to.
- * @param [in] d Digit to add.
- * @param [out] r SP integer to store result in.
- *
- * @return MP_OKAY on success.
- * @return MP_VAL when result is too large for fixed size dp array.
- */
- static int _sp_add_d(sp_int* a, sp_int_digit d, sp_int* r)
- {
- int err = MP_OKAY;
- int i = 0;
- sp_int_digit t;
- r->used = a->used;
- if (a->used == 0) {
- r->used = d > 0;
- }
- t = a->dp[0] + d;
- if (t < a->dp[0]) {
- for (++i; i < a->used; i++) {
- r->dp[i] = a->dp[i] + 1;
- if (r->dp[i] != 0) {
- break;
- }
- }
- if (i == a->used) {
- if (i < r->size) {
- r->used++;
- r->dp[i] = 1;
- }
- else {
- err = MP_VAL;
- }
- }
- }
- if (err == MP_OKAY) {
- r->dp[0] = t;
- if (r != a) {
- for (++i; i < a->used; i++) {
- r->dp[i] = a->dp[i];
- }
- }
- }
- return err;
- }
- #endif /* WOLFSSL_SP_ADD_D || (WOLFSSL_SP_INT_NEGATIVE && WOLFSSL_SP_SUB_D) ||
- * defined(WOLFSSL_SP_READ_RADIX_10) */
- #if (defined(WOLFSSL_SP_INT_NEGATIVE) && defined(WOLFSSL_SP_ADD_D)) || \
- defined(WOLFSSL_SP_SUB_D) || defined(WOLFSSL_SP_INVMOD) || \
- defined(WOLFSSL_SP_INVMOD_MONT_CT) || defined(WOLFSSL_SP_PRIME_GEN)
- /* Sub a one digit number from the multi-precision number.
- *
- * returns MP_OKAY always.
- * @param [in] a SP integer be subtracted from.
- * @param [in] d Digit to subtract.
- * @param [out] r SP integer to store result in.
- */
- static void _sp_sub_d(sp_int* a, sp_int_digit d, sp_int* r)
- {
- int i = 0;
- sp_int_digit t;
- r->used = a->used;
- if (a->used == 0) {
- r->dp[0] = 0;
- }
- else {
- t = a->dp[0] - d;
- if (t > a->dp[0]) {
- for (++i; i < a->used; i++) {
- r->dp[i] = a->dp[i] - 1;
- if (r->dp[i] != SP_DIGIT_MAX) {
- break;
- }
- }
- }
- r->dp[0] = t;
- if (r != a) {
- for (++i; i < a->used; i++) {
- r->dp[i] = a->dp[i];
- }
- }
- sp_clamp(r);
- }
- }
- #endif /* (WOLFSSL_SP_INT_NEGATIVE && WOLFSSL_SP_ADD_D) || WOLFSSL_SP_SUB_D
- * WOLFSSL_SP_INVMOD || WOLFSSL_SP_INVMOD_MONT_CT ||
- * WOLFSSL_SP_PRIME_GEN */
- #ifdef WOLFSSL_SP_ADD_D
- /* Add a one digit number to the multi-precision number.
- *
- * @param [in] a SP integer be added to.
- * @param [in] d Digit to add.
- * @param [out] r SP integer to store result in.
- *
- * @return MP_OKAY on success.
- * @return MP_VAL when result is too large for fixed size dp array.
- */
- int sp_add_d(sp_int* a, sp_int_digit d, sp_int* r)
- {
- int err = MP_OKAY;
- /* Check validity of parameters. */
- if ((a == NULL) || (r == NULL)) {
- err = MP_VAL;
- }
- else
- {
- #ifndef WOLFSSL_SP_INT_NEGATIVE
- /* Positive only so just use internal function. */
- err = _sp_add_d(a, d, r);
- #else
- if (a->sign == MP_ZPOS) {
- /* Positive so use interal function. */
- r->sign = MP_ZPOS;
- err = _sp_add_d(a, d, r);
- }
- else if ((a->used > 1) || (a->dp[0] > d)) {
- /* Negative value bigger than digit so subtract digit. */
- r->sign = MP_NEG;
- _sp_sub_d(a, d, r);
- }
- else {
- /* Negative value smaller or equal to digit. */
- r->sign = MP_ZPOS;
- /* Subtract negative value from digit. */
- r->dp[0] = d - a->dp[0];
- /* Result is a digit equal to or greater than zero. */
- r->used = ((r->dp[0] == 0) ? 0 : 1);
- }
- #endif
- }
- return err;
- }
- #endif /* WOLFSSL_SP_ADD_D */
- #ifdef WOLFSSL_SP_SUB_D
- /* Sub a one digit number from the multi-precision number.
- *
- * @param [in] a SP integer be subtracted from.
- * @param [in] d Digit to subtract.
- * @param [out] r SP integer to store result in.
- *
- * @return MP_OKAY on success.
- * @return MP_VAL when a or r is NULL.
- */
- int sp_sub_d(sp_int* a, sp_int_digit d, sp_int* r)
- {
- int err = MP_OKAY;
- /* Check validity of parameters. */
- if ((a == NULL) || (r == NULL)) {
- err = MP_VAL;
- }
- else {
- #ifndef WOLFSSL_SP_INT_NEGATIVE
- /* Positive only so just use internal function. */
- _sp_sub_d(a, d, r);
- #else
- if (a->sign == MP_NEG) {
- /* Subtracting from negative use interal add. */
- r->sign = MP_NEG;
- err = _sp_add_d(a, d, r);
- }
- else if ((a->used > 1) || (a->dp[0] >= d)) {
- /* Positive number greater than digit so add digit. */
- r->sign = MP_ZPOS;
- _sp_sub_d(a, d, r);
- }
- else {
- /* Negative value smaller than digit. */
- r->sign = MP_NEG;
- /* Subtract positive value from digit. */
- r->dp[0] = d - a->dp[0];
- /* Result is a digit equal to or greater than zero. */
- r->used = 1;
- }
- #endif
- }
- return err;
- }
- #endif /* WOLFSSL_SP_SUB_D */
- #if (defined(WOLFSSL_SP_MATH_ALL) && !defined(WOLFSSL_RSA_VERIFY_ONLY)) || \
- defined(WOLFSSL_SP_SMALL) && (defined(WOLFSSL_SP_MATH_ALL) || \
- !defined(NO_DH) || defined(HAVE_ECC) || \
- (!defined(NO_RSA) && !defined(WOLFSSL_RSA_VERIFY_ONLY) && \
- !defined(WOLFSSL_RSA_PUBLIC_ONLY))) || \
- (defined(WOLFSSL_KEY_GEN) && !defined(NO_RSA))
- /* Multiply a by digit n and put result into r shifting up o digits.
- * r = (a * n) << (o * SP_WORD_SIZE)
- *
- * @param [in] a SP integer to be multiplied.
- * @param [in] n Number (SP digit) to multiply by.
- * @param [out] r SP integer result.
- * @param [in] o Number of digits to move result up by.
- * @return MP_OKAY on success.
- * @return MP_VAL when result is too large for sp_int.
- */
- static int _sp_mul_d(sp_int* a, sp_int_digit n, sp_int* r, int o)
- {
- int err = MP_OKAY;
- int i;
- #ifndef SQR_MUL_ASM
- sp_int_word t = 0;
- #else
- sp_int_digit l = 0;
- sp_int_digit h = 0;
- #endif
- #ifdef WOLFSSL_SP_SMALL
- for (i = 0; i < o; i++) {
- r->dp[i] = 0;
- }
- #else
- /* Don't use the offset. Only when doing small code size div. */
- (void)o;
- #endif
- for (i = 0; i < a->used; i++, o++) {
- #ifndef SQR_MUL_ASM
- t += (sp_int_word)a->dp[i] * n;
- r->dp[o] = (sp_int_digit)t;
- t >>= SP_WORD_SIZE;
- #else
- SP_ASM_MUL_ADD_NO(l, h, a->dp[i], n);
- r->dp[o] = l;
- l = h;
- h = 0;
- #endif
- }
- #ifndef SQR_MUL_ASM
- if (t > 0)
- #else
- if (l > 0)
- #endif
- {
- if (o == r->size) {
- err = MP_VAL;
- }
- else {
- #ifndef SQR_MUL_ASM
- r->dp[o++] = (sp_int_digit)t;
- #else
- r->dp[o++] = l;
- #endif
- }
- }
- r->used = o;
- sp_clamp(r);
- return err;
- }
- #endif /* (WOLFSSL_SP_MATH_ALL && !WOLFSSL_RSA_VERIFY_ONLY) ||
- * WOLFSSL_SP_SMALL || (WOLFSSL_KEY_GEN && !NO_RSA) */
- #if (defined(WOLFSSL_SP_MATH_ALL) && !defined(WOLFSSL_RSA_VERIFY_ONLY)) || \
- (defined(WOLFSSL_KEY_GEN) && !defined(NO_RSA))
- /* Multiply a by digit n and put result into r. r = a * n
- *
- * @param [in] a SP integer to multiply.
- * @param [in] n Digit to multiply by.
- * @param [out] r SP integer to hold result.
- *
- * @return MP_OKAY on success.
- * @return MP_VAL when a or b is NULL, or a has maximum number of digits used.
- */
- int sp_mul_d(sp_int* a, sp_int_digit d, sp_int* r)
- {
- int err = MP_OKAY;
- if ((a == NULL) || (r == NULL)) {
- err = MP_VAL;
- }
- if ((err == MP_OKAY) && (a->used + 1 > r->size)) {
- err = MP_VAL;
- }
- if (err == MP_OKAY) {
- err = _sp_mul_d(a, d, r, 0);
- #ifdef WOLFSSL_SP_INT_NEGATIVE
- if (d == 0) {
- r->sign = MP_ZPOS;
- }
- else {
- r->sign = a->sign;
- }
- #endif
- }
- return err;
- }
- #endif /* (WOLFSSL_SP_MATH_ALL && !WOLFSSL_RSA_VERIFY_ONLY) ||
- * (WOLFSSL_KEY_GEN && !NO_RSA) */
- /* Predefine complicated rules of when to compile in sp_div_d and sp_mod_d. */
- #if (defined(WOLFSSL_SP_MATH_ALL) && !defined(WOLFSSL_RSA_VERIFY_ONLY)) || \
- defined(WOLFSSL_KEY_GEN) || defined(HAVE_COMP_KEY) || \
- defined(OPENSSL_EXTRA) || defined(WC_MP_TO_RADIX)
- #define WOLFSSL_SP_DIV_D
- #endif
- #if (defined(WOLFSSL_SP_MATH_ALL) && !defined(WOLFSSL_RSA_VERIFY_ONLY)) || \
- !defined(NO_DH) || \
- (defined(HAVE_ECC) && (defined(FP_ECC) || defined(HAVE_COMP_KEY))) || \
- (!defined(NO_RSA) && defined(WOLFSSL_KEY_GEN))
- #define WOLFSSL_SP_MOD_D
- #endif
- #if (defined(WOLFSSL_SP_MATH_ALL) || !defined(NO_DH) || defined(HAVE_ECC) || \
- (!defined(NO_RSA) && !defined(WOLFSSL_RSA_VERIFY_ONLY) && \
- !defined(WOLFSSL_RSA_PUBLIC_ONLY))) || \
- defined(WOLFSSL_SP_DIV_D) || defined(WOLFSSL_SP_MOD_D)
- #ifndef SP_ASM_DIV_WORD
- /* Divide a two digit number by a digit number and return. (hi | lo) / d
- *
- * @param [in] hi SP integer digit. High digit of the dividend.
- * @param [in] lo SP integer digit. Lower digit of the dividend.
- * @param [in] d SP integer digit. Number to divide by.
- * @return The division result.
- */
- static WC_INLINE sp_int_digit sp_div_word(sp_int_digit hi, sp_int_digit lo,
- sp_int_digit d)
- {
- #ifdef WOLFSSL_SP_DIV_WORD_HALF
- sp_int_digit r;
- if (hi != 0) {
- sp_int_digit divsz = d >> SP_HALF_SIZE;
- sp_int_digit r2;
- sp_int_word w = ((sp_int_word)hi << SP_WORD_SIZE) | lo;
- sp_int_word trial;
- r = hi / divsz;
- if (r > SP_HALF_MAX) {
- r = SP_HALF_MAX;
- }
- r <<= SP_HALF_SIZE;
- trial = r * (sp_int_word)d;
- while (trial > w) {
- r -= (sp_int_digit)1 << SP_HALF_SIZE;
- trial -= (sp_int_word)d << SP_HALF_SIZE;
- }
- w -= trial;
- r2 = ((sp_int_digit)(w >> SP_HALF_SIZE)) / divsz;
- trial = r2 * (sp_int_word)d;
- while (trial > w) {
- r2--;
- trial -= d;
- }
- w -= trial;
- r += r2;
- r2 = ((sp_int_digit)w) / d;
- r += r2;
- }
- else {
- r = lo / d;
- }
- return r;
- #else
- sp_int_word w;
- sp_int_digit r;
- w = ((sp_int_word)hi << SP_WORD_SIZE) | lo;
- w /= d;
- r = (sp_int_digit)w;
- return r;
- #endif /* WOLFSSL_SP_DIV_WORD_HALF */
- }
- #endif /* !SP_ASM_DIV_WORD */
- #endif /* WOLFSSL_SP_MATH_ALL || !NO_DH || HAVE_ECC ||
- * (!NO_RSA && !WOLFSSL_RSA_VERIFY_ONLY) */
- #if (defined(WOLFSSL_SP_DIV_D) || defined(WOLFSSL_SP_MOD_D)) && \
- !defined(WOLFSSL_SP_SMALL)
- #if SP_WORD_SIZE == 64
- #define SP_DIV_3_CONST 0x5555555555555555L
- #define SP_DIV_10_CONST 0x1999999999999999L
- #elif SP_WORD_SIZE == 32
- #define SP_DIV_3_CONST 0x55555555
- #define SP_DIV_10_CONST 0x19999999
- #elif SP_WORD_SIZE == 16
- #define SP_DIV_3_CONST 0x5555
- #define SP_DIV_10_CONST 0x1999
- #elif SP_WORD_SIZE == 8
- #define SP_DIV_3_CONST 0x55
- #define SP_DIV_10_CONST 0x19
- #endif
- /* Divide by 3: r = a / 3 and rem = a % 3
- *
- * @param [in] a SP integer to be divided.
- * @param [out] r SP integer that is the quotient. May be NULL.
- * @param [out] rem SP integer that is the remainder. May be NULL.
- */
- static void _sp_div_3(sp_int* a, sp_int* r, sp_int_digit* rem)
- {
- int i;
- #ifndef SQR_MUL_ASM
- sp_int_word t;
- sp_int_digit tt;
- #else
- sp_int_digit l = 0;
- sp_int_digit tt = 0;
- sp_int_digit t;
- #endif
- sp_int_digit tr = 0;
- static const unsigned char sp_r6[6] = { 0, 0, 0, 1, 1, 1 };
- static const unsigned char sp_rem6[6] = { 0, 1, 2, 0, 1, 2 };
- if (r == NULL) {
- for (i = a->used - 1; i >= 0; i--) {
- #ifndef SQR_MUL_ASM
- t = ((sp_int_word)tr << SP_WORD_SIZE) | a->dp[i];
- tt = (t * SP_DIV_3_CONST) >> SP_WORD_SIZE;
- tr = (sp_int_digit)(t - (sp_int_word)tt * 3);
- #else
- t = SP_DIV_3_CONST;
- SP_ASM_MUL(l, tt, a->dp[i], t);
- tt += tr * SP_DIV_3_CONST;
- tr = a->dp[i] - (tt * 3);
- #endif
- tr = sp_rem6[tr];
- }
- *rem = tr;
- }
- else {
- for (i = a->used - 1; i >= 0; i--) {
- #ifndef SQR_MUL_ASM
- t = ((sp_int_word)tr << SP_WORD_SIZE) | a->dp[i];
- tt = (t * SP_DIV_3_CONST) >> SP_WORD_SIZE;
- tr = (sp_int_digit)(t - (sp_int_word)tt * 3);
- #else
- t = SP_DIV_3_CONST;
- SP_ASM_MUL(l, tt, a->dp[i], t);
- tt += tr * SP_DIV_3_CONST;
- tr = a->dp[i] - (tt * 3);
- #endif
- tt += sp_r6[tr];
- tr = sp_rem6[tr];
- r->dp[i] = tt;
- }
- r->used = a->used;
- sp_clamp(r);
- if (rem != NULL) {
- *rem = tr;
- }
- }
- }
- /* Divide by 10: r = a / 10 and rem = a % 10
- *
- * @param [in] a SP integer to be divided.
- * @param [out] r SP integer that is the quotient. May be NULL.
- * @param [out] rem SP integer that is the remainder. May be NULL.
- */
- static void _sp_div_10(sp_int* a, sp_int* r, sp_int_digit* rem)
- {
- int i;
- #ifndef SQR_MUL_ASM
- sp_int_word t;
- sp_int_digit tt;
- #else
- sp_int_digit l = 0;
- sp_int_digit tt = 0;
- sp_int_digit t;
- #endif
- sp_int_digit tr = 0;
- if (r == NULL) {
- for (i = a->used - 1; i >= 0; i--) {
- #ifndef SQR_MUL_ASM
- t = ((sp_int_word)tr << SP_WORD_SIZE) | a->dp[i];
- tt = (t * SP_DIV_10_CONST) >> SP_WORD_SIZE;
- tr = (sp_int_digit)(t - (sp_int_word)tt * 10);
- #else
- t = SP_DIV_10_CONST;
- SP_ASM_MUL(l, tt, a->dp[i], t);
- tt += tr * SP_DIV_10_CONST;
- tr = a->dp[i] - (tt * 10);
- #endif
- tr = tr % 10;
- }
- *rem = tr;
- }
- else {
- for (i = a->used - 1; i >= 0; i--) {
- #ifndef SQR_MUL_ASM
- t = ((sp_int_word)tr << SP_WORD_SIZE) | a->dp[i];
- tt = (t * SP_DIV_10_CONST) >> SP_WORD_SIZE;
- tr = (sp_int_digit)(t - (sp_int_word)tt * 10);
- #else
- t = SP_DIV_10_CONST;
- SP_ASM_MUL(l, tt, a->dp[i], t);
- tt += tr * SP_DIV_10_CONST;
- tr = a->dp[i] - (tt * 10);
- #endif
- tt += tr / 10;
- tr = tr % 10;
- r->dp[i] = tt;
- }
- r->used = a->used;
- sp_clamp(r);
- if (rem != NULL) {
- *rem = tr;
- }
- }
- }
- #endif /* (WOLFSSL_SP_DIV_D || WOLFSSL_SP_MOD_D) && !WOLFSSL_SP_SMALL */
- #if defined(WOLFSSL_SP_DIV_D) || defined(WOLFSSL_SP_MOD_D)
- /* Divide by small number: r = a / d and rem = a % d
- *
- * @param [in] a SP integer to be divided.
- * @param [in] d Digit to divide by.
- * @param [out] r SP integer that is the quotient. May be NULL.
- * @param [out] rem SP integer that is the remainder. May be NULL.
- */
- static void _sp_div_small(sp_int* a, sp_int_digit d, sp_int* r,
- sp_int_digit* rem)
- {
- int i;
- #ifndef SQR_MUL_ASM
- sp_int_word t;
- sp_int_digit tt;
- #else
- sp_int_digit l = 0;
- sp_int_digit tt = 0;
- #endif
- sp_int_digit tr = 0;
- sp_int_digit m;
- if (r == NULL) {
- m = SP_DIGIT_MAX / d;
- for (i = a->used - 1; i >= 0; i--) {
- #ifndef SQR_MUL_ASM
- t = ((sp_int_word)tr << SP_WORD_SIZE) | a->dp[i];
- tt = (t * m) >> SP_WORD_SIZE;
- tr = (sp_int_digit)(t - tt * d);
- #else
- SP_ASM_MUL(l, tt, a->dp[i], m);
- tt += tr * m;
- tr = a->dp[i] - (tt * d);
- #endif
- tr = tr % d;
- }
- *rem = tr;
- }
- else {
- m = SP_DIGIT_MAX / d;
- for (i = a->used - 1; i >= 0; i--) {
- #ifndef SQR_MUL_ASM
- t = ((sp_int_word)tr << SP_WORD_SIZE) | a->dp[i];
- tt = (t * m) >> SP_WORD_SIZE;
- tr = (sp_int_digit)(t - tt * d);
- #else
- SP_ASM_MUL(l, tt, a->dp[i], m);
- tt += tr * m;
- tr = a->dp[i] - (tt * d);
- #endif
- tt += tr / d;
- tr = tr % d;
- r->dp[i] = tt;
- }
- r->used = a->used;
- sp_clamp(r);
- if (rem != NULL) {
- *rem = tr;
- }
- }
- }
- #endif
- #ifdef WOLFSSL_SP_DIV_D
- /* Divide a multi-precision number by a digit size number and calculate
- * remainder.
- * r = a / d; rem = a % d
- *
- * @param [in] a SP integer to be divided.
- * @param [in] d Digit to divide by.
- * @param [out] r SP integer that is the quotient. May be NULL.
- * @param [out] rem Digit that is the remainder. May be NULL.
- *
- * @return MP_OKAY on success.
- * @return MP_VAL when a is NULL or d is 0.
- */
- int sp_div_d(sp_int* a, sp_int_digit d, sp_int* r, sp_int_digit* rem)
- {
- int err = MP_OKAY;
- if ((a == NULL) || (d == 0)) {
- err = MP_VAL;
- }
- if (err == MP_OKAY) {
- #if !defined(WOLFSSL_SP_SMALL)
- if (d == 3) {
- _sp_div_3(a, r, rem);
- }
- else if (d == 10) {
- _sp_div_10(a, r, rem);
- }
- else
- #endif
- if (d <= SP_HALF_MAX) {
- _sp_div_small(a, d, r, rem);
- }
- else
- {
- int i;
- #ifndef SQR_MUL_ASM
- sp_int_word w = 0;
- #else
- sp_int_digit l;
- sp_int_digit h = 0;
- #endif
- sp_int_digit t;
- for (i = a->used - 1; i >= 0; i--) {
- #ifndef SQR_MUL_ASM
- t = sp_div_word((sp_int_digit)w, a->dp[i], d);
- w = (w << SP_WORD_SIZE) | a->dp[i];
- w -= (sp_int_word)t * d;
- #else
- l = a->dp[i];
- t = sp_div_word(h, l, d);
- h = l - t * d;
- #endif
- if (r != NULL) {
- r->dp[i] = t;
- }
- }
- if (r != NULL) {
- r->used = a->used;
- sp_clamp(r);
- }
- if (rem != NULL) {
- #ifndef SQR_MUL_ASM
- *rem = (sp_int_digit)w;
- #else
- *rem = h;
- #endif
- }
- }
- #ifdef WOLFSSL_SP_INT_NEGATIVE
- if (r != NULL) {
- r->sign = a->sign;
- }
- #endif
- }
- return err;
- }
- #endif /* WOLFSSL_SP_DIV_D */
- #ifdef WOLFSSL_SP_MOD_D
- /* Calculate a modulo the digit d into r: r = a mod d
- *
- * @param [in] a SP integer to reduce.
- * @param [in] d Digit to that is the modulus.
- * @param [out] r Digit that is the result..
- *
- * @return MP_OKAY on success.
- * @return MP_VAL when a is NULL or d is 0.
- */
- #if !defined(WOLFSSL_SP_MATH_ALL) && (!defined(HAVE_ECC) || \
- !defined(HAVE_COMP_KEY)) && !defined(OPENSSL_EXTRA)
- static
- #endif /* !WOLFSSL_SP_MATH_ALL && (!HAVE_ECC || !HAVE_COMP_KEY) */
- int sp_mod_d(sp_int* a, const sp_int_digit d, sp_int_digit* r)
- {
- int err = MP_OKAY;
- if ((a == NULL) || (r == NULL) || (d == 0)) {
- err = MP_VAL;
- }
- #if 0
- sp_print(a, "a");
- sp_print_digit(d, "m");
- #endif
- if (err == MP_OKAY) {
- /* Check whether d is a power of 2. */
- if ((d & (d - 1)) == 0) {
- if (a->used == 0) {
- *r = 0;
- }
- else {
- *r = a->dp[0] & (d - 1);
- }
- }
- #if !defined(WOLFSSL_SP_SMALL)
- else if (d == 3) {
- _sp_div_3(a, NULL, r);
- }
- else if (d == 10) {
- _sp_div_10(a, NULL, r);
- }
- #endif
- else if (d <= SP_HALF_MAX) {
- _sp_div_small(a, d, NULL, r);
- }
- else {
- int i;
- #ifndef SQR_MUL_ASM
- sp_int_word w = 0;
- #else
- sp_int_digit l;
- sp_int_digit h = 0;
- #endif
- sp_int_digit t;
- for (i = a->used - 1; i >= 0; i--) {
- #ifndef SQR_MUL_ASM
- t = sp_div_word((sp_int_digit)w, a->dp[i], d);
- w = (w << SP_WORD_SIZE) | a->dp[i];
- w -= (sp_int_word)t * d;
- #else
- l = a->dp[i];
- t = sp_div_word(h, l, d);
- h = l - t * d;
- #endif
- }
- #ifndef SQR_MUL_ASM
- *r = (sp_int_digit)w;
- #else
- *r = h;
- #endif
- }
- #ifdef WOLFSSL_SP_INT_NEGATIVE
- if (a->sign == MP_NEG) {
- *r = d - *r;
- }
- #endif
- }
- #if 0
- sp_print_digit(*r, "rmod");
- #endif
- return err;
- }
- #endif /* WOLFSSL_SP_MOD_D */
- #if defined(WOLFSSL_SP_MATH_ALL) && defined(HAVE_ECC)
- /* Divides a by 2 mod m and stores in r: r = (a / 2) mod m
- *
- * r = a / 2 (mod m) - constant time (a < m and positive)
- *
- * @param [in] a SP integer to divide.
- * @param [in] m SP integer that is modulus.
- * @param [out] r SP integer to hold result.
- *
- * @return MP_OKAY on success.
- * @return MP_VAL when a, m or r is NULL.
- */
- int sp_div_2_mod_ct(sp_int* a, sp_int* m, sp_int* r)
- {
- int err = MP_OKAY;
- if ((a == NULL) || (m == NULL) || (r == NULL)) {
- err = MP_VAL;
- }
- if ((err == MP_OKAY) && (r->size < m->used + 1)) {
- err = MP_VAL;
- }
- if (err == MP_OKAY) {
- #ifndef SQR_MUL_ASM
- sp_int_word w = 0;
- #else
- sp_int_digit l = 0;
- sp_int_digit h = 0;
- sp_int_digit t;
- #endif
- sp_int_digit mask;
- int i;
- #if 0
- sp_print(a, "a");
- sp_print(m, "m");
- #endif
- mask = (sp_int_digit)0 - (a->dp[0] & 1);
- for (i = 0; i < m->used; i++) {
- sp_int_digit mask_a = (sp_int_digit)0 - (i < a->used);
- #ifndef SQR_MUL_ASM
- w += m->dp[i] & mask;
- w += a->dp[i] & mask_a;
- r->dp[i] = (sp_int_digit)w;
- w >>= DIGIT_BIT;
- #else
- t = m->dp[i] & mask;
- SP_ASM_ADDC(l, h, t);
- t = a->dp[i] & mask_a;
- SP_ASM_ADDC(l, h, t);
- r->dp[i] = l;
- l = h;
- h = 0;
- #endif
- }
- #ifndef SQR_MUL_ASM
- r->dp[i] = (sp_int_digit)w;
- #else
- r->dp[i] = l;
- #endif
- r->used = i + 1;
- #ifdef WOLFSSL_SP_INT_NEGATIVE
- r->sign = MP_ZPOS;
- #endif
- sp_clamp(r);
- sp_div_2(r, r);
- #if 0
- sp_print(r, "rd2");
- #endif
- }
- return err;
- }
- #endif /* WOLFSSL_SP_MATH_ALL && HAVE_ECC */
- #if defined(HAVE_ECC) || !defined(NO_DSA) || defined(OPENSSL_EXTRA) || \
- (!defined(NO_RSA) && !defined(WOLFSSL_RSA_VERIFY_ONLY) && \
- !defined(WOLFSSL_RSA_PUBLIC_ONLY))
- /* Divides a by 2 and stores in r: r = a >> 1
- *
- * @param [in] a SP integer to divide.
- * @param [out] r SP integer to hold result.
- *
- * @return MP_OKAY on success.
- * @return MP_VAL when a or r is NULL.
- */
- #if !(defined(WOLFSSL_SP_MATH_ALL) && defined(HAVE_ECC))
- static
- #endif
- int sp_div_2(sp_int* a, sp_int* r)
- {
- int err = MP_OKAY;
- #if defined(WOLFSSL_SP_MATH_ALL) && defined(HAVE_ECC)
- /* Only when a public API. */
- if ((a == NULL) || (r == NULL)) {
- err = MP_VAL;
- }
- #endif
- if (err == MP_OKAY) {
- int i;
- r->used = a->used;
- for (i = 0; i < a->used - 1; i++) {
- r->dp[i] = (a->dp[i] >> 1) | (a->dp[i+1] << (SP_WORD_SIZE - 1));
- }
- r->dp[i] = a->dp[i] >> 1;
- r->used = i + 1;
- sp_clamp(r);
- #ifdef WOLFSSL_SP_INT_NEGATIVE
- r->sign = a->sign;
- #endif
- }
- return err;
- }
- #endif /* HAVE_ECC || !NO_DSA || OPENSSL_EXTRA ||
- * (!NO_RSA && !WOLFSSL_RSA_VERIFY_ONLY) */
- /************************
- * Add/Subtract Functions
- ************************/
- #if !defined(WOLFSSL_RSA_VERIFY_ONLY) || defined(WOLFSSL_SP_INVMOD)
- /* Add offset b to a into r: r = a + (b << (o * SP_WORD_SIZEOF))
- *
- * @param [in] a SP integer to add to.
- * @param [in] b SP integer to add.
- * @param [out] r SP integer to store result in.
- * @param [in] o Number of digits to offset b.
- *
- * @return MP_OKAY on success.
- */
- static int _sp_add_off(sp_int* a, sp_int* b, sp_int* r, int o)
- {
- int i;
- int j;
- #ifndef SQR_MUL_ASM
- sp_int_word t = 0;
- #else
- sp_int_digit l = 0;
- sp_int_digit h = 0;
- sp_int_digit t = 0;
- #endif
- #ifdef SP_MATH_NEED_ADD_OFF
- for (i = 0; (i < o) && (i < a->used); i++) {
- r->dp[i] = a->dp[i];
- }
- for (; i < o; i++) {
- r->dp[i] = 0;
- }
- #else
- i = 0;
- (void)o;
- #endif
- for (j = 0; (i < a->used) && (j < b->used); i++, j++) {
- #ifndef SQR_MUL_ASM
- t += a->dp[i];
- t += b->dp[j];
- r->dp[i] = (sp_int_digit)t;
- t >>= SP_WORD_SIZE;
- #else
- t = a->dp[i];
- SP_ASM_ADDC(l, h, t);
- t = b->dp[j];
- SP_ASM_ADDC(l, h, t);
- r->dp[i] = l;
- l = h;
- h = 0;
- #endif
- }
- for (; i < a->used; i++) {
- #ifndef SQR_MUL_ASM
- t += a->dp[i];
- r->dp[i] = (sp_int_digit)t;
- t >>= SP_WORD_SIZE;
- #else
- t = a->dp[i];
- SP_ASM_ADDC(l, h, t);
- r->dp[i] = l;
- l = h;
- h = 0;
- #endif
- }
- for (; j < b->used; i++, j++) {
- #ifndef SQR_MUL_ASM
- t += b->dp[j];
- r->dp[i] = (sp_int_digit)t;
- t >>= SP_WORD_SIZE;
- #else
- t = b->dp[j];
- SP_ASM_ADDC(l, h, t);
- r->dp[i] = l;
- l = h;
- h = 0;
- #endif
- }
- r->used = i;
- #ifndef SQR_MUL_ASM
- if (t != 0) {
- r->dp[i] = (sp_int_digit)t;
- r->used++;
- }
- #else
- if (l != 0) {
- r->dp[i] = l;
- r->used++;
- }
- #endif
- sp_clamp(r);
- return MP_OKAY;
- }
- #endif /* !WOLFSSL_RSA_VERIFY_ONLY */
- #if defined(WOLFSSL_SP_MATH_ALL) || defined(WOLFSSL_SP_INT_NEGATIVE) || \
- !defined(NO_DH) || defined(HAVE_ECC) || (!defined(NO_RSA) && \
- !defined(WOLFSSL_RSA_VERIFY_ONLY))
- /* Sub offset b from a into r: r = a - (b << (o * SP_WORD_SIZEOF))
- * a must be greater than b.
- *
- * @param [in] a SP integer to subtract from.
- * @param [in] b SP integer to subtract.
- * @param [out] r SP integer to store result in.
- * @param [in] o Number of digits to offset b.
- *
- * @return MP_OKAY on success.
- */
- static int _sp_sub_off(sp_int* a, sp_int* b, sp_int* r, int o)
- {
- int i;
- int j;
- #ifndef SQR_MUL_ASM
- sp_int_sword t = 0;
- #else
- sp_int_digit l = 0;
- sp_int_digit h = 0;
- sp_int_digit t = 0;
- #endif
- for (i = 0; (i < o) && (i < a->used); i++) {
- r->dp[i] = a->dp[i];
- }
- for (j = 0; (i < a->used) && (j < b->used); i++, j++) {
- #ifndef SQR_MUL_ASM
- t += a->dp[i];
- t -= b->dp[j];
- r->dp[i] = (sp_int_digit)t;
- t >>= SP_WORD_SIZE;
- #else
- t = a->dp[i];
- SP_ASM_ADDC(l, h, t);
- t = b->dp[j];
- SP_ASM_SUBC(l, h, t);
- r->dp[i] = l;
- l = h;
- h = (sp_int_digit)0 - (l >> (SP_WORD_SIZE - 1));
- #endif
- }
- for (; i < a->used; i++) {
- #ifndef SQR_MUL_ASM
- t += a->dp[i];
- r->dp[i] = (sp_int_digit)t;
- t >>= SP_WORD_SIZE;
- #else
- t = a->dp[i];
- SP_ASM_ADDC(l, h, t);
- r->dp[i] = l;
- l = h;
- h = (sp_int_digit)0 - (l >> (SP_WORD_SIZE - 1));
- #endif
- }
- r->used = i;
- sp_clamp(r);
- return MP_OKAY;
- }
- #endif /* WOLFSSL_SP_MATH_ALL || WOLFSSL_SP_INT_NEGATIVE || !NO_DH ||
- * HAVE_ECC || (!NO_RSA && !WOLFSSL_RSA_VERIFY_ONLY) */
- #if !defined(WOLFSSL_RSA_VERIFY_ONLY) || defined(WOLFSSL_SP_INVMOD)
- /* Add b to a into r: r = a + b
- *
- * @param [in] a SP integer to add to.
- * @param [in] b SP integer to add.
- * @param [out] r SP integer to store result in.
- *
- * @return MP_OKAY on success.
- * @return MP_VAL when a, b, or r is NULL.
- */
- int sp_add(sp_int* a, sp_int* b, sp_int* r)
- {
- int err = MP_OKAY;
- if ((a == NULL) || (b == NULL) || (r == NULL)) {
- err = MP_VAL;
- }
- if ((err == MP_OKAY) && ((a->used >= r->size) || (b->used >= r->size))) {
- err = MP_VAL;
- }
- if (err == MP_OKAY) {
- #ifndef WOLFSSL_SP_INT_NEGATIVE
- err = _sp_add_off(a, b, r, 0);
- #else
- if (a->sign == b->sign) {
- r->sign = a->sign;
- err = _sp_add_off(a, b, r, 0);
- }
- else if (_sp_cmp_abs(a, b) != MP_LT) {
- err = _sp_sub_off(a, b, r, 0);
- if (sp_iszero(r)) {
- r->sign = MP_ZPOS;
- }
- else {
- r->sign = a->sign;
- }
- }
- else {
- err = _sp_sub_off(b, a, r, 0);
- if (sp_iszero(r)) {
- r->sign = MP_ZPOS;
- }
- else {
- r->sign = b->sign;
- }
- }
- #endif
- }
- return err;
- }
- #endif /* !WOLFSSL_RSA_VERIFY_ONLY */
- #if defined(WOLFSSL_SP_MATH_ALL) || !defined(NO_DH) || defined(HAVE_ECC) || \
- (!defined(NO_RSA) && !defined(WOLFSSL_RSA_VERIFY_ONLY))
- /* Subtract b from a into r: r = a - b
- *
- * a must be greater than b unless WOLFSSL_SP_INT_NEGATIVE is defined.
- *
- * @param [in] a SP integer to subtract from.
- * @param [in] b SP integer to subtract.
- * @param [out] r SP integer to store result in.
- *
- * @return MP_OKAY on success.
- * @return MP_VAL when a, b, or r is NULL.
- */
- int sp_sub(sp_int* a, sp_int* b, sp_int* r)
- {
- int err = MP_OKAY;
- if ((a == NULL) || (b == NULL) || (r == NULL)) {
- err = MP_VAL;
- }
- else {
- #ifndef WOLFSSL_SP_INT_NEGATIVE
- err = _sp_sub_off(a, b, r, 0);
- #else
- if (a->sign != b->sign) {
- r->sign = a->sign;
- err = _sp_add_off(a, b, r, 0);
- }
- else if (_sp_cmp_abs(a, b) != MP_LT) {
- err = _sp_sub_off(a, b, r, 0);
- if (sp_iszero(r)) {
- r->sign = MP_ZPOS;
- }
- else {
- r->sign = a->sign;
- }
- }
- else {
- err = _sp_sub_off(b, a, r, 0);
- if (sp_iszero(r)) {
- r->sign = MP_ZPOS;
- }
- else {
- r->sign = 1 - a->sign;
- }
- }
- #endif
- }
- return err;
- }
- #endif /* WOLFSSL_SP_MATH_ALL || !NO_DH || HAVE_ECC ||
- * (!NO_RSA && !WOLFSSL_RSA_VERIFY_ONLY)*/
- /****************************
- * Add/Subtract mod functions
- ****************************/
- #if (defined(WOLFSSL_SP_MATH_ALL) && !defined(WOLFSSL_RSA_VERIFY_ONLY)) || \
- (!defined(WOLFSSL_SP_MATH) && defined(WOLFSSL_CUSTOM_CURVES)) || \
- defined(WOLFCRYPT_HAVE_ECCSI) || defined(WOLFCRYPT_HAVE_SAKKE)
- /* Add two value and reduce: r = (a + b) % m
- *
- * @param [in] a SP integer to add.
- * @param [in] b SP integer to add with.
- * @param [in] m SP integer that is the modulus.
- * @param [out] r SP integer to hold result.
- *
- * @return MP_OKAY on success.
- * @return MP_VAL when a, b, m or r is NULL.
- * @return MP_MEM when dynamic memory allocation fails.
- */
- int sp_addmod(sp_int* a, sp_int* b, sp_int* m, sp_int* r)
- {
- int err = MP_OKAY;
- int used = ((a == NULL) || (b == NULL)) ? 1 :
- ((a->used >= b->used) ? a->used + 1 : b->used + 1);
- DECL_SP_INT(t, used);
- if ((a == NULL) || (b == NULL) || (m == NULL) || (r == NULL)) {
- err = MP_VAL;
- }
- ALLOC_SP_INT_SIZE(t, used, err, NULL);
- #if 0
- if (err == MP_OKAY) {
- sp_print(a, "a");
- sp_print(b, "b");
- sp_print(m, "m");
- }
- #endif
- if (err == MP_OKAY) {
- err = sp_add(a, b, t);
- }
- if (err == MP_OKAY) {
- err = sp_mod(t, m, r);
- }
- #if 0
- if (err == MP_OKAY) {
- sp_print(r, "rma");
- }
- #endif
- FREE_SP_INT(t, NULL);
- return err;
- }
- #endif /* WOLFSSL_SP_MATH_ALL || WOLFSSL_CUSTOM_CURVES) ||
- * WOLFCRYPT_HAVE_ECCSI || WOLFCRYPT_HAVE_SAKKE */
- #if defined(WOLFSSL_SP_MATH_ALL) && (!defined(WOLFSSL_RSA_VERIFY_ONLY) || \
- defined(HAVE_ECC))
- /* Sub b from a and reduce: r = (a - b) % m
- * Result is always positive.
- *
- * @param [in] a SP integer to subtract from
- * @param [in] b SP integer to subtract.
- * @param [in] m SP integer that is the modulus.
- * @param [out] r SP integer to hold result.
- *
- * @return MP_OKAY on success.
- * @return MP_VAL when a, b, m or r is NULL.
- * @return MP_MEM when dynamic memory allocation fails.
- */
- int sp_submod(sp_int* a, sp_int* b, sp_int* m, sp_int* r)
- {
- #ifndef WOLFSSL_SP_INT_NEGATIVE
- int err = MP_OKAY;
- int used = ((a == NULL) || (b == NULL) || (m == NULL)) ? 1 :
- ((a->used >= m->used) ?
- ((a->used >= b->used) ? (a->used + 1) : (b->used + 1)) :
- ((b->used >= m->used)) ? (b->used + 1) : (m->used + 1));
- DECL_SP_INT_ARRAY(t, used, 2);
- if ((a == NULL) || (b == NULL) || (m == NULL) || (r == NULL)) {
- err = MP_VAL;
- }
- #if 0
- if (err == MP_OKAY) {
- sp_print(a, "a");
- sp_print(b, "b");
- sp_print(m, "m");
- }
- #endif
- ALLOC_SP_INT_ARRAY(t, used, 2, err, NULL);
- if (err == MP_OKAY) {
- if (_sp_cmp(a, m) != MP_LT) {
- err = sp_mod(a, m, t[0]);
- a = t[0];
- }
- }
- if (err == MP_OKAY) {
- if (_sp_cmp(b, m) != MP_LT) {
- err = sp_mod(b, m, t[1]);
- b = t[1];
- }
- }
- if (err == MP_OKAY) {
- if (_sp_cmp(a, b) == MP_LT) {
- err = sp_add(a, m, t[0]);
- a = t[0];
- }
- }
- if (err == MP_OKAY) {
- err = sp_sub(a, b, r);
- }
- #if 0
- if (err == MP_OKAY) {
- sp_print(r, "rms");
- }
- #endif
- FREE_SP_INT_ARRAY(t, NULL);
- return err;
- #else /* WOLFSSL_SP_INT_NEGATIVE */
- int err = MP_OKAY;
- int used = ((a == NULL) || (b == NULL)) ? 1 :
- ((a->used >= b->used) ? a->used + 1 : b->used + 1);
- DECL_SP_INT(t, used);
- if ((a == NULL) || (b == NULL) || (m == NULL) || (r == NULL)) {
- err = MP_VAL;
- }
- #if 0
- if (err == MP_OKAY) {
- sp_print(a, "a");
- sp_print(b, "b");
- sp_print(m, "m");
- }
- #endif
- ALLOC_SP_INT_SIZE(t, used, err, NULL);
- if (err == MP_OKAY) {
- err = sp_sub(a, b, t);
- }
- if (err == MP_OKAY) {
- err = sp_mod(t, m, r);
- }
- #if 0
- if (err == MP_OKAY) {
- sp_print(r, "rms");
- }
- #endif
- FREE_SP_INT(t, NULL);
- return err;
- #endif /* WOLFSSL_SP_INT_NEGATIVE */
- }
- #endif /* WOLFSSL_SP_MATH_ALL */
- #if defined(WOLFSSL_SP_MATH_ALL) && defined(HAVE_ECC)
- /* Add two value and reduce: r = (a + b) % m
- *
- * r = a + b (mod m) - constant time (a < m and b < m, a, b and m are positive)
- *
- * Assumes a, b, m and r are not NULL.
- * m and r must not be the same pointer.
- *
- * @param [in] a SP integer to add.
- * @param [in] b SP integer to add with.
- * @param [in] m SP integer that is the modulus.
- * @param [out] r SP integer to hold result.
- *
- * @return MP_OKAY on success.
- */
- int sp_addmod_ct(sp_int* a, sp_int* b, sp_int* m, sp_int* r)
- {
- int err = MP_OKAY;
- #ifndef SQR_MUL_ASM
- sp_int_sword w;
- sp_int_sword s;
- #else
- sp_int_digit wl;
- sp_int_digit wh;
- sp_int_digit sl;
- sp_int_digit sh;
- sp_int_digit t;
- #endif
- sp_int_digit mask;
- int i;
- if (r->size < m->used) {
- err = MP_VAL;
- }
- if ((err == MP_OKAY) && (r == m)) {
- err = MP_VAL;
- }
- if (err == MP_OKAY) {
- #if 0
- sp_print(a, "a");
- sp_print(b, "b");
- sp_print(m, "m");
- #endif
- /* Add a to b into r. Do the subtract of modulus but don't store result.
- * When subtract result is negative, the overflow will be negative.
- * Only need to subtract mod when result is positive - overflow is
- * positive.
- */
- #ifndef SQR_MUL_ASM
- w = 0;
- s = 0;
- #else
- wl = 0;
- wh = 0;
- sl = 0;
- sh = 0;
- #endif
- for (i = 0; i < m->used; i++) {
- /* Values past 'used' are not initialized. */
- sp_int_digit mask_a = (sp_int_digit)0 - (i < a->used);
- sp_int_digit mask_b = (sp_int_digit)0 - (i < b->used);
- #ifndef SQR_MUL_ASM
- w += a->dp[i] & mask_a;
- w += b->dp[i] & mask_b;
- r->dp[i] = (sp_int_digit)w;
- s += (sp_int_digit)w;
- s -= m->dp[i];
- s >>= DIGIT_BIT;
- w >>= DIGIT_BIT;
- #else
- t = a->dp[i] & mask_a;
- SP_ASM_ADDC(wl, wh, t);
- t = b->dp[i] & mask_b;
- SP_ASM_ADDC(wl, wh, t);
- r->dp[i] = wl;
- SP_ASM_ADDC(sl, sh, wl);
- t = m->dp[i];
- SP_ASM_SUBC(sl, sh, t);
- sl = sh;
- sh = (sp_int_digit)0 - (sl >> (SP_WORD_SIZE-1));
- wl = wh;
- wh = 0;
- #endif
- }
- #ifndef SQR_MUL_ASM
- s += (sp_int_digit)w;
- /* s will be positive when subtracting modulus is needed. */
- mask = (sp_int_digit)0 - (s >= 0);
- #else
- SP_ASM_ADDC(sl, sh, wl);
- /* s will be positive when subtracting modulus is needed. */
- mask = (sh >> (SP_WORD_SIZE-1)) - 1;
- #endif
- /* Constant time, conditionally, subtract modulus from sum. */
- #ifndef SQR_MUL_ASM
- w = 0;
- #else
- wl = 0;
- wh = 0;
- #endif
- for (i = 0; i < m->used; i++) {
- #ifndef SQR_MUL_ASM
- w += r->dp[i];
- w -= m->dp[i] & mask;
- r->dp[i] = (sp_int_digit)w;
- w >>= DIGIT_BIT;
- #else
- t = r->dp[i];
- SP_ASM_ADDC(wl, wh, t);
- t = m->dp[i] & mask;
- SP_ASM_SUBC(wl, wh, t);
- r->dp[i] = wl;
- wl = wh;
- wh = (sp_int_digit)0 - (wl >> (SP_WORD_SIZE-1));
- #endif
- }
- /* Result will always have digits equal to or less than those in
- * modulus. */
- r->used = i;
- #ifdef WOLFSSL_SP_INT_NEGATIVE
- r->sign = MP_ZPOS;
- #endif /* WOLFSSL_SP_INT_NEGATIVE */
- sp_clamp(r);
- #if 0
- sp_print(r, "rma");
- #endif
- }
- return err;
- }
- #endif /* WOLFSSL_SP_MATH_ALL && HAVE_ECC */
- #if defined(WOLFSSL_SP_MATH_ALL) && defined(HAVE_ECC)
- /* Sub b from a and reduce: r = (a - b) % m
- * Result is always positive.
- *
- * r = a - b (mod m) - constant time (a < m and b < m, a, b and m are positive)
- *
- * Assumes a, b, m and r are not NULL.
- * m and r must not be the same pointer.
- *
- * @param [in] a SP integer to subtract from
- * @param [in] b SP integer to subtract.
- * @param [in] m SP integer that is the modulus.
- * @param [out] r SP integer to hold result.
- *
- * @return MP_OKAY on success.
- */
- int sp_submod_ct(sp_int* a, sp_int* b, sp_int* m, sp_int* r)
- {
- int err = MP_OKAY;
- #ifndef SQR_MUL_ASM
- sp_int_sword w;
- #else
- sp_int_digit l;
- sp_int_digit h;
- sp_int_digit t;
- #endif
- sp_int_digit mask;
- int i;
- if (r->size < m->used + 1) {
- err = MP_VAL;
- }
- if ((err == MP_OKAY) && (r == m)) {
- err = MP_VAL;
- }
- if (err == MP_OKAY) {
- #if 0
- sp_print(a, "a");
- sp_print(b, "b");
- sp_print(m, "m");
- #endif
- /* In constant time, subtract b from a putting result in r. */
- #ifndef SQR_MUL_ASM
- w = 0;
- #else
- l = 0;
- h = 0;
- #endif
- for (i = 0; i < m->used; i++) {
- /* Values past 'used' are not initialized. */
- sp_int_digit mask_a = (sp_int_digit)0 - (i < a->used);
- sp_int_digit mask_b = (sp_int_digit)0 - (i < b->used);
- #ifndef SQR_MUL_ASM
- w += a->dp[i] & mask_a;
- w -= b->dp[i] & mask_b;
- r->dp[i] = (sp_int_digit)w;
- w >>= DIGIT_BIT;
- #else
- t = a->dp[i] & mask_a;
- SP_ASM_ADDC(l, h, t);
- t = b->dp[i] & mask_b;
- SP_ASM_SUBC(l, h, t);
- r->dp[i] = l;
- l = h;
- h = (sp_int_digit)0 - (l >> (SP_WORD_SIZE - 1));
- #endif
- }
- /* When w is negative then we need to add modulus to make result
- * positive. */
- #ifndef SQR_MUL_ASM
- mask = (sp_int_digit)0 - (w < 0);
- #else
- mask = h;
- #endif
- /* Constant time, conditionally, add modulus to difference. */
- #ifndef SQR_MUL_ASM
- w = 0;
- #else
- l = 0;
- h = 0;
- #endif
- for (i = 0; i < m->used; i++) {
- #ifndef SQR_MUL_ASM
- w += r->dp[i];
- w += m->dp[i] & mask;
- r->dp[i] = (sp_int_digit)w;
- w >>= DIGIT_BIT;
- #else
- t = r->dp[i];
- SP_ASM_ADDC(l, h, t);
- t = m->dp[i] & mask;
- SP_ASM_ADDC(l, h, t);
- r->dp[i] = l;
- l = h;
- h = 0;
- #endif
- }
- r->used = i;
- #ifdef WOLFSSL_SP_INT_NEGATIVE
- r->sign = MP_ZPOS;
- #endif /* WOLFSSL_SP_INT_NEGATIVE */
- sp_clamp(r);
- #if 0
- sp_print(r, "rms");
- #endif
- }
- return err;
- }
- #endif /* WOLFSSL_SP_MATH_ALL && HAVE_ECC */
- /********************
- * Shifting functoins
- ********************/
- #if !defined(NO_DH) || defined(HAVE_ECC) || (defined(WC_RSA_BLINDING) && \
- !defined(WOLFSSL_RSA_VERIFY_ONLY))
- /* Left shift the multi-precision number by a number of digits.
- *
- * @param [in,out] a SP integer to shift.
- * @param [in] s Number of digits to shift.
- *
- * @return MP_OKAY on success.
- * @return MP_VAL when a is NULL or the result is too big to fit in an SP.
- */
- int sp_lshd(sp_int* a, int s)
- {
- int err = MP_OKAY;
- if (a == NULL) {
- err = MP_VAL;
- }
- if ((err == MP_OKAY) && (a->used + s > a->size)) {
- err = MP_VAL;
- }
- if (err == MP_OKAY) {
- XMEMMOVE(a->dp + s, a->dp, a->used * sizeof(sp_int_digit));
- a->used += s;
- XMEMSET(a->dp, 0, s * sizeof(sp_int_digit));
- sp_clamp(a);
- }
- return err;
- }
- #endif
- #if defined(WOLFSSL_SP_MATH_ALL) || !defined(NO_DH) || defined(HAVE_ECC) || \
- (!defined(NO_RSA) && !defined(WOLFSSL_RSA_VERIFY_ONLY) && \
- !defined(WOLFSSL_RSA_PUBLIC_ONLY))
- /* Left shift the multi-precision number by n bits.
- * Bits may be larger than the word size.
- *
- * @param [in,out] a SP integer to shift.
- * @param [in] n Number of bits to shift left.
- *
- * @return MP_OKAY on success.
- */
- static int sp_lshb(sp_int* a, int n)
- {
- int err = MP_OKAY;
- if (a->used != 0) {
- int s = n >> SP_WORD_SHIFT;
- int i;
- if (a->used + s >= a->size) {
- err = MP_VAL;
- }
- if (err == MP_OKAY) {
- n &= SP_WORD_MASK;
- if (n != 0) {
- sp_int_digit v;
- v = a->dp[a->used - 1] >> (SP_WORD_SIZE - n);
- a->dp[a->used - 1 + s] = a->dp[a->used - 1] << n;
- for (i = a->used - 2; i >= 0; i--) {
- a->dp[i + 1 + s] |= a->dp[i] >> (SP_WORD_SIZE - n);
- a->dp[i + s] = a->dp[i] << n;
- }
- if (v != 0) {
- a->dp[a->used + s] = v;
- a->used++;
- }
- }
- else if (s > 0) {
- for (i = a->used - 1; i >= 0; i--) {
- a->dp[i + s] = a->dp[i];
- }
- }
- a->used += s;
- XMEMSET(a->dp, 0, SP_WORD_SIZEOF * s);
- }
- }
- return err;
- }
- #endif /* WOLFSSL_SP_MATH_ALL || !NO_DH || HAVE_ECC ||
- * (!NO_RSA && !WOLFSSL_RSA_VERIFY_ONLY) */
- #if (defined(WOLFSSL_SP_MATH_ALL) && !defined(WOLFSSL_RSA_VERIFY_ONLY)) || \
- !defined(NO_DH) || defined(HAVE_ECC) || \
- (!defined(NO_RSA) && !defined(WOLFSSL_RSA_VERIFY_ONLY))
- /* Shift a right by n digits into r: r = a >> (n * SP_WORD_SIZE)
- *
- * @param [in] a SP integer to shift.
- * @param [in] n Number of digits to shift.
- * @param [out] r SP integer to store result in.
- */
- void sp_rshd(sp_int* a, int c)
- {
- if (a != NULL) {
- int i;
- int j;
- if (c >= a->used) {
- _sp_zero(a);
- }
- else {
- for (i = c, j = 0; i < a->used; i++, j++) {
- a->dp[j] = a->dp[i];
- }
- a->used -= c;
- }
- }
- }
- #endif /* (WOLFSSL_SP_MATH_ALL && !WOLFSSL_RSA_VERIFY_ONLY) || !NO_DH ||
- * HAVE_ECC || (!NO_RSA && !WOLFSSL_RSA_VERIFY_ONLY) */
- #if defined(WOLFSSL_SP_MATH_ALL) || !defined(NO_DH) || defined(HAVE_ECC) || \
- (!defined(NO_RSA) && !defined(WOLFSSL_RSA_VERIFY_ONLY)) || \
- defined(WOLFSSL_HAVE_SP_DH)
- /* Shift a right by n bits into r: r = a >> n
- *
- * @param [in] a SP integer to shift.
- * @param [in] n Number of bits to shift.
- * @param [out] r SP integer to store result in.
- */
- void sp_rshb(sp_int* a, int n, sp_int* r)
- {
- int i = n >> SP_WORD_SHIFT;
- if (i >= a->used) {
- _sp_zero(r);
- }
- else {
- int j;
- n &= SP_WORD_SIZE - 1;
- if (n == 0) {
- for (j = 0; i < a->used; i++, j++)
- r->dp[j] = a->dp[i];
- r->used = j;
- }
- else if (n > 0) {
- for (j = 0; i < a->used-1; i++, j++)
- r->dp[j] = (a->dp[i] >> n) | (a->dp[i+1] << (SP_WORD_SIZE - n));
- r->dp[j] = a->dp[i] >> n;
- r->used = j + 1;
- sp_clamp(r);
- }
- #ifdef WOLFSSL_SP_INT_NEGATIVE
- if (sp_iszero(r)) {
- r->sign = MP_ZPOS;
- }
- else {
- r->sign = a->sign;
- }
- #endif
- }
- }
- #endif /* WOLFSSL_SP_MATH_ALL || !NO_DH || HAVE_ECC ||
- * (!NO_RSA && !WOLFSSL_RSA_VERIFY_ONLY) || WOLFSSL_HAVE_SP_DH */
- #if defined(WOLFSSL_SP_MATH_ALL) || !defined(NO_DH) || defined(HAVE_ECC) || \
- (!defined(NO_RSA) && !defined(WOLFSSL_RSA_VERIFY_ONLY) && \
- !defined(WOLFSSL_RSA_PUBLIC_ONLY))
- /* Divide a by d and return the quotient in r and the remainder in rem.
- * r = a / d; rem = a % d
- *
- * @param [in] a SP integer to be divided.
- * @param [in] d SP integer to divide by.
- * @param [out] r SP integer that is the quotient.
- * @param [out] rem SP integer that is the remainder.
- *
- * @return MP_OKAY on success.
- * @return MP_VAL when a or d is NULL, r and rem are NULL, or d is 0.
- * @return MP_MEM when dynamic memory allocation fails.
- */
- #ifndef WOLFSSL_SP_MATH_ALL
- static
- #endif
- int sp_div(sp_int* a, sp_int* d, sp_int* r, sp_int* rem)
- {
- int err = MP_OKAY;
- int ret;
- int done = 0;
- int i;
- int s = 0;
- sp_int_digit dt;
- sp_int_digit t;
- sp_int* sa = NULL;
- sp_int* sd = NULL;
- sp_int* tr = NULL;
- sp_int* trial = NULL;
- #ifdef WOLFSSL_SP_INT_NEGATIVE
- int aSign = MP_ZPOS;
- int dSign = MP_ZPOS;
- #endif /* WOLFSSL_SP_INT_NEGATIVE */
- DECL_SP_INT_ARRAY(td, (a == NULL) ? 1 : a->used + 1, 4);
- if ((a == NULL) || (d == NULL) || ((r == NULL) && (rem == NULL))) {
- err = MP_VAL;
- }
- if ((err == MP_OKAY) && sp_iszero(d)) {
- err = MP_VAL;
- }
- if ((err == MP_OKAY) && (r != NULL) && (r->size < a->used - d->used + 2)) {
- err = MP_VAL;
- }
- if ((err == MP_OKAY) && (rem != NULL)) {
- if ((a->used <= d->used) && (rem->size < a->used + 1)) {
- err = MP_VAL;
- }
- else if ((a->used > d->used) && (rem->size < d->used + 1)) {
- err = MP_VAL;
- }
- }
- /* May need to shift number being divided left into a new word. */
- if ((err == MP_OKAY) && (a->used == SP_INT_DIGITS)) {
- int bits = SP_WORD_SIZE - (sp_count_bits(d) % SP_WORD_SIZE);
- if ((bits != SP_WORD_SIZE) &&
- (sp_count_bits(a) + bits > SP_INT_DIGITS * SP_WORD_SIZE)) {
- err = MP_VAL;
- }
- }
- #if 0
- if (err == MP_OKAY) {
- sp_print(a, "a");
- sp_print(d, "b");
- }
- #endif
- if (err == MP_OKAY) {
- #ifdef WOLFSSL_SP_INT_NEGATIVE
- aSign = a->sign;
- dSign = d->sign;
- #endif /* WOLFSSL_SP_INT_NEGATIVE */
- ret = _sp_cmp_abs(a, d);
- if (ret == MP_LT) {
- if (rem != NULL) {
- sp_copy(a, rem);
- }
- if (r != NULL) {
- sp_set(r, 0);
- }
- done = 1;
- }
- else if (ret == MP_EQ) {
- if (rem != NULL) {
- sp_set(rem, 0);
- }
- if (r != NULL) {
- sp_set(r, 1);
- #ifdef WOLFSSL_SP_INT_NEGATIVE
- r->sign = (aSign == dSign) ? MP_ZPOS : MP_NEG;
- #endif /* WOLFSSL_SP_INT_NEGATIVE */
- }
- done = 1;
- }
- else if (sp_count_bits(a) == sp_count_bits(d)) {
- /* a is greater than d but same bit length */
- if (rem != NULL) {
- _sp_sub_off(a, d, rem, 0);
- #ifdef WOLFSSL_SP_INT_NEGATIVE
- rem->sign = aSign;
- #endif
- }
- if (r != NULL) {
- sp_set(r, 1);
- #ifdef WOLFSSL_SP_INT_NEGATIVE
- r->sign = (aSign == dSign) ? MP_ZPOS : MP_NEG;
- #endif /* WOLFSSL_SP_INT_NEGATIVE */
- }
- done = 1;
- }
- }
- if ((!done) && (err == MP_OKAY)) {
- #if (defined(WOLFSSL_SMALL_STACK) || defined(SP_ALLOC)) && \
- !defined(WOLFSSL_SP_NO_MALLOC)
- int cnt = 4;
- if ((rem != NULL) && (rem != d) && (rem->size > a->used)) {
- cnt--;
- }
- if ((r != NULL) && (r != d)) {
- cnt--;
- }
- /* Macro always has code associated with it and checks err first. */
- ALLOC_SP_INT_ARRAY(td, a->used + 1, cnt, err, NULL);
- #else
- ALLOC_SP_INT_ARRAY(td, a->used + 1, 4, err, NULL);
- #endif
- }
- if ((!done) && (err == MP_OKAY)) {
- sd = td[0];
- trial = td[1];
- #if (defined(WOLFSSL_SMALL_STACK) || defined(SP_ALLOC)) && \
- !defined(WOLFSSL_SP_NO_MALLOC)
- i = 2;
- sa = ((rem != NULL) && (rem != d) && (rem->size > a->used)) ? rem :
- td[i++];
- tr = ((r != NULL) && (r != d)) ? r : td[i];
- #else
- sa = td[2];
- tr = td[3];
- #endif
- sp_init_size(sd, d->used + 1);
- sp_init_size(trial, a->used + 1);
- #if (defined(WOLFSSL_SMALL_STACK) || defined(SP_ALLOC)) && \
- !defined(WOLFSSL_SP_NO_MALLOC)
- if (sa != rem) {
- sp_init_size(sa, a->used + 1);
- }
- if (tr != r) {
- sp_init_size(tr, a->used - d->used + 2);
- }
- #else
- sp_init_size(sa, a->used + 1);
- sp_init_size(tr, a->used - d->used + 2);
- #endif
- s = sp_count_bits(d);
- s = SP_WORD_SIZE - (s & SP_WORD_MASK);
- sp_copy(a, sa);
- if (s != SP_WORD_SIZE) {
- err = sp_lshb(sa, s);
- if (err == MP_OKAY) {
- sp_copy(d, sd);
- d = sd;
- err = sp_lshb(sd, s);
- }
- }
- }
- if ((!done) && (err == MP_OKAY) && (d->used > 0)) {
- #ifdef WOLFSSL_SP_SMALL
- int c;
- #else
- int j;
- int o;
- #ifndef SQR_MUL_ASM
- sp_int_sword sw;
- #else
- sp_int_digit sl;
- sp_int_digit sh;
- sp_int_digit st;
- #endif
- #endif /* WOLFSSL_SP_SMALL */
- #ifdef WOLFSSL_SP_INT_NEGATIVE
- sa->sign = MP_ZPOS;
- sd->sign = MP_ZPOS;
- #endif /* WOLFSSL_SP_INT_NEGATIVE */
- tr->used = sa->used - d->used + 1;
- sp_clear(tr);
- tr->used = sa->used - d->used + 1;
- dt = d->dp[d->used-1];
- for (i = d->used - 1; i > 0; i--) {
- if (sa->dp[sa->used - d->used + i] != d->dp[i]) {
- break;
- }
- }
- if (sa->dp[sa->used - d->used + i] >= d->dp[i]) {
- i = sa->used;
- _sp_sub_off(sa, d, sa, sa->used - d->used);
- /* Keep the same used so that 0 zeros will be put in. */
- sa->used = i;
- if (r != NULL) {
- tr->dp[sa->used - d->used] = 1;
- }
- }
- for (i = sa->used - 1; i >= d->used; i--) {
- if (sa->dp[i] == dt) {
- t = SP_DIGIT_MAX;
- }
- else {
- t = sp_div_word(sa->dp[i], sa->dp[i-1], dt);
- }
- #ifdef WOLFSSL_SP_SMALL
- do {
- err = _sp_mul_d(d, t, trial, i - d->used);
- if (err != MP_OKAY) {
- break;
- }
- c = _sp_cmp_abs(trial, sa);
- if (c == MP_GT) {
- t--;
- }
- }
- while (c == MP_GT);
- if (err != MP_OKAY) {
- break;
- }
- _sp_sub_off(sa, trial, sa, 0);
- tr->dp[i - d->used] += t;
- if (tr->dp[i - d->used] < t) {
- tr->dp[i + 1 - d->used]++;
- }
- #else
- o = i - d->used;
- do {
- #ifndef SQR_MUL_ASM
- sp_int_word tw = 0;
- #else
- sp_int_digit tl = 0;
- sp_int_digit th = 0;
- #endif
- for (j = 0; j < d->used; j++) {
- #ifndef SQR_MUL_ASM
- tw += (sp_int_word)d->dp[j] * t;
- trial->dp[j] = (sp_int_digit)tw;
- tw >>= SP_WORD_SIZE;
- #else
- SP_ASM_MUL_ADD_NO(tl, th, d->dp[j], t);
- trial->dp[j] = tl;
- tl = th;
- th = 0;
- #endif
- }
- #ifndef SQR_MUL_ASM
- trial->dp[j] = (sp_int_digit)tw;
- #else
- trial->dp[j] = tl;
- #endif
- for (j = d->used; j > 0; j--) {
- if (trial->dp[j] != sa->dp[j + o]) {
- break;
- }
- }
- if (trial->dp[j] > sa->dp[j + o]) {
- t--;
- }
- }
- while (trial->dp[j] > sa->dp[j + o]);
- #ifndef SQR_MUL_ASM
- sw = 0;
- #else
- sl = 0;
- sh = 0;
- #endif
- for (j = 0; j <= d->used; j++) {
- #ifndef SQR_MUL_ASM
- sw += sa->dp[j + o];
- sw -= trial->dp[j];
- sa->dp[j + o] = (sp_int_digit)sw;
- sw >>= SP_WORD_SIZE;
- #else
- st = sa->dp[j + o];
- SP_ASM_ADDC(sl, sh, st);
- st = trial->dp[j];
- SP_ASM_SUBC(sl, sh, st);
- sa->dp[j + o] = sl;
- sl = sh;
- sh = (sp_int_digit)0 - (sl >> (SP_WORD_SIZE - 1));
- #endif
- }
- tr->dp[o] = t;
- #endif /* WOLFSSL_SP_SMALL */
- }
- sa->used = i + 1;
- if ((err == MP_OKAY) && (rem != NULL)) {
- #ifdef WOLFSSL_SP_INT_NEGATIVE
- sa->sign = (sa->used == 0) ? MP_ZPOS : aSign;
- #endif /* WOLFSSL_SP_INT_NEGATIVE */
- if (s != SP_WORD_SIZE) {
- sp_rshb(sa, s, sa);
- }
- sp_copy(sa, rem);
- sp_clamp(rem);
- #ifdef WOLFSSL_SP_INT_NEGATIVE
- if (sp_iszero(rem)) {
- rem->sign = MP_ZPOS;
- }
- #endif
- }
- if ((err == MP_OKAY) && (r != NULL)) {
- sp_copy(tr, r);
- sp_clamp(r);
- #ifdef WOLFSSL_SP_INT_NEGATIVE
- if (sp_iszero(r)) {
- r->sign = MP_ZPOS;
- }
- else {
- r->sign = (aSign == dSign) ? MP_ZPOS : MP_NEG;
- }
- #endif /* WOLFSSL_SP_INT_NEGATIVE */
- }
- }
- #if 0
- if (err == MP_OKAY) {
- if (rem != NULL) {
- sp_print(rem, "rdr");
- }
- if (r != NULL) {
- sp_print(r, "rdw");
- }
- }
- #endif
- FREE_SP_INT_ARRAY(td, NULL);
- return err;
- }
- #endif /* WOLFSSL_SP_MATH_ALL || !NO_DH || HAVE_ECC || \
- * (!NO_RSA && !WOLFSSL_RSA_VERIFY_ONLY) */
- #if defined(WOLFSSL_SP_MATH_ALL) || !defined(NO_DH) || defined(HAVE_ECC) || \
- (!defined(NO_RSA) && !defined(WOLFSSL_RSA_VERIFY_ONLY) && \
- !defined(WOLFSSL_RSA_PUBLIC_ONLY))
- #ifndef FREESCALE_LTC_TFM
- /* Calculate the remainder of dividing a by m: r = a mod m.
- *
- * @param [in] a SP integer to reduce.
- * @param [in] m SP integer that is the modulus.
- * @param [out] r SP integer to store result in.
- *
- * @return MP_OKAY on success.
- * @return MP_VAL when a, m or r is NULL or m is 0.
- */
- int sp_mod(sp_int* a, sp_int* m, sp_int* r)
- {
- int err = MP_OKAY;
- #ifdef WOLFSSL_SP_INT_NEGATIVE
- DECL_SP_INT(t, (a == NULL) ? 1 : a->used + 1);
- #endif /* WOLFSSL_SP_INT_NEGATIVE */
- if ((a == NULL) || (m == NULL) || (r == NULL)) {
- err = MP_VAL;
- }
- #ifndef WOLFSSL_SP_INT_NEGATIVE
- if (err == MP_OKAY) {
- err = sp_div(a, m, NULL, r);
- }
- #else
- ALLOC_SP_INT(t, a->used + 1, err, NULL);
- if (err == MP_OKAY) {
- sp_init_size(t, a->used + 1);
- err = sp_div(a, m, NULL, t);
- }
- if (err == MP_OKAY) {
- if ((!sp_iszero(t)) && (t->sign != m->sign)) {
- err = sp_add(t, m, r);
- }
- else {
- err = sp_copy(t, r);
- }
- }
- FREE_SP_INT(t, NULL);
- #endif /* WOLFSSL_SP_INT_NEGATIVE */
- return err;
- }
- #endif /* !FREESCALE_LTC_TFM */
- #endif /* WOLFSSL_SP_MATH_ALL || !NO_DH || HAVE_ECC || \
- * (!NO_RSA && !WOLFSSL_RSA_VERIFY_ONLY) */
- /* START SP_MUL implementations. */
- /* This code is generated.
- * To generate:
- * cd scripts/sp/sp_int
- * ./gen.sh
- * File sp_mul.c contains code.
- */
- #ifdef SQR_MUL_ASM
- /* Multiply a by b into r where a and b have same no. digits. r = a * b
- *
- * Optimised code for when number of digits in a and b are the same.
- *
- * @param [in] a SP integer to mulitply.
- * @param [in] b SP integer to mulitply by.
- * @param [out] r SP integer to hod reult.
- *
- * @return MP_OKAY otherwise.
- * @return MP_MEM when dynamic memory allocation fails.
- */
- static int _sp_mul_nxn(sp_int* a, sp_int* b, sp_int* r)
- {
- int err = MP_OKAY;
- int i;
- int j;
- int k;
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
- sp_int_digit* t = NULL;
- #elif defined(__STDC_VERSION__) && (__STDC_VERSION__ >= 199901L) && \
- defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SP_NO_DYN_STACK)
- sp_int_digit t[a->used * 2];
- #else
- sp_int_digit t[SP_INT_DIGITS];
- #endif
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
- t = (sp_int_digit*)XMALLOC(sizeof(sp_int_digit) * (a->used * 2), NULL,
- DYNAMIC_TYPE_BIGINT);
- if (t == NULL) {
- err = MP_MEM;
- }
- #endif
- if (err == MP_OKAY) {
- sp_int_digit l, h, o;
- sp_int_digit* dp;
- h = 0;
- l = 0;
- SP_ASM_MUL(h, l, a->dp[0], b->dp[0]);
- t[0] = h;
- h = 0;
- o = 0;
- for (k = 1; k <= a->used - 1; k++) {
- j = k;
- dp = a->dp;
- for (; j >= 0; dp++, j--) {
- SP_ASM_MUL_ADD(l, h, o, dp[0], b->dp[j]);
- }
- t[k] = l;
- l = h;
- h = o;
- o = 0;
- }
- for (; k <= (a->used - 1) * 2; k++) {
- i = k - (b->used - 1);
- dp = &b->dp[b->used - 1];
- for (; i < a->used; i++, dp--) {
- SP_ASM_MUL_ADD(l, h, o, a->dp[i], dp[0]);
- }
- t[k] = l;
- l = h;
- h = o;
- o = 0;
- }
- t[k] = l;
- r->used = k + 1;
- XMEMCPY(r->dp, t, r->used * sizeof(sp_int_digit));
- sp_clamp(r);
- }
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (t != NULL) {
- XFREE(t, NULL, DYNAMIC_TYPE_BIGINT);
- }
- #endif
- return err;
- }
- /* Multiply a by b into r. r = a * b
- *
- * @param [in] a SP integer to mulitply.
- * @param [in] b SP integer to mulitply by.
- * @param [out] r SP integer to hod reult.
- *
- * @return MP_OKAY otherwise.
- * @return MP_MEM when dynamic memory allocation fails.
- */
- static int _sp_mul(sp_int* a, sp_int* b, sp_int* r)
- {
- int err = MP_OKAY;
- int i;
- int j;
- int k;
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
- sp_int_digit* t = NULL;
- #elif defined(__STDC_VERSION__) && (__STDC_VERSION__ >= 199901L) && \
- defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SP_NO_DYN_STACK)
- sp_int_digit t[a->used + b->used];
- #else
- sp_int_digit t[SP_INT_DIGITS];
- #endif
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
- t = (sp_int_digit*)XMALLOC(sizeof(sp_int_digit) * (a->used + b->used), NULL,
- DYNAMIC_TYPE_BIGINT);
- if (t == NULL) {
- err = MP_MEM;
- }
- #endif
- if (err == MP_OKAY) {
- sp_int_digit l;
- sp_int_digit h;
- sp_int_digit o;
- h = 0;
- l = 0;
- SP_ASM_MUL(h, l, a->dp[0], b->dp[0]);
- t[0] = h;
- h = 0;
- o = 0;
- for (k = 1; k <= b->used - 1; k++) {
- i = 0;
- j = k;
- for (; (i < a->used) && (j >= 0); i++, j--) {
- SP_ASM_MUL_ADD(l, h, o, a->dp[i], b->dp[j]);
- }
- t[k] = l;
- l = h;
- h = o;
- o = 0;
- }
- for (; k <= (a->used - 1) + (b->used - 1); k++) {
- j = b->used - 1;
- i = k - j;
- for (; (i < a->used) && (j >= 0); i++, j--) {
- SP_ASM_MUL_ADD(l, h, o, a->dp[i], b->dp[j]);
- }
- t[k] = l;
- l = h;
- h = o;
- o = 0;
- }
- t[k] = l;
- r->used = k + 1;
- XMEMCPY(r->dp, t, r->used * sizeof(sp_int_digit));
- sp_clamp(r);
- }
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (t != NULL) {
- XFREE(t, NULL, DYNAMIC_TYPE_BIGINT);
- }
- #endif
- return err;
- }
- #else
- /* Multiply a by b into r. r = a * b
- *
- * @param [in] a SP integer to mulitply.
- * @param [in] b SP integer to mulitply by.
- * @param [out] r SP integer to hod reult.
- *
- * @return MP_OKAY otherwise.
- * @return MP_MEM when dynamic memory allocation fails.
- */
- static int _sp_mul(sp_int* a, sp_int* b, sp_int* r)
- {
- int err = MP_OKAY;
- int i;
- int j;
- int k;
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
- sp_int_digit* t = NULL;
- #elif defined(__STDC_VERSION__) && (__STDC_VERSION__ >= 199901L) && \
- defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SP_NO_DYN_STACK)
- sp_int_digit t[a->used + b->used];
- #else
- sp_int_digit t[SP_INT_DIGITS];
- #endif
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
- t = (sp_int_digit*)XMALLOC(sizeof(sp_int_digit) * (a->used + b->used), NULL,
- DYNAMIC_TYPE_BIGINT);
- if (t == NULL) {
- err = MP_MEM;
- }
- #endif
- if (err == MP_OKAY) {
- sp_int_word w;
- sp_int_word l;
- sp_int_word h;
- #ifdef SP_WORD_OVERFLOW
- sp_int_word o;
- #endif
- w = (sp_int_word)a->dp[0] * b->dp[0];
- t[0] = (sp_int_digit)w;
- l = (sp_int_digit)(w >> SP_WORD_SIZE);
- h = 0;
- #ifdef SP_WORD_OVERFLOW
- o = 0;
- #endif
- for (k = 1; k <= (a->used - 1) + (b->used - 1); k++) {
- i = k - (b->used - 1);
- i &= (((unsigned int)i >> (sizeof(i) * 8 - 1)) - 1U);
- j = k - i;
- for (; (i < a->used) && (j >= 0); i++, j--) {
- w = (sp_int_word)a->dp[i] * b->dp[j];
- l += (sp_int_digit)w;
- h += (sp_int_digit)(w >> SP_WORD_SIZE);
- #ifdef SP_WORD_OVERFLOW
- h += (sp_int_digit)(l >> SP_WORD_SIZE);
- l &= SP_MASK;
- o += (sp_int_digit)(h >> SP_WORD_SIZE);
- h &= SP_MASK;
- #endif
- }
- t[k] = (sp_int_digit)l;
- l >>= SP_WORD_SIZE;
- l += (sp_int_digit)h;
- h >>= SP_WORD_SIZE;
- #ifdef SP_WORD_OVERFLOW
- h += o & SP_MASK;
- o >>= SP_WORD_SIZE;
- #endif
- }
- t[k] = (sp_int_digit)l;
- r->used = k + 1;
- XMEMCPY(r->dp, t, r->used * sizeof(sp_int_digit));
- sp_clamp(r);
- }
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (t != NULL) {
- XFREE(t, NULL, DYNAMIC_TYPE_BIGINT);
- }
- #endif
- return err;
- }
- #endif
- #ifndef WOLFSSL_SP_SMALL
- #if !defined(WOLFSSL_HAVE_SP_ECC) && defined(HAVE_ECC)
- #if SP_WORD_SIZE == 64
- #ifndef SQR_MUL_ASM
- /* Multiply a by b and store in r: r = a * b
- *
- * Long-hand implementation.
- *
- * @param [in] a SP integer to multiply.
- * @param [in] b SP integer to multiply.
- * @param [out] r SP integer result.
- *
- * @return MP_OKAY on success.
- * @return MP_MEM when dynamic memory allocation fails.
- */
- static int _sp_mul_4(sp_int* a, sp_int* b, sp_int* r)
- {
- int err = MP_OKAY;
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
- sp_int_word* w = NULL;
- #else
- sp_int_word w[16];
- #endif
- sp_int_digit* da = a->dp;
- sp_int_digit* db = b->dp;
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
- w = (sp_int_word*)XMALLOC(sizeof(sp_int_word) * 16, NULL,
- DYNAMIC_TYPE_BIGINT);
- if (w == NULL) {
- err = MP_MEM;
- }
- #endif
- if (err == MP_OKAY) {
- w[0] = (sp_int_word)da[0] * db[0];
- w[1] = (sp_int_word)da[0] * db[1];
- w[2] = (sp_int_word)da[1] * db[0];
- w[3] = (sp_int_word)da[0] * db[2];
- w[4] = (sp_int_word)da[1] * db[1];
- w[5] = (sp_int_word)da[2] * db[0];
- w[6] = (sp_int_word)da[0] * db[3];
- w[7] = (sp_int_word)da[1] * db[2];
- w[8] = (sp_int_word)da[2] * db[1];
- w[9] = (sp_int_word)da[3] * db[0];
- w[10] = (sp_int_word)da[1] * db[3];
- w[11] = (sp_int_word)da[2] * db[2];
- w[12] = (sp_int_word)da[3] * db[1];
- w[13] = (sp_int_word)da[2] * db[3];
- w[14] = (sp_int_word)da[3] * db[2];
- w[15] = (sp_int_word)da[3] * db[3];
- r->dp[0] = w[0];
- w[0] >>= SP_WORD_SIZE;
- w[0] += (sp_int_digit)w[1];
- w[0] += (sp_int_digit)w[2];
- r->dp[1] = w[0];
- w[0] >>= SP_WORD_SIZE;
- w[1] >>= SP_WORD_SIZE;
- w[0] += (sp_int_digit)w[1];
- w[2] >>= SP_WORD_SIZE;
- w[0] += (sp_int_digit)w[2];
- w[0] += (sp_int_digit)w[3];
- w[0] += (sp_int_digit)w[4];
- w[0] += (sp_int_digit)w[5];
- r->dp[2] = w[0];
- w[0] >>= SP_WORD_SIZE;
- w[3] >>= SP_WORD_SIZE;
- w[0] += (sp_int_digit)w[3];
- w[4] >>= SP_WORD_SIZE;
- w[0] += (sp_int_digit)w[4];
- w[5] >>= SP_WORD_SIZE;
- w[0] += (sp_int_digit)w[5];
- w[0] += (sp_int_digit)w[6];
- w[0] += (sp_int_digit)w[7];
- w[0] += (sp_int_digit)w[8];
- w[0] += (sp_int_digit)w[9];
- r->dp[3] = w[0];
- w[0] >>= SP_WORD_SIZE;
- w[6] >>= SP_WORD_SIZE;
- w[0] += (sp_int_digit)w[6];
- w[7] >>= SP_WORD_SIZE;
- w[0] += (sp_int_digit)w[7];
- w[8] >>= SP_WORD_SIZE;
- w[0] += (sp_int_digit)w[8];
- w[9] >>= SP_WORD_SIZE;
- w[0] += (sp_int_digit)w[9];
- w[0] += (sp_int_digit)w[10];
- w[0] += (sp_int_digit)w[11];
- w[0] += (sp_int_digit)w[12];
- r->dp[4] = w[0];
- w[0] >>= SP_WORD_SIZE;
- w[10] >>= SP_WORD_SIZE;
- w[0] += (sp_int_digit)w[10];
- w[11] >>= SP_WORD_SIZE;
- w[0] += (sp_int_digit)w[11];
- w[12] >>= SP_WORD_SIZE;
- w[0] += (sp_int_digit)w[12];
- w[0] += (sp_int_digit)w[13];
- w[0] += (sp_int_digit)w[14];
- r->dp[5] = w[0];
- w[0] >>= SP_WORD_SIZE;
- w[13] >>= SP_WORD_SIZE;
- w[0] += (sp_int_digit)w[13];
- w[14] >>= SP_WORD_SIZE;
- w[0] += (sp_int_digit)w[14];
- w[0] += (sp_int_digit)w[15];
- r->dp[6] = w[0];
- w[0] >>= SP_WORD_SIZE;
- w[15] >>= SP_WORD_SIZE;
- w[0] += (sp_int_digit)w[15];
- r->dp[7] = w[0];
- r->used = 8;
- sp_clamp(r);
- }
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (w != NULL) {
- XFREE(w, NULL, DYNAMIC_TYPE_BIGINT);
- }
- #endif
- return err;
- }
- #else /* SQR_MUL_ASM */
- /* Multiply a by b and store in r: r = a * b
- *
- * Comba implementation.
- *
- * @param [in] a SP integer to multiply.
- * @param [in] b SP integer to multiply.
- * @param [out] r SP integer result.
- *
- * @return MP_OKAY on success.
- * @return MP_MEM when dynamic memory allocation fails.
- */
- static int _sp_mul_4(sp_int* a, sp_int* b, sp_int* r)
- {
- sp_int_digit l = 0;
- sp_int_digit h = 0;
- sp_int_digit o = 0;
- sp_int_digit t[4];
- SP_ASM_MUL(h, l, a->dp[0], b->dp[0]);
- t[0] = h;
- h = 0;
- SP_ASM_MUL_ADD_NO(l, h, a->dp[0], b->dp[1]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[1], b->dp[0]);
- t[1] = l;
- l = h;
- h = o;
- o = 0;
- SP_ASM_MUL_ADD_NO(l, h, a->dp[0], b->dp[2]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[1], b->dp[1]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[2], b->dp[0]);
- t[2] = l;
- l = h;
- h = o;
- o = 0;
- SP_ASM_MUL_ADD(l, h, o, a->dp[0], b->dp[3]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[1], b->dp[2]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[2], b->dp[1]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[3], b->dp[0]);
- t[3] = l;
- l = h;
- h = o;
- o = 0;
- SP_ASM_MUL_ADD(l, h, o, a->dp[1], b->dp[3]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[2], b->dp[2]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[3], b->dp[1]);
- r->dp[4] = l;
- l = h;
- h = o;
- o = 0;
- SP_ASM_MUL_ADD(l, h, o, a->dp[2], b->dp[3]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[3], b->dp[2]);
- r->dp[5] = l;
- l = h;
- h = o;
- SP_ASM_MUL_ADD_NO(l, h, a->dp[3], b->dp[3]);
- r->dp[6] = l;
- r->dp[7] = h;
- XMEMCPY(r->dp, t, 4 * sizeof(sp_int_digit));
- r->used = 8;
- sp_clamp(r);
- return MP_OKAY;
- }
- #endif /* SQR_MUL_ASM */
- #endif /* SP_WORD_SIZE == 64 */
- #if SP_WORD_SIZE == 64
- #ifdef SQR_MUL_ASM
- /* Multiply a by b and store in r: r = a * b
- *
- * Comba implementation.
- *
- * @param [in] a SP integer to multiply.
- * @param [in] b SP integer to multiply.
- * @param [out] r SP integer result.
- *
- * @return MP_OKAY on success.
- * @return MP_MEM when dynamic memory allocation fails.
- */
- static int _sp_mul_6(sp_int* a, sp_int* b, sp_int* r)
- {
- sp_int_digit l = 0;
- sp_int_digit h = 0;
- sp_int_digit o = 0;
- sp_int_digit t[6];
- SP_ASM_MUL(h, l, a->dp[0], b->dp[0]);
- t[0] = h;
- h = 0;
- SP_ASM_MUL_ADD_NO(l, h, a->dp[0], b->dp[1]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[1], b->dp[0]);
- t[1] = l;
- l = h;
- h = o;
- o = 0;
- SP_ASM_MUL_ADD_NO(l, h, a->dp[0], b->dp[2]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[1], b->dp[1]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[2], b->dp[0]);
- t[2] = l;
- l = h;
- h = o;
- o = 0;
- SP_ASM_MUL_ADD(l, h, o, a->dp[0], b->dp[3]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[1], b->dp[2]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[2], b->dp[1]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[3], b->dp[0]);
- t[3] = l;
- l = h;
- h = o;
- o = 0;
- SP_ASM_MUL_ADD(l, h, o, a->dp[0], b->dp[4]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[1], b->dp[3]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[2], b->dp[2]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[3], b->dp[1]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[4], b->dp[0]);
- t[4] = l;
- l = h;
- h = o;
- o = 0;
- SP_ASM_MUL_ADD(l, h, o, a->dp[0], b->dp[5]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[1], b->dp[4]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[2], b->dp[3]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[3], b->dp[2]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[4], b->dp[1]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[5], b->dp[0]);
- t[5] = l;
- l = h;
- h = o;
- o = 0;
- SP_ASM_MUL_ADD(l, h, o, a->dp[1], b->dp[5]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[2], b->dp[4]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[3], b->dp[3]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[4], b->dp[2]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[5], b->dp[1]);
- r->dp[6] = l;
- l = h;
- h = o;
- o = 0;
- SP_ASM_MUL_ADD(l, h, o, a->dp[2], b->dp[5]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[3], b->dp[4]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[4], b->dp[3]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[5], b->dp[2]);
- r->dp[7] = l;
- l = h;
- h = o;
- o = 0;
- SP_ASM_MUL_ADD(l, h, o, a->dp[3], b->dp[5]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[4], b->dp[4]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[5], b->dp[3]);
- r->dp[8] = l;
- l = h;
- h = o;
- o = 0;
- SP_ASM_MUL_ADD(l, h, o, a->dp[4], b->dp[5]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[5], b->dp[4]);
- r->dp[9] = l;
- l = h;
- h = o;
- SP_ASM_MUL_ADD_NO(l, h, a->dp[5], b->dp[5]);
- r->dp[10] = l;
- r->dp[11] = h;
- XMEMCPY(r->dp, t, 6 * sizeof(sp_int_digit));
- r->used = 12;
- sp_clamp(r);
- return MP_OKAY;
- }
- #endif /* SQR_MUL_ASM */
- #endif /* SP_WORD_SIZE == 64 */
- #if SP_WORD_SIZE == 32
- #ifdef SQR_MUL_ASM
- /* Multiply a by b and store in r: r = a * b
- *
- * Comba implementation.
- *
- * @param [in] a SP integer to multiply.
- * @param [in] b SP integer to multiply.
- * @param [out] r SP integer result.
- *
- * @return MP_OKAY on success.
- * @return MP_MEM when dynamic memory allocation fails.
- */
- static int _sp_mul_8(sp_int* a, sp_int* b, sp_int* r)
- {
- sp_int_digit l = 0;
- sp_int_digit h = 0;
- sp_int_digit o = 0;
- sp_int_digit t[8];
- SP_ASM_MUL(h, l, a->dp[0], b->dp[0]);
- t[0] = h;
- h = 0;
- SP_ASM_MUL_ADD_NO(l, h, a->dp[0], b->dp[1]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[1], b->dp[0]);
- t[1] = l;
- l = h;
- h = o;
- o = 0;
- SP_ASM_MUL_ADD_NO(l, h, a->dp[0], b->dp[2]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[1], b->dp[1]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[2], b->dp[0]);
- t[2] = l;
- l = h;
- h = o;
- o = 0;
- SP_ASM_MUL_ADD(l, h, o, a->dp[0], b->dp[3]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[1], b->dp[2]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[2], b->dp[1]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[3], b->dp[0]);
- t[3] = l;
- l = h;
- h = o;
- o = 0;
- SP_ASM_MUL_ADD(l, h, o, a->dp[0], b->dp[4]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[1], b->dp[3]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[2], b->dp[2]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[3], b->dp[1]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[4], b->dp[0]);
- t[4] = l;
- l = h;
- h = o;
- o = 0;
- SP_ASM_MUL_ADD(l, h, o, a->dp[0], b->dp[5]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[1], b->dp[4]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[2], b->dp[3]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[3], b->dp[2]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[4], b->dp[1]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[5], b->dp[0]);
- t[5] = l;
- l = h;
- h = o;
- o = 0;
- SP_ASM_MUL_ADD(l, h, o, a->dp[0], b->dp[6]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[1], b->dp[5]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[2], b->dp[4]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[3], b->dp[3]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[4], b->dp[2]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[5], b->dp[1]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[6], b->dp[0]);
- t[6] = l;
- l = h;
- h = o;
- o = 0;
- SP_ASM_MUL_ADD(l, h, o, a->dp[0], b->dp[7]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[1], b->dp[6]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[2], b->dp[5]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[3], b->dp[4]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[4], b->dp[3]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[5], b->dp[2]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[6], b->dp[1]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[7], b->dp[0]);
- t[7] = l;
- l = h;
- h = o;
- o = 0;
- SP_ASM_MUL_ADD(l, h, o, a->dp[1], b->dp[7]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[2], b->dp[6]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[3], b->dp[5]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[4], b->dp[4]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[5], b->dp[3]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[6], b->dp[2]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[7], b->dp[1]);
- r->dp[8] = l;
- l = h;
- h = o;
- o = 0;
- SP_ASM_MUL_ADD(l, h, o, a->dp[2], b->dp[7]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[3], b->dp[6]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[4], b->dp[5]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[5], b->dp[4]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[6], b->dp[3]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[7], b->dp[2]);
- r->dp[9] = l;
- l = h;
- h = o;
- o = 0;
- SP_ASM_MUL_ADD(l, h, o, a->dp[3], b->dp[7]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[4], b->dp[6]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[5], b->dp[5]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[6], b->dp[4]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[7], b->dp[3]);
- r->dp[10] = l;
- l = h;
- h = o;
- o = 0;
- SP_ASM_MUL_ADD(l, h, o, a->dp[4], b->dp[7]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[5], b->dp[6]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[6], b->dp[5]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[7], b->dp[4]);
- r->dp[11] = l;
- l = h;
- h = o;
- o = 0;
- SP_ASM_MUL_ADD(l, h, o, a->dp[5], b->dp[7]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[6], b->dp[6]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[7], b->dp[5]);
- r->dp[12] = l;
- l = h;
- h = o;
- o = 0;
- SP_ASM_MUL_ADD(l, h, o, a->dp[6], b->dp[7]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[7], b->dp[6]);
- r->dp[13] = l;
- l = h;
- h = o;
- SP_ASM_MUL_ADD_NO(l, h, a->dp[7], b->dp[7]);
- r->dp[14] = l;
- r->dp[15] = h;
- XMEMCPY(r->dp, t, 8 * sizeof(sp_int_digit));
- r->used = 16;
- sp_clamp(r);
- return MP_OKAY;
- }
- #endif /* SQR_MUL_ASM */
- #endif /* SP_WORD_SIZE == 32 */
- #if SP_WORD_SIZE == 32
- #ifdef SQR_MUL_ASM
- /* Multiply a by b and store in r: r = a * b
- *
- * Comba implementation.
- *
- * @param [in] a SP integer to multiply.
- * @param [in] b SP integer to multiply.
- * @param [out] r SP integer result.
- *
- * @return MP_OKAY on success.
- * @return MP_MEM when dynamic memory allocation fails.
- */
- static int _sp_mul_12(sp_int* a, sp_int* b, sp_int* r)
- {
- sp_int_digit l = 0;
- sp_int_digit h = 0;
- sp_int_digit o = 0;
- sp_int_digit t[12];
- SP_ASM_MUL(h, l, a->dp[0], b->dp[0]);
- t[0] = h;
- h = 0;
- SP_ASM_MUL_ADD_NO(l, h, a->dp[0], b->dp[1]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[1], b->dp[0]);
- t[1] = l;
- l = h;
- h = o;
- o = 0;
- SP_ASM_MUL_ADD_NO(l, h, a->dp[0], b->dp[2]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[1], b->dp[1]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[2], b->dp[0]);
- t[2] = l;
- l = h;
- h = o;
- o = 0;
- SP_ASM_MUL_ADD(l, h, o, a->dp[0], b->dp[3]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[1], b->dp[2]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[2], b->dp[1]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[3], b->dp[0]);
- t[3] = l;
- l = h;
- h = o;
- o = 0;
- SP_ASM_MUL_ADD(l, h, o, a->dp[0], b->dp[4]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[1], b->dp[3]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[2], b->dp[2]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[3], b->dp[1]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[4], b->dp[0]);
- t[4] = l;
- l = h;
- h = o;
- o = 0;
- SP_ASM_MUL_ADD(l, h, o, a->dp[0], b->dp[5]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[1], b->dp[4]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[2], b->dp[3]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[3], b->dp[2]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[4], b->dp[1]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[5], b->dp[0]);
- t[5] = l;
- l = h;
- h = o;
- o = 0;
- SP_ASM_MUL_ADD(l, h, o, a->dp[0], b->dp[6]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[1], b->dp[5]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[2], b->dp[4]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[3], b->dp[3]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[4], b->dp[2]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[5], b->dp[1]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[6], b->dp[0]);
- t[6] = l;
- l = h;
- h = o;
- o = 0;
- SP_ASM_MUL_ADD(l, h, o, a->dp[0], b->dp[7]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[1], b->dp[6]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[2], b->dp[5]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[3], b->dp[4]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[4], b->dp[3]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[5], b->dp[2]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[6], b->dp[1]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[7], b->dp[0]);
- t[7] = l;
- l = h;
- h = o;
- o = 0;
- SP_ASM_MUL_ADD(l, h, o, a->dp[0], b->dp[8]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[1], b->dp[7]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[2], b->dp[6]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[3], b->dp[5]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[4], b->dp[4]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[5], b->dp[3]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[6], b->dp[2]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[7], b->dp[1]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[8], b->dp[0]);
- t[8] = l;
- l = h;
- h = o;
- o = 0;
- SP_ASM_MUL_ADD(l, h, o, a->dp[0], b->dp[9]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[1], b->dp[8]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[2], b->dp[7]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[3], b->dp[6]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[4], b->dp[5]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[5], b->dp[4]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[6], b->dp[3]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[7], b->dp[2]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[8], b->dp[1]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[9], b->dp[0]);
- t[9] = l;
- l = h;
- h = o;
- o = 0;
- SP_ASM_MUL_ADD(l, h, o, a->dp[0], b->dp[10]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[1], b->dp[9]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[2], b->dp[8]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[3], b->dp[7]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[4], b->dp[6]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[5], b->dp[5]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[6], b->dp[4]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[7], b->dp[3]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[8], b->dp[2]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[9], b->dp[1]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[10], b->dp[0]);
- t[10] = l;
- l = h;
- h = o;
- o = 0;
- SP_ASM_MUL_ADD(l, h, o, a->dp[0], b->dp[11]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[1], b->dp[10]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[2], b->dp[9]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[3], b->dp[8]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[4], b->dp[7]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[5], b->dp[6]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[6], b->dp[5]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[7], b->dp[4]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[8], b->dp[3]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[9], b->dp[2]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[10], b->dp[1]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[11], b->dp[0]);
- t[11] = l;
- l = h;
- h = o;
- o = 0;
- SP_ASM_MUL_ADD(l, h, o, a->dp[1], b->dp[11]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[2], b->dp[10]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[3], b->dp[9]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[4], b->dp[8]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[5], b->dp[7]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[6], b->dp[6]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[7], b->dp[5]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[8], b->dp[4]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[9], b->dp[3]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[10], b->dp[2]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[11], b->dp[1]);
- r->dp[12] = l;
- l = h;
- h = o;
- o = 0;
- SP_ASM_MUL_ADD(l, h, o, a->dp[2], b->dp[11]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[3], b->dp[10]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[4], b->dp[9]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[5], b->dp[8]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[6], b->dp[7]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[7], b->dp[6]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[8], b->dp[5]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[9], b->dp[4]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[10], b->dp[3]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[11], b->dp[2]);
- r->dp[13] = l;
- l = h;
- h = o;
- o = 0;
- SP_ASM_MUL_ADD(l, h, o, a->dp[3], b->dp[11]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[4], b->dp[10]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[5], b->dp[9]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[6], b->dp[8]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[7], b->dp[7]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[8], b->dp[6]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[9], b->dp[5]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[10], b->dp[4]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[11], b->dp[3]);
- r->dp[14] = l;
- l = h;
- h = o;
- o = 0;
- SP_ASM_MUL_ADD(l, h, o, a->dp[4], b->dp[11]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[5], b->dp[10]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[6], b->dp[9]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[7], b->dp[8]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[8], b->dp[7]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[9], b->dp[6]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[10], b->dp[5]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[11], b->dp[4]);
- r->dp[15] = l;
- l = h;
- h = o;
- o = 0;
- SP_ASM_MUL_ADD(l, h, o, a->dp[5], b->dp[11]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[6], b->dp[10]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[7], b->dp[9]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[8], b->dp[8]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[9], b->dp[7]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[10], b->dp[6]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[11], b->dp[5]);
- r->dp[16] = l;
- l = h;
- h = o;
- o = 0;
- SP_ASM_MUL_ADD(l, h, o, a->dp[6], b->dp[11]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[7], b->dp[10]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[8], b->dp[9]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[9], b->dp[8]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[10], b->dp[7]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[11], b->dp[6]);
- r->dp[17] = l;
- l = h;
- h = o;
- o = 0;
- SP_ASM_MUL_ADD(l, h, o, a->dp[7], b->dp[11]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[8], b->dp[10]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[9], b->dp[9]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[10], b->dp[8]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[11], b->dp[7]);
- r->dp[18] = l;
- l = h;
- h = o;
- o = 0;
- SP_ASM_MUL_ADD(l, h, o, a->dp[8], b->dp[11]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[9], b->dp[10]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[10], b->dp[9]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[11], b->dp[8]);
- r->dp[19] = l;
- l = h;
- h = o;
- o = 0;
- SP_ASM_MUL_ADD(l, h, o, a->dp[9], b->dp[11]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[10], b->dp[10]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[11], b->dp[9]);
- r->dp[20] = l;
- l = h;
- h = o;
- o = 0;
- SP_ASM_MUL_ADD(l, h, o, a->dp[10], b->dp[11]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[11], b->dp[10]);
- r->dp[21] = l;
- l = h;
- h = o;
- SP_ASM_MUL_ADD_NO(l, h, a->dp[11], b->dp[11]);
- r->dp[22] = l;
- r->dp[23] = h;
- XMEMCPY(r->dp, t, 12 * sizeof(sp_int_digit));
- r->used = 24;
- sp_clamp(r);
- return MP_OKAY;
- }
- #endif /* SQR_MUL_ASM */
- #endif /* SP_WORD_SIZE == 32 */
- #endif /* !WOLFSSL_HAVE_SP_ECC && HAVE_ECC */
- #if defined(SQR_MUL_ASM) && defined(WOLFSSL_SP_INT_LARGE_COMBA)
- #if SP_INT_DIGITS >= 32
- /* Multiply a by b and store in r: r = a * b
- *
- * Comba implementation.
- *
- * @param [in] a SP integer to multiply.
- * @param [in] b SP integer to multiply.
- * @param [out] r SP integer result.
- *
- * @return MP_OKAY on success.
- * @return MP_MEM when dynamic memory allocation fails.
- */
- static int _sp_mul_16(sp_int* a, sp_int* b, sp_int* r)
- {
- int err = MP_OKAY;
- sp_int_digit l = 0;
- sp_int_digit h = 0;
- sp_int_digit o = 0;
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
- sp_int_digit* t = NULL;
- #else
- sp_int_digit t[16];
- #endif
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
- t = (sp_int_digit*)XMALLOC(sizeof(sp_int_digit) * 16, NULL,
- DYNAMIC_TYPE_BIGINT);
- if (t == NULL) {
- err = MP_MEM;
- }
- #endif
- if (err == MP_OKAY) {
- SP_ASM_MUL(h, l, a->dp[0], b->dp[0]);
- t[0] = h;
- h = 0;
- SP_ASM_MUL_ADD_NO(l, h, a->dp[0], b->dp[1]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[1], b->dp[0]);
- t[1] = l;
- l = h;
- h = o;
- o = 0;
- SP_ASM_MUL_ADD_NO(l, h, a->dp[0], b->dp[2]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[1], b->dp[1]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[2], b->dp[0]);
- t[2] = l;
- l = h;
- h = o;
- o = 0;
- SP_ASM_MUL_ADD(l, h, o, a->dp[0], b->dp[3]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[1], b->dp[2]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[2], b->dp[1]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[3], b->dp[0]);
- t[3] = l;
- l = h;
- h = o;
- o = 0;
- SP_ASM_MUL_ADD(l, h, o, a->dp[0], b->dp[4]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[1], b->dp[3]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[2], b->dp[2]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[3], b->dp[1]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[4], b->dp[0]);
- t[4] = l;
- l = h;
- h = o;
- o = 0;
- SP_ASM_MUL_ADD(l, h, o, a->dp[0], b->dp[5]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[1], b->dp[4]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[2], b->dp[3]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[3], b->dp[2]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[4], b->dp[1]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[5], b->dp[0]);
- t[5] = l;
- l = h;
- h = o;
- o = 0;
- SP_ASM_MUL_ADD(l, h, o, a->dp[0], b->dp[6]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[1], b->dp[5]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[2], b->dp[4]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[3], b->dp[3]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[4], b->dp[2]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[5], b->dp[1]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[6], b->dp[0]);
- t[6] = l;
- l = h;
- h = o;
- o = 0;
- SP_ASM_MUL_ADD(l, h, o, a->dp[0], b->dp[7]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[1], b->dp[6]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[2], b->dp[5]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[3], b->dp[4]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[4], b->dp[3]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[5], b->dp[2]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[6], b->dp[1]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[7], b->dp[0]);
- t[7] = l;
- l = h;
- h = o;
- o = 0;
- SP_ASM_MUL_ADD(l, h, o, a->dp[0], b->dp[8]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[1], b->dp[7]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[2], b->dp[6]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[3], b->dp[5]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[4], b->dp[4]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[5], b->dp[3]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[6], b->dp[2]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[7], b->dp[1]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[8], b->dp[0]);
- t[8] = l;
- l = h;
- h = o;
- o = 0;
- SP_ASM_MUL_ADD(l, h, o, a->dp[0], b->dp[9]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[1], b->dp[8]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[2], b->dp[7]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[3], b->dp[6]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[4], b->dp[5]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[5], b->dp[4]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[6], b->dp[3]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[7], b->dp[2]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[8], b->dp[1]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[9], b->dp[0]);
- t[9] = l;
- l = h;
- h = o;
- o = 0;
- SP_ASM_MUL_ADD(l, h, o, a->dp[0], b->dp[10]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[1], b->dp[9]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[2], b->dp[8]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[3], b->dp[7]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[4], b->dp[6]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[5], b->dp[5]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[6], b->dp[4]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[7], b->dp[3]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[8], b->dp[2]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[9], b->dp[1]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[10], b->dp[0]);
- t[10] = l;
- l = h;
- h = o;
- o = 0;
- SP_ASM_MUL_ADD(l, h, o, a->dp[0], b->dp[11]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[1], b->dp[10]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[2], b->dp[9]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[3], b->dp[8]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[4], b->dp[7]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[5], b->dp[6]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[6], b->dp[5]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[7], b->dp[4]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[8], b->dp[3]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[9], b->dp[2]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[10], b->dp[1]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[11], b->dp[0]);
- t[11] = l;
- l = h;
- h = o;
- o = 0;
- SP_ASM_MUL_ADD(l, h, o, a->dp[0], b->dp[12]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[1], b->dp[11]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[2], b->dp[10]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[3], b->dp[9]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[4], b->dp[8]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[5], b->dp[7]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[6], b->dp[6]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[7], b->dp[5]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[8], b->dp[4]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[9], b->dp[3]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[10], b->dp[2]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[11], b->dp[1]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[12], b->dp[0]);
- t[12] = l;
- l = h;
- h = o;
- o = 0;
- SP_ASM_MUL_ADD(l, h, o, a->dp[0], b->dp[13]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[1], b->dp[12]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[2], b->dp[11]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[3], b->dp[10]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[4], b->dp[9]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[5], b->dp[8]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[6], b->dp[7]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[7], b->dp[6]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[8], b->dp[5]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[9], b->dp[4]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[10], b->dp[3]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[11], b->dp[2]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[12], b->dp[1]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[13], b->dp[0]);
- t[13] = l;
- l = h;
- h = o;
- o = 0;
- SP_ASM_MUL_ADD(l, h, o, a->dp[0], b->dp[14]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[1], b->dp[13]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[2], b->dp[12]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[3], b->dp[11]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[4], b->dp[10]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[5], b->dp[9]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[6], b->dp[8]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[7], b->dp[7]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[8], b->dp[6]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[9], b->dp[5]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[10], b->dp[4]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[11], b->dp[3]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[12], b->dp[2]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[13], b->dp[1]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[14], b->dp[0]);
- t[14] = l;
- l = h;
- h = o;
- o = 0;
- SP_ASM_MUL_ADD(l, h, o, a->dp[0], b->dp[15]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[1], b->dp[14]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[2], b->dp[13]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[3], b->dp[12]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[4], b->dp[11]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[5], b->dp[10]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[6], b->dp[9]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[7], b->dp[8]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[8], b->dp[7]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[9], b->dp[6]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[10], b->dp[5]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[11], b->dp[4]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[12], b->dp[3]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[13], b->dp[2]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[14], b->dp[1]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[15], b->dp[0]);
- t[15] = l;
- l = h;
- h = o;
- o = 0;
- SP_ASM_MUL_ADD(l, h, o, a->dp[1], b->dp[15]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[2], b->dp[14]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[3], b->dp[13]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[4], b->dp[12]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[5], b->dp[11]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[6], b->dp[10]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[7], b->dp[9]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[8], b->dp[8]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[9], b->dp[7]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[10], b->dp[6]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[11], b->dp[5]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[12], b->dp[4]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[13], b->dp[3]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[14], b->dp[2]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[15], b->dp[1]);
- r->dp[16] = l;
- l = h;
- h = o;
- o = 0;
- SP_ASM_MUL_ADD(l, h, o, a->dp[2], b->dp[15]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[3], b->dp[14]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[4], b->dp[13]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[5], b->dp[12]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[6], b->dp[11]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[7], b->dp[10]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[8], b->dp[9]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[9], b->dp[8]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[10], b->dp[7]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[11], b->dp[6]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[12], b->dp[5]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[13], b->dp[4]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[14], b->dp[3]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[15], b->dp[2]);
- r->dp[17] = l;
- l = h;
- h = o;
- o = 0;
- SP_ASM_MUL_ADD(l, h, o, a->dp[3], b->dp[15]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[4], b->dp[14]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[5], b->dp[13]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[6], b->dp[12]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[7], b->dp[11]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[8], b->dp[10]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[9], b->dp[9]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[10], b->dp[8]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[11], b->dp[7]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[12], b->dp[6]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[13], b->dp[5]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[14], b->dp[4]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[15], b->dp[3]);
- r->dp[18] = l;
- l = h;
- h = o;
- o = 0;
- SP_ASM_MUL_ADD(l, h, o, a->dp[4], b->dp[15]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[5], b->dp[14]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[6], b->dp[13]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[7], b->dp[12]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[8], b->dp[11]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[9], b->dp[10]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[10], b->dp[9]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[11], b->dp[8]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[12], b->dp[7]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[13], b->dp[6]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[14], b->dp[5]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[15], b->dp[4]);
- r->dp[19] = l;
- l = h;
- h = o;
- o = 0;
- SP_ASM_MUL_ADD(l, h, o, a->dp[5], b->dp[15]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[6], b->dp[14]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[7], b->dp[13]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[8], b->dp[12]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[9], b->dp[11]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[10], b->dp[10]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[11], b->dp[9]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[12], b->dp[8]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[13], b->dp[7]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[14], b->dp[6]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[15], b->dp[5]);
- r->dp[20] = l;
- l = h;
- h = o;
- o = 0;
- SP_ASM_MUL_ADD(l, h, o, a->dp[6], b->dp[15]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[7], b->dp[14]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[8], b->dp[13]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[9], b->dp[12]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[10], b->dp[11]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[11], b->dp[10]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[12], b->dp[9]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[13], b->dp[8]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[14], b->dp[7]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[15], b->dp[6]);
- r->dp[21] = l;
- l = h;
- h = o;
- o = 0;
- SP_ASM_MUL_ADD(l, h, o, a->dp[7], b->dp[15]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[8], b->dp[14]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[9], b->dp[13]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[10], b->dp[12]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[11], b->dp[11]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[12], b->dp[10]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[13], b->dp[9]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[14], b->dp[8]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[15], b->dp[7]);
- r->dp[22] = l;
- l = h;
- h = o;
- o = 0;
- SP_ASM_MUL_ADD(l, h, o, a->dp[8], b->dp[15]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[9], b->dp[14]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[10], b->dp[13]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[11], b->dp[12]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[12], b->dp[11]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[13], b->dp[10]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[14], b->dp[9]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[15], b->dp[8]);
- r->dp[23] = l;
- l = h;
- h = o;
- o = 0;
- SP_ASM_MUL_ADD(l, h, o, a->dp[9], b->dp[15]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[10], b->dp[14]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[11], b->dp[13]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[12], b->dp[12]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[13], b->dp[11]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[14], b->dp[10]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[15], b->dp[9]);
- r->dp[24] = l;
- l = h;
- h = o;
- o = 0;
- SP_ASM_MUL_ADD(l, h, o, a->dp[10], b->dp[15]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[11], b->dp[14]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[12], b->dp[13]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[13], b->dp[12]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[14], b->dp[11]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[15], b->dp[10]);
- r->dp[25] = l;
- l = h;
- h = o;
- o = 0;
- SP_ASM_MUL_ADD(l, h, o, a->dp[11], b->dp[15]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[12], b->dp[14]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[13], b->dp[13]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[14], b->dp[12]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[15], b->dp[11]);
- r->dp[26] = l;
- l = h;
- h = o;
- o = 0;
- SP_ASM_MUL_ADD(l, h, o, a->dp[12], b->dp[15]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[13], b->dp[14]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[14], b->dp[13]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[15], b->dp[12]);
- r->dp[27] = l;
- l = h;
- h = o;
- o = 0;
- SP_ASM_MUL_ADD(l, h, o, a->dp[13], b->dp[15]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[14], b->dp[14]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[15], b->dp[13]);
- r->dp[28] = l;
- l = h;
- h = o;
- o = 0;
- SP_ASM_MUL_ADD(l, h, o, a->dp[14], b->dp[15]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[15], b->dp[14]);
- r->dp[29] = l;
- l = h;
- h = o;
- SP_ASM_MUL_ADD_NO(l, h, a->dp[15], b->dp[15]);
- r->dp[30] = l;
- r->dp[31] = h;
- XMEMCPY(r->dp, t, 16 * sizeof(sp_int_digit));
- r->used = 32;
- sp_clamp(r);
- }
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (t != NULL) {
- XFREE(t, NULL, DYNAMIC_TYPE_BIGINT);
- }
- #endif
- return err;
- }
- #endif /* SP_INT_DIGITS >= 32 */
- #if SP_INT_DIGITS >= 48
- /* Multiply a by b and store in r: r = a * b
- *
- * Comba implementation.
- *
- * @param [in] a SP integer to multiply.
- * @param [in] b SP integer to multiply.
- * @param [out] r SP integer result.
- *
- * @return MP_OKAY on success.
- * @return MP_MEM when dynamic memory allocation fails.
- */
- static int _sp_mul_24(sp_int* a, sp_int* b, sp_int* r)
- {
- int err = MP_OKAY;
- sp_int_digit l = 0;
- sp_int_digit h = 0;
- sp_int_digit o = 0;
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
- sp_int_digit* t = NULL;
- #else
- sp_int_digit t[24];
- #endif
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
- t = (sp_int_digit*)XMALLOC(sizeof(sp_int_digit) * 24, NULL,
- DYNAMIC_TYPE_BIGINT);
- if (t == NULL) {
- err = MP_MEM;
- }
- #endif
- if (err == MP_OKAY) {
- SP_ASM_MUL(h, l, a->dp[0], b->dp[0]);
- t[0] = h;
- h = 0;
- SP_ASM_MUL_ADD_NO(l, h, a->dp[0], b->dp[1]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[1], b->dp[0]);
- t[1] = l;
- l = h;
- h = o;
- o = 0;
- SP_ASM_MUL_ADD_NO(l, h, a->dp[0], b->dp[2]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[1], b->dp[1]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[2], b->dp[0]);
- t[2] = l;
- l = h;
- h = o;
- o = 0;
- SP_ASM_MUL_ADD(l, h, o, a->dp[0], b->dp[3]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[1], b->dp[2]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[2], b->dp[1]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[3], b->dp[0]);
- t[3] = l;
- l = h;
- h = o;
- o = 0;
- SP_ASM_MUL_ADD(l, h, o, a->dp[0], b->dp[4]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[1], b->dp[3]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[2], b->dp[2]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[3], b->dp[1]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[4], b->dp[0]);
- t[4] = l;
- l = h;
- h = o;
- o = 0;
- SP_ASM_MUL_ADD(l, h, o, a->dp[0], b->dp[5]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[1], b->dp[4]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[2], b->dp[3]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[3], b->dp[2]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[4], b->dp[1]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[5], b->dp[0]);
- t[5] = l;
- l = h;
- h = o;
- o = 0;
- SP_ASM_MUL_ADD(l, h, o, a->dp[0], b->dp[6]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[1], b->dp[5]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[2], b->dp[4]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[3], b->dp[3]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[4], b->dp[2]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[5], b->dp[1]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[6], b->dp[0]);
- t[6] = l;
- l = h;
- h = o;
- o = 0;
- SP_ASM_MUL_ADD(l, h, o, a->dp[0], b->dp[7]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[1], b->dp[6]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[2], b->dp[5]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[3], b->dp[4]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[4], b->dp[3]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[5], b->dp[2]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[6], b->dp[1]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[7], b->dp[0]);
- t[7] = l;
- l = h;
- h = o;
- o = 0;
- SP_ASM_MUL_ADD(l, h, o, a->dp[0], b->dp[8]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[1], b->dp[7]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[2], b->dp[6]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[3], b->dp[5]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[4], b->dp[4]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[5], b->dp[3]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[6], b->dp[2]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[7], b->dp[1]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[8], b->dp[0]);
- t[8] = l;
- l = h;
- h = o;
- o = 0;
- SP_ASM_MUL_ADD(l, h, o, a->dp[0], b->dp[9]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[1], b->dp[8]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[2], b->dp[7]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[3], b->dp[6]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[4], b->dp[5]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[5], b->dp[4]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[6], b->dp[3]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[7], b->dp[2]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[8], b->dp[1]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[9], b->dp[0]);
- t[9] = l;
- l = h;
- h = o;
- o = 0;
- SP_ASM_MUL_ADD(l, h, o, a->dp[0], b->dp[10]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[1], b->dp[9]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[2], b->dp[8]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[3], b->dp[7]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[4], b->dp[6]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[5], b->dp[5]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[6], b->dp[4]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[7], b->dp[3]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[8], b->dp[2]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[9], b->dp[1]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[10], b->dp[0]);
- t[10] = l;
- l = h;
- h = o;
- o = 0;
- SP_ASM_MUL_ADD(l, h, o, a->dp[0], b->dp[11]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[1], b->dp[10]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[2], b->dp[9]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[3], b->dp[8]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[4], b->dp[7]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[5], b->dp[6]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[6], b->dp[5]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[7], b->dp[4]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[8], b->dp[3]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[9], b->dp[2]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[10], b->dp[1]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[11], b->dp[0]);
- t[11] = l;
- l = h;
- h = o;
- o = 0;
- SP_ASM_MUL_ADD(l, h, o, a->dp[0], b->dp[12]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[1], b->dp[11]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[2], b->dp[10]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[3], b->dp[9]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[4], b->dp[8]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[5], b->dp[7]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[6], b->dp[6]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[7], b->dp[5]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[8], b->dp[4]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[9], b->dp[3]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[10], b->dp[2]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[11], b->dp[1]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[12], b->dp[0]);
- t[12] = l;
- l = h;
- h = o;
- o = 0;
- SP_ASM_MUL_ADD(l, h, o, a->dp[0], b->dp[13]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[1], b->dp[12]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[2], b->dp[11]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[3], b->dp[10]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[4], b->dp[9]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[5], b->dp[8]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[6], b->dp[7]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[7], b->dp[6]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[8], b->dp[5]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[9], b->dp[4]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[10], b->dp[3]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[11], b->dp[2]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[12], b->dp[1]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[13], b->dp[0]);
- t[13] = l;
- l = h;
- h = o;
- o = 0;
- SP_ASM_MUL_ADD(l, h, o, a->dp[0], b->dp[14]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[1], b->dp[13]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[2], b->dp[12]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[3], b->dp[11]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[4], b->dp[10]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[5], b->dp[9]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[6], b->dp[8]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[7], b->dp[7]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[8], b->dp[6]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[9], b->dp[5]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[10], b->dp[4]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[11], b->dp[3]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[12], b->dp[2]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[13], b->dp[1]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[14], b->dp[0]);
- t[14] = l;
- l = h;
- h = o;
- o = 0;
- SP_ASM_MUL_ADD(l, h, o, a->dp[0], b->dp[15]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[1], b->dp[14]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[2], b->dp[13]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[3], b->dp[12]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[4], b->dp[11]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[5], b->dp[10]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[6], b->dp[9]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[7], b->dp[8]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[8], b->dp[7]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[9], b->dp[6]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[10], b->dp[5]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[11], b->dp[4]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[12], b->dp[3]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[13], b->dp[2]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[14], b->dp[1]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[15], b->dp[0]);
- t[15] = l;
- l = h;
- h = o;
- o = 0;
- SP_ASM_MUL_ADD(l, h, o, a->dp[0], b->dp[16]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[1], b->dp[15]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[2], b->dp[14]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[3], b->dp[13]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[4], b->dp[12]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[5], b->dp[11]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[6], b->dp[10]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[7], b->dp[9]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[8], b->dp[8]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[9], b->dp[7]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[10], b->dp[6]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[11], b->dp[5]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[12], b->dp[4]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[13], b->dp[3]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[14], b->dp[2]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[15], b->dp[1]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[16], b->dp[0]);
- t[16] = l;
- l = h;
- h = o;
- o = 0;
- SP_ASM_MUL_ADD(l, h, o, a->dp[0], b->dp[17]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[1], b->dp[16]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[2], b->dp[15]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[3], b->dp[14]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[4], b->dp[13]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[5], b->dp[12]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[6], b->dp[11]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[7], b->dp[10]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[8], b->dp[9]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[9], b->dp[8]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[10], b->dp[7]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[11], b->dp[6]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[12], b->dp[5]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[13], b->dp[4]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[14], b->dp[3]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[15], b->dp[2]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[16], b->dp[1]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[17], b->dp[0]);
- t[17] = l;
- l = h;
- h = o;
- o = 0;
- SP_ASM_MUL_ADD(l, h, o, a->dp[0], b->dp[18]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[1], b->dp[17]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[2], b->dp[16]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[3], b->dp[15]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[4], b->dp[14]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[5], b->dp[13]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[6], b->dp[12]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[7], b->dp[11]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[8], b->dp[10]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[9], b->dp[9]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[10], b->dp[8]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[11], b->dp[7]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[12], b->dp[6]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[13], b->dp[5]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[14], b->dp[4]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[15], b->dp[3]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[16], b->dp[2]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[17], b->dp[1]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[18], b->dp[0]);
- t[18] = l;
- l = h;
- h = o;
- o = 0;
- SP_ASM_MUL_ADD(l, h, o, a->dp[0], b->dp[19]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[1], b->dp[18]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[2], b->dp[17]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[3], b->dp[16]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[4], b->dp[15]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[5], b->dp[14]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[6], b->dp[13]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[7], b->dp[12]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[8], b->dp[11]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[9], b->dp[10]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[10], b->dp[9]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[11], b->dp[8]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[12], b->dp[7]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[13], b->dp[6]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[14], b->dp[5]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[15], b->dp[4]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[16], b->dp[3]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[17], b->dp[2]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[18], b->dp[1]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[19], b->dp[0]);
- t[19] = l;
- l = h;
- h = o;
- o = 0;
- SP_ASM_MUL_ADD(l, h, o, a->dp[0], b->dp[20]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[1], b->dp[19]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[2], b->dp[18]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[3], b->dp[17]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[4], b->dp[16]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[5], b->dp[15]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[6], b->dp[14]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[7], b->dp[13]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[8], b->dp[12]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[9], b->dp[11]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[10], b->dp[10]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[11], b->dp[9]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[12], b->dp[8]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[13], b->dp[7]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[14], b->dp[6]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[15], b->dp[5]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[16], b->dp[4]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[17], b->dp[3]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[18], b->dp[2]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[19], b->dp[1]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[20], b->dp[0]);
- t[20] = l;
- l = h;
- h = o;
- o = 0;
- SP_ASM_MUL_ADD(l, h, o, a->dp[0], b->dp[21]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[1], b->dp[20]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[2], b->dp[19]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[3], b->dp[18]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[4], b->dp[17]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[5], b->dp[16]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[6], b->dp[15]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[7], b->dp[14]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[8], b->dp[13]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[9], b->dp[12]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[10], b->dp[11]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[11], b->dp[10]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[12], b->dp[9]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[13], b->dp[8]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[14], b->dp[7]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[15], b->dp[6]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[16], b->dp[5]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[17], b->dp[4]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[18], b->dp[3]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[19], b->dp[2]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[20], b->dp[1]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[21], b->dp[0]);
- t[21] = l;
- l = h;
- h = o;
- o = 0;
- SP_ASM_MUL_ADD(l, h, o, a->dp[0], b->dp[22]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[1], b->dp[21]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[2], b->dp[20]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[3], b->dp[19]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[4], b->dp[18]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[5], b->dp[17]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[6], b->dp[16]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[7], b->dp[15]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[8], b->dp[14]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[9], b->dp[13]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[10], b->dp[12]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[11], b->dp[11]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[12], b->dp[10]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[13], b->dp[9]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[14], b->dp[8]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[15], b->dp[7]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[16], b->dp[6]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[17], b->dp[5]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[18], b->dp[4]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[19], b->dp[3]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[20], b->dp[2]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[21], b->dp[1]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[22], b->dp[0]);
- t[22] = l;
- l = h;
- h = o;
- o = 0;
- SP_ASM_MUL_ADD(l, h, o, a->dp[0], b->dp[23]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[1], b->dp[22]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[2], b->dp[21]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[3], b->dp[20]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[4], b->dp[19]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[5], b->dp[18]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[6], b->dp[17]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[7], b->dp[16]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[8], b->dp[15]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[9], b->dp[14]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[10], b->dp[13]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[11], b->dp[12]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[12], b->dp[11]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[13], b->dp[10]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[14], b->dp[9]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[15], b->dp[8]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[16], b->dp[7]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[17], b->dp[6]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[18], b->dp[5]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[19], b->dp[4]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[20], b->dp[3]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[21], b->dp[2]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[22], b->dp[1]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[23], b->dp[0]);
- t[23] = l;
- l = h;
- h = o;
- o = 0;
- SP_ASM_MUL_ADD(l, h, o, a->dp[1], b->dp[23]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[2], b->dp[22]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[3], b->dp[21]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[4], b->dp[20]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[5], b->dp[19]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[6], b->dp[18]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[7], b->dp[17]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[8], b->dp[16]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[9], b->dp[15]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[10], b->dp[14]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[11], b->dp[13]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[12], b->dp[12]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[13], b->dp[11]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[14], b->dp[10]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[15], b->dp[9]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[16], b->dp[8]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[17], b->dp[7]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[18], b->dp[6]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[19], b->dp[5]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[20], b->dp[4]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[21], b->dp[3]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[22], b->dp[2]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[23], b->dp[1]);
- r->dp[24] = l;
- l = h;
- h = o;
- o = 0;
- SP_ASM_MUL_ADD(l, h, o, a->dp[2], b->dp[23]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[3], b->dp[22]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[4], b->dp[21]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[5], b->dp[20]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[6], b->dp[19]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[7], b->dp[18]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[8], b->dp[17]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[9], b->dp[16]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[10], b->dp[15]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[11], b->dp[14]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[12], b->dp[13]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[13], b->dp[12]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[14], b->dp[11]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[15], b->dp[10]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[16], b->dp[9]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[17], b->dp[8]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[18], b->dp[7]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[19], b->dp[6]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[20], b->dp[5]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[21], b->dp[4]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[22], b->dp[3]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[23], b->dp[2]);
- r->dp[25] = l;
- l = h;
- h = o;
- o = 0;
- SP_ASM_MUL_ADD(l, h, o, a->dp[3], b->dp[23]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[4], b->dp[22]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[5], b->dp[21]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[6], b->dp[20]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[7], b->dp[19]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[8], b->dp[18]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[9], b->dp[17]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[10], b->dp[16]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[11], b->dp[15]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[12], b->dp[14]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[13], b->dp[13]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[14], b->dp[12]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[15], b->dp[11]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[16], b->dp[10]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[17], b->dp[9]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[18], b->dp[8]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[19], b->dp[7]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[20], b->dp[6]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[21], b->dp[5]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[22], b->dp[4]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[23], b->dp[3]);
- r->dp[26] = l;
- l = h;
- h = o;
- o = 0;
- SP_ASM_MUL_ADD(l, h, o, a->dp[4], b->dp[23]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[5], b->dp[22]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[6], b->dp[21]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[7], b->dp[20]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[8], b->dp[19]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[9], b->dp[18]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[10], b->dp[17]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[11], b->dp[16]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[12], b->dp[15]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[13], b->dp[14]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[14], b->dp[13]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[15], b->dp[12]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[16], b->dp[11]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[17], b->dp[10]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[18], b->dp[9]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[19], b->dp[8]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[20], b->dp[7]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[21], b->dp[6]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[22], b->dp[5]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[23], b->dp[4]);
- r->dp[27] = l;
- l = h;
- h = o;
- o = 0;
- SP_ASM_MUL_ADD(l, h, o, a->dp[5], b->dp[23]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[6], b->dp[22]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[7], b->dp[21]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[8], b->dp[20]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[9], b->dp[19]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[10], b->dp[18]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[11], b->dp[17]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[12], b->dp[16]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[13], b->dp[15]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[14], b->dp[14]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[15], b->dp[13]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[16], b->dp[12]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[17], b->dp[11]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[18], b->dp[10]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[19], b->dp[9]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[20], b->dp[8]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[21], b->dp[7]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[22], b->dp[6]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[23], b->dp[5]);
- r->dp[28] = l;
- l = h;
- h = o;
- o = 0;
- SP_ASM_MUL_ADD(l, h, o, a->dp[6], b->dp[23]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[7], b->dp[22]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[8], b->dp[21]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[9], b->dp[20]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[10], b->dp[19]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[11], b->dp[18]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[12], b->dp[17]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[13], b->dp[16]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[14], b->dp[15]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[15], b->dp[14]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[16], b->dp[13]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[17], b->dp[12]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[18], b->dp[11]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[19], b->dp[10]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[20], b->dp[9]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[21], b->dp[8]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[22], b->dp[7]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[23], b->dp[6]);
- r->dp[29] = l;
- l = h;
- h = o;
- o = 0;
- SP_ASM_MUL_ADD(l, h, o, a->dp[7], b->dp[23]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[8], b->dp[22]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[9], b->dp[21]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[10], b->dp[20]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[11], b->dp[19]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[12], b->dp[18]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[13], b->dp[17]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[14], b->dp[16]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[15], b->dp[15]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[16], b->dp[14]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[17], b->dp[13]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[18], b->dp[12]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[19], b->dp[11]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[20], b->dp[10]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[21], b->dp[9]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[22], b->dp[8]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[23], b->dp[7]);
- r->dp[30] = l;
- l = h;
- h = o;
- o = 0;
- SP_ASM_MUL_ADD(l, h, o, a->dp[8], b->dp[23]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[9], b->dp[22]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[10], b->dp[21]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[11], b->dp[20]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[12], b->dp[19]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[13], b->dp[18]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[14], b->dp[17]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[15], b->dp[16]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[16], b->dp[15]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[17], b->dp[14]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[18], b->dp[13]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[19], b->dp[12]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[20], b->dp[11]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[21], b->dp[10]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[22], b->dp[9]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[23], b->dp[8]);
- r->dp[31] = l;
- l = h;
- h = o;
- o = 0;
- SP_ASM_MUL_ADD(l, h, o, a->dp[9], b->dp[23]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[10], b->dp[22]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[11], b->dp[21]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[12], b->dp[20]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[13], b->dp[19]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[14], b->dp[18]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[15], b->dp[17]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[16], b->dp[16]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[17], b->dp[15]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[18], b->dp[14]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[19], b->dp[13]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[20], b->dp[12]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[21], b->dp[11]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[22], b->dp[10]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[23], b->dp[9]);
- r->dp[32] = l;
- l = h;
- h = o;
- o = 0;
- SP_ASM_MUL_ADD(l, h, o, a->dp[10], b->dp[23]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[11], b->dp[22]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[12], b->dp[21]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[13], b->dp[20]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[14], b->dp[19]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[15], b->dp[18]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[16], b->dp[17]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[17], b->dp[16]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[18], b->dp[15]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[19], b->dp[14]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[20], b->dp[13]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[21], b->dp[12]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[22], b->dp[11]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[23], b->dp[10]);
- r->dp[33] = l;
- l = h;
- h = o;
- o = 0;
- SP_ASM_MUL_ADD(l, h, o, a->dp[11], b->dp[23]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[12], b->dp[22]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[13], b->dp[21]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[14], b->dp[20]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[15], b->dp[19]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[16], b->dp[18]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[17], b->dp[17]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[18], b->dp[16]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[19], b->dp[15]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[20], b->dp[14]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[21], b->dp[13]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[22], b->dp[12]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[23], b->dp[11]);
- r->dp[34] = l;
- l = h;
- h = o;
- o = 0;
- SP_ASM_MUL_ADD(l, h, o, a->dp[12], b->dp[23]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[13], b->dp[22]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[14], b->dp[21]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[15], b->dp[20]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[16], b->dp[19]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[17], b->dp[18]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[18], b->dp[17]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[19], b->dp[16]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[20], b->dp[15]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[21], b->dp[14]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[22], b->dp[13]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[23], b->dp[12]);
- r->dp[35] = l;
- l = h;
- h = o;
- o = 0;
- SP_ASM_MUL_ADD(l, h, o, a->dp[13], b->dp[23]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[14], b->dp[22]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[15], b->dp[21]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[16], b->dp[20]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[17], b->dp[19]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[18], b->dp[18]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[19], b->dp[17]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[20], b->dp[16]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[21], b->dp[15]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[22], b->dp[14]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[23], b->dp[13]);
- r->dp[36] = l;
- l = h;
- h = o;
- o = 0;
- SP_ASM_MUL_ADD(l, h, o, a->dp[14], b->dp[23]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[15], b->dp[22]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[16], b->dp[21]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[17], b->dp[20]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[18], b->dp[19]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[19], b->dp[18]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[20], b->dp[17]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[21], b->dp[16]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[22], b->dp[15]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[23], b->dp[14]);
- r->dp[37] = l;
- l = h;
- h = o;
- o = 0;
- SP_ASM_MUL_ADD(l, h, o, a->dp[15], b->dp[23]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[16], b->dp[22]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[17], b->dp[21]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[18], b->dp[20]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[19], b->dp[19]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[20], b->dp[18]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[21], b->dp[17]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[22], b->dp[16]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[23], b->dp[15]);
- r->dp[38] = l;
- l = h;
- h = o;
- o = 0;
- SP_ASM_MUL_ADD(l, h, o, a->dp[16], b->dp[23]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[17], b->dp[22]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[18], b->dp[21]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[19], b->dp[20]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[20], b->dp[19]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[21], b->dp[18]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[22], b->dp[17]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[23], b->dp[16]);
- r->dp[39] = l;
- l = h;
- h = o;
- o = 0;
- SP_ASM_MUL_ADD(l, h, o, a->dp[17], b->dp[23]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[18], b->dp[22]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[19], b->dp[21]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[20], b->dp[20]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[21], b->dp[19]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[22], b->dp[18]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[23], b->dp[17]);
- r->dp[40] = l;
- l = h;
- h = o;
- o = 0;
- SP_ASM_MUL_ADD(l, h, o, a->dp[18], b->dp[23]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[19], b->dp[22]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[20], b->dp[21]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[21], b->dp[20]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[22], b->dp[19]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[23], b->dp[18]);
- r->dp[41] = l;
- l = h;
- h = o;
- o = 0;
- SP_ASM_MUL_ADD(l, h, o, a->dp[19], b->dp[23]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[20], b->dp[22]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[21], b->dp[21]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[22], b->dp[20]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[23], b->dp[19]);
- r->dp[42] = l;
- l = h;
- h = o;
- o = 0;
- SP_ASM_MUL_ADD(l, h, o, a->dp[20], b->dp[23]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[21], b->dp[22]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[22], b->dp[21]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[23], b->dp[20]);
- r->dp[43] = l;
- l = h;
- h = o;
- o = 0;
- SP_ASM_MUL_ADD(l, h, o, a->dp[21], b->dp[23]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[22], b->dp[22]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[23], b->dp[21]);
- r->dp[44] = l;
- l = h;
- h = o;
- o = 0;
- SP_ASM_MUL_ADD(l, h, o, a->dp[22], b->dp[23]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[23], b->dp[22]);
- r->dp[45] = l;
- l = h;
- h = o;
- SP_ASM_MUL_ADD_NO(l, h, a->dp[23], b->dp[23]);
- r->dp[46] = l;
- r->dp[47] = h;
- XMEMCPY(r->dp, t, 24 * sizeof(sp_int_digit));
- r->used = 48;
- sp_clamp(r);
- }
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (t != NULL) {
- XFREE(t, NULL, DYNAMIC_TYPE_BIGINT);
- }
- #endif
- return err;
- }
- #endif /* SP_INT_DIGITS >= 48 */
- #if SP_INT_DIGITS >= 64
- /* Multiply a by b and store in r: r = a * b
- *
- * Karatsuba implementaiton.
- *
- * @param [in] a SP integer to multiply.
- * @param [in] b SP integer to multiply.
- * @param [out] r SP integer result.
- *
- * @return MP_OKAY on success.
- * @return MP_MEM when dynamic memory allocation fails.
- */
- static int _sp_mul_32(sp_int* a, sp_int* b, sp_int* r)
- {
- int err = MP_OKAY;
- int i;
- sp_int_digit l;
- sp_int_digit h;
- sp_int* a1;
- sp_int* b1;
- sp_int* z0;
- sp_int* z1;
- sp_int* z2;
- sp_int_digit ca;
- sp_int_digit cb;
- DECL_SP_INT_ARRAY(t, 16, 2);
- DECL_SP_INT_ARRAY(z, 33, 2);
- ALLOC_SP_INT_ARRAY(t, 16, 2, err, NULL);
- ALLOC_SP_INT_ARRAY(z, 33, 2, err, NULL);
- if (err == MP_OKAY) {
- a1 = t[0];
- b1 = t[1];
- z1 = z[0];
- z2 = z[1];
- z0 = r;
- XMEMCPY(a1->dp, &a->dp[16], sizeof(sp_int_digit) * 16);
- a1->used = 16;
- XMEMCPY(b1->dp, &b->dp[16], sizeof(sp_int_digit) * 16);
- b1->used = 16;
- /* z2 = a1 * b1 */
- err = _sp_mul_16(a1, b1, z2);
- }
- if (err == MP_OKAY) {
- l = a1->dp[0];
- h = 0;
- SP_ASM_ADDC(l, h, a->dp[0]);
- a1->dp[0] = l;
- l = h;
- h = 0;
- for (i = 1; i < 16; i++) {
- SP_ASM_ADDC(l, h, a1->dp[i]);
- SP_ASM_ADDC(l, h, a->dp[i]);
- a1->dp[i] = l;
- l = h;
- h = 0;
- }
- ca = l;
- /* b01 = b0 + b1 */
- l = b1->dp[0];
- h = 0;
- SP_ASM_ADDC(l, h, b->dp[0]);
- b1->dp[0] = l;
- l = h;
- h = 0;
- for (i = 1; i < 16; i++) {
- SP_ASM_ADDC(l, h, b1->dp[i]);
- SP_ASM_ADDC(l, h, b->dp[i]);
- b1->dp[i] = l;
- l = h;
- h = 0;
- }
- cb = l;
- /* z0 = a0 * b0 */
- err = _sp_mul_16(a, b, z0);
- }
- if (err == MP_OKAY) {
- /* z1 = (a0 + a1) * (b0 + b1) */
- err = _sp_mul_16(a1, b1, z1);
- }
- if (err == MP_OKAY) {
- /* r = (z2 << 32) + (z1 - z0 - z2) << 16) + z0 */
- /* r = z0 */
- /* r += (z1 - z0 - z2) << 16 */
- z1->dp[32] = ca & cb;
- l = 0;
- if (ca) {
- h = 0;
- for (i = 0; i < 16; i++) {
- SP_ASM_ADDC(l, h, z1->dp[i + 16]);
- SP_ASM_ADDC(l, h, b1->dp[i]);
- z1->dp[i + 16] = l;
- l = h;
- h = 0;
- }
- }
- z1->dp[32] += l;
- l = 0;
- if (cb) {
- h = 0;
- for (i = 0; i < 16; i++) {
- SP_ASM_ADDC(l, h, z1->dp[i + 16]);
- SP_ASM_ADDC(l, h, a1->dp[i]);
- z1->dp[i + 16] = l;
- l = h;
- h = 0;
- }
- }
- z1->dp[32] += l;
- /* z1 = z1 - z0 - z1 */
- l = 0;
- h = 0;
- for (i = 0; i < 32; i++) {
- l += z1->dp[i];
- SP_ASM_SUBC(l, h, z0->dp[i]);
- SP_ASM_SUBC(l, h, z2->dp[i]);
- z1->dp[i] = l;
- l = h;
- h = 0;
- }
- z1->dp[i] += l;
- /* r += z1 << 16 */
- l = 0;
- h = 0;
- for (i = 0; i < 16; i++) {
- SP_ASM_ADDC(l, h, r->dp[i + 16]);
- SP_ASM_ADDC(l, h, z1->dp[i]);
- r->dp[i + 16] = l;
- l = h;
- h = 0;
- }
- for (; i < 33; i++) {
- SP_ASM_ADDC(l, h, z1->dp[i]);
- r->dp[i + 16] = l;
- l = h;
- h = 0;
- }
- /* r += z2 << 32 */
- l = 0;
- h = 0;
- for (i = 0; i < 17; i++) {
- SP_ASM_ADDC(l, h, r->dp[i + 32]);
- SP_ASM_ADDC(l, h, z2->dp[i]);
- r->dp[i + 32] = l;
- l = h;
- h = 0;
- }
- for (; i < 32; i++) {
- SP_ASM_ADDC(l, h, z2->dp[i]);
- r->dp[i + 32] = l;
- l = h;
- h = 0;
- }
- r->used = 64;
- sp_clamp(r);
- }
- FREE_SP_INT_ARRAY(z, NULL);
- FREE_SP_INT_ARRAY(t, NULL);
- return err;
- }
- #endif /* SP_INT_DIGITS >= 64 */
- #if SP_INT_DIGITS >= 96
- /* Multiply a by b and store in r: r = a * b
- *
- * Karatsuba implementaiton.
- *
- * @param [in] a SP integer to multiply.
- * @param [in] b SP integer to multiply.
- * @param [out] r SP integer result.
- *
- * @return MP_OKAY on success.
- * @return MP_MEM when dynamic memory allocation fails.
- */
- static int _sp_mul_48(sp_int* a, sp_int* b, sp_int* r)
- {
- int err = MP_OKAY;
- int i;
- sp_int_digit l;
- sp_int_digit h;
- sp_int* a1;
- sp_int* b1;
- sp_int* z0;
- sp_int* z1;
- sp_int* z2;
- sp_int_digit ca;
- sp_int_digit cb;
- DECL_SP_INT_ARRAY(t, 24, 2);
- DECL_SP_INT_ARRAY(z, 49, 2);
- ALLOC_SP_INT_ARRAY(t, 24, 2, err, NULL);
- ALLOC_SP_INT_ARRAY(z, 49, 2, err, NULL);
- if (err == MP_OKAY) {
- a1 = t[0];
- b1 = t[1];
- z1 = z[0];
- z2 = z[1];
- z0 = r;
- XMEMCPY(a1->dp, &a->dp[24], sizeof(sp_int_digit) * 24);
- a1->used = 24;
- XMEMCPY(b1->dp, &b->dp[24], sizeof(sp_int_digit) * 24);
- b1->used = 24;
- /* z2 = a1 * b1 */
- err = _sp_mul_24(a1, b1, z2);
- }
- if (err == MP_OKAY) {
- l = a1->dp[0];
- h = 0;
- SP_ASM_ADDC(l, h, a->dp[0]);
- a1->dp[0] = l;
- l = h;
- h = 0;
- for (i = 1; i < 24; i++) {
- SP_ASM_ADDC(l, h, a1->dp[i]);
- SP_ASM_ADDC(l, h, a->dp[i]);
- a1->dp[i] = l;
- l = h;
- h = 0;
- }
- ca = l;
- /* b01 = b0 + b1 */
- l = b1->dp[0];
- h = 0;
- SP_ASM_ADDC(l, h, b->dp[0]);
- b1->dp[0] = l;
- l = h;
- h = 0;
- for (i = 1; i < 24; i++) {
- SP_ASM_ADDC(l, h, b1->dp[i]);
- SP_ASM_ADDC(l, h, b->dp[i]);
- b1->dp[i] = l;
- l = h;
- h = 0;
- }
- cb = l;
- /* z0 = a0 * b0 */
- err = _sp_mul_24(a, b, z0);
- }
- if (err == MP_OKAY) {
- /* z1 = (a0 + a1) * (b0 + b1) */
- err = _sp_mul_24(a1, b1, z1);
- }
- if (err == MP_OKAY) {
- /* r = (z2 << 48) + (z1 - z0 - z2) << 24) + z0 */
- /* r = z0 */
- /* r += (z1 - z0 - z2) << 24 */
- z1->dp[48] = ca & cb;
- l = 0;
- if (ca) {
- h = 0;
- for (i = 0; i < 24; i++) {
- SP_ASM_ADDC(l, h, z1->dp[i + 24]);
- SP_ASM_ADDC(l, h, b1->dp[i]);
- z1->dp[i + 24] = l;
- l = h;
- h = 0;
- }
- }
- z1->dp[48] += l;
- l = 0;
- if (cb) {
- h = 0;
- for (i = 0; i < 24; i++) {
- SP_ASM_ADDC(l, h, z1->dp[i + 24]);
- SP_ASM_ADDC(l, h, a1->dp[i]);
- z1->dp[i + 24] = l;
- l = h;
- h = 0;
- }
- }
- z1->dp[48] += l;
- /* z1 = z1 - z0 - z1 */
- l = 0;
- h = 0;
- for (i = 0; i < 48; i++) {
- l += z1->dp[i];
- SP_ASM_SUBC(l, h, z0->dp[i]);
- SP_ASM_SUBC(l, h, z2->dp[i]);
- z1->dp[i] = l;
- l = h;
- h = 0;
- }
- z1->dp[i] += l;
- /* r += z1 << 16 */
- l = 0;
- h = 0;
- for (i = 0; i < 24; i++) {
- SP_ASM_ADDC(l, h, r->dp[i + 24]);
- SP_ASM_ADDC(l, h, z1->dp[i]);
- r->dp[i + 24] = l;
- l = h;
- h = 0;
- }
- for (; i < 49; i++) {
- SP_ASM_ADDC(l, h, z1->dp[i]);
- r->dp[i + 24] = l;
- l = h;
- h = 0;
- }
- /* r += z2 << 48 */
- l = 0;
- h = 0;
- for (i = 0; i < 25; i++) {
- SP_ASM_ADDC(l, h, r->dp[i + 48]);
- SP_ASM_ADDC(l, h, z2->dp[i]);
- r->dp[i + 48] = l;
- l = h;
- h = 0;
- }
- for (; i < 48; i++) {
- SP_ASM_ADDC(l, h, z2->dp[i]);
- r->dp[i + 48] = l;
- l = h;
- h = 0;
- }
- r->used = 96;
- sp_clamp(r);
- }
- FREE_SP_INT_ARRAY(z, NULL);
- FREE_SP_INT_ARRAY(t, NULL);
- return err;
- }
- #endif /* SP_INT_DIGITS >= 96 */
- #if SP_INT_DIGITS >= 128
- /* Multiply a by b and store in r: r = a * b
- *
- * Karatsuba implementaiton.
- *
- * @param [in] a SP integer to multiply.
- * @param [in] b SP integer to multiply.
- * @param [out] r SP integer result.
- *
- * @return MP_OKAY on success.
- * @return MP_MEM when dynamic memory allocation fails.
- */
- static int _sp_mul_64(sp_int* a, sp_int* b, sp_int* r)
- {
- int err = MP_OKAY;
- int i;
- sp_int_digit l;
- sp_int_digit h;
- sp_int* a1;
- sp_int* b1;
- sp_int* z0;
- sp_int* z1;
- sp_int* z2;
- sp_int_digit ca;
- sp_int_digit cb;
- DECL_SP_INT_ARRAY(t, 32, 2);
- DECL_SP_INT_ARRAY(z, 65, 2);
- ALLOC_SP_INT_ARRAY(t, 32, 2, err, NULL);
- ALLOC_SP_INT_ARRAY(z, 65, 2, err, NULL);
- if (err == MP_OKAY) {
- a1 = t[0];
- b1 = t[1];
- z1 = z[0];
- z2 = z[1];
- z0 = r;
- XMEMCPY(a1->dp, &a->dp[32], sizeof(sp_int_digit) * 32);
- a1->used = 32;
- XMEMCPY(b1->dp, &b->dp[32], sizeof(sp_int_digit) * 32);
- b1->used = 32;
- /* z2 = a1 * b1 */
- err = _sp_mul_32(a1, b1, z2);
- }
- if (err == MP_OKAY) {
- l = a1->dp[0];
- h = 0;
- SP_ASM_ADDC(l, h, a->dp[0]);
- a1->dp[0] = l;
- l = h;
- h = 0;
- for (i = 1; i < 32; i++) {
- SP_ASM_ADDC(l, h, a1->dp[i]);
- SP_ASM_ADDC(l, h, a->dp[i]);
- a1->dp[i] = l;
- l = h;
- h = 0;
- }
- ca = l;
- /* b01 = b0 + b1 */
- l = b1->dp[0];
- h = 0;
- SP_ASM_ADDC(l, h, b->dp[0]);
- b1->dp[0] = l;
- l = h;
- h = 0;
- for (i = 1; i < 32; i++) {
- SP_ASM_ADDC(l, h, b1->dp[i]);
- SP_ASM_ADDC(l, h, b->dp[i]);
- b1->dp[i] = l;
- l = h;
- h = 0;
- }
- cb = l;
- /* z0 = a0 * b0 */
- err = _sp_mul_32(a, b, z0);
- }
- if (err == MP_OKAY) {
- /* z1 = (a0 + a1) * (b0 + b1) */
- err = _sp_mul_32(a1, b1, z1);
- }
- if (err == MP_OKAY) {
- /* r = (z2 << 64) + (z1 - z0 - z2) << 32) + z0 */
- /* r = z0 */
- /* r += (z1 - z0 - z2) << 32 */
- z1->dp[64] = ca & cb;
- l = 0;
- if (ca) {
- h = 0;
- for (i = 0; i < 32; i++) {
- SP_ASM_ADDC(l, h, z1->dp[i + 32]);
- SP_ASM_ADDC(l, h, b1->dp[i]);
- z1->dp[i + 32] = l;
- l = h;
- h = 0;
- }
- }
- z1->dp[64] += l;
- l = 0;
- if (cb) {
- h = 0;
- for (i = 0; i < 32; i++) {
- SP_ASM_ADDC(l, h, z1->dp[i + 32]);
- SP_ASM_ADDC(l, h, a1->dp[i]);
- z1->dp[i + 32] = l;
- l = h;
- h = 0;
- }
- }
- z1->dp[64] += l;
- /* z1 = z1 - z0 - z1 */
- l = 0;
- h = 0;
- for (i = 0; i < 64; i++) {
- l += z1->dp[i];
- SP_ASM_SUBC(l, h, z0->dp[i]);
- SP_ASM_SUBC(l, h, z2->dp[i]);
- z1->dp[i] = l;
- l = h;
- h = 0;
- }
- z1->dp[i] += l;
- /* r += z1 << 16 */
- l = 0;
- h = 0;
- for (i = 0; i < 32; i++) {
- SP_ASM_ADDC(l, h, r->dp[i + 32]);
- SP_ASM_ADDC(l, h, z1->dp[i]);
- r->dp[i + 32] = l;
- l = h;
- h = 0;
- }
- for (; i < 65; i++) {
- SP_ASM_ADDC(l, h, z1->dp[i]);
- r->dp[i + 32] = l;
- l = h;
- h = 0;
- }
- /* r += z2 << 64 */
- l = 0;
- h = 0;
- for (i = 0; i < 33; i++) {
- SP_ASM_ADDC(l, h, r->dp[i + 64]);
- SP_ASM_ADDC(l, h, z2->dp[i]);
- r->dp[i + 64] = l;
- l = h;
- h = 0;
- }
- for (; i < 64; i++) {
- SP_ASM_ADDC(l, h, z2->dp[i]);
- r->dp[i + 64] = l;
- l = h;
- h = 0;
- }
- r->used = 128;
- sp_clamp(r);
- }
- FREE_SP_INT_ARRAY(z, NULL);
- FREE_SP_INT_ARRAY(t, NULL);
- return err;
- }
- #endif /* SP_INT_DIGITS >= 128 */
- #if SP_INT_DIGITS >= 192
- /* Multiply a by b and store in r: r = a * b
- *
- * Karatsuba implementaiton.
- *
- * @param [in] a SP integer to multiply.
- * @param [in] b SP integer to multiply.
- * @param [out] r SP integer result.
- *
- * @return MP_OKAY on success.
- * @return MP_MEM when dynamic memory allocation fails.
- */
- static int _sp_mul_96(sp_int* a, sp_int* b, sp_int* r)
- {
- int err = MP_OKAY;
- int i;
- sp_int_digit l;
- sp_int_digit h;
- sp_int* a1;
- sp_int* b1;
- sp_int* z0;
- sp_int* z1;
- sp_int* z2;
- sp_int_digit ca;
- sp_int_digit cb;
- DECL_SP_INT_ARRAY(t, 48, 2);
- DECL_SP_INT_ARRAY(z, 97, 2);
- ALLOC_SP_INT_ARRAY(t, 48, 2, err, NULL);
- ALLOC_SP_INT_ARRAY(z, 97, 2, err, NULL);
- if (err == MP_OKAY) {
- a1 = t[0];
- b1 = t[1];
- z1 = z[0];
- z2 = z[1];
- z0 = r;
- XMEMCPY(a1->dp, &a->dp[48], sizeof(sp_int_digit) * 48);
- a1->used = 48;
- XMEMCPY(b1->dp, &b->dp[48], sizeof(sp_int_digit) * 48);
- b1->used = 48;
- /* z2 = a1 * b1 */
- err = _sp_mul_48(a1, b1, z2);
- }
- if (err == MP_OKAY) {
- l = a1->dp[0];
- h = 0;
- SP_ASM_ADDC(l, h, a->dp[0]);
- a1->dp[0] = l;
- l = h;
- h = 0;
- for (i = 1; i < 48; i++) {
- SP_ASM_ADDC(l, h, a1->dp[i]);
- SP_ASM_ADDC(l, h, a->dp[i]);
- a1->dp[i] = l;
- l = h;
- h = 0;
- }
- ca = l;
- /* b01 = b0 + b1 */
- l = b1->dp[0];
- h = 0;
- SP_ASM_ADDC(l, h, b->dp[0]);
- b1->dp[0] = l;
- l = h;
- h = 0;
- for (i = 1; i < 48; i++) {
- SP_ASM_ADDC(l, h, b1->dp[i]);
- SP_ASM_ADDC(l, h, b->dp[i]);
- b1->dp[i] = l;
- l = h;
- h = 0;
- }
- cb = l;
- /* z0 = a0 * b0 */
- err = _sp_mul_48(a, b, z0);
- }
- if (err == MP_OKAY) {
- /* z1 = (a0 + a1) * (b0 + b1) */
- err = _sp_mul_48(a1, b1, z1);
- }
- if (err == MP_OKAY) {
- /* r = (z2 << 96) + (z1 - z0 - z2) << 48) + z0 */
- /* r = z0 */
- /* r += (z1 - z0 - z2) << 48 */
- z1->dp[96] = ca & cb;
- l = 0;
- if (ca) {
- h = 0;
- for (i = 0; i < 48; i++) {
- SP_ASM_ADDC(l, h, z1->dp[i + 48]);
- SP_ASM_ADDC(l, h, b1->dp[i]);
- z1->dp[i + 48] = l;
- l = h;
- h = 0;
- }
- }
- z1->dp[96] += l;
- l = 0;
- if (cb) {
- h = 0;
- for (i = 0; i < 48; i++) {
- SP_ASM_ADDC(l, h, z1->dp[i + 48]);
- SP_ASM_ADDC(l, h, a1->dp[i]);
- z1->dp[i + 48] = l;
- l = h;
- h = 0;
- }
- }
- z1->dp[96] += l;
- /* z1 = z1 - z0 - z1 */
- l = 0;
- h = 0;
- for (i = 0; i < 96; i++) {
- l += z1->dp[i];
- SP_ASM_SUBC(l, h, z0->dp[i]);
- SP_ASM_SUBC(l, h, z2->dp[i]);
- z1->dp[i] = l;
- l = h;
- h = 0;
- }
- z1->dp[i] += l;
- /* r += z1 << 16 */
- l = 0;
- h = 0;
- for (i = 0; i < 48; i++) {
- SP_ASM_ADDC(l, h, r->dp[i + 48]);
- SP_ASM_ADDC(l, h, z1->dp[i]);
- r->dp[i + 48] = l;
- l = h;
- h = 0;
- }
- for (; i < 97; i++) {
- SP_ASM_ADDC(l, h, z1->dp[i]);
- r->dp[i + 48] = l;
- l = h;
- h = 0;
- }
- /* r += z2 << 96 */
- l = 0;
- h = 0;
- for (i = 0; i < 49; i++) {
- SP_ASM_ADDC(l, h, r->dp[i + 96]);
- SP_ASM_ADDC(l, h, z2->dp[i]);
- r->dp[i + 96] = l;
- l = h;
- h = 0;
- }
- for (; i < 96; i++) {
- SP_ASM_ADDC(l, h, z2->dp[i]);
- r->dp[i + 96] = l;
- l = h;
- h = 0;
- }
- r->used = 192;
- sp_clamp(r);
- }
- FREE_SP_INT_ARRAY(z, NULL);
- FREE_SP_INT_ARRAY(t, NULL);
- return err;
- }
- #endif /* SP_INT_DIGITS >= 192 */
- #endif /* SQR_MUL_ASM && WOLFSSL_SP_INT_LARGE_COMBA */
- #endif /* !WOLFSSL_SP_SMALL */
- /* Multiply a by b and store in r: r = a * b
- *
- * @param [in] a SP integer to multiply.
- * @param [in] b SP integer to multiply.
- * @param [out] r SP integer result.
- *
- * @return MP_OKAY on success.
- * @return MP_VAL when a, b or is NULL; or the result will be too big for fixed
- * data length.
- * @return MP_MEM when dynamic memory allocation fails.
- */
- int sp_mul(sp_int* a, sp_int* b, sp_int* r)
- {
- int err = MP_OKAY;
- #ifdef WOLFSSL_SP_INT_NEGATIVE
- int sign = MP_ZPOS;
- #endif
- if ((a == NULL) || (b == NULL) || (r == NULL)) {
- err = MP_VAL;
- }
- /* Need extra digit during calculation. */
- if ((err == MP_OKAY) && (a->used + b->used > r->size)) {
- err = MP_VAL;
- }
- #if 0
- if (err == MP_OKAY) {
- sp_print(a, "a");
- sp_print(b, "b");
- }
- #endif
- if (err == MP_OKAY) {
- #ifdef WOLFSSL_SP_INT_NEGATIVE
- sign = a->sign ^ b->sign;
- #endif
- if ((a->used == 0) || (b->used == 0)) {
- _sp_zero(r);
- }
- else
- #ifndef WOLFSSL_SP_SMALL
- #if !defined(WOLFSSL_HAVE_SP_ECC) && defined(HAVE_ECC)
- #if SP_WORD_SIZE == 64
- if ((a->used == 4) && (b->used == 4)) {
- err = _sp_mul_4(a, b, r);
- }
- else
- #endif /* SP_WORD_SIZE == 64 */
- #if SP_WORD_SIZE == 64
- #ifdef SQR_MUL_ASM
- if ((a->used == 6) && (b->used == 6)) {
- err = _sp_mul_6(a, b, r);
- }
- else
- #endif /* SQR_MUL_ASM */
- #endif /* SP_WORD_SIZE == 64 */
- #if SP_WORD_SIZE == 32
- #ifdef SQR_MUL_ASM
- if ((a->used == 8) && (b->used == 8)) {
- err = _sp_mul_8(a, b, r);
- }
- else
- #endif /* SQR_MUL_ASM */
- #endif /* SP_WORD_SIZE == 32 */
- #if SP_WORD_SIZE == 32
- #ifdef SQR_MUL_ASM
- if ((a->used == 12) && (b->used == 12)) {
- err = _sp_mul_12(a, b, r);
- }
- else
- #endif /* SQR_MUL_ASM */
- #endif /* SP_WORD_SIZE == 32 */
- #endif /* !WOLFSSL_HAVE_SP_ECC && HAVE_ECC */
- #if defined(SQR_MUL_ASM) && defined(WOLFSSL_SP_INT_LARGE_COMBA)
- #if SP_INT_DIGITS >= 32
- if ((a->used == 16) && (b->used == 16)) {
- err = _sp_mul_16(a, b, r);
- }
- else
- #endif /* SP_INT_DIGITS >= 32 */
- #if SP_INT_DIGITS >= 48
- if ((a->used == 24) && (b->used == 24)) {
- err = _sp_mul_24(a, b, r);
- }
- else
- #endif /* SP_INT_DIGITS >= 48 */
- #if SP_INT_DIGITS >= 64
- if ((a->used == 32) && (b->used == 32)) {
- err = _sp_mul_32(a, b, r);
- }
- else
- #endif /* SP_INT_DIGITS >= 64 */
- #if SP_INT_DIGITS >= 96
- if ((a->used == 48) && (b->used == 48)) {
- err = _sp_mul_48(a, b, r);
- }
- else
- #endif /* SP_INT_DIGITS >= 96 */
- #if SP_INT_DIGITS >= 128
- if ((a->used == 64) && (b->used == 64)) {
- err = _sp_mul_64(a, b, r);
- }
- else
- #endif /* SP_INT_DIGITS >= 128 */
- #if SP_INT_DIGITS >= 192
- if ((a->used == 96) && (b->used == 96)) {
- err = _sp_mul_96(a, b, r);
- }
- else
- #endif /* SP_INT_DIGITS >= 192 */
- #endif /* SQR_MUL_ASM && WOLFSSL_SP_INT_LARGE_COMBA */
- #endif /* !WOLFSSL_SP_SMALL */
- #ifdef SQR_MUL_ASM
- if (a->used == b->used) {
- err = _sp_mul_nxn(a, b, r);
- }
- else
- #endif
- {
- err = _sp_mul(a, b, r);
- }
- }
- #ifdef WOLFSSL_SP_INT_NEGATIVE
- if (err == MP_OKAY) {
- r->sign = (r->used == 0) ? MP_ZPOS : sign;
- }
- #endif
- #if 0
- if (err == MP_OKAY) {
- sp_print(r, "rmul");
- }
- #endif
- return err;
- }
- /* END SP_MUL implementations. */
- #if defined(WOLFSSL_SP_MATH_ALL) || defined(WOLFSSL_HAVE_SP_DH) || \
- defined(WOLFCRYPT_HAVE_ECCSI) || \
- (!defined(NO_RSA) && defined(WOLFSSL_KEY_GEN))
- /* Multiply a by b mod m and store in r: r = (a * b) mod m
- *
- * @param [in] a SP integer to multiply.
- * @param [in] b SP integer to multiply.
- * @param [in] m SP integer that is the modulus.
- * @param [out] r SP integer result.
- *
- * @return MP_OKAY on success.
- * @return MP_VAL when a, b, m or r is NULL; m is 0; or a * b is too big for
- * fixed data length.
- * @return MP_MEM when dynamic memory allocation fails.
- */
- int sp_mulmod(sp_int* a, sp_int* b, sp_int* m, sp_int* r)
- {
- int err = MP_OKAY;
- if ((a == NULL) || (b == NULL) || (m == NULL) || (r == NULL)) {
- err = MP_VAL;
- }
- if ((err == MP_OKAY) && (a->used + b->used > r->size)) {
- err = MP_VAL;
- }
- if (err == MP_OKAY) {
- if ((r == m) || (r->size < a->used + b->used)) {
- DECL_SP_INT(t, ((a == NULL) || (b == NULL)) ? 1 :
- a->used + b->used);
- ALLOC_SP_INT(t, a->used + b->used, err, NULL);
- if (err == MP_OKAY) {
- err = sp_init_size(t, a->used + b->used);
- }
- if (err == MP_OKAY) {
- err = sp_mul(a, b, t);
- }
- if (err == MP_OKAY) {
- err = sp_mod(t, m, r);
- }
- FREE_SP_INT(t, NULL);
- }
- else {
- err = sp_mul(a, b, r);
- if (err == MP_OKAY) {
- err = sp_mod(r, m, r);
- }
- }
- }
- return err;
- }
- #endif
- #ifdef WOLFSSL_SP_INVMOD
- /* Calculates the multiplicative inverse in the field.
- *
- * @param [in] a SP integer to find inverse of.
- * @param [in] m SP integer this is the modulus.
- * @param [out] r SP integer to hold result. r cannot be m.
- *
- * @return MP_OKAY on success.
- * @return MP_VAL when a, m or r is NULL; a or m is zero; a and m are even or
- * m is negative.
- * @return MP_MEM when dynamic memory allocation fails.
- */
- int sp_invmod(sp_int* a, sp_int* m, sp_int* r)
- {
- int err = MP_OKAY;
- sp_int* u = NULL;
- sp_int* v = NULL;
- sp_int* b = NULL;
- sp_int* mm;
- int evenMod = 0;
- DECL_SP_INT_ARRAY(t, (m == NULL) ? 1 : (m->used + 1), 3);
- DECL_SP_INT(c, (m == NULL) ? 1 : (2 * m->used + 1));
- if ((a == NULL) || (m == NULL) || (r == NULL) || (r == m)) {
- err = MP_VAL;
- }
- if ((err == MP_OKAY) && (m->used * 2 > r->size)) {
- err = MP_VAL;
- }
- #ifdef WOLFSSL_SP_INT_NEGATIVE
- if ((err == MP_OKAY) && (m->sign == MP_NEG)) {
- err = MP_VAL;
- }
- #endif
- ALLOC_SP_INT_ARRAY(t, m->used + 1, 3, err, NULL);
- ALLOC_SP_INT(c, 2 * m->used + 1, err, NULL);
- if (err == MP_OKAY) {
- u = t[0];
- v = t[1];
- b = t[2];
- /* c allocated separately and larger for even mod case. */
- if (_sp_cmp_abs(a, m) != MP_LT) {
- err = sp_mod(a, m, r);
- a = r;
- }
- }
- #ifdef WOLFSSL_SP_INT_NEGATIVE
- if ((err == MP_OKAY) && (a->sign == MP_NEG)) {
- /* Make 'a' positive */
- err = sp_add(m, a, r);
- a = r;
- }
- #endif
- /* 0 != n*m + 1 (+ve m), r*a mod 0 is always 0 (never 1) */
- if ((err == MP_OKAY) && (sp_iszero(a) || sp_iszero(m))) {
- err = MP_VAL;
- }
- /* r*2*x != n*2*y + 1 for integer x,y */
- if ((err == MP_OKAY) && sp_iseven(a) && sp_iseven(m)) {
- err = MP_VAL;
- }
- /* 1*1 = 0*m + 1 */
- if ((err == MP_OKAY) && sp_isone(a)) {
- sp_set(r, 1);
- }
- else if (err != MP_OKAY) {
- }
- else {
- sp_init_size(u, m->used + 1);
- sp_init_size(v, m->used + 1);
- sp_init_size(b, m->used + 1);
- sp_init_size(c, 2 * m->used + 1);
- if (sp_iseven(m)) {
- /* a^-1 mod m = m + ((1 - m*(m^-1 % a)) / a) */
- mm = a;
- sp_copy(a, u);
- sp_mod(m, a, v);
- /* v == 0 when a divides m evenly - no inverse. */
- if (sp_iszero(v)) {
- /* Force u to no inverse answer. */
- sp_set(u, 0);
- }
- evenMod = 1;
- }
- else {
- mm = m;
- sp_copy(m, u);
- sp_copy(a, v);
- }
- _sp_zero(b);
- sp_set(c, 1);
- while (!sp_isone(v) && !sp_iszero(u)) {
- if (sp_iseven(u)) {
- sp_div_2(u, u);
- if (sp_isodd(b)) {
- _sp_add_off(b, mm, b, 0);
- }
- sp_div_2(b, b);
- }
- else if (sp_iseven(v)) {
- sp_div_2(v, v);
- if (sp_isodd(c)) {
- _sp_add_off(c, mm, c, 0);
- }
- sp_div_2(c, c);
- }
- else if (_sp_cmp(u, v) != MP_LT) {
- _sp_sub_off(u, v, u, 0);
- if (_sp_cmp(b, c) == MP_LT) {
- _sp_add_off(b, mm, b, 0);
- }
- _sp_sub_off(b, c, b, 0);
- }
- else {
- _sp_sub_off(v, u, v, 0);
- if (_sp_cmp(c, b) == MP_LT) {
- _sp_add_off(c, mm, c, 0);
- }
- _sp_sub_off(c, b, c, 0);
- }
- }
- if (sp_iszero(u)) {
- err = MP_VAL;
- }
- else if (evenMod) {
- /* Finish operation.
- * a^-1 mod m = m + ((1 - m*c) / a)
- * => a^-1 mod m = m - ((m*c - 1) / a)
- */
- err = sp_mul(c, m, c);
- if (err == MP_OKAY) {
- _sp_sub_d(c, 1, c);
- err = sp_div(c, a, c, NULL);
- }
- if (err == MP_OKAY) {
- sp_sub(m, c, r);
- }
- }
- else {
- err = sp_copy(c, r);
- }
- }
- FREE_SP_INT(c, NULL);
- FREE_SP_INT_ARRAY(t, NULL);
- return err;
- }
- #endif /* WOLFSSL_SP_INVMOD */
- #ifdef WOLFSSL_SP_INVMOD_MONT_CT
- #define CT_INV_MOD_PRE_CNT 8
- /* Calculates the multiplicative inverse in the field - constant time.
- *
- * Modulus (m) must be a prime and greater than 2.
- *
- * @param [in] a SP integer, Montgomery form, to find inverse of.
- * @param [in] m SP integer this is the modulus.
- * @param [out] r SP integer to hold result.
- * @param [in] mp SP integer digit that is the bottom digit of inv(-m).
- *
- * @return MP_OKAY on success.
- * @return MP_VAL when a, m or r is NULL; a is 0 or m is less than 3.
- * @return MP_MEM when dynamic memory allocation fails.
- */
- int sp_invmod_mont_ct(sp_int* a, sp_int* m, sp_int* r, sp_int_digit mp)
- {
- int err = MP_OKAY;
- int i;
- int j = 0;
- sp_int* t = NULL;
- sp_int* e = NULL;
- DECL_SP_INT_ARRAY(pre, (m == NULL) ? 1 : m->used * 2 + 1,
- CT_INV_MOD_PRE_CNT + 2);
- if ((a == NULL) || (m == NULL) || (r == NULL)) {
- err = MP_VAL;
- }
- /* 0 != n*m + 1 (+ve m), r*a mod 0 is always 0 (never 1) */
- if ((err == MP_OKAY) && (sp_iszero(a) || sp_iszero(m) ||
- (m->used == 1 && m->dp[0] < 3))) {
- err = MP_VAL;
- }
- ALLOC_SP_INT_ARRAY(pre, m->used * 2 + 1, CT_INV_MOD_PRE_CNT + 2, err, NULL);
- if (err == MP_OKAY) {
- t = pre[CT_INV_MOD_PRE_CNT + 0];
- e = pre[CT_INV_MOD_PRE_CNT + 1];
- sp_init_size(t, m->used * 2 + 1);
- sp_init_size(e, m->used * 2 + 1);
- sp_init_size(pre[0], m->used * 2 + 1);
- err = sp_copy(a, pre[0]);
- for (i = 1; (err == MP_OKAY) && (i < CT_INV_MOD_PRE_CNT); i++) {
- sp_init_size(pre[i], m->used * 2 + 1);
- err = sp_sqr(pre[i-1], pre[i]);
- if (err == MP_OKAY) {
- err = _sp_mont_red(pre[i], m, mp);
- }
- if (err == MP_OKAY) {
- err = sp_mul(pre[i], a, pre[i]);
- }
- if (err == MP_OKAY) {
- err = _sp_mont_red(pre[i], m, mp);
- }
- }
- }
- if (err == MP_OKAY) {
- _sp_sub_d(m, 2, e);
- for (i = sp_count_bits(e)-1, j = 0; i >= 0; i--, j++) {
- if ((!sp_is_bit_set(e, i)) || (j == CT_INV_MOD_PRE_CNT)) {
- break;
- }
- }
- err = sp_copy(pre[j-1], t);
- for (j = 0; (err == MP_OKAY) && (i >= 0); i--) {
- int set = sp_is_bit_set(e, i);
- if ((j == CT_INV_MOD_PRE_CNT) || ((!set) && j > 0)) {
- err = sp_mul(t, pre[j-1], t);
- if (err == MP_OKAY) {
- err = _sp_mont_red(t, m, mp);
- }
- j = 0;
- }
- if (err == MP_OKAY) {
- err = sp_sqr(t, t);
- if (err == MP_OKAY) {
- err = _sp_mont_red(t, m, mp);
- }
- }
- j += set;
- }
- }
- if (err == MP_OKAY) {
- if (j > 0) {
- err = sp_mul(t, pre[j-1], r);
- if (err == MP_OKAY) {
- err = _sp_mont_red(r, m, mp);
- }
- }
- else {
- err = sp_copy(t, r);
- }
- }
- FREE_SP_INT_ARRAY(pre, NULL);
- return err;
- }
- #endif /* WOLFSSL_SP_INVMOD_MONT_CT */
- /**************************
- * Exponentiation functions
- **************************/
- #if (defined(WOLFSSL_SP_MATH_ALL) && !defined(WOLFSSL_RSA_VERIFY_ONLY) && \
- !defined(WOLFSSL_RSA_PUBLIC_ONLY)) || !defined(NO_DH)
- /* Internal. Exponentiates b to the power of e modulo m into r: r = b ^ e mod m
- * Process the exponent one bit at a time.
- * Is constant time and can be cache attack resistant.
- *
- * @param [in] b SP integer that is the base.
- * @param [in] e SP integer that is the exponent.
- * @param [in] bits Number of bits in base to use. May be greater than
- * count of bits in b.
- * @param [in] m SP integer that is the modulus.
- * @param [out] r SP integer to hold result.
- *
- * @return MP_OKAY on success.
- * @return MP_MEM when dynamic memory allocation fails.
- */
- static int _sp_exptmod_ex(sp_int* b, sp_int* e, int bits, sp_int* m, sp_int* r)
- {
- int i;
- int err = MP_OKAY;
- int done = 0;
- int j;
- int y;
- int seenTopBit = 0;
- #ifdef WC_NO_CACHE_RESISTANT
- DECL_SP_INT_ARRAY(t, 2 * m->used + 1, 2);
- #else
- DECL_SP_INT_ARRAY(t, 2 * m->used + 1, 3);
- #endif
- #ifdef WC_NO_CACHE_RESISTANT
- ALLOC_SP_INT_ARRAY(t, 2 * m->used + 1, 2, err, NULL);
- #else
- ALLOC_SP_INT_ARRAY(t, 2 * m->used + 1, 3, err, NULL);
- #endif
- if (err == MP_OKAY) {
- sp_init_size(t[0], 2 * m->used + 1);
- sp_init_size(t[1], 2 * m->used + 1);
- #ifndef WC_NO_CACHE_RESISTANT
- sp_init_size(t[2], 2 * m->used + 1);
- #endif
- /* Ensure base is less than exponent. */
- if (_sp_cmp_abs(b, m) != MP_LT) {
- err = sp_mod(b, m, t[0]);
- if ((err == MP_OKAY) && sp_iszero(t[0])) {
- sp_set(r, 0);
- done = 1;
- }
- }
- else {
- err = sp_copy(b, t[0]);
- }
- }
- if ((!done) && (err == MP_OKAY)) {
- /* t[0] is dummy value and t[1] is result */
- err = sp_copy(t[0], t[1]);
- for (i = bits - 1; (err == MP_OKAY) && (i >= 0); i--) {
- #ifdef WC_NO_CACHE_RESISTANT
- /* Square real result if seen the top bit. */
- err = sp_sqrmod(t[seenTopBit], m, t[seenTopBit]);
- if (err == MP_OKAY) {
- y = (e->dp[i >> SP_WORD_SHIFT] >> (i & SP_WORD_MASK)) & 1;
- j = y & seenTopBit;
- seenTopBit |= y;
- /* Multiply real result if bit is set and seen the top bit. */
- err = sp_mulmod(t[j], b, m, t[j]);
- }
- #else
- /* Square real result if seen the top bit. */
- sp_copy((sp_int*)(((size_t)t[0] & sp_off_on_addr[seenTopBit^1]) +
- ((size_t)t[1] & sp_off_on_addr[seenTopBit ])),
- t[2]);
- err = sp_sqrmod(t[2], m, t[2]);
- sp_copy(t[2],
- (sp_int*)(((size_t)t[0] & sp_off_on_addr[seenTopBit^1]) +
- ((size_t)t[1] & sp_off_on_addr[seenTopBit ])));
- if (err == MP_OKAY) {
- y = (e->dp[i >> SP_WORD_SHIFT] >> (i & SP_WORD_MASK)) & 1;
- j = y & seenTopBit;
- seenTopBit |= y;
- /* Multiply real result if bit is set and seen the top bit. */
- sp_copy((sp_int*)(((size_t)t[0] & sp_off_on_addr[j^1]) +
- ((size_t)t[1] & sp_off_on_addr[j ])),
- t[2]);
- err = sp_mulmod(t[2], b, m, t[2]);
- sp_copy(t[2],
- (sp_int*)(((size_t)t[0] & sp_off_on_addr[j^1]) +
- ((size_t)t[1] & sp_off_on_addr[j ])));
- }
- #endif
- }
- }
- if ((!done) && (err == MP_OKAY)) {
- err = sp_copy(t[1], r);
- }
- FREE_SP_INT_ARRAY(t, NULL);
- return err;
- }
- #endif /* (WOLFSSL_SP_MATH_ALL && !WOLFSSL_RSA_VERIFY_ONLY) ||
- * WOLFSSL_HAVE_SP_DH */
- #if defined(WOLFSSL_SP_MATH_ALL) && ((!defined(WOLFSSL_RSA_VERIFY_ONLY) && \
- !defined(WOLFSSL_RSA_PUBLIC_ONLY)) || !defined(NO_DH))
- #ifndef WC_NO_HARDEN
- #if !defined(WC_NO_CACHE_RESISTANT)
- /* Internal. Exponentiates b to the power of e modulo m into r: r = b ^ e mod m
- * Process the exponent one bit at a time with base in montgomery form.
- * Is constant time and cache attack resistant.
- *
- * @param [in] b SP integer that is the base.
- * @param [in] e SP integer that is the exponent.
- * @param [in] bits Number of bits in base to use. May be greater than
- * count of bits in b.
- * @param [in] m SP integer that is the modulus.
- * @param [out] r SP integer to hold result.
- *
- * @return MP_OKAY on success.
- * @return MP_MEM when dynamic memory allocation fails.
- */
- static int _sp_exptmod_mont_ex(sp_int* b, sp_int* e, int bits, sp_int* m,
- sp_int* r)
- {
- int i;
- int err = MP_OKAY;
- int done = 0;
- int j;
- int y;
- int seenTopBit = 0;
- sp_int_digit mp;
- DECL_SP_INT_ARRAY(t, m->used * 2 + 1, 4);
- ALLOC_SP_INT_ARRAY(t, m->used * 2 + 1, 4, err, NULL);
- if (err == MP_OKAY) {
- sp_init_size(t[0], m->used * 2 + 1);
- sp_init_size(t[1], m->used * 2 + 1);
- sp_init_size(t[2], m->used * 2 + 1);
- sp_init_size(t[3], m->used * 2 + 1);
- /* Ensure base is less than exponent. */
- if (_sp_cmp_abs(b, m) != MP_LT) {
- err = sp_mod(b, m, t[0]);
- if ((err == MP_OKAY) && sp_iszero(t[0])) {
- sp_set(r, 0);
- done = 1;
- }
- }
- else {
- err = sp_copy(b, t[0]);
- }
- }
- if ((!done) && (err == MP_OKAY)) {
- err = sp_mont_setup(m, &mp);
- if (err == MP_OKAY) {
- err = sp_mont_norm(t[1], m);
- }
- if (err == MP_OKAY) {
- /* Convert to montgomery form. */
- err = sp_mulmod(t[0], t[1], m, t[0]);
- }
- if (err == MP_OKAY) {
- /* t[0] is fake working value and t[1] is real working value. */
- sp_copy(t[0], t[1]);
- /* Montgomert form of base to multiply by. */
- sp_copy(t[0], t[2]);
- }
- for (i = bits - 1; (err == MP_OKAY) && (i >= 0); i--) {
- /* Square real working value if seen the top bit. */
- sp_copy((sp_int*)(((size_t)t[0] & sp_off_on_addr[seenTopBit^1]) +
- ((size_t)t[1] & sp_off_on_addr[seenTopBit ])),
- t[3]);
- err = sp_sqr(t[3], t[3]);
- if (err == MP_OKAY) {
- err = _sp_mont_red(t[3], m, mp);
- }
- sp_copy(t[3],
- (sp_int*)(((size_t)t[0] & sp_off_on_addr[seenTopBit^1]) +
- ((size_t)t[1] & sp_off_on_addr[seenTopBit ])));
- if (err == MP_OKAY) {
- y = (e->dp[i >> SP_WORD_SHIFT] >> (i & SP_WORD_MASK)) & 1;
- j = y & seenTopBit;
- seenTopBit |= y;
- /* Multiply real value if bit is set and seen the top bit. */
- sp_copy((sp_int*)(((size_t)t[0] & sp_off_on_addr[j^1]) +
- ((size_t)t[1] & sp_off_on_addr[j ])),
- t[3]);
- err = sp_mul(t[3], t[2], t[3]);
- if (err == MP_OKAY) {
- err = _sp_mont_red(t[3], m, mp);
- }
- sp_copy(t[3],
- (sp_int*)(((size_t)t[0] & sp_off_on_addr[j^1]) +
- ((size_t)t[1] & sp_off_on_addr[j ])));
- }
- }
- if (err == MP_OKAY) {
- /* Convert from montgomery form. */
- err = _sp_mont_red(t[1], m, mp);
- /* Reduction implementation returns number to range < m. */
- }
- }
- if ((!done) && (err == MP_OKAY)) {
- err = sp_copy(t[1], r);
- }
- FREE_SP_INT_ARRAY(t, NULL);
- return err;
- }
- #else
- /* Always allocate large array of sp_ints unless defined WOLFSSL_SP_NO_MALLOC */
- #define SP_ALLOC
- /* Internal. Exponentiates b to the power of e modulo m into r: r = b ^ e mod m
- * Creates a window of precalculated exponents with base in montgomery form.
- * Is constant time but NOT cache attack resistant.
- *
- * @param [in] b SP integer that is the base.
- * @param [in] e SP integer that is the exponent.
- * @param [in] bits Number of bits in base to use. May be greater than
- * count of bits in b.
- * @param [in] m SP integer that is the modulus.
- * @param [out] r SP integer to hold result.
- *
- * @return MP_OKAY on success.
- * @return MP_MEM when dynamic memory allocation fails.
- */
- static int _sp_exptmod_mont_ex(sp_int* b, sp_int* e, int bits, sp_int* m,
- sp_int* r)
- {
- int i;
- int j;
- int c;
- int y;
- int winBits;
- int preCnt;
- int err = MP_OKAY;
- int done = 0;
- sp_int_digit mp;
- sp_int_digit n;
- sp_int_digit mask;
- sp_int* tr = NULL;
- DECL_SP_INT_ARRAY(t, m->used * 2 + 1, (1 << 6) + 1);
- if (bits > 450) {
- winBits = 6;
- }
- else if (bits <= 21) {
- winBits = 1;
- }
- else if (bits <= 36) {
- winBits = 3;
- }
- else if (bits <= 140) {
- winBits = 4;
- }
- else {
- winBits = 5;
- }
- preCnt = 1 << winBits;
- mask = preCnt - 1;
- ALLOC_SP_INT_ARRAY(t, m->used * 2 + 1, preCnt + 1, err, NULL);
- if (err == MP_OKAY) {
- tr = t[preCnt];
- for (i = 0; i < preCnt; i++) {
- sp_init_size(t[i], m->used * 2 + 1);
- }
- sp_init_size(tr, m->used * 2 + 1);
- /* Ensure base is less than exponent. */
- if (_sp_cmp_abs(b, m) != MP_LT) {
- err = sp_mod(b, m, t[1]);
- if ((err == MP_OKAY) && sp_iszero(t[1])) {
- sp_set(r, 0);
- done = 1;
- }
- }
- else {
- err = sp_copy(b, t[1]);
- }
- }
- if ((!done) && (err == MP_OKAY)) {
- err = sp_mont_setup(m, &mp);
- if (err == MP_OKAY) {
- /* Norm value is 1 in montgomery form. */
- err = sp_mont_norm(t[0], m);
- }
- if (err == MP_OKAY) {
- /* Convert base to montgomery form. */
- err = sp_mulmod(t[1], t[0], m, t[1]);
- }
- /* Pre-calculate values */
- for (i = 2; (i < preCnt) && (err == MP_OKAY); i++) {
- if ((i & 1) == 0) {
- err = sp_sqr(t[i/2], t[i]);
- }
- else {
- err = sp_mul(t[i-1], t[1], t[i]);
- }
- if (err == MP_OKAY) {
- err = _sp_mont_red(t[i], m, mp);
- }
- }
- if (err == MP_OKAY) {
- /* Bits from the top that - possibly left over. */
- i = (bits - 1) >> SP_WORD_SHIFT;
- n = e->dp[i--];
- c = bits & (SP_WORD_SIZE - 1);
- if (c == 0) {
- c = SP_WORD_SIZE;
- }
- c -= bits % winBits;
- y = (int)(n >> c);
- n <<= SP_WORD_SIZE - c;
- /* Copy window number for top bits. */
- sp_copy(t[y], tr);
- for (; (i >= 0) || (c >= winBits); ) {
- if (c == 0) {
- /* Bits up to end of digit */
- n = e->dp[i--];
- y = (int)(n >> (SP_WORD_SIZE - winBits));
- n <<= winBits;
- c = SP_WORD_SIZE - winBits;
- }
- else if (c < winBits) {
- /* Bits to end of digit and part of next */
- y = (int)(n >> (SP_WORD_SIZE - winBits));
- n = e->dp[i--];
- c = winBits - c;
- y |= (int)(n >> (SP_WORD_SIZE - c));
- n <<= c;
- c = SP_WORD_SIZE - c;
- }
- else {
- /* Bits from middle of digit */
- y = (int)((n >> (SP_WORD_SIZE - winBits)) & mask);
- n <<= winBits;
- c -= winBits;
- }
- /* Square for number of bits in window. */
- for (j = 0; (j < winBits) && (err == MP_OKAY); j++) {
- err = sp_sqr(tr, tr);
- if (err == MP_OKAY) {
- err = _sp_mont_red(tr, m, mp);
- }
- }
- /* Multiply by window number for next set of bits. */
- if (err == MP_OKAY) {
- err = sp_mul(tr, t[y], tr);
- }
- if (err == MP_OKAY) {
- err = _sp_mont_red(tr, m, mp);
- }
- }
- }
- if (err == MP_OKAY) {
- /* Convert from montgomery form. */
- err = _sp_mont_red(tr, m, mp);
- /* Reduction implementation returns number to range < m. */
- }
- }
- if ((!done) && (err == MP_OKAY)) {
- err = sp_copy(tr, r);
- }
- FREE_SP_INT_ARRAY(t, NULL);
- return err;
- }
- #undef SP_ALLOC
- #endif /* !WC_NO_CACHE_RESISTANT */
- #endif /* !WC_NO_HARDEN */
- #if SP_WORD_SIZE <= 16
- #define EXP2_WINSIZE 2
- #elif SP_WORD_SIZE <= 32
- #define EXP2_WINSIZE 3
- #elif SP_WORD_SIZE <= 64
- #define EXP2_WINSIZE 4
- #elif SP_WORD_SIZE <= 128
- #define EXP2_WINSIZE 5
- #endif
- /* Internal. Exponentiates 2 to the power of e modulo m into r: r = 2 ^ e mod m
- * Is constant time and cache attack resistant.
- *
- * @param [in] e SP integer that is the exponent.
- * @param [in] digits Number of digits in base to use. May be greater than
- * count of bits in b.
- * @param [in] m SP integer that is the modulus.
- * @param [out] r SP integer to hold result.
- *
- * @return MP_OKAY on success.
- * @return MP_MEM when dynamic memory allocation fails.
- */
- static int _sp_exptmod_base_2(sp_int* e, int digits, sp_int* m, sp_int* r)
- {
- int i = 0;
- int j;
- int c = 0;
- int y;
- int err = MP_OKAY;
- sp_int* t = NULL;
- sp_int* tr = NULL;
- sp_int_digit mp = 0, n = 0;
- DECL_SP_INT_ARRAY(d, m->used * 2 + 1, 2);
- #if 0
- sp_print_int(2, "a");
- sp_print(e, "b");
- sp_print(m, "m");
- #endif
- ALLOC_SP_INT_ARRAY(d, m->used * 2 + 1, 2, err, NULL);
- if (err == MP_OKAY) {
- t = d[0];
- tr = d[1];
- sp_init_size(t, m->used * 2 + 1);
- sp_init_size(tr, m->used * 2 + 1);
- if (m->used > 1) {
- err = sp_mont_setup(m, &mp);
- if (err == MP_OKAY) {
- /* Norm value is 1 in montgomery form. */
- err = sp_mont_norm(tr, m);
- }
- if (err == MP_OKAY) {
- err = sp_mul_2d(m, 1 << EXP2_WINSIZE, t);
- }
- }
- else {
- err = sp_set(tr, 1);
- }
- if (err == MP_OKAY) {
- /* Bits from the top. */
- i = digits - 1;
- n = e->dp[i--];
- c = SP_WORD_SIZE;
- #if (EXP2_WINSIZE != 1) && (EXP2_WINSIZE != 2) && (EXP2_WINSIZE != 4)
- c -= (digits * SP_WORD_SIZE) % EXP2_WINSIZE;
- if (c != SP_WORD_SIZE) {
- y = (int)(n >> c);
- n <<= SP_WORD_SIZE - c;
- }
- else
- #endif
- {
- y = 0;
- }
- /* Multiply montgomery representation of 1 by 2 ^ top */
- err = sp_mul_2d(tr, y, tr);
- }
- if ((err == MP_OKAY) && (m->used > 1)) {
- err = sp_add(tr, t, tr);
- }
- if (err == MP_OKAY) {
- err = sp_mod(tr, m, tr);
- }
- if (err == MP_OKAY) {
- for (; (i >= 0) || (c >= EXP2_WINSIZE); ) {
- if (c == 0) {
- /* Bits up to end of digit */
- n = e->dp[i--];
- y = (int)(n >> (SP_WORD_SIZE - EXP2_WINSIZE));
- n <<= EXP2_WINSIZE;
- c = SP_WORD_SIZE - EXP2_WINSIZE;
- }
- #if (EXP2_WINSIZE != 1) && (EXP2_WINSIZE != 2) && (EXP2_WINSIZE != 4)
- else if (c < EXP2_WINSIZE) {
- /* Bits to end of digit and part of next */
- y = (int)(n >> (SP_WORD_SIZE - EXP2_WINSIZE));
- n = e->dp[i--];
- c = EXP2_WINSIZE - c;
- y |= (int)(n >> (SP_WORD_SIZE - c));
- n <<= c;
- c = SP_WORD_SIZE - c;
- }
- #endif
- else {
- /* Bits from middle of digit */
- y = (int)((n >> (SP_WORD_SIZE - EXP2_WINSIZE)) &
- ((1 << EXP2_WINSIZE) - 1));
- n <<= EXP2_WINSIZE;
- c -= EXP2_WINSIZE;
- }
- /* Square for number of bits in window. */
- for (j = 0; (j < EXP2_WINSIZE) && (err == MP_OKAY); j++) {
- err = sp_sqr(tr, tr);
- if (err != MP_OKAY) {
- break;
- }
- if (m->used > 1) {
- err = _sp_mont_red(tr, m, mp);
- }
- else {
- err = sp_mod(tr, m, tr);
- }
- }
- if (err == MP_OKAY) {
- /* then multiply by 2^y */
- err = sp_mul_2d(tr, y, tr);
- }
- if ((err == MP_OKAY) && (m->used > 1)) {
- /* Add in value to make mod operation take same time */
- err = sp_add(tr, t, tr);
- }
- if (err == MP_OKAY) {
- err = sp_mod(tr, m, tr);
- }
- if (err != MP_OKAY) {
- break;
- }
- }
- }
- if ((err == MP_OKAY) && (m->used > 1)) {
- /* Convert from montgomery form. */
- err = _sp_mont_red(tr, m, mp);
- /* Reduction implementation returns number to range < m. */
- }
- }
- if (err == MP_OKAY) {
- err = sp_copy(tr, r);
- }
- #if 0
- sp_print(r, "rme");
- #endif
- FREE_SP_INT_ARRAY(d, NULL);
- return err;
- }
- #endif /* WOLFSSL_SP_MATH_ALL && !WOLFSSL_RSA_VERIFY_ONLY */
- #if (defined(WOLFSSL_SP_MATH_ALL) && !defined(WOLFSSL_RSA_VERIFY_ONLY)) || \
- !defined(NO_DH) || (!defined(NO_RSA) && defined(WOLFSSL_KEY_GEN))
- /* Exponentiates b to the power of e modulo m into r: r = b ^ e mod m
- *
- * @param [in] b SP integer that is the base.
- * @param [in] e SP integer that is the exponent.
- * @param [in] bits Number of bits in base to use. May be greater than
- * count of bits in b.
- * @param [in] m SP integer that is the modulus.
- * @param [out] r SP integer to hold result.
- *
- * @return MP_OKAY on success.
- * @return MP_VAL when b, e, m or r is NULL; or m <= 0 or e is negative.
- * @return MP_MEM when dynamic memory allocation fails.
- */
- int sp_exptmod_ex(sp_int* b, sp_int* e, int digits, sp_int* m, sp_int* r)
- {
- int err = MP_OKAY;
- int done = 0;
- int mBits = sp_count_bits(m);
- int bBits = sp_count_bits(b);
- int eBits = sp_count_bits(e);
- if ((b == NULL) || (e == NULL) || (m == NULL) || (r == NULL)) {
- err = MP_VAL;
- }
- #if 0
- if (err == MP_OKAY) {
- sp_print(b, "a");
- sp_print(e, "b");
- sp_print(m, "m");
- }
- #endif
- /* Check for invalid modulus. */
- if ((err == MP_OKAY) && sp_iszero(m)) {
- err = MP_VAL;
- }
- #ifdef WOLFSSL_SP_INT_NEGATIVE
- /* Check for unsupported negative values of exponent and modulus. */
- if ((err == MP_OKAY) && ((e->sign == MP_NEG) || (m->sign == MP_NEG))) {
- err = MP_VAL;
- }
- #endif
- /* Check for degenerate cases. */
- if ((err == MP_OKAY) && sp_isone(m)) {
- sp_set(r, 0);
- done = 1;
- }
- if ((!done) && (err == MP_OKAY) && sp_iszero(e)) {
- sp_set(r, 1);
- done = 1;
- }
- /* Check whether base needs to be reduced. */
- if ((!done) && (err == MP_OKAY) && (_sp_cmp_abs(b, m) != MP_LT)) {
- if ((r == e) || (r == m)) {
- err = MP_VAL;
- }
- if (err == MP_OKAY) {
- err = sp_mod(b, m, r);
- }
- if (err == MP_OKAY) {
- b = r;
- }
- }
- /* Check for degenerate case of base. */
- if ((!done) && (err == MP_OKAY) && sp_iszero(b)) {
- sp_set(r, 0);
- done = 1;
- }
- /* Ensure SP integers have space for intermediate values. */
- if ((!done) && (err == MP_OKAY) && (m->used * 2 >= r->size)) {
- err = MP_VAL;
- }
- if ((!done) && (err == MP_OKAY)) {
- /* Use code optimized for specific sizes if possible */
- #if (defined(WOLFSSL_SP_MATH) || defined(WOLFSSL_SP_MATH_ALL)) && \
- (defined(WOLFSSL_HAVE_SP_RSA) || defined(WOLFSSL_HAVE_SP_DH))
- #ifndef WOLFSSL_SP_NO_2048
- if ((mBits == 1024) && sp_isodd(m) && (bBits <= 1024) &&
- (eBits <= 1024)) {
- err = sp_ModExp_1024(b, e, m, r);
- done = 1;
- }
- else if ((mBits == 2048) && sp_isodd(m) && (bBits <= 2048) &&
- (eBits <= 2048)) {
- err = sp_ModExp_2048(b, e, m, r);
- done = 1;
- }
- else
- #endif
- #ifndef WOLFSSL_SP_NO_3072
- if ((mBits == 1536) && sp_isodd(m) && (bBits <= 1536) &&
- (eBits <= 1536)) {
- err = sp_ModExp_1536(b, e, m, r);
- done = 1;
- }
- else if ((mBits == 3072) && sp_isodd(m) && (bBits <= 3072) &&
- (eBits <= 3072)) {
- err = sp_ModExp_3072(b, e, m, r);
- done = 1;
- }
- else
- #endif
- #ifdef WOLFSSL_SP_4096
- if ((mBits == 4096) && sp_isodd(m) && (bBits <= 4096) &&
- (eBits <= 4096)) {
- err = sp_ModExp_4096(b, e, m, r);
- done = 1;
- }
- else
- #endif
- #endif
- {
- }
- }
- #if defined(WOLFSSL_SP_MATH_ALL) || !defined(NO_DH)
- #if (defined(WOLFSSL_RSA_VERIFY_ONLY) || defined(WOLFSSL_RSA_PUBLIC_ONLY)) && \
- defined(NO_DH)
- if ((!done) && (err == MP_OKAY))
- err = sp_exptmod_nct(b, e, m, r);
- }
- #else
- #if defined(WOLFSSL_SP_MATH_ALL)
- if ((!done) && (err == MP_OKAY) && (b->used == 1) && (b->dp[0] == 2) &&
- mp_isodd(m)) {
- /* Use the generic base 2 implementation. */
- err = _sp_exptmod_base_2(e, digits, m, r);
- }
- else if ((!done) && (err == MP_OKAY) && ((m->used > 1) && mp_isodd(m))) {
- #ifndef WC_NO_HARDEN
- err = _sp_exptmod_mont_ex(b, e, digits * SP_WORD_SIZE, m, r);
- #else
- err = sp_exptmod_nct(b, e, m, r);
- #endif
- }
- else
- #endif /* WOLFSSL_SP_MATH_ALL */
- if ((!done) && (err == MP_OKAY)) {
- /* Otherwise use the generic implementation. */
- err = _sp_exptmod_ex(b, e, digits * SP_WORD_SIZE, m, r);
- }
- #endif /* WOLFSSL_RSA_VERIFY_ONLY || WOLFSSL_RSA_PUBLIC_ONLY */
- #else
- if ((!done) && (err == MP_OKAY)) {
- err = MP_VAL;
- }
- #endif /* WOLFSSL_SP_MATH_ALL || WOLFSSL_HAVE_SP_DH */
- (void)mBits;
- (void)bBits;
- (void)eBits;
- (void)digits;
- #if 0
- if (err == MP_OKAY) {
- sp_print(r, "rme");
- }
- #endif
- return err;
- }
- #endif /* WOLFSSL_SP_MATH_ALL || WOLFSSL_HAVE_SP_DH */
- #if (defined(WOLFSSL_SP_MATH_ALL) && !defined(WOLFSSL_RSA_VERIFY_ONLY)) || \
- !defined(NO_DH) || (!defined(NO_RSA) && defined(WOLFSSL_KEY_GEN))
- /* Exponentiates b to the power of e modulo m into r: r = b ^ e mod m
- *
- * @param [in] b SP integer that is the base.
- * @param [in] e SP integer that is the exponent.
- * @param [in] m SP integer that is the modulus.
- * @param [out] r SP integer to hold result.
- *
- * @return MP_OKAY on success.
- * @return MP_VAL when b, e, m or r is NULL; or m <= 0 or e is negative.
- * @return MP_MEM when dynamic memory allocation fails.
- */
- int sp_exptmod(sp_int* b, sp_int* e, sp_int* m, sp_int* r)
- {
- int err = MP_OKAY;
- if ((b == NULL) || (e == NULL) || (m == NULL) || (r == NULL)) {
- err = MP_VAL;
- }
- SAVE_VECTOR_REGISTERS(err = _svr_ret;);
- if (err == MP_OKAY) {
- err = sp_exptmod_ex(b, e, e->used, m, r);
- }
- RESTORE_VECTOR_REGISTERS();
- return err;
- }
- #endif /* (WOLFSSL_SP_MATH_ALL && !WOLFSSL_RSA_VERIFY_ONLY) ||
- * WOLFSSL_HAVE_SP_DH */
- #if defined(WOLFSSL_SP_MATH_ALL) || defined(WOLFSSL_HAVE_SP_DH)
- #if defined(WOLFSSL_SP_FAST_NCT_EXPTMOD) || !defined(WOLFSSL_SP_SMALL)
- /* Always allocate large array of sp_ints unless defined WOLFSSL_SP_NO_MALLOC */
- #define SP_ALLOC
- /* Internal. Exponentiates b to the power of e modulo m into r: r = b ^ e mod m
- * Creates a window of precalculated exponents with base in montgomery form.
- * Sliding window and is NOT constant time.
- *
- * @param [in] b SP integer that is the base.
- * @param [in] e SP integer that is the exponent.
- * @param [in] bits Number of bits in base to use. May be greater than
- * count of bits in b.
- * @param [in] m SP integer that is the modulus.
- * @param [out] r SP integer to hold result.
- *
- * @return MP_OKAY on success.
- * @return MP_MEM when dynamic memory allocation fails.
- */
- static int _sp_exptmod_nct(sp_int* b, sp_int* e, sp_int* m, sp_int* r)
- {
- int i = 0;
- int j = 0;
- int c = 0;
- int y = 0;
- int bits;
- int winBits;
- int preCnt;
- int err = MP_OKAY;
- int done = 0;
- sp_int* tr = NULL;
- sp_int* bm = NULL;
- sp_int_digit mask;
- /* Maximum winBits is 6 and preCnt is (1 << (winBits - 1)). */
- DECL_SP_INT_ARRAY(t, m->used * 2 + 1, (1 << 5) + 2);
- bits = sp_count_bits(e);
- if (bits > 450) {
- winBits = 6;
- }
- else if (bits <= 21) {
- winBits = 1;
- }
- else if (bits <= 36) {
- winBits = 3;
- }
- else if (bits <= 140) {
- winBits = 4;
- }
- else {
- winBits = 5;
- }
- preCnt = 1 << (winBits - 1);
- mask = preCnt - 1;
- ALLOC_SP_INT_ARRAY(t, m->used * 2 + 1, preCnt + 2, err, NULL);
- if (err == MP_OKAY) {
- /* Initialize window numbers and temporary result. */
- tr = t[preCnt + 0];
- bm = t[preCnt + 1];
- for (i = 0; i < preCnt; i++) {
- sp_init_size(t[i], m->used * 2 + 1);
- }
- sp_init_size(tr, m->used * 2 + 1);
- sp_init_size(bm, m->used * 2 + 1);
- /* Ensure base is less than exponent. */
- if (_sp_cmp_abs(b, m) != MP_LT) {
- err = sp_mod(b, m, bm);
- if ((err == MP_OKAY) && sp_iszero(bm)) {
- sp_set(r, 0);
- done = 1;
- }
- }
- else {
- err = sp_copy(b, bm);
- }
- }
- if ((!done) && (err == MP_OKAY)) {
- sp_int_digit mp;
- sp_int_digit n;
- err = sp_mont_setup(m, &mp);
- if (err == MP_OKAY) {
- err = sp_mont_norm(t[0], m);
- }
- if (err == MP_OKAY) {
- err = sp_mulmod(bm, t[0], m, bm);
- }
- if (err == MP_OKAY) {
- err = sp_copy(bm, t[0]);
- }
- for (i = 1; (i < winBits) && (err == MP_OKAY); i++) {
- err = sp_sqr(t[0], t[0]);
- if (err == MP_OKAY) {
- err = _sp_mont_red(t[0], m, mp);
- }
- }
- for (i = 1; (i < preCnt) && (err == MP_OKAY); i++) {
- err = sp_mul(t[i-1], bm, t[i]);
- if (err == MP_OKAY) {
- err = _sp_mont_red(t[i], m, mp);
- }
- }
- if (err == MP_OKAY) {
- /* Find the top bit. */
- i = (bits - 1) >> SP_WORD_SHIFT;
- n = e->dp[i--];
- c = bits % SP_WORD_SIZE;
- if (c == 0) {
- c = SP_WORD_SIZE;
- }
- /* Put top bit at highest offset in digit. */
- n <<= SP_WORD_SIZE - c;
- if (bits >= winBits) {
- /* Top bit set. Copy from window. */
- if (c < winBits) {
- /* Bits to end of digit and part of next */
- y = (int)((n >> (SP_WORD_SIZE - winBits)) & mask);
- n = e->dp[i--];
- c = winBits - c;
- y |= (int)(n >> (SP_WORD_SIZE - c));
- n <<= c;
- c = SP_WORD_SIZE - c;
- }
- else {
- /* Bits from middle of digit */
- y = (int)((n >> (SP_WORD_SIZE - winBits)) & mask);
- n <<= winBits;
- c -= winBits;
- }
- err = sp_copy(t[y], tr);
- }
- else {
- /* 1 in Montgomery form. */
- err = sp_mont_norm(tr, m);
- }
- while (err == MP_OKAY) {
- /* Sqaure until we find bit that is 1 or there's less than a
- * window of bits left.
- */
- while (err == MP_OKAY && ((i >= 0) || (c >= winBits))) {
- sp_int_digit n2 = n;
- int c2 = c;
- int i2 = i;
- /* Make sure n2 has bits from the right digit. */
- if (c2 == 0) {
- n2 = e->dp[i2--];
- c2 = SP_WORD_SIZE;
- }
- /* Mask off the next bit. */
- y = (int)((n2 >> (SP_WORD_SIZE - 1)) & 1);
- if (y == 1) {
- break;
- }
- /* Square and update position. */
- err = sp_sqr(tr, tr);
- if (err == MP_OKAY) {
- err = _sp_mont_red(tr, m, mp);
- }
- n = n2 << 1;
- c = c2 - 1;
- i = i2;
- }
- if (err == MP_OKAY) {
- /* Check we have enough bits left for a window. */
- if ((i < 0) && (c < winBits)) {
- break;
- }
- if (c == 0) {
- /* Bits up to end of digit */
- n = e->dp[i--];
- y = (int)(n >> (SP_WORD_SIZE - winBits));
- n <<= winBits;
- c = SP_WORD_SIZE - winBits;
- }
- else if (c < winBits) {
- /* Bits to end of digit and part of next */
- y = (int)(n >> (SP_WORD_SIZE - winBits));
- n = e->dp[i--];
- c = winBits - c;
- y |= (int)(n >> (SP_WORD_SIZE - c));
- n <<= c;
- c = SP_WORD_SIZE - c;
- }
- else {
- /* Bits from middle of digit */
- y = (int)(n >> (SP_WORD_SIZE - winBits));
- n <<= winBits;
- c -= winBits;
- }
- y &= mask;
- }
- /* Square for number of bits in window. */
- for (j = 0; (j < winBits) && (err == MP_OKAY); j++) {
- err = sp_sqr(tr, tr);
- if (err == MP_OKAY) {
- err = _sp_mont_red(tr, m, mp);
- }
- }
- /* Multiply by window number for next set of bits. */
- if (err == MP_OKAY) {
- err = sp_mul(tr, t[y], tr);
- }
- if (err == MP_OKAY) {
- err = _sp_mont_red(tr, m, mp);
- }
- }
- if ((err == MP_OKAY) && (c > 0)) {
- /* Handle remaining bits.
- * Window values have top bit set and can't be used. */
- n = e->dp[0];
- for (--c; (err == MP_OKAY) && (c >= 0); c--) {
- err = sp_sqr(tr, tr);
- if (err == MP_OKAY) {
- err = _sp_mont_red(tr, m, mp);
- }
- if ((err == MP_OKAY) && ((n >> c) & 1)) {
- err = sp_mul(tr, bm, tr);
- if (err == MP_OKAY) {
- err = _sp_mont_red(tr, m, mp);
- }
- }
- }
- }
- }
- if (err == MP_OKAY) {
- /* Convert from montgomery form. */
- err = _sp_mont_red(tr, m, mp);
- /* Reduction implementation returns number to range < m. */
- }
- }
- if ((!done) && (err == MP_OKAY)) {
- err = sp_copy(tr, r);
- }
- FREE_SP_INT_ARRAY(t, NULL);
- return err;
- }
- #undef SP_ALLOC
- #else
- /* Exponentiates b to the power of e modulo m into r: r = b ^ e mod m
- * Non-constant time implementation.
- *
- * @param [in] b SP integer that is the base.
- * @param [in] e SP integer that is the exponent.
- * @param [in] m SP integer that is the modulus.
- * @param [out] r SP integer to hold result.
- *
- * @return MP_OKAY on success.
- * @return MP_VAL when b, e, m or r is NULL; or m <= 0 or e is negative.
- * @return MP_MEM when dynamic memory allocation fails.
- */
- static int _sp_exptmod_nct(sp_int* b, sp_int* e, sp_int* m, sp_int* r)
- {
- int i;
- int err = MP_OKAY;
- int done = 0;
- int y = 0;
- int bits = sp_count_bits(e);
- sp_int_digit mp;
- DECL_SP_INT_ARRAY(t, m->used * 2 + 1, 2);
- ALLOC_SP_INT_ARRAY(t, m->used * 2 + 1, 2, err, NULL);
- if (err == MP_OKAY) {
- sp_init_size(t[0], m->used * 2 + 1);
- sp_init_size(t[1], m->used * 2 + 1);
- /* Ensure base is less than exponent. */
- if (_sp_cmp_abs(b, m) != MP_LT) {
- err = sp_mod(b, m, t[0]);
- if ((err == MP_OKAY) && sp_iszero(t[0])) {
- sp_set(r, 0);
- done = 1;
- }
- }
- else {
- err = sp_copy(b, t[0]);
- }
- }
- if ((!done) && (err == MP_OKAY)) {
- err = sp_mont_setup(m, &mp);
- if (err == MP_OKAY) {
- err = sp_mont_norm(t[1], m);
- }
- if (err == MP_OKAY) {
- /* Convert to montgomery form. */
- err = sp_mulmod(t[0], t[1], m, t[0]);
- }
- if (err == MP_OKAY) {
- /* Montgomert form of base to multiply by. */
- sp_copy(t[0], t[1]);
- }
- for (i = bits - 2; (err == MP_OKAY) && (i >= 0); i--) {
- err = sp_sqr(t[0], t[0]);
- if (err == MP_OKAY) {
- err = _sp_mont_red(t[0], m, mp);
- }
- if (err == MP_OKAY) {
- y = (e->dp[i >> SP_WORD_SHIFT] >> (i & SP_WORD_MASK)) & 1;
- if (y != 0) {
- err = sp_mul(t[0], t[1], t[0]);
- if (err == MP_OKAY) {
- err = _sp_mont_red(t[0], m, mp);
- }
- }
- }
- }
- if (err == MP_OKAY) {
- /* Convert from montgomery form. */
- err = _sp_mont_red(t[0], m, mp);
- /* Reduction implementation returns number to range < m. */
- }
- }
- if ((!done) && (err == MP_OKAY)) {
- err = sp_copy(t[0], r);
- }
- FREE_SP_INT_ARRAY(t, NULL);
- return err;
- }
- #endif /* WOLFSSL_SP_FAST_NCT_EXPTMOD || !WOLFSSL_SP_SMALL */
- /* Exponentiates b to the power of e modulo m into r: r = b ^ e mod m
- * Non-constant time implementation.
- *
- * @param [in] b SP integer that is the base.
- * @param [in] e SP integer that is the exponent.
- * @param [in] m SP integer that is the modulus.
- * @param [out] r SP integer to hold result.
- *
- * @return MP_OKAY on success.
- * @return MP_VAL when b, e, m or r is NULL; or m <= 0 or e is negative.
- * @return MP_MEM when dynamic memory allocation fails.
- */
- int sp_exptmod_nct(sp_int* b, sp_int* e, sp_int* m, sp_int* r)
- {
- int err = MP_OKAY;
- if ((b == NULL) || (e == NULL) || (m == NULL) || (r == NULL)) {
- err = MP_VAL;
- }
- #if 0
- if (err == MP_OKAY) {
- sp_print(b, "a");
- sp_print(e, "b");
- sp_print(m, "m");
- }
- #endif
- if (err != MP_OKAY) {
- }
- /* Handle special cases. */
- else if (sp_iszero(m)) {
- err = MP_VAL;
- }
- #ifdef WOLFSSL_SP_INT_NEGATIVE
- else if ((e->sign == MP_NEG) || (m->sign == MP_NEG)) {
- err = MP_VAL;
- }
- #endif
- else if (sp_isone(m)) {
- sp_set(r, 0);
- }
- else if (sp_iszero(e)) {
- sp_set(r, 1);
- }
- else if (sp_iszero(b)) {
- sp_set(r, 0);
- }
- /* Ensure SP integers have space for intermediate values. */
- else if (m->used * 2 >= r->size) {
- err = MP_VAL;
- }
- #if !defined(WOLFSSL_RSA_VERIFY_ONLY) && !defined(WOLFSSL_RSA_PUBLIC_ONLY)
- else if (mp_iseven(m)) {
- err = _sp_exptmod_ex(b, e, e->used * SP_WORD_SIZE, m, r);
- }
- #endif
- else {
- err = _sp_exptmod_nct(b, e, m, r);
- }
- #if 0
- if (err == MP_OKAY) {
- sp_print(r, "rme");
- }
- #endif
- return err;
- }
- #endif /* WOLFSSL_SP_MATH_ALL || WOLFSSL_HAVE_SP_DH */
- /***************
- * 2^e functions
- ***************/
- #if defined(WOLFSSL_SP_MATH_ALL) && !defined(WOLFSSL_RSA_VERIFY_ONLY)
- /* Divide by 2^e: r = a >> e and rem = bits shifted out
- *
- * @param [in] a SP integer to divide.
- * @param [in] e Exponent bits (dividing by 2^e).
- * @param [in] m SP integer that is the modulus.
- * @param [out] r SP integer to hold result.
- * @param [out] rem SP integer to hold remainder.
- *
- * @return MP_OKAY on success.
- * @return MP_VAL when a is NULL.
- */
- int sp_div_2d(sp_int* a, int e, sp_int* r, sp_int* rem)
- {
- int err = MP_OKAY;
- if (a == NULL) {
- err = MP_VAL;
- }
- if (err == MP_OKAY) {
- int remBits = sp_count_bits(a) - e;
- if (remBits <= 0) {
- /* Shifting down by more bits than in number. */
- _sp_zero(r);
- sp_copy(a, rem);
- }
- else {
- if (rem != NULL) {
- /* Copy a in to remainder. */
- err = sp_copy(a, rem);
- }
- /* Shift a down by into result. */
- sp_rshb(a, e, r);
- if (rem != NULL) {
- /* Set used and mask off top digit of remainder. */
- rem->used = (e + SP_WORD_SIZE - 1) >> SP_WORD_SHIFT;
- e &= SP_WORD_MASK;
- if (e > 0) {
- rem->dp[rem->used - 1] &= ((sp_int_digit)1 << e) - 1;
- }
- sp_clamp(rem);
- #ifdef WOLFSSL_SP_INT_NEGATIVE
- rem->sign = MP_ZPOS;
- #endif
- }
- }
- }
- return err;
- }
- #endif /* WOLFSSL_SP_MATH_ALL && !WOLFSSL_RSA_VERIFY_ONLY */
- #if defined(WOLFSSL_SP_MATH_ALL) && !defined(WOLFSSL_RSA_VERIFY_ONLY)
- /* The bottom e bits: r = a & ((1 << e) - 1)
- *
- * @param [in] a SP integer to reduce.
- * @param [in] e Modulus bits (modulus equals 2^e).
- * @param [out] r SP integer to hold result.
- *
- * @return MP_OKAY on success.
- * @return MP_VAL when a or r is NULL.
- */
- int sp_mod_2d(sp_int* a, int e, sp_int* r)
- {
- int err = MP_OKAY;
- if ((a == NULL) || (r == NULL)) {
- err = MP_VAL;
- }
- if (err == MP_OKAY) {
- int digits = (e + SP_WORD_SIZE - 1) >> SP_WORD_SHIFT;
- if (a != r) {
- XMEMCPY(r->dp, a->dp, digits * sizeof(sp_int_digit));
- r->used = a->used;
- #ifdef WOLFSSL_SP_INT_NEGATIVE
- r->sign = a->sign;
- #endif
- }
- #ifndef WOLFSSL_SP_INT_NEGATIVE
- if (digits <= a->used)
- #else
- if ((a->sign != MP_ZPOS) || (digits <= a->used))
- #endif
- {
- #ifdef WOLFSSL_SP_INT_NEGATIVE
- if (a->sign == MP_NEG) {
- int i;
- sp_int_digit carry = 0;
- /* Negate value. */
- for (i = 0; i < r->used; i++) {
- sp_int_digit next = r->dp[i] > 0;
- r->dp[i] = (sp_int_digit)0 - r->dp[i] - carry;
- carry |= next;
- }
- for (; i < digits; i++) {
- r->dp[i] = (sp_int_digit)0 - carry;
- }
- r->sign = MP_ZPOS;
- }
- #endif
- /* Set used and mask off top digit of result. */
- r->used = digits;
- e &= SP_WORD_MASK;
- if (e > 0) {
- r->dp[r->used - 1] &= ((sp_int_digit)1 << e) - 1;
- }
- sp_clamp(r);
- }
- }
- return err;
- }
- #endif /* WOLFSSL_SP_MATH_ALL && !WOLFSSL_RSA_VERIFY_ONLY */
- #if defined(WOLFSSL_SP_MATH_ALL) && (!defined(WOLFSSL_RSA_VERIFY_ONLY) || \
- !defined(NO_DH))
- /* Multiply by 2^e: r = a << e
- *
- * @param [in] a SP integer to multiply.
- * @param [in] e Multiplier bits (multiplier equals 2^e).
- * @param [out] r SP integer to hold result.
- *
- * @return MP_OKAY on success.
- * @return MP_VAL when a or r is NULL, or result is too big for fixed data
- * length.
- */
- int sp_mul_2d(sp_int* a, int e, sp_int* r)
- {
- int err = MP_OKAY;
- if ((a == NULL) || (r == NULL)) {
- err = MP_VAL;
- }
- if ((err == MP_OKAY) && (sp_count_bits(a) + e > r->size * SP_WORD_SIZE)) {
- err = MP_VAL;
- }
- if (err == MP_OKAY) {
- /* Copy a into r as left shift function works on the number. */
- if (a != r) {
- err = sp_copy(a, r);
- }
- }
- if (err == MP_OKAY) {
- #if 0
- sp_print(a, "a");
- sp_print_int(e, "n");
- #endif
- err = sp_lshb(r, e);
- #if 0
- sp_print(r, "rsl");
- #endif
- }
- return err;
- }
- #endif /* WOLFSSL_SP_MATH_ALL && !WOLFSSL_RSA_VERIFY_ONLY */
- #if defined(WOLFSSL_SP_MATH_ALL) || defined(WOLFSSL_HAVE_SP_DH) || \
- defined(HAVE_ECC) || (!defined(NO_RSA) && !defined(WOLFSSL_RSA_VERIFY_ONLY))
- /* START SP_SQR implementations */
- /* This code is generated.
- * To generate:
- * cd scripts/sp/sp_int
- * ./gen.sh
- * File sp_sqr.c contains code.
- */
- #if !defined(WOLFSSL_SP_MATH) || !defined(WOLFSSL_SP_SMALL)
- #ifdef SQR_MUL_ASM
- /* Square a and store in r. r = a * a
- *
- * @param [in] a SP integer to square.
- * @param [out] r SP integer result.
- *
- * @return MP_OKAY on success.
- * @return MP_MEM when dynamic memory allocation fails.
- */
- static int _sp_sqr(sp_int* a, sp_int* r)
- {
- int err = MP_OKAY;
- int i;
- int j;
- int k;
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
- sp_int_digit* t = NULL;
- #elif defined(__STDC_VERSION__) && (__STDC_VERSION__ >= 199901L) && \
- defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SP_NO_DYN_STACK)
- sp_int_digit t[a->used * 2];
- #else
- sp_int_digit t[SP_INT_DIGITS];
- #endif
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
- t = (sp_int_digit*)XMALLOC(sizeof(sp_int_digit) * (a->used * 2), NULL,
- DYNAMIC_TYPE_BIGINT);
- if (t == NULL) {
- err = MP_MEM;
- }
- #endif
- if ((err == MP_OKAY) && (a->used <= 1)) {
- sp_int_digit l, h;
- h = 0;
- l = 0;
- SP_ASM_SQR(h, l, a->dp[0]);
- t[0] = h;
- t[1] = l;
- }
- else if (err == MP_OKAY) {
- sp_int_digit l, h, o;
- h = 0;
- l = 0;
- SP_ASM_SQR(h, l, a->dp[0]);
- t[0] = h;
- h = 0;
- o = 0;
- for (k = 1; k < (a->used + 1) / 2; k++) {
- i = k;
- j = k - 1;
- for (; (j >= 0); i++, j--) {
- SP_ASM_MUL_ADD2(l, h, o, a->dp[i], a->dp[j]);
- }
- t[k * 2 - 1] = l;
- l = h;
- h = o;
- o = 0;
- SP_ASM_SQR_ADD(l, h, o, a->dp[k]);
- i = k + 1;
- j = k - 1;
- for (; (j >= 0); i++, j--) {
- SP_ASM_MUL_ADD2(l, h, o, a->dp[i], a->dp[j]);
- }
- t[k * 2] = l;
- l = h;
- h = o;
- o = 0;
- }
- for (; k < a->used; k++) {
- i = k;
- j = k - 1;
- for (; (i < a->used); i++, j--) {
- SP_ASM_MUL_ADD2(l, h, o, a->dp[i], a->dp[j]);
- }
- t[k * 2 - 1] = l;
- l = h;
- h = o;
- o = 0;
- SP_ASM_SQR_ADD(l, h, o, a->dp[k]);
- i = k + 1;
- j = k - 1;
- for (; (i < a->used); i++, j--) {
- SP_ASM_MUL_ADD2(l, h, o, a->dp[i], a->dp[j]);
- }
- t[k * 2] = l;
- l = h;
- h = o;
- o = 0;
- }
- t[k * 2 - 1] = l;
- }
- if (err == MP_OKAY) {
- r->used = a->used * 2;
- XMEMCPY(r->dp, t, r->used * sizeof(sp_int_digit));
- sp_clamp(r);
- }
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (t != NULL) {
- XFREE(t, NULL, DYNAMIC_TYPE_BIGINT);
- }
- #endif
- return err;
- }
- #else /* !SQR_MUL_ASM */
- /* Square a and store in r. r = a * a
- *
- * @param [in] a SP integer to square.
- * @param [out] r SP integer result.
- *
- * @return MP_OKAY on success.
- * @return MP_MEM when dynamic memory allocation fails.
- */
- static int _sp_sqr(sp_int* a, sp_int* r)
- {
- int err = MP_OKAY;
- int i;
- int j;
- int k;
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
- sp_int_digit* t = NULL;
- #elif defined(__STDC_VERSION__) && (__STDC_VERSION__ >= 199901L) && \
- defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SP_NO_DYN_STACK)
- sp_int_digit t[a->used * 2];
- #else
- sp_int_digit t[SP_INT_DIGITS];
- #endif
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
- t = (sp_int_digit*)XMALLOC(sizeof(sp_int_digit) * (a->used * 2), NULL,
- DYNAMIC_TYPE_BIGINT);
- if (t == NULL) {
- err = MP_MEM;
- }
- #endif
- if (err == MP_OKAY) {
- sp_int_word w;
- sp_int_word l;
- sp_int_word h;
- #ifdef SP_WORD_OVERFLOW
- sp_int_word o;
- #endif
- w = (sp_int_word)a->dp[0] * a->dp[0];
- t[0] = (sp_int_digit)w;
- l = (sp_int_digit)(w >> SP_WORD_SIZE);
- h = 0;
- #ifdef SP_WORD_OVERFLOW
- o = 0;
- #endif
- for (k = 1; k <= (a->used - 1) * 2; k++) {
- i = k / 2;
- j = k - i;
- if (i == j) {
- w = (sp_int_word)a->dp[i] * a->dp[j];
- l += (sp_int_digit)w;
- h += (sp_int_digit)(w >> SP_WORD_SIZE);
- #ifdef SP_WORD_OVERFLOW
- h += (sp_int_digit)(l >> SP_WORD_SIZE);
- l &= SP_MASK;
- o += (sp_int_digit)(h >> SP_WORD_SIZE);
- h &= SP_MASK;
- #endif
- }
- for (++i, --j; (i < a->used) && (j >= 0); i++, j--) {
- w = (sp_int_word)a->dp[i] * a->dp[j];
- l += (sp_int_digit)w;
- h += (sp_int_digit)(w >> SP_WORD_SIZE);
- #ifdef SP_WORD_OVERFLOW
- h += (sp_int_digit)(l >> SP_WORD_SIZE);
- l &= SP_MASK;
- o += (sp_int_digit)(h >> SP_WORD_SIZE);
- h &= SP_MASK;
- #endif
- l += (sp_int_digit)w;
- h += (sp_int_digit)(w >> SP_WORD_SIZE);
- #ifdef SP_WORD_OVERFLOW
- h += (sp_int_digit)(l >> SP_WORD_SIZE);
- l &= SP_MASK;
- o += (sp_int_digit)(h >> SP_WORD_SIZE);
- h &= SP_MASK;
- #endif
- }
- t[k] = (sp_int_digit)l;
- l >>= SP_WORD_SIZE;
- l += (sp_int_digit)h;
- h >>= SP_WORD_SIZE;
- #ifdef SP_WORD_OVERFLOW
- h += o & SP_MASK;
- o >>= SP_WORD_SIZE;
- #endif
- }
- t[k] = (sp_int_digit)l;
- r->used = k + 1;
- XMEMCPY(r->dp, t, r->used * sizeof(sp_int_digit));
- sp_clamp(r);
- }
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (t != NULL) {
- XFREE(t, NULL, DYNAMIC_TYPE_BIGINT);
- }
- #endif
- return err;
- }
- #endif /* SQR_MUL_ASM */
- #endif /* !WOLFSSL_SP_MATH || !WOLFSSL_SP_SMALL */
- #ifndef WOLFSSL_SP_SMALL
- #if !defined(WOLFSSL_HAVE_SP_ECC) && defined(HAVE_ECC)
- #if SP_WORD_SIZE == 64
- #ifndef SQR_MUL_ASM
- /* Square a and store in r. r = a * a
- *
- * Long-hand implementation.
- *
- * @param [in] a SP integer to square.
- * @param [out] r SP integer result.
- *
- * @return MP_OKAY on success.
- * @return MP_MEM when dynamic memory allocation fails.
- */
- static int _sp_sqr_4(sp_int* a, sp_int* r)
- {
- int err = MP_OKAY;
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
- sp_int_word* w = NULL;
- #else
- sp_int_word w[10];
- #endif
- sp_int_digit* da = a->dp;
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
- w = (sp_int_word*)XMALLOC(sizeof(sp_int_word) * 10, NULL,
- DYNAMIC_TYPE_BIGINT);
- if (w == NULL) {
- err = MP_MEM;
- }
- #endif
- if (err == MP_OKAY) {
- w[0] = (sp_int_word)da[0] * da[0];
- w[1] = (sp_int_word)da[0] * da[1];
- w[2] = (sp_int_word)da[0] * da[2];
- w[3] = (sp_int_word)da[1] * da[1];
- w[4] = (sp_int_word)da[0] * da[3];
- w[5] = (sp_int_word)da[1] * da[2];
- w[6] = (sp_int_word)da[1] * da[3];
- w[7] = (sp_int_word)da[2] * da[2];
- w[8] = (sp_int_word)da[2] * da[3];
- w[9] = (sp_int_word)da[3] * da[3];
- r->dp[0] = w[0];
- w[0] >>= SP_WORD_SIZE;
- w[0] += (sp_int_digit)w[1];
- w[0] += (sp_int_digit)w[1];
- r->dp[1] = w[0];
- w[0] >>= SP_WORD_SIZE;
- w[1] >>= SP_WORD_SIZE;
- w[0] += (sp_int_digit)w[1];
- w[0] += (sp_int_digit)w[1];
- w[0] += (sp_int_digit)w[2];
- w[0] += (sp_int_digit)w[2];
- w[0] += (sp_int_digit)w[3];
- r->dp[2] = w[0];
- w[0] >>= SP_WORD_SIZE;
- w[2] >>= SP_WORD_SIZE;
- w[0] += (sp_int_digit)w[2];
- w[0] += (sp_int_digit)w[2];
- w[3] >>= SP_WORD_SIZE;
- w[0] += (sp_int_digit)w[3];
- w[0] += (sp_int_digit)w[4];
- w[0] += (sp_int_digit)w[4];
- w[0] += (sp_int_digit)w[5];
- w[0] += (sp_int_digit)w[5];
- r->dp[3] = w[0];
- w[0] >>= SP_WORD_SIZE;
- w[4] >>= SP_WORD_SIZE;
- w[0] += (sp_int_digit)w[4];
- w[0] += (sp_int_digit)w[4];
- w[5] >>= SP_WORD_SIZE;
- w[0] += (sp_int_digit)w[5];
- w[0] += (sp_int_digit)w[5];
- w[0] += (sp_int_digit)w[6];
- w[0] += (sp_int_digit)w[6];
- w[0] += (sp_int_digit)w[7];
- r->dp[4] = w[0];
- w[0] >>= SP_WORD_SIZE;
- w[6] >>= SP_WORD_SIZE;
- w[0] += (sp_int_digit)w[6];
- w[0] += (sp_int_digit)w[6];
- w[7] >>= SP_WORD_SIZE;
- w[0] += (sp_int_digit)w[7];
- w[0] += (sp_int_digit)w[8];
- w[0] += (sp_int_digit)w[8];
- r->dp[5] = w[0];
- w[0] >>= SP_WORD_SIZE;
- w[8] >>= SP_WORD_SIZE;
- w[0] += (sp_int_digit)w[8];
- w[0] += (sp_int_digit)w[8];
- w[0] += (sp_int_digit)w[9];
- r->dp[6] = w[0];
- w[0] >>= SP_WORD_SIZE;
- w[9] >>= SP_WORD_SIZE;
- w[0] += (sp_int_digit)w[9];
- r->dp[7] = w[0];
- r->used = 8;
- sp_clamp(r);
- }
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (w != NULL) {
- XFREE(w, NULL, DYNAMIC_TYPE_BIGINT);
- }
- #endif
- return err;
- }
- #else /* SQR_MUL_ASM */
- /* Square a and store in r. r = a * a
- *
- * Comba implementation.
- *
- * @param [in] a SP integer to square.
- * @param [out] r SP integer result.
- *
- * @return MP_OKAY on success.
- * @return MP_MEM when dynamic memory allocation fails.
- */
- static int _sp_sqr_4(sp_int* a, sp_int* r)
- {
- sp_int_digit l = 0;
- sp_int_digit h = 0;
- sp_int_digit o = 0;
- sp_int_digit t[4];
- SP_ASM_SQR(h, l, a->dp[0]);
- t[0] = h;
- h = 0;
- SP_ASM_MUL_ADD2_NO(l, h, o, a->dp[0], a->dp[1]);
- t[1] = l;
- l = h;
- h = o;
- o = 0;
- SP_ASM_MUL_ADD2_NO(l, h, o, a->dp[0], a->dp[2]);
- SP_ASM_SQR_ADD(l, h, o, a->dp[1]);
- t[2] = l;
- l = h;
- h = o;
- o = 0;
- SP_ASM_MUL_ADD2(l, h, o, a->dp[0], a->dp[3]);
- SP_ASM_MUL_ADD2(l, h, o, a->dp[1], a->dp[2]);
- t[3] = l;
- l = h;
- h = o;
- o = 0;
- SP_ASM_MUL_ADD2(l, h, o, a->dp[1], a->dp[3]);
- SP_ASM_SQR_ADD(l, h, o, a->dp[2]);
- r->dp[4] = l;
- l = h;
- h = o;
- o = 0;
- SP_ASM_MUL_ADD2(l, h, o, a->dp[2], a->dp[3]);
- r->dp[5] = l;
- l = h;
- h = o;
- SP_ASM_SQR_ADD_NO(l, h, a->dp[3]);
- r->dp[6] = l;
- r->dp[7] = h;
- XMEMCPY(r->dp, t, 4 * sizeof(sp_int_digit));
- r->used = 8;
- sp_clamp(r);
- return MP_OKAY;
- }
- #endif /* SQR_MUL_ASM */
- #endif /* SP_WORD_SIZE == 64 */
- #if SP_WORD_SIZE == 64
- #ifdef SQR_MUL_ASM
- /* Square a and store in r. r = a * a
- *
- * Comba implementation.
- *
- * @param [in] a SP integer to square.
- * @param [out] r SP integer result.
- *
- * @return MP_OKAY on success.
- * @return MP_MEM when dynamic memory allocation fails.
- */
- static int _sp_sqr_6(sp_int* a, sp_int* r)
- {
- sp_int_digit l = 0;
- sp_int_digit h = 0;
- sp_int_digit o = 0;
- sp_int_digit tl = 0;
- sp_int_digit th = 0;
- sp_int_digit to;
- sp_int_digit t[6];
- #if defined(WOLFSSL_SP_ARM_THUMB) && SP_WORD_SIZE == 32
- to = 0;
- #endif
- SP_ASM_SQR(h, l, a->dp[0]);
- t[0] = h;
- h = 0;
- SP_ASM_MUL_ADD2_NO(l, h, o, a->dp[0], a->dp[1]);
- t[1] = l;
- l = h;
- h = o;
- o = 0;
- SP_ASM_MUL_ADD2_NO(l, h, o, a->dp[0], a->dp[2]);
- SP_ASM_SQR_ADD(l, h, o, a->dp[1]);
- t[2] = l;
- l = h;
- h = o;
- o = 0;
- SP_ASM_MUL_ADD2(l, h, o, a->dp[0], a->dp[3]);
- SP_ASM_MUL_ADD2(l, h, o, a->dp[1], a->dp[2]);
- t[3] = l;
- l = h;
- h = o;
- o = 0;
- SP_ASM_MUL_ADD2(l, h, o, a->dp[0], a->dp[4]);
- SP_ASM_MUL_ADD2(l, h, o, a->dp[1], a->dp[3]);
- SP_ASM_SQR_ADD(l, h, o, a->dp[2]);
- t[4] = l;
- l = h;
- h = o;
- o = 0;
- SP_ASM_MUL_SET(tl, th, to, a->dp[0], a->dp[5]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[1], a->dp[4]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[2], a->dp[3]);
- SP_ASM_ADD_DBL_3(l, h, o, tl, th, to);
- t[5] = l;
- l = h;
- h = o;
- o = 0;
- SP_ASM_MUL_ADD2(l, h, o, a->dp[1], a->dp[5]);
- SP_ASM_MUL_ADD2(l, h, o, a->dp[2], a->dp[4]);
- SP_ASM_SQR_ADD(l, h, o, a->dp[3]);
- r->dp[6] = l;
- l = h;
- h = o;
- o = 0;
- SP_ASM_MUL_ADD2(l, h, o, a->dp[2], a->dp[5]);
- SP_ASM_MUL_ADD2(l, h, o, a->dp[3], a->dp[4]);
- r->dp[7] = l;
- l = h;
- h = o;
- o = 0;
- SP_ASM_MUL_ADD2(l, h, o, a->dp[3], a->dp[5]);
- SP_ASM_SQR_ADD(l, h, o, a->dp[4]);
- r->dp[8] = l;
- l = h;
- h = o;
- o = 0;
- SP_ASM_MUL_ADD2(l, h, o, a->dp[4], a->dp[5]);
- r->dp[9] = l;
- l = h;
- h = o;
- SP_ASM_SQR_ADD_NO(l, h, a->dp[5]);
- r->dp[10] = l;
- r->dp[11] = h;
- XMEMCPY(r->dp, t, 6 * sizeof(sp_int_digit));
- r->used = 12;
- sp_clamp(r);
- return MP_OKAY;
- }
- #endif /* SQR_MUL_ASM */
- #endif /* SP_WORD_SIZE == 64 */
- #if SP_WORD_SIZE == 32
- #ifdef SQR_MUL_ASM
- /* Square a and store in r. r = a * a
- *
- * Comba implementation.
- *
- * @param [in] a SP integer to square.
- * @param [out] r SP integer result.
- *
- * @return MP_OKAY on success.
- * @return MP_MEM when dynamic memory allocation fails.
- */
- static int _sp_sqr_8(sp_int* a, sp_int* r)
- {
- sp_int_digit l = 0;
- sp_int_digit h = 0;
- sp_int_digit o = 0;
- sp_int_digit tl = 0;
- sp_int_digit th = 0;
- sp_int_digit to;
- sp_int_digit t[8];
- #if defined(WOLFSSL_SP_ARM_THUMB) && SP_WORD_SIZE == 32
- to = 0;
- #endif
- SP_ASM_SQR(h, l, a->dp[0]);
- t[0] = h;
- h = 0;
- SP_ASM_MUL_ADD2_NO(l, h, o, a->dp[0], a->dp[1]);
- t[1] = l;
- l = h;
- h = o;
- o = 0;
- SP_ASM_MUL_ADD2_NO(l, h, o, a->dp[0], a->dp[2]);
- SP_ASM_SQR_ADD(l, h, o, a->dp[1]);
- t[2] = l;
- l = h;
- h = o;
- o = 0;
- SP_ASM_MUL_ADD2(l, h, o, a->dp[0], a->dp[3]);
- SP_ASM_MUL_ADD2(l, h, o, a->dp[1], a->dp[2]);
- t[3] = l;
- l = h;
- h = o;
- o = 0;
- SP_ASM_MUL_ADD2(l, h, o, a->dp[0], a->dp[4]);
- SP_ASM_MUL_ADD2(l, h, o, a->dp[1], a->dp[3]);
- SP_ASM_SQR_ADD(l, h, o, a->dp[2]);
- t[4] = l;
- l = h;
- h = o;
- o = 0;
- SP_ASM_MUL_SET(tl, th, to, a->dp[0], a->dp[5]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[1], a->dp[4]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[2], a->dp[3]);
- SP_ASM_ADD_DBL_3(l, h, o, tl, th, to);
- t[5] = l;
- l = h;
- h = o;
- o = 0;
- SP_ASM_MUL_SET(tl, th, to, a->dp[0], a->dp[6]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[1], a->dp[5]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[2], a->dp[4]);
- SP_ASM_SQR_ADD(l, h, o, a->dp[3]);
- SP_ASM_ADD_DBL_3(l, h, o, tl, th, to);
- t[6] = l;
- l = h;
- h = o;
- o = 0;
- SP_ASM_MUL_SET(tl, th, to, a->dp[0], a->dp[7]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[1], a->dp[6]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[2], a->dp[5]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[3], a->dp[4]);
- SP_ASM_ADD_DBL_3(l, h, o, tl, th, to);
- t[7] = l;
- l = h;
- h = o;
- o = 0;
- SP_ASM_MUL_SET(tl, th, to, a->dp[1], a->dp[7]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[2], a->dp[6]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[3], a->dp[5]);
- SP_ASM_SQR_ADD(l, h, o, a->dp[4]);
- SP_ASM_ADD_DBL_3(l, h, o, tl, th, to);
- r->dp[8] = l;
- l = h;
- h = o;
- o = 0;
- SP_ASM_MUL_SET(tl, th, to, a->dp[2], a->dp[7]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[3], a->dp[6]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[4], a->dp[5]);
- SP_ASM_ADD_DBL_3(l, h, o, tl, th, to);
- r->dp[9] = l;
- l = h;
- h = o;
- o = 0;
- SP_ASM_MUL_ADD2(l, h, o, a->dp[3], a->dp[7]);
- SP_ASM_MUL_ADD2(l, h, o, a->dp[4], a->dp[6]);
- SP_ASM_SQR_ADD(l, h, o, a->dp[5]);
- r->dp[10] = l;
- l = h;
- h = o;
- o = 0;
- SP_ASM_MUL_ADD2(l, h, o, a->dp[4], a->dp[7]);
- SP_ASM_MUL_ADD2(l, h, o, a->dp[5], a->dp[6]);
- r->dp[11] = l;
- l = h;
- h = o;
- o = 0;
- SP_ASM_MUL_ADD2(l, h, o, a->dp[5], a->dp[7]);
- SP_ASM_SQR_ADD(l, h, o, a->dp[6]);
- r->dp[12] = l;
- l = h;
- h = o;
- o = 0;
- SP_ASM_MUL_ADD2(l, h, o, a->dp[6], a->dp[7]);
- r->dp[13] = l;
- l = h;
- h = o;
- SP_ASM_SQR_ADD_NO(l, h, a->dp[7]);
- r->dp[14] = l;
- r->dp[15] = h;
- XMEMCPY(r->dp, t, 8 * sizeof(sp_int_digit));
- r->used = 16;
- sp_clamp(r);
- return MP_OKAY;
- }
- #endif /* SQR_MUL_ASM */
- #endif /* SP_WORD_SIZE == 32 */
- #if SP_WORD_SIZE == 32
- #ifdef SQR_MUL_ASM
- /* Square a and store in r. r = a * a
- *
- * Comba implementation.
- *
- * @param [in] a SP integer to square.
- * @param [out] r SP integer result.
- *
- * @return MP_OKAY on success.
- * @return MP_MEM when dynamic memory allocation fails.
- */
- static int _sp_sqr_12(sp_int* a, sp_int* r)
- {
- sp_int_digit l = 0;
- sp_int_digit h = 0;
- sp_int_digit o = 0;
- sp_int_digit tl = 0;
- sp_int_digit th = 0;
- sp_int_digit to;
- sp_int_digit t[12];
- #if defined(WOLFSSL_SP_ARM_THUMB) && SP_WORD_SIZE == 32
- to = 0;
- #endif
- SP_ASM_SQR(h, l, a->dp[0]);
- t[0] = h;
- h = 0;
- SP_ASM_MUL_ADD2_NO(l, h, o, a->dp[0], a->dp[1]);
- t[1] = l;
- l = h;
- h = o;
- o = 0;
- SP_ASM_MUL_ADD2_NO(l, h, o, a->dp[0], a->dp[2]);
- SP_ASM_SQR_ADD(l, h, o, a->dp[1]);
- t[2] = l;
- l = h;
- h = o;
- o = 0;
- SP_ASM_MUL_ADD2(l, h, o, a->dp[0], a->dp[3]);
- SP_ASM_MUL_ADD2(l, h, o, a->dp[1], a->dp[2]);
- t[3] = l;
- l = h;
- h = o;
- o = 0;
- SP_ASM_MUL_ADD2(l, h, o, a->dp[0], a->dp[4]);
- SP_ASM_MUL_ADD2(l, h, o, a->dp[1], a->dp[3]);
- SP_ASM_SQR_ADD(l, h, o, a->dp[2]);
- t[4] = l;
- l = h;
- h = o;
- o = 0;
- SP_ASM_MUL_SET(tl, th, to, a->dp[0], a->dp[5]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[1], a->dp[4]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[2], a->dp[3]);
- SP_ASM_ADD_DBL_3(l, h, o, tl, th, to);
- t[5] = l;
- l = h;
- h = o;
- o = 0;
- SP_ASM_MUL_SET(tl, th, to, a->dp[0], a->dp[6]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[1], a->dp[5]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[2], a->dp[4]);
- SP_ASM_SQR_ADD(l, h, o, a->dp[3]);
- SP_ASM_ADD_DBL_3(l, h, o, tl, th, to);
- t[6] = l;
- l = h;
- h = o;
- o = 0;
- SP_ASM_MUL_SET(tl, th, to, a->dp[0], a->dp[7]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[1], a->dp[6]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[2], a->dp[5]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[3], a->dp[4]);
- SP_ASM_ADD_DBL_3(l, h, o, tl, th, to);
- t[7] = l;
- l = h;
- h = o;
- o = 0;
- SP_ASM_MUL_SET(tl, th, to, a->dp[0], a->dp[8]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[1], a->dp[7]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[2], a->dp[6]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[3], a->dp[5]);
- SP_ASM_SQR_ADD(l, h, o, a->dp[4]);
- SP_ASM_ADD_DBL_3(l, h, o, tl, th, to);
- t[8] = l;
- l = h;
- h = o;
- o = 0;
- SP_ASM_MUL_SET(tl, th, to, a->dp[0], a->dp[9]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[1], a->dp[8]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[2], a->dp[7]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[3], a->dp[6]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[4], a->dp[5]);
- SP_ASM_ADD_DBL_3(l, h, o, tl, th, to);
- t[9] = l;
- l = h;
- h = o;
- o = 0;
- SP_ASM_MUL_SET(tl, th, to, a->dp[0], a->dp[10]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[1], a->dp[9]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[2], a->dp[8]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[3], a->dp[7]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[4], a->dp[6]);
- SP_ASM_SQR_ADD(l, h, o, a->dp[5]);
- SP_ASM_ADD_DBL_3(l, h, o, tl, th, to);
- t[10] = l;
- l = h;
- h = o;
- o = 0;
- SP_ASM_MUL_SET(tl, th, to, a->dp[0], a->dp[11]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[1], a->dp[10]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[2], a->dp[9]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[3], a->dp[8]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[4], a->dp[7]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[5], a->dp[6]);
- SP_ASM_ADD_DBL_3(l, h, o, tl, th, to);
- t[11] = l;
- l = h;
- h = o;
- o = 0;
- SP_ASM_MUL_SET(tl, th, to, a->dp[1], a->dp[11]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[2], a->dp[10]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[3], a->dp[9]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[4], a->dp[8]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[5], a->dp[7]);
- SP_ASM_SQR_ADD(l, h, o, a->dp[6]);
- SP_ASM_ADD_DBL_3(l, h, o, tl, th, to);
- r->dp[12] = l;
- l = h;
- h = o;
- o = 0;
- SP_ASM_MUL_SET(tl, th, to, a->dp[2], a->dp[11]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[3], a->dp[10]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[4], a->dp[9]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[5], a->dp[8]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[6], a->dp[7]);
- SP_ASM_ADD_DBL_3(l, h, o, tl, th, to);
- r->dp[13] = l;
- l = h;
- h = o;
- o = 0;
- SP_ASM_MUL_SET(tl, th, to, a->dp[3], a->dp[11]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[4], a->dp[10]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[5], a->dp[9]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[6], a->dp[8]);
- SP_ASM_SQR_ADD(l, h, o, a->dp[7]);
- SP_ASM_ADD_DBL_3(l, h, o, tl, th, to);
- r->dp[14] = l;
- l = h;
- h = o;
- o = 0;
- SP_ASM_MUL_SET(tl, th, to, a->dp[4], a->dp[11]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[5], a->dp[10]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[6], a->dp[9]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[7], a->dp[8]);
- SP_ASM_ADD_DBL_3(l, h, o, tl, th, to);
- r->dp[15] = l;
- l = h;
- h = o;
- o = 0;
- SP_ASM_MUL_SET(tl, th, to, a->dp[5], a->dp[11]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[6], a->dp[10]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[7], a->dp[9]);
- SP_ASM_SQR_ADD(l, h, o, a->dp[8]);
- SP_ASM_ADD_DBL_3(l, h, o, tl, th, to);
- r->dp[16] = l;
- l = h;
- h = o;
- o = 0;
- SP_ASM_MUL_SET(tl, th, to, a->dp[6], a->dp[11]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[7], a->dp[10]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[8], a->dp[9]);
- SP_ASM_ADD_DBL_3(l, h, o, tl, th, to);
- r->dp[17] = l;
- l = h;
- h = o;
- o = 0;
- SP_ASM_MUL_ADD2(l, h, o, a->dp[7], a->dp[11]);
- SP_ASM_MUL_ADD2(l, h, o, a->dp[8], a->dp[10]);
- SP_ASM_SQR_ADD(l, h, o, a->dp[9]);
- r->dp[18] = l;
- l = h;
- h = o;
- o = 0;
- SP_ASM_MUL_ADD2(l, h, o, a->dp[8], a->dp[11]);
- SP_ASM_MUL_ADD2(l, h, o, a->dp[9], a->dp[10]);
- r->dp[19] = l;
- l = h;
- h = o;
- o = 0;
- SP_ASM_MUL_ADD2(l, h, o, a->dp[9], a->dp[11]);
- SP_ASM_SQR_ADD(l, h, o, a->dp[10]);
- r->dp[20] = l;
- l = h;
- h = o;
- o = 0;
- SP_ASM_MUL_ADD2(l, h, o, a->dp[10], a->dp[11]);
- r->dp[21] = l;
- l = h;
- h = o;
- SP_ASM_SQR_ADD_NO(l, h, a->dp[11]);
- r->dp[22] = l;
- r->dp[23] = h;
- XMEMCPY(r->dp, t, 12 * sizeof(sp_int_digit));
- r->used = 24;
- sp_clamp(r);
- return MP_OKAY;
- }
- #endif /* SQR_MUL_ASM */
- #endif /* SP_WORD_SIZE == 32 */
- #endif /* !WOLFSSL_HAVE_SP_ECC && HAVE_ECC */
- #if defined(SQR_MUL_ASM) && defined(WOLFSSL_SP_INT_LARGE_COMBA)
- #if SP_INT_DIGITS >= 32
- /* Square a and store in r. r = a * a
- *
- * Comba implementation.
- *
- * @param [in] a SP integer to square.
- * @param [out] r SP integer result.
- *
- * @return MP_OKAY on success.
- * @return MP_MEM when dynamic memory allocation fails.
- */
- static int _sp_sqr_16(sp_int* a, sp_int* r)
- {
- int err = MP_OKAY;
- sp_int_digit l = 0;
- sp_int_digit h = 0;
- sp_int_digit o = 0;
- sp_int_digit tl = 0;
- sp_int_digit th = 0;
- sp_int_digit to;
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
- sp_int_digit* t = NULL;
- #else
- sp_int_digit t[16];
- #endif
- #if defined(WOLFSSL_SP_ARM_THUMB) && SP_WORD_SIZE == 32
- to = 0;
- #endif
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
- t = (sp_int_digit*)XMALLOC(sizeof(sp_int_digit) * 16, NULL,
- DYNAMIC_TYPE_BIGINT);
- if (t == NULL) {
- err = MP_MEM;
- }
- #endif
- if (err == MP_OKAY) {
- SP_ASM_SQR(h, l, a->dp[0]);
- t[0] = h;
- h = 0;
- SP_ASM_MUL_ADD2_NO(l, h, o, a->dp[0], a->dp[1]);
- t[1] = l;
- l = h;
- h = o;
- o = 0;
- SP_ASM_MUL_ADD2_NO(l, h, o, a->dp[0], a->dp[2]);
- SP_ASM_SQR_ADD(l, h, o, a->dp[1]);
- t[2] = l;
- l = h;
- h = o;
- o = 0;
- SP_ASM_MUL_ADD2(l, h, o, a->dp[0], a->dp[3]);
- SP_ASM_MUL_ADD2(l, h, o, a->dp[1], a->dp[2]);
- t[3] = l;
- l = h;
- h = o;
- o = 0;
- SP_ASM_MUL_ADD2(l, h, o, a->dp[0], a->dp[4]);
- SP_ASM_MUL_ADD2(l, h, o, a->dp[1], a->dp[3]);
- SP_ASM_SQR_ADD(l, h, o, a->dp[2]);
- t[4] = l;
- l = h;
- h = o;
- o = 0;
- SP_ASM_MUL_SET(tl, th, to, a->dp[0], a->dp[5]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[1], a->dp[4]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[2], a->dp[3]);
- SP_ASM_ADD_DBL_3(l, h, o, tl, th, to);
- t[5] = l;
- l = h;
- h = o;
- o = 0;
- SP_ASM_MUL_SET(tl, th, to, a->dp[0], a->dp[6]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[1], a->dp[5]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[2], a->dp[4]);
- SP_ASM_SQR_ADD(l, h, o, a->dp[3]);
- SP_ASM_ADD_DBL_3(l, h, o, tl, th, to);
- t[6] = l;
- l = h;
- h = o;
- o = 0;
- SP_ASM_MUL_SET(tl, th, to, a->dp[0], a->dp[7]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[1], a->dp[6]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[2], a->dp[5]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[3], a->dp[4]);
- SP_ASM_ADD_DBL_3(l, h, o, tl, th, to);
- t[7] = l;
- l = h;
- h = o;
- o = 0;
- SP_ASM_MUL_SET(tl, th, to, a->dp[0], a->dp[8]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[1], a->dp[7]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[2], a->dp[6]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[3], a->dp[5]);
- SP_ASM_SQR_ADD(l, h, o, a->dp[4]);
- SP_ASM_ADD_DBL_3(l, h, o, tl, th, to);
- t[8] = l;
- l = h;
- h = o;
- o = 0;
- SP_ASM_MUL_SET(tl, th, to, a->dp[0], a->dp[9]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[1], a->dp[8]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[2], a->dp[7]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[3], a->dp[6]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[4], a->dp[5]);
- SP_ASM_ADD_DBL_3(l, h, o, tl, th, to);
- t[9] = l;
- l = h;
- h = o;
- o = 0;
- SP_ASM_MUL_SET(tl, th, to, a->dp[0], a->dp[10]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[1], a->dp[9]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[2], a->dp[8]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[3], a->dp[7]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[4], a->dp[6]);
- SP_ASM_SQR_ADD(l, h, o, a->dp[5]);
- SP_ASM_ADD_DBL_3(l, h, o, tl, th, to);
- t[10] = l;
- l = h;
- h = o;
- o = 0;
- SP_ASM_MUL_SET(tl, th, to, a->dp[0], a->dp[11]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[1], a->dp[10]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[2], a->dp[9]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[3], a->dp[8]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[4], a->dp[7]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[5], a->dp[6]);
- SP_ASM_ADD_DBL_3(l, h, o, tl, th, to);
- t[11] = l;
- l = h;
- h = o;
- o = 0;
- SP_ASM_MUL_SET(tl, th, to, a->dp[0], a->dp[12]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[1], a->dp[11]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[2], a->dp[10]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[3], a->dp[9]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[4], a->dp[8]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[5], a->dp[7]);
- SP_ASM_SQR_ADD(l, h, o, a->dp[6]);
- SP_ASM_ADD_DBL_3(l, h, o, tl, th, to);
- t[12] = l;
- l = h;
- h = o;
- o = 0;
- SP_ASM_MUL_SET(tl, th, to, a->dp[0], a->dp[13]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[1], a->dp[12]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[2], a->dp[11]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[3], a->dp[10]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[4], a->dp[9]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[5], a->dp[8]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[6], a->dp[7]);
- SP_ASM_ADD_DBL_3(l, h, o, tl, th, to);
- t[13] = l;
- l = h;
- h = o;
- o = 0;
- SP_ASM_MUL_SET(tl, th, to, a->dp[0], a->dp[14]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[1], a->dp[13]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[2], a->dp[12]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[3], a->dp[11]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[4], a->dp[10]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[5], a->dp[9]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[6], a->dp[8]);
- SP_ASM_SQR_ADD(l, h, o, a->dp[7]);
- SP_ASM_ADD_DBL_3(l, h, o, tl, th, to);
- t[14] = l;
- l = h;
- h = o;
- o = 0;
- SP_ASM_MUL_SET(tl, th, to, a->dp[0], a->dp[15]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[1], a->dp[14]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[2], a->dp[13]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[3], a->dp[12]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[4], a->dp[11]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[5], a->dp[10]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[6], a->dp[9]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[7], a->dp[8]);
- SP_ASM_ADD_DBL_3(l, h, o, tl, th, to);
- t[15] = l;
- l = h;
- h = o;
- o = 0;
- SP_ASM_MUL_SET(tl, th, to, a->dp[1], a->dp[15]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[2], a->dp[14]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[3], a->dp[13]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[4], a->dp[12]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[5], a->dp[11]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[6], a->dp[10]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[7], a->dp[9]);
- SP_ASM_SQR_ADD(l, h, o, a->dp[8]);
- SP_ASM_ADD_DBL_3(l, h, o, tl, th, to);
- r->dp[16] = l;
- l = h;
- h = o;
- o = 0;
- SP_ASM_MUL_SET(tl, th, to, a->dp[2], a->dp[15]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[3], a->dp[14]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[4], a->dp[13]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[5], a->dp[12]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[6], a->dp[11]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[7], a->dp[10]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[8], a->dp[9]);
- SP_ASM_ADD_DBL_3(l, h, o, tl, th, to);
- r->dp[17] = l;
- l = h;
- h = o;
- o = 0;
- SP_ASM_MUL_SET(tl, th, to, a->dp[3], a->dp[15]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[4], a->dp[14]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[5], a->dp[13]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[6], a->dp[12]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[7], a->dp[11]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[8], a->dp[10]);
- SP_ASM_SQR_ADD(l, h, o, a->dp[9]);
- SP_ASM_ADD_DBL_3(l, h, o, tl, th, to);
- r->dp[18] = l;
- l = h;
- h = o;
- o = 0;
- SP_ASM_MUL_SET(tl, th, to, a->dp[4], a->dp[15]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[5], a->dp[14]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[6], a->dp[13]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[7], a->dp[12]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[8], a->dp[11]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[9], a->dp[10]);
- SP_ASM_ADD_DBL_3(l, h, o, tl, th, to);
- r->dp[19] = l;
- l = h;
- h = o;
- o = 0;
- SP_ASM_MUL_SET(tl, th, to, a->dp[5], a->dp[15]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[6], a->dp[14]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[7], a->dp[13]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[8], a->dp[12]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[9], a->dp[11]);
- SP_ASM_SQR_ADD(l, h, o, a->dp[10]);
- SP_ASM_ADD_DBL_3(l, h, o, tl, th, to);
- r->dp[20] = l;
- l = h;
- h = o;
- o = 0;
- SP_ASM_MUL_SET(tl, th, to, a->dp[6], a->dp[15]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[7], a->dp[14]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[8], a->dp[13]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[9], a->dp[12]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[10], a->dp[11]);
- SP_ASM_ADD_DBL_3(l, h, o, tl, th, to);
- r->dp[21] = l;
- l = h;
- h = o;
- o = 0;
- SP_ASM_MUL_SET(tl, th, to, a->dp[7], a->dp[15]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[8], a->dp[14]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[9], a->dp[13]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[10], a->dp[12]);
- SP_ASM_SQR_ADD(l, h, o, a->dp[11]);
- SP_ASM_ADD_DBL_3(l, h, o, tl, th, to);
- r->dp[22] = l;
- l = h;
- h = o;
- o = 0;
- SP_ASM_MUL_SET(tl, th, to, a->dp[8], a->dp[15]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[9], a->dp[14]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[10], a->dp[13]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[11], a->dp[12]);
- SP_ASM_ADD_DBL_3(l, h, o, tl, th, to);
- r->dp[23] = l;
- l = h;
- h = o;
- o = 0;
- SP_ASM_MUL_SET(tl, th, to, a->dp[9], a->dp[15]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[10], a->dp[14]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[11], a->dp[13]);
- SP_ASM_SQR_ADD(l, h, o, a->dp[12]);
- SP_ASM_ADD_DBL_3(l, h, o, tl, th, to);
- r->dp[24] = l;
- l = h;
- h = o;
- o = 0;
- SP_ASM_MUL_SET(tl, th, to, a->dp[10], a->dp[15]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[11], a->dp[14]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[12], a->dp[13]);
- SP_ASM_ADD_DBL_3(l, h, o, tl, th, to);
- r->dp[25] = l;
- l = h;
- h = o;
- o = 0;
- SP_ASM_MUL_ADD2(l, h, o, a->dp[11], a->dp[15]);
- SP_ASM_MUL_ADD2(l, h, o, a->dp[12], a->dp[14]);
- SP_ASM_SQR_ADD(l, h, o, a->dp[13]);
- r->dp[26] = l;
- l = h;
- h = o;
- o = 0;
- SP_ASM_MUL_ADD2(l, h, o, a->dp[12], a->dp[15]);
- SP_ASM_MUL_ADD2(l, h, o, a->dp[13], a->dp[14]);
- r->dp[27] = l;
- l = h;
- h = o;
- o = 0;
- SP_ASM_MUL_ADD2(l, h, o, a->dp[13], a->dp[15]);
- SP_ASM_SQR_ADD(l, h, o, a->dp[14]);
- r->dp[28] = l;
- l = h;
- h = o;
- o = 0;
- SP_ASM_MUL_ADD2(l, h, o, a->dp[14], a->dp[15]);
- r->dp[29] = l;
- l = h;
- h = o;
- SP_ASM_SQR_ADD_NO(l, h, a->dp[15]);
- r->dp[30] = l;
- r->dp[31] = h;
- XMEMCPY(r->dp, t, 16 * sizeof(sp_int_digit));
- r->used = 32;
- sp_clamp(r);
- }
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (t != NULL) {
- XFREE(t, NULL, DYNAMIC_TYPE_BIGINT);
- }
- #endif
- return err;
- }
- #endif /* SP_INT_DIGITS >= 32 */
- #if SP_INT_DIGITS >= 48
- /* Square a and store in r. r = a * a
- *
- * Comba implementation.
- *
- * @param [in] a SP integer to square.
- * @param [out] r SP integer result.
- *
- * @return MP_OKAY on success.
- * @return MP_MEM when dynamic memory allocation fails.
- */
- static int _sp_sqr_24(sp_int* a, sp_int* r)
- {
- int err = MP_OKAY;
- sp_int_digit l = 0;
- sp_int_digit h = 0;
- sp_int_digit o = 0;
- sp_int_digit tl = 0;
- sp_int_digit th = 0;
- sp_int_digit to;
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
- sp_int_digit* t = NULL;
- #else
- sp_int_digit t[24];
- #endif
- #if defined(WOLFSSL_SP_ARM_THUMB) && SP_WORD_SIZE == 32
- to = 0;
- #endif
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
- t = (sp_int_digit*)XMALLOC(sizeof(sp_int_digit) * 24, NULL,
- DYNAMIC_TYPE_BIGINT);
- if (t == NULL) {
- err = MP_MEM;
- }
- #endif
- if (err == MP_OKAY) {
- SP_ASM_SQR(h, l, a->dp[0]);
- t[0] = h;
- h = 0;
- SP_ASM_MUL_ADD2_NO(l, h, o, a->dp[0], a->dp[1]);
- t[1] = l;
- l = h;
- h = o;
- o = 0;
- SP_ASM_MUL_ADD2_NO(l, h, o, a->dp[0], a->dp[2]);
- SP_ASM_SQR_ADD(l, h, o, a->dp[1]);
- t[2] = l;
- l = h;
- h = o;
- o = 0;
- SP_ASM_MUL_ADD2(l, h, o, a->dp[0], a->dp[3]);
- SP_ASM_MUL_ADD2(l, h, o, a->dp[1], a->dp[2]);
- t[3] = l;
- l = h;
- h = o;
- o = 0;
- SP_ASM_MUL_ADD2(l, h, o, a->dp[0], a->dp[4]);
- SP_ASM_MUL_ADD2(l, h, o, a->dp[1], a->dp[3]);
- SP_ASM_SQR_ADD(l, h, o, a->dp[2]);
- t[4] = l;
- l = h;
- h = o;
- o = 0;
- SP_ASM_MUL_SET(tl, th, to, a->dp[0], a->dp[5]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[1], a->dp[4]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[2], a->dp[3]);
- SP_ASM_ADD_DBL_3(l, h, o, tl, th, to);
- t[5] = l;
- l = h;
- h = o;
- o = 0;
- SP_ASM_MUL_SET(tl, th, to, a->dp[0], a->dp[6]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[1], a->dp[5]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[2], a->dp[4]);
- SP_ASM_SQR_ADD(l, h, o, a->dp[3]);
- SP_ASM_ADD_DBL_3(l, h, o, tl, th, to);
- t[6] = l;
- l = h;
- h = o;
- o = 0;
- SP_ASM_MUL_SET(tl, th, to, a->dp[0], a->dp[7]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[1], a->dp[6]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[2], a->dp[5]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[3], a->dp[4]);
- SP_ASM_ADD_DBL_3(l, h, o, tl, th, to);
- t[7] = l;
- l = h;
- h = o;
- o = 0;
- SP_ASM_MUL_SET(tl, th, to, a->dp[0], a->dp[8]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[1], a->dp[7]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[2], a->dp[6]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[3], a->dp[5]);
- SP_ASM_SQR_ADD(l, h, o, a->dp[4]);
- SP_ASM_ADD_DBL_3(l, h, o, tl, th, to);
- t[8] = l;
- l = h;
- h = o;
- o = 0;
- SP_ASM_MUL_SET(tl, th, to, a->dp[0], a->dp[9]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[1], a->dp[8]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[2], a->dp[7]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[3], a->dp[6]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[4], a->dp[5]);
- SP_ASM_ADD_DBL_3(l, h, o, tl, th, to);
- t[9] = l;
- l = h;
- h = o;
- o = 0;
- SP_ASM_MUL_SET(tl, th, to, a->dp[0], a->dp[10]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[1], a->dp[9]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[2], a->dp[8]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[3], a->dp[7]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[4], a->dp[6]);
- SP_ASM_SQR_ADD(l, h, o, a->dp[5]);
- SP_ASM_ADD_DBL_3(l, h, o, tl, th, to);
- t[10] = l;
- l = h;
- h = o;
- o = 0;
- SP_ASM_MUL_SET(tl, th, to, a->dp[0], a->dp[11]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[1], a->dp[10]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[2], a->dp[9]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[3], a->dp[8]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[4], a->dp[7]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[5], a->dp[6]);
- SP_ASM_ADD_DBL_3(l, h, o, tl, th, to);
- t[11] = l;
- l = h;
- h = o;
- o = 0;
- SP_ASM_MUL_SET(tl, th, to, a->dp[0], a->dp[12]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[1], a->dp[11]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[2], a->dp[10]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[3], a->dp[9]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[4], a->dp[8]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[5], a->dp[7]);
- SP_ASM_SQR_ADD(l, h, o, a->dp[6]);
- SP_ASM_ADD_DBL_3(l, h, o, tl, th, to);
- t[12] = l;
- l = h;
- h = o;
- o = 0;
- SP_ASM_MUL_SET(tl, th, to, a->dp[0], a->dp[13]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[1], a->dp[12]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[2], a->dp[11]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[3], a->dp[10]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[4], a->dp[9]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[5], a->dp[8]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[6], a->dp[7]);
- SP_ASM_ADD_DBL_3(l, h, o, tl, th, to);
- t[13] = l;
- l = h;
- h = o;
- o = 0;
- SP_ASM_MUL_SET(tl, th, to, a->dp[0], a->dp[14]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[1], a->dp[13]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[2], a->dp[12]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[3], a->dp[11]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[4], a->dp[10]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[5], a->dp[9]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[6], a->dp[8]);
- SP_ASM_SQR_ADD(l, h, o, a->dp[7]);
- SP_ASM_ADD_DBL_3(l, h, o, tl, th, to);
- t[14] = l;
- l = h;
- h = o;
- o = 0;
- SP_ASM_MUL_SET(tl, th, to, a->dp[0], a->dp[15]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[1], a->dp[14]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[2], a->dp[13]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[3], a->dp[12]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[4], a->dp[11]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[5], a->dp[10]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[6], a->dp[9]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[7], a->dp[8]);
- SP_ASM_ADD_DBL_3(l, h, o, tl, th, to);
- t[15] = l;
- l = h;
- h = o;
- o = 0;
- SP_ASM_MUL_SET(tl, th, to, a->dp[0], a->dp[16]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[1], a->dp[15]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[2], a->dp[14]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[3], a->dp[13]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[4], a->dp[12]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[5], a->dp[11]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[6], a->dp[10]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[7], a->dp[9]);
- SP_ASM_SQR_ADD(l, h, o, a->dp[8]);
- SP_ASM_ADD_DBL_3(l, h, o, tl, th, to);
- t[16] = l;
- l = h;
- h = o;
- o = 0;
- SP_ASM_MUL_SET(tl, th, to, a->dp[0], a->dp[17]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[1], a->dp[16]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[2], a->dp[15]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[3], a->dp[14]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[4], a->dp[13]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[5], a->dp[12]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[6], a->dp[11]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[7], a->dp[10]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[8], a->dp[9]);
- SP_ASM_ADD_DBL_3(l, h, o, tl, th, to);
- t[17] = l;
- l = h;
- h = o;
- o = 0;
- SP_ASM_MUL_SET(tl, th, to, a->dp[0], a->dp[18]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[1], a->dp[17]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[2], a->dp[16]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[3], a->dp[15]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[4], a->dp[14]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[5], a->dp[13]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[6], a->dp[12]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[7], a->dp[11]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[8], a->dp[10]);
- SP_ASM_SQR_ADD(l, h, o, a->dp[9]);
- SP_ASM_ADD_DBL_3(l, h, o, tl, th, to);
- t[18] = l;
- l = h;
- h = o;
- o = 0;
- SP_ASM_MUL_SET(tl, th, to, a->dp[0], a->dp[19]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[1], a->dp[18]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[2], a->dp[17]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[3], a->dp[16]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[4], a->dp[15]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[5], a->dp[14]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[6], a->dp[13]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[7], a->dp[12]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[8], a->dp[11]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[9], a->dp[10]);
- SP_ASM_ADD_DBL_3(l, h, o, tl, th, to);
- t[19] = l;
- l = h;
- h = o;
- o = 0;
- SP_ASM_MUL_SET(tl, th, to, a->dp[0], a->dp[20]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[1], a->dp[19]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[2], a->dp[18]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[3], a->dp[17]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[4], a->dp[16]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[5], a->dp[15]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[6], a->dp[14]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[7], a->dp[13]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[8], a->dp[12]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[9], a->dp[11]);
- SP_ASM_SQR_ADD(l, h, o, a->dp[10]);
- SP_ASM_ADD_DBL_3(l, h, o, tl, th, to);
- t[20] = l;
- l = h;
- h = o;
- o = 0;
- SP_ASM_MUL_SET(tl, th, to, a->dp[0], a->dp[21]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[1], a->dp[20]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[2], a->dp[19]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[3], a->dp[18]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[4], a->dp[17]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[5], a->dp[16]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[6], a->dp[15]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[7], a->dp[14]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[8], a->dp[13]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[9], a->dp[12]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[10], a->dp[11]);
- SP_ASM_ADD_DBL_3(l, h, o, tl, th, to);
- t[21] = l;
- l = h;
- h = o;
- o = 0;
- SP_ASM_MUL_SET(tl, th, to, a->dp[0], a->dp[22]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[1], a->dp[21]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[2], a->dp[20]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[3], a->dp[19]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[4], a->dp[18]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[5], a->dp[17]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[6], a->dp[16]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[7], a->dp[15]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[8], a->dp[14]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[9], a->dp[13]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[10], a->dp[12]);
- SP_ASM_SQR_ADD(l, h, o, a->dp[11]);
- SP_ASM_ADD_DBL_3(l, h, o, tl, th, to);
- t[22] = l;
- l = h;
- h = o;
- o = 0;
- SP_ASM_MUL_SET(tl, th, to, a->dp[0], a->dp[23]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[1], a->dp[22]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[2], a->dp[21]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[3], a->dp[20]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[4], a->dp[19]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[5], a->dp[18]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[6], a->dp[17]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[7], a->dp[16]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[8], a->dp[15]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[9], a->dp[14]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[10], a->dp[13]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[11], a->dp[12]);
- SP_ASM_ADD_DBL_3(l, h, o, tl, th, to);
- t[23] = l;
- l = h;
- h = o;
- o = 0;
- SP_ASM_MUL_SET(tl, th, to, a->dp[1], a->dp[23]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[2], a->dp[22]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[3], a->dp[21]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[4], a->dp[20]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[5], a->dp[19]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[6], a->dp[18]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[7], a->dp[17]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[8], a->dp[16]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[9], a->dp[15]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[10], a->dp[14]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[11], a->dp[13]);
- SP_ASM_SQR_ADD(l, h, o, a->dp[12]);
- SP_ASM_ADD_DBL_3(l, h, o, tl, th, to);
- r->dp[24] = l;
- l = h;
- h = o;
- o = 0;
- SP_ASM_MUL_SET(tl, th, to, a->dp[2], a->dp[23]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[3], a->dp[22]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[4], a->dp[21]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[5], a->dp[20]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[6], a->dp[19]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[7], a->dp[18]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[8], a->dp[17]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[9], a->dp[16]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[10], a->dp[15]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[11], a->dp[14]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[12], a->dp[13]);
- SP_ASM_ADD_DBL_3(l, h, o, tl, th, to);
- r->dp[25] = l;
- l = h;
- h = o;
- o = 0;
- SP_ASM_MUL_SET(tl, th, to, a->dp[3], a->dp[23]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[4], a->dp[22]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[5], a->dp[21]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[6], a->dp[20]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[7], a->dp[19]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[8], a->dp[18]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[9], a->dp[17]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[10], a->dp[16]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[11], a->dp[15]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[12], a->dp[14]);
- SP_ASM_SQR_ADD(l, h, o, a->dp[13]);
- SP_ASM_ADD_DBL_3(l, h, o, tl, th, to);
- r->dp[26] = l;
- l = h;
- h = o;
- o = 0;
- SP_ASM_MUL_SET(tl, th, to, a->dp[4], a->dp[23]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[5], a->dp[22]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[6], a->dp[21]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[7], a->dp[20]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[8], a->dp[19]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[9], a->dp[18]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[10], a->dp[17]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[11], a->dp[16]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[12], a->dp[15]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[13], a->dp[14]);
- SP_ASM_ADD_DBL_3(l, h, o, tl, th, to);
- r->dp[27] = l;
- l = h;
- h = o;
- o = 0;
- SP_ASM_MUL_SET(tl, th, to, a->dp[5], a->dp[23]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[6], a->dp[22]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[7], a->dp[21]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[8], a->dp[20]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[9], a->dp[19]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[10], a->dp[18]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[11], a->dp[17]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[12], a->dp[16]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[13], a->dp[15]);
- SP_ASM_SQR_ADD(l, h, o, a->dp[14]);
- SP_ASM_ADD_DBL_3(l, h, o, tl, th, to);
- r->dp[28] = l;
- l = h;
- h = o;
- o = 0;
- SP_ASM_MUL_SET(tl, th, to, a->dp[6], a->dp[23]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[7], a->dp[22]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[8], a->dp[21]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[9], a->dp[20]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[10], a->dp[19]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[11], a->dp[18]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[12], a->dp[17]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[13], a->dp[16]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[14], a->dp[15]);
- SP_ASM_ADD_DBL_3(l, h, o, tl, th, to);
- r->dp[29] = l;
- l = h;
- h = o;
- o = 0;
- SP_ASM_MUL_SET(tl, th, to, a->dp[7], a->dp[23]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[8], a->dp[22]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[9], a->dp[21]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[10], a->dp[20]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[11], a->dp[19]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[12], a->dp[18]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[13], a->dp[17]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[14], a->dp[16]);
- SP_ASM_SQR_ADD(l, h, o, a->dp[15]);
- SP_ASM_ADD_DBL_3(l, h, o, tl, th, to);
- r->dp[30] = l;
- l = h;
- h = o;
- o = 0;
- SP_ASM_MUL_SET(tl, th, to, a->dp[8], a->dp[23]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[9], a->dp[22]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[10], a->dp[21]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[11], a->dp[20]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[12], a->dp[19]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[13], a->dp[18]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[14], a->dp[17]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[15], a->dp[16]);
- SP_ASM_ADD_DBL_3(l, h, o, tl, th, to);
- r->dp[31] = l;
- l = h;
- h = o;
- o = 0;
- SP_ASM_MUL_SET(tl, th, to, a->dp[9], a->dp[23]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[10], a->dp[22]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[11], a->dp[21]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[12], a->dp[20]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[13], a->dp[19]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[14], a->dp[18]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[15], a->dp[17]);
- SP_ASM_SQR_ADD(l, h, o, a->dp[16]);
- SP_ASM_ADD_DBL_3(l, h, o, tl, th, to);
- r->dp[32] = l;
- l = h;
- h = o;
- o = 0;
- SP_ASM_MUL_SET(tl, th, to, a->dp[10], a->dp[23]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[11], a->dp[22]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[12], a->dp[21]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[13], a->dp[20]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[14], a->dp[19]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[15], a->dp[18]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[16], a->dp[17]);
- SP_ASM_ADD_DBL_3(l, h, o, tl, th, to);
- r->dp[33] = l;
- l = h;
- h = o;
- o = 0;
- SP_ASM_MUL_SET(tl, th, to, a->dp[11], a->dp[23]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[12], a->dp[22]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[13], a->dp[21]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[14], a->dp[20]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[15], a->dp[19]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[16], a->dp[18]);
- SP_ASM_SQR_ADD(l, h, o, a->dp[17]);
- SP_ASM_ADD_DBL_3(l, h, o, tl, th, to);
- r->dp[34] = l;
- l = h;
- h = o;
- o = 0;
- SP_ASM_MUL_SET(tl, th, to, a->dp[12], a->dp[23]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[13], a->dp[22]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[14], a->dp[21]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[15], a->dp[20]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[16], a->dp[19]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[17], a->dp[18]);
- SP_ASM_ADD_DBL_3(l, h, o, tl, th, to);
- r->dp[35] = l;
- l = h;
- h = o;
- o = 0;
- SP_ASM_MUL_SET(tl, th, to, a->dp[13], a->dp[23]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[14], a->dp[22]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[15], a->dp[21]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[16], a->dp[20]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[17], a->dp[19]);
- SP_ASM_SQR_ADD(l, h, o, a->dp[18]);
- SP_ASM_ADD_DBL_3(l, h, o, tl, th, to);
- r->dp[36] = l;
- l = h;
- h = o;
- o = 0;
- SP_ASM_MUL_SET(tl, th, to, a->dp[14], a->dp[23]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[15], a->dp[22]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[16], a->dp[21]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[17], a->dp[20]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[18], a->dp[19]);
- SP_ASM_ADD_DBL_3(l, h, o, tl, th, to);
- r->dp[37] = l;
- l = h;
- h = o;
- o = 0;
- SP_ASM_MUL_SET(tl, th, to, a->dp[15], a->dp[23]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[16], a->dp[22]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[17], a->dp[21]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[18], a->dp[20]);
- SP_ASM_SQR_ADD(l, h, o, a->dp[19]);
- SP_ASM_ADD_DBL_3(l, h, o, tl, th, to);
- r->dp[38] = l;
- l = h;
- h = o;
- o = 0;
- SP_ASM_MUL_SET(tl, th, to, a->dp[16], a->dp[23]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[17], a->dp[22]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[18], a->dp[21]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[19], a->dp[20]);
- SP_ASM_ADD_DBL_3(l, h, o, tl, th, to);
- r->dp[39] = l;
- l = h;
- h = o;
- o = 0;
- SP_ASM_MUL_SET(tl, th, to, a->dp[17], a->dp[23]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[18], a->dp[22]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[19], a->dp[21]);
- SP_ASM_SQR_ADD(l, h, o, a->dp[20]);
- SP_ASM_ADD_DBL_3(l, h, o, tl, th, to);
- r->dp[40] = l;
- l = h;
- h = o;
- o = 0;
- SP_ASM_MUL_SET(tl, th, to, a->dp[18], a->dp[23]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[19], a->dp[22]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[20], a->dp[21]);
- SP_ASM_ADD_DBL_3(l, h, o, tl, th, to);
- r->dp[41] = l;
- l = h;
- h = o;
- o = 0;
- SP_ASM_MUL_ADD2(l, h, o, a->dp[19], a->dp[23]);
- SP_ASM_MUL_ADD2(l, h, o, a->dp[20], a->dp[22]);
- SP_ASM_SQR_ADD(l, h, o, a->dp[21]);
- r->dp[42] = l;
- l = h;
- h = o;
- o = 0;
- SP_ASM_MUL_ADD2(l, h, o, a->dp[20], a->dp[23]);
- SP_ASM_MUL_ADD2(l, h, o, a->dp[21], a->dp[22]);
- r->dp[43] = l;
- l = h;
- h = o;
- o = 0;
- SP_ASM_MUL_ADD2(l, h, o, a->dp[21], a->dp[23]);
- SP_ASM_SQR_ADD(l, h, o, a->dp[22]);
- r->dp[44] = l;
- l = h;
- h = o;
- o = 0;
- SP_ASM_MUL_ADD2(l, h, o, a->dp[22], a->dp[23]);
- r->dp[45] = l;
- l = h;
- h = o;
- SP_ASM_SQR_ADD_NO(l, h, a->dp[23]);
- r->dp[46] = l;
- r->dp[47] = h;
- XMEMCPY(r->dp, t, 24 * sizeof(sp_int_digit));
- r->used = 48;
- sp_clamp(r);
- }
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (t != NULL) {
- XFREE(t, NULL, DYNAMIC_TYPE_BIGINT);
- }
- #endif
- return err;
- }
- #endif /* SP_INT_DIGITS >= 48 */
- #if SP_INT_DIGITS >= 64
- /* Square a and store in r. r = a * a
- *
- * Karatsuba implementation.
- *
- * @param [in] a SP integer to square.
- * @param [out] r SP integer result.
- *
- * @return MP_OKAY on success.
- * @return MP_MEM when dynamic memory allocation fails.
- */
- static int _sp_sqr_32(sp_int* a, sp_int* r)
- {
- int err = MP_OKAY;
- int i;
- sp_int_digit l;
- sp_int_digit h;
- sp_int* z0;
- sp_int* z1;
- sp_int* z2;
- sp_int_digit ca;
- DECL_SP_INT(a1, 16);
- DECL_SP_INT_ARRAY(z, 33, 2);
- ALLOC_SP_INT(a1, 16, err, NULL);
- ALLOC_SP_INT_ARRAY(z, 33, 2, err, NULL);
- if (err == MP_OKAY) {
- z1 = z[0];
- z2 = z[1];
- z0 = r;
- XMEMCPY(a1->dp, &a->dp[16], sizeof(sp_int_digit) * 16);
- a1->used = 16;
- /* z2 = a1 ^ 2 */
- err = _sp_sqr_16(a1, z2);
- }
- if (err == MP_OKAY) {
- l = 0;
- h = 0;
- for (i = 0; i < 16; i++) {
- SP_ASM_ADDC(l, h, a1->dp[i]);
- SP_ASM_ADDC(l, h, a->dp[i]);
- a1->dp[i] = l;
- l = h;
- h = 0;
- }
- ca = l;
- /* z0 = a0 ^ 2 */
- err = _sp_sqr_16(a, z0);
- }
- if (err == MP_OKAY) {
- /* z1 = (a0 + a1) ^ 2 */
- err = _sp_sqr_16(a1, z1);
- }
- if (err == MP_OKAY) {
- /* r = (z2 << 32) + (z1 - z0 - z2) << 16) + z0 */
- /* r = z0 */
- /* r += (z1 - z0 - z2) << 16 */
- z1->dp[32] = ca;
- l = 0;
- if (ca) {
- l = z1->dp[0 + 16];
- h = 0;
- SP_ASM_ADDC(l, h, a1->dp[0]);
- SP_ASM_ADDC(l, h, a1->dp[0]);
- z1->dp[0 + 16] = l;
- l = h;
- h = 0;
- for (i = 1; i < 16; i++) {
- SP_ASM_ADDC(l, h, z1->dp[i + 16]);
- SP_ASM_ADDC(l, h, a1->dp[i]);
- SP_ASM_ADDC(l, h, a1->dp[i]);
- z1->dp[i + 16] = l;
- l = h;
- h = 0;
- }
- }
- z1->dp[32] += l;
- /* z1 = z1 - z0 - z1 */
- l = z1->dp[0];
- h = 0;
- SP_ASM_SUBC(l, h, z0->dp[0]);
- SP_ASM_SUBC(l, h, z2->dp[0]);
- z1->dp[0] = l;
- l = h;
- h = 0;
- for (i = 1; i < 32; i++) {
- l += z1->dp[i];
- SP_ASM_SUBC(l, h, z0->dp[i]);
- SP_ASM_SUBC(l, h, z2->dp[i]);
- z1->dp[i] = l;
- l = h;
- h = 0;
- }
- z1->dp[i] += l;
- /* r += z1 << 16 */
- l = 0;
- h = 0;
- for (i = 0; i < 16; i++) {
- SP_ASM_ADDC(l, h, r->dp[i + 16]);
- SP_ASM_ADDC(l, h, z1->dp[i]);
- r->dp[i + 16] = l;
- l = h;
- h = 0;
- }
- for (; i < 33; i++) {
- SP_ASM_ADDC(l, h, z1->dp[i]);
- r->dp[i + 16] = l;
- l = h;
- h = 0;
- }
- /* r += z2 << 32 */
- l = 0;
- h = 0;
- for (i = 0; i < 17; i++) {
- SP_ASM_ADDC(l, h, r->dp[i + 32]);
- SP_ASM_ADDC(l, h, z2->dp[i]);
- r->dp[i + 32] = l;
- l = h;
- h = 0;
- }
- for (; i < 32; i++) {
- SP_ASM_ADDC(l, h, z2->dp[i]);
- r->dp[i + 32] = l;
- l = h;
- h = 0;
- }
- r->used = 64;
- sp_clamp(r);
- }
- FREE_SP_INT_ARRAY(z, NULL);
- FREE_SP_INT(a1, NULL);
- return err;
- }
- #endif /* SP_INT_DIGITS >= 64 */
- #if SP_INT_DIGITS >= 96
- /* Square a and store in r. r = a * a
- *
- * Karatsuba implementation.
- *
- * @param [in] a SP integer to square.
- * @param [out] r SP integer result.
- *
- * @return MP_OKAY on success.
- * @return MP_MEM when dynamic memory allocation fails.
- */
- static int _sp_sqr_48(sp_int* a, sp_int* r)
- {
- int err = MP_OKAY;
- int i;
- sp_int_digit l;
- sp_int_digit h;
- sp_int* z0;
- sp_int* z1;
- sp_int* z2;
- sp_int_digit ca;
- DECL_SP_INT(a1, 24);
- DECL_SP_INT_ARRAY(z, 49, 2);
- ALLOC_SP_INT(a1, 24, err, NULL);
- ALLOC_SP_INT_ARRAY(z, 49, 2, err, NULL);
- if (err == MP_OKAY) {
- z1 = z[0];
- z2 = z[1];
- z0 = r;
- XMEMCPY(a1->dp, &a->dp[24], sizeof(sp_int_digit) * 24);
- a1->used = 24;
- /* z2 = a1 ^ 2 */
- err = _sp_sqr_24(a1, z2);
- }
- if (err == MP_OKAY) {
- l = 0;
- h = 0;
- for (i = 0; i < 24; i++) {
- SP_ASM_ADDC(l, h, a1->dp[i]);
- SP_ASM_ADDC(l, h, a->dp[i]);
- a1->dp[i] = l;
- l = h;
- h = 0;
- }
- ca = l;
- /* z0 = a0 ^ 2 */
- err = _sp_sqr_24(a, z0);
- }
- if (err == MP_OKAY) {
- /* z1 = (a0 + a1) ^ 2 */
- err = _sp_sqr_24(a1, z1);
- }
- if (err == MP_OKAY) {
- /* r = (z2 << 48) + (z1 - z0 - z2) << 24) + z0 */
- /* r = z0 */
- /* r += (z1 - z0 - z2) << 24 */
- z1->dp[48] = ca;
- l = 0;
- if (ca) {
- l = z1->dp[0 + 24];
- h = 0;
- SP_ASM_ADDC(l, h, a1->dp[0]);
- SP_ASM_ADDC(l, h, a1->dp[0]);
- z1->dp[0 + 24] = l;
- l = h;
- h = 0;
- for (i = 1; i < 24; i++) {
- SP_ASM_ADDC(l, h, z1->dp[i + 24]);
- SP_ASM_ADDC(l, h, a1->dp[i]);
- SP_ASM_ADDC(l, h, a1->dp[i]);
- z1->dp[i + 24] = l;
- l = h;
- h = 0;
- }
- }
- z1->dp[48] += l;
- /* z1 = z1 - z0 - z1 */
- l = z1->dp[0];
- h = 0;
- SP_ASM_SUBC(l, h, z0->dp[0]);
- SP_ASM_SUBC(l, h, z2->dp[0]);
- z1->dp[0] = l;
- l = h;
- h = 0;
- for (i = 1; i < 48; i++) {
- l += z1->dp[i];
- SP_ASM_SUBC(l, h, z0->dp[i]);
- SP_ASM_SUBC(l, h, z2->dp[i]);
- z1->dp[i] = l;
- l = h;
- h = 0;
- }
- z1->dp[i] += l;
- /* r += z1 << 16 */
- l = 0;
- h = 0;
- for (i = 0; i < 24; i++) {
- SP_ASM_ADDC(l, h, r->dp[i + 24]);
- SP_ASM_ADDC(l, h, z1->dp[i]);
- r->dp[i + 24] = l;
- l = h;
- h = 0;
- }
- for (; i < 49; i++) {
- SP_ASM_ADDC(l, h, z1->dp[i]);
- r->dp[i + 24] = l;
- l = h;
- h = 0;
- }
- /* r += z2 << 48 */
- l = 0;
- h = 0;
- for (i = 0; i < 25; i++) {
- SP_ASM_ADDC(l, h, r->dp[i + 48]);
- SP_ASM_ADDC(l, h, z2->dp[i]);
- r->dp[i + 48] = l;
- l = h;
- h = 0;
- }
- for (; i < 48; i++) {
- SP_ASM_ADDC(l, h, z2->dp[i]);
- r->dp[i + 48] = l;
- l = h;
- h = 0;
- }
- r->used = 96;
- sp_clamp(r);
- }
- FREE_SP_INT_ARRAY(z, NULL);
- FREE_SP_INT(a1, NULL);
- return err;
- }
- #endif /* SP_INT_DIGITS >= 96 */
- #if SP_INT_DIGITS >= 128
- /* Square a and store in r. r = a * a
- *
- * Karatsuba implementation.
- *
- * @param [in] a SP integer to square.
- * @param [out] r SP integer result.
- *
- * @return MP_OKAY on success.
- * @return MP_MEM when dynamic memory allocation fails.
- */
- static int _sp_sqr_64(sp_int* a, sp_int* r)
- {
- int err = MP_OKAY;
- int i;
- sp_int_digit l;
- sp_int_digit h;
- sp_int* z0;
- sp_int* z1;
- sp_int* z2;
- sp_int_digit ca;
- DECL_SP_INT(a1, 32);
- DECL_SP_INT_ARRAY(z, 65, 2);
- ALLOC_SP_INT(a1, 32, err, NULL);
- ALLOC_SP_INT_ARRAY(z, 65, 2, err, NULL);
- if (err == MP_OKAY) {
- z1 = z[0];
- z2 = z[1];
- z0 = r;
- XMEMCPY(a1->dp, &a->dp[32], sizeof(sp_int_digit) * 32);
- a1->used = 32;
- /* z2 = a1 ^ 2 */
- err = _sp_sqr_32(a1, z2);
- }
- if (err == MP_OKAY) {
- l = 0;
- h = 0;
- for (i = 0; i < 32; i++) {
- SP_ASM_ADDC(l, h, a1->dp[i]);
- SP_ASM_ADDC(l, h, a->dp[i]);
- a1->dp[i] = l;
- l = h;
- h = 0;
- }
- ca = l;
- /* z0 = a0 ^ 2 */
- err = _sp_sqr_32(a, z0);
- }
- if (err == MP_OKAY) {
- /* z1 = (a0 + a1) ^ 2 */
- err = _sp_sqr_32(a1, z1);
- }
- if (err == MP_OKAY) {
- /* r = (z2 << 64) + (z1 - z0 - z2) << 32) + z0 */
- /* r = z0 */
- /* r += (z1 - z0 - z2) << 32 */
- z1->dp[64] = ca;
- l = 0;
- if (ca) {
- l = z1->dp[0 + 32];
- h = 0;
- SP_ASM_ADDC(l, h, a1->dp[0]);
- SP_ASM_ADDC(l, h, a1->dp[0]);
- z1->dp[0 + 32] = l;
- l = h;
- h = 0;
- for (i = 1; i < 32; i++) {
- SP_ASM_ADDC(l, h, z1->dp[i + 32]);
- SP_ASM_ADDC(l, h, a1->dp[i]);
- SP_ASM_ADDC(l, h, a1->dp[i]);
- z1->dp[i + 32] = l;
- l = h;
- h = 0;
- }
- }
- z1->dp[64] += l;
- /* z1 = z1 - z0 - z1 */
- l = z1->dp[0];
- h = 0;
- SP_ASM_SUBC(l, h, z0->dp[0]);
- SP_ASM_SUBC(l, h, z2->dp[0]);
- z1->dp[0] = l;
- l = h;
- h = 0;
- for (i = 1; i < 64; i++) {
- l += z1->dp[i];
- SP_ASM_SUBC(l, h, z0->dp[i]);
- SP_ASM_SUBC(l, h, z2->dp[i]);
- z1->dp[i] = l;
- l = h;
- h = 0;
- }
- z1->dp[i] += l;
- /* r += z1 << 16 */
- l = 0;
- h = 0;
- for (i = 0; i < 32; i++) {
- SP_ASM_ADDC(l, h, r->dp[i + 32]);
- SP_ASM_ADDC(l, h, z1->dp[i]);
- r->dp[i + 32] = l;
- l = h;
- h = 0;
- }
- for (; i < 65; i++) {
- SP_ASM_ADDC(l, h, z1->dp[i]);
- r->dp[i + 32] = l;
- l = h;
- h = 0;
- }
- /* r += z2 << 64 */
- l = 0;
- h = 0;
- for (i = 0; i < 33; i++) {
- SP_ASM_ADDC(l, h, r->dp[i + 64]);
- SP_ASM_ADDC(l, h, z2->dp[i]);
- r->dp[i + 64] = l;
- l = h;
- h = 0;
- }
- for (; i < 64; i++) {
- SP_ASM_ADDC(l, h, z2->dp[i]);
- r->dp[i + 64] = l;
- l = h;
- h = 0;
- }
- r->used = 128;
- sp_clamp(r);
- }
- FREE_SP_INT_ARRAY(z, NULL);
- FREE_SP_INT(a1, NULL);
- return err;
- }
- #endif /* SP_INT_DIGITS >= 128 */
- #if SP_INT_DIGITS >= 192
- /* Square a and store in r. r = a * a
- *
- * Karatsuba implementation.
- *
- * @param [in] a SP integer to square.
- * @param [out] r SP integer result.
- *
- * @return MP_OKAY on success.
- * @return MP_MEM when dynamic memory allocation fails.
- */
- static int _sp_sqr_96(sp_int* a, sp_int* r)
- {
- int err = MP_OKAY;
- int i;
- sp_int_digit l;
- sp_int_digit h;
- sp_int* z0;
- sp_int* z1;
- sp_int* z2;
- sp_int_digit ca;
- DECL_SP_INT(a1, 48);
- DECL_SP_INT_ARRAY(z, 97, 2);
- ALLOC_SP_INT(a1, 48, err, NULL);
- ALLOC_SP_INT_ARRAY(z, 97, 2, err, NULL);
- if (err == MP_OKAY) {
- z1 = z[0];
- z2 = z[1];
- z0 = r;
- XMEMCPY(a1->dp, &a->dp[48], sizeof(sp_int_digit) * 48);
- a1->used = 48;
- /* z2 = a1 ^ 2 */
- err = _sp_sqr_48(a1, z2);
- }
- if (err == MP_OKAY) {
- l = 0;
- h = 0;
- for (i = 0; i < 48; i++) {
- SP_ASM_ADDC(l, h, a1->dp[i]);
- SP_ASM_ADDC(l, h, a->dp[i]);
- a1->dp[i] = l;
- l = h;
- h = 0;
- }
- ca = l;
- /* z0 = a0 ^ 2 */
- err = _sp_sqr_48(a, z0);
- }
- if (err == MP_OKAY) {
- /* z1 = (a0 + a1) ^ 2 */
- err = _sp_sqr_48(a1, z1);
- }
- if (err == MP_OKAY) {
- /* r = (z2 << 96) + (z1 - z0 - z2) << 48) + z0 */
- /* r = z0 */
- /* r += (z1 - z0 - z2) << 48 */
- z1->dp[96] = ca;
- l = 0;
- if (ca) {
- l = z1->dp[0 + 48];
- h = 0;
- SP_ASM_ADDC(l, h, a1->dp[0]);
- SP_ASM_ADDC(l, h, a1->dp[0]);
- z1->dp[0 + 48] = l;
- l = h;
- h = 0;
- for (i = 1; i < 48; i++) {
- SP_ASM_ADDC(l, h, z1->dp[i + 48]);
- SP_ASM_ADDC(l, h, a1->dp[i]);
- SP_ASM_ADDC(l, h, a1->dp[i]);
- z1->dp[i + 48] = l;
- l = h;
- h = 0;
- }
- }
- z1->dp[96] += l;
- /* z1 = z1 - z0 - z1 */
- l = z1->dp[0];
- h = 0;
- SP_ASM_SUBC(l, h, z0->dp[0]);
- SP_ASM_SUBC(l, h, z2->dp[0]);
- z1->dp[0] = l;
- l = h;
- h = 0;
- for (i = 1; i < 96; i++) {
- l += z1->dp[i];
- SP_ASM_SUBC(l, h, z0->dp[i]);
- SP_ASM_SUBC(l, h, z2->dp[i]);
- z1->dp[i] = l;
- l = h;
- h = 0;
- }
- z1->dp[i] += l;
- /* r += z1 << 16 */
- l = 0;
- h = 0;
- for (i = 0; i < 48; i++) {
- SP_ASM_ADDC(l, h, r->dp[i + 48]);
- SP_ASM_ADDC(l, h, z1->dp[i]);
- r->dp[i + 48] = l;
- l = h;
- h = 0;
- }
- for (; i < 97; i++) {
- SP_ASM_ADDC(l, h, z1->dp[i]);
- r->dp[i + 48] = l;
- l = h;
- h = 0;
- }
- /* r += z2 << 96 */
- l = 0;
- h = 0;
- for (i = 0; i < 49; i++) {
- SP_ASM_ADDC(l, h, r->dp[i + 96]);
- SP_ASM_ADDC(l, h, z2->dp[i]);
- r->dp[i + 96] = l;
- l = h;
- h = 0;
- }
- for (; i < 96; i++) {
- SP_ASM_ADDC(l, h, z2->dp[i]);
- r->dp[i + 96] = l;
- l = h;
- h = 0;
- }
- r->used = 192;
- sp_clamp(r);
- }
- FREE_SP_INT_ARRAY(z, NULL);
- FREE_SP_INT(a1, NULL);
- return err;
- }
- #endif /* SP_INT_DIGITS >= 192 */
- #endif /* SQR_MUL_ASM && WOLFSSL_SP_INT_LARGE_COMBA */
- #endif /* !WOLFSSL_SP_SMALL */
- /* Square a and store in r. r = a * a
- *
- * @param [in] a SP integer to square.
- * @param [out] r SP integer result.
- *
- * @return MP_OKAY on success.
- * @return MP_VAL when a or r is NULL, or the result will be too big for fixed
- * data length.
- * @return MP_MEM when dynamic memory allocation fails.
- */
- int sp_sqr(sp_int* a, sp_int* r)
- {
- #if defined(WOLFSSL_SP_MATH) && defined(WOLFSSL_SP_SMALL)
- return sp_mul(a, a, r);
- #else
- int err = MP_OKAY;
- if ((a == NULL) || (r == NULL)) {
- err = MP_VAL;
- }
- /* Need extra digit during calculation. */
- if ((err == MP_OKAY) && (a->used * 2 > r->size)) {
- err = MP_VAL;
- }
- #if 0
- if (err == MP_OKAY) {
- sp_print(a, "a");
- }
- #endif
- if (err == MP_OKAY) {
- if (a->used == 0) {
- _sp_zero(r);
- }
- else
- #ifndef WOLFSSL_SP_SMALL
- #if !defined(WOLFSSL_HAVE_SP_ECC) && defined(HAVE_ECC)
- #if SP_WORD_SIZE == 64
- if (a->used == 4) {
- err = _sp_sqr_4(a, r);
- }
- else
- #endif /* SP_WORD_SIZE == 64 */
- #if SP_WORD_SIZE == 64
- #ifdef SQR_MUL_ASM
- if (a->used == 6) {
- err = _sp_sqr_6(a, r);
- }
- else
- #endif /* SQR_MUL_ASM */
- #endif /* SP_WORD_SIZE == 64 */
- #if SP_WORD_SIZE == 32
- #ifdef SQR_MUL_ASM
- if (a->used == 8) {
- err = _sp_sqr_8(a, r);
- }
- else
- #endif /* SQR_MUL_ASM */
- #endif /* SP_WORD_SIZE == 32 */
- #if SP_WORD_SIZE == 32
- #ifdef SQR_MUL_ASM
- if (a->used == 12) {
- err = _sp_sqr_12(a, r);
- }
- else
- #endif /* SQR_MUL_ASM */
- #endif /* SP_WORD_SIZE == 32 */
- #endif /* !WOLFSSL_HAVE_SP_ECC && HAVE_ECC */
- #if defined(SQR_MUL_ASM) && defined(WOLFSSL_SP_INT_LARGE_COMBA)
- #if SP_INT_DIGITS >= 32
- if (a->used == 16) {
- err = _sp_sqr_16(a, r);
- }
- else
- #endif /* SP_INT_DIGITS >= 32 */
- #if SP_INT_DIGITS >= 48
- if (a->used == 24) {
- err = _sp_sqr_24(a, r);
- }
- else
- #endif /* SP_INT_DIGITS >= 48 */
- #if SP_INT_DIGITS >= 64
- if (a->used == 32) {
- err = _sp_sqr_32(a, r);
- }
- else
- #endif /* SP_INT_DIGITS >= 64 */
- #if SP_INT_DIGITS >= 96
- if (a->used == 48) {
- err = _sp_sqr_48(a, r);
- }
- else
- #endif /* SP_INT_DIGITS >= 96 */
- #if SP_INT_DIGITS >= 128
- if (a->used == 64) {
- err = _sp_sqr_64(a, r);
- }
- else
- #endif /* SP_INT_DIGITS >= 128 */
- #if SP_INT_DIGITS >= 192
- if (a->used == 96) {
- err = _sp_sqr_96(a, r);
- }
- else
- #endif /* SP_INT_DIGITS >= 192 */
- #endif /* SQR_MUL_ASM && WOLFSSL_SP_INT_LARGE_COMBA */
- #endif /* !WOLFSSL_SP_SMALL */
- {
- err = _sp_sqr(a, r);
- }
- }
- #ifdef WOLFSSL_SP_INT_NEGATIVE
- if (err == MP_OKAY) {
- r->sign = MP_ZPOS;
- }
- #endif
- #if 0
- if (err == MP_OKAY) {
- sp_print(r, "rsqr");
- }
- #endif
- return err;
- #endif /* WOLFSSL_SP_MATH && WOLFSSL_SP_SMALL */
- }
- /* END SP_SQR implementations */
- #endif /* WOLFSSL_SP_MATH_ALL || WOLFSSL_HAVE_SP_DH || HAVE_ECC ||
- * (!NO_RSA && !WOLFSSL_RSA_VERIFY_ONLY) */
- #if (!defined(WOLFSSL_RSA_VERIFY_ONLY) && \
- !defined(WOLFSSL_RSA_PUBLIC_ONLY)) || !defined(NO_DH)
- /* Square a mod m and store in r: r = (a * a) mod m
- *
- * @param [in] a SP integer to square.
- * @param [in] m SP integer that is the modulus.
- * @param [out] r SP integer result.
- *
- * @return MP_OKAY on success.
- * @return MP_VAL when a, m or r is NULL; or m is 0; or a squared is too big
- * for fixed data length.
- * @return MP_MEM when dynamic memory allocation fails.
- */
- int sp_sqrmod(sp_int* a, sp_int* m, sp_int* r)
- {
- int err = MP_OKAY;
- if ((a == NULL) || (m == NULL) || (r == NULL)) {
- err = MP_VAL;
- }
- if ((err == MP_OKAY) && (a->used * 2 > r->size)) {
- err = MP_VAL;
- }
- if (err == MP_OKAY) {
- err = sp_sqr(a, r);
- }
- if (err == MP_OKAY) {
- err = sp_mod(r, m, r);
- }
- return err;
- }
- #endif /* !WOLFSSL_RSA_VERIFY_ONLY */
- /**********************
- * Montgomery functions
- **********************/
- #if defined(WOLFSSL_SP_MATH_ALL) || defined(WOLFSSL_HAVE_SP_DH) || \
- defined(WOLFCRYPT_HAVE_ECCSI) || defined(WOLFCRYPT_HAVE_SAKKE)
- /* Reduce a number in montgomery form.
- *
- * Assumes a and m are not NULL and m is not 0.
- *
- * @param [in,out] a SP integer to Montgomery reduce.
- * @param [in] m SP integer that is the modulus.
- * @param [in] mp SP integer digit that is the bottom digit of inv(-m).
- *
- * @return MP_OKAY on success.
- */
- static int _sp_mont_red(sp_int* a, sp_int* m, sp_int_digit mp)
- {
- #if !defined(SQR_MUL_ASM)
- int i;
- int bits;
- sp_int_word w;
- sp_int_digit mu;
- #if 0
- sp_print(a, "a");
- sp_print(m, "m");
- #endif
- bits = sp_count_bits(m);
- for (i = a->used; i < m->used * 2; i++) {
- a->dp[i] = 0;
- }
- if (m->used == 1) {
- mu = mp * a->dp[0];
- w = a->dp[0];
- w += (sp_int_word)mu * m->dp[0];
- a->dp[0] = (sp_int_digit)w;
- w >>= SP_WORD_SIZE;
- w += a->dp[1];
- a->dp[1] = (sp_int_digit)w;
- w >>= SP_WORD_SIZE;
- a->dp[2] = (sp_int_digit)w;
- a->used = 3;
- /* mp is SP_WORD_SIZE */
- bits = SP_WORD_SIZE;
- }
- else {
- sp_int_digit mask = (sp_int_digit)
- ((1UL << (bits & (SP_WORD_SIZE - 1))) - 1);
- sp_int_word o = 0;
- for (i = 0; i < m->used; i++) {
- int j;
- mu = mp * a->dp[i];
- if ((i == m->used - 1) && (mask != 0)) {
- mu &= mask;
- }
- w = a->dp[i];
- w += (sp_int_word)mu * m->dp[0];
- a->dp[i] = (sp_int_digit)w;
- w >>= SP_WORD_SIZE;
- for (j = 1; j < m->used - 1; j++) {
- w += a->dp[i + j];
- w += (sp_int_word)mu * m->dp[j];
- a->dp[i + j] = (sp_int_digit)w;
- w >>= SP_WORD_SIZE;
- }
- w += o;
- w += a->dp[i + j];
- o = (sp_int_digit)(w >> SP_WORD_SIZE);
- w = ((sp_int_word)mu * m->dp[j]) + (sp_int_digit)w;
- a->dp[i + j] = (sp_int_digit)w;
- w >>= SP_WORD_SIZE;
- o += w;
- }
- o += a->dp[m->used * 2 - 1];
- a->dp[m->used * 2 - 1] = (sp_int_digit)o;
- o >>= SP_WORD_SIZE;
- a->dp[m->used * 2] = (sp_int_digit)o;
- a->used = m->used * 2 + 1;
- }
- sp_clamp(a);
- sp_rshb(a, bits, a);
- if (_sp_cmp_abs(a, m) != MP_LT) {
- _sp_sub_off(a, m, a, 0);
- }
- #if 0
- sp_print(a, "rr");
- #endif
- return MP_OKAY;
- #else /* !SQR_MUL_ASM */
- int i;
- int j;
- int bits;
- sp_int_digit mu;
- sp_int_digit o;
- sp_int_digit mask;
- bits = sp_count_bits(m);
- mask = ((sp_int_digit)1 << (bits & (SP_WORD_SIZE - 1))) - 1;
- for (i = a->used; i < m->used * 2; i++) {
- a->dp[i] = 0;
- }
- if (m->used <= 1) {
- #ifndef SQR_MUL_ASM
- sp_int_word w;
- #else
- sp_int_digit l;
- sp_int_digit h;
- sp_int_digit t;
- #endif
- mu = mp * a->dp[0];
- #ifndef SQR_MUL_ASM
- w = a->dp[0];
- w += (sp_int_word)mu * m->dp[0];
- a->dp[0] = (sp_int_digit)w;
- w >>= SP_WORD_SIZE;
- w += a->dp[1];
- a->dp[1] = (sp_int_digit)w;
- w >>= SP_WORD_SIZE;
- a->dp[2] = (sp_int_digit)w;
- #else
- l = a->dp[0];
- h = 0;
- t = m->dp[0];
- SP_ASM_MUL_ADD_NO(l, h, mu, t);
- a->dp[0] = l;
- l = h;
- h = 0;
- t = a->dp[1];
- SP_ASM_ADDC(l, h, t);
- a->dp[1] = l;
- a->dp[2] = h;
- #endif
- a->used = m->used * 2 + 1;
- /* mp is SP_WORD_SIZE */
- bits = SP_WORD_SIZE;
- }
- #ifndef WOLFSSL_HAVE_SP_ECC
- #if SP_WORD_SIZE == 64
- else if ((m->used == 4) && (mask == 0)) {
- sp_int_digit l;
- sp_int_digit h;
- sp_int_digit o2;
- l = 0;
- h = 0;
- o = 0;
- o2 = 0;
- for (i = 0; i < 4; i++) {
- mu = mp * a->dp[0];
- l = a->dp[0];
- SP_ASM_MUL_ADD_NO(l, h, mu, m->dp[0]);
- l = h;
- h = 0;
- SP_ASM_ADDC(l, h, a->dp[1]);
- SP_ASM_MUL_ADD_NO(l, h, mu, m->dp[1]);
- a->dp[0] = l;
- l = h;
- h = 0;
- SP_ASM_ADDC(l, h, a->dp[2]);
- SP_ASM_MUL_ADD_NO(l, h, mu, m->dp[2]);
- a->dp[1] = l;
- l = h;
- h = o2;
- o2 = 0;
- SP_ASM_ADDC_REG(l, h, o);
- SP_ASM_ADDC(l, h, a->dp[i + 3]);
- SP_ASM_MUL_ADD(l, h, o2, mu, m->dp[3]);
- a->dp[2] = l;
- o = h;
- l = h;
- h = 0;
- }
- h = o2;
- SP_ASM_ADDC(l, h, a->dp[7]);
- a->dp[3] = l;
- a->dp[4] = h;
- a->used = 5;
- sp_clamp(a);
- if (_sp_cmp_abs(a, m) != MP_LT) {
- sp_sub(a, m, a);
- }
- return MP_OKAY;
- }
- else if ((m->used == 6) && (mask == 0)) {
- sp_int_digit l;
- sp_int_digit h;
- sp_int_digit o2;
- l = 0;
- h = 0;
- o = 0;
- o2 = 0;
- for (i = 0; i < 6; i++) {
- mu = mp * a->dp[0];
- l = a->dp[0];
- SP_ASM_MUL_ADD_NO(l, h, mu, m->dp[0]);
- l = h;
- h = 0;
- SP_ASM_ADDC(l, h, a->dp[1]);
- SP_ASM_MUL_ADD_NO(l, h, mu, m->dp[1]);
- a->dp[0] = l;
- l = h;
- h = 0;
- SP_ASM_ADDC(l, h, a->dp[2]);
- SP_ASM_MUL_ADD_NO(l, h, mu, m->dp[2]);
- a->dp[1] = l;
- l = h;
- h = 0;
- SP_ASM_ADDC(l, h, a->dp[3]);
- SP_ASM_MUL_ADD_NO(l, h, mu, m->dp[3]);
- a->dp[2] = l;
- l = h;
- h = 0;
- SP_ASM_ADDC(l, h, a->dp[4]);
- SP_ASM_MUL_ADD_NO(l, h, mu, m->dp[4]);
- a->dp[3] = l;
- l = h;
- h = o2;
- o2 = 0;
- SP_ASM_ADDC_REG(l, h, o);
- SP_ASM_ADDC(l, h, a->dp[i + 5]);
- SP_ASM_MUL_ADD(l, h, o2, mu, m->dp[5]);
- a->dp[4] = l;
- o = h;
- l = h;
- h = 0;
- }
- h = o2;
- SP_ASM_ADDC(l, h, a->dp[11]);
- a->dp[5] = l;
- a->dp[6] = h;
- a->used = 7;
- sp_clamp(a);
- if (_sp_cmp_abs(a, m) != MP_LT) {
- sp_sub(a, m, a);
- }
- return MP_OKAY;
- }
- #elif SP_WORD_SIZE == 32
- else if ((m->used <= 12) && (mask == 0)) {
- sp_int_digit l;
- sp_int_digit h;
- sp_int_digit o2;
- sp_int_digit* ad;
- sp_int_digit* md;
- o = 0;
- o2 = 0;
- ad = a->dp;
- for (i = 0; i < m->used; i++) {
- md = m->dp;
- mu = mp * ad[0];
- l = ad[0];
- h = 0;
- SP_ASM_MUL_ADD_NO(l, h, mu, *(md++));
- l = h;
- for (j = 1; j + 1 < m->used - 1; j += 2) {
- h = 0;
- SP_ASM_ADDC(l, h, ad[j]);
- SP_ASM_MUL_ADD_NO(l, h, mu, *(md++));
- ad[j - 1] = l;
- l = 0;
- SP_ASM_ADDC(h, l, ad[j + 1]);
- SP_ASM_MUL_ADD_NO(h, l, mu, *(md++));
- ad[j] = h;
- }
- for (; j < m->used - 1; j++) {
- h = 0;
- SP_ASM_ADDC(l, h, ad[j]);
- SP_ASM_MUL_ADD_NO(l, h, mu, *(md++));
- ad[j - 1] = l;
- l = h;
- }
- h = o2;
- o2 = 0;
- SP_ASM_ADDC_REG(l, h, o);
- SP_ASM_ADDC(l, h, ad[i + j]);
- SP_ASM_MUL_ADD(l, h, o2, mu, *md);
- ad[j - 1] = l;
- o = h;
- }
- l = o;
- h = o2;
- SP_ASM_ADDC(l, h, a->dp[m->used * 2 - 1]);
- a->dp[m->used - 1] = l;
- a->dp[m->used] = h;
- a->used = m->used + 1;
- sp_clamp(a);
- if (_sp_cmp_abs(a, m) != MP_LT) {
- sp_sub(a, m, a);
- }
- return MP_OKAY;
- }
- #endif /* SP_WORD_SIZE == 64 | 32 */
- #endif /* WOLFSSL_HAVE_SP_ECC */
- else {
- sp_int_digit l;
- sp_int_digit h;
- sp_int_digit o2;
- sp_int_digit* ad;
- sp_int_digit* md;
- o = 0;
- o2 = 0;
- ad = a->dp;
- for (i = 0; i < m->used; i++, ad++) {
- md = m->dp;
- mu = mp * ad[0];
- if ((i == m->used - 1) && (mask != 0)) {
- mu &= mask;
- }
- l = ad[0];
- h = 0;
- SP_ASM_MUL_ADD_NO(l, h, mu, *(md++));
- ad[0] = l;
- l = h;
- for (j = 1; j + 1 < m->used - 1; j += 2) {
- h = 0;
- SP_ASM_ADDC(l, h, ad[j + 0]);
- SP_ASM_MUL_ADD_NO(l, h, mu, *(md++));
- ad[j + 0] = l;
- l = 0;
- SP_ASM_ADDC(h, l, ad[j + 1]);
- SP_ASM_MUL_ADD_NO(h, l, mu, *(md++));
- ad[j + 1] = h;
- }
- for (; j < m->used - 1; j++) {
- h = 0;
- SP_ASM_ADDC(l, h, ad[j]);
- SP_ASM_MUL_ADD_NO(l, h, mu, *(md++));
- ad[j] = l;
- l = h;
- }
- h = o2;
- o2 = 0;
- SP_ASM_ADDC_REG(l, h, o);
- SP_ASM_ADDC(l, h, ad[j]);
- SP_ASM_MUL_ADD(l, h, o2, mu, *md);
- ad[j] = l;
- o = h;
- }
- l = o;
- h = o2;
- SP_ASM_ADDC(l, h, a->dp[m->used * 2 - 1]);
- a->dp[m->used * 2 - 1] = l;
- a->dp[m->used * 2] = h;
- a->used = m->used * 2 + 1;
- }
- sp_clamp(a);
- sp_rshb(a, bits, a);
- if (_sp_cmp_abs(a, m) != MP_LT) {
- sp_sub(a, m, a);
- }
- return MP_OKAY;
- #endif /* !SQR_MUL_ASM */
- }
- #if !defined(WOLFSSL_RSA_VERIFY_ONLY) || \
- (defined(WOLFSSL_SP_MATH_ALL) && defined(HAVE_ECC))
- /* Reduce a number in montgomery form.
- *
- * @param [in,out] a SP integer to Montgomery reduce.
- * @param [in] m SP integer that is the modulus.
- * @param [in] mp SP integer digit that is the bottom digit of inv(-m).
- *
- * @return MP_OKAY on success.
- * @return MP_VAL when a or m is NULL or m is zero.
- */
- int sp_mont_red(sp_int* a, sp_int* m, sp_int_digit mp)
- {
- int err;
- if ((a == NULL) || (m == NULL) || sp_iszero(m)) {
- err = MP_VAL;
- }
- else if (a->size < m->used * 2 + 1) {
- err = MP_VAL;
- }
- else {
- err = _sp_mont_red(a, m, mp);
- }
- return err;
- }
- #endif
- /* Calculate the bottom digit of the inverse of negative m.
- *
- * Used when performing Montgomery Reduction.
- *
- * @param [in] m SP integer that is the modulus.
- * @param [out] mp SP integer digit that is the bottom digit of inv(-m).
- *
- * @return MP_OKAY on success.
- * @return MP_VAL when m or rho is NULL.
- */
- int sp_mont_setup(sp_int* m, sp_int_digit* rho)
- {
- int err = MP_OKAY;
- if ((m == NULL) || (rho == NULL)) {
- err = MP_VAL;
- }
- if ((err == MP_OKAY) && !sp_isodd(m)) {
- err = MP_VAL;
- }
- if (err == MP_OKAY) {
- sp_int_digit x;
- sp_int_digit b;
- b = m->dp[0];
- x = (((b + 2) & 4) << 1) + b; /* here x*a==1 mod 2**4 */
- x *= 2 - b * x; /* here x*a==1 mod 2**8 */
- #if SP_WORD_SIZE >= 16
- x *= 2 - b * x; /* here x*a==1 mod 2**16 */
- #if SP_WORD_SIZE >= 32
- x *= 2 - b * x; /* here x*a==1 mod 2**32 */
- #if SP_WORD_SIZE >= 64
- x *= 2 - b * x; /* here x*a==1 mod 2**64 */
- #endif /* SP_WORD_SIZE >= 64 */
- #endif /* SP_WORD_SIZE >= 32 */
- #endif /* SP_WORD_SIZE >= 16 */
- /* rho = -1/m mod b, subtract x (unsigned) from 0, assign negative */
- *rho = (sp_int_digit)((sp_int_digit)0 - (sp_sint_digit)x);
- }
- return err;
- }
- /* Calculate the normalization value of m.
- * norm = 2^k - m, where k is the number of bits in m
- *
- * @param [out] norm SP integer that normalises numbers into Montgomery
- * form.
- * @param [in] m SP integer that is the modulus.
- *
- * @return MP_OKAY on success.
- * @return MP_VAL when norm or m is NULL, or number of bits in m is maximual.
- */
- int sp_mont_norm(sp_int* norm, sp_int* m)
- {
- int err = MP_OKAY;
- int bits = 0;
- if ((norm == NULL) || (m == NULL)) {
- err = MP_VAL;
- }
- if (err == MP_OKAY) {
- bits = sp_count_bits(m);
- if (bits == m->size * SP_WORD_SIZE) {
- err = MP_VAL;
- }
- }
- if (err == MP_OKAY) {
- if (bits < SP_WORD_SIZE) {
- bits = SP_WORD_SIZE;
- }
- _sp_zero(norm);
- sp_set_bit(norm, bits);
- err = sp_sub(norm, m, norm);
- }
- if ((err == MP_OKAY) && (bits == SP_WORD_SIZE)) {
- norm->dp[0] %= m->dp[0];
- }
- if (err == MP_OKAY) {
- sp_clamp(norm);
- }
- return err;
- }
- #endif /* WOLFSSL_SP_MATH_ALL || WOLFSSL_HAVE_SP_DH ||
- * WOLFCRYPT_HAVE_ECCSI || WOLFCRYPT_HAVE_SAKKE */
- /*********************************
- * To and from binary and strings.
- *********************************/
- /* Calculate the number of 8-bit values required to represent the
- * multi-precision number.
- *
- * When a is NULL, return s 0.
- *
- * @param [in] a SP integer.
- *
- * @return The count of 8-bit values.
- */
- int sp_unsigned_bin_size(const sp_int* a)
- {
- int cnt = 0;
- if (a != NULL) {
- cnt = (sp_count_bits(a) + 7) / 8;
- }
- return cnt;
- }
- /* Convert a number as an array of bytes in big-endian format to a
- * multi-precision number.
- *
- * @param [out] a SP integer.
- * @param [in] in Array of bytes.
- * @param [in] inSz Number of data bytes in array.
- *
- * @return MP_OKAY on success.
- * @return MP_VAL when the number is too big to fit in an SP.
- */
- int sp_read_unsigned_bin(sp_int* a, const byte* in, word32 inSz)
- {
- int err = MP_OKAY;
- if ((a == NULL) || ((in == NULL) && (inSz > 0))) {
- err = MP_VAL;
- }
- if ((err == MP_OKAY) && (inSz > (word32)a->size * SP_WORD_SIZEOF)) {
- err = MP_VAL;
- }
- #ifndef LITTLE_ENDIAN_ORDER
- if (err == MP_OKAY) {
- int i;
- int j;
- int s;
- a->used = (inSz + SP_WORD_SIZEOF - 1) / SP_WORD_SIZEOF;
- #ifndef WOLFSSL_SP_INT_DIGIT_ALIGN
- for (i = inSz-1,j = 0; i > SP_WORD_SIZEOF-1; i -= SP_WORD_SIZEOF,j++) {
- a->dp[j] = *(sp_int_digit*)(in + i - (SP_WORD_SIZEOF - 1));
- }
- #else
- for (i = inSz-1, j = 0; i >= SP_WORD_SIZEOF - 1; i -= SP_WORD_SIZEOF) {
- a->dp[j] = ((sp_int_digit)in[i - 0] << 0);
- #if SP_WORD_SIZE >= 16
- a->dp[j] |= ((sp_int_digit)in[i - 1] << 8);
- #endif
- #if SP_WORD_SIZE >= 32
- a->dp[j] |= ((sp_int_digit)in[i - 2] << 16) |
- ((sp_int_digit)in[i - 3] << 24);
- #endif
- #if SP_WORD_SIZE >= 64
- a->dp[j] |= ((sp_int_digit)in[i - 4] << 32) |
- ((sp_int_digit)in[i - 5] << 40) |
- ((sp_int_digit)in[i - 6] << 48) |
- ((sp_int_digit)in[i - 7] << 56);
- #endif
- j++;
- }
- #endif
- if (i >= 0) {
- a->dp[a->used - 1] = 0;
- for (s = 0; i >= 0; i--,s += 8) {
- a->dp[j] |= ((sp_int_digit)in[i]) << s;
- }
- }
- sp_clamp(a);
- }
- #else
- if (err == MP_OKAY) {
- int i;
- int j;
- a->used = (inSz + SP_WORD_SIZEOF - 1) / SP_WORD_SIZEOF;
- for (i = inSz-1, j = 0; i >= SP_WORD_SIZEOF - 1; i -= SP_WORD_SIZEOF) {
- a->dp[j] = ((sp_int_digit)in[i - 0] << 0);
- #if SP_WORD_SIZE >= 16
- a->dp[j] |= ((sp_int_digit)in[i - 1] << 8);
- #endif
- #if SP_WORD_SIZE >= 32
- a->dp[j] |= ((sp_int_digit)in[i - 2] << 16) |
- ((sp_int_digit)in[i - 3] << 24);
- #endif
- #if SP_WORD_SIZE >= 64
- a->dp[j] |= ((sp_int_digit)in[i - 4] << 32) |
- ((sp_int_digit)in[i - 5] << 40) |
- ((sp_int_digit)in[i - 6] << 48) |
- ((sp_int_digit)in[i - 7] << 56);
- #endif
- j++;
- }
- #if SP_WORD_SIZE >= 16
- if (i >= 0) {
- byte *d = (byte*)a->dp;
- a->dp[a->used - 1] = 0;
- switch (i) {
- case 6: d[inSz - 1 - 6] = in[6]; FALL_THROUGH;
- case 5: d[inSz - 1 - 5] = in[5]; FALL_THROUGH;
- case 4: d[inSz - 1 - 4] = in[4]; FALL_THROUGH;
- case 3: d[inSz - 1 - 3] = in[3]; FALL_THROUGH;
- case 2: d[inSz - 1 - 2] = in[2]; FALL_THROUGH;
- case 1: d[inSz - 1 - 1] = in[1]; FALL_THROUGH;
- case 0: d[inSz - 1 - 0] = in[0];
- }
- }
- #endif
- sp_clamp(a);
- }
- #endif /* LITTLE_ENDIAN_ORDER */
- return err;
- }
- /* Convert the multi-precision number to an array of bytes in big-endian format.
- *
- * The array must be large enough for encoded number - use mp_unsigned_bin_size
- * to calculate the number of bytes required.
- *
- * @param [in] a SP integer.
- * @param [out] out Array to put encoding into.
- *
- * @return MP_OKAY on success.
- * @return MP_VAL when a or out is NULL.
- */
- int sp_to_unsigned_bin(sp_int* a, byte* out)
- {
- return sp_to_unsigned_bin_len(a, out, sp_unsigned_bin_size(a));
- }
- /* Convert the multi-precision number to an array of bytes in big-endian format.
- *
- * The array must be large enough for encoded number - use mp_unsigned_bin_size
- * to calculate the number of bytes required.
- * Front-pads the output array with zeros make number the size of the array.
- *
- * @param [in] a SP integer.
- * @param [out] out Array to put encoding into.
- * @param [in] outSz Size of the array in bytes.
- *
- * @return MP_OKAY on success.
- * @return MP_VAL when a or out is NULL.
- */
- int sp_to_unsigned_bin_len(sp_int* a, byte* out, int outSz)
- {
- int err = MP_OKAY;
- if ((a == NULL) || (out == NULL)) {
- err = MP_VAL;
- }
- if (err == MP_OKAY) {
- int j = outSz - 1;
- if (!sp_iszero(a)) {
- int i;
- for (i = 0; (j >= 0) && (i < a->used); i++) {
- int b;
- for (b = 0; b < SP_WORD_SIZE; b += 8) {
- out[j--] = (byte)(a->dp[i] >> b);
- if (j < 0) {
- break;
- }
- }
- }
- }
- for (; j >= 0; j--) {
- out[j] = 0;
- }
- }
- return err;
- }
- #if defined(WOLFSSL_SP_MATH_ALL) && !defined(NO_RSA) && !defined(WOLFSSL_RSA_VERIFY_ONLY)
- /* Store the number in big-endian format in array at an offset.
- * The array must be large enough for encoded number - use mp_unsigned_bin_size
- * to calculate the number of bytes required.
- *
- * @param [in] o Offset into array o start encoding.
- * @param [in] a SP integer.
- * @param [out] out Array to put encoding into.
- *
- * @return Index of next byte after data.
- * @return MP_VAL when a or out is NULL.
- */
- int sp_to_unsigned_bin_at_pos(int o, sp_int*a, unsigned char* out)
- {
- int ret = sp_to_unsigned_bin(a, out + o);
- if (ret == MP_OKAY) {
- ret = o + sp_unsigned_bin_size(a);
- }
- return ret;
- }
- #endif /* WOLFSSL_SP_MATH_ALL && !NO_RSA && !WOLFSSL_RSA_VERIFY_ONLY */
- #if (defined(WOLFSSL_SP_MATH_ALL) && !defined(NO_RSA) && !defined(WOLFSSL_RSA_VERIFY_ONLY)) || \
- defined(HAVE_ECC) || !defined(NO_DSA)
- /* Convert hexadecimal number as string in big-endian format to a
- * multi-precision number.
- *
- * Negative values supported when compiled with WOLFSSL_SP_INT_NEGATIVE.
- *
- * @param [out] a SP integer.
- * @param [in] in NUL terminated string.
- *
- * @return MP_OKAY on success.
- * @return MP_VAL when radix not supported, value is negative, or a character
- * is not valid.
- */
- static int _sp_read_radix_16(sp_int* a, const char* in)
- {
- int err = MP_OKAY;
- int i;
- int s = 0;
- int j = 0;
- #ifdef WOLFSSL_SP_INT_NEGATIVE
- if (*in == '-') {
- a->sign = MP_NEG;
- in++;
- }
- #endif
- while (*in == '0') {
- in++;
- }
- a->dp[0] = 0;
- for (i = (int)(XSTRLEN(in) - 1); i >= 0; i--) {
- int ch = (int)HexCharToByte(in[i]);
- if (ch < 0) {
- err = MP_VAL;
- break;
- }
- if (s == SP_WORD_SIZE) {
- j++;
- if (j >= a->size) {
- err = MP_VAL;
- break;
- }
- s = 0;
- a->dp[j] = 0;
- }
- a->dp[j] |= ((sp_int_digit)ch) << s;
- s += 4;
- }
- if (err == MP_OKAY) {
- a->used = j + 1;
- sp_clamp(a);
- #ifdef WOLFSSL_SP_INT_NEGATIVE
- if (sp_iszero(a)) {
- a->sign = MP_ZPOS;
- }
- #endif
- }
- return err;
- }
- #endif /* (WOLFSSL_SP_MATH_ALL && !NO_RSA && !WOLFSSL_RSA_VERIFY_ONLY) || HAVE_ECC */
- #ifdef WOLFSSL_SP_READ_RADIX_10
- /* Convert decimal number as string in big-endian format to a multi-precision
- * number.
- *
- * Negative values supported when compiled with WOLFSSL_SP_INT_NEGATIVE.
- *
- * @param [out] a SP integer.
- * @param [in] in NUL terminated string.
- *
- * @return MP_OKAY on success.
- * @return MP_VAL when radix not supported, value is negative, or a character
- * is not valid.
- */
- static int _sp_read_radix_10(sp_int* a, const char* in)
- {
- int err = MP_OKAY;
- int i;
- int len;
- char ch;
- _sp_zero(a);
- #ifdef WOLFSSL_SP_INT_NEGATIVE
- if (*in == '-') {
- a->sign = MP_NEG;
- in++;
- }
- #endif /* WOLFSSL_SP_INT_NEGATIVE */
- while (*in == '0') {
- in++;
- }
- len = (int)XSTRLEN(in);
- for (i = 0; i < len; i++) {
- ch = in[i];
- if ((ch >= '0') && (ch <= '9')) {
- ch -= '0';
- }
- else {
- err = MP_VAL;
- break;
- }
- err = _sp_mul_d(a, 10, a, 0);
- if (err != MP_OKAY) {
- break;
- }
- err = _sp_add_d(a, ch, a);
- if (err != MP_OKAY) {
- break;
- }
- }
- #ifdef WOLFSSL_SP_INT_NEGATIVE
- if ((err == MP_OKAY) && sp_iszero(a)) {
- a->sign = MP_ZPOS;
- }
- #endif
- return err;
- }
- #endif /* WOLFSSL_SP_READ_RADIX_10 */
- #if (defined(WOLFSSL_SP_MATH_ALL) && !defined(NO_RSA) && \
- !defined(WOLFSSL_RSA_VERIFY_ONLY)) || defined(HAVE_ECC) || !defined(NO_DSA)
- /* Convert a number as string in big-endian format to a big number.
- * Only supports base-16 (hexadecimal) and base-10 (decimal).
- *
- * Negative values supported when WOLFSSL_SP_INT_NEGATIVE is defined.
- *
- * @param [out] a SP integer.
- * @param [in] in NUL terminated string.
- * @param [in] radix Number of values in a digit.
- *
- * @return MP_OKAY on success.
- * @return MP_VAL when a or in is NULL, radix not supported, value is negative,
- * or a character is not valid.
- */
- int sp_read_radix(sp_int* a, const char* in, int radix)
- {
- int err = MP_OKAY;
- if ((a == NULL) || (in == NULL)) {
- err = MP_VAL;
- }
- if (err == MP_OKAY) {
- #ifndef WOLFSSL_SP_INT_NEGATIVE
- if (*in == '-') {
- err = MP_VAL;
- }
- else
- #endif
- if (radix == 16) {
- err = _sp_read_radix_16(a, in);
- }
- #ifdef WOLFSSL_SP_READ_RADIX_10
- else if (radix == 10) {
- err = _sp_read_radix_10(a, in);
- }
- #endif
- else {
- err = MP_VAL;
- }
- }
- return err;
- }
- #endif /* (WOLFSSL_SP_MATH_ALL && !NO_RSA && !WOLFSSL_RSA_VERIFY_ONLY) || HAVE_ECC */
- #if (defined(WOLFSSL_SP_MATH_ALL) && !defined(WOLFSSL_RSA_VERIFY_ONLY)) || \
- defined(WC_MP_TO_RADIX)
- /* Put the big-endian, hex string encoding of a into str.
- *
- * Assumes str is large enough for result.
- * Use sp_radix_size() to calculate required length.
- *
- * @param [in] a SP integer to convert.
- * @param [out] str String to hold hex string result.
- *
- * @return MP_OKAY on success.
- * @return MP_VAL when a or str is NULL.
- */
- int sp_tohex(sp_int* a, char* str)
- {
- int err = MP_OKAY;
- int i;
- int j;
- if ((a == NULL) || (str == NULL)) {
- err = MP_VAL;
- }
- if (err == MP_OKAY) {
- /* quick out if its zero */
- if (sp_iszero(a) == MP_YES) {
- #ifndef WC_DISABLE_RADIX_ZERO_PAD
- *str++ = '0';
- #endif /* WC_DISABLE_RADIX_ZERO_PAD */
- *str++ = '0';
- *str = '\0';
- }
- else {
- #ifdef WOLFSSL_SP_INT_NEGATIVE
- if (a->sign == MP_NEG) {
- *str = '-';
- str++;
- }
- #endif /* WOLFSSL_SP_INT_NEGATIVE */
- i = a->used - 1;
- #ifndef WC_DISABLE_RADIX_ZERO_PAD
- /* Find highest non-zero byte in most-significant word. */
- for (j = SP_WORD_SIZE - 8; j >= 0; j -= 8) {
- if (((a->dp[i] >> j) & 0xff) != 0) {
- break;
- }
- else if (j == 0) {
- j = SP_WORD_SIZE - 8;
- --i;
- }
- }
- /* Start with high nibble of byte. */
- j += 4;
- #else
- /* Find highest non-zero nibble in most-significant word. */
- for (j = SP_WORD_SIZE - 4; j >= 0; j -= 4) {
- if (((a->dp[i] >> j) & 0xf) != 0) {
- break;
- }
- else if (j == 0) {
- j = SP_WORD_SIZE - 4;
- --i;
- }
- }
- #endif /* WC_DISABLE_RADIX_ZERO_PAD */
- /* Most-significant word. */
- for (; j >= 0; j -= 4) {
- *(str++) = ByteToHex((byte)(a->dp[i] >> j));
- }
- for (--i; i >= 0; i--) {
- for (j = SP_WORD_SIZE - 4; j >= 0; j -= 4) {
- *(str++) = (byte)ByteToHex((byte)(a->dp[i] >> j));
- }
- }
- *str = '\0';
- }
- }
- return err;
- }
- #endif /* (WOLFSSL_SP_MATH_ALL && !WOLFSSL_RSA_VERIFY_ONLY) || WC_MP_TO_RADIX */
- #if (defined(WOLFSSL_SP_MATH_ALL) && !defined(WOLFSSL_RSA_VERIFY_ONLY)) || \
- defined(WOLFSSL_KEY_GEN) || defined(HAVE_COMP_KEY) || \
- defined(WC_MP_TO_RADIX)
- /* Put the big-endian, decimal string encoding of a into str.
- *
- * Assumes str is large enough for result.
- * Use sp_radix_size() to calculate required length.
- *
- * @param [in] a SP integer to convert.
- * @param [out] str String to hold hex string result.
- *
- * @return MP_OKAY on success.
- * @return MP_VAL when a or str is NULL.
- * @return MP_MEM when dynamic memory allocation fails.
- */
- int sp_todecimal(sp_int* a, char* str)
- {
- int err = MP_OKAY;
- int i;
- int j;
- sp_int_digit d;
- if ((a == NULL) || (str == NULL)) {
- err = MP_VAL;
- }
- /* quick out if its zero */
- else if (sp_iszero(a) == MP_YES) {
- *str++ = '0';
- *str = '\0';
- }
- else {
- DECL_SP_INT(t, a->used + 1);
- ALLOC_SP_INT_SIZE(t, a->used + 1, err, NULL);
- if (err == MP_OKAY) {
- err = sp_copy(a, t);
- }
- if (err == MP_OKAY) {
- #ifdef WOLFSSL_SP_INT_NEGATIVE
- if (a->sign == MP_NEG) {
- *str = '-';
- str++;
- }
- #endif /* WOLFSSL_SP_INT_NEGATIVE */
- i = 0;
- while (!sp_iszero(t)) {
- sp_div_d(t, 10, t, &d);
- str[i++] = (char)('0' + d);
- }
- str[i] = '\0';
- for (j = 0; j <= (i - 1) / 2; j++) {
- int c = (unsigned char)str[j];
- str[j] = str[i - 1 - j];
- str[i - 1 - j] = (char)c;
- }
- }
- FREE_SP_INT(t, NULL);
- }
- return err;
- }
- #endif /* WOLFSSL_SP_MATH_ALL || WOLFSSL_KEY_GEN || HAVE_COMP_KEY */
- #if (defined(WOLFSSL_SP_MATH_ALL) && !defined(WOLFSSL_RSA_VERIFY_ONLY)) || \
- defined(WC_MP_TO_RADIX)
- /* Put the string version, big-endian, of a in str using the given radix.
- *
- * @param [in] a SP integer to convert.
- * @param [out] str String to hold hex string result.
- * @param [in] radix Base of character.
- * Valid values: MP_RADIX_HEX, MP_RADIX_DEC.
- *
- * @return MP_OKAY on success.
- * @return MP_VAL when a or str is NULL, or radix not supported.
- */
- int sp_toradix(sp_int* a, char* str, int radix)
- {
- int err = MP_OKAY;
- if ((a == NULL) || (str == NULL)) {
- err = MP_VAL;
- }
- else if (radix == MP_RADIX_HEX) {
- err = sp_tohex(a, str);
- }
- #if defined(WOLFSSL_SP_MATH_ALL) || defined(WOLFSSL_KEY_GEN) || \
- defined(HAVE_COMP_KEY)
- else if (radix == MP_RADIX_DEC) {
- err = sp_todecimal(a, str);
- }
- #endif /* WOLFSSL_SP_MATH_ALL || WOLFSSL_KEY_GEN || HAVE_COMP_KEY */
- else {
- err = MP_VAL;
- }
- return err;
- }
- #endif /* (WOLFSSL_SP_MATH_ALL && !WOLFSSL_RSA_VERIFY_ONLY) || WC_MP_TO_RADIX */
- #if (defined(WOLFSSL_SP_MATH_ALL) && !defined(WOLFSSL_RSA_VERIFY_ONLY)) || \
- defined(WC_MP_TO_RADIX)
- /* Calculate the length of the string version, big-endian, of a using the given
- * radix.
- *
- * @param [in] a SP integer to convert.
- * @param [in] radix Base of character.
- * Valid values: MP_RADIX_HEX, MP_RADIX_DEC.
- * @param [out] size The number of characters in encoding.
- *
- * @return MP_OKAY on success.
- * @return MP_VAL when a or size is NULL, or radix not supported.
- */
- int sp_radix_size(sp_int* a, int radix, int* size)
- {
- int err = MP_OKAY;
- if ((a == NULL) || (size == NULL)) {
- err = MP_VAL;
- }
- else if (radix == MP_RADIX_HEX) {
- if (a->used == 0) {
- #ifndef WC_DISABLE_RADIX_ZERO_PAD
- /* 00 and '\0' */
- *size = 2 + 1;
- #else
- /* Zero and '\0' */
- *size = 1 + 1;
- #endif /* WC_DISABLE_RADIX_ZERO_PAD */
- }
- else {
- int nibbles = (sp_count_bits(a) + 3) / 4;
- #ifndef WC_DISABLE_RADIX_ZERO_PAD
- if (nibbles & 1) {
- nibbles++;
- }
- #endif /* WC_DISABLE_RADIX_ZERO_PAD */
- #ifdef WOLFSSL_SP_INT_NEGATIVE
- if (a->sign == MP_NEG) {
- nibbles++;
- }
- #endif /* WOLFSSL_SP_INT_NEGATIVE */
- /* One more for \0 */
- *size = nibbles + 1;
- }
- }
- #if defined(WOLFSSL_SP_MATH_ALL) || defined(WOLFSSL_KEY_GEN) || \
- defined(HAVE_COMP_KEY)
- else if (radix == MP_RADIX_DEC) {
- int i;
- sp_int_digit d;
- /* quick out if its zero */
- if (sp_iszero(a) == MP_YES) {
- /* Zero and '\0' */
- *size = 1 + 1;
- }
- else {
- DECL_SP_INT(t, a->used + 1);
- ALLOC_SP_INT(t, a->used + 1, err, NULL);
- if (err == MP_OKAY) {
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
- t->size = a->used + 1;
- #endif /* WOLFSSL_SMALL_STACK && !WOLFSSL_SP_NO_MALLOC */
- err = sp_copy(a, t);
- }
- if (err == MP_OKAY) {
- for (i = 0; !sp_iszero(t); i++) {
- sp_div_d(t, 10, t, &d);
- }
- #ifdef WOLFSSL_SP_INT_NEGATIVE
- if (a->sign == MP_NEG) {
- i++;
- }
- #endif /* WOLFSSL_SP_INT_NEGATIVE */
- /* One more for \0 */
- *size = i + 1;
- }
- FREE_SP_INT(t, NULL);
- }
- }
- #endif /* WOLFSSL_SP_MATH_ALL || WOLFSSL_KEY_GEN || HAVE_COMP_KEY */
- else {
- err = MP_VAL;
- }
- return err;
- }
- #endif /* (WOLFSSL_SP_MATH_ALL && !WOLFSSL_RSA_VERIFY_ONLY) || WC_MP_TO_RADIX */
- /***************************************
- * Prime number generation and checking.
- ***************************************/
- #if defined(WOLFSSL_KEY_GEN) && (!defined(NO_RSA) || !defined(NO_DH) || \
- !defined(NO_DSA)) && !defined(WC_NO_RNG)
- /* Generate a random prime for RSA only.
- *
- * @param [out] r SP integer to hold result.
- * @param [in] len Number of bytes in prime.
- * @param [in] rng Random number generator.
- * @param [in] heap Heap hint. Unused.
- *
- * @return MP_OKAY on success
- * @return MP_VAL when r or rng is NULL, length is not supported or random
- * number generator fails.
- */
- int sp_rand_prime(sp_int* r, int len, WC_RNG* rng, void* heap)
- {
- static const int USE_BBS = 1;
- int err = MP_OKAY;
- int type = 0;
- int isPrime = MP_NO;
- #ifdef WOLFSSL_SP_MATH_ALL
- int bits = 0;
- #endif /* WOLFSSL_SP_MATH_ALL */
- (void)heap;
- /* Check NULL parameters and 0 is not prime so 0 bytes is invalid. */
- if ((r == NULL) || (rng == NULL) || (len == 0)) {
- err = MP_VAL;
- }
- if (err == MP_OKAY) {
- /* get type */
- if (len < 0) {
- type = USE_BBS;
- len = -len;
- }
- #ifndef WOLFSSL_SP_MATH_ALL
- /* For minimal maths, support only what's in SP and needed for DH. */
- #if defined(WOLFSSL_HAVE_SP_DH) && defined(WOLFSSL_KEY_GEN)
- if (len == 32) {
- }
- else
- #endif /* WOLFSSL_HAVE_SP_DH && WOLFSSL_KEY_GEN */
- /* Generate RSA primes that are half the modulus length. */
- #ifndef WOLFSSL_SP_NO_3072
- if ((len != 128) && (len != 192))
- #else
- if (len != 128)
- #endif /* WOLFSSL_SP_NO_3072 */
- {
- err = MP_VAL;
- }
- #endif /* !WOLFSSL_SP_MATH_ALL */
- #ifdef WOLFSSL_SP_INT_NEGATIVE
- r->sign = MP_ZPOS;
- #endif /* WOLFSSL_SP_INT_NEGATIVE */
- r->used = (len + SP_WORD_SIZEOF - 1) / SP_WORD_SIZEOF;
- #ifdef WOLFSSL_SP_MATH_ALL
- bits = (len * 8) & SP_WORD_MASK;
- #endif /* WOLFSSL_SP_MATH_ALL */
- }
- /* Assume the candidate is probably prime and then test until
- * it is proven composite. */
- while (err == MP_OKAY && isPrime == MP_NO) {
- #ifdef SHOW_GEN
- printf(".");
- fflush(stdout);
- #endif /* SHOW_GEN */
- /* generate value */
- err = wc_RNG_GenerateBlock(rng, (byte*)r->dp, len);
- if (err != 0) {
- err = MP_VAL;
- break;
- }
- /* munge bits */
- #ifndef LITTLE_ENDIAN_ORDER
- ((byte*)(r->dp + r->used - 1))[0] |= 0x80 | 0x40;
- #else
- ((byte*)r->dp)[len-1] |= 0x80 | 0x40;
- #endif /* LITTLE_ENDIAN_ORDER */
- r->dp[0] |= 0x01 | ((type & USE_BBS) ? 0x02 : 0x00);
- #ifndef LITTLE_ENDIAN_ORDER
- if (((len * 8) & SP_WORD_MASK) != 0) {
- r->dp[r->used-1] >>= SP_WORD_SIZE - ((len * 8) & SP_WORD_MASK);
- }
- #endif /* LITTLE_ENDIAN_ORDER */
- #ifdef WOLFSSL_SP_MATH_ALL
- if (bits > 0) {
- r->dp[r->used - 1] &= ((sp_int_digit)1 << bits) - 1;
- }
- #endif /* WOLFSSL_SP_MATH_ALL */
- /* test */
- /* Running Miller-Rabin up to 3 times gives us a 2^{-80} chance
- * of a 1024-bit candidate being a false positive, when it is our
- * prime candidate. (Note 4.49 of Handbook of Applied Cryptography.)
- * Using 8 because we've always used 8 */
- sp_prime_is_prime_ex(r, 8, &isPrime, rng);
- }
- return err;
- }
- #endif /* WOLFSSL_KEY_GEN && (!NO_DH || !NO_DSA) && !WC_NO_RNG */
- #ifdef WOLFSSL_SP_PRIME_GEN
- /* Miller-Rabin test of "a" to the base of "b" as described in
- * HAC pp. 139 Algorithm 4.24
- *
- * Sets result to 0 if definitely composite or 1 if probably prime.
- * Randomly the chance of error is no more than 1/4 and often
- * very much lower.
- *
- * @param [in] a SP integer to check.
- * @param [in] b SP integer that is a small prime.
- * @param [out] result MP_YES when number is likey prime.
- * MP_NO otherwise.
- * @param [in] n1 SP integer temporary.
- * @param [in] y SP integer temporary.
- * @param [in] r SP integer temporary.
- *
- * @return MP_OKAY on success.
- * @return MP_MEM when dynamic memory allocation fails.
- */
- static int sp_prime_miller_rabin_ex(sp_int* a, sp_int* b, int* result,
- sp_int* n1, sp_int* y, sp_int* r)
- {
- int s;
- int j;
- int err = MP_OKAY;
- /* default */
- *result = MP_NO;
- /* ensure b > 1 */
- if (sp_cmp_d(b, 1) == MP_GT) {
- /* get n1 = a - 1 */
- (void)sp_copy(a, n1);
- _sp_sub_d(n1, 1, n1);
- /* set 2**s * r = n1 */
- (void)sp_copy(n1, r);
- /* count the number of least significant bits
- * which are zero
- */
- s = sp_cnt_lsb(r);
- /* now divide n - 1 by 2**s */
- sp_rshb(r, s, r);
- /* compute y = b**r mod a */
- err = sp_exptmod(b, r, a, y);
- if (err == MP_OKAY) {
- /* probably prime until shown otherwise */
- *result = MP_YES;
- /* if y != 1 and y != n1 do */
- if ((sp_cmp_d(y, 1) != MP_EQ) && (_sp_cmp(y, n1) != MP_EQ)) {
- j = 1;
- /* while j <= s-1 and y != n1 */
- while ((j <= (s - 1)) && (_sp_cmp(y, n1) != MP_EQ)) {
- err = sp_sqrmod(y, a, y);
- if (err != MP_OKAY) {
- break;
- }
- /* if y == 1 then composite */
- if (sp_cmp_d(y, 1) == MP_EQ) {
- *result = MP_NO;
- break;
- }
- ++j;
- }
- /* if y != n1 then composite */
- if ((*result == MP_YES) && (_sp_cmp(y, n1) != MP_EQ)) {
- *result = MP_NO;
- }
- }
- }
- }
- return err;
- }
- /* Miller-Rabin test of "a" to the base of "b" as described in
- * HAC pp. 139 Algorithm 4.24
- *
- * Sets result to 0 if definitely composite or 1 if probably prime.
- * Randomly the chance of error is no more than 1/4 and often
- * very much lower.
- *
- * @param [in] a SP integer to check.
- * @param [in] b SP integer that is a small prime.
- * @param [out] result MP_YES when number is likey prime.
- * MP_NO otherwise.
- *
- * @return MP_OKAY on success.
- * @return MP_MEM when dynamic memory allocation fails.
- */
- static int sp_prime_miller_rabin(sp_int* a, sp_int* b, int* result)
- {
- int err = MP_OKAY;
- sp_int *n1;
- sp_int *y;
- sp_int *r;
- DECL_SP_INT_ARRAY(t, a->used * 2 + 1, 3);
- ALLOC_SP_INT_ARRAY(t, a->used * 2 + 1, 3, err, NULL);
- if (err == MP_OKAY) {
- n1 = t[0];
- y = t[1];
- r = t[2];
- /* Only 'y' needs to be twice as big. */
- sp_init_size(n1, a->used * 2 + 1);
- sp_init_size(y, a->used * 2 + 1);
- sp_init_size(r, a->used * 2 + 1);
- err = sp_prime_miller_rabin_ex(a, b, result, n1, y, r);
- sp_clear(n1);
- sp_clear(y);
- sp_clear(r);
- }
- FREE_SP_INT_ARRAY(t, NULL);
- return err;
- }
- #if SP_WORD_SIZE == 8
- /* Number of pre-computed primes. First n primes - fitting in a digit. */
- #define SP_PRIME_SIZE 54
- static const sp_int_digit sp_primes[SP_PRIME_SIZE] = {
- 0x02, 0x03, 0x05, 0x07, 0x0B, 0x0D, 0x11, 0x13,
- 0x17, 0x1D, 0x1F, 0x25, 0x29, 0x2B, 0x2F, 0x35,
- 0x3B, 0x3D, 0x43, 0x47, 0x49, 0x4F, 0x53, 0x59,
- 0x61, 0x65, 0x67, 0x6B, 0x6D, 0x71, 0x7F, 0x83,
- 0x89, 0x8B, 0x95, 0x97, 0x9D, 0xA3, 0xA7, 0xAD,
- 0xB3, 0xB5, 0xBF, 0xC1, 0xC5, 0xC7, 0xD3, 0xDF,
- 0xE3, 0xE5, 0xE9, 0xEF, 0xF1, 0xFB
- };
- #else
- /* Number of pre-computed primes. First n primes. */
- #define SP_PRIME_SIZE 256
- /* The first 256 primes. */
- static const sp_int_digit sp_primes[SP_PRIME_SIZE] = {
- 0x0002, 0x0003, 0x0005, 0x0007, 0x000B, 0x000D, 0x0011, 0x0013,
- 0x0017, 0x001D, 0x001F, 0x0025, 0x0029, 0x002B, 0x002F, 0x0035,
- 0x003B, 0x003D, 0x0043, 0x0047, 0x0049, 0x004F, 0x0053, 0x0059,
- 0x0061, 0x0065, 0x0067, 0x006B, 0x006D, 0x0071, 0x007F, 0x0083,
- 0x0089, 0x008B, 0x0095, 0x0097, 0x009D, 0x00A3, 0x00A7, 0x00AD,
- 0x00B3, 0x00B5, 0x00BF, 0x00C1, 0x00C5, 0x00C7, 0x00D3, 0x00DF,
- 0x00E3, 0x00E5, 0x00E9, 0x00EF, 0x00F1, 0x00FB, 0x0101, 0x0107,
- 0x010D, 0x010F, 0x0115, 0x0119, 0x011B, 0x0125, 0x0133, 0x0137,
- 0x0139, 0x013D, 0x014B, 0x0151, 0x015B, 0x015D, 0x0161, 0x0167,
- 0x016F, 0x0175, 0x017B, 0x017F, 0x0185, 0x018D, 0x0191, 0x0199,
- 0x01A3, 0x01A5, 0x01AF, 0x01B1, 0x01B7, 0x01BB, 0x01C1, 0x01C9,
- 0x01CD, 0x01CF, 0x01D3, 0x01DF, 0x01E7, 0x01EB, 0x01F3, 0x01F7,
- 0x01FD, 0x0209, 0x020B, 0x021D, 0x0223, 0x022D, 0x0233, 0x0239,
- 0x023B, 0x0241, 0x024B, 0x0251, 0x0257, 0x0259, 0x025F, 0x0265,
- 0x0269, 0x026B, 0x0277, 0x0281, 0x0283, 0x0287, 0x028D, 0x0293,
- 0x0295, 0x02A1, 0x02A5, 0x02AB, 0x02B3, 0x02BD, 0x02C5, 0x02CF,
- 0x02D7, 0x02DD, 0x02E3, 0x02E7, 0x02EF, 0x02F5, 0x02F9, 0x0301,
- 0x0305, 0x0313, 0x031D, 0x0329, 0x032B, 0x0335, 0x0337, 0x033B,
- 0x033D, 0x0347, 0x0355, 0x0359, 0x035B, 0x035F, 0x036D, 0x0371,
- 0x0373, 0x0377, 0x038B, 0x038F, 0x0397, 0x03A1, 0x03A9, 0x03AD,
- 0x03B3, 0x03B9, 0x03C7, 0x03CB, 0x03D1, 0x03D7, 0x03DF, 0x03E5,
- 0x03F1, 0x03F5, 0x03FB, 0x03FD, 0x0407, 0x0409, 0x040F, 0x0419,
- 0x041B, 0x0425, 0x0427, 0x042D, 0x043F, 0x0443, 0x0445, 0x0449,
- 0x044F, 0x0455, 0x045D, 0x0463, 0x0469, 0x047F, 0x0481, 0x048B,
- 0x0493, 0x049D, 0x04A3, 0x04A9, 0x04B1, 0x04BD, 0x04C1, 0x04C7,
- 0x04CD, 0x04CF, 0x04D5, 0x04E1, 0x04EB, 0x04FD, 0x04FF, 0x0503,
- 0x0509, 0x050B, 0x0511, 0x0515, 0x0517, 0x051B, 0x0527, 0x0529,
- 0x052F, 0x0551, 0x0557, 0x055D, 0x0565, 0x0577, 0x0581, 0x058F,
- 0x0593, 0x0595, 0x0599, 0x059F, 0x05A7, 0x05AB, 0x05AD, 0x05B3,
- 0x05BF, 0x05C9, 0x05CB, 0x05CF, 0x05D1, 0x05D5, 0x05DB, 0x05E7,
- 0x05F3, 0x05FB, 0x0607, 0x060D, 0x0611, 0x0617, 0x061F, 0x0623,
- 0x062B, 0x062F, 0x063D, 0x0641, 0x0647, 0x0649, 0x064D, 0x0653
- };
- #endif
- /* Check whether a is prime.
- * Checks against a number of small primes and does t iterations of
- * Miller-Rabin.
- *
- * @param [in] a SP integer to check.
- * @param [in] t Number of iterations of Miller-Rabin test to perform.
- * @param [out] result MP_YES when number is prime.
- * MP_NO otherwise.
- *
- * @return MP_OKAY on success.
- * @return MP_VAL when a or result is NULL, or t is out of range.
- * @return MP_MEM when dynamic memory allocation fails.
- */
- int sp_prime_is_prime(sp_int* a, int t, int* result)
- {
- int err = MP_OKAY;
- int i;
- int haveRes = 0;
- sp_int_digit d;
- DECL_SP_INT(b, 2);
- if ((a == NULL) || (result == NULL)) {
- if (result != NULL) {
- *result = MP_NO;
- }
- err = MP_VAL;
- }
- if ((err == MP_OKAY) && ((t <= 0) || (t > SP_PRIME_SIZE))) {
- *result = MP_NO;
- err = MP_VAL;
- }
- if ((err == MP_OKAY) && sp_isone(a)) {
- *result = MP_NO;
- haveRes = 1;
- }
- SAVE_VECTOR_REGISTERS(err = _svr_ret;);
- if ((err == MP_OKAY) && (!haveRes) && (a->used == 1)) {
- /* check against primes table */
- for (i = 0; i < SP_PRIME_SIZE; i++) {
- if (sp_cmp_d(a, sp_primes[i]) == MP_EQ) {
- *result = MP_YES;
- haveRes = 1;
- break;
- }
- }
- }
- if ((err == MP_OKAY) && (!haveRes)) {
- /* do trial division */
- for (i = 0; i < SP_PRIME_SIZE; i++) {
- err = sp_mod_d(a, sp_primes[i], &d);
- if ((err != MP_OKAY) || (d == 0)) {
- *result = MP_NO;
- haveRes = 1;
- break;
- }
- }
- }
- if ((err == MP_OKAY) && (!haveRes)) {
- ALLOC_SP_INT(b, 1, err, NULL);
- if (err == MP_OKAY) {
- /* now do 't' miller rabins */
- sp_init_size(b, 1);
- for (i = 0; i < t; i++) {
- sp_set(b, sp_primes[i]);
- err = sp_prime_miller_rabin(a, b, result);
- if ((err != MP_OKAY) || (*result == MP_NO)) {
- break;
- }
- }
- }
- }
- RESTORE_VECTOR_REGISTERS();
- FREE_SP_INT(b, NULL);
- return err;
- }
- /* Check whether a is prime.
- * Checks against a number of small primes and does t iterations of
- * Miller-Rabin.
- *
- * @param [in] a SP integer to check.
- * @param [in] t Number of iterations of Miller-Rabin test to perform.
- * @param [out] result MP_YES when number is prime.
- * MP_NO otherwise.
- * @param [in] rng Random number generator for Miller-Rabin testing.
- *
- * @return MP_OKAY on success.
- * @return MP_VAL when a, result or rng is NULL.
- * @return MP_MEM when dynamic memory allocation fails.
- */
- int sp_prime_is_prime_ex(sp_int* a, int t, int* result, WC_RNG* rng)
- {
- int err = MP_OKAY;
- int ret = MP_YES;
- int haveRes = 0;
- int i;
- #ifndef WC_NO_RNG
- sp_int *b = NULL;
- sp_int *c = NULL;
- sp_int *n1 = NULL;
- sp_int *y = NULL;
- sp_int *r = NULL;
- #endif /* WC_NO_RNG */
- if ((a == NULL) || (result == NULL) || (rng == NULL)) {
- err = MP_VAL;
- }
- #ifdef WOLFSSL_SP_INT_NEGATIVE
- if ((err == MP_OKAY) && (a->sign == MP_NEG)) {
- err = MP_VAL;
- }
- #endif
- if ((err == MP_OKAY) && sp_isone(a)) {
- ret = MP_NO;
- haveRes = 1;
- }
- SAVE_VECTOR_REGISTERS(err = _svr_ret;);
- if ((err == MP_OKAY) && (!haveRes) && (a->used == 1)) {
- /* check against primes table */
- for (i = 0; i < SP_PRIME_SIZE; i++) {
- if (sp_cmp_d(a, sp_primes[i]) == MP_EQ) {
- ret = MP_YES;
- haveRes = 1;
- break;
- }
- }
- }
- if ((err == MP_OKAY) && (!haveRes)) {
- sp_int_digit d;
- /* do trial division */
- for (i = 0; i < SP_PRIME_SIZE; i++) {
- err = sp_mod_d(a, sp_primes[i], &d);
- if ((err != MP_OKAY) || (d == 0)) {
- ret = MP_NO;
- haveRes = 1;
- break;
- }
- }
- }
- #ifndef WC_NO_RNG
- /* now do a miller rabin with up to t random numbers, this should
- * give a (1/4)^t chance of a false prime. */
- if ((err == MP_OKAY) && (!haveRes)) {
- int bits = sp_count_bits(a);
- word32 baseSz = (bits + 7) / 8;
- DECL_SP_INT_ARRAY(ds, a->used + 1, 3);
- DECL_SP_INT_ARRAY(d, a->used * 2 + 1, 2);
- ALLOC_SP_INT_ARRAY(ds, a->used + 1, 3, err, NULL);
- ALLOC_SP_INT_ARRAY(d, a->used * 2 + 1, 2, err, NULL);
- if (err == MP_OKAY) {
- b = ds[0];
- c = ds[1];
- n1 = ds[2];
- y = d[0];
- r = d[1];
- /* Only 'y' needs to be twice as big. */
- sp_init_size(b , a->used + 1);
- sp_init_size(c , a->used + 1);
- sp_init_size(n1, a->used + 1);
- sp_init_size(y , a->used * 2 + 1);
- sp_init_size(r , a->used * 2 + 1);
- _sp_sub_d(a, 2, c);
- bits &= SP_WORD_MASK;
- while (t > 0) {
- err = wc_RNG_GenerateBlock(rng, (byte*)b->dp, baseSz);
- if (err != MP_OKAY) {
- break;
- }
- b->used = a->used;
- #ifdef BIG_ENDIAN_ORDER
- if (((baseSz * 8) & SP_WORD_MASK) != 0) {
- b->dp[b->used-1] >>=
- SP_WORD_SIZE - ((baseSz * 8) & SP_WORD_MASK);
- }
- #endif /* LITTLE_ENDIAN_ORDER */
- /* Ensure the top word has no more bits than necessary. */
- if (bits > 0) {
- b->dp[b->used - 1] &= ((sp_int_digit)1 << bits) - 1;
- sp_clamp(b);
- }
- if ((sp_cmp_d(b, 2) != MP_GT) || (_sp_cmp(b, c) != MP_LT)) {
- continue;
- }
- err = sp_prime_miller_rabin_ex(a, b, &ret, n1, y, r);
- if ((err != MP_OKAY) || (ret == MP_NO)) {
- break;
- }
- t--;
- }
- sp_clear(n1);
- sp_clear(y);
- sp_clear(r);
- sp_clear(b);
- sp_clear(c);
- }
- FREE_SP_INT_ARRAY(d, NULL);
- FREE_SP_INT_ARRAY(ds, NULL);
- }
- #else
- (void)t;
- #endif /* !WC_NO_RNG */
- if (result != NULL) {
- *result = ret;
- }
- RESTORE_VECTOR_REGISTERS();
- return err;
- }
- #endif /* WOLFSSL_SP_PRIME_GEN */
- #if !defined(NO_RSA) && defined(WOLFSSL_KEY_GEN)
- /* Calculates the Greatest Common Denominator (GCD) of a and b into r.
- *
- * a and b are positive integers.
- *
- * @param [in] a SP integer of first operand.
- * @param [in] b SP integer of second operand.
- * @param [out] r SP integer to hold result.
- *
- * @return MP_OKAY on success.
- * @return MP_VAL when a, b or r is NULL or too large.
- * @return MP_MEM when dynamic memory allocation fails.
- */
- int sp_gcd(sp_int* a, sp_int* b, sp_int* r)
- {
- int err = MP_OKAY;
- if ((a == NULL) || (b == NULL) || (r == NULL)) {
- err = MP_VAL;
- }
- else if (a->used >= SP_INT_DIGITS || b->used >= SP_INT_DIGITS) {
- err = MP_VAL;
- }
- else if (sp_iszero(a)) {
- /* GCD of 0 and 0 is undefined as all integers divide 0. */
- if (sp_iszero(b)) {
- err = MP_VAL;
- }
- else {
- err = sp_copy(b, r);
- }
- }
- else if (sp_iszero(b)) {
- err = sp_copy(a, r);
- }
- else {
- sp_int* u = NULL;
- sp_int* v = NULL;
- sp_int* t = NULL;
- int used = (a->used >= b->used) ? a->used + 1 : b->used + 1;
- DECL_SP_INT_ARRAY(d, used, 3);
- SAVE_VECTOR_REGISTERS(err = _svr_ret;);
- ALLOC_SP_INT_ARRAY(d, used, 3, err, NULL);
- if (err == MP_OKAY) {
- u = d[0];
- v = d[1];
- t = d[2];
- sp_init_size(u, used);
- sp_init_size(v, used);
- sp_init_size(t, used);
- if (_sp_cmp(a, b) != MP_LT) {
- sp_copy(b, u);
- /* First iteration - u = a, v = b */
- if (b->used == 1) {
- err = sp_mod_d(a, b->dp[0], &v->dp[0]);
- if (err == MP_OKAY) {
- v->used = (v->dp[0] != 0);
- }
- }
- else {
- err = sp_mod(a, b, v);
- }
- }
- else {
- sp_copy(a, u);
- /* First iteration - u = b, v = a */
- if (a->used == 1) {
- err = sp_mod_d(b, a->dp[0], &v->dp[0]);
- if (err == MP_OKAY) {
- v->used = (v->dp[0] != 0);
- }
- }
- else {
- err = sp_mod(b, a, v);
- }
- }
- }
- if (err == MP_OKAY) {
- #ifdef WOLFSSL_SP_INT_NEGATIVE
- u->sign = MP_ZPOS;
- v->sign = MP_ZPOS;
- #endif /* WOLFSSL_SP_INT_NEGATIVE */
- while (!sp_iszero(v)) {
- if (v->used == 1) {
- err = sp_mod_d(u, v->dp[0], &t->dp[0]);
- if (err == MP_OKAY) {
- t->used = (t->dp[0] != 0);
- }
- }
- else {
- err = sp_mod(u, v, t);
- }
- if (err != MP_OKAY) {
- break;
- }
- sp_copy(v, u);
- sp_copy(t, v);
- }
- if (err == MP_OKAY)
- err = sp_copy(u, r);
- }
- FREE_SP_INT_ARRAY(d, NULL);
- RESTORE_VECTOR_REGISTERS();
- }
- return err;
- }
- #endif /* WOLFSSL_SP_MATH_ALL && !NO_RSA && WOLFSSL_KEY_GEN */
- #if !defined(NO_RSA) && defined(WOLFSSL_KEY_GEN) && \
- (!defined(WC_RSA_BLINDING) || defined(HAVE_FIPS) || defined(HAVE_SELFTEST))
- /* Calculates the Lowest Common Multiple (LCM) of a and b and stores in r.
- *
- * a and b are positive integers.
- *
- * @param [in] a SP integer of first operand.
- * @param [in] b SP integer of second operand.
- * @param [out] r SP integer to hold result.
- *
- * @return MP_OKAY on success.
- * @return MP_VAL when a, b or r is NULL; or a or b is zero.
- * @return MP_MEM when dynamic memory allocation fails.
- */
- int sp_lcm(sp_int* a, sp_int* b, sp_int* r)
- {
- int err = MP_OKAY;
- int used = ((a == NULL) || (b == NULL)) ? 1 :
- (a->used >= b->used ? a->used + 1: b->used + 1);
- DECL_SP_INT_ARRAY(t, used, 2);
- if ((a == NULL) || (b == NULL) || (r == NULL)) {
- err = MP_VAL;
- }
- /* LCM of 0 and any number is undefined as 0 is not in the set of values
- * being used.
- */
- if ((err == MP_OKAY) && (mp_iszero(a) || mp_iszero(b))) {
- err = MP_VAL;
- }
- ALLOC_SP_INT_ARRAY(t, used, 2, err, NULL);
- if (err == MP_OKAY) {
- sp_init_size(t[0], used);
- sp_init_size(t[1], used);
- SAVE_VECTOR_REGISTERS(err = _svr_ret;);
- if (err == MP_OKAY)
- err = sp_gcd(a, b, t[0]);
- if (err == MP_OKAY) {
- if (_sp_cmp_abs(a, b) == MP_GT) {
- err = sp_div(a, t[0], t[1], NULL);
- if (err == MP_OKAY) {
- err = sp_mul(b, t[1], r);
- }
- }
- else {
- err = sp_div(b, t[0], t[1], NULL);
- if (err == MP_OKAY) {
- err = sp_mul(a, t[1], r);
- }
- }
- }
- RESTORE_VECTOR_REGISTERS();
- }
- FREE_SP_INT_ARRAY(t, NULL);
- return err;
- }
- #endif /* WOLFSSL_SP_MATH_ALL && !NO_RSA && WOLFSSL_KEY_GEN */
- /* Returns the run time settings.
- *
- * @return Settings value.
- */
- word32 CheckRunTimeSettings(void)
- {
- return CTC_SETTINGS;
- }
- /* Returns the fast math settings.
- *
- * @return Setting - number of bits in a digit.
- */
- word32 CheckRunTimeFastMath(void)
- {
- return SP_WORD_SIZE;
- }
- #ifdef WOLFSSL_CHECK_MEM_ZERO
- /* Add an MP to check.
- *
- * @param [in] name Name of address to check.
- * @param [in] mp mp_int that needs to be checked.
- */
- void sp_memzero_add(const char* name, mp_int* mp)
- {
- wc_MemZero_Add(name, mp->dp, mp->size * sizeof(sp_digit));
- }
- /* Check the memory in the data pointer for memory that must be zero.
- *
- * @param [in] mp mp_int that needs to be checked.
- */
- void sp_memzero_check(mp_int* mp)
- {
- wc_MemZero_Check(mp->dp, mp->size * sizeof(sp_digit));
- }
- #endif /* WOLFSSL_CHECK_MEM_ZERO */
- #endif /* WOLFSSL_SP_MATH || WOLFSSL_SP_MATH_ALL */
|