123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691692693694695696697698699700701702703704705706707708709710711712713714715716717718719720721722723724725726727728729730731732733734735736737738739740741742743744745746747748749750751752753754755756757758759760761762763764765766767768769770771772773774775776777778779780781782783784785786787788789790791792793794795796797798799800801802803804805806807808809810811812813814815816817818819820821822823824825826827828829830831832833834835836837838839840841842843844845846847848849850851852853854855856857858859860861862863864865866867868869870871872873874875876877878879880881882883884885886887888889890891892893894895896897898899900901902903904905906907908909910911912913914915916917918919920921922923924925926927928929930931932933934935936937938939940941942943944945946947948949950951952953954955956957958959960961962963964965966967968969970971972973974975976977978979980981982983984985986987988989990991992993994995996997998999100010011002100310041005100610071008100910101011101210131014101510161017101810191020102110221023102410251026102710281029103010311032103310341035103610371038103910401041104210431044104510461047104810491050105110521053105410551056105710581059106010611062106310641065106610671068106910701071107210731074107510761077107810791080108110821083108410851086108710881089109010911092109310941095109610971098109911001101110211031104110511061107110811091110111111121113111411151116111711181119112011211122112311241125112611271128112911301131113211331134113511361137113811391140114111421143114411451146114711481149115011511152115311541155115611571158115911601161116211631164116511661167116811691170117111721173117411751176117711781179118011811182118311841185118611871188118911901191119211931194119511961197119811991200120112021203120412051206120712081209121012111212121312141215121612171218121912201221122212231224122512261227122812291230123112321233123412351236123712381239124012411242124312441245124612471248124912501251125212531254125512561257125812591260126112621263126412651266126712681269127012711272127312741275127612771278127912801281128212831284128512861287128812891290129112921293129412951296129712981299130013011302130313041305130613071308130913101311131213131314131513161317131813191320132113221323132413251326132713281329133013311332133313341335133613371338133913401341134213431344134513461347134813491350135113521353135413551356135713581359136013611362136313641365136613671368136913701371137213731374137513761377137813791380138113821383138413851386138713881389139013911392139313941395139613971398139914001401140214031404140514061407140814091410141114121413141414151416141714181419142014211422142314241425142614271428142914301431143214331434143514361437143814391440144114421443144414451446144714481449145014511452145314541455145614571458145914601461146214631464146514661467146814691470147114721473147414751476147714781479148014811482148314841485148614871488148914901491149214931494149514961497149814991500150115021503150415051506150715081509151015111512151315141515151615171518151915201521152215231524152515261527152815291530153115321533153415351536153715381539154015411542154315441545154615471548154915501551155215531554155515561557155815591560156115621563156415651566156715681569157015711572157315741575157615771578157915801581158215831584158515861587158815891590159115921593159415951596159715981599160016011602160316041605160616071608160916101611161216131614161516161617161816191620162116221623162416251626162716281629163016311632163316341635163616371638163916401641164216431644164516461647164816491650165116521653165416551656165716581659166016611662166316641665166616671668166916701671167216731674167516761677167816791680168116821683168416851686168716881689169016911692169316941695169616971698169917001701170217031704170517061707170817091710171117121713171417151716171717181719172017211722172317241725172617271728172917301731173217331734173517361737173817391740174117421743174417451746174717481749175017511752175317541755175617571758175917601761176217631764176517661767176817691770177117721773177417751776177717781779178017811782178317841785178617871788178917901791179217931794179517961797179817991800180118021803180418051806180718081809181018111812181318141815181618171818181918201821182218231824182518261827182818291830183118321833183418351836183718381839184018411842184318441845184618471848184918501851185218531854185518561857185818591860186118621863186418651866186718681869187018711872187318741875187618771878187918801881188218831884188518861887188818891890189118921893189418951896189718981899190019011902190319041905190619071908190919101911191219131914191519161917191819191920192119221923192419251926192719281929193019311932193319341935193619371938193919401941194219431944194519461947194819491950195119521953195419551956195719581959196019611962196319641965196619671968196919701971197219731974197519761977197819791980198119821983198419851986198719881989199019911992199319941995199619971998199920002001200220032004200520062007200820092010201120122013201420152016201720182019202020212022202320242025202620272028202920302031203220332034203520362037203820392040204120422043204420452046204720482049205020512052205320542055205620572058205920602061206220632064206520662067206820692070207120722073207420752076207720782079208020812082208320842085208620872088208920902091209220932094209520962097209820992100210121022103210421052106210721082109211021112112211321142115211621172118211921202121212221232124212521262127212821292130213121322133213421352136213721382139214021412142214321442145214621472148214921502151215221532154215521562157215821592160216121622163216421652166216721682169217021712172217321742175217621772178217921802181218221832184218521862187218821892190219121922193219421952196219721982199220022012202220322042205220622072208220922102211221222132214221522162217221822192220222122222223222422252226222722282229223022312232223322342235223622372238223922402241224222432244224522462247224822492250225122522253225422552256225722582259226022612262226322642265226622672268226922702271227222732274227522762277227822792280228122822283228422852286228722882289229022912292229322942295229622972298229923002301230223032304230523062307230823092310231123122313231423152316231723182319232023212322232323242325232623272328232923302331233223332334233523362337233823392340234123422343234423452346234723482349235023512352235323542355235623572358235923602361236223632364236523662367236823692370237123722373237423752376237723782379238023812382238323842385238623872388238923902391239223932394239523962397239823992400240124022403240424052406240724082409241024112412241324142415241624172418241924202421242224232424242524262427242824292430243124322433243424352436243724382439244024412442244324442445244624472448244924502451245224532454245524562457245824592460246124622463246424652466246724682469247024712472247324742475247624772478247924802481248224832484248524862487248824892490249124922493249424952496249724982499250025012502250325042505250625072508250925102511251225132514251525162517251825192520252125222523252425252526252725282529253025312532253325342535253625372538253925402541254225432544254525462547254825492550255125522553255425552556255725582559256025612562256325642565256625672568256925702571257225732574257525762577257825792580258125822583258425852586258725882589259025912592259325942595259625972598259926002601260226032604260526062607260826092610261126122613261426152616261726182619262026212622262326242625262626272628262926302631263226332634263526362637263826392640264126422643264426452646264726482649265026512652265326542655265626572658265926602661266226632664266526662667266826692670267126722673267426752676267726782679268026812682268326842685268626872688268926902691269226932694269526962697269826992700270127022703270427052706270727082709271027112712271327142715271627172718271927202721272227232724272527262727272827292730273127322733273427352736273727382739274027412742274327442745274627472748274927502751275227532754275527562757275827592760276127622763276427652766276727682769277027712772277327742775277627772778277927802781278227832784278527862787278827892790279127922793279427952796279727982799280028012802280328042805280628072808280928102811281228132814281528162817281828192820282128222823282428252826282728282829283028312832283328342835283628372838283928402841284228432844284528462847284828492850285128522853285428552856285728582859286028612862286328642865286628672868286928702871287228732874287528762877287828792880288128822883288428852886288728882889289028912892289328942895289628972898289929002901290229032904290529062907290829092910291129122913291429152916291729182919292029212922292329242925292629272928292929302931293229332934293529362937293829392940294129422943294429452946294729482949295029512952295329542955295629572958295929602961296229632964296529662967296829692970297129722973297429752976297729782979298029812982298329842985298629872988298929902991299229932994299529962997299829993000300130023003300430053006300730083009301030113012301330143015301630173018301930203021302230233024302530263027302830293030303130323033303430353036303730383039304030413042304330443045304630473048304930503051305230533054305530563057305830593060306130623063306430653066306730683069307030713072307330743075307630773078307930803081308230833084308530863087308830893090309130923093309430953096309730983099310031013102310331043105310631073108310931103111311231133114311531163117311831193120312131223123312431253126312731283129313031313132313331343135313631373138313931403141314231433144314531463147314831493150315131523153315431553156315731583159316031613162316331643165316631673168316931703171317231733174317531763177317831793180318131823183318431853186318731883189319031913192319331943195319631973198319932003201320232033204320532063207320832093210321132123213321432153216321732183219322032213222322332243225322632273228322932303231323232333234323532363237323832393240324132423243324432453246324732483249325032513252325332543255325632573258325932603261326232633264326532663267326832693270327132723273327432753276327732783279328032813282328332843285328632873288328932903291329232933294329532963297329832993300330133023303330433053306330733083309331033113312331333143315331633173318331933203321332233233324332533263327332833293330333133323333333433353336333733383339334033413342334333443345334633473348334933503351335233533354335533563357335833593360336133623363336433653366336733683369337033713372337333743375337633773378337933803381338233833384338533863387338833893390339133923393339433953396339733983399340034013402340334043405340634073408340934103411341234133414341534163417341834193420342134223423342434253426342734283429343034313432343334343435343634373438343934403441344234433444344534463447344834493450345134523453345434553456345734583459346034613462346334643465346634673468346934703471347234733474347534763477347834793480348134823483348434853486348734883489349034913492349334943495349634973498349935003501350235033504350535063507350835093510351135123513351435153516351735183519352035213522352335243525352635273528352935303531353235333534353535363537353835393540354135423543354435453546354735483549355035513552355335543555355635573558355935603561356235633564356535663567356835693570357135723573357435753576357735783579358035813582358335843585358635873588358935903591359235933594359535963597359835993600360136023603360436053606360736083609361036113612361336143615361636173618361936203621362236233624362536263627362836293630363136323633363436353636363736383639364036413642364336443645364636473648364936503651365236533654365536563657365836593660366136623663366436653666366736683669367036713672367336743675367636773678367936803681368236833684368536863687368836893690369136923693369436953696369736983699370037013702370337043705370637073708370937103711371237133714371537163717371837193720372137223723372437253726372737283729373037313732373337343735373637373738373937403741374237433744374537463747374837493750375137523753375437553756375737583759376037613762376337643765376637673768376937703771377237733774377537763777377837793780378137823783378437853786378737883789379037913792379337943795379637973798379938003801380238033804380538063807380838093810381138123813381438153816381738183819382038213822382338243825382638273828382938303831383238333834383538363837383838393840384138423843384438453846384738483849385038513852385338543855385638573858385938603861386238633864386538663867386838693870387138723873387438753876387738783879388038813882388338843885388638873888388938903891389238933894389538963897389838993900390139023903390439053906390739083909391039113912391339143915391639173918391939203921392239233924392539263927392839293930393139323933393439353936393739383939394039413942394339443945394639473948394939503951395239533954395539563957395839593960396139623963396439653966396739683969397039713972397339743975397639773978397939803981398239833984398539863987398839893990399139923993399439953996399739983999400040014002400340044005400640074008400940104011401240134014401540164017401840194020402140224023402440254026402740284029403040314032403340344035403640374038403940404041404240434044404540464047404840494050405140524053405440554056405740584059406040614062406340644065406640674068406940704071407240734074407540764077407840794080408140824083408440854086408740884089409040914092409340944095409640974098409941004101410241034104410541064107410841094110411141124113411441154116411741184119412041214122412341244125412641274128412941304131413241334134413541364137413841394140414141424143414441454146414741484149415041514152415341544155415641574158415941604161416241634164416541664167416841694170417141724173417441754176417741784179418041814182418341844185418641874188418941904191419241934194419541964197419841994200420142024203420442054206420742084209421042114212421342144215421642174218421942204221422242234224422542264227422842294230423142324233423442354236423742384239424042414242424342444245424642474248424942504251425242534254425542564257425842594260426142624263426442654266426742684269427042714272427342744275427642774278427942804281428242834284428542864287428842894290429142924293429442954296429742984299430043014302430343044305430643074308430943104311431243134314431543164317431843194320432143224323432443254326432743284329433043314332433343344335433643374338433943404341434243434344434543464347434843494350435143524353435443554356435743584359436043614362436343644365436643674368436943704371437243734374437543764377437843794380438143824383438443854386438743884389439043914392439343944395439643974398439944004401440244034404440544064407440844094410441144124413441444154416441744184419442044214422442344244425442644274428442944304431443244334434443544364437443844394440444144424443444444454446444744484449445044514452445344544455445644574458445944604461446244634464446544664467446844694470447144724473447444754476447744784479448044814482448344844485448644874488448944904491449244934494449544964497449844994500450145024503450445054506450745084509451045114512451345144515451645174518451945204521452245234524452545264527452845294530453145324533453445354536453745384539454045414542454345444545454645474548454945504551455245534554455545564557455845594560456145624563456445654566456745684569457045714572457345744575457645774578457945804581458245834584458545864587458845894590459145924593459445954596459745984599460046014602460346044605460646074608460946104611461246134614461546164617461846194620462146224623462446254626462746284629463046314632463346344635463646374638463946404641464246434644464546464647464846494650465146524653465446554656465746584659466046614662466346644665466646674668466946704671467246734674467546764677467846794680468146824683468446854686468746884689469046914692469346944695469646974698469947004701470247034704470547064707470847094710471147124713471447154716471747184719472047214722472347244725472647274728472947304731473247334734473547364737473847394740474147424743474447454746474747484749475047514752475347544755475647574758475947604761476247634764476547664767476847694770477147724773477447754776477747784779478047814782478347844785478647874788478947904791479247934794479547964797479847994800480148024803480448054806480748084809481048114812481348144815481648174818481948204821482248234824482548264827482848294830483148324833483448354836483748384839484048414842484348444845484648474848484948504851485248534854485548564857485848594860486148624863486448654866486748684869487048714872487348744875487648774878487948804881488248834884488548864887488848894890489148924893489448954896489748984899490049014902490349044905490649074908490949104911491249134914491549164917491849194920492149224923492449254926492749284929493049314932493349344935493649374938493949404941494249434944494549464947494849494950495149524953495449554956495749584959496049614962496349644965496649674968496949704971497249734974497549764977497849794980498149824983498449854986498749884989499049914992499349944995499649974998499950005001500250035004500550065007500850095010501150125013501450155016501750185019502050215022502350245025502650275028502950305031503250335034503550365037503850395040504150425043504450455046504750485049505050515052505350545055505650575058505950605061506250635064506550665067506850695070507150725073507450755076507750785079508050815082508350845085508650875088508950905091509250935094509550965097509850995100510151025103510451055106510751085109511051115112511351145115511651175118511951205121512251235124512551265127512851295130513151325133513451355136513751385139514051415142514351445145514651475148514951505151515251535154515551565157515851595160516151625163516451655166516751685169517051715172517351745175517651775178517951805181518251835184518551865187518851895190519151925193519451955196519751985199520052015202520352045205520652075208520952105211521252135214521552165217521852195220522152225223522452255226522752285229523052315232523352345235523652375238523952405241524252435244524552465247524852495250525152525253525452555256525752585259526052615262526352645265526652675268526952705271527252735274527552765277527852795280528152825283528452855286528752885289529052915292529352945295529652975298529953005301530253035304530553065307530853095310531153125313531453155316531753185319532053215322532353245325532653275328532953305331533253335334533553365337533853395340534153425343534453455346534753485349535053515352535353545355535653575358535953605361536253635364536553665367536853695370537153725373537453755376537753785379538053815382538353845385538653875388538953905391539253935394539553965397539853995400540154025403540454055406540754085409541054115412541354145415541654175418541954205421542254235424542554265427542854295430543154325433543454355436543754385439544054415442544354445445544654475448544954505451545254535454545554565457545854595460546154625463546454655466546754685469547054715472547354745475547654775478547954805481548254835484548554865487548854895490549154925493549454955496549754985499550055015502550355045505550655075508550955105511551255135514551555165517551855195520552155225523552455255526552755285529553055315532553355345535553655375538553955405541554255435544554555465547554855495550555155525553555455555556555755585559556055615562556355645565556655675568556955705571557255735574557555765577557855795580558155825583558455855586558755885589559055915592559355945595559655975598559956005601560256035604560556065607560856095610561156125613561456155616561756185619562056215622562356245625562656275628562956305631563256335634563556365637563856395640564156425643564456455646564756485649565056515652565356545655565656575658565956605661566256635664566556665667566856695670567156725673567456755676567756785679568056815682568356845685568656875688568956905691569256935694569556965697569856995700570157025703570457055706570757085709571057115712571357145715571657175718571957205721572257235724572557265727572857295730573157325733573457355736573757385739574057415742574357445745574657475748574957505751575257535754575557565757575857595760576157625763576457655766576757685769577057715772577357745775577657775778577957805781578257835784578557865787578857895790579157925793579457955796579757985799580058015802580358045805580658075808580958105811581258135814581558165817581858195820582158225823582458255826582758285829583058315832583358345835583658375838583958405841584258435844584558465847584858495850585158525853585458555856585758585859586058615862586358645865586658675868586958705871587258735874587558765877587858795880588158825883588458855886588758885889589058915892589358945895589658975898589959005901590259035904590559065907590859095910591159125913591459155916591759185919592059215922592359245925592659275928592959305931593259335934593559365937593859395940594159425943594459455946594759485949595059515952595359545955595659575958595959605961596259635964596559665967596859695970597159725973597459755976597759785979598059815982598359845985598659875988598959905991599259935994599559965997599859996000600160026003600460056006600760086009601060116012601360146015601660176018601960206021602260236024602560266027602860296030603160326033603460356036603760386039604060416042604360446045604660476048604960506051605260536054605560566057605860596060606160626063606460656066606760686069607060716072607360746075607660776078607960806081608260836084608560866087608860896090609160926093609460956096609760986099610061016102610361046105610661076108610961106111611261136114611561166117611861196120612161226123612461256126612761286129613061316132613361346135613661376138613961406141614261436144614561466147614861496150615161526153615461556156615761586159616061616162616361646165616661676168616961706171617261736174617561766177617861796180618161826183618461856186618761886189619061916192619361946195619661976198619962006201620262036204620562066207620862096210621162126213621462156216621762186219622062216222622362246225622662276228622962306231623262336234623562366237623862396240624162426243624462456246624762486249625062516252625362546255625662576258625962606261626262636264626562666267626862696270627162726273627462756276627762786279628062816282628362846285628662876288628962906291629262936294629562966297629862996300630163026303630463056306630763086309631063116312631363146315631663176318631963206321632263236324632563266327632863296330633163326333633463356336633763386339634063416342634363446345634663476348634963506351635263536354635563566357635863596360636163626363636463656366636763686369637063716372637363746375637663776378637963806381638263836384638563866387638863896390639163926393639463956396639763986399640064016402640364046405640664076408640964106411641264136414641564166417641864196420642164226423642464256426642764286429643064316432643364346435643664376438643964406441644264436444644564466447644864496450645164526453645464556456645764586459646064616462646364646465646664676468646964706471647264736474647564766477647864796480648164826483648464856486648764886489649064916492649364946495649664976498649965006501650265036504650565066507650865096510651165126513651465156516651765186519652065216522652365246525652665276528652965306531653265336534653565366537653865396540654165426543654465456546654765486549655065516552655365546555655665576558655965606561656265636564656565666567656865696570657165726573657465756576657765786579658065816582658365846585658665876588658965906591659265936594659565966597659865996600660166026603660466056606660766086609661066116612661366146615661666176618661966206621662266236624662566266627662866296630663166326633663466356636663766386639664066416642664366446645664666476648664966506651665266536654665566566657665866596660666166626663666466656666666766686669667066716672667366746675667666776678667966806681668266836684668566866687668866896690669166926693669466956696669766986699670067016702670367046705670667076708670967106711671267136714671567166717671867196720672167226723672467256726672767286729673067316732673367346735673667376738673967406741674267436744674567466747674867496750675167526753675467556756675767586759676067616762676367646765676667676768676967706771677267736774677567766777677867796780678167826783678467856786678767886789679067916792679367946795679667976798679968006801680268036804680568066807680868096810681168126813681468156816681768186819682068216822682368246825682668276828682968306831683268336834683568366837683868396840684168426843684468456846684768486849685068516852685368546855685668576858685968606861686268636864686568666867686868696870687168726873687468756876687768786879688068816882688368846885688668876888688968906891689268936894689568966897689868996900690169026903690469056906690769086909691069116912691369146915691669176918691969206921692269236924692569266927692869296930693169326933693469356936693769386939694069416942694369446945694669476948694969506951695269536954695569566957695869596960696169626963696469656966696769686969697069716972697369746975697669776978697969806981698269836984698569866987698869896990699169926993699469956996699769986999700070017002700370047005700670077008700970107011701270137014701570167017701870197020702170227023702470257026702770287029703070317032703370347035703670377038703970407041704270437044704570467047704870497050705170527053705470557056705770587059706070617062706370647065706670677068706970707071707270737074707570767077707870797080708170827083708470857086708770887089709070917092709370947095709670977098709971007101710271037104710571067107710871097110711171127113711471157116711771187119712071217122712371247125712671277128712971307131713271337134713571367137713871397140714171427143714471457146714771487149715071517152715371547155715671577158715971607161716271637164716571667167716871697170717171727173717471757176717771787179718071817182718371847185718671877188718971907191719271937194719571967197719871997200720172027203720472057206720772087209721072117212721372147215721672177218721972207221722272237224722572267227722872297230723172327233723472357236723772387239724072417242724372447245724672477248724972507251725272537254725572567257725872597260726172627263726472657266726772687269727072717272727372747275727672777278727972807281728272837284728572867287728872897290729172927293729472957296729772987299730073017302730373047305730673077308730973107311731273137314731573167317731873197320732173227323732473257326732773287329733073317332733373347335733673377338733973407341734273437344734573467347734873497350735173527353735473557356735773587359736073617362736373647365736673677368736973707371737273737374737573767377737873797380738173827383738473857386738773887389739073917392739373947395739673977398739974007401740274037404740574067407740874097410741174127413741474157416741774187419742074217422742374247425742674277428742974307431743274337434743574367437743874397440744174427443744474457446744774487449745074517452745374547455745674577458745974607461746274637464746574667467746874697470747174727473747474757476747774787479748074817482748374847485748674877488748974907491749274937494749574967497749874997500750175027503750475057506750775087509751075117512751375147515751675177518751975207521752275237524752575267527752875297530753175327533753475357536753775387539754075417542754375447545754675477548754975507551755275537554755575567557755875597560756175627563756475657566756775687569757075717572757375747575757675777578757975807581758275837584758575867587758875897590759175927593759475957596759775987599760076017602760376047605760676077608760976107611761276137614761576167617761876197620762176227623762476257626762776287629763076317632763376347635763676377638763976407641764276437644764576467647764876497650765176527653765476557656765776587659766076617662766376647665766676677668766976707671767276737674767576767677767876797680768176827683768476857686768776887689769076917692769376947695769676977698769977007701770277037704770577067707770877097710771177127713771477157716771777187719772077217722772377247725772677277728772977307731773277337734773577367737773877397740774177427743774477457746774777487749775077517752775377547755775677577758775977607761776277637764776577667767776877697770777177727773777477757776777777787779778077817782778377847785778677877788778977907791779277937794779577967797779877997800780178027803780478057806780778087809781078117812781378147815781678177818781978207821782278237824782578267827782878297830783178327833783478357836783778387839784078417842784378447845784678477848784978507851785278537854785578567857785878597860786178627863786478657866786778687869787078717872787378747875787678777878787978807881788278837884788578867887788878897890789178927893789478957896789778987899790079017902790379047905790679077908790979107911791279137914791579167917791879197920792179227923792479257926792779287929793079317932793379347935793679377938793979407941794279437944794579467947794879497950795179527953795479557956795779587959796079617962796379647965796679677968796979707971797279737974797579767977797879797980798179827983798479857986798779887989799079917992799379947995799679977998799980008001800280038004800580068007800880098010801180128013801480158016801780188019802080218022802380248025802680278028802980308031803280338034803580368037803880398040804180428043804480458046804780488049805080518052805380548055805680578058805980608061806280638064806580668067806880698070807180728073807480758076807780788079808080818082808380848085808680878088808980908091809280938094809580968097809880998100810181028103810481058106810781088109811081118112811381148115811681178118811981208121812281238124812581268127812881298130813181328133813481358136813781388139814081418142814381448145814681478148814981508151815281538154815581568157815881598160816181628163816481658166816781688169817081718172817381748175817681778178817981808181818281838184818581868187818881898190819181928193819481958196819781988199820082018202820382048205820682078208820982108211821282138214821582168217821882198220822182228223822482258226822782288229823082318232823382348235823682378238823982408241824282438244824582468247824882498250825182528253825482558256825782588259826082618262826382648265826682678268826982708271827282738274827582768277827882798280828182828283828482858286828782888289829082918292829382948295829682978298829983008301830283038304830583068307830883098310831183128313831483158316831783188319832083218322832383248325832683278328832983308331833283338334833583368337833883398340834183428343834483458346834783488349835083518352835383548355835683578358835983608361836283638364836583668367836883698370837183728373837483758376837783788379838083818382838383848385838683878388838983908391839283938394839583968397839883998400840184028403840484058406840784088409841084118412841384148415841684178418841984208421842284238424842584268427842884298430843184328433843484358436843784388439844084418442844384448445844684478448844984508451845284538454845584568457845884598460846184628463846484658466846784688469847084718472847384748475847684778478847984808481848284838484848584868487848884898490849184928493849484958496849784988499850085018502850385048505850685078508850985108511851285138514851585168517851885198520852185228523852485258526852785288529853085318532853385348535853685378538853985408541854285438544854585468547854885498550855185528553855485558556855785588559856085618562856385648565856685678568856985708571857285738574857585768577857885798580858185828583858485858586858785888589859085918592859385948595859685978598859986008601860286038604860586068607860886098610861186128613861486158616861786188619862086218622862386248625862686278628862986308631863286338634863586368637863886398640864186428643864486458646864786488649865086518652865386548655865686578658865986608661866286638664866586668667866886698670867186728673867486758676867786788679868086818682868386848685868686878688868986908691869286938694869586968697869886998700870187028703870487058706870787088709871087118712871387148715871687178718871987208721872287238724872587268727872887298730873187328733873487358736873787388739874087418742874387448745874687478748874987508751875287538754875587568757875887598760876187628763876487658766876787688769877087718772877387748775877687778778877987808781878287838784878587868787878887898790879187928793879487958796879787988799880088018802880388048805880688078808880988108811881288138814881588168817881888198820882188228823882488258826882788288829883088318832883388348835883688378838883988408841884288438844884588468847884888498850885188528853885488558856885788588859886088618862886388648865886688678868886988708871887288738874887588768877887888798880888188828883888488858886888788888889889088918892889388948895889688978898889989008901890289038904890589068907890889098910891189128913891489158916891789188919892089218922892389248925892689278928892989308931893289338934893589368937893889398940894189428943894489458946894789488949895089518952895389548955895689578958895989608961896289638964896589668967896889698970897189728973897489758976897789788979898089818982898389848985898689878988898989908991899289938994899589968997899889999000900190029003900490059006900790089009901090119012901390149015901690179018901990209021902290239024902590269027902890299030903190329033903490359036903790389039904090419042904390449045904690479048904990509051905290539054905590569057905890599060906190629063906490659066906790689069907090719072907390749075907690779078907990809081908290839084908590869087908890899090909190929093909490959096909790989099910091019102910391049105910691079108910991109111911291139114911591169117911891199120912191229123912491259126912791289129913091319132913391349135913691379138913991409141914291439144914591469147914891499150915191529153915491559156915791589159916091619162916391649165916691679168916991709171917291739174917591769177917891799180918191829183918491859186918791889189919091919192919391949195919691979198919992009201920292039204920592069207920892099210921192129213921492159216921792189219922092219222922392249225922692279228922992309231923292339234923592369237923892399240924192429243924492459246924792489249925092519252925392549255925692579258925992609261926292639264926592669267926892699270927192729273927492759276927792789279928092819282928392849285928692879288928992909291929292939294929592969297929892999300930193029303930493059306930793089309931093119312931393149315931693179318931993209321932293239324932593269327932893299330933193329333933493359336933793389339934093419342934393449345934693479348934993509351935293539354935593569357935893599360936193629363936493659366936793689369937093719372937393749375937693779378937993809381938293839384938593869387938893899390939193929393939493959396939793989399940094019402940394049405940694079408940994109411941294139414941594169417941894199420942194229423942494259426942794289429943094319432943394349435943694379438943994409441944294439444944594469447944894499450945194529453945494559456945794589459946094619462946394649465946694679468946994709471947294739474947594769477947894799480948194829483948494859486948794889489949094919492949394949495949694979498949995009501950295039504950595069507950895099510951195129513951495159516951795189519952095219522952395249525952695279528952995309531953295339534953595369537953895399540954195429543954495459546954795489549955095519552955395549555955695579558955995609561956295639564956595669567956895699570957195729573957495759576957795789579958095819582958395849585958695879588958995909591959295939594959595969597959895999600960196029603960496059606960796089609961096119612961396149615961696179618961996209621962296239624962596269627962896299630963196329633963496359636963796389639964096419642964396449645964696479648964996509651965296539654965596569657965896599660966196629663966496659666966796689669967096719672967396749675967696779678967996809681968296839684968596869687968896899690969196929693969496959696969796989699970097019702970397049705970697079708970997109711971297139714971597169717971897199720972197229723972497259726972797289729973097319732973397349735973697379738973997409741974297439744974597469747974897499750975197529753975497559756975797589759976097619762976397649765976697679768976997709771977297739774977597769777977897799780978197829783978497859786978797889789979097919792979397949795979697979798979998009801980298039804980598069807980898099810981198129813981498159816981798189819982098219822982398249825982698279828982998309831983298339834983598369837983898399840984198429843984498459846984798489849985098519852985398549855985698579858985998609861986298639864986598669867986898699870987198729873987498759876987798789879988098819882988398849885988698879888988998909891989298939894989598969897989898999900990199029903990499059906990799089909991099119912991399149915991699179918991999209921992299239924992599269927992899299930993199329933993499359936993799389939994099419942994399449945994699479948994999509951995299539954995599569957995899599960996199629963996499659966996799689969997099719972997399749975997699779978997999809981998299839984998599869987998899899990999199929993999499959996999799989999100001000110002100031000410005100061000710008100091001010011100121001310014100151001610017100181001910020100211002210023100241002510026100271002810029100301003110032100331003410035100361003710038100391004010041100421004310044100451004610047100481004910050100511005210053100541005510056100571005810059100601006110062100631006410065100661006710068100691007010071100721007310074100751007610077100781007910080100811008210083100841008510086100871008810089100901009110092100931009410095100961009710098100991010010101101021010310104101051010610107101081010910110101111011210113101141011510116101171011810119101201012110122101231012410125101261012710128101291013010131101321013310134101351013610137101381013910140101411014210143101441014510146101471014810149101501015110152101531015410155101561015710158101591016010161101621016310164101651016610167101681016910170101711017210173101741017510176101771017810179101801018110182101831018410185101861018710188101891019010191101921019310194101951019610197101981019910200102011020210203102041020510206102071020810209102101021110212102131021410215102161021710218102191022010221102221022310224102251022610227102281022910230102311023210233102341023510236102371023810239102401024110242102431024410245102461024710248102491025010251102521025310254102551025610257102581025910260102611026210263102641026510266102671026810269102701027110272102731027410275102761027710278102791028010281102821028310284102851028610287102881028910290102911029210293102941029510296102971029810299103001030110302103031030410305103061030710308103091031010311103121031310314103151031610317103181031910320103211032210323103241032510326103271032810329103301033110332103331033410335103361033710338103391034010341103421034310344103451034610347103481034910350103511035210353103541035510356103571035810359103601036110362103631036410365103661036710368103691037010371103721037310374103751037610377103781037910380103811038210383103841038510386103871038810389103901039110392103931039410395103961039710398103991040010401104021040310404104051040610407104081040910410104111041210413104141041510416104171041810419104201042110422104231042410425104261042710428104291043010431104321043310434104351043610437104381043910440104411044210443104441044510446104471044810449104501045110452104531045410455104561045710458104591046010461104621046310464104651046610467104681046910470104711047210473104741047510476104771047810479104801048110482104831048410485104861048710488104891049010491104921049310494104951049610497104981049910500105011050210503105041050510506105071050810509105101051110512105131051410515105161051710518105191052010521105221052310524105251052610527105281052910530105311053210533105341053510536105371053810539105401054110542105431054410545105461054710548105491055010551105521055310554105551055610557105581055910560105611056210563105641056510566105671056810569105701057110572105731057410575105761057710578105791058010581105821058310584105851058610587105881058910590105911059210593105941059510596105971059810599106001060110602106031060410605106061060710608106091061010611106121061310614106151061610617106181061910620106211062210623106241062510626106271062810629106301063110632106331063410635106361063710638106391064010641106421064310644106451064610647106481064910650106511065210653106541065510656106571065810659106601066110662106631066410665106661066710668106691067010671106721067310674106751067610677106781067910680106811068210683106841068510686106871068810689106901069110692106931069410695106961069710698106991070010701107021070310704107051070610707107081070910710107111071210713107141071510716107171071810719107201072110722107231072410725107261072710728107291073010731107321073310734107351073610737107381073910740107411074210743107441074510746107471074810749107501075110752107531075410755107561075710758107591076010761107621076310764107651076610767107681076910770107711077210773107741077510776107771077810779107801078110782107831078410785107861078710788107891079010791107921079310794107951079610797107981079910800108011080210803108041080510806108071080810809108101081110812108131081410815108161081710818108191082010821108221082310824108251082610827108281082910830108311083210833108341083510836108371083810839108401084110842108431084410845108461084710848108491085010851108521085310854108551085610857108581085910860108611086210863108641086510866108671086810869108701087110872108731087410875108761087710878108791088010881108821088310884108851088610887108881088910890108911089210893108941089510896108971089810899109001090110902109031090410905109061090710908109091091010911109121091310914109151091610917109181091910920109211092210923109241092510926109271092810929109301093110932109331093410935109361093710938109391094010941109421094310944109451094610947109481094910950109511095210953109541095510956109571095810959109601096110962109631096410965109661096710968109691097010971109721097310974109751097610977109781097910980109811098210983109841098510986109871098810989109901099110992109931099410995109961099710998109991100011001110021100311004110051100611007110081100911010110111101211013110141101511016110171101811019110201102111022110231102411025110261102711028110291103011031110321103311034110351103611037110381103911040110411104211043110441104511046110471104811049110501105111052110531105411055110561105711058110591106011061110621106311064110651106611067110681106911070110711107211073110741107511076110771107811079110801108111082110831108411085110861108711088110891109011091110921109311094110951109611097110981109911100111011110211103111041110511106111071110811109111101111111112111131111411115111161111711118111191112011121111221112311124111251112611127111281112911130111311113211133111341113511136111371113811139111401114111142111431114411145111461114711148111491115011151111521115311154111551115611157111581115911160111611116211163111641116511166111671116811169111701117111172111731117411175111761117711178111791118011181111821118311184111851118611187111881118911190111911119211193111941119511196111971119811199112001120111202112031120411205112061120711208112091121011211112121121311214112151121611217112181121911220112211122211223112241122511226112271122811229112301123111232112331123411235112361123711238112391124011241112421124311244112451124611247112481124911250112511125211253112541125511256112571125811259112601126111262112631126411265112661126711268112691127011271112721127311274112751127611277112781127911280112811128211283112841128511286112871128811289112901129111292112931129411295112961129711298112991130011301113021130311304113051130611307113081130911310113111131211313113141131511316113171131811319113201132111322113231132411325113261132711328113291133011331113321133311334113351133611337113381133911340113411134211343113441134511346113471134811349113501135111352113531135411355113561135711358113591136011361113621136311364113651136611367113681136911370113711137211373113741137511376113771137811379113801138111382113831138411385113861138711388113891139011391113921139311394113951139611397113981139911400114011140211403114041140511406114071140811409114101141111412114131141411415114161141711418114191142011421114221142311424114251142611427114281142911430114311143211433114341143511436114371143811439114401144111442114431144411445114461144711448114491145011451114521145311454114551145611457114581145911460114611146211463114641146511466114671146811469114701147111472114731147411475114761147711478114791148011481114821148311484114851148611487114881148911490114911149211493114941149511496114971149811499115001150111502115031150411505115061150711508115091151011511115121151311514115151151611517115181151911520115211152211523115241152511526115271152811529115301153111532115331153411535115361153711538115391154011541115421154311544115451154611547115481154911550115511155211553115541155511556115571155811559115601156111562115631156411565115661156711568115691157011571115721157311574115751157611577115781157911580115811158211583115841158511586115871158811589115901159111592115931159411595115961159711598115991160011601116021160311604116051160611607116081160911610116111161211613116141161511616116171161811619116201162111622116231162411625116261162711628116291163011631116321163311634116351163611637116381163911640116411164211643116441164511646116471164811649116501165111652116531165411655116561165711658116591166011661116621166311664116651166611667116681166911670116711167211673116741167511676116771167811679116801168111682116831168411685116861168711688116891169011691116921169311694116951169611697116981169911700117011170211703117041170511706117071170811709117101171111712117131171411715117161171711718117191172011721117221172311724117251172611727117281172911730117311173211733117341173511736117371173811739117401174111742117431174411745117461174711748117491175011751117521175311754117551175611757117581175911760117611176211763117641176511766117671176811769117701177111772117731177411775117761177711778117791178011781117821178311784117851178611787117881178911790117911179211793117941179511796117971179811799118001180111802118031180411805118061180711808118091181011811118121181311814118151181611817118181181911820118211182211823118241182511826118271182811829118301183111832118331183411835118361183711838118391184011841118421184311844118451184611847118481184911850118511185211853118541185511856118571185811859118601186111862118631186411865118661186711868118691187011871118721187311874118751187611877118781187911880118811188211883118841188511886118871188811889118901189111892118931189411895118961189711898118991190011901119021190311904119051190611907119081190911910119111191211913119141191511916119171191811919119201192111922119231192411925119261192711928119291193011931119321193311934119351193611937119381193911940119411194211943119441194511946119471194811949119501195111952119531195411955119561195711958119591196011961119621196311964119651196611967119681196911970119711197211973119741197511976119771197811979119801198111982119831198411985119861198711988119891199011991119921199311994119951199611997119981199912000120011200212003120041200512006120071200812009120101201112012120131201412015120161201712018120191202012021120221202312024120251202612027120281202912030120311203212033120341203512036120371203812039120401204112042120431204412045120461204712048120491205012051120521205312054120551205612057120581205912060120611206212063120641206512066120671206812069120701207112072120731207412075120761207712078120791208012081120821208312084120851208612087120881208912090120911209212093120941209512096120971209812099121001210112102121031210412105121061210712108121091211012111121121211312114121151211612117121181211912120121211212212123121241212512126121271212812129121301213112132121331213412135121361213712138121391214012141121421214312144121451214612147121481214912150121511215212153121541215512156121571215812159121601216112162121631216412165121661216712168121691217012171121721217312174121751217612177121781217912180121811218212183121841218512186121871218812189121901219112192121931219412195121961219712198121991220012201122021220312204122051220612207122081220912210122111221212213122141221512216122171221812219122201222112222122231222412225122261222712228122291223012231122321223312234122351223612237122381223912240122411224212243122441224512246122471224812249122501225112252122531225412255122561225712258122591226012261122621226312264122651226612267122681226912270122711227212273122741227512276122771227812279122801228112282122831228412285122861228712288122891229012291122921229312294122951229612297122981229912300123011230212303123041230512306123071230812309123101231112312123131231412315123161231712318123191232012321123221232312324123251232612327123281232912330123311233212333123341233512336123371233812339123401234112342123431234412345123461234712348123491235012351123521235312354123551235612357123581235912360123611236212363123641236512366123671236812369123701237112372123731237412375123761237712378123791238012381123821238312384123851238612387123881238912390123911239212393123941239512396123971239812399124001240112402124031240412405124061240712408124091241012411124121241312414124151241612417124181241912420124211242212423124241242512426124271242812429124301243112432124331243412435124361243712438124391244012441124421244312444124451244612447124481244912450124511245212453124541245512456124571245812459124601246112462124631246412465124661246712468124691247012471124721247312474124751247612477124781247912480124811248212483124841248512486124871248812489124901249112492124931249412495124961249712498124991250012501125021250312504125051250612507125081250912510125111251212513125141251512516125171251812519125201252112522125231252412525125261252712528125291253012531125321253312534125351253612537125381253912540125411254212543125441254512546125471254812549125501255112552125531255412555125561255712558125591256012561125621256312564125651256612567125681256912570125711257212573125741257512576125771257812579125801258112582125831258412585125861258712588125891259012591125921259312594125951259612597125981259912600126011260212603126041260512606126071260812609126101261112612126131261412615126161261712618126191262012621126221262312624126251262612627126281262912630126311263212633126341263512636126371263812639126401264112642126431264412645126461264712648126491265012651126521265312654126551265612657126581265912660126611266212663126641266512666126671266812669126701267112672126731267412675126761267712678126791268012681126821268312684126851268612687126881268912690126911269212693126941269512696126971269812699127001270112702127031270412705127061270712708127091271012711127121271312714127151271612717127181271912720127211272212723127241272512726127271272812729127301273112732127331273412735127361273712738127391274012741127421274312744127451274612747127481274912750127511275212753127541275512756127571275812759127601276112762127631276412765127661276712768127691277012771127721277312774127751277612777127781277912780127811278212783127841278512786127871278812789127901279112792127931279412795127961279712798127991280012801128021280312804128051280612807128081280912810128111281212813128141281512816128171281812819128201282112822128231282412825128261282712828128291283012831128321283312834128351283612837128381283912840128411284212843128441284512846128471284812849128501285112852128531285412855128561285712858128591286012861128621286312864128651286612867128681286912870128711287212873128741287512876128771287812879128801288112882128831288412885128861288712888128891289012891128921289312894128951289612897128981289912900129011290212903129041290512906129071290812909129101291112912129131291412915129161291712918129191292012921129221292312924129251292612927129281292912930129311293212933129341293512936129371293812939129401294112942129431294412945129461294712948129491295012951129521295312954129551295612957129581295912960129611296212963129641296512966129671296812969129701297112972129731297412975129761297712978129791298012981129821298312984129851298612987129881298912990129911299212993129941299512996129971299812999130001300113002130031300413005130061300713008130091301013011130121301313014130151301613017130181301913020130211302213023130241302513026130271302813029130301303113032130331303413035130361303713038130391304013041130421304313044130451304613047130481304913050130511305213053130541305513056130571305813059130601306113062130631306413065130661306713068130691307013071130721307313074130751307613077130781307913080130811308213083130841308513086130871308813089130901309113092130931309413095130961309713098130991310013101131021310313104131051310613107131081310913110131111311213113131141311513116131171311813119131201312113122131231312413125131261312713128131291313013131131321313313134131351313613137131381313913140131411314213143131441314513146131471314813149131501315113152131531315413155131561315713158131591316013161131621316313164131651316613167131681316913170131711317213173131741317513176131771317813179131801318113182131831318413185131861318713188131891319013191131921319313194131951319613197131981319913200132011320213203132041320513206132071320813209132101321113212132131321413215132161321713218132191322013221132221322313224132251322613227132281322913230132311323213233132341323513236132371323813239132401324113242132431324413245132461324713248132491325013251132521325313254132551325613257132581325913260132611326213263132641326513266132671326813269132701327113272132731327413275132761327713278132791328013281132821328313284132851328613287132881328913290132911329213293132941329513296132971329813299133001330113302133031330413305133061330713308133091331013311133121331313314133151331613317133181331913320133211332213323133241332513326133271332813329133301333113332133331333413335133361333713338133391334013341133421334313344133451334613347133481334913350133511335213353133541335513356133571335813359133601336113362133631336413365133661336713368133691337013371133721337313374133751337613377133781337913380133811338213383133841338513386133871338813389133901339113392133931339413395133961339713398133991340013401134021340313404134051340613407134081340913410134111341213413134141341513416134171341813419 |
- /* sp_int.c
- *
- * Copyright (C) 2006-2020 wolfSSL Inc.
- *
- * This file is part of wolfSSL.
- *
- * wolfSSL is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * wolfSSL is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
- */
- /* Implementation by Sean Parkinson. */
- /*
- DESCRIPTION
- This library provides single precision (SP) integer math functions.
- */
- #ifdef HAVE_CONFIG_H
- #include <config.h>
- #endif
- #include <wolfssl/wolfcrypt/settings.h>
- #include <wolfssl/wolfcrypt/error-crypt.h>
- #ifdef NO_INLINE
- #include <wolfssl/wolfcrypt/misc.h>
- #else
- #define WOLFSSL_MISC_INCLUDED
- #include <wolfcrypt/src/misc.c>
- #endif
- /* SP Build Options:
- * WOLFSSL_HAVE_SP_RSA: Enable SP RSA support
- * WOLFSSL_HAVE_SP_DH: Enable SP DH support
- * WOLFSSL_HAVE_SP_ECC: Enable SP ECC support
- * WOLFSSL_SP_MATH: Use only single precision math and algorithms
- * it supports (no fastmath tfm.c or normal integer.c)
- * WOLFSSL_SP_MATH_ALL Implementation of all MP functions
- * (replacement for tfm.c and integer.c)
- * WOLFSSL_SP_SMALL: Use smaller version of code and avoid large
- * stack variables
- * WOLFSSL_SP_NO_MALLOC: Always use stack, no heap XMALLOC/XFREE allowed
- * WOLFSSL_SP_NO_2048: Disable RSA/DH 2048-bit support
- * WOLFSSL_SP_NO_3072: Disable RSA/DH 3072-bit support
- * WOLFSSL_SP_4096: Enable RSA/RH 4096-bit support
- * WOLFSSL_SP_NO_256 Disable ECC 256-bit SECP256R1 support
- * WOLFSSL_SP_384 Enable ECC 384-bit SECP384R1 support
- * WOLFSSL_SP_ASM Enable assembly speedups (detect platform)
- * WOLFSSL_SP_X86_64_ASM Enable Intel x64 assembly implementation
- * WOLFSSL_SP_ARM32_ASM Enable Aarch32 assembly implementation
- * WOLFSSL_SP_ARM64_ASM Enable Aarch64 assembly implementation
- * WOLFSSL_SP_ARM_CORTEX_M_ASM Enable Cortex-M assembly implementation
- * WOLFSSL_SP_ARM_THUMB_ASM Enable ARM Thumb assembly implementation
- * (used with -mthumb)
- * WOLFSSL_SP_X86_64 Enable Intel x86 64-bit assembly speedups
- * WOLFSSL_SP_X86 Enable Intel x86 assembly speedups
- * WOLFSSL_SP_PPC64 Enable PPC64 assembly speedups
- * WOLFSSL_SP_PPC Enable PPC assembly speedups
- * WOLFSSL_SP_MIPS64 Enable MIPS64 assembly speedups
- * WOLFSSL_SP_MIPS Enable MIPS assembly speedups
- * WOLFSSL_SP_RISCV64 Enable RISCV64 assmebly speedups
- * WOLFSSL_SP_RISCV32 Enable RISCV32 assmebly speedups
- * WOLFSSL_SP_S390X Enable S390X assembly speedups
- * SP_WORD_SIZE Force 32 or 64 bit mode
- * WOLFSSL_SP_NONBLOCK Enables "non blocking" mode for SP math, which
- * will return FP_WOULDBLOCK for long operations and function must be
- * called again until complete.
- * WOLFSSL_SP_FAST_NCT_EXPTMOD Enables the faster non-constant time modular
- * exponentation implementation.
- */
- #if defined(WOLFSSL_SP_MATH) || defined(WOLFSSL_SP_MATH_ALL)
- #include <wolfssl/wolfcrypt/sp_int.h>
- /* DECL_SP_INT: Declare one variable of type 'sp_int'. */
- #if (defined(WOLFSSL_SMALL_STACK) || defined(SP_ALLOC)) && \
- !defined(WOLFSSL_SP_NO_MALLOC)
- /* Declare a variable that will be assigned a value on XMALLOC. */
- #define DECL_SP_INT(n, s) \
- sp_int* n = NULL
- #else
- #if defined(__STDC_VERSION__) && (__STDC_VERSION__ >= 199901L) && \
- defined(WOLFSSL_SP_SMALL)
- /* Declare a variable on the stack with the required data size. */
- #define DECL_SP_INT(n, s) \
- byte n##d[MP_INT_SIZEOF(s)]; \
- sp_int* n = (sp_int*)n##d
- #else
- /* Declare a variable on the stack. */
- #define DECL_SP_INT(n, s) \
- sp_int n[1]
- #endif
- #endif
- /* ALLOC_SP_INT: Allocate an 'sp_int' of reqired size. */
- #if (defined(WOLFSSL_SMALL_STACK) || defined(SP_ALLOC)) && \
- !defined(WOLFSSL_SP_NO_MALLOC)
- /* Dynamically allocate just enough data to support size. */
- #define ALLOC_SP_INT(n, s, err, h) \
- do { \
- if (err == MP_OKAY) { \
- n = (sp_int*)XMALLOC(MP_INT_SIZEOF(s), h, DYNAMIC_TYPE_BIGINT); \
- if (n == NULL) { \
- err = MP_MEM; \
- } \
- } \
- } \
- while (0)
- /* Dynamically allocate just enough data to support size - and set size. */
- #define ALLOC_SP_INT_SIZE(n, s, err, h) \
- do { \
- ALLOC_SP_INT(n, s, err, h); \
- if (err == MP_OKAY) { \
- n->size = s; \
- } \
- } \
- while (0)
- #else
- /* Array declared on stack - nothing to do. */
- #define ALLOC_SP_INT(n, s, err, h)
- /* Array declared on stack - set the size field. */
- #define ALLOC_SP_INT_SIZE(n, s, err, h) \
- n->size = s;
- #endif
- /* FREE_SP_INT: Free an 'sp_int' variable. */
- #if (defined(WOLFSSL_SMALL_STACK) || defined(SP_ALLOC)) && \
- !defined(WOLFSSL_SP_NO_MALLOC)
- /* Free dynamically allocated data. */
- #define FREE_SP_INT(n, h) \
- do { \
- if (n != NULL) { \
- XFREE(n, h, DYNAMIC_TYPE_BIGINT); \
- } \
- } \
- while (0)
- #else
- /* Nothing to do as declared on stack. */
- #define FREE_SP_INT(n, h)
- #endif
- /* DECL_SP_INT_ARRAY: Declare array of 'sp_int'. */
- #if (defined(WOLFSSL_SMALL_STACK) || defined(SP_ALLOC)) && \
- !defined(WOLFSSL_SP_NO_MALLOC)
- /* Declare a variable that will be assigned a value on XMALLOC. */
- #define DECL_SP_INT_ARRAY(n, s, c) \
- sp_int* n##d = NULL; \
- sp_int* n[c] = { NULL, }
- #else
- #if defined(__STDC_VERSION__) && (__STDC_VERSION__ >= 199901L) && \
- defined(WOLFSSL_SP_SMALL)
- /* Declare a variable on the stack with the required data size. */
- #define DECL_SP_INT_ARRAY(n, s, c) \
- byte n##d[MP_INT_SIZEOF(s) * (c)]; \
- sp_int* n[c]
- #else
- /* Declare a variable on the stack. */
- #define DECL_SP_INT_ARRAY(n, s, c) \
- sp_int n##d[c]; \
- sp_int* n[c]
- #endif
- #endif
- /* ALLOC_SP_INT_ARRAY: Allocate an array of 'sp_int's of reqired size. */
- #if (defined(WOLFSSL_SMALL_STACK) || defined(SP_ALLOC)) && \
- !defined(WOLFSSL_SP_NO_MALLOC)
- /* Dynamically allocate just enough data to support multiple sp_ints of the
- * required size. Use pointers into data to make up array and set sizes.
- */
- #define ALLOC_SP_INT_ARRAY(n, s, c, err, h) \
- do { \
- if (err == MP_OKAY) { \
- n##d = (sp_int*)XMALLOC(MP_INT_SIZEOF(s) * (c), h, \
- DYNAMIC_TYPE_BIGINT); \
- if (n##d == NULL) { \
- err = MP_MEM; \
- } \
- else { \
- int n##ii; \
- n[0] = n##d; \
- n[0]->size = s; \
- for (n##ii = 1; n##ii < (c); n##ii++) { \
- n[n##ii] = MP_INT_NEXT(n[n##ii-1], s); \
- n[n##ii]->size = s; \
- } \
- } \
- } \
- } \
- while (0)
- #else
- #if defined(__STDC_VERSION__) && (__STDC_VERSION__ >= 199901L) && \
- defined(WOLFSSL_SP_SMALL)
- /* Data declared on stack that supports multiple sp_ints of the
- * required size. Use pointers into data to make up array and set sizes.
- */
- #define ALLOC_SP_INT_ARRAY(n, s, c, err, h) \
- do { \
- if (err == MP_OKAY) { \
- int n##ii; \
- n[0] = (sp_int*)n##d; \
- n[0]->size = s; \
- for (n##ii = 1; n##ii < (c); n##ii++) { \
- n[n##ii] = MP_INT_NEXT(n[n##ii-1], s); \
- n[n##ii]->size = s; \
- } \
- } \
- } \
- while (0)
- #else
- /* Data declared on stack that supports multiple sp_ints of the
- * required size. Set into array and set sizes.
- */
- #define ALLOC_SP_INT_ARRAY(n, s, c, err, h) \
- do { \
- if (err == MP_OKAY) { \
- int n##ii; \
- for (n##ii = 0; n##ii < (c); n##ii++) { \
- n[n##ii] = &n##d[n##ii]; \
- n[n##ii]->size = s; \
- } \
- } \
- } \
- while (0)
- #endif
- #endif
- /* FREE_SP_INT_ARRAY: Free an array of 'sp_int'. */
- #if (defined(WOLFSSL_SMALL_STACK) || defined(SP_ALLOC)) && \
- !defined(WOLFSSL_SP_NO_MALLOC)
- /* Free data variable that was dynamically allocated. */
- #define FREE_SP_INT_ARRAY(n, h) \
- do { \
- if (n##d != NULL) { \
- XFREE(n##d, h, DYNAMIC_TYPE_BIGINT); \
- } \
- } \
- while (0)
- #else
- /* Nothing to do as data declared on stack. */
- #define FREE_SP_INT_ARRAY(n, h)
- #endif
- #ifndef WOLFSSL_NO_ASM
- #if defined(WOLFSSL_SP_X86_64) && SP_WORD_SIZE == 64
- /* Multiply va by vb and store double size result in: vh | vl */
- #define SP_ASM_MUL(vl, vh, va, vb) \
- __asm__ __volatile__ ( \
- "movq %[b], %%rax \n\t" \
- "mulq %[a] \n\t" \
- "movq %%rax, %[l] \n\t" \
- "movq %%rdx, %[h] \n\t" \
- : [h] "+r" (vh), [l] "+r" (vl) \
- : [a] "m" (va), [b] "m" (vb) \
- : "memory", "%rax", "%rdx", "cc" \
- )
- /* Multiply va by vb and store double size result in: vo | vh | vl */
- #define SP_ASM_MUL_SET(vl, vh, vo, va, vb) \
- __asm__ __volatile__ ( \
- "movq %[b], %%rax \n\t" \
- "mulq %[a] \n\t" \
- "movq $0 , %[o] \n\t" \
- "movq %%rax, %[l] \n\t" \
- "movq %%rdx, %[h] \n\t" \
- : [l] "+r" (vl), [h] "+r" (vh), [o] "=r" (vo) \
- : [a] "m" (va), [b] "m" (vb) \
- : "%rax", "%rdx", "cc" \
- )
- /* Multiply va by vb and add double size result into: vo | vh | vl */
- #define SP_ASM_MUL_ADD(vl, vh, vo, va, vb) \
- __asm__ __volatile__ ( \
- "movq %[b], %%rax \n\t" \
- "mulq %[a] \n\t" \
- "addq %%rax, %[l] \n\t" \
- "adcq %%rdx, %[h] \n\t" \
- "adcq $0 , %[o] \n\t" \
- : [l] "+r" (vl), [h] "+r" (vh), [o] "+r" (vo) \
- : [a] "m" (va), [b] "m" (vb) \
- : "%rax", "%rdx", "cc" \
- )
- /* Multiply va by vb and add double size result into: vh | vl */
- #define SP_ASM_MUL_ADD_NO(vl, vh, va, vb) \
- __asm__ __volatile__ ( \
- "movq %[b], %%rax \n\t" \
- "mulq %[a] \n\t" \
- "addq %%rax, %[l] \n\t" \
- "adcq %%rdx, %[h] \n\t" \
- : [l] "+r" (vl), [h] "+r" (vh) \
- : [a] "m" (va), [b] "m" (vb) \
- : "%rax", "%rdx", "cc" \
- )
- /* Multiply va by vb and add double size result twice into: vo | vh | vl */
- #define SP_ASM_MUL_ADD2(vl, vh, vo, va, vb) \
- __asm__ __volatile__ ( \
- "movq %[b], %%rax \n\t" \
- "mulq %[a] \n\t" \
- "addq %%rax, %[l] \n\t" \
- "adcq %%rdx, %[h] \n\t" \
- "adcq $0 , %[o] \n\t" \
- "addq %%rax, %[l] \n\t" \
- "adcq %%rdx, %[h] \n\t" \
- "adcq $0 , %[o] \n\t" \
- : [l] "+r" (vl), [h] "+r" (vh), [o] "+r" (vo) \
- : [a] "m" (va), [b] "m" (vb) \
- : "%rax", "%rdx", "cc" \
- )
- /* Multiply va by vb and add double size result twice into: vo | vh | vl
- * Assumes first add will not overflow vh | vl
- */
- #define SP_ASM_MUL_ADD2_NO(vl, vh, vo, va, vb) \
- __asm__ __volatile__ ( \
- "movq %[b], %%rax \n\t" \
- "mulq %[a] \n\t" \
- "addq %%rax, %[l] \n\t" \
- "adcq %%rdx, %[h] \n\t" \
- "addq %%rax, %[l] \n\t" \
- "adcq %%rdx, %[h] \n\t" \
- "adcq $0 , %[o] \n\t" \
- : [l] "+r" (vl), [h] "+r" (vh), [o] "+r" (vo) \
- : [a] "m" (va), [b] "m" (vb) \
- : "%rax", "%rdx", "cc" \
- )
- /* Square va and store double size result in: vh | vl */
- #define SP_ASM_SQR(vl, vh, va) \
- __asm__ __volatile__ ( \
- "movq %[a], %%rax \n\t" \
- "mulq %%rax \n\t" \
- "movq %%rax, %[l] \n\t" \
- "movq %%rdx, %[h] \n\t" \
- : [h] "+r" (vh), [l] "+r" (vl) \
- : [a] "m" (va) \
- : "memory", "%rax", "%rdx", "cc" \
- )
- /* Square va and add double size result into: vo | vh | vl */
- #define SP_ASM_SQR_ADD(vl, vh, vo, va) \
- __asm__ __volatile__ ( \
- "movq %[a], %%rax \n\t" \
- "mulq %%rax \n\t" \
- "addq %%rax, %[l] \n\t" \
- "adcq %%rdx, %[h] \n\t" \
- "adcq $0 , %[o] \n\t" \
- : [l] "+r" (vl), [h] "+r" (vh), [o] "+r" (vo) \
- : [a] "m" (va) \
- : "%rax", "%rdx", "cc" \
- )
- /* Square va and add double size result into: vh | vl */
- #define SP_ASM_SQR_ADD_NO(vl, vh, va) \
- __asm__ __volatile__ ( \
- "movq %[a], %%rax \n\t" \
- "mulq %%rax \n\t" \
- "addq %%rax, %[l] \n\t" \
- "adcq %%rdx, %[h] \n\t" \
- : [l] "+r" (vl), [h] "+r" (vh) \
- : [a] "m" (va) \
- : "%rax", "%rdx", "cc" \
- )
- /* Add va into: vh | vl */
- #define SP_ASM_ADDC(vl, vh, va) \
- __asm__ __volatile__ ( \
- "addq %[a], %[l] \n\t" \
- "adcq $0 , %[h] \n\t" \
- : [l] "+r" (vl), [h] "+r" (vh) \
- : [a] "m" (va) \
- : "cc" \
- )
- /* Add va, variable in a register, into: vh | vl */
- #define SP_ASM_ADDC_REG(vl, vh, va) \
- __asm__ __volatile__ ( \
- "addq %[a], %[l] \n\t" \
- "adcq $0 , %[h] \n\t" \
- : [l] "+r" (vl), [h] "+r" (vh) \
- : [a] "r" (va) \
- : "cc" \
- )
- /* Sub va from: vh | vl */
- #define SP_ASM_SUBC(vl, vh, va) \
- __asm__ __volatile__ ( \
- "subq %[a], %[l] \n\t" \
- "sbbq $0 , %[h] \n\t" \
- : [l] "+r" (vl), [h] "+r" (vh) \
- : [a] "m" (va) \
- : "cc" \
- )
- /* Add two times vc | vb | va into vo | vh | vl */
- #define SP_ASM_ADD_DBL_3(vl, vh, vo, va, vb, vc) \
- __asm__ __volatile__ ( \
- "addq %[a], %[l] \n\t" \
- "adcq %[b], %[h] \n\t" \
- "adcq %[c], %[o] \n\t" \
- "addq %[a], %[l] \n\t" \
- "adcq %[b], %[h] \n\t" \
- "adcq %[c], %[o] \n\t" \
- : [l] "+r" (vl), [h] "+r" (vh), [o] "+r" (vo) \
- : [a] "r" (va), [b] "r" (vb), [c] "r" (vc) \
- : "%rax", "%rdx", "cc" \
- )
- #ifndef WOLFSSL_SP_DIV_WORD_HALF
- /* Divide a two digit number by a digit number and return. (hi | lo) / d
- *
- * Using divq instruction on Intel x64.
- *
- * @param [in] hi SP integer digit. High digit of the dividend.
- * @param [in] lo SP integer digit. Lower digit of the dividend.
- * @param [in] d SP integer digit. Number to divide by.
- * @reutrn The division result.
- */
- static WC_INLINE sp_int_digit sp_div_word(sp_int_digit hi, sp_int_digit lo,
- sp_int_digit d)
- {
- __asm__ __volatile__ (
- "divq %2"
- : "+a" (lo)
- : "d" (hi), "r" (d)
- : "cc"
- );
- return lo;
- }
- #define SP_ASM_DIV_WORD
- #endif
- #define SP_INT_ASM_AVAILABLE
- #endif /* WOLFSSL_SP_X86_64 && SP_WORD_SIZE == 64 */
- #if defined(WOLFSSL_SP_X86) && SP_WORD_SIZE == 32
- /* Multiply va by vb and store double size result in: vh | vl */
- #define SP_ASM_MUL(vl, vh, va, vb) \
- __asm__ __volatile__ ( \
- "movl %[b], %%eax \n\t" \
- "mull %[a] \n\t" \
- "movl %%eax, %[l] \n\t" \
- "movl %%edx, %[h] \n\t" \
- : [h] "+r" (vh), [l] "+r" (vl) \
- : [a] "m" (va), [b] "m" (vb) \
- : "memory", "eax", "edx", "cc" \
- )
- /* Multiply va by vb and store double size result in: vo | vh | vl */
- #define SP_ASM_MUL_SET(vl, vh, vo, va, vb) \
- __asm__ __volatile__ ( \
- "movl %[b], %%eax \n\t" \
- "mull %[a] \n\t" \
- "movl $0 , %[o] \n\t" \
- "movl %%eax, %[l] \n\t" \
- "movl %%edx, %[h] \n\t" \
- : [l] "+r" (vl), [h] "+r" (vh), [o] "=r" (vo) \
- : [a] "m" (va), [b] "m" (vb) \
- : "eax", "edx", "cc" \
- )
- /* Multiply va by vb and add double size result into: vo | vh | vl */
- #define SP_ASM_MUL_ADD(vl, vh, vo, va, vb) \
- __asm__ __volatile__ ( \
- "movl %[b], %%eax \n\t" \
- "mull %[a] \n\t" \
- "addl %%eax, %[l] \n\t" \
- "adcl %%edx, %[h] \n\t" \
- "adcl $0 , %[o] \n\t" \
- : [l] "+r" (vl), [h] "+r" (vh), [o] "+r" (vo) \
- : [a] "r" (va), [b] "r" (vb) \
- : "eax", "edx", "cc" \
- )
- /* Multiply va by vb and add double size result into: vh | vl */
- #define SP_ASM_MUL_ADD_NO(vl, vh, va, vb) \
- __asm__ __volatile__ ( \
- "movl %[b], %%eax \n\t" \
- "mull %[a] \n\t" \
- "addl %%eax, %[l] \n\t" \
- "adcl %%edx, %[h] \n\t" \
- : [l] "+r" (vl), [h] "+r" (vh) \
- : [a] "m" (va), [b] "m" (vb) \
- : "eax", "edx", "cc" \
- )
- /* Multiply va by vb and add double size result twice into: vo | vh | vl */
- #define SP_ASM_MUL_ADD2(vl, vh, vo, va, vb) \
- __asm__ __volatile__ ( \
- "movl %[b], %%eax \n\t" \
- "mull %[a] \n\t" \
- "addl %%eax, %[l] \n\t" \
- "adcl %%edx, %[h] \n\t" \
- "adcl $0 , %[o] \n\t" \
- "addl %%eax, %[l] \n\t" \
- "adcl %%edx, %[h] \n\t" \
- "adcl $0 , %[o] \n\t" \
- : [l] "+r" (vl), [h] "+r" (vh), [o] "+r" (vo) \
- : [a] "r" (va), [b] "r" (vb) \
- : "eax", "edx", "cc" \
- )
- /* Multiply va by vb and add double size result twice into: vo | vh | vl
- * Assumes first add will not overflow vh | vl
- */
- #define SP_ASM_MUL_ADD2_NO(vl, vh, vo, va, vb) \
- __asm__ __volatile__ ( \
- "movl %[b], %%eax \n\t" \
- "mull %[a] \n\t" \
- "addl %%eax, %[l] \n\t" \
- "adcl %%edx, %[h] \n\t" \
- "addl %%eax, %[l] \n\t" \
- "adcl %%edx, %[h] \n\t" \
- "adcl $0 , %[o] \n\t" \
- : [l] "+r" (vl), [h] "+r" (vh), [o] "+r" (vo) \
- : [a] "m" (va), [b] "m" (vb) \
- : "eax", "edx", "cc" \
- )
- /* Square va and store double size result in: vh | vl */
- #define SP_ASM_SQR(vl, vh, va) \
- __asm__ __volatile__ ( \
- "movl %[a], %%eax \n\t" \
- "mull %%eax \n\t" \
- "movl %%eax, %[l] \n\t" \
- "movl %%edx, %[h] \n\t" \
- : [h] "+r" (vh), [l] "+r" (vl) \
- : [a] "m" (va) \
- : "memory", "eax", "edx", "cc" \
- )
- /* Square va and add double size result into: vo | vh | vl */
- #define SP_ASM_SQR_ADD(vl, vh, vo, va) \
- __asm__ __volatile__ ( \
- "movl %[a], %%eax \n\t" \
- "mull %%eax \n\t" \
- "addl %%eax, %[l] \n\t" \
- "adcl %%edx, %[h] \n\t" \
- "adcl $0 , %[o] \n\t" \
- : [l] "+r" (vl), [h] "+r" (vh), [o] "+r" (vo) \
- : [a] "m" (va) \
- : "eax", "edx", "cc" \
- )
- /* Square va and add double size result into: vh | vl */
- #define SP_ASM_SQR_ADD_NO(vl, vh, va) \
- __asm__ __volatile__ ( \
- "movl %[a], %%eax \n\t" \
- "mull %%eax \n\t" \
- "addl %%eax, %[l] \n\t" \
- "adcl %%edx, %[h] \n\t" \
- : [l] "+r" (vl), [h] "+r" (vh) \
- : [a] "m" (va) \
- : "eax", "edx", "cc" \
- )
- /* Add va into: vh | vl */
- #define SP_ASM_ADDC(vl, vh, va) \
- __asm__ __volatile__ ( \
- "addl %[a], %[l] \n\t" \
- "adcl $0 , %[h] \n\t" \
- : [l] "+r" (vl), [h] "+r" (vh) \
- : [a] "m" (va) \
- : "cc" \
- )
- /* Add va, variable in a register, into: vh | vl */
- #define SP_ASM_ADDC_REG(vl, vh, va) \
- __asm__ __volatile__ ( \
- "addl %[a], %[l] \n\t" \
- "adcl $0 , %[h] \n\t" \
- : [l] "+r" (vl), [h] "+r" (vh) \
- : [a] "r" (va) \
- : "cc" \
- )
- /* Sub va from: vh | vl */
- #define SP_ASM_SUBC(vl, vh, va) \
- __asm__ __volatile__ ( \
- "subl %[a], %[l] \n\t" \
- "sbbl $0 , %[h] \n\t" \
- : [l] "+r" (vl), [h] "+r" (vh) \
- : [a] "m" (va) \
- : "cc" \
- )
- /* Add two times vc | vb | va into vo | vh | vl */
- #define SP_ASM_ADD_DBL_3(vl, vh, vo, va, vb, vc) \
- __asm__ __volatile__ ( \
- "addl %[a], %[l] \n\t" \
- "adcl %[b], %[h] \n\t" \
- "adcl %[c], %[o] \n\t" \
- "addl %[a], %[l] \n\t" \
- "adcl %[b], %[h] \n\t" \
- "adcl %[c], %[o] \n\t" \
- : [l] "+r" (vl), [h] "+r" (vh), [o] "+r" (vo) \
- : [a] "r" (va), [b] "r" (vb), [c] "r" (vc) \
- : "cc" \
- )
- #ifndef WOLFSSL_SP_DIV_WORD_HALF
- /* Divide a two digit number by a digit number and return. (hi | lo) / d
- *
- * Using divl instruction on Intel x64.
- *
- * @param [in] hi SP integer digit. High digit of the dividend.
- * @param [in] lo SP integer digit. Lower digit of the dividend.
- * @param [in] d SP integer digit. Number to divide by.
- * @reutrn The division result.
- */
- static WC_INLINE sp_int_digit sp_div_word(sp_int_digit hi, sp_int_digit lo,
- sp_int_digit d)
- {
- __asm__ __volatile__ (
- "divl %2"
- : "+a" (lo)
- : "d" (hi), "r" (d)
- : "cc"
- );
- return lo;
- }
- #define SP_ASM_DIV_WORD
- #endif
- #define SP_INT_ASM_AVAILABLE
- #endif /* WOLFSSL_SP_X86 && SP_WORD_SIZE == 32 */
- #if defined(WOLFSSL_SP_ARM64) && SP_WORD_SIZE == 64
- /* Multiply va by vb and store double size result in: vh | vl */
- #define SP_ASM_MUL(vl, vh, va, vb) \
- __asm__ __volatile__ ( \
- "mul %[l], %[a], %[b] \n\t" \
- "umulh %[h], %[a], %[b] \n\t" \
- : [h] "+r" (vh), [l] "+r" (vl) \
- : [a] "r" (va), [b] "r" (vb) \
- : "memory", "cc" \
- )
- /* Multiply va by vb and store double size result in: vo | vh | vl */
- #define SP_ASM_MUL_SET(vl, vh, vo, va, vb) \
- __asm__ __volatile__ ( \
- "mul x8, %[a], %[b] \n\t" \
- "umulh %[h], %[a], %[b] \n\t" \
- "mov %[l], x8 \n\t" \
- "mov %[o], xzr \n\t" \
- : [l] "+r" (vl), [h] "+r" (vh), [o] "=r" (vo) \
- : [a] "r" (va), [b] "r" (vb) \
- : "x8" \
- )
- /* Multiply va by vb and add double size result into: vo | vh | vl */
- #define SP_ASM_MUL_ADD(vl, vh, vo, va, vb) \
- __asm__ __volatile__ ( \
- "mul x8, %[a], %[b] \n\t" \
- "umulh x9, %[a], %[b] \n\t" \
- "adds %[l], %[l], x8 \n\t" \
- "adcs %[h], %[h], x9 \n\t" \
- "adc %[o], %[o], xzr \n\t" \
- : [l] "+r" (vl), [h] "+r" (vh), [o] "+r" (vo) \
- : [a] "r" (va), [b] "r" (vb) \
- : "x8", "x9", "cc" \
- )
- /* Multiply va by vb and add double size result into: vh | vl */
- #define SP_ASM_MUL_ADD_NO(vl, vh, va, vb) \
- __asm__ __volatile__ ( \
- "mul x8, %[a], %[b] \n\t" \
- "umulh x9, %[a], %[b] \n\t" \
- "adds %[l], %[l], x8 \n\t" \
- "adc %[h], %[h], x9 \n\t" \
- : [l] "+r" (vl), [h] "+r" (vh) \
- : [a] "r" (va), [b] "r" (vb) \
- : "x8", "x9", "cc" \
- )
- /* Multiply va by vb and add double size result twice into: vo | vh | vl */
- #define SP_ASM_MUL_ADD2(vl, vh, vo, va, vb) \
- __asm__ __volatile__ ( \
- "mul x8, %[a], %[b] \n\t" \
- "umulh x9, %[a], %[b] \n\t" \
- "adds %[l], %[l], x8 \n\t" \
- "adcs %[h], %[h], x9 \n\t" \
- "adc %[o], %[o], xzr \n\t" \
- "adds %[l], %[l], x8 \n\t" \
- "adcs %[h], %[h], x9 \n\t" \
- "adc %[o], %[o], xzr \n\t" \
- : [l] "+r" (vl), [h] "+r" (vh), [o] "+r" (vo) \
- : [a] "r" (va), [b] "r" (vb) \
- : "x8", "x9", "cc" \
- )
- /* Multiply va by vb and add double size result twice into: vo | vh | vl
- * Assumes first add will not overflow vh | vl
- */
- #define SP_ASM_MUL_ADD2_NO(vl, vh, vo, va, vb) \
- __asm__ __volatile__ ( \
- "mul x8, %[a], %[b] \n\t" \
- "umulh x9, %[a], %[b] \n\t" \
- "adds %[l], %[l], x8 \n\t" \
- "adc %[h], %[h], x9 \n\t" \
- "adds %[l], %[l], x8 \n\t" \
- "adcs %[h], %[h], x9 \n\t" \
- "adc %[o], %[o], xzr \n\t" \
- : [l] "+r" (vl), [h] "+r" (vh), [o] "+r" (vo) \
- : [a] "r" (va), [b] "r" (vb) \
- : "x8", "x9", "cc" \
- )
- /* Square va and store double size result in: vh | vl */
- #define SP_ASM_SQR(vl, vh, va) \
- __asm__ __volatile__ ( \
- "mul %[l], %[a], %[a] \n\t" \
- "umulh %[h], %[a], %[a] \n\t" \
- : [h] "+r" (vh), [l] "+r" (vl) \
- : [a] "r" (va) \
- : "memory" \
- )
- /* Square va and add double size result into: vo | vh | vl */
- #define SP_ASM_SQR_ADD(vl, vh, vo, va) \
- __asm__ __volatile__ ( \
- "mul x8, %[a], %[a] \n\t" \
- "umulh x9, %[a], %[a] \n\t" \
- "adds %[l], %[l], x8 \n\t" \
- "adcs %[h], %[h], x9 \n\t" \
- "adc %[o], %[o], xzr \n\t" \
- : [l] "+r" (vl), [h] "+r" (vh), [o] "+r" (vo) \
- : [a] "r" (va) \
- : "x8", "x9", "cc" \
- )
- /* Square va and add double size result into: vh | vl */
- #define SP_ASM_SQR_ADD_NO(vl, vh, va) \
- __asm__ __volatile__ ( \
- "mul x8, %[a], %[a] \n\t" \
- "umulh x9, %[a], %[a] \n\t" \
- "adds %[l], %[l], x8 \n\t" \
- "adc %[h], %[h], x9 \n\t" \
- : [l] "+r" (vl), [h] "+r" (vh) \
- : [a] "r" (va) \
- : "x8", "x9", "cc" \
- )
- /* Add va into: vh | vl */
- #define SP_ASM_ADDC(vl, vh, va) \
- __asm__ __volatile__ ( \
- "adds %[l], %[l], %[a] \n\t" \
- "adc %[h], %[h], xzr \n\t" \
- : [l] "+r" (vl), [h] "+r" (vh) \
- : [a] "r" (va) \
- : "cc" \
- )
- /* Sub va from: vh | vl */
- #define SP_ASM_SUBC(vl, vh, va) \
- __asm__ __volatile__ ( \
- "subs %[l], %[l], %[a] \n\t" \
- "sbc %[h], %[h], xzr \n\t" \
- : [l] "+r" (vl), [h] "+r" (vh) \
- : [a] "r" (va) \
- : "cc" \
- )
- /* Add two times vc | vb | va into vo | vh | vl */
- #define SP_ASM_ADD_DBL_3(vl, vh, vo, va, vb, vc) \
- __asm__ __volatile__ ( \
- "adds %[l], %[l], %[a] \n\t" \
- "adcs %[h], %[h], %[b] \n\t" \
- "adc %[o], %[o], %[c] \n\t" \
- "adds %[l], %[l], %[a] \n\t" \
- "adcs %[h], %[h], %[b] \n\t" \
- "adc %[o], %[o], %[c] \n\t" \
- : [l] "+r" (vl), [h] "+r" (vh), [o] "+r" (vo) \
- : [a] "r" (va), [b] "r" (vb), [c] "r" (vc) \
- : "cc" \
- )
- #define SP_INT_ASM_AVAILABLE
- #endif /* WOLFSSL_SP_ARM64 && SP_WORD_SIZE == 64 */
- #if (defined(WOLFSSL_SP_ARM32) || defined(WOLFSSL_SP_ARM_CORTEX_M)) && \
- SP_WORD_SIZE == 32
- /* Multiply va by vb and store double size result in: vh | vl */
- #define SP_ASM_MUL(vl, vh, va, vb) \
- __asm__ __volatile__ ( \
- "umull %[l], %[h], %[a], %[b] \n\t" \
- : [h] "+r" (vh), [l] "+r" (vl) \
- : [a] "r" (va), [b] "r" (vb) \
- : "memory" \
- )
- /* Multiply va by vb and store double size result in: vo | vh | vl */
- #define SP_ASM_MUL_SET(vl, vh, vo, va, vb) \
- __asm__ __volatile__ ( \
- "umull %[l], %[h], %[a], %[b] \n\t" \
- "mov %[o], #0 \n\t" \
- : [l] "+r" (vl), [h] "+r" (vh), [o] "=r" (vo) \
- : [a] "r" (va), [b] "r" (vb) \
- : \
- )
- /* Multiply va by vb and add double size result into: vo | vh | vl */
- #define SP_ASM_MUL_ADD(vl, vh, vo, va, vb) \
- __asm__ __volatile__ ( \
- "umull r8, r9, %[a], %[b] \n\t" \
- "adds %[l], %[l], r8 \n\t" \
- "adcs %[h], %[h], r9 \n\t" \
- "adc %[o], %[o], #0 \n\t" \
- : [l] "+r" (vl), [h] "+r" (vh), [o] "+r" (vo) \
- : [a] "r" (va), [b] "r" (vb) \
- : "r8", "r9", "cc" \
- )
- /* Multiply va by vb and add double size result into: vh | vl */
- #define SP_ASM_MUL_ADD_NO(vl, vh, va, vb) \
- __asm__ __volatile__ ( \
- "umlal %[l], %[h], %[a], %[b] \n\t" \
- : [l] "+r" (vl), [h] "+r" (vh) \
- : [a] "r" (va), [b] "r" (vb) \
- : \
- )
- /* Multiply va by vb and add double size result twice into: vo | vh | vl */
- #define SP_ASM_MUL_ADD2(vl, vh, vo, va, vb) \
- __asm__ __volatile__ ( \
- "umull r8, r9, %[a], %[b] \n\t" \
- "adds %[l], %[l], r8 \n\t" \
- "adcs %[h], %[h], r9 \n\t" \
- "adc %[o], %[o], #0 \n\t" \
- "adds %[l], %[l], r8 \n\t" \
- "adcs %[h], %[h], r9 \n\t" \
- "adc %[o], %[o], #0 \n\t" \
- : [l] "+r" (vl), [h] "+r" (vh), [o] "+r" (vo) \
- : [a] "r" (va), [b] "r" (vb) \
- : "r8", "r9", "cc" \
- )
- /* Multiply va by vb and add double size result twice into: vo | vh | vl
- * Assumes first add will not overflow vh | vl
- */
- #define SP_ASM_MUL_ADD2_NO(vl, vh, vo, va, vb) \
- __asm__ __volatile__ ( \
- "umull r8, r9, %[a], %[b] \n\t" \
- "adds %[l], %[l], r8 \n\t" \
- "adc %[h], %[h], r9 \n\t" \
- "adds %[l], %[l], r8 \n\t" \
- "adcs %[h], %[h], r9 \n\t" \
- "adc %[o], %[o], #0 \n\t" \
- : [l] "+r" (vl), [h] "+r" (vh), [o] "+r" (vo) \
- : [a] "r" (va), [b] "r" (vb) \
- : "r8", "r9", "cc" \
- )
- /* Square va and store double size result in: vh | vl */
- #define SP_ASM_SQR(vl, vh, va) \
- __asm__ __volatile__ ( \
- "umull %[l], %[h], %[a], %[a] \n\t" \
- : [h] "+r" (vh), [l] "+r" (vl) \
- : [a] "r" (va) \
- : "memory" \
- )
- /* Square va and add double size result into: vo | vh | vl */
- #define SP_ASM_SQR_ADD(vl, vh, vo, va) \
- __asm__ __volatile__ ( \
- "umull r8, r9, %[a], %[a] \n\t" \
- "adds %[l], %[l], r8 \n\t" \
- "adcs %[h], %[h], r9 \n\t" \
- "adc %[o], %[o], #0 \n\t" \
- : [l] "+r" (vl), [h] "+r" (vh), [o] "+r" (vo) \
- : [a] "r" (va) \
- : "r8", "r9", "cc" \
- )
- /* Square va and add double size result into: vh | vl */
- #define SP_ASM_SQR_ADD_NO(vl, vh, va) \
- __asm__ __volatile__ ( \
- "umlal %[l], %[h], %[a], %[a] \n\t" \
- : [l] "+r" (vl), [h] "+r" (vh) \
- : [a] "r" (va) \
- : "cc" \
- )
- /* Add va into: vh | vl */
- #define SP_ASM_ADDC(vl, vh, va) \
- __asm__ __volatile__ ( \
- "adds %[l], %[l], %[a] \n\t" \
- "adc %[h], %[h], #0 \n\t" \
- : [l] "+r" (vl), [h] "+r" (vh) \
- : [a] "r" (va) \
- : "cc" \
- )
- /* Sub va from: vh | vl */
- #define SP_ASM_SUBC(vl, vh, va) \
- __asm__ __volatile__ ( \
- "subs %[l], %[l], %[a] \n\t" \
- "sbc %[h], %[h], #0 \n\t" \
- : [l] "+r" (vl), [h] "+r" (vh) \
- : [a] "r" (va) \
- : "cc" \
- )
- /* Add two times vc | vb | va into vo | vh | vl */
- #define SP_ASM_ADD_DBL_3(vl, vh, vo, va, vb, vc) \
- __asm__ __volatile__ ( \
- "adds %[l], %[l], %[a] \n\t" \
- "adcs %[h], %[h], %[b] \n\t" \
- "adc %[o], %[o], %[c] \n\t" \
- "adds %[l], %[l], %[a] \n\t" \
- "adcs %[h], %[h], %[b] \n\t" \
- "adc %[o], %[o], %[c] \n\t" \
- : [l] "+r" (vl), [h] "+r" (vh), [o] "+r" (vo) \
- : [a] "r" (va), [b] "r" (vb), [c] "r" (vc) \
- : "cc" \
- )
- #define SP_INT_ASM_AVAILABLE
- #endif /* (WOLFSSL_SP_ARM32 || ARM_CORTEX_M) && SP_WORD_SIZE == 32 */
- #if defined(WOLFSSL_SP_PPC64) && SP_WORD_SIZE == 64
- /* Multiply va by vb and store double size result in: vh | vl */
- #define SP_ASM_MUL(vl, vh, va, vb) \
- __asm__ __volatile__ ( \
- "mulld %[l], %[a], %[b] \n\t" \
- "mulhdu %[h], %[a], %[b] \n\t" \
- : [h] "+r" (vh), [l] "+r" (vl) \
- : [a] "r" (va), [b] "r" (vb) \
- : "memory" \
- )
- /* Multiply va by vb and store double size result in: vo | vh | vl */
- #define SP_ASM_MUL_SET(vl, vh, vo, va, vb) \
- __asm__ __volatile__ ( \
- "mulhdu %[h], %[a], %[b] \n\t" \
- "mulld %[l], %[a], %[b] \n\t" \
- "li %[o], 0 \n\t" \
- : [l] "+r" (vl), [h] "+r" (vh), [o] "=r" (vo) \
- : [a] "r" (va), [b] "r" (vb) \
- : \
- )
- /* Multiply va by vb and add double size result into: vo | vh | vl */
- #define SP_ASM_MUL_ADD(vl, vh, vo, va, vb) \
- __asm__ __volatile__ ( \
- "mulld 16, %[a], %[b] \n\t" \
- "mulhdu 17, %[a], %[b] \n\t" \
- "addc %[l], %[l], 16 \n\t" \
- "adde %[h], %[h], 17 \n\t" \
- "addze %[o], %[o] \n\t" \
- : [l] "+r" (vl), [h] "+r" (vh), [o] "+r" (vo) \
- : [a] "r" (va), [b] "r" (vb) \
- : "16", "17", "cc" \
- )
- /* Multiply va by vb and add double size result into: vh | vl */
- #define SP_ASM_MUL_ADD_NO(vl, vh, va, vb) \
- __asm__ __volatile__ ( \
- "mulld 16, %[a], %[b] \n\t" \
- "mulhdu 17, %[a], %[b] \n\t" \
- "addc %[l], %[l], 16 \n\t" \
- "adde %[h], %[h], 17 \n\t" \
- : [l] "+r" (vl), [h] "+r" (vh) \
- : [a] "r" (va), [b] "r" (vb) \
- : "16", "17", "cc" \
- )
- /* Multiply va by vb and add double size result twice into: vo | vh | vl */
- #define SP_ASM_MUL_ADD2(vl, vh, vo, va, vb) \
- __asm__ __volatile__ ( \
- "mulld 16, %[a], %[b] \n\t" \
- "mulhdu 17, %[a], %[b] \n\t" \
- "addc %[l], %[l], 16 \n\t" \
- "adde %[h], %[h], 17 \n\t" \
- "addze %[o], %[o] \n\t" \
- "addc %[l], %[l], 16 \n\t" \
- "adde %[h], %[h], 17 \n\t" \
- "addze %[o], %[o] \n\t" \
- : [l] "+r" (vl), [h] "+r" (vh), [o] "+r" (vo) \
- : [a] "r" (va), [b] "r" (vb) \
- : "16", "17", "cc" \
- )
- /* Multiply va by vb and add double size result twice into: vo | vh | vl
- * Assumes first add will not overflow vh | vl
- */
- #define SP_ASM_MUL_ADD2_NO(vl, vh, vo, va, vb) \
- __asm__ __volatile__ ( \
- "mulld 16, %[a], %[b] \n\t" \
- "mulhdu 17, %[a], %[b] \n\t" \
- "addc %[l], %[l], 16 \n\t" \
- "adde %[h], %[h], 17 \n\t" \
- "addc %[l], %[l], 16 \n\t" \
- "adde %[h], %[h], 17 \n\t" \
- "addze %[o], %[o] \n\t" \
- : [l] "+r" (vl), [h] "+r" (vh), [o] "+r" (vo) \
- : [a] "r" (va), [b] "r" (vb) \
- : "16", "17", "cc" \
- )
- /* Square va and store double size result in: vh | vl */
- #define SP_ASM_SQR(vl, vh, va) \
- __asm__ __volatile__ ( \
- "mulld %[l], %[a], %[a] \n\t" \
- "mulhdu %[h], %[a], %[a] \n\t" \
- : [h] "+r" (vh), [l] "+r" (vl) \
- : [a] "r" (va) \
- : "memory" \
- )
- /* Square va and add double size result into: vo | vh | vl */
- #define SP_ASM_SQR_ADD(vl, vh, vo, va) \
- __asm__ __volatile__ ( \
- "mulld 16, %[a], %[a] \n\t" \
- "mulhdu 17, %[a], %[a] \n\t" \
- "addc %[l], %[l], 16 \n\t" \
- "adde %[h], %[h], 17 \n\t" \
- "addze %[o], %[o] \n\t" \
- : [l] "+r" (vl), [h] "+r" (vh), [o] "+r" (vo) \
- : [a] "r" (va) \
- : "16", "17", "cc" \
- )
- /* Square va and add double size result into: vh | vl */
- #define SP_ASM_SQR_ADD_NO(vl, vh, va) \
- __asm__ __volatile__ ( \
- "mulld 16, %[a], %[a] \n\t" \
- "mulhdu 17, %[a], %[a] \n\t" \
- "addc %[l], %[l], 16 \n\t" \
- "adde %[h], %[h], 17 \n\t" \
- : [l] "+r" (vl), [h] "+r" (vh) \
- : [a] "r" (va) \
- : "16", "17", "cc" \
- )
- /* Add va into: vh | vl */
- #define SP_ASM_ADDC(vl, vh, va) \
- __asm__ __volatile__ ( \
- "addc %[l], %[l], %[a] \n\t" \
- "addze %[h], %[h] \n\t" \
- : [l] "+r" (vl), [h] "+r" (vh) \
- : [a] "r" (va) \
- : "cc" \
- )
- /* Sub va from: vh | vl */
- #define SP_ASM_SUBC(vl, vh, va) \
- __asm__ __volatile__ ( \
- "subfc %[l], %[a], %[l] \n\t" \
- "li 16, 0 \n\t" \
- "subfe %[h], 16, %[h] \n\t" \
- : [l] "+r" (vl), [h] "+r" (vh) \
- : [a] "r" (va) \
- : "16", "cc" \
- )
- /* Add two times vc | vb | va into vo | vh | vl */
- #define SP_ASM_ADD_DBL_3(vl, vh, vo, va, vb, vc) \
- __asm__ __volatile__ ( \
- "addc %[l], %[l], %[a] \n\t" \
- "adde %[h], %[h], %[b] \n\t" \
- "adde %[o], %[o], %[c] \n\t" \
- "addc %[l], %[l], %[a] \n\t" \
- "adde %[h], %[h], %[b] \n\t" \
- "adde %[o], %[o], %[c] \n\t" \
- : [l] "+r" (vl), [h] "+r" (vh), [o] "+r" (vo) \
- : [a] "r" (va), [b] "r" (vb), [c] "r" (vc) \
- : "cc" \
- )
- #define SP_INT_ASM_AVAILABLE
- #endif /* WOLFSSL_SP_PPC64 && SP_WORD_SIZE == 64 */
- #if defined(WOLFSSL_SP_PPC) && SP_WORD_SIZE == 32
- /* Multiply va by vb and store double size result in: vh | vl */
- #define SP_ASM_MUL(vl, vh, va, vb) \
- __asm__ __volatile__ ( \
- "mullw %[l], %[a], %[b] \n\t" \
- "mulhwu %[h], %[a], %[b] \n\t" \
- : [h] "+r" (vh), [l] "+r" (vl) \
- : [a] "r" (va), [b] "r" (vb) \
- : "memory" \
- )
- /* Multiply va by vb and store double size result in: vo | vh | vl */
- #define SP_ASM_MUL_SET(vl, vh, vo, va, vb) \
- __asm__ __volatile__ ( \
- "mulhwu %[h], %[a], %[b] \n\t" \
- "mullw %[l], %[a], %[b] \n\t" \
- "li %[o], 0 \n\t" \
- : [l] "+r" (vl), [h] "+r" (vh), [o] "=r" (vo) \
- : [a] "r" (va), [b] "r" (vb) \
- : \
- )
- /* Multiply va by vb and add double size result into: vo | vh | vl */
- #define SP_ASM_MUL_ADD(vl, vh, vo, va, vb) \
- __asm__ __volatile__ ( \
- "mullw 16, %[a], %[b] \n\t" \
- "mulhwu 17, %[a], %[b] \n\t" \
- "addc %[l], %[l], 16 \n\t" \
- "adde %[h], %[h], 17 \n\t" \
- "addze %[o], %[o] \n\t" \
- : [l] "+r" (vl), [h] "+r" (vh), [o] "+r" (vo) \
- : [a] "r" (va), [b] "r" (vb) \
- : "16", "17", "cc" \
- )
- /* Multiply va by vb and add double size result into: vh | vl */
- #define SP_ASM_MUL_ADD_NO(vl, vh, va, vb) \
- __asm__ __volatile__ ( \
- "mullw 16, %[a], %[b] \n\t" \
- "mulhwu 17, %[a], %[b] \n\t" \
- "addc %[l], %[l], 16 \n\t" \
- "adde %[h], %[h], 17 \n\t" \
- : [l] "+r" (vl), [h] "+r" (vh) \
- : [a] "r" (va), [b] "r" (vb) \
- : "16", "17", "cc" \
- )
- /* Multiply va by vb and add double size result twice into: vo | vh | vl */
- #define SP_ASM_MUL_ADD2(vl, vh, vo, va, vb) \
- __asm__ __volatile__ ( \
- "mullw 16, %[a], %[b] \n\t" \
- "mulhwu 17, %[a], %[b] \n\t" \
- "addc %[l], %[l], 16 \n\t" \
- "adde %[h], %[h], 17 \n\t" \
- "addze %[o], %[o] \n\t" \
- "addc %[l], %[l], 16 \n\t" \
- "adde %[h], %[h], 17 \n\t" \
- "addze %[o], %[o] \n\t" \
- : [l] "+r" (vl), [h] "+r" (vh), [o] "+r" (vo) \
- : [a] "r" (va), [b] "r" (vb) \
- : "16", "17", "cc" \
- )
- /* Multiply va by vb and add double size result twice into: vo | vh | vl
- * Assumes first add will not overflow vh | vl
- */
- #define SP_ASM_MUL_ADD2_NO(vl, vh, vo, va, vb) \
- __asm__ __volatile__ ( \
- "mullw 16, %[a], %[b] \n\t" \
- "mulhwu 17, %[a], %[b] \n\t" \
- "addc %[l], %[l], 16 \n\t" \
- "adde %[h], %[h], 17 \n\t" \
- "addc %[l], %[l], 16 \n\t" \
- "adde %[h], %[h], 17 \n\t" \
- "addze %[o], %[o] \n\t" \
- : [l] "+r" (vl), [h] "+r" (vh), [o] "+r" (vo) \
- : [a] "r" (va), [b] "r" (vb) \
- : "16", "17", "cc" \
- )
- /* Square va and store double size result in: vh | vl */
- #define SP_ASM_SQR(vl, vh, va) \
- __asm__ __volatile__ ( \
- "mullw %[l], %[a], %[a] \n\t" \
- "mulhwu %[h], %[a], %[a] \n\t" \
- : [h] "+r" (vh), [l] "+r" (vl) \
- : [a] "r" (va) \
- : "memory" \
- )
- /* Square va and add double size result into: vo | vh | vl */
- #define SP_ASM_SQR_ADD(vl, vh, vo, va) \
- __asm__ __volatile__ ( \
- "mullw 16, %[a], %[a] \n\t" \
- "mulhwu 17, %[a], %[a] \n\t" \
- "addc %[l], %[l], 16 \n\t" \
- "adde %[h], %[h], 17 \n\t" \
- "addze %[o], %[o] \n\t" \
- : [l] "+r" (vl), [h] "+r" (vh), [o] "+r" (vo) \
- : [a] "r" (va) \
- : "16", "17", "cc" \
- )
- /* Square va and add double size result into: vh | vl */
- #define SP_ASM_SQR_ADD_NO(vl, vh, va) \
- __asm__ __volatile__ ( \
- "mullw 16, %[a], %[a] \n\t" \
- "mulhwu 17, %[a], %[a] \n\t" \
- "addc %[l], %[l], 16 \n\t" \
- "adde %[h], %[h], 17 \n\t" \
- : [l] "+r" (vl), [h] "+r" (vh) \
- : [a] "r" (va) \
- : "16", "17", "cc" \
- )
- /* Add va into: vh | vl */
- #define SP_ASM_ADDC(vl, vh, va) \
- __asm__ __volatile__ ( \
- "addc %[l], %[l], %[a] \n\t" \
- "addze %[h], %[h] \n\t" \
- : [l] "+r" (vl), [h] "+r" (vh) \
- : [a] "r" (va) \
- : "cc" \
- )
- /* Sub va from: vh | vl */
- #define SP_ASM_SUBC(vl, vh, va) \
- __asm__ __volatile__ ( \
- "subfc %[l], %[a], %[l] \n\t" \
- "li 16, 0 \n\t" \
- "subfe %[h], 16, %[h] \n\t" \
- : [l] "+r" (vl), [h] "+r" (vh) \
- : [a] "r" (va) \
- : "16", "cc" \
- )
- /* Add two times vc | vb | va into vo | vh | vl */
- #define SP_ASM_ADD_DBL_3(vl, vh, vo, va, vb, vc) \
- __asm__ __volatile__ ( \
- "addc %[l], %[l], %[a] \n\t" \
- "adde %[h], %[h], %[b] \n\t" \
- "adde %[o], %[o], %[c] \n\t" \
- "addc %[l], %[l], %[a] \n\t" \
- "adde %[h], %[h], %[b] \n\t" \
- "adde %[o], %[o], %[c] \n\t" \
- : [l] "+r" (vl), [h] "+r" (vh), [o] "+r" (vo) \
- : [a] "r" (va), [b] "r" (vb), [c] "r" (vc) \
- : "cc" \
- )
- #define SP_INT_ASM_AVAILABLE
- #endif /* WOLFSSL_SP_PPC && SP_WORD_SIZE == 64 */
- #if defined(WOLFSSL_SP_MIPS64) && SP_WORD_SIZE == 64
- /* Multiply va by vb and store double size result in: vh | vl */
- #define SP_ASM_MUL(vl, vh, va, vb) \
- __asm__ __volatile__ ( \
- "dmultu %[a], %[b] \n\t" \
- "mflo %[l] \n\t" \
- "mfhi %[h] \n\t" \
- : [h] "+r" (vh), [l] "+r" (vl) \
- : [a] "r" (va), [b] "r" (vb) \
- : "memory", "$lo", "$hi" \
- )
- /* Multiply va by vb and store double size result in: vo | vh | vl */
- #define SP_ASM_MUL_SET(vl, vh, vo, va, vb) \
- __asm__ __volatile__ ( \
- "dmultu %[a], %[b] \n\t" \
- "mflo %[l] \n\t" \
- "mfhi %[h] \n\t" \
- "move %[o], $0 \n\t" \
- : [l] "+r" (vl), [h] "+r" (vh), [o] "=r" (vo) \
- : [a] "r" (va), [b] "r" (vb) \
- : "$lo", "$hi" \
- )
- /* Multiply va by vb and add double size result into: vo | vh | vl */
- #define SP_ASM_MUL_ADD(vl, vh, vo, va, vb) \
- __asm__ __volatile__ ( \
- "dmultu %[a], %[b] \n\t" \
- "mflo $10 \n\t" \
- "mfhi $11 \n\t" \
- "daddu %[l], %[l], $10 \n\t" \
- "sltu $12, %[l], $10 \n\t" \
- "daddu %[h], %[h], $12 \n\t" \
- "sltu $12, %[h], $12 \n\t" \
- "daddu %[o], %[o], $12 \n\t" \
- "daddu %[h], %[h], $11 \n\t" \
- "sltu $12, %[h], $11 \n\t" \
- "daddu %[o], %[o], $12 \n\t" \
- : [l] "+r" (vl), [h] "+r" (vh), [o] "+r" (vo) \
- : [a] "r" (va), [b] "r" (vb) \
- : "$10", "$11", "$12", "$lo", "$hi" \
- )
- /* Multiply va by vb and add double size result into: vh | vl */
- #define SP_ASM_MUL_ADD_NO(vl, vh, va, vb) \
- __asm__ __volatile__ ( \
- "dmultu %[a], %[b] \n\t" \
- "mflo $10 \n\t" \
- "mfhi $11 \n\t" \
- "daddu %[l], %[l], $10 \n\t" \
- "sltu $12, %[l], $10 \n\t" \
- "daddu %[h], %[h], $11 \n\t" \
- "daddu %[h], %[h], $12 \n\t" \
- : [l] "+r" (vl), [h] "+r" (vh) \
- : [a] "r" (va), [b] "r" (vb) \
- : "$10", "$11", "$12", "$lo", "$hi" \
- )
- /* Multiply va by vb and add double size result twice into: vo | vh | vl */
- #define SP_ASM_MUL_ADD2(vl, vh, vo, va, vb) \
- __asm__ __volatile__ ( \
- "dmultu %[a], %[b] \n\t" \
- "mflo $10 \n\t" \
- "mfhi $11 \n\t" \
- "daddu %[l], %[l], $10 \n\t" \
- "sltu $12, %[l], $10 \n\t" \
- "daddu %[h], %[h], $12 \n\t" \
- "sltu $12, %[h], $12 \n\t" \
- "daddu %[o], %[o], $12 \n\t" \
- "daddu %[h], %[h], $11 \n\t" \
- "sltu $12, %[h], $11 \n\t" \
- "daddu %[o], %[o], $12 \n\t" \
- "daddu %[l], %[l], $10 \n\t" \
- "sltu $12, %[l], $10 \n\t" \
- "daddu %[h], %[h], $12 \n\t" \
- "sltu $12, %[h], $12 \n\t" \
- "daddu %[o], %[o], $12 \n\t" \
- "daddu %[h], %[h], $11 \n\t" \
- "sltu $12, %[h], $11 \n\t" \
- "daddu %[o], %[o], $12 \n\t" \
- : [l] "+r" (vl), [h] "+r" (vh), [o] "+r" (vo) \
- : [a] "r" (va), [b] "r" (vb) \
- : "$10", "$11", "$12", "$lo", "$hi" \
- )
- /* Multiply va by vb and add double size result twice into: vo | vh | vl
- * Assumes first add will not overflow vh | vl
- */
- #define SP_ASM_MUL_ADD2_NO(vl, vh, vo, va, vb) \
- __asm__ __volatile__ ( \
- "dmultu %[a], %[b] \n\t" \
- "mflo $10 \n\t" \
- "mfhi $11 \n\t" \
- "daddu %[l], %[l], $10 \n\t" \
- "sltu $12, %[l], $10 \n\t" \
- "daddu %[h], %[h], $11 \n\t" \
- "daddu %[h], %[h], $12 \n\t" \
- "daddu %[l], %[l], $10 \n\t" \
- "sltu $12, %[l], $10 \n\t" \
- "daddu %[h], %[h], $12 \n\t" \
- "sltu $12, %[h], $12 \n\t" \
- "daddu %[o], %[o], $12 \n\t" \
- "daddu %[h], %[h], $11 \n\t" \
- "sltu $12, %[h], $11 \n\t" \
- "daddu %[o], %[o], $12 \n\t" \
- : [l] "+r" (vl), [h] "+r" (vh), [o] "+r" (vo) \
- : [a] "r" (va), [b] "r" (vb) \
- : "$10", "$11", "$12", "$lo", "$hi" \
- )
- /* Square va and store double size result in: vh | vl */
- #define SP_ASM_SQR(vl, vh, va) \
- __asm__ __volatile__ ( \
- "dmultu %[a], %[a] \n\t" \
- "mflo %[l] \n\t" \
- "mfhi %[h] \n\t" \
- : [h] "+r" (vh), [l] "+r" (vl) \
- : [a] "r" (va) \
- : "memory", "$lo", "$hi" \
- )
- /* Square va and add double size result into: vo | vh | vl */
- #define SP_ASM_SQR_ADD(vl, vh, vo, va) \
- __asm__ __volatile__ ( \
- "dmultu %[a], %[a] \n\t" \
- "mflo $10 \n\t" \
- "mfhi $11 \n\t" \
- "daddu %[l], %[l], $10 \n\t" \
- "sltu $12, %[l], $10 \n\t" \
- "daddu %[h], %[h], $12 \n\t" \
- "sltu $12, %[h], $12 \n\t" \
- "daddu %[o], %[o], $12 \n\t" \
- "daddu %[h], %[h], $11 \n\t" \
- "sltu $12, %[h], $11 \n\t" \
- "daddu %[o], %[o], $12 \n\t" \
- : [l] "+r" (vl), [h] "+r" (vh), [o] "+r" (vo) \
- : [a] "r" (va) \
- : "$10", "$11", "$12", "$lo", "$hi" \
- )
- /* Square va and add double size result into: vh | vl */
- #define SP_ASM_SQR_ADD_NO(vl, vh, va) \
- __asm__ __volatile__ ( \
- "dmultu %[a], %[a] \n\t" \
- "mflo $10 \n\t" \
- "mfhi $11 \n\t" \
- "daddu %[l], %[l], $10 \n\t" \
- "sltu $12, %[l], $10 \n\t" \
- "daddu %[h], %[h], $11 \n\t" \
- "daddu %[h], %[h], $12 \n\t" \
- : [l] "+r" (vl), [h] "+r" (vh) \
- : [a] "r" (va) \
- : "$10", "$11", "$12", "$lo", "$hi" \
- )
- /* Add va into: vh | vl */
- #define SP_ASM_ADDC(vl, vh, va) \
- __asm__ __volatile__ ( \
- "daddu %[l], %[l], %[a] \n\t" \
- "sltu $12, %[l], %[a] \n\t" \
- "daddu %[h], %[h], $12 \n\t" \
- : [l] "+r" (vl), [h] "+r" (vh) \
- : [a] "r" (va) \
- : "$12" \
- )
- /* Sub va from: vh | vl */
- #define SP_ASM_SUBC(vl, vh, va) \
- __asm__ __volatile__ ( \
- "move $12, %[l] \n\t" \
- "dsubu %[l], $12, %[a] \n\t" \
- "sltu $12, $12, %[l] \n\t" \
- "dsubu %[h], %[h], $12 \n\t" \
- : [l] "+r" (vl), [h] "+r" (vh) \
- : [a] "r" (va) \
- : "$12" \
- )
- /* Add two times vc | vb | va into vo | vh | vl */
- #define SP_ASM_ADD_DBL_3(vl, vh, vo, va, vb, vc) \
- __asm__ __volatile__ ( \
- "daddu %[l], %[l], %[a] \n\t" \
- "sltu $12, %[l], %[a] \n\t" \
- "daddu %[h], %[h], $12 \n\t" \
- "sltu $12, %[h], $12 \n\t" \
- "daddu %[o], %[o], $12 \n\t" \
- "daddu %[h], %[h], %[b] \n\t" \
- "sltu $12, %[h], %[b] \n\t" \
- "daddu %[o], %[o], %[c] \n\t" \
- "daddu %[o], %[o], $12 \n\t" \
- "daddu %[l], %[l], %[a] \n\t" \
- "sltu $12, %[l], %[a] \n\t" \
- "daddu %[h], %[h], $12 \n\t" \
- "sltu $12, %[h], $12 \n\t" \
- "daddu %[o], %[o], $12 \n\t" \
- "daddu %[h], %[h], %[b] \n\t" \
- "sltu $12, %[h], %[b] \n\t" \
- "daddu %[o], %[o], %[c] \n\t" \
- "daddu %[o], %[o], $12 \n\t" \
- : [l] "+r" (vl), [h] "+r" (vh), [o] "+r" (vo) \
- : [a] "r" (va), [b] "r" (vb), [c] "r" (vc) \
- : "$12" \
- )
- #define SP_INT_ASM_AVAILABLE
- #endif /* WOLFSSL_SP_MIPS64 && SP_WORD_SIZE == 64 */
- #if defined(WOLFSSL_SP_MIPS) && SP_WORD_SIZE == 32
- /* Multiply va by vb and store double size result in: vh | vl */
- #define SP_ASM_MUL(vl, vh, va, vb) \
- __asm__ __volatile__ ( \
- "multu %[a], %[b] \n\t" \
- "mflo %[l] \n\t" \
- "mfhi %[h] \n\t" \
- : [h] "+r" (vh), [l] "+r" (vl) \
- : [a] "r" (va), [b] "r" (vb) \
- : "memory", "$lo", "$hi" \
- )
- /* Multiply va by vb and store double size result in: vo | vh | vl */
- #define SP_ASM_MUL_SET(vl, vh, vo, va, vb) \
- __asm__ __volatile__ ( \
- "multu %[a], %[b] \n\t" \
- "mflo %[l] \n\t" \
- "mfhi %[h] \n\t" \
- "move %[o], $0 \n\t" \
- : [l] "+r" (vl), [h] "+r" (vh), [o] "=r" (vo) \
- : [a] "r" (va), [b] "r" (vb) \
- : "$lo", "$hi" \
- )
- /* Multiply va by vb and add double size result into: vo | vh | vl */
- #define SP_ASM_MUL_ADD(vl, vh, vo, va, vb) \
- __asm__ __volatile__ ( \
- "multu %[a], %[b] \n\t" \
- "mflo $10 \n\t" \
- "mfhi $11 \n\t" \
- "addu %[l], %[l], $10 \n\t" \
- "sltu $12, %[l], $10 \n\t" \
- "addu %[h], %[h], $12 \n\t" \
- "sltu $12, %[h], $12 \n\t" \
- "addu %[o], %[o], $12 \n\t" \
- "addu %[h], %[h], $11 \n\t" \
- "sltu $12, %[h], $11 \n\t" \
- "addu %[o], %[o], $12 \n\t" \
- : [l] "+r" (vl), [h] "+r" (vh), [o] "+r" (vo) \
- : [a] "r" (va), [b] "r" (vb) \
- : "$10", "$11", "$12", "$lo", "$hi" \
- )
- /* Multiply va by vb and add double size result into: vh | vl */
- #define SP_ASM_MUL_ADD_NO(vl, vh, va, vb) \
- __asm__ __volatile__ ( \
- "multu %[a], %[b] \n\t" \
- "mflo $10 \n\t" \
- "mfhi $11 \n\t" \
- "addu %[l], %[l], $10 \n\t" \
- "sltu $12, %[l], $10 \n\t" \
- "addu %[h], %[h], $11 \n\t" \
- "addu %[h], %[h], $12 \n\t" \
- : [l] "+r" (vl), [h] "+r" (vh) \
- : [a] "r" (va), [b] "r" (vb) \
- : "$10", "$11", "$12", "$lo", "$hi" \
- )
- /* Multiply va by vb and add double size result twice into: vo | vh | vl */
- #define SP_ASM_MUL_ADD2(vl, vh, vo, va, vb) \
- __asm__ __volatile__ ( \
- "multu %[a], %[b] \n\t" \
- "mflo $10 \n\t" \
- "mfhi $11 \n\t" \
- "addu %[l], %[l], $10 \n\t" \
- "sltu $12, %[l], $10 \n\t" \
- "addu %[h], %[h], $12 \n\t" \
- "sltu $12, %[h], $12 \n\t" \
- "addu %[o], %[o], $12 \n\t" \
- "addu %[h], %[h], $11 \n\t" \
- "sltu $12, %[h], $11 \n\t" \
- "addu %[o], %[o], $12 \n\t" \
- "addu %[l], %[l], $10 \n\t" \
- "sltu $12, %[l], $10 \n\t" \
- "addu %[h], %[h], $12 \n\t" \
- "sltu $12, %[h], $12 \n\t" \
- "addu %[o], %[o], $12 \n\t" \
- "addu %[h], %[h], $11 \n\t" \
- "sltu $12, %[h], $11 \n\t" \
- "addu %[o], %[o], $12 \n\t" \
- : [l] "+r" (vl), [h] "+r" (vh), [o] "+r" (vo) \
- : [a] "r" (va), [b] "r" (vb) \
- : "$10", "$11", "$12", "$lo", "$hi" \
- )
- /* Multiply va by vb and add double size result twice into: vo | vh | vl
- * Assumes first add will not overflow vh | vl
- */
- #define SP_ASM_MUL_ADD2_NO(vl, vh, vo, va, vb) \
- __asm__ __volatile__ ( \
- "multu %[a], %[b] \n\t" \
- "mflo $10 \n\t" \
- "mfhi $11 \n\t" \
- "addu %[l], %[l], $10 \n\t" \
- "sltu $12, %[l], $10 \n\t" \
- "addu %[h], %[h], $11 \n\t" \
- "addu %[h], %[h], $12 \n\t" \
- "addu %[l], %[l], $10 \n\t" \
- "sltu $12, %[l], $10 \n\t" \
- "addu %[h], %[h], $12 \n\t" \
- "sltu $12, %[h], $12 \n\t" \
- "addu %[o], %[o], $12 \n\t" \
- "addu %[h], %[h], $11 \n\t" \
- "sltu $12, %[h], $11 \n\t" \
- "addu %[o], %[o], $12 \n\t" \
- : [l] "+r" (vl), [h] "+r" (vh), [o] "+r" (vo) \
- : [a] "r" (va), [b] "r" (vb) \
- : "$10", "$11", "$12", "$lo", "$hi" \
- )
- /* Square va and store double size result in: vh | vl */
- #define SP_ASM_SQR(vl, vh, va) \
- __asm__ __volatile__ ( \
- "multu %[a], %[a] \n\t" \
- "mflo %[l] \n\t" \
- "mfhi %[h] \n\t" \
- : [h] "+r" (vh), [l] "+r" (vl) \
- : [a] "r" (va) \
- : "memory", "$lo", "$hi" \
- )
- /* Square va and add double size result into: vo | vh | vl */
- #define SP_ASM_SQR_ADD(vl, vh, vo, va) \
- __asm__ __volatile__ ( \
- "multu %[a], %[a] \n\t" \
- "mflo $10 \n\t" \
- "mfhi $11 \n\t" \
- "addu %[l], %[l], $10 \n\t" \
- "sltu $12, %[l], $10 \n\t" \
- "addu %[h], %[h], $12 \n\t" \
- "sltu $12, %[h], $12 \n\t" \
- "addu %[o], %[o], $12 \n\t" \
- "addu %[h], %[h], $11 \n\t" \
- "sltu $12, %[h], $11 \n\t" \
- "addu %[o], %[o], $12 \n\t" \
- : [l] "+r" (vl), [h] "+r" (vh), [o] "+r" (vo) \
- : [a] "r" (va) \
- : "$10", "$11", "$12", "$lo", "$hi" \
- )
- /* Square va and add double size result into: vh | vl */
- #define SP_ASM_SQR_ADD_NO(vl, vh, va) \
- __asm__ __volatile__ ( \
- "multu %[a], %[a] \n\t" \
- "mflo $10 \n\t" \
- "mfhi $11 \n\t" \
- "addu %[l], %[l], $10 \n\t" \
- "sltu $12, %[l], $10 \n\t" \
- "addu %[h], %[h], $11 \n\t" \
- "addu %[h], %[h], $12 \n\t" \
- : [l] "+r" (vl), [h] "+r" (vh) \
- : [a] "r" (va) \
- : "$10", "$11", "$12", "$lo", "$hi" \
- )
- /* Add va into: vh | vl */
- #define SP_ASM_ADDC(vl, vh, va) \
- __asm__ __volatile__ ( \
- "addu %[l], %[l], %[a] \n\t" \
- "sltu $12, %[l], %[a] \n\t" \
- "addu %[h], %[h], $12 \n\t" \
- : [l] "+r" (vl), [h] "+r" (vh) \
- : [a] "r" (va) \
- : "$12" \
- )
- /* Sub va from: vh | vl */
- #define SP_ASM_SUBC(vl, vh, va) \
- __asm__ __volatile__ ( \
- "move $12, %[l] \n\t" \
- "subu %[l], $12, %[a] \n\t" \
- "sltu $12, $12, %[l] \n\t" \
- "subu %[h], %[h], $12 \n\t" \
- : [l] "+r" (vl), [h] "+r" (vh) \
- : [a] "r" (va) \
- : "$12" \
- )
- /* Add two times vc | vb | va into vo | vh | vl */
- #define SP_ASM_ADD_DBL_3(vl, vh, vo, va, vb, vc) \
- __asm__ __volatile__ ( \
- "addu %[l], %[l], %[a] \n\t" \
- "sltu $12, %[l], %[a] \n\t" \
- "addu %[h], %[h], $12 \n\t" \
- "sltu $12, %[h], $12 \n\t" \
- "addu %[o], %[o], $12 \n\t" \
- "addu %[h], %[h], %[b] \n\t" \
- "sltu $12, %[h], %[b] \n\t" \
- "addu %[o], %[o], %[c] \n\t" \
- "addu %[o], %[o], $12 \n\t" \
- "addu %[l], %[l], %[a] \n\t" \
- "sltu $12, %[l], %[a] \n\t" \
- "addu %[h], %[h], $12 \n\t" \
- "sltu $12, %[h], $12 \n\t" \
- "addu %[o], %[o], $12 \n\t" \
- "addu %[h], %[h], %[b] \n\t" \
- "sltu $12, %[h], %[b] \n\t" \
- "addu %[o], %[o], %[c] \n\t" \
- "addu %[o], %[o], $12 \n\t" \
- : [l] "+r" (vl), [h] "+r" (vh), [o] "+r" (vo) \
- : [a] "r" (va), [b] "r" (vb), [c] "r" (vc) \
- : "$12" \
- )
- #define SP_INT_ASM_AVAILABLE
- #endif /* WOLFSSL_SP_MIPS && SP_WORD_SIZE == 32 */
- #if defined(WOLFSSL_SP_RISCV64) && SP_WORD_SIZE == 64
- /* Multiply va by vb and store double size result in: vh | vl */
- #define SP_ASM_MUL(vl, vh, va, vb) \
- __asm__ __volatile__ ( \
- "mul %[l], %[a], %[b] \n\t" \
- "mulhu %[h], %[a], %[b] \n\t" \
- : [h] "+r" (vh), [l] "+r" (vl) \
- : [a] "r" (va), [b] "r" (vb) \
- : "memory" \
- )
- /* Multiply va by vb and store double size result in: vo | vh | vl */
- #define SP_ASM_MUL_SET(vl, vh, vo, va, vb) \
- __asm__ __volatile__ ( \
- "mulhu %[h], %[a], %[b] \n\t" \
- "mul %[l], %[a], %[b] \n\t" \
- "add %[o], zero, zero \n\t" \
- : [l] "+r" (vl), [h] "+r" (vh), [o] "=r" (vo) \
- : [a] "r" (va), [b] "r" (vb) \
- : \
- )
- /* Multiply va by vb and add double size result into: vo | vh | vl */
- #define SP_ASM_MUL_ADD(vl, vh, vo, va, vb) \
- __asm__ __volatile__ ( \
- "mul a5, %[a], %[b] \n\t" \
- "mulhu a6, %[a], %[b] \n\t" \
- "add %[l], %[l], a5 \n\t" \
- "sltu a7, %[l], a5 \n\t" \
- "add %[h], %[h], a7 \n\t" \
- "sltu a7, %[h], a7 \n\t" \
- "add %[o], %[o], a7 \n\t" \
- "add %[h], %[h], a6 \n\t" \
- "sltu a7, %[h], a6 \n\t" \
- "add %[o], %[o], a7 \n\t" \
- : [l] "+r" (vl), [h] "+r" (vh), [o] "+r" (vo) \
- : [a] "r" (va), [b] "r" (vb) \
- : "a5", "a6", "a7" \
- )
- /* Multiply va by vb and add double size result into: vh | vl */
- #define SP_ASM_MUL_ADD_NO(vl, vh, va, vb) \
- __asm__ __volatile__ ( \
- "mul a5, %[a], %[b] \n\t" \
- "mulhu a6, %[a], %[b] \n\t" \
- "add %[l], %[l], a5 \n\t" \
- "sltu a7, %[l], a5 \n\t" \
- "add %[h], %[h], a6 \n\t" \
- "add %[h], %[h], a7 \n\t" \
- : [l] "+r" (vl), [h] "+r" (vh) \
- : [a] "r" (va), [b] "r" (vb) \
- : "a5", "a6", "a7" \
- )
- /* Multiply va by vb and add double size result twice into: vo | vh | vl */
- #define SP_ASM_MUL_ADD2(vl, vh, vo, va, vb) \
- __asm__ __volatile__ ( \
- "mul a5, %[a], %[b] \n\t" \
- "mulhu a6, %[a], %[b] \n\t" \
- "add %[l], %[l], a5 \n\t" \
- "sltu a7, %[l], a5 \n\t" \
- "add %[h], %[h], a7 \n\t" \
- "sltu a7, %[h], a7 \n\t" \
- "add %[o], %[o], a7 \n\t" \
- "add %[h], %[h], a6 \n\t" \
- "sltu a7, %[h], a6 \n\t" \
- "add %[o], %[o], a7 \n\t" \
- "add %[l], %[l], a5 \n\t" \
- "sltu a7, %[l], a5 \n\t" \
- "add %[h], %[h], a7 \n\t" \
- "sltu a7, %[h], a7 \n\t" \
- "add %[o], %[o], a7 \n\t" \
- "add %[h], %[h], a6 \n\t" \
- "sltu a7, %[h], a6 \n\t" \
- "add %[o], %[o], a7 \n\t" \
- : [l] "+r" (vl), [h] "+r" (vh), [o] "+r" (vo) \
- : [a] "r" (va), [b] "r" (vb) \
- : "a5", "a6", "a7" \
- )
- /* Multiply va by vb and add double size result twice into: vo | vh | vl
- * Assumes first add will not overflow vh | vl
- */
- #define SP_ASM_MUL_ADD2_NO(vl, vh, vo, va, vb) \
- __asm__ __volatile__ ( \
- "mul a5, %[a], %[b] \n\t" \
- "mulhu a6, %[a], %[b] \n\t" \
- "add %[l], %[l], a5 \n\t" \
- "sltu a7, %[l], a5 \n\t" \
- "add %[h], %[h], a6 \n\t" \
- "add %[h], %[h], a7 \n\t" \
- "add %[l], %[l], a5 \n\t" \
- "sltu a7, %[l], a5 \n\t" \
- "add %[h], %[h], a7 \n\t" \
- "sltu a7, %[h], a7 \n\t" \
- "add %[o], %[o], a7 \n\t" \
- "add %[h], %[h], a6 \n\t" \
- "sltu a7, %[h], a6 \n\t" \
- "add %[o], %[o], a7 \n\t" \
- : [l] "+r" (vl), [h] "+r" (vh), [o] "+r" (vo) \
- : [a] "r" (va), [b] "r" (vb) \
- : "a5", "a6", "a7" \
- )
- /* Square va and store double size result in: vh | vl */
- #define SP_ASM_SQR(vl, vh, va) \
- __asm__ __volatile__ ( \
- "mul %[l], %[a], %[a] \n\t" \
- "mulhu %[h], %[a], %[a] \n\t" \
- : [h] "+r" (vh), [l] "+r" (vl) \
- : [a] "r" (va) \
- : "memory" \
- )
- /* Square va and add double size result into: vo | vh | vl */
- #define SP_ASM_SQR_ADD(vl, vh, vo, va) \
- __asm__ __volatile__ ( \
- "mul a5, %[a], %[a] \n\t" \
- "mulhu a6, %[a], %[a] \n\t" \
- "add %[l], %[l], a5 \n\t" \
- "sltu a7, %[l], a5 \n\t" \
- "add %[h], %[h], a7 \n\t" \
- "sltu a7, %[h], a7 \n\t" \
- "add %[o], %[o], a7 \n\t" \
- "add %[h], %[h], a6 \n\t" \
- "sltu a7, %[h], a6 \n\t" \
- "add %[o], %[o], a7 \n\t" \
- : [l] "+r" (vl), [h] "+r" (vh), [o] "+r" (vo) \
- : [a] "r" (va) \
- : "a5", "a6", "a7" \
- )
- /* Square va and add double size result into: vh | vl */
- #define SP_ASM_SQR_ADD_NO(vl, vh, va) \
- __asm__ __volatile__ ( \
- "mul a5, %[a], %[a] \n\t" \
- "mulhu a6, %[a], %[a] \n\t" \
- "add %[l], %[l], a5 \n\t" \
- "sltu a7, %[l], a5 \n\t" \
- "add %[h], %[h], a6 \n\t" \
- "add %[h], %[h], a7 \n\t" \
- : [l] "+r" (vl), [h] "+r" (vh) \
- : [a] "r" (va) \
- : "a5", "a6", "a7" \
- )
- /* Add va into: vh | vl */
- #define SP_ASM_ADDC(vl, vh, va) \
- __asm__ __volatile__ ( \
- "add %[l], %[l], %[a] \n\t" \
- "sltu a7, %[l], %[a] \n\t" \
- "add %[h], %[h], a7 \n\t" \
- : [l] "+r" (vl), [h] "+r" (vh) \
- : [a] "r" (va) \
- : "a7" \
- )
- /* Sub va from: vh | vl */
- #define SP_ASM_SUBC(vl, vh, va) \
- __asm__ __volatile__ ( \
- "add a7, %[l], zero \n\t" \
- "sub %[l], a7, %[a] \n\t" \
- "sltu a7, a7, %[l] \n\t" \
- "sub %[h], %[h], a7 \n\t" \
- : [l] "+r" (vl), [h] "+r" (vh) \
- : [a] "r" (va) \
- : "a7" \
- )
- /* Add two times vc | vb | va into vo | vh | vl */
- #define SP_ASM_ADD_DBL_3(vl, vh, vo, va, vb, vc) \
- __asm__ __volatile__ ( \
- "add %[l], %[l], %[a] \n\t" \
- "sltu a7, %[l], %[a] \n\t" \
- "add %[h], %[h], a7 \n\t" \
- "sltu a7, %[h], a7 \n\t" \
- "add %[o], %[o], a7 \n\t" \
- "add %[h], %[h], %[b] \n\t" \
- "sltu a7, %[h], %[b] \n\t" \
- "add %[o], %[o], %[c] \n\t" \
- "add %[o], %[o], a7 \n\t" \
- "add %[l], %[l], %[a] \n\t" \
- "sltu a7, %[l], %[a] \n\t" \
- "add %[h], %[h], a7 \n\t" \
- "sltu a7, %[h], a7 \n\t" \
- "add %[o], %[o], a7 \n\t" \
- "add %[h], %[h], %[b] \n\t" \
- "sltu a7, %[h], %[b] \n\t" \
- "add %[o], %[o], %[c] \n\t" \
- "add %[o], %[o], a7 \n\t" \
- : [l] "+r" (vl), [h] "+r" (vh), [o] "+r" (vo) \
- : [a] "r" (va), [b] "r" (vb), [c] "r" (vc) \
- : "a7" \
- )
- #define SP_INT_ASM_AVAILABLE
- #endif /* WOLFSSL_SP_RISCV64 && SP_WORD_SIZE == 64 */
- #if defined(WOLFSSL_SP_RISCV32) && SP_WORD_SIZE == 32
- /* Multiply va by vb and store double size result in: vh | vl */
- #define SP_ASM_MUL(vl, vh, va, vb) \
- __asm__ __volatile__ ( \
- "mul %[l], %[a], %[b] \n\t" \
- "mulhu %[h], %[a], %[b] \n\t" \
- : [h] "+r" (vh), [l] "+r" (vl) \
- : [a] "r" (va), [b] "r" (vb) \
- : "memory" \
- )
- /* Multiply va by vb and store double size result in: vo | vh | vl */
- #define SP_ASM_MUL_SET(vl, vh, vo, va, vb) \
- __asm__ __volatile__ ( \
- "mulhu %[h], %[a], %[b] \n\t" \
- "mul %[l], %[a], %[b] \n\t" \
- "add %[o], zero, zero \n\t" \
- : [l] "+r" (vl), [h] "+r" (vh), [o] "=r" (vo) \
- : [a] "r" (va), [b] "r" (vb) \
- : \
- )
- /* Multiply va by vb and add double size result into: vo | vh | vl */
- #define SP_ASM_MUL_ADD(vl, vh, vo, va, vb) \
- __asm__ __volatile__ ( \
- "mul a5, %[a], %[b] \n\t" \
- "mulhu a6, %[a], %[b] \n\t" \
- "add %[l], %[l], a5 \n\t" \
- "sltu a7, %[l], a5 \n\t" \
- "add %[h], %[h], a7 \n\t" \
- "sltu a7, %[h], a7 \n\t" \
- "add %[o], %[o], a7 \n\t" \
- "add %[h], %[h], a6 \n\t" \
- "sltu a7, %[h], a6 \n\t" \
- "add %[o], %[o], a7 \n\t" \
- : [l] "+r" (vl), [h] "+r" (vh), [o] "+r" (vo) \
- : [a] "r" (va), [b] "r" (vb) \
- : "a5", "a6", "a7" \
- )
- /* Multiply va by vb and add double size result into: vh | vl */
- #define SP_ASM_MUL_ADD_NO(vl, vh, va, vb) \
- __asm__ __volatile__ ( \
- "mul a5, %[a], %[b] \n\t" \
- "mulhu a6, %[a], %[b] \n\t" \
- "add %[l], %[l], a5 \n\t" \
- "sltu a7, %[l], a5 \n\t" \
- "add %[h], %[h], a6 \n\t" \
- "add %[h], %[h], a7 \n\t" \
- : [l] "+r" (vl), [h] "+r" (vh) \
- : [a] "r" (va), [b] "r" (vb) \
- : "a5", "a6", "a7" \
- )
- /* Multiply va by vb and add double size result twice into: vo | vh | vl */
- #define SP_ASM_MUL_ADD2(vl, vh, vo, va, vb) \
- __asm__ __volatile__ ( \
- "mul a5, %[a], %[b] \n\t" \
- "mulhu a6, %[a], %[b] \n\t" \
- "add %[l], %[l], a5 \n\t" \
- "sltu a7, %[l], a5 \n\t" \
- "add %[h], %[h], a7 \n\t" \
- "sltu a7, %[h], a7 \n\t" \
- "add %[o], %[o], a7 \n\t" \
- "add %[h], %[h], a6 \n\t" \
- "sltu a7, %[h], a6 \n\t" \
- "add %[o], %[o], a7 \n\t" \
- "add %[l], %[l], a5 \n\t" \
- "sltu a7, %[l], a5 \n\t" \
- "add %[h], %[h], a7 \n\t" \
- "sltu a7, %[h], a7 \n\t" \
- "add %[o], %[o], a7 \n\t" \
- "add %[h], %[h], a6 \n\t" \
- "sltu a7, %[h], a6 \n\t" \
- "add %[o], %[o], a7 \n\t" \
- : [l] "+r" (vl), [h] "+r" (vh), [o] "+r" (vo) \
- : [a] "r" (va), [b] "r" (vb) \
- : "a5", "a6", "a7" \
- )
- /* Multiply va by vb and add double size result twice into: vo | vh | vl
- * Assumes first add will not overflow vh | vl
- */
- #define SP_ASM_MUL_ADD2_NO(vl, vh, vo, va, vb) \
- __asm__ __volatile__ ( \
- "mul a5, %[a], %[b] \n\t" \
- "mulhu a6, %[a], %[b] \n\t" \
- "add %[l], %[l], a5 \n\t" \
- "sltu a7, %[l], a5 \n\t" \
- "add %[h], %[h], a6 \n\t" \
- "add %[h], %[h], a7 \n\t" \
- "add %[l], %[l], a5 \n\t" \
- "sltu a7, %[l], a5 \n\t" \
- "add %[h], %[h], a7 \n\t" \
- "sltu a7, %[h], a7 \n\t" \
- "add %[o], %[o], a7 \n\t" \
- "add %[h], %[h], a6 \n\t" \
- "sltu a7, %[h], a6 \n\t" \
- "add %[o], %[o], a7 \n\t" \
- : [l] "+r" (vl), [h] "+r" (vh), [o] "+r" (vo) \
- : [a] "r" (va), [b] "r" (vb) \
- : "a5", "a6", "a7" \
- )
- /* Square va and store double size result in: vh | vl */
- #define SP_ASM_SQR(vl, vh, va) \
- __asm__ __volatile__ ( \
- "mul %[l], %[a], %[a] \n\t" \
- "mulhu %[h], %[a], %[a] \n\t" \
- : [h] "+r" (vh), [l] "+r" (vl) \
- : [a] "r" (va) \
- : "memory" \
- )
- /* Square va and add double size result into: vo | vh | vl */
- #define SP_ASM_SQR_ADD(vl, vh, vo, va) \
- __asm__ __volatile__ ( \
- "mul a5, %[a], %[a] \n\t" \
- "mulhu a6, %[a], %[a] \n\t" \
- "add %[l], %[l], a5 \n\t" \
- "sltu a7, %[l], a5 \n\t" \
- "add %[h], %[h], a7 \n\t" \
- "sltu a7, %[h], a7 \n\t" \
- "add %[o], %[o], a7 \n\t" \
- "add %[h], %[h], a6 \n\t" \
- "sltu a7, %[h], a6 \n\t" \
- "add %[o], %[o], a7 \n\t" \
- : [l] "+r" (vl), [h] "+r" (vh), [o] "+r" (vo) \
- : [a] "r" (va) \
- : "a5", "a6", "a7" \
- )
- /* Square va and add double size result into: vh | vl */
- #define SP_ASM_SQR_ADD_NO(vl, vh, va) \
- __asm__ __volatile__ ( \
- "mul a5, %[a], %[a] \n\t" \
- "mulhu a6, %[a], %[a] \n\t" \
- "add %[l], %[l], a5 \n\t" \
- "sltu a7, %[l], a5 \n\t" \
- "add %[h], %[h], a6 \n\t" \
- "add %[h], %[h], a7 \n\t" \
- : [l] "+r" (vl), [h] "+r" (vh) \
- : [a] "r" (va) \
- : "a5", "a6", "a7" \
- )
- /* Add va into: vh | vl */
- #define SP_ASM_ADDC(vl, vh, va) \
- __asm__ __volatile__ ( \
- "add %[l], %[l], %[a] \n\t" \
- "sltu a7, %[l], %[a] \n\t" \
- "add %[h], %[h], a7 \n\t" \
- : [l] "+r" (vl), [h] "+r" (vh) \
- : [a] "r" (va) \
- : "a7" \
- )
- /* Sub va from: vh | vl */
- #define SP_ASM_SUBC(vl, vh, va) \
- __asm__ __volatile__ ( \
- "add a7, %[l], zero \n\t" \
- "sub %[l], a7, %[a] \n\t" \
- "sltu a7, a7, %[l] \n\t" \
- "sub %[h], %[h], a7 \n\t" \
- : [l] "+r" (vl), [h] "+r" (vh) \
- : [a] "r" (va) \
- : "a7" \
- )
- /* Add two times vc | vb | va into vo | vh | vl */
- #define SP_ASM_ADD_DBL_3(vl, vh, vo, va, vb, vc) \
- __asm__ __volatile__ ( \
- "add %[l], %[l], %[a] \n\t" \
- "sltu a7, %[l], %[a] \n\t" \
- "add %[h], %[h], a7 \n\t" \
- "sltu a7, %[h], a7 \n\t" \
- "add %[o], %[o], a7 \n\t" \
- "add %[h], %[h], %[b] \n\t" \
- "sltu a7, %[h], %[b] \n\t" \
- "add %[o], %[o], %[c] \n\t" \
- "add %[o], %[o], a7 \n\t" \
- "add %[l], %[l], %[a] \n\t" \
- "sltu a7, %[l], %[a] \n\t" \
- "add %[h], %[h], a7 \n\t" \
- "sltu a7, %[h], a7 \n\t" \
- "add %[o], %[o], a7 \n\t" \
- "add %[h], %[h], %[b] \n\t" \
- "sltu a7, %[h], %[b] \n\t" \
- "add %[o], %[o], %[c] \n\t" \
- "add %[o], %[o], a7 \n\t" \
- : [l] "+r" (vl), [h] "+r" (vh), [o] "+r" (vo) \
- : [a] "r" (va), [b] "r" (vb), [c] "r" (vc) \
- : "a7" \
- )
- #define SP_INT_ASM_AVAILABLE
- #endif /* WOLFSSL_SP_RISCV32 && SP_WORD_SIZE == 32 */
- #if defined(WOLFSSL_SP_S390X) && SP_WORD_SIZE == 64
- /* Multiply va by vb and store double size result in: vh | vl */
- #define SP_ASM_MUL(vl, vh, va, vb) \
- __asm__ __volatile__ ( \
- "lgr %%r1, %[a] \n\t" \
- "mlgr %%r0, %[b] \n\t" \
- "lgr %[l], %%r1 \n\t" \
- "lgr %[h], %%r0 \n\t" \
- : [h] "+r" (vh), [l] "+r" (vl) \
- : [a] "r" (va), [b] "r" (vb) \
- : "memory", "r0", "r1" \
- )
- /* Multiply va by vb and store double size result in: vo | vh | vl */
- #define SP_ASM_MUL_SET(vl, vh, vo, va, vb) \
- __asm__ __volatile__ ( \
- "lgr %%r1, %[a] \n\t" \
- "mlgr %%r0, %[b] \n\t" \
- "lghi %[o], 0 \n\t" \
- "lgr %[l], %%r1 \n\t" \
- "lgr %[h], %%r0 \n\t" \
- : [l] "+r" (vl), [h] "+r" (vh), [o] "=r" (vo) \
- : [a] "r" (va), [b] "r" (vb) \
- : "r0", "r1" \
- )
- /* Multiply va by vb and add double size result into: vo | vh | vl */
- #define SP_ASM_MUL_ADD(vl, vh, vo, va, vb) \
- __asm__ __volatile__ ( \
- "lghi %%r10, 0 \n\t" \
- "lgr %%r1, %[a] \n\t" \
- "mlgr %%r0, %[b] \n\t" \
- "algr %[l], %%r1 \n\t" \
- "alcgr %[h], %%r0 \n\t" \
- "alcgr %[o], %%r10 \n\t" \
- : [l] "+r" (vl), [h] "+r" (vh), [o] "+r" (vo) \
- : [a] "r" (va), [b] "r" (vb) \
- : "r0", "r1", "r10", "cc" \
- )
- /* Multiply va by vb and add double size result into: vh | vl */
- #define SP_ASM_MUL_ADD_NO(vl, vh, va, vb) \
- __asm__ __volatile__ ( \
- "lgr %%r1, %[a] \n\t" \
- "mlgr %%r0, %[b] \n\t" \
- "algr %[l], %%r1 \n\t" \
- "alcgr %[h], %%r0 \n\t" \
- : [l] "+r" (vl), [h] "+r" (vh) \
- : [a] "r" (va), [b] "r" (vb) \
- : "r0", "r1", "cc" \
- )
- /* Multiply va by vb and add double size result twice into: vo | vh | vl */
- #define SP_ASM_MUL_ADD2(vl, vh, vo, va, vb) \
- __asm__ __volatile__ ( \
- "lghi %%r10, 0 \n\t" \
- "lgr %%r1, %[a] \n\t" \
- "mlgr %%r0, %[b] \n\t" \
- "algr %[l], %%r1 \n\t" \
- "alcgr %[h], %%r0 \n\t" \
- "alcgr %[o], %%r10 \n\t" \
- "algr %[l], %%r1 \n\t" \
- "alcgr %[h], %%r0 \n\t" \
- "alcgr %[o], %%r10 \n\t" \
- : [l] "+r" (vl), [h] "+r" (vh), [o] "+r" (vo) \
- : [a] "r" (va), [b] "r" (vb) \
- : "r0", "r1", "r10", "cc" \
- )
- /* Multiply va by vb and add double size result twice into: vo | vh | vl
- * Assumes first add will not overflow vh | vl
- */
- #define SP_ASM_MUL_ADD2_NO(vl, vh, vo, va, vb) \
- __asm__ __volatile__ ( \
- "lghi %%r10, 0 \n\t" \
- "lgr %%r1, %[a] \n\t" \
- "mlgr %%r0, %[b] \n\t" \
- "algr %[l], %%r1 \n\t" \
- "alcgr %[h], %%r0 \n\t" \
- "algr %[l], %%r1 \n\t" \
- "alcgr %[h], %%r0 \n\t" \
- "alcgr %[o], %%r10 \n\t" \
- : [l] "+r" (vl), [h] "+r" (vh), [o] "+r" (vo) \
- : [a] "r" (va), [b] "r" (vb) \
- : "r0", "r1", "r10", "cc" \
- )
- /* Square va and store double size result in: vh | vl */
- #define SP_ASM_SQR(vl, vh, va) \
- __asm__ __volatile__ ( \
- "lgr %%r1, %[a] \n\t" \
- "mlgr %%r0, %%r1 \n\t" \
- "lgr %[l], %%r1 \n\t" \
- "lgr %[h], %%r0 \n\t" \
- : [h] "+r" (vh), [l] "+r" (vl) \
- : [a] "r" (va) \
- : "memory", "r0", "r1" \
- )
- /* Square va and add double size result into: vo | vh | vl */
- #define SP_ASM_SQR_ADD(vl, vh, vo, va) \
- __asm__ __volatile__ ( \
- "lghi %%r10, 0 \n\t" \
- "lgr %%r1, %[a] \n\t" \
- "mlgr %%r0, %%r1 \n\t" \
- "algr %[l], %%r1 \n\t" \
- "alcgr %[h], %%r0 \n\t" \
- "alcgr %[o], %%r10 \n\t" \
- : [l] "+r" (vl), [h] "+r" (vh), [o] "+r" (vo) \
- : [a] "r" (va) \
- : "r0", "r1", "r10", "cc" \
- )
- /* Square va and add double size result into: vh | vl */
- #define SP_ASM_SQR_ADD_NO(vl, vh, va) \
- __asm__ __volatile__ ( \
- "lgr %%r1, %[a] \n\t" \
- "mlgr %%r0, %%r1 \n\t" \
- "algr %[l], %%r1 \n\t" \
- "alcgr %[h], %%r0 \n\t" \
- : [l] "+r" (vl), [h] "+r" (vh) \
- : [a] "r" (va) \
- : "r0", "r1", "cc" \
- )
- /* Add va into: vh | vl */
- #define SP_ASM_ADDC(vl, vh, va) \
- __asm__ __volatile__ ( \
- "lghi %%r10, 0 \n\t" \
- "algr %[l], %[a] \n\t" \
- "alcgr %[h], %%r10 \n\t" \
- : [l] "+r" (vl), [h] "+r" (vh) \
- : [a] "r" (va) \
- : "r10", "cc" \
- )
- /* Sub va from: vh | vl */
- #define SP_ASM_SUBC(vl, vh, va) \
- __asm__ __volatile__ ( \
- "lghi %%r10, 0 \n\t" \
- "slgr %[l], %[a] \n\t" \
- "slbgr %[h], %%r10 \n\t" \
- : [l] "+r" (vl), [h] "+r" (vh) \
- : [a] "r" (va) \
- : "r10", "cc" \
- )
- /* Add two times vc | vb | va into vo | vh | vl */
- #define SP_ASM_ADD_DBL_3(vl, vh, vo, va, vb, vc) \
- __asm__ __volatile__ ( \
- "algr %[l], %[a] \n\t" \
- "alcgr %[h], %[b] \n\t" \
- "alcgr %[o], %[c] \n\t" \
- "algr %[l], %[a] \n\t" \
- "alcgr %[h], %[b] \n\t" \
- "alcgr %[o], %[c] \n\t" \
- : [l] "+r" (vl), [h] "+r" (vh), [o] "+r" (vo) \
- : [a] "r" (va), [b] "r" (vb), [c] "r" (vc) \
- : "cc" \
- )
- #define SP_INT_ASM_AVAILABLE
- #endif /* WOLFSSL_SP_S390X && SP_WORD_SIZE == 64 */
- #ifdef SP_INT_ASM_AVAILABLE
- #ifndef SP_INT_NO_ASM
- #define SQR_MUL_ASM
- #endif
- #ifndef SP_ASM_ADDC_REG
- #define SP_ASM_ADDC_REG SP_ASM_ADDC
- #endif /* SP_ASM_ADDC_REG */
- #endif /* SQR_MUL_ASM */
- #endif /* !WOLFSSL_NO_ASM */
- #if (!defined(NO_RSA) && !defined(WOLFSSL_RSA_PUBLIC_ONLY)) || \
- !defined(NO_DSA) || !defined(NO_DH) || \
- (defined(HAVE_ECC) && defined(HAVE_COMP_KEY)) || defined(OPENSSL_EXTRA) || \
- (defined(WOLFSSL_SP_MATH_ALL) && !defined(WOLFSSL_RSA_PUBLIC_ONLY))
- #ifndef WC_NO_CACHE_RESISTANT
- /* Mask of address for constant time operations. */
- const size_t sp_off_on_addr[2] =
- {
- (size_t) 0,
- (size_t)-1
- };
- #endif
- #endif
- #if defined(WOLFSSL_HAVE_SP_DH) || defined(WOLFSSL_HAVE_SP_RSA)
- #ifdef __cplusplus
- extern "C" {
- #endif
- /* Modular exponentiation implementations using Single Precision. */
- WOLFSSL_LOCAL int sp_ModExp_1024(sp_int* base, sp_int* exp, sp_int* mod,
- sp_int* res);
- WOLFSSL_LOCAL int sp_ModExp_1536(sp_int* base, sp_int* exp, sp_int* mod,
- sp_int* res);
- WOLFSSL_LOCAL int sp_ModExp_2048(sp_int* base, sp_int* exp, sp_int* mod,
- sp_int* res);
- WOLFSSL_LOCAL int sp_ModExp_3072(sp_int* base, sp_int* exp, sp_int* mod,
- sp_int* res);
- WOLFSSL_LOCAL int sp_ModExp_4096(sp_int* base, sp_int* exp, sp_int* mod,
- sp_int* res);
- #ifdef __cplusplus
- } /* extern "C" */
- #endif
- #endif
- #if defined(WOLFSSL_SP_MATH_ALL) || defined(WOLFSSL_HAVE_SP_DH)
- static int _sp_mont_red(sp_int* a, sp_int* m, sp_int_digit mp);
- #endif
- /* Set the multi-precision number to zero.
- *
- * Assumes a is not NULL.
- *
- * @param [out] a SP integer to set to zero.
- */
- static void _sp_zero(sp_int* a)
- {
- a->used = 0;
- #ifdef WOLFSSL_SP_INT_NEGATIVE
- a->sign = MP_ZPOS;
- #endif
- }
- /* Initialize the multi-precision number to be zero.
- *
- * @param [out] a SP integer.
- *
- * @return MP_OKAY on success.
- * @return MP_VAL when a is NULL.
- */
- int sp_init(sp_int* a)
- {
- int err = MP_OKAY;
- if (a == NULL) {
- err = MP_VAL;
- }
- if (err == MP_OKAY) {
- _sp_zero(a);
- a->size = SP_INT_DIGITS;
- #ifdef HAVE_WOLF_BIGINT
- wc_bigint_init(&a->raw);
- #endif
- }
- return err;
- }
- int sp_init_size(sp_int* a, int size)
- {
- int err = sp_init(a);
- if (err == MP_OKAY) {
- a->size = size;
- }
- return err;
- }
- #if !defined(WOLFSSL_RSA_PUBLIC_ONLY) || !defined(NO_DH) || defined(HAVE_ECC)
- /* Initialize up to six multi-precision numbers to be zero.
- *
- * @param [out] n1 SP integer.
- * @param [out] n2 SP integer.
- * @param [out] n3 SP integer.
- * @param [out] n4 SP integer.
- * @param [out] n5 SP integer.
- * @param [out] n6 SP integer.
- *
- * @return MP_OKAY on success.
- */
- int sp_init_multi(sp_int* n1, sp_int* n2, sp_int* n3, sp_int* n4, sp_int* n5,
- sp_int* n6)
- {
- if (n1 != NULL) {
- _sp_zero(n1);
- n1->dp[0] = 0;
- n1->size = SP_INT_DIGITS;
- }
- if (n2 != NULL) {
- _sp_zero(n2);
- n2->dp[0] = 0;
- n2->size = SP_INT_DIGITS;
- }
- if (n3 != NULL) {
- _sp_zero(n3);
- n3->dp[0] = 0;
- n3->size = SP_INT_DIGITS;
- }
- if (n4 != NULL) {
- _sp_zero(n4);
- n4->dp[0] = 0;
- n4->size = SP_INT_DIGITS;
- }
- if (n5 != NULL) {
- _sp_zero(n5);
- n5->dp[0] = 0;
- n5->size = SP_INT_DIGITS;
- }
- if (n6 != NULL) {
- _sp_zero(n6);
- n6->dp[0] = 0;
- n6->size = SP_INT_DIGITS;
- }
- return MP_OKAY;
- }
- #endif /* !WOLFSSL_RSA_PUBLIC_ONLY || !NO_DH || HAVE_ECC */
- /* Free the memory allocated in the multi-precision number.
- *
- * @param [in] a SP integer.
- */
- void sp_free(sp_int* a)
- {
- if (a != NULL) {
- #ifdef HAVE_WOLF_BIGINT
- wc_bigint_free(&a->raw);
- #endif
- }
- }
- #if !defined(WOLFSSL_RSA_VERIFY_ONLY) || !defined(NO_DH) || defined(HAVE_ECC)
- /* Grow multi-precision number to be able to hold l digits.
- * This function does nothing as the number of digits is fixed.
- *
- * @param [in,out] a SP integer.
- * @param [in] l Number of digits to grow to.
- *
- * @return MP_OKAY on success
- * @return MP_MEM if the number of digits requested is more than available.
- */
- int sp_grow(sp_int* a, int l)
- {
- int err = MP_OKAY;
- if (a == NULL) {
- err = MP_VAL;
- }
- if ((err == MP_OKAY) && (l > a->size)) {
- err = MP_MEM;
- }
- if (err == MP_OKAY) {
- int i;
- for (i = a->used; i < l; i++) {
- a->dp[i] = 0;
- }
- }
- return err;
- }
- #endif /* !WOLFSSL_RSA_VERIFY_ONLY || !NO_DH || HAVE_ECC */
- #if !defined(WOLFSSL_RSA_VERIFY_ONLY)
- /* Set the multi-precision number to zero.
- *
- * @param [out] a SP integer to set to zero.
- */
- void sp_zero(sp_int* a)
- {
- if (a != NULL) {
- _sp_zero(a);
- }
- }
- #endif /* !WOLFSSL_RSA_VERIFY_ONLY */
- /* Clear the data from the multi-precision number and set to zero.
- *
- * @param [out] a SP integer.
- */
- void sp_clear(sp_int* a)
- {
- if (a != NULL) {
- int i;
- for (i = 0; i < a->used; i++) {
- a->dp[i] = 0;
- }
- _sp_zero(a);
- }
- }
- #if !defined(WOLFSSL_RSA_PUBLIC_ONLY) || !defined(NO_DH) || defined(HAVE_ECC)
- /* Ensure the data in the multi-precision number is zeroed.
- *
- * Use when security sensitive data needs to be wiped.
- *
- * @param [in] a SP integer.
- */
- void sp_forcezero(sp_int* a)
- {
- ForceZero(a->dp, a->used * sizeof(sp_int_digit));
- _sp_zero(a);
- #ifdef HAVE_WOLF_BIGINT
- wc_bigint_zero(&a->raw);
- #endif
- }
- #endif /* !WOLFSSL_RSA_VERIFY_ONLY || !NO_DH || HAVE_ECC */
- #if defined(WOLSSL_SP_MATH_ALL) || !defined(NO_DH) || defined(HAVE_ECC) || \
- !defined(NO_RSA) || defined(WOLFSSL_KEY_GEN) || defined(HAVE_COMP_KEY)
- /* Copy value of multi-precision number a into r.
- *
- * @param [in] a SP integer - source.
- * @param [out] r SP integer - destination.
- *
- * @return MP_OKAY on success.
- */
- int sp_copy(sp_int* a, sp_int* r)
- {
- int err = MP_OKAY;
- if ((a == NULL) || (r == NULL)) {
- err = MP_VAL;
- }
- else if (a != r) {
- XMEMCPY(r->dp, a->dp, a->used * sizeof(sp_int_digit));
- if (a->used == 0)
- r->dp[0] = 0;
- r->used = a->used;
- #ifdef WOLFSSL_SP_INT_NEGATIVE
- r->sign = a->sign;
- #endif
- }
- return err;
- }
- #endif
- #if defined(WOLSSL_SP_MATH_ALL) || (defined(HAVE_ECC) && defined(FP_ECC))
- /* Initializes r and copies in value from a.
- *
- * @param [out] r SP integer - destination.
- * @param [in] a SP integer - source.
- *
- * @return MP_OKAY on success.
- * @return MP_VAL when a or r is NULL.
- */
- int sp_init_copy(sp_int* r, sp_int* a)
- {
- int err;
- err = sp_init(r);
- if (err == MP_OKAY) {
- err = sp_copy(a, r);
- }
- return err;
- }
- #endif /* WOLSSL_SP_MATH_ALL || (HAVE_ECC && FP_ECC) */
- #if (defined(WOLFSSL_SP_MATH_ALL) && !defined(WOLFSSL_RSA_VERIFY_ONLY)) || \
- !defined(NO_DH) || !defined(NO_DSA)
- /* Exchange the values in a and b.
- *
- * @param [in,out] a SP integer to swap.
- * @param [in,out] b SP integer to swap.
- *
- * @return MP_OKAY on success.
- * @return MP_VAL when a or b is NULL.
- * @return MP_MEM when dynamic memory allocation fails.
- */
- int sp_exch(sp_int* a, sp_int* b)
- {
- int err = MP_OKAY;
- DECL_SP_INT(t, (a != NULL) ? a->used : 1);
- if ((a == NULL) || (b == NULL)) {
- err = MP_VAL;
- }
- if ((err == MP_OKAY) && ((a->size < b->used) || (b->size < a->used))) {
- err = MP_VAL;
- }
- ALLOC_SP_INT(t, a->used, err, NULL);
- if (err == MP_OKAY) {
- int asize = a->size;
- int bsize = b->size;
- XMEMCPY(t, a, MP_INT_SIZEOF(a->used));
- XMEMCPY(a, b, MP_INT_SIZEOF(b->used));
- XMEMCPY(b, t, MP_INT_SIZEOF(t->used));
- a->size = asize;
- b->size = bsize;
- }
- FREE_SP_INT(t, NULL);
- return err;
- }
- #endif /* (WOLFSSL_SP_MATH_ALL && !WOLFSSL_RSA_VERIFY_ONLY) || !NO_DH ||
- * !NO_DSA */
- #if defined(HAVE_ECC) && defined(ECC_TIMING_RESISTANT) && \
- !defined(WC_NO_CACHE_RESISTANT)
- int sp_cond_swap_ct(sp_int * a, sp_int * b, int c, int m)
- {
- int i;
- int err = MP_OKAY;
- sp_digit mask = (sp_digit)0 - m;
- DECL_SP_INT(t, c);
- ALLOC_SP_INT(t, c, err, NULL);
- if (err == MP_OKAY) {
- t->used = (int)((a->used ^ b->used) & mask);
- #ifdef WOLFSSL_SP_INT_NEGATIVE
- t->sign = (int)((a->sign ^ b->sign) & mask);
- #endif
- for (i = 0; i < c; i++) {
- t->dp[i] = (a->dp[i] ^ b->dp[i]) & mask;
- }
- a->used ^= t->used;
- #ifdef WOLFSSL_SP_INT_NEGATIVE
- a->sign ^= t->sign;
- #endif
- for (i = 0; i < c; i++) {
- a->dp[i] ^= t->dp[i];
- }
- b->used ^= t->used;
- #ifdef WOLFSSL_SP_INT_NEGATIVE
- b->sign ^= b->sign;
- #endif
- for (i = 0; i < c; i++) {
- b->dp[i] ^= t->dp[i];
- }
- }
- FREE_SP_INT(t, NULL);
- return MP_OKAY;
- }
- #endif /* HAVE_ECC && ECC_TIMING_RESISTANT && !WC_NO_CACHE_RESISTANT */
- #ifdef WOLFSSL_SP_INT_NEGATIVE
- /* Calculate the absolute value of the multi-precision number.
- *
- * @param [in] a SP integer to calculate absolute value of.
- * @param [out] r SP integer to hold result.
- *
- * @return MP_OKAY on success.
- * @return MP_VAL when a or r is NULL.
- */
- int sp_abs(sp_int* a, sp_int* r)
- {
- int err;
- err = sp_copy(a, r);
- if (r != NULL) {
- r->sign = MP_ZPOS;
- }
- return err;
- }
- #endif /* WOLFSSL_SP_INT_NEGATIVE */
- #if defined(WOLFSSL_SP_MATH_ALL) || !defined(NO_DH) || defined(HAVE_ECC) || \
- (!defined(NO_RSA) && !defined(WOLFSSL_RSA_VERIFY_ONLY))
- /* Compare absolute value of two multi-precision numbers.
- *
- * @param [in] a SP integer.
- * @param [in] b SP integer.
- *
- * @return MP_GT when a is greater than b.
- * @return MP_LT when a is less than b.
- * @return MP_EQ when a is equals b.
- */
- static int _sp_cmp_abs(sp_int* a, sp_int* b)
- {
- int ret = MP_EQ;
- if (a->used > b->used) {
- ret = MP_GT;
- }
- else if (a->used < b->used) {
- ret = MP_LT;
- }
- else {
- int i;
- for (i = a->used - 1; i >= 0; i--) {
- if (a->dp[i] > b->dp[i]) {
- ret = MP_GT;
- break;
- }
- else if (a->dp[i] < b->dp[i]) {
- ret = MP_LT;
- break;
- }
- }
- }
- return ret;
- }
- #endif
- #if defined(WOLFSSL_SP_MATH_ALL) && !defined(WOLFSSL_RSA_PUBLIC_ONLY)
- /* Compare absolute value of two multi-precision numbers.
- *
- * @param [in] a SP integer.
- * @param [in] b SP integer.
- *
- * @return MP_GT when a is greater than b.
- * @return MP_LT when a is less than b.
- * @return MP_EQ when a is equals b.
- */
- int sp_cmp_mag(sp_int* a, sp_int* b)
- {
- int ret;
- if (a == b) {
- ret = MP_EQ;
- }
- else if (a == NULL) {
- ret = MP_LT;
- }
- else if (b == NULL) {
- ret = MP_GT;
- }
- else
- {
- ret = _sp_cmp_abs(a, b);
- }
- return ret;
- }
- #endif
- #if defined(WOLFSSL_SP_MATH_ALL) || defined(HAVE_ECC) || !defined(NO_DSA) || \
- defined(OPENSSL_EXTRA) || \
- (!defined(NO_RSA) && !defined(WOLFSSL_RSA_VERIFY_ONLY))
- /* Compare two multi-precision numbers.
- *
- * Assumes a and b are not NULL.
- *
- * @param [in] a SP integer.
- * @param [in] a SP integer.
- *
- * @return MP_GT when a is greater than b.
- * @return MP_LT when a is less than b.
- * @return MP_EQ when a is equals b.
- */
- static int _sp_cmp(sp_int* a, sp_int* b)
- {
- int ret;
- #ifdef WOLFSSL_SP_INT_NEGATIVE
- if (a->sign == b->sign) {
- #endif
- ret = _sp_cmp_abs(a, b);
- #ifdef WOLFSSL_SP_INT_NEGATIVE
- }
- else if (a->sign > b->sign) {
- ret = MP_LT;
- }
- else /* (a->sign < b->sign) */ {
- ret = MP_GT;
- }
- #endif
- return ret;
- }
- #endif
- #ifndef WOLFSSL_RSA_VERIFY_ONLY
- /* Compare two multi-precision numbers.
- *
- * Pointers are compared such that NULL is less than not NULL.
- *
- * @param [in] a SP integer.
- * @param [in] a SP integer.
- *
- * @return MP_GT when a is greater than b.
- * @return MP_LT when a is less than b.
- * @return MP_EQ when a is equals b.
- */
- int sp_cmp(sp_int* a, sp_int* b)
- {
- int ret;
- if (a == b) {
- ret = MP_EQ;
- }
- else if (a == NULL) {
- ret = MP_LT;
- }
- else if (b == NULL) {
- ret = MP_GT;
- }
- else
- {
- ret = _sp_cmp(a, b);
- }
- return ret;
- }
- #endif
- /*************************
- * Bit check/set functions
- *************************/
- #if !defined(WOLFSSL_RSA_VERIFY_ONLY)
- /* Check if a bit is set
- *
- * When a is NULL, result is 0.
- *
- * @param [in] a SP integer.
- * @param [in] b Bit position to check.
- *
- * @return 0 when bit is not set.
- * @return 1 when bit is set.
- */
- int sp_is_bit_set(sp_int* a, unsigned int b)
- {
- int ret = 0;
- int i = (int)(b >> SP_WORD_SHIFT);
- int s = (int)(b & SP_WORD_MASK);
- if ((a != NULL) && (i < a->used)) {
- ret = (int)((a->dp[i] >> s) & (sp_int_digit)1);
- }
- return ret;
- }
- #endif /* WOLFSSL_RSA_VERIFY_ONLY */
- /* Count the number of bits in the multi-precision number.
- *
- * When a is not NULL, result is 0.
- *
- * @param [in] a SP integer.
- *
- * @return The number of bits in the number.
- */
- int sp_count_bits(sp_int* a)
- {
- int r = 0;
- if (a != NULL) {
- r = a->used - 1;
- while ((r >= 0) && (a->dp[r] == 0)) {
- r--;
- }
- if (r < 0) {
- r = 0;
- }
- else {
- sp_int_digit d;
- d = a->dp[r];
- r *= SP_WORD_SIZE;
- if (d > SP_HALF_MAX) {
- r += SP_WORD_SIZE;
- while ((d & (1UL << (SP_WORD_SIZE - 1))) == 0) {
- r--;
- d <<= 1;
- }
- }
- else {
- while (d != 0) {
- r++;
- d >>= 1;
- }
- }
- }
- }
- return r;
- }
- #if (defined(WOLFSSL_SP_MATH_ALL) && !defined(WOLFSSL_RSA_VERIFY_ONLY) && \
- !defined(WOLFSSL_RSA_PUBLIC_ONLY)) || defined(WOLFSSL_HAVE_SP_DH) || \
- (defined(HAVE_ECC) && defined(FP_ECC))
- /* Number of entries in array of number of least significant zero bits. */
- #define SP_LNZ_CNT 16
- /* Number of bits the array checks. */
- #define SP_LNZ_BITS 4
- /* Mask to apply to check with array. */
- #define SP_LNZ_MASK 0xf
- /* Number of least significant zero bits in first SP_LNZ_CNT numbers. */
- static const int sp_lnz[SP_LNZ_CNT] = {
- 4, 0, 1, 0, 2, 0, 1, 0, 3, 0, 1, 0, 2, 0, 1, 0
- };
- /* Count the number of least significant zero bits.
- *
- * When a is not NULL, result is 0.
- *
- * @param [in] a SP integer to use.
- *
- * @return Number of leas significant zero bits.
- */
- #if !defined(HAVE_ECC) || !defined(HAVE_COMP_KEY)
- static
- #endif /* !HAVE_ECC || HAVE_COMP_KEY */
- int sp_cnt_lsb(sp_int* a)
- {
- int bc = 0;
- if ((a != NULL) && (!sp_iszero(a))) {
- int i;
- int j;
- int cnt = 0;
- for (i = 0; i < a->used && a->dp[i] == 0; i++, cnt += SP_WORD_SIZE) {
- }
- for (j = 0; j < SP_WORD_SIZE; j += SP_LNZ_BITS) {
- bc = sp_lnz[(a->dp[i] >> j) & SP_LNZ_MASK];
- if (bc != 4) {
- bc += cnt + j;
- break;
- }
- }
- }
- return bc;
- }
- #endif /* WOLFSSL_SP_MATH_ALL || WOLFSSL_HAVE_SP_DH || (HAVE_ECC && FP_ECC) */
- #if !defined(WOLFSSL_RSA_VERIFY_ONLY)
- /* Determine if the most significant byte of the encoded multi-precision number
- * has the top bit set.
- *
- * When A is NULL, result is 0.
- *
- * @param [in] a SP integer.
- *
- * @return 1 when the top bit of top byte is set.
- * @return 0 when the top bit of top byte is not set.
- */
- int sp_leading_bit(sp_int* a)
- {
- int bit = 0;
- if ((a != NULL) && (a->used > 0)) {
- sp_int_digit d = a->dp[a->used - 1];
- #if SP_WORD_SIZE > 8
- while (d > (sp_int_digit)0xff) {
- d >>= 8;
- }
- #endif
- bit = (int)(d >> 7);
- }
- return bit;
- }
- #endif /* !WOLFSSL_RSA_VERIFY_ONLY */
- #if defined(WOLFSSL_SP_MATH_ALL) || defined(WOLFSSL_HAVE_SP_DH) || \
- defined(HAVE_ECC) || defined(WOLFSSL_KEY_GEN) || defined(OPENSSL_EXTRA) || \
- !defined(NO_RSA)
- /* Set a bit of a: a |= 1 << i
- * The field 'used' is updated in a.
- *
- * @param [in,out] a SP integer to set bit into.
- * @param [in] i Index of bit to set.
- *
- * @return MP_OKAY on success.
- * @return MP_VAL when a is NULL or index is too large.
- */
- int sp_set_bit(sp_int* a, int i)
- {
- int err = MP_OKAY;
- int w = (int)(i >> SP_WORD_SHIFT);
- if ((a == NULL) || (w >= a->size)) {
- err = MP_VAL;
- }
- else {
- int s = (int)(i & (SP_WORD_SIZE - 1));
- int j;
- for (j = a->used; j <= w; j++) {
- a->dp[j] = 0;
- }
- a->dp[w] |= (sp_int_digit)1 << s;
- if (a->used <= w) {
- a->used = w + 1;
- }
- }
- return err;
- }
- #endif /* WOLFSSL_SP_MATH_ALL || WOLFSSL_HAVE_SP_DH || HAVE_ECC ||
- * WOLFSSL_KEY_GEN || OPENSSL_EXTRA || !NO_RSA */
- #if (defined(WOLFSSL_SP_MATH_ALL) && !defined(WOLFSSL_RSA_VERIFY_ONLY)) || \
- defined(WOLFSSL_KEY_GEN)
- /* Exponentiate 2 to the power of e: a = 2^e
- * This is done by setting the 'e'th bit.
- *
- * @param [out] a SP integer to hold result.
- * @param [in] e Exponent.
- *
- * @return MP_OKAY on success.
- * @return MP_VAL when a is NULL or 2^exponent is too large.
- */
- int sp_2expt(sp_int* a, int e)
- {
- int err = MP_OKAY;
- if (a == NULL) {
- err = MP_VAL;
- }
- if (err == MP_OKAY) {
- _sp_zero(a);
- err = sp_set_bit(a, e);
- }
- return err;
- }
- #endif /* (WOLFSSL_SP_MATH_ALL && !WOLFSSL_RSA_VERIFY_ONLY) ||
- * WOLFSSL_KEY_GEN */
- /**********************
- * Digit/Long functions
- **********************/
- /* Set the multi-precision number to be the value of the digit.
- *
- * @param [out] a SP integer to become number.
- * @param [in] d Digit to be set.
- *
- * @return MP_OKAY on success.
- * @return MP_VAL when a is NULL.
- */
- int sp_set(sp_int* a, sp_int_digit d)
- {
- int err = MP_OKAY;
- if (a == NULL) {
- err = MP_VAL;
- }
- if (err == MP_OKAY) {
- a->dp[0] = d;
- a->used = d > 0;
- #ifdef WOLFSSL_SP_INT_NEGATIVE
- a->sign = MP_ZPOS;
- #endif
- }
- return err;
- }
- #if defined(WOLFSSL_SP_MATH_ALL) || !defined(NO_RSA)
- /* Set a number into the multi-precision number.
- *
- * Number may be larger than the size of a digit.
- *
- * @param [out] a SP integer to set.
- * @param [in] n Long value to set.
- *
- * @return MP_OKAY on success.
- * @return MP_VAL when a is NULL.
- */
- int sp_set_int(sp_int* a, unsigned long n)
- {
- int err = MP_OKAY;
- if (a == NULL) {
- err = MP_VAL;
- }
- if (err == MP_OKAY) {
- #if SP_WORD_SIZE < SP_ULONG_BITS
- if (n <= (sp_int_digit)SP_DIGIT_MAX) {
- #endif
- a->dp[0] = (sp_int_digit)n;
- a->used = (n != 0);
- #if SP_WORD_SIZE < SP_ULONG_BITS
- }
- else {
- int i;
- for (i = 0; n > 0; i++,n >>= SP_WORD_SIZE) {
- a->dp[i] = (sp_int_digit)n;
- }
- a->used = i;
- }
- #endif
- #ifdef WOLFSSL_SP_INT_NEGATIVE
- a->sign = MP_ZPOS;
- #endif
- }
- return err;
- }
- #endif /* WOLFSSL_SP_MATH_ALL || !NO_RSA */
- #ifndef WOLFSSL_RSA_VERIFY_ONLY
- /* Compare a one digit number with a multi-precision number.
- *
- * When a is NULL, MP_LT is returned.
- *
- * @param [in] a SP integer to compare.
- * @param [in] d Digit to compare with.
- *
- * @return MP_GT when a is greater than d.
- * @return MP_LT when a is less than d.
- * @return MP_EQ when a is equals d.
- */
- int sp_cmp_d(sp_int* a, sp_int_digit d)
- {
- int ret = MP_EQ;
- if (a == NULL) {
- ret = MP_LT;
- }
- else
- #ifdef WOLFSSL_SP_INT_NEGATIVE
- if (a->sign == MP_NEG) {
- ret = MP_LT;
- }
- else
- #endif
- {
- /* special case for zero*/
- if (a->used == 0) {
- if (d == 0) {
- ret = MP_EQ;
- }
- else {
- ret = MP_LT;
- }
- }
- else if (a->used > 1) {
- ret = MP_GT;
- }
- else {
- if (a->dp[0] > d) {
- ret = MP_GT;
- }
- else if (a->dp[0] < d) {
- ret = MP_LT;
- }
- }
- }
- return ret;
- }
- #endif
- #if defined(WOLFSSL_SP_INT_NEGATIVE) || !defined(NO_PWDBASED) || \
- defined(WOLFSSL_KEY_GEN) || !defined(NO_DH) || defined(HAVE_ECC) || \
- (!defined(NO_RSA) && !defined(WOLFSSL_RSA_VERIFY_ONLY))
- /* Add a one digit number to the multi-precision number.
- *
- * @param [in] a SP integer be added to.
- * @param [in] d Digit to add.
- * @param [out] r SP integer to store result in.
- *
- * @return MP_OKAY on success.
- * @return MP_VAL when result is too large for fixed size dp array.
- */
- static int _sp_add_d(sp_int* a, sp_int_digit d, sp_int* r)
- {
- int err = MP_OKAY;
- int i = 0;
- sp_int_digit t;
- r->used = a->used;
- if (a->used == 0) {
- r->used = d > 0;
- }
- t = a->dp[0] + d;
- if (t < a->dp[0]) {
- for (++i; i < a->used; i++) {
- r->dp[i] = a->dp[i] + 1;
- if (r->dp[i] != 0) {
- break;
- }
- }
- if (i == a->used) {
- r->used++;
- if (i < r->size)
- r->dp[i] = 1;
- else
- err = MP_VAL;
- }
- }
- if (err == MP_OKAY) {
- r->dp[0] = t;
- if (r != a) {
- for (++i; i < a->used; i++) {
- r->dp[i] = a->dp[i];
- }
- }
- }
- return err;
- }
- #endif /* WOLFSSL_SP_INT_NEGATIVE || !NO_PWDBASED || WOLFSSL_KEY_GEN ||
- * !NO_DH || !NO_RSA && !WOLFSSL_RSA_VERIFY_ONLY) */
- #if defined(WOLFSSL_SP_MATH_ALL) && !defined(WOLFSSL_RSA_VERIFY_ONLY) || \
- defined(WOLFSSL_SP_INT_NEGATIVE) || \
- !defined(NO_DH) || !defined(NO_DSA) || defined(HAVE_ECC) || \
- (!defined(NO_RSA) && !defined(WOLFSSL_RSA_VERIFY_ONLY))
- /* Sub a one digit number from the multi-precision number.
- *
- * returns MP_OKAY always.
- * @param [in] a SP integer be subtracted from.
- * @param [in] d Digit to subtract.
- * @param [out] r SP integer to store result in.
- */
- static void _sp_sub_d(sp_int* a, sp_int_digit d, sp_int* r)
- {
- int i = 0;
- sp_int_digit t;
- r->used = a->used;
- if (a->used == 0) {
- r->dp[0] = 0;
- }
- else {
- t = a->dp[0] - d;
- if (t > a->dp[0]) {
- for (++i; i < a->used; i++) {
- r->dp[i] = a->dp[i] - 1;
- if (r->dp[i] != SP_DIGIT_MAX) {
- break;
- }
- }
- }
- r->dp[0] = t;
- if (r != a) {
- for (++i; i < a->used; i++) {
- r->dp[i] = a->dp[i];
- }
- }
- sp_clamp(r);
- }
- }
- #endif /* WOLFSSL_SP_MATH_ALL || WOLFSSL_SP_INT_NEGATIVE || !NO_DH || !NO_DSA ||
- * HAVE_ECC || (!NO_RSA && !WOLFSSL_RSA_VERIFY_ONLY) */
- #if !defined(NO_PWDBASED) || defined(WOLFSSL_KEY_GEN) || !defined(NO_DH) || \
- !defined(NO_DSA) || (!defined(NO_RSA) && !defined(WOLFSSL_RSA_VERIFY_ONLY))
- /* Add a one digit number to the multi-precision number.
- *
- * @param [in] a SP integer be added to.
- * @param [in] d Digit to add.
- * @param [out] r SP integer to store result in.
- *
- * @return MP_OKAY on success.
- * @return MP_VAL when result is too large for fixed size dp array.
- */
- int sp_add_d(sp_int* a, sp_int_digit d, sp_int* r)
- {
- int err = MP_OKAY;
- if ((a == NULL) || (r == NULL)) {
- err = MP_VAL;
- }
- else
- {
- #ifndef WOLFSSL_SP_INT_NEGATIVE
- err = _sp_add_d(a, d, r);
- #else
- if (a->sign == MP_ZPOS) {
- r->sign = MP_ZPOS;
- err = _sp_add_d(a, d, r);
- }
- else if ((a->used > 1) || (a->dp[0] > d)) {
- r->sign = MP_NEG;
- _sp_sub_d(a, d, r);
- }
- else {
- r->sign = MP_ZPOS;
- r->dp[0] = d - a->dp[0];
- }
- #endif
- }
- return err;
- }
- #endif /* !NO_PWDBASED || WOLFSSL_KEY_GEN || !NO_DH || !NO_DSA || !NO_RSA */
- #if (!defined(NO_RSA) && !defined(WOLFSSL_RSA_VERIFY_ONLY)) || \
- !defined(NO_DH) || defined(HAVE_ECC) || !defined(NO_DSA)
- /* Sub a one digit number from the multi-precision number.
- *
- * @param [in] a SP integer be subtracted from.
- * @param [in] d Digit to subtract.
- * @param [out] r SP integer to store result in.
- *
- * @return MP_OKAY on success.
- * @return MP_VAL when a or r is NULL.
- */
- int sp_sub_d(sp_int* a, sp_int_digit d, sp_int* r)
- {
- int err = MP_OKAY;
- if ((a == NULL) || (r == NULL)) {
- err = MP_VAL;
- }
- else {
- #ifndef WOLFSSL_SP_INT_NEGATIVE
- _sp_sub_d(a, d, r);
- #else
- if (a->sign == MP_NEG) {
- r->sign = MP_NEG;
- err = _sp_add_d(a, d, r);
- }
- else if ((a->used > 1) || (a->dp[0] >= d)) {
- r->sign = MP_ZPOS;
- _sp_sub_d(a, d, r);
- }
- else {
- r->sign = MP_NEG;
- r->dp[0] = d - a->dp[0];
- r->used = r->dp[0] > 0;
- }
- #endif
- }
- return err;
- }
- #endif /* (!NO_RSA && !WOLFSSL_RSA_VERIFY_ONLY) || !NO_DH || HAVE_ECC ||
- * !NO_DSA */
- #if (defined(WOLFSSL_SP_MATH_ALL) && !defined(WOLFSSL_RSA_VERIFY_ONLY)) || \
- defined(WOLFSSL_SP_SMALL) && (defined(WOLFSSL_SP_MATH_ALL) || \
- !defined(NO_DH) || defined(HAVE_ECC) || \
- (!defined(NO_RSA) && !defined(WOLFSSL_RSA_VERIFY_ONLY) && \
- !defined(WOLFSSL_RSA_PUBLIC_ONLY))) || \
- (defined(WOLFSSL_KEY_GEN) && !defined(NO_RSA))
- /* Multiply a by digit n and put result into r shifting up o digits.
- * r = (a * n) << (o * SP_WORD_SIZE)
- *
- * @param [in] a SP integer to be multiplied.
- * @param [in] n Number (SP digit) to multiply by.
- * @param [out] r SP integer result.
- * @param [in] o Number of digits to move result up by.
- */
- static void _sp_mul_d(sp_int* a, sp_int_digit n, sp_int* r, int o)
- {
- int i;
- sp_int_word t = 0;
- #ifdef WOLFSSL_SP_SMALL
- for (i = 0; i < o; i++) {
- r->dp[i] = 0;
- }
- #else
- /* Don't use the offset. Only when doing small code size div. */
- (void)o;
- #endif
- for (i = 0; i < a->used; i++, o++) {
- t += (sp_int_word)a->dp[i] * n;
- r->dp[o] = (sp_int_digit)t;
- t >>= SP_WORD_SIZE;
- }
- r->dp[o++] = (sp_int_digit)t;
- r->used = o;
- sp_clamp(r);
- }
- #endif /* (WOLFSSL_SP_MATH_ALL && !WOLFSSL_RSA_VERIFY_ONLY) ||
- * WOLFSSL_SP_SMALL || (WOLFSSL_KEY_GEN && !NO_RSA) */
- #if (defined(WOLFSSL_SP_MATH_ALL) && !defined(WOLFSSL_RSA_VERIFY_ONLY)) || \
- (defined(WOLFSSL_KEY_GEN) && !defined(NO_RSA))
- /* Multiply a by digit n and put result into r. r = a * n
- *
- * @param [in] a SP integer to multiply.
- * @param [in] n Digit to multiply by.
- * @param [out] r SP integer to hold result.
- *
- * @return MP_OKAY on success.
- * @return MP_VAL when a or b is NULL, or a has maximum number of digits used.
- */
- int sp_mul_d(sp_int* a, sp_int_digit d, sp_int* r)
- {
- int err = MP_OKAY;
- if ((a == NULL) || (r == NULL)) {
- err = MP_VAL;
- }
- if ((err == MP_OKAY) && (a->used + 1 > r->size)) {
- err = MP_VAL;
- }
- if (err == MP_OKAY) {
- _sp_mul_d(a, d, r, 0);
- #ifdef WOLFSSL_SP_INT_NEGATIVE
- if (d == 0) {
- r->sign = MP_ZPOS;
- }
- else {
- r->sign = a->sign;
- }
- #endif
- }
- return err;
- }
- #endif /* (WOLFSSL_SP_MATH_ALL && !WOLFSSL_RSA_VERIFY_ONLY) ||
- * (WOLFSSL_KEY_GEN && !NO_RSA) */
- #if defined(WOLFSSL_SP_MATH_ALL) || !defined(NO_DH) || defined(HAVE_ECC) || \
- (!defined(NO_RSA) && !defined(WOLFSSL_RSA_VERIFY_ONLY) && !defined(WOLFSSL_RSA_PUBLIC_ONLY))
- #ifndef SP_ASM_DIV_WORD
- /* Divide a two digit number by a digit number and return. (hi | lo) / d
- *
- * @param [in] hi SP integer digit. High digit of the dividend.
- * @param [in] lo SP integer digit. Lower digit of the dividend.
- * @param [in] d SP integer digit. Number to divide by.
- * @reutrn The division result.
- */
- static WC_INLINE sp_int_digit sp_div_word(sp_int_digit hi, sp_int_digit lo,
- sp_int_digit d)
- {
- #ifdef WOLFSSL_SP_DIV_WORD_HALF
- sp_int_digit r;
- if (hi != 0) {
- sp_int_digit divsz = d >> SP_HALF_SIZE;
- sp_int_digit r2;
- sp_int_word w = ((sp_int_word)hi << SP_WORD_SIZE) | lo;
- sp_int_word trial;
- r = hi / divsz;
- if (r > SP_HALF_MAX) {
- r = SP_HALF_MAX;
- }
- r <<= SP_HALF_SIZE;
- trial = r * (sp_int_word)d;
- while (trial > w) {
- r -= (sp_int_digit)1 << SP_HALF_SIZE;
- trial -= (sp_int_word)d << SP_HALF_SIZE;
- }
- w -= trial;
- r2 = ((sp_int_digit)(w >> SP_HALF_SIZE)) / divsz;
- trial = r2 * (sp_int_word)d;
- while (trial > w) {
- r2--;
- trial -= d;
- }
- w -= trial;
- r += r2;
- r2 = ((sp_int_digit)w) / d;
- r += r2;
- }
- else {
- r = lo / d;
- }
- return r;
- #else
- sp_int_word w;
- sp_int_digit r;
- w = ((sp_int_word)hi << SP_WORD_SIZE) | lo;
- w /= d;
- r = (sp_int_digit)w;
- return r;
- #endif /* WOLFSSL_SP_DIV_WORD_HALF */
- }
- #endif /* !SP_ASM_DIV_WORD */
- #endif /* WOLFSSL_SP_MATH_ALL || !NO_DH || HAVE_ECC ||
- * (!NO_RSA && !WOLFSSL_RSA_VERIFY_ONLY) */
- #if !defined(WOLFSSL_SP_SMALL) && ((defined(WOLFSSL_SP_MATH_ALL) && \
- !defined(WOLFSSL_RSA_VERIFY_ONLY)) || \
- defined(WOLFSSL_HAVE_SP_DH) || (defined(HAVE_ECC) && (defined(FP_ECC) || \
- defined(HAVE_COMP_KEY))))
- /* Divide by 3: r = a / 3 and rem = a % 3
- *
- * @param [in] a SP integer to be divided.
- * @param [out] r SP integer that is the quotient. May be NULL.
- * @param [out] rem SP integer that is the remainder. May be NULL.
- */
- static void _sp_div_3(sp_int* a, sp_int* r, sp_int_digit* rem)
- {
- int i;
- sp_int_word t;
- sp_int_digit tr = 0;
- sp_int_digit tt;
- static const char sp_r6[6] = { 0, 0, 0, 1, 1, 1 };
- static const char sp_rem6[6] = { 0, 1, 2, 0, 1, 2 };
- if (r == NULL) {
- for (i = a->used - 1; i >= 0; i--) {
- t = ((sp_int_word)tr << SP_WORD_SIZE) | a->dp[i];
- #if SP_WORD_SIZE == 64
- tt = (t * 0x5555555555555555L) >> 64;
- #elif SP_WORD_SIZE == 32
- tt = (t * 0x55555555) >> 32;
- #elif SP_WORD_SIZE == 16
- tt = (t * 0x5555) >> 16;
- #elif SP_WORD_SIZE == 8
- tt = (t * 0x55) >> 8;
- #endif
- tr = (sp_int_digit)(t - (sp_int_word)tt * 3);
- tr = sp_rem6[tr];
- }
- *rem = tr;
- }
- else {
- for (i = a->used - 1; i >= 0; i--) {
- t = ((sp_int_word)tr << SP_WORD_SIZE) | a->dp[i];
- #if SP_WORD_SIZE == 64
- tt = (t * 0x5555555555555555L) >> 64;
- #elif SP_WORD_SIZE == 32
- tt = (t * 0x55555555) >> 32;
- #elif SP_WORD_SIZE == 16
- tt = (t * 0x5555) >> 16;
- #elif SP_WORD_SIZE == 8
- tt = (t * 0x55) >> 8;
- #endif
- tr = (sp_int_digit)(t - (sp_int_word)tt * 3);
- tt += sp_r6[tr];
- tr = sp_rem6[tr];
- r->dp[i] = tt;
- }
- r->used = a->used;
- sp_clamp(r);
- if (rem != NULL) {
- *rem = tr;
- }
- }
- }
- /* Divide by 10: r = a / 10 and rem = a % 10
- *
- * @param [in] a SP integer to be divided.
- * @param [out] r SP integer that is the quotient. May be NULL.
- * @param [out] rem SP integer that is the remainder. May be NULL.
- */
- static void _sp_div_10(sp_int* a, sp_int* r, sp_int_digit* rem)
- {
- int i;
- sp_int_word t;
- sp_int_digit tr = 0;
- sp_int_digit tt;
- if (r == NULL) {
- for (i = a->used - 1; i >= 0; i--) {
- t = ((sp_int_word)tr << SP_WORD_SIZE) | a->dp[i];
- #if SP_WORD_SIZE == 64
- tt = (t * 0x1999999999999999L) >> 64;
- #elif SP_WORD_SIZE == 32
- tt = (t * 0x19999999) >> 32;
- #elif SP_WORD_SIZE == 16
- tt = (t * 0x1999) >> 16;
- #elif SP_WORD_SIZE == 8
- tt = (t * 0x19) >> 8;
- #endif
- tr = (sp_int_digit)(t - (sp_int_word)tt * 10);
- tr = tr % 10;
- }
- *rem = tr;
- }
- else {
- for (i = a->used - 1; i >= 0; i--) {
- t = ((sp_int_word)tr << SP_WORD_SIZE) | a->dp[i];
- #if SP_WORD_SIZE == 64
- tt = (t * 0x1999999999999999L) >> 64;
- #elif SP_WORD_SIZE == 32
- tt = (t * 0x19999999) >> 32;
- #elif SP_WORD_SIZE == 16
- tt = (t * 0x1999) >> 16;
- #elif SP_WORD_SIZE == 8
- tt = (t * 0x19) >> 8;
- #endif
- tr = (sp_int_digit)(t - (sp_int_word)tt * 10);
- tt += tr / 10;
- tr = tr % 10;
- r->dp[i] = tt;
- }
- r->used = a->used;
- sp_clamp(r);
- if (rem != NULL) {
- *rem = tr;
- }
- }
- }
- #endif /* !WOLFSSL_SP_SMALL && ((WOLFSSL_SP_MATH_ALL &&
- * !WOLFSSL_RSA_VERIFY_ONLY) || WOLFSSL_HAVE_SP_DH ||
- * (HAVE_ECC && FP_ECC)) */
- #if (defined(WOLFSSL_SP_MATH_ALL) && !defined(WOLFSSL_RSA_VERIFY_ONLY)) || \
- defined(WOLFSSL_HAVE_SP_DH) || \
- (defined(HAVE_ECC) && (defined(FP_ECC) || defined(HAVE_COMP_KEY)))
- /* Divide by small number: r = a / d and rem = a % d
- *
- * @param [in] a SP integer to be divided.
- * @param [in] d Digit to divide by.
- * @param [out] r SP integer that is the quotient. May be NULL.
- * @param [out] rem SP integer that is the remainder. May be NULL.
- */
- static void _sp_div_small(sp_int* a, sp_int_digit d, sp_int* r,
- sp_int_digit* rem)
- {
- int i;
- sp_int_word t;
- sp_int_digit tr = 0;
- sp_int_digit tt;
- sp_int_digit m;
- if (r == NULL) {
- m = SP_DIGIT_MAX / d;
- for (i = a->used - 1; i >= 0; i--) {
- t = ((sp_int_word)tr << SP_WORD_SIZE) | a->dp[i];
- tt = (t * m) >> SP_WORD_SIZE;
- tr = (sp_int_digit)(t - tt * d);
- tr = tr % d;
- }
- *rem = tr;
- }
- else {
- m = SP_DIGIT_MAX / d;
- for (i = a->used - 1; i >= 0; i--) {
- t = ((sp_int_word)tr << SP_WORD_SIZE) | a->dp[i];
- tt = (t * m) >> SP_WORD_SIZE;
- tr = (sp_int_digit)(t - tt * d);
- tt += tr / d;
- tr = tr % d;
- r->dp[i] = tt;
- }
- r->used = a->used;
- sp_clamp(r);
- if (rem != NULL) {
- *rem = tr;
- }
- }
- }
- #endif
- #if (defined(WOLFSSL_SP_MATH_ALL) && !defined(WOLFSSL_RSA_VERIFY_ONLY)) || \
- defined(WOLFSSL_KEY_GEN) || defined(HAVE_COMP_KEY)
- /* Divide a multi-precision number by a digit size number and calcualte
- * remainder.
- * r = a / d; rem = a % d
- *
- * @param [in] a SP integer to be divided.
- * @param [in] d Digit to divide by.
- * @param [out] r SP integer that is the quotient. May be NULL.
- * @param [out] rem Digit that is the remainder. May be NULL.
- *
- * @return MP_OKAY on success.
- * @return MP_VAL when a is NULL or d is 0.
- */
- int sp_div_d(sp_int* a, sp_int_digit d, sp_int* r, sp_int_digit* rem)
- {
- int err = MP_OKAY;
- if ((a == NULL) || (d == 0)) {
- err = MP_VAL;
- }
- if (err == MP_OKAY) {
- #if !defined(WOLFSSL_SP_SMALL)
- if (d == 3) {
- _sp_div_3(a, r, rem);
- }
- else if (d == 10) {
- _sp_div_10(a, r, rem);
- }
- else
- #endif
- if (d <= SP_HALF_MAX) {
- _sp_div_small(a, d, r, rem);
- }
- else
- {
- int i;
- sp_int_word w = 0;
- sp_int_digit t;
- for (i = a->used - 1; i >= 0; i--) {
- t = sp_div_word((sp_int_digit)w, a->dp[i], d);
- w = (w << SP_WORD_SIZE) | a->dp[i];
- w -= (sp_int_word)t * d;
- if (r != NULL) {
- r->dp[i] = t;
- }
- }
- if (r != NULL) {
- r->used = a->used;
- sp_clamp(r);
- }
- if (rem != NULL) {
- *rem = (sp_int_digit)w;
- }
- }
- #ifdef WOLFSSL_SP_INT_NEGATIVE
- if (r != NULL) {
- r->sign = a->sign;
- }
- #endif
- }
- return err;
- }
- #endif
- #if (defined(WOLFSSL_SP_MATH_ALL) && !defined(WOLFSSL_RSA_VERIFY_ONLY)) || \
- defined(WOLFSSL_HAVE_SP_DH) || \
- (defined(HAVE_ECC) && (defined(FP_ECC) || defined(HAVE_COMP_KEY)))
- /* Calculate a modulo the digit d into r: r = a mod d
- *
- * @param [in] a SP integer to reduce.
- * @param [in] d Digit to that is the modulus.
- * @param [out] r Digit that is the result..
- *
- * @return MP_OKAY on success.
- * @return MP_VAL when a is NULL or d is 0.
- */
- #if !defined(WOLFSSL_SP_MATH_ALL) && (!defined(HAVE_ECC) || \
- !defined(HAVE_COMP_KEY))
- static
- #endif /* !WOLFSSL_SP_MATH_ALL && (!HAVE_ECC || !HAVE_COMP_KEY) */
- int sp_mod_d(sp_int* a, const sp_int_digit d, sp_int_digit* r)
- {
- int err = MP_OKAY;
- if ((a == NULL) || (r == NULL) || (d == 0)) {
- err = MP_VAL;
- }
- if (0) {
- sp_print(a, "a");
- sp_print_digit(d, "m");
- }
- if (err == MP_OKAY) {
- /* Check whether d is a power of 2. */
- if ((d & (d - 1)) == 0) {
- if (a->used == 0) {
- *r = 0;
- }
- else {
- *r = a->dp[0] & (d - 1);
- }
- }
- #if !defined(WOLFSSL_SP_SMALL)
- else if (d == 3) {
- _sp_div_3(a, NULL, r);
- }
- else if (d == 10) {
- _sp_div_10(a, NULL, r);
- }
- #endif
- else if (d <= SP_HALF_MAX) {
- _sp_div_small(a, d, NULL, r);
- }
- else {
- int i;
- sp_int_word w = 0;
- sp_int_digit t;
- for (i = a->used - 1; i >= 0; i--) {
- t = sp_div_word((sp_int_digit)w, a->dp[i], d);
- w = (w << SP_WORD_SIZE) | a->dp[i];
- w -= (sp_int_word)t * d;
- }
- *r = (sp_int_digit)w;
- }
- #ifdef WOLFSSL_SP_INT_NEGATIVE
- if (a->sign == MP_NEG) {
- *r = d - *r;
- }
- #endif
- }
- if (0) {
- sp_print_digit(*r, "rmod");
- }
- return err;
- }
- #endif /* (WOLFSSL_SP_MATH_ALL && !WOLFSSL_RSA_VERFIY_ONLY) || \
- * WOLFSSL_HAVE_SP_DH || (HAVE_ECC && (FP_ECC || HAVE_COMP_KEY)) */
- #if defined(WOLFSSL_SP_MATH_ALL) && defined(HAVE_ECC)
- /* Divides a by 2 mod m and stores in r: r = (a / 2) mod m
- *
- * r = a / 2 (mod m) - constant time (a < m and positive)
- *
- * @param [in] a SP integer to divide.
- * @param [in] m SP integer that is modulus.
- * @param [out] r SP integer to hold result.
- *
- * @return MP_OKAY on success.
- * @return MP_VAL when a, m or r is NULL.
- */
- int sp_div_2_mod_ct(sp_int* a, sp_int* m, sp_int* r)
- {
- int err = MP_OKAY;
- if ((a == NULL) || (m == NULL) || (r == NULL)) {
- err = MP_VAL;
- }
- if (err == MP_OKAY) {
- sp_int_word w = 0;
- sp_int_digit mask;
- int i;
- if (0) {
- sp_print(a, "a");
- sp_print(m, "m");
- }
- mask = 0 - (a->dp[0] & 1);
- for (i = 0; i < m->used; i++) {
- sp_int_digit mask_a = 0 - (i < a->used);
- w += m->dp[i] & mask;
- w += a->dp[i] & mask_a;
- r->dp[i] = (sp_int_digit)w;
- w >>= DIGIT_BIT;
- }
- r->dp[i] = (sp_int_digit)w;
- r->used = i + 1;
- #ifdef WOLFSSL_SP_INT_NEGATIVE
- r->sign = MP_ZPOS;
- #endif
- sp_clamp(r);
- sp_div_2(r, r);
- if (0) {
- sp_print(r, "rd2");
- }
- }
- return err;
- }
- #endif /* WOLFSSL_SP_MATH_ALL && HAVE_ECC */
- #if defined(HAVE_ECC) || !defined(NO_DSA) || defined(OPENSSL_EXTRA) || \
- (!defined(NO_RSA) && !defined(WOLFSSL_RSA_VERIFY_ONLY) && \
- !defined(WOLFSSL_RSA_PUBLIC_ONLY))
- /* Divides a by 2 and stores in r: r = a >> 1
- *
- * @param [in] a SP integer to divide.
- * @param [out] r SP integer to hold result.
- *
- * @return MP_OKAY on success.
- * @return MP_VAL when a or r is NULL.
- */
- #if !(defined(WOLFSSL_SP_MATH_ALL) && defined(HAVE_ECC))
- static
- #endif
- int sp_div_2(sp_int* a, sp_int* r)
- {
- int err = MP_OKAY;
- #if defined(WOLFSSL_SP_MATH_ALL) && defined(HAVE_ECC)
- /* Only when a public API. */
- if ((a == NULL) || (r == NULL)) {
- err = MP_VAL;
- }
- #endif
- if (err == MP_OKAY) {
- int i;
- r->used = a->used;
- for (i = 0; i < a->used - 1; i++) {
- r->dp[i] = (a->dp[i] >> 1) | (a->dp[i+1] << (SP_WORD_SIZE - 1));
- }
- r->dp[i] = a->dp[i] >> 1;
- r->used = i + 1;
- sp_clamp(r);
- #ifdef WOLFSSL_SP_INT_NEGATIVE
- r->sign = a->sign;
- #endif
- }
- return err;
- }
- #endif /* HAVE_ECC || !NO_DSA || OPENSSL_EXTRA ||
- * (!NO_RSA && !WOLFSSL_RSA_VERIFY_ONLY) */
- /************************
- * Add/Subtract Functions
- ************************/
- #if !defined(WOLFSSL_RSA_VERIFY_ONLY)
- /* Add offset b to a into r: r = a + (b << (o * SP_WORD_SIZEOF))
- *
- * @param [in] a SP integer to add to.
- * @param [in] b SP integer to add.
- * @param [out] r SP integer to store result in.
- * @param [in] o Number of digits to offset b.
- *
- * @return MP_OKAY on success.
- */
- static int _sp_add_off(sp_int* a, sp_int* b, sp_int* r, int o)
- {
- int i;
- int j;
- sp_int_word t = 0;
- if (0) {
- sp_print(a, "a");
- sp_print(b, "b");
- }
- #ifdef SP_MATH_NEED_ADD_OFF
- for (i = 0; (i < o) && (i < a->used); i++) {
- r->dp[i] = a->dp[i];
- }
- for (; i < o; i++) {
- r->dp[i] = 0;
- }
- #else
- i = 0;
- (void)o;
- #endif
- for (j = 0; (i < a->used) && (j < b->used); i++, j++) {
- t += a->dp[i];
- t += b->dp[j];
- r->dp[i] = (sp_int_digit)t;
- t >>= SP_WORD_SIZE;
- }
- for (; i < a->used; i++) {
- t += a->dp[i];
- r->dp[i] = (sp_int_digit)t;
- t >>= SP_WORD_SIZE;
- }
- for (; j < b->used; i++, j++) {
- t += b->dp[j];
- r->dp[i] = (sp_int_digit)t;
- t >>= SP_WORD_SIZE;
- }
- r->used = i;
- if (t != 0) {
- r->dp[i] = (sp_int_digit)t;
- r->used++;
- }
- sp_clamp(r);
- if (0) {
- sp_print(r, "radd");
- }
- return MP_OKAY;
- }
- #endif /* !WOLFSSL_RSA_VERIFY_ONLY */
- #if defined(WOLFSSL_SP_MATH_ALL) || defined(WOLFSSL_SP_INT_NEGATIVE) || \
- !defined(NO_DH) || defined(HAVE_ECC) || (!defined(NO_RSA) && \
- !defined(WOLFSSL_RSA_VERIFY_ONLY))
- /* Sub offset b from a into r: r = a - (b << (o * SP_WORD_SIZEOF))
- * a must be greater than b.
- *
- * @param [in] a SP integer to subtract from.
- * @param [in] b SP integer to subtract.
- * @param [out] r SP integer to store result in.
- * @param [in] o Number of digits to offset b.
- *
- * @return MP_OKAY on success.
- */
- static int _sp_sub_off(sp_int* a, sp_int* b, sp_int* r, int o)
- {
- int i;
- int j;
- sp_int_sword t = 0;
- for (i = 0; (i < o) && (i < a->used); i++) {
- r->dp[i] = a->dp[i];
- }
- for (j = 0; (i < a->used) && (j < b->used); i++, j++) {
- t += a->dp[i];
- t -= b->dp[j];
- r->dp[i] = (sp_int_digit)t;
- t >>= SP_WORD_SIZE;
- }
- for (; i < a->used; i++) {
- t += a->dp[i];
- r->dp[i] = (sp_int_digit)t;
- t >>= SP_WORD_SIZE;
- }
- r->used = i;
- sp_clamp(r);
- return MP_OKAY;
- }
- #endif /* WOLFSSL_SP_MATH_ALL || WOLFSSL_SP_INT_NEGATIVE || !NO_DH ||
- * HAVE_ECC || (!NO_RSA && !WOLFSSL_RSA_VERIFY_ONLY) */
- #if !defined(WOLFSSL_RSA_VERIFY_ONLY)
- /* Add b to a into r: r = a + b
- *
- * @param [in] a SP integer to add to.
- * @param [in] b SP integer to add.
- * @param [out] r SP integer to store result in.
- *
- * @return MP_OKAY on success.
- * @return MP_VAL when a, b, or r is NULL.
- */
- int sp_add(sp_int* a, sp_int* b, sp_int* r)
- {
- int err = MP_OKAY;
- if ((a == NULL) || (b == NULL) || (r == NULL)) {
- err = MP_VAL;
- }
- if ((err == MP_OKAY) && ((a->used >= r->size) || (b->used >= r->size))) {
- err = MP_VAL;
- }
- if (err == MP_OKAY) {
- #ifndef WOLFSSL_SP_INT_NEGATIVE
- err = _sp_add_off(a, b, r, 0);
- #else
- if (a->sign == b->sign) {
- r->sign = a->sign;
- err = _sp_add_off(a, b, r, 0);
- }
- else if (_sp_cmp_abs(a, b) != MP_LT) {
- err = _sp_sub_off(a, b, r, 0);
- if (sp_iszero(r)) {
- r->sign = MP_ZPOS;
- }
- else {
- r->sign = a->sign;
- }
- }
- else {
- err = _sp_sub_off(b, a, r, 0);
- if (sp_iszero(r)) {
- r->sign = MP_ZPOS;
- }
- else {
- r->sign = b->sign;
- }
- }
- #endif
- }
- return err;
- }
- #endif /* !WOLFSSL_RSA_VERIFY_ONLY */
- #if defined(WOLFSSL_SP_MATH_ALL) || !defined(NO_DH) || defined(HAVE_ECC) || \
- (!defined(NO_RSA) && !defined(WOLFSSL_RSA_VERIFY_ONLY))
- /* Subtract b from a into r: r = a - b
- *
- * a must be greater than b unless WOLFSSL_SP_INT_NEGATIVE is defined.
- *
- * @param [in] a SP integer to subtract from.
- * @param [in] b SP integer to subtract.
- * @param [out] r SP integer to store result in.
- *
- * @return MP_OKAY on success.
- * @return MP_VAL when a, b, or r is NULL.
- */
- int sp_sub(sp_int* a, sp_int* b, sp_int* r)
- {
- int err = MP_OKAY;
- if ((a == NULL) || (b == NULL) || (r == NULL)) {
- err = MP_VAL;
- }
- else {
- #ifndef WOLFSSL_SP_INT_NEGATIVE
- err = _sp_sub_off(a, b, r, 0);
- #else
- if (a->sign != b->sign) {
- r->sign = a->sign;
- err = _sp_add_off(a, b, r, 0);
- }
- else if (_sp_cmp_abs(a, b) != MP_LT) {
- err = _sp_sub_off(a, b, r, 0);
- if (sp_iszero(r)) {
- r->sign = MP_ZPOS;
- }
- else {
- r->sign = a->sign;
- }
- }
- else {
- err = _sp_sub_off(b, a, r, 0);
- if (sp_iszero(r)) {
- r->sign = MP_ZPOS;
- }
- else {
- r->sign = 1 - a->sign;
- }
- }
- #endif
- }
- return err;
- }
- #endif /* WOLFSSL_SP_MATH_ALL || !NO_DH || HAVE_ECC ||
- * (!NO_RSA && !WOLFSSL_RSA_VERIFY_ONLY)*/
- /****************************
- * Add/Subtract mod functions
- ****************************/
- #if (defined(WOLFSSL_SP_MATH_ALL) && !defined(WOLFSSL_RSA_VERIFY_ONLY)) || \
- (!defined(WOLFSSL_SP_MATH) && defined(WOLFSSL_CUSTOM_CURVES))
- /* Add two value and reduce: r = (a + b) % m
- *
- * @param [in] a SP integer to add.
- * @param [in] b SP integer to add with.
- * @param [in] m SP integer that is the modulus.
- * @param [out] r SP integer to hold result.
- *
- * @return MP_OKAY on success.
- * @return MP_VAL when a, b, m or r is NULL.
- * @return MP_MEM when dynamic memory allocation fails.
- */
- int sp_addmod(sp_int* a, sp_int* b, sp_int* m, sp_int* r)
- {
- int err = MP_OKAY;
- int used = ((a == NULL) || (b == NULL)) ? 1 :
- ((a->used >= b->used) ? a->used + 1 : b->used + 1);
- DECL_SP_INT(t, used);
- if ((a == NULL) || (b == NULL) || (m == NULL) || (r == NULL)) {
- err = MP_VAL;
- }
- ALLOC_SP_INT_SIZE(t, used, err, NULL);
- if (0 && (err == MP_OKAY)) {
- sp_print(a, "a");
- sp_print(b, "b");
- sp_print(m, "m");
- }
- if (err == MP_OKAY) {
- err = sp_add(a, b, t);
- }
- if (err == MP_OKAY) {
- err = sp_mod(t, m, r);
- }
- if (0 && (err == MP_OKAY)) {
- sp_print(r, "rma");
- }
- FREE_SP_INT(t, NULL);
- return err;
- }
- #endif /* WOLFSSL_SP_MATH_ALL || (!WOLFSSL_SP_MATH && WOLFSSL_CUSTOM_CURVES) */
- #if defined(WOLFSSL_SP_MATH_ALL) && !defined(WOLFSSL_RSA_VERIFY_ONLY)
- /* Sub b from a and reduce: r = (a - b) % m
- * Result is always positive.
- *
- * @param [in] a SP integer to subtract from
- * @param [in] b SP integer to subtract.
- * @param [in] m SP integer that is the modulus.
- * @param [out] r SP integer to hold result.
- *
- * @return MP_OKAY on success.
- * @return MP_VAL when a, b, m or r is NULL.
- * @return MP_MEM when dynamic memory allocation fails.
- */
- int sp_submod(sp_int* a, sp_int* b, sp_int* m, sp_int* r)
- {
- #ifndef WOLFSSL_SP_INT_NEGATIVE
- int err = MP_OKAY;
- int used = ((a == NULL) || (b == NULL) || (m == NULL)) ? 1 :
- ((a->used >= m->used) ?
- ((a->used >= b->used) ? (a->used + 1) : (b->used + 1)) :
- ((b->used >= m->used)) ? (b->used + 1) : (m->used + 1));
- DECL_SP_INT_ARRAY(t, used, 2);
- if ((a == NULL) || (b == NULL) || (m == NULL) || (r == NULL)) {
- err = MP_VAL;
- }
- if (0 && (err == MP_OKAY)) {
- sp_print(a, "a");
- sp_print(b, "b");
- sp_print(m, "m");
- }
- ALLOC_SP_INT_ARRAY(t, used, 2, err, NULL);
- if (err == MP_OKAY) {
- if (_sp_cmp(a, m) == MP_GT) {
- err = sp_mod(a, m, t[0]);
- a = t[0];
- }
- }
- if (err == MP_OKAY) {
- if (_sp_cmp(b, m) == MP_GT) {
- err = sp_mod(b, m, t[1]);
- b = t[1];
- }
- }
- if (err == MP_OKAY) {
- if (_sp_cmp(a, b) == MP_LT) {
- err = sp_add(a, m, t[0]);
- if (err == MP_OKAY) {
- err = sp_sub(t[0], b, r);
- }
- }
- else {
- err = sp_sub(a, b, r);
- }
- }
- if (0 && (err == MP_OKAY)) {
- sp_print(r, "rms");
- }
- FREE_SP_INT_ARRAY(t, NULL);
- return err;
- #else /* WOLFSSL_SP_INT_NEGATIVE */
- int err = MP_OKAY;
- int used = ((a == NULL) || (b == NULL)) ? 1 :
- ((a->used >= b->used) ? a->used + 1 : b->used + 1);
- DECL_SP_INT(t, used);
- if ((a == NULL) || (b == NULL) || (m == NULL) || (r == NULL)) {
- err = MP_VAL;
- }
- if (0 && (err == MP_OKAY)) {
- sp_print(a, "a");
- sp_print(b, "b");
- sp_print(m, "m");
- }
- ALLOC_SP_INT_SIZE(t, used, err, NULL);
- if (err == MP_OKAY) {
- err = sp_sub(a, b, t);
- }
- if (err == MP_OKAY) {
- err = sp_mod(t, m, r);
- }
- if (0 && (err == MP_OKAY)) {
- sp_print(r, "rms");
- }
- FREE_SP_INT(t, NULL);
- return err;
- #endif /* WOLFSSL_SP_INT_NEGATIVE */
- }
- #endif /* WOLFSSL_SP_MATH_ALL */
- #if defined(WOLFSSL_SP_MATH_ALL) && defined(HAVE_ECC)
- /* Compare two multi-precision numbers.
- *
- * Constant time implementation.
- *
- * @param [in] a SP integer to compare.
- * @param [in] b SP integer to compare.
- * @param [in] len Number of digits to compare.
- *
- * @return MP_GT when a is greater than b.
- * @return MP_LT when a is less than b.
- * @return MP_EQ when a is equals b.
- */
- static int sp_cmp_mag_ct(sp_int* a, sp_int* b, int len)
- {
- int i;
- sp_sint_digit r = MP_EQ;
- sp_int_digit mask = SP_MASK;
- for (i = len - 1; i >= 0; i--) {
- sp_int_digit am = 0 - (i < a->used);
- sp_int_digit bm = 0 - (i < b->used);
- sp_int_digit ad = a->dp[i] & am;
- sp_int_digit bd = b->dp[i] & bm;
- r |= mask & (ad > bd);
- mask &= (ad > bd) - 1;
- r |= mask & (-(ad < bd));
- mask &= (ad < bd) - 1;
- }
- return (int)r;
- }
- #endif /* WOLFSSL_SP_MATH_ALL && HAVE_ECC */
- #if defined(WOLFSSL_SP_MATH_ALL) && defined(HAVE_ECC)
- /* Add two value and reduce: r = (a + b) % m
- *
- * r = a + b (mod m) - constant time (|a| < m and |b| < m and positive)
- *
- * Assumes a, b, m and r are not NULL.
- *
- * @param [in] a SP integer to add.
- * @param [in] b SP integer to add with.
- * @param [in] m SP integer that is the modulus.
- * @param [out] r SP integer to hold result.
- *
- * @return MP_OKAY on success.
- */
- int sp_addmod_ct(sp_int* a, sp_int* b, sp_int* m, sp_int* r)
- {
- sp_int_word w = 0;
- sp_int_digit mask;
- int i;
- if (0) {
- sp_print(a, "a");
- sp_print(b, "b");
- sp_print(m, "m");
- }
- _sp_add_off(a, b, r, 0);
- mask = 0 - (sp_cmp_mag_ct(r, m, m->used + 1) != MP_LT);
- for (i = 0; i < m->used; i++) {
- sp_int_digit mask_r = 0 - (i < r->used);
- w += m->dp[i] & mask;
- w = (r->dp[i] & mask_r) - w;
- r->dp[i] = (sp_int_digit)w;
- w = (w >> DIGIT_BIT) & 1;
- }
- r->dp[i] = 0;
- r->used = i;
- #ifdef WOLFSSL_SP_INT_NEGATIVE
- r->sign = a->sign;
- #endif /* WOLFSSL_SP_INT_NEGATIVE */
- sp_clamp(r);
- if (0) {
- sp_print(r, "rma");
- }
- return MP_OKAY;
- }
- #endif /* WOLFSSL_SP_MATH_ALL && HAVE_ECC */
- #if defined(WOLFSSL_SP_MATH_ALL) && defined(HAVE_ECC)
- /* Sub b from a and reduce: r = (a - b) % m
- * Result is always positive.
- *
- * r = a - b (mod m) - constant time (a < n and b < m and positive)
- *
- * Assumes a, b, m and r are not NULL.
- *
- * @param [in] a SP integer to subtract from
- * @param [in] b SP integer to subtract.
- * @param [in] m SP integer that is the modulus.
- * @param [out] r SP integer to hold result.
- *
- * @return MP_OKAY on success.
- */
- int sp_submod_ct(sp_int* a, sp_int* b, sp_int* m, sp_int* r)
- {
- sp_int_word w = 0;
- sp_int_digit mask;
- int i;
- if (0) {
- sp_print(a, "a");
- sp_print(b, "b");
- sp_print(m, "m");
- }
- mask = 0 - (sp_cmp_mag_ct(a, b, m->used + 1) == MP_LT);
- for (i = 0; i < m->used + 1; i++) {
- sp_int_digit mask_a = 0 - (i < a->used);
- sp_int_digit mask_m = 0 - (i < m->used);
- w += m->dp[i] & mask_m & mask;
- w += a->dp[i] & mask_a;
- r->dp[i] = (sp_int_digit)w;
- w >>= DIGIT_BIT;
- }
- r->dp[i] = (sp_int_digit)w;
- r->used = i + 1;
- #ifdef WOLFSSL_SP_INT_NEGATIVE
- r->sign = MP_ZPOS;
- #endif /* WOLFSSL_SP_INT_NEGATIVE */
- sp_clamp(r);
- _sp_sub_off(r, b, r, 0);
- if (0) {
- sp_print(r, "rms");
- }
- return MP_OKAY;
- }
- #endif /* WOLFSSL_SP_MATH_ALL && HAVE_ECC */
- /********************
- * Shifting functoins
- ********************/
- #if !defined(NO_DH) || defined(HAVE_ECC) || (defined(WC_RSA_BLINDING) && \
- !defined(WOLFSSL_RSA_VERIFY_ONLY))
- /* Left shift the multi-precision number by a number of digits.
- *
- * @param [in,out] a SP integer to shift.
- * @param [in] s Number of digits to shift.
- *
- * @return MP_OKAY on success.
- * @return MP_VAL when a is NULL or the result is too big to fit in an SP.
- */
- int sp_lshd(sp_int* a, int s)
- {
- int err = MP_OKAY;
- if (a == NULL) {
- err = MP_VAL;
- }
- if ((err == MP_OKAY) && (a->used + s > a->size)) {
- err = MP_VAL;
- }
- if (err == MP_OKAY) {
- XMEMMOVE(a->dp + s, a->dp, a->used * sizeof(sp_int_digit));
- a->used += s;
- XMEMSET(a->dp, 0, s * sizeof(sp_int_digit));
- sp_clamp(a);
- }
- return err;
- }
- #endif
- #if defined(WOLFSSL_SP_MATH_ALL) || !defined(NO_DH) || defined(HAVE_ECC) || \
- (!defined(NO_RSA) && !defined(WOLFSSL_RSA_VERIFY_ONLY) && \
- !defined(WOLFSSL_RSA_PUBLIC_ONLY))
- /* Left shift the multi-precision number by n bits.
- * Bits may be larger than the word size.
- *
- * @param [in,out] a SP integer to shift.
- * @param [in] n Number of bits to shift left.
- *
- * @return MP_OKAY on success.
- */
- static int sp_lshb(sp_int* a, int n)
- {
- int err = MP_OKAY;
- if (a->used != 0) {
- int s = n >> SP_WORD_SHIFT;
- int i;
- if (a->used + s >= a->size) {
- err = MP_VAL;
- }
- if (err == MP_OKAY) {
- n &= SP_WORD_MASK;
- if (n != 0) {
- sp_int_digit v;
- v = a->dp[a->used - 1] >> (SP_WORD_SIZE - n);
- a->dp[a->used - 1 + s] = a->dp[a->used - 1] << n;
- for (i = a->used - 2; i >= 0; i--) {
- a->dp[i + 1 + s] |= a->dp[i] >> (SP_WORD_SIZE - n);
- a->dp[i + s] = a->dp[i] << n;
- }
- if (v != 0) {
- a->dp[a->used + s] = v;
- a->used++;
- }
- }
- else if (s > 0) {
- for (i = a->used - 1; i >= 0; i--) {
- a->dp[i + s] = a->dp[i];
- }
- }
- a->used += s;
- XMEMSET(a->dp, 0, SP_WORD_SIZEOF * s);
- }
- }
- return err;
- }
- #endif /* WOLFSSL_SP_MATH_ALL || !NO_DH || HAVE_ECC ||
- * (!NO_RSA && !WOLFSSL_RSA_VERIFY_ONLY) */
- #if (defined(WOLFSSL_SP_MATH_ALL) && !defined(WOLFSSL_RSA_VERIFY_ONLY)) || \
- !defined(NO_DH) || defined(HAVE_ECC) || \
- (!defined(NO_RSA) && !defined(WOLFSSL_RSA_VERIFY_ONLY))
- /* Shift a right by n digits into r: r = a >> (n * SP_WORD_SIZE)
- *
- * @param [in] a SP integer to shift.
- * @param [in] n Number of digits to shift.
- * @param [out] r SP integer to store result in.
- */
- void sp_rshd(sp_int* a, int c)
- {
- if (a != NULL) {
- int i;
- int j;
- if (c >= a->used) {
- _sp_zero(a);
- }
- else {
- for (i = c, j = 0; i < a->used; i++, j++) {
- a->dp[j] = a->dp[i];
- }
- a->used -= c;
- }
- }
- }
- #endif /* (WOLFSSL_SP_MATH_ALL && !WOLFSSL_RSA_VERIFY_ONLY) || !NO_DH ||
- * HAVE_ECC || (!NO_RSA && !WOLFSSL_RSA_VERIFY_ONLY) */
- #if defined(WOLFSSL_SP_MATH_ALL) || !defined(NO_DH) || defined(HAVE_ECC) || \
- (!defined(NO_RSA) && !defined(WOLFSSL_RSA_VERIFY_ONLY)) || \
- defined(WOLFSSL_HAVE_SP_DH)
- /* Shift a right by n bits into r: r = a >> n
- *
- * @param [in] a SP integer to shift.
- * @param [in] n Number of bits to shift.
- * @param [out] r SP integer to store result in.
- */
- void sp_rshb(sp_int* a, int n, sp_int* r)
- {
- int i = n >> SP_WORD_SHIFT;
- if (i >= a->used) {
- _sp_zero(r);
- }
- else {
- int j;
- n &= SP_WORD_SIZE - 1;
- if (n == 0) {
- for (j = 0; i < a->used; i++, j++)
- r->dp[j] = a->dp[i];
- r->used = j;
- }
- else if (n > 0) {
- for (j = 0; i < a->used-1; i++, j++)
- r->dp[j] = (a->dp[i] >> n) | (a->dp[i+1] << (SP_WORD_SIZE - n));
- r->dp[j] = a->dp[i] >> n;
- r->used = j + 1;
- sp_clamp(r);
- }
- #ifdef WOLFSSL_SP_INT_NEGATIVE
- if (sp_iszero(r)) {
- r->sign = MP_ZPOS;
- }
- else {
- r->sign = a->sign;
- }
- #endif
- }
- }
- #endif /* WOLFSSL_SP_MATH_ALL || !NO_DH || HAVE_ECC ||
- * (!NO_RSA && !WOLFSSL_RSA_VERIFY_ONLY) || WOLFSSL_HAVE_SP_DH */
- #if defined(WOLFSSL_SP_MATH_ALL) || !defined(NO_DH) || defined(HAVE_ECC) || \
- (!defined(NO_RSA) && !defined(WOLFSSL_RSA_VERIFY_ONLY) && \
- !defined(WOLFSSL_RSA_PUBLIC_ONLY))
- /* Divide a by d and return the quotient in r and the remainder in rem.
- * r = a / d; rem = a % d
- *
- * @param [in] a SP integer to be divided.
- * @param [in] d SP integer to divide by.
- * @param [out] r SP integer that is the quotient.
- * @param [out] rem SP integer that is the remainder.
- *
- * @return MP_OKAY on success.
- * @return MP_VAL when a or d is NULL, r and rem are NULL, or d is 0.
- * @return MP_MEM when dynamic memory allocation fails.
- */
- #ifndef WOLFSSL_SP_MATH_ALL
- static
- #endif
- int sp_div(sp_int* a, sp_int* d, sp_int* r, sp_int* rem)
- {
- int err = MP_OKAY;
- int ret;
- int done = 0;
- int i;
- int s = 0;
- sp_int_digit dt;
- sp_int_digit t;
- sp_int* sa = NULL;
- sp_int* sd = NULL;
- sp_int* tr = NULL;
- sp_int* trial = NULL;
- #ifdef WOLFSSL_SP_INT_NEGATIVE
- int aSign = MP_ZPOS;
- int dSign = MP_ZPOS;
- #endif /* WOLFSSL_SP_INT_NEGATIVE */
- DECL_SP_INT_ARRAY(td, (a == NULL) ? 1 : a->used + 1, 4);
- if ((a == NULL) || (d == NULL) || ((r == NULL) && (rem == NULL))) {
- err = MP_VAL;
- }
- if ((err == MP_OKAY) && sp_iszero(d)) {
- err = MP_VAL;
- }
- if ((err == MP_OKAY) && (r != NULL) && (r->size < a->used - d->used + 2)) {
- err = MP_VAL;
- }
- if ((err == MP_OKAY) && (rem != NULL) && (rem->size < a->used + 1)) {
- err = MP_VAL;
- }
- if (0 && (err == MP_OKAY)) {
- sp_print(a, "a");
- sp_print(d, "b");
- }
- if (err == MP_OKAY) {
- #ifdef WOLFSSL_SP_INT_NEGATIVE
- aSign = a->sign;
- dSign = d->sign;
- #endif /* WOLFSSL_SP_INT_NEGATIVE */
- ret = _sp_cmp_abs(a, d);
- if (ret == MP_LT) {
- if (rem != NULL) {
- sp_copy(a, rem);
- }
- if (r != NULL) {
- sp_set(r, 0);
- }
- done = 1;
- }
- else if (ret == MP_EQ) {
- if (rem != NULL) {
- sp_set(rem, 0);
- }
- if (r != NULL) {
- sp_set(r, 1);
- #ifdef WOLFSSL_SP_INT_NEGATIVE
- r->sign = aSign;
- #endif /* WOLFSSL_SP_INT_NEGATIVE */
- }
- done = 1;
- }
- else if (sp_count_bits(a) == sp_count_bits(d)) {
- /* a is greater than d but same bit length */
- if (rem != NULL) {
- _sp_sub_off(a, d, rem, 0);
- }
- if (r != NULL) {
- sp_set(r, 1);
- #ifdef WOLFSSL_SP_INT_NEGATIVE
- r->sign = aSign;
- #endif /* WOLFSSL_SP_INT_NEGATIVE */
- }
- done = 1;
- }
- }
- if (!done) {
- /* Macro always has code associated with it and checks err first. */
- ALLOC_SP_INT_ARRAY(td, a->used + 1, 4, err, NULL);
- }
- if ((!done) && (err == MP_OKAY)) {
- sa = td[0];
- sd = td[1];
- tr = td[2];
- trial = td[3];
- sp_init_size(sa, a->used + 1);
- sp_init_size(sd, d->used + 1);
- sp_init_size(tr, a->used - d->used + 2);
- sp_init_size(trial, a->used + 1);
- s = sp_count_bits(d);
- s = SP_WORD_SIZE - (s & SP_WORD_MASK);
- sp_copy(a, sa);
- if (s != SP_WORD_SIZE) {
- err = sp_lshb(sa, s);
- if (err == MP_OKAY) {
- sp_copy(d, sd);
- d = sd;
- err = sp_lshb(sd, s);
- }
- }
- }
- if ((!done) && (err == MP_OKAY) && (d->used > 0)) {
- #ifdef WOLFSSL_SP_SMALL
- int c;
- #else
- int j;
- int o;
- sp_int_sword sw;
- #endif /* WOLFSSL_SP_SMALL */
- #ifdef WOLFSSL_SP_INT_NEGATIVE
- sa->sign = MP_ZPOS;
- sd->sign = MP_ZPOS;
- #endif /* WOLFSSL_SP_INT_NEGATIVE */
- tr->used = sa->used - d->used + 1;
- sp_clear(tr);
- tr->used = sa->used - d->used + 1;
- dt = d->dp[d->used-1];
- for (i = d->used - 1; i > 0; i--) {
- if (sa->dp[sa->used - d->used + i] != d->dp[i]) {
- break;
- }
- }
- if (sa->dp[sa->used - d->used + i] >= d->dp[i]) {
- i = sa->used;
- _sp_sub_off(sa, d, sa, sa->used - d->used);
- /* Keep the same used so that 0 zeros will be put in. */
- sa->used = i;
- if (r != NULL) {
- tr->dp[sa->used - d->used] = 1;
- }
- }
- for (i = sa->used - 1; i >= d->used; i--) {
- if (sa->dp[i] == dt) {
- t = SP_DIGIT_MAX;
- }
- else {
- t = sp_div_word(sa->dp[i], sa->dp[i-1], dt);
- }
- #ifdef WOLFSSL_SP_SMALL
- do {
- _sp_mul_d(d, t, trial, i - d->used);
- c = _sp_cmp_abs(trial, sa);
- if (c == MP_GT) {
- t--;
- }
- }
- while (c == MP_GT);
- _sp_sub_off(sa, trial, sa, 0);
- tr->dp[i - d->used] += t;
- if (tr->dp[i - d->used] < t) {
- tr->dp[i + 1 - d->used]++;
- }
- #else
- o = i - d->used;
- do {
- sp_int_word tw = 0;
- for (j = 0; j < d->used; j++) {
- tw += (sp_int_word)d->dp[j] * t;
- trial->dp[j] = (sp_int_digit)tw;
- tw >>= SP_WORD_SIZE;
- }
- trial->dp[j] = (sp_int_digit)tw;
- for (j = d->used; j > 0; j--) {
- if (trial->dp[j] != sa->dp[j + o]) {
- break;
- }
- }
- if (trial->dp[j] > sa->dp[j + o]) {
- t--;
- }
- }
- while (trial->dp[j] > sa->dp[j + o]);
- sw = 0;
- for (j = 0; j <= d->used; j++) {
- sw += sa->dp[j + o];
- sw -= trial->dp[j];
- sa->dp[j + o] = (sp_int_digit)sw;
- sw >>= SP_WORD_SIZE;
- }
- tr->dp[o] = t;
- #endif /* WOLFSSL_SP_SMALL */
- }
- sa->used = i + 1;
- if (rem != NULL) {
- #ifdef WOLFSSL_SP_INT_NEGATIVE
- sa->sign = (sa->used == 0) ? MP_ZPOS : aSign;
- #endif /* WOLFSSL_SP_INT_NEGATIVE */
- if (s != SP_WORD_SIZE) {
- sp_rshb(sa, s, sa);
- }
- sp_copy(sa, rem);
- sp_clamp(rem);
- #ifdef WOLFSSL_SP_INT_NEGATIVE
- if (sp_iszero(rem)) {
- rem->sign = MP_ZPOS;
- }
- #endif
- }
- if (r != NULL) {
- sp_copy(tr, r);
- sp_clamp(r);
- #ifdef WOLFSSL_SP_INT_NEGATIVE
- if (sp_iszero(r)) {
- r->sign = MP_ZPOS;
- }
- else {
- r->sign = (aSign == dSign) ? MP_ZPOS : MP_NEG;
- }
- #endif /* WOLFSSL_SP_INT_NEGATIVE */
- }
- }
- if (0 && (err == MP_OKAY)) {
- if (rem != NULL) {
- sp_print(rem, "rdr");
- }
- if (r != NULL) {
- sp_print(r, "rdw");
- }
- }
- FREE_SP_INT_ARRAY(td, NULL);
- return err;
- }
- #endif /* WOLFSSL_SP_MATH_ALL || !NO_DH || HAVE_ECC || \
- * (!NO_RSA && !WOLFSSL_RSA_VERIFY_ONLY) */
- #if defined(WOLFSSL_SP_MATH_ALL) || !defined(NO_DH) || defined(HAVE_ECC) || \
- (!defined(NO_RSA) && !defined(WOLFSSL_RSA_VERIFY_ONLY) && \
- !defined(WOLFSSL_RSA_PUBLIC_ONLY))
- #ifndef FREESCALE_LTC_TFM
- /* Calculate the remainder of dividing a by m: r = a mod m.
- *
- * @param [in] a SP integer to reduce.
- * @param [in] m SP integer that is the modulus.
- * @param [out] r SP integer to store result in.
- *
- * @return MP_OKAY on success.
- * @return MP_VAL when a, m or r is NULL or m is 0.
- */
- int sp_mod(sp_int* a, sp_int* m, sp_int* r)
- {
- int err = MP_OKAY;
- #ifdef WOLFSSL_SP_INT_NEGATIVE
- DECL_SP_INT(t, (m == NULL) ? 1 : m->used);
- #endif /* WOLFSSL_SP_INT_NEGATIVE */
- if ((a == NULL) || (m == NULL) || (r == NULL)) {
- err = MP_VAL;
- }
- #ifndef WOLFSSL_SP_INT_NEGATIVE
- if (err == MP_OKAY) {
- err = sp_div(a, m, NULL, r);
- }
- #else
- ALLOC_SP_INT(t, m->used, err, NULL);
- if (err == MP_OKAY) {
- sp_init_size(t, m->used);
- err = sp_div(a, m, NULL, t);
- }
- if (err == MP_OKAY) {
- if (t->sign != m->sign) {
- err = sp_add(t, m, r);
- }
- else {
- err = sp_copy(t, r);
- }
- }
- FREE_SP_INT(t, NULL);
- #endif /* WOLFSSL_SP_INT_NEGATIVE */
- return err;
- }
- #endif /* !FREESCALE_LTC_TFM */
- #endif /* WOLFSSL_SP_MATH_ALL || !NO_DH || HAVE_ECC || \
- * (!NO_RSA && !WOLFSSL_RSA_VERIFY_ONLY) */
- /* START SP_MUL implementations. */
- /* This code is generated.
- * To generate:
- * cd scripts/sp/sp_int
- * ./gen.sh
- * File sp_mul.c contains code.
- */
- #ifdef SQR_MUL_ASM
- /* Multiply a by b into r where a and b have same no. digits. r = a * b
- *
- * Optimised code for when number of digits in a and b are the same.
- *
- * @param [in] a SP integer to mulitply.
- * @param [in] b SP integer to mulitply by.
- * @param [out] r SP integer to hod reult.
- *
- * @return MP_OKAY otherwise.
- * @return MP_MEM when dynamic memory allocation fails.
- */
- static int _sp_mul_nxn(sp_int* a, sp_int* b, sp_int* r)
- {
- int err = MP_OKAY;
- int i;
- int j;
- int k;
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
- sp_int_digit* t = NULL;
- #elif defined(__STDC_VERSION__) && (__STDC_VERSION__ >= 199901L) && defined(WOLFSSL_SP_SMALL)
- sp_int_digit t[a->used * 2];
- #else
- sp_int_digit t[SP_INT_DIGITS];
- #endif
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
- t = (sp_int_digit*)XMALLOC(sizeof(sp_int_digit) * (a->used * 2), NULL,
- DYNAMIC_TYPE_BIGINT);
- if (t == NULL) {
- err = MP_MEM;
- }
- #endif
- if (err == MP_OKAY) {
- sp_int_digit l, h, o;
- sp_int_digit* dp;
- h = 0;
- l = 0;
- SP_ASM_MUL(h, l, a->dp[0], b->dp[0]);
- t[0] = h;
- h = 0;
- o = 0;
- for (k = 1; k <= a->used - 1; k++) {
- j = k;
- dp = a->dp;
- for (; j >= 0; dp++, j--) {
- SP_ASM_MUL_ADD(l, h, o, dp[0], b->dp[j]);
- }
- t[k] = l;
- l = h;
- h = o;
- o = 0;
- }
- for (; k <= (a->used - 1) * 2; k++) {
- i = k - (b->used - 1);
- dp = &b->dp[b->used - 1];
- for (; i < a->used; i++, dp--) {
- SP_ASM_MUL_ADD(l, h, o, a->dp[i], dp[0]);
- }
- t[k] = l;
- l = h;
- h = o;
- o = 0;
- }
- t[k] = l;
- r->used = k + 1;
- XMEMCPY(r->dp, t, r->used * sizeof(sp_int_digit));
- sp_clamp(r);
- }
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (t != NULL) {
- XFREE(t, NULL, DYNAMIC_TYPE_BIGINT);
- }
- #endif
- return err;
- }
- /* Multiply a by b into r. r = a * b
- *
- * @param [in] a SP integer to mulitply.
- * @param [in] b SP integer to mulitply by.
- * @param [out] r SP integer to hod reult.
- *
- * @return MP_OKAY otherwise.
- * @return MP_MEM when dynamic memory allocation fails.
- */
- static int _sp_mul(sp_int* a, sp_int* b, sp_int* r)
- {
- int err = MP_OKAY;
- int i;
- int j;
- int k;
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
- sp_int_digit* t = NULL;
- #elif defined(__STDC_VERSION__) && (__STDC_VERSION__ >= 199901L) && defined(WOLFSSL_SP_SMALL)
- sp_int_digit t[a->used + b->used];
- #else
- sp_int_digit t[SP_INT_DIGITS];
- #endif
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
- t = (sp_int_digit*)XMALLOC(sizeof(sp_int_digit) * (a->used + b->used),
- NULL, DYNAMIC_TYPE_BIGINT);
- if (t == NULL) {
- err = MP_MEM;
- }
- #endif
- if (err == MP_OKAY) {
- sp_int_digit l;
- sp_int_digit h;
- sp_int_digit o;
- h = 0;
- l = 0;
- SP_ASM_MUL(h, l, a->dp[0], b->dp[0]);
- t[0] = h;
- h = 0;
- o = 0;
- for (k = 1; k <= b->used - 1; k++) {
- i = 0;
- j = k;
- for (; (i < a->used) && (j >= 0); i++, j--) {
- SP_ASM_MUL_ADD(l, h, o, a->dp[i], b->dp[j]);
- }
- t[k] = l;
- l = h;
- h = o;
- o = 0;
- }
- for (; k <= (a->used - 1) + (b->used - 1); k++) {
- j = b->used - 1;
- i = k - j;
- for (; (i < a->used) && (j >= 0); i++, j--) {
- SP_ASM_MUL_ADD(l, h, o, a->dp[i], b->dp[j]);
- }
- t[k] = l;
- l = h;
- h = o;
- o = 0;
- }
- t[k] = l;
- r->used = k + 1;
- XMEMCPY(r->dp, t, r->used * sizeof(sp_int_digit));
- sp_clamp(r);
- }
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (t != NULL) {
- XFREE(t, NULL, DYNAMIC_TYPE_BIGINT);
- }
- #endif
- return err;
- }
- #else
- /* Multiply a by b into r. r = a * b
- *
- * @param [in] a SP integer to mulitply.
- * @param [in] b SP integer to mulitply by.
- * @param [out] r SP integer to hod reult.
- *
- * @return MP_OKAY otherwise.
- * @return MP_MEM when dynamic memory allocation fails.
- */
- static int _sp_mul(sp_int* a, sp_int* b, sp_int* r)
- {
- int err = MP_OKAY;
- int i;
- int j;
- int k;
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
- sp_int_digit* t = NULL;
- #elif defined(__STDC_VERSION__) && (__STDC_VERSION__ >= 199901L) && defined(WOLFSSL_SP_SMALL)
- sp_int_digit t[a->used + b->used];
- #else
- sp_int_digit t[SP_INT_DIGITS];
- #endif
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
- t = (sp_int_digit*)XMALLOC(sizeof(sp_int_digit) * (a->used + b->used),
- NULL, DYNAMIC_TYPE_BIGINT);
- if (t == NULL) {
- err = MP_MEM;
- }
- #endif
- if (err == MP_OKAY) {
- sp_int_word w;
- sp_int_word l;
- sp_int_word h;
- #ifdef SP_WORD_OVERFLOW
- sp_int_word o;
- #endif
- w = (sp_int_word)a->dp[0] * b->dp[0];
- t[0] = (sp_int_digit)w;
- l = (sp_int_digit)(w >> SP_WORD_SIZE);
- h = 0;
- #ifdef SP_WORD_OVERFLOW
- o = 0;
- #endif
- for (k = 1; k <= (a->used - 1) + (b->used - 1); k++) {
- i = k - (b->used - 1);
- i &= ~(i >> (sizeof(i) * 8 - 1));
- j = k - i;
- for (; (i < a->used) && (j >= 0); i++, j--) {
- w = (sp_int_word)a->dp[i] * b->dp[j];
- l += (sp_int_digit)w;
- h += (sp_int_digit)(w >> SP_WORD_SIZE);
- #ifdef SP_WORD_OVERFLOW
- h += (sp_int_digit)(l >> SP_WORD_SIZE);
- l &= SP_MASK;
- o += (sp_int_digit)(h >> SP_WORD_SIZE);
- h &= SP_MASK;
- #endif
- }
- t[k] = (sp_int_digit)l;
- l >>= SP_WORD_SIZE;
- l += (sp_int_digit)h;
- h >>= SP_WORD_SIZE;
- #ifdef SP_WORD_OVERFLOW
- h += o & SP_MASK;
- o >>= SP_WORD_SIZE;
- #endif
- }
- t[k] = (sp_int_digit)l;
- r->used = k + 1;
- XMEMCPY(r->dp, t, r->used * sizeof(sp_int_digit));
- sp_clamp(r);
- }
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (t != NULL) {
- XFREE(t, NULL, DYNAMIC_TYPE_BIGINT);
- }
- #endif
- return err;
- }
- #endif
- #ifndef WOLFSSL_SP_SMALL
- #if !defined(WOLFSSL_HAVE_SP_ECC) && defined(HAVE_ECC)
- #if SP_WORD_SIZE == 64
- #ifndef SQR_MUL_ASM
- /* Multiply a by b and store in r: r = a * b
- *
- * @param [in] a SP integer to multiply.
- * @param [in] b SP integer to multiply.
- * @param [out] r SP integer result.
- *
- * @return MP_OKAY on success.
- * @return MP_MEM when dynamic memory allocation fails.
- */
- static int _sp_mul_4(sp_int* a, sp_int* b, sp_int* r)
- {
- int err = MP_OKAY;
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
- sp_int_word* w = NULL;
- #else
- sp_int_word w[16];
- #endif
- sp_int_digit* da = a->dp;
- sp_int_digit* db = b->dp;
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
- w = (sp_int_word*)XMALLOC(sizeof(sp_int_word) * 16, NULL,
- DYNAMIC_TYPE_BIGINT);
- if (w == NULL) {
- err = MP_MEM;
- }
- #endif
- if (err == MP_OKAY) {
- w[0] = (sp_int_word)da[0] * db[0];
- w[1] = (sp_int_word)da[0] * db[1];
- w[2] = (sp_int_word)da[1] * db[0];
- w[3] = (sp_int_word)da[0] * db[2];
- w[4] = (sp_int_word)da[1] * db[1];
- w[5] = (sp_int_word)da[2] * db[0];
- w[6] = (sp_int_word)da[0] * db[3];
- w[7] = (sp_int_word)da[1] * db[2];
- w[8] = (sp_int_word)da[2] * db[1];
- w[9] = (sp_int_word)da[3] * db[0];
- w[10] = (sp_int_word)da[1] * db[3];
- w[11] = (sp_int_word)da[2] * db[2];
- w[12] = (sp_int_word)da[3] * db[1];
- w[13] = (sp_int_word)da[2] * db[3];
- w[14] = (sp_int_word)da[3] * db[2];
- w[15] = (sp_int_word)da[3] * db[3];
- r->dp[0] = w[0];
- w[0] >>= SP_WORD_SIZE;
- w[0] += (sp_int_digit)w[1];
- w[0] += (sp_int_digit)w[2];
- r->dp[1] = w[0];
- w[0] >>= SP_WORD_SIZE;
- w[1] >>= SP_WORD_SIZE;
- w[0] += (sp_int_digit)w[1];
- w[2] >>= SP_WORD_SIZE;
- w[0] += (sp_int_digit)w[2];
- w[0] += (sp_int_digit)w[3];
- w[0] += (sp_int_digit)w[4];
- w[0] += (sp_int_digit)w[5];
- r->dp[2] = w[0];
- w[0] >>= SP_WORD_SIZE;
- w[3] >>= SP_WORD_SIZE;
- w[0] += (sp_int_digit)w[3];
- w[4] >>= SP_WORD_SIZE;
- w[0] += (sp_int_digit)w[4];
- w[5] >>= SP_WORD_SIZE;
- w[0] += (sp_int_digit)w[5];
- w[0] += (sp_int_digit)w[6];
- w[0] += (sp_int_digit)w[7];
- w[0] += (sp_int_digit)w[8];
- w[0] += (sp_int_digit)w[9];
- r->dp[3] = w[0];
- w[0] >>= SP_WORD_SIZE;
- w[6] >>= SP_WORD_SIZE;
- w[0] += (sp_int_digit)w[6];
- w[7] >>= SP_WORD_SIZE;
- w[0] += (sp_int_digit)w[7];
- w[8] >>= SP_WORD_SIZE;
- w[0] += (sp_int_digit)w[8];
- w[9] >>= SP_WORD_SIZE;
- w[0] += (sp_int_digit)w[9];
- w[0] += (sp_int_digit)w[10];
- w[0] += (sp_int_digit)w[11];
- w[0] += (sp_int_digit)w[12];
- r->dp[4] = w[0];
- w[0] >>= SP_WORD_SIZE;
- w[10] >>= SP_WORD_SIZE;
- w[0] += (sp_int_digit)w[10];
- w[11] >>= SP_WORD_SIZE;
- w[0] += (sp_int_digit)w[11];
- w[12] >>= SP_WORD_SIZE;
- w[0] += (sp_int_digit)w[12];
- w[0] += (sp_int_digit)w[13];
- w[0] += (sp_int_digit)w[14];
- r->dp[5] = w[0];
- w[0] >>= SP_WORD_SIZE;
- w[13] >>= SP_WORD_SIZE;
- w[0] += (sp_int_digit)w[13];
- w[14] >>= SP_WORD_SIZE;
- w[0] += (sp_int_digit)w[14];
- w[0] += (sp_int_digit)w[15];
- r->dp[6] = w[0];
- w[0] >>= SP_WORD_SIZE;
- w[15] >>= SP_WORD_SIZE;
- w[0] += (sp_int_digit)w[15];
- r->dp[7] = w[0];
- r->used = 8;
- sp_clamp(r);
- }
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (w != NULL) {
- XFREE(w, NULL, DYNAMIC_TYPE_BIGINT);
- }
- #endif
- return err;
- }
- #else /* SQR_MUL_ASM */
- /* Multiply a by b and store in r: r = a * b
- *
- * @param [in] a SP integer to multiply.
- * @param [in] b SP integer to multiply.
- * @param [out] r SP integer result.
- *
- * @return MP_OKAY on success.
- * @return MP_MEM when dynamic memory allocation fails.
- */
- static int _sp_mul_4(sp_int* a, sp_int* b, sp_int* r)
- {
- sp_int_digit l = 0;
- sp_int_digit h = 0;
- sp_int_digit o = 0;
- sp_int_digit t[4];
- SP_ASM_MUL(h, l, a->dp[0], b->dp[0]);
- t[0] = h;
- h = 0;
- SP_ASM_MUL_ADD_NO(l, h, a->dp[0], b->dp[1]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[1], b->dp[0]);
- t[1] = l;
- l = h;
- h = o;
- o = 0;
- SP_ASM_MUL_ADD_NO(l, h, a->dp[0], b->dp[2]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[1], b->dp[1]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[2], b->dp[0]);
- t[2] = l;
- l = h;
- h = o;
- o = 0;
- SP_ASM_MUL_ADD(l, h, o, a->dp[0], b->dp[3]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[1], b->dp[2]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[2], b->dp[1]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[3], b->dp[0]);
- t[3] = l;
- l = h;
- h = o;
- o = 0;
- SP_ASM_MUL_ADD(l, h, o, a->dp[1], b->dp[3]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[2], b->dp[2]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[3], b->dp[1]);
- r->dp[4] = l;
- l = h;
- h = o;
- o = 0;
- SP_ASM_MUL_ADD(l, h, o, a->dp[2], b->dp[3]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[3], b->dp[2]);
- r->dp[5] = l;
- l = h;
- h = o;
- SP_ASM_MUL_ADD_NO(l, h, a->dp[3], b->dp[3]);
- r->dp[6] = l;
- r->dp[7] = h;
- XMEMCPY(r->dp, t, 4 * sizeof(sp_int_digit));
- r->used = 8;
- sp_clamp(r);
- return MP_OKAY;
- }
- #endif /* SQR_MUL_ASM */
- #endif /* SP_WORD_SIZE == 64 */
- #if SP_WORD_SIZE == 64
- #ifdef SQR_MUL_ASM
- /* Multiply a by b and store in r: r = a * b
- *
- * @param [in] a SP integer to multiply.
- * @param [in] b SP integer to multiply.
- * @param [out] r SP integer result.
- *
- * @return MP_OKAY on success.
- * @return MP_MEM when dynamic memory allocation fails.
- */
- static int _sp_mul_6(sp_int* a, sp_int* b, sp_int* r)
- {
- sp_int_digit l = 0;
- sp_int_digit h = 0;
- sp_int_digit o = 0;
- sp_int_digit t[6];
- SP_ASM_MUL(h, l, a->dp[0], b->dp[0]);
- t[0] = h;
- h = 0;
- SP_ASM_MUL_ADD_NO(l, h, a->dp[0], b->dp[1]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[1], b->dp[0]);
- t[1] = l;
- l = h;
- h = o;
- o = 0;
- SP_ASM_MUL_ADD_NO(l, h, a->dp[0], b->dp[2]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[1], b->dp[1]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[2], b->dp[0]);
- t[2] = l;
- l = h;
- h = o;
- o = 0;
- SP_ASM_MUL_ADD(l, h, o, a->dp[0], b->dp[3]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[1], b->dp[2]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[2], b->dp[1]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[3], b->dp[0]);
- t[3] = l;
- l = h;
- h = o;
- o = 0;
- SP_ASM_MUL_ADD(l, h, o, a->dp[0], b->dp[4]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[1], b->dp[3]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[2], b->dp[2]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[3], b->dp[1]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[4], b->dp[0]);
- t[4] = l;
- l = h;
- h = o;
- o = 0;
- SP_ASM_MUL_ADD(l, h, o, a->dp[0], b->dp[5]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[1], b->dp[4]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[2], b->dp[3]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[3], b->dp[2]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[4], b->dp[1]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[5], b->dp[0]);
- t[5] = l;
- l = h;
- h = o;
- o = 0;
- SP_ASM_MUL_ADD(l, h, o, a->dp[1], b->dp[5]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[2], b->dp[4]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[3], b->dp[3]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[4], b->dp[2]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[5], b->dp[1]);
- r->dp[6] = l;
- l = h;
- h = o;
- o = 0;
- SP_ASM_MUL_ADD(l, h, o, a->dp[2], b->dp[5]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[3], b->dp[4]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[4], b->dp[3]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[5], b->dp[2]);
- r->dp[7] = l;
- l = h;
- h = o;
- o = 0;
- SP_ASM_MUL_ADD(l, h, o, a->dp[3], b->dp[5]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[4], b->dp[4]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[5], b->dp[3]);
- r->dp[8] = l;
- l = h;
- h = o;
- o = 0;
- SP_ASM_MUL_ADD(l, h, o, a->dp[4], b->dp[5]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[5], b->dp[4]);
- r->dp[9] = l;
- l = h;
- h = o;
- SP_ASM_MUL_ADD_NO(l, h, a->dp[5], b->dp[5]);
- r->dp[10] = l;
- r->dp[11] = h;
- XMEMCPY(r->dp, t, 6 * sizeof(sp_int_digit));
- r->used = 12;
- sp_clamp(r);
- return MP_OKAY;
- }
- #endif /* SQR_MUL_ASM */
- #endif /* SP_WORD_SIZE == 64 */
- #if SP_WORD_SIZE == 32
- #ifdef SQR_MUL_ASM
- /* Multiply a by b and store in r: r = a * b
- *
- * @param [in] a SP integer to multiply.
- * @param [in] b SP integer to multiply.
- * @param [out] r SP integer result.
- *
- * @return MP_OKAY on success.
- * @return MP_MEM when dynamic memory allocation fails.
- */
- static int _sp_mul_8(sp_int* a, sp_int* b, sp_int* r)
- {
- sp_int_digit l = 0;
- sp_int_digit h = 0;
- sp_int_digit o = 0;
- sp_int_digit t[8];
- SP_ASM_MUL(h, l, a->dp[0], b->dp[0]);
- t[0] = h;
- h = 0;
- SP_ASM_MUL_ADD_NO(l, h, a->dp[0], b->dp[1]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[1], b->dp[0]);
- t[1] = l;
- l = h;
- h = o;
- o = 0;
- SP_ASM_MUL_ADD_NO(l, h, a->dp[0], b->dp[2]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[1], b->dp[1]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[2], b->dp[0]);
- t[2] = l;
- l = h;
- h = o;
- o = 0;
- SP_ASM_MUL_ADD(l, h, o, a->dp[0], b->dp[3]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[1], b->dp[2]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[2], b->dp[1]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[3], b->dp[0]);
- t[3] = l;
- l = h;
- h = o;
- o = 0;
- SP_ASM_MUL_ADD(l, h, o, a->dp[0], b->dp[4]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[1], b->dp[3]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[2], b->dp[2]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[3], b->dp[1]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[4], b->dp[0]);
- t[4] = l;
- l = h;
- h = o;
- o = 0;
- SP_ASM_MUL_ADD(l, h, o, a->dp[0], b->dp[5]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[1], b->dp[4]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[2], b->dp[3]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[3], b->dp[2]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[4], b->dp[1]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[5], b->dp[0]);
- t[5] = l;
- l = h;
- h = o;
- o = 0;
- SP_ASM_MUL_ADD(l, h, o, a->dp[0], b->dp[6]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[1], b->dp[5]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[2], b->dp[4]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[3], b->dp[3]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[4], b->dp[2]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[5], b->dp[1]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[6], b->dp[0]);
- t[6] = l;
- l = h;
- h = o;
- o = 0;
- SP_ASM_MUL_ADD(l, h, o, a->dp[0], b->dp[7]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[1], b->dp[6]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[2], b->dp[5]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[3], b->dp[4]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[4], b->dp[3]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[5], b->dp[2]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[6], b->dp[1]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[7], b->dp[0]);
- t[7] = l;
- l = h;
- h = o;
- o = 0;
- SP_ASM_MUL_ADD(l, h, o, a->dp[1], b->dp[7]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[2], b->dp[6]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[3], b->dp[5]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[4], b->dp[4]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[5], b->dp[3]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[6], b->dp[2]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[7], b->dp[1]);
- r->dp[8] = l;
- l = h;
- h = o;
- o = 0;
- SP_ASM_MUL_ADD(l, h, o, a->dp[2], b->dp[7]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[3], b->dp[6]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[4], b->dp[5]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[5], b->dp[4]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[6], b->dp[3]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[7], b->dp[2]);
- r->dp[9] = l;
- l = h;
- h = o;
- o = 0;
- SP_ASM_MUL_ADD(l, h, o, a->dp[3], b->dp[7]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[4], b->dp[6]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[5], b->dp[5]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[6], b->dp[4]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[7], b->dp[3]);
- r->dp[10] = l;
- l = h;
- h = o;
- o = 0;
- SP_ASM_MUL_ADD(l, h, o, a->dp[4], b->dp[7]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[5], b->dp[6]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[6], b->dp[5]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[7], b->dp[4]);
- r->dp[11] = l;
- l = h;
- h = o;
- o = 0;
- SP_ASM_MUL_ADD(l, h, o, a->dp[5], b->dp[7]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[6], b->dp[6]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[7], b->dp[5]);
- r->dp[12] = l;
- l = h;
- h = o;
- o = 0;
- SP_ASM_MUL_ADD(l, h, o, a->dp[6], b->dp[7]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[7], b->dp[6]);
- r->dp[13] = l;
- l = h;
- h = o;
- SP_ASM_MUL_ADD_NO(l, h, a->dp[7], b->dp[7]);
- r->dp[14] = l;
- r->dp[15] = h;
- XMEMCPY(r->dp, t, 8 * sizeof(sp_int_digit));
- r->used = 16;
- sp_clamp(r);
- return MP_OKAY;
- }
- #endif /* SQR_MUL_ASM */
- #endif /* SP_WORD_SIZE == 32 */
- #if SP_WORD_SIZE == 32
- #ifdef SQR_MUL_ASM
- /* Multiply a by b and store in r: r = a * b
- *
- * @param [in] a SP integer to multiply.
- * @param [in] b SP integer to multiply.
- * @param [out] r SP integer result.
- *
- * @return MP_OKAY on success.
- * @return MP_MEM when dynamic memory allocation fails.
- */
- static int _sp_mul_12(sp_int* a, sp_int* b, sp_int* r)
- {
- sp_int_digit l = 0;
- sp_int_digit h = 0;
- sp_int_digit o = 0;
- sp_int_digit t[12];
- SP_ASM_MUL(h, l, a->dp[0], b->dp[0]);
- t[0] = h;
- h = 0;
- SP_ASM_MUL_ADD_NO(l, h, a->dp[0], b->dp[1]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[1], b->dp[0]);
- t[1] = l;
- l = h;
- h = o;
- o = 0;
- SP_ASM_MUL_ADD_NO(l, h, a->dp[0], b->dp[2]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[1], b->dp[1]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[2], b->dp[0]);
- t[2] = l;
- l = h;
- h = o;
- o = 0;
- SP_ASM_MUL_ADD(l, h, o, a->dp[0], b->dp[3]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[1], b->dp[2]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[2], b->dp[1]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[3], b->dp[0]);
- t[3] = l;
- l = h;
- h = o;
- o = 0;
- SP_ASM_MUL_ADD(l, h, o, a->dp[0], b->dp[4]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[1], b->dp[3]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[2], b->dp[2]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[3], b->dp[1]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[4], b->dp[0]);
- t[4] = l;
- l = h;
- h = o;
- o = 0;
- SP_ASM_MUL_ADD(l, h, o, a->dp[0], b->dp[5]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[1], b->dp[4]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[2], b->dp[3]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[3], b->dp[2]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[4], b->dp[1]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[5], b->dp[0]);
- t[5] = l;
- l = h;
- h = o;
- o = 0;
- SP_ASM_MUL_ADD(l, h, o, a->dp[0], b->dp[6]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[1], b->dp[5]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[2], b->dp[4]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[3], b->dp[3]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[4], b->dp[2]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[5], b->dp[1]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[6], b->dp[0]);
- t[6] = l;
- l = h;
- h = o;
- o = 0;
- SP_ASM_MUL_ADD(l, h, o, a->dp[0], b->dp[7]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[1], b->dp[6]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[2], b->dp[5]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[3], b->dp[4]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[4], b->dp[3]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[5], b->dp[2]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[6], b->dp[1]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[7], b->dp[0]);
- t[7] = l;
- l = h;
- h = o;
- o = 0;
- SP_ASM_MUL_ADD(l, h, o, a->dp[0], b->dp[8]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[1], b->dp[7]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[2], b->dp[6]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[3], b->dp[5]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[4], b->dp[4]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[5], b->dp[3]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[6], b->dp[2]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[7], b->dp[1]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[8], b->dp[0]);
- t[8] = l;
- l = h;
- h = o;
- o = 0;
- SP_ASM_MUL_ADD(l, h, o, a->dp[0], b->dp[9]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[1], b->dp[8]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[2], b->dp[7]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[3], b->dp[6]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[4], b->dp[5]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[5], b->dp[4]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[6], b->dp[3]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[7], b->dp[2]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[8], b->dp[1]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[9], b->dp[0]);
- t[9] = l;
- l = h;
- h = o;
- o = 0;
- SP_ASM_MUL_ADD(l, h, o, a->dp[0], b->dp[10]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[1], b->dp[9]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[2], b->dp[8]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[3], b->dp[7]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[4], b->dp[6]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[5], b->dp[5]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[6], b->dp[4]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[7], b->dp[3]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[8], b->dp[2]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[9], b->dp[1]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[10], b->dp[0]);
- t[10] = l;
- l = h;
- h = o;
- o = 0;
- SP_ASM_MUL_ADD(l, h, o, a->dp[0], b->dp[11]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[1], b->dp[10]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[2], b->dp[9]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[3], b->dp[8]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[4], b->dp[7]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[5], b->dp[6]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[6], b->dp[5]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[7], b->dp[4]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[8], b->dp[3]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[9], b->dp[2]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[10], b->dp[1]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[11], b->dp[0]);
- t[11] = l;
- l = h;
- h = o;
- o = 0;
- SP_ASM_MUL_ADD(l, h, o, a->dp[1], b->dp[11]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[2], b->dp[10]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[3], b->dp[9]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[4], b->dp[8]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[5], b->dp[7]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[6], b->dp[6]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[7], b->dp[5]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[8], b->dp[4]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[9], b->dp[3]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[10], b->dp[2]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[11], b->dp[1]);
- r->dp[12] = l;
- l = h;
- h = o;
- o = 0;
- SP_ASM_MUL_ADD(l, h, o, a->dp[2], b->dp[11]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[3], b->dp[10]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[4], b->dp[9]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[5], b->dp[8]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[6], b->dp[7]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[7], b->dp[6]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[8], b->dp[5]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[9], b->dp[4]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[10], b->dp[3]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[11], b->dp[2]);
- r->dp[13] = l;
- l = h;
- h = o;
- o = 0;
- SP_ASM_MUL_ADD(l, h, o, a->dp[3], b->dp[11]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[4], b->dp[10]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[5], b->dp[9]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[6], b->dp[8]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[7], b->dp[7]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[8], b->dp[6]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[9], b->dp[5]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[10], b->dp[4]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[11], b->dp[3]);
- r->dp[14] = l;
- l = h;
- h = o;
- o = 0;
- SP_ASM_MUL_ADD(l, h, o, a->dp[4], b->dp[11]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[5], b->dp[10]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[6], b->dp[9]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[7], b->dp[8]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[8], b->dp[7]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[9], b->dp[6]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[10], b->dp[5]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[11], b->dp[4]);
- r->dp[15] = l;
- l = h;
- h = o;
- o = 0;
- SP_ASM_MUL_ADD(l, h, o, a->dp[5], b->dp[11]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[6], b->dp[10]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[7], b->dp[9]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[8], b->dp[8]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[9], b->dp[7]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[10], b->dp[6]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[11], b->dp[5]);
- r->dp[16] = l;
- l = h;
- h = o;
- o = 0;
- SP_ASM_MUL_ADD(l, h, o, a->dp[6], b->dp[11]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[7], b->dp[10]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[8], b->dp[9]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[9], b->dp[8]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[10], b->dp[7]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[11], b->dp[6]);
- r->dp[17] = l;
- l = h;
- h = o;
- o = 0;
- SP_ASM_MUL_ADD(l, h, o, a->dp[7], b->dp[11]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[8], b->dp[10]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[9], b->dp[9]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[10], b->dp[8]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[11], b->dp[7]);
- r->dp[18] = l;
- l = h;
- h = o;
- o = 0;
- SP_ASM_MUL_ADD(l, h, o, a->dp[8], b->dp[11]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[9], b->dp[10]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[10], b->dp[9]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[11], b->dp[8]);
- r->dp[19] = l;
- l = h;
- h = o;
- o = 0;
- SP_ASM_MUL_ADD(l, h, o, a->dp[9], b->dp[11]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[10], b->dp[10]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[11], b->dp[9]);
- r->dp[20] = l;
- l = h;
- h = o;
- o = 0;
- SP_ASM_MUL_ADD(l, h, o, a->dp[10], b->dp[11]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[11], b->dp[10]);
- r->dp[21] = l;
- l = h;
- h = o;
- SP_ASM_MUL_ADD_NO(l, h, a->dp[11], b->dp[11]);
- r->dp[22] = l;
- r->dp[23] = h;
- XMEMCPY(r->dp, t, 12 * sizeof(sp_int_digit));
- r->used = 24;
- sp_clamp(r);
- return MP_OKAY;
- }
- #endif /* SQR_MUL_ASM */
- #endif /* SP_WORD_SIZE == 32 */
- #endif /* !WOLFSSL_HAVE_SP_ECC && HAVE_ECC */
- #if defined(SQR_MUL_ASM) && defined(WOLFSSL_SP_INT_LARGE_COMBA)
- #if SP_INT_DIGITS >= 32
- /* Multiply a by b and store in r: r = a * b
- *
- * @param [in] a SP integer to multiply.
- * @param [in] b SP integer to multiply.
- * @param [out] r SP integer result.
- *
- * @return MP_OKAY on success.
- * @return MP_MEM when dynamic memory allocation fails.
- */
- static int _sp_mul_16(sp_int* a, sp_int* b, sp_int* r)
- {
- int err = MP_OKAY;
- sp_int_digit l = 0;
- sp_int_digit h = 0;
- sp_int_digit o = 0;
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
- sp_int_digit* t = NULL;
- #else
- sp_int_digit t[16];
- #endif
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
- t = (sp_int_digit*)XMALLOC(sizeof(sp_int_digit) * 16, NULL,
- DYNAMIC_TYPE_BIGINT);
- if (t == NULL) {
- err = MP_MEM;
- }
- #endif
- if (err == MP_OKAY) {
- SP_ASM_MUL(h, l, a->dp[0], b->dp[0]);
- t[0] = h;
- h = 0;
- SP_ASM_MUL_ADD_NO(l, h, a->dp[0], b->dp[1]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[1], b->dp[0]);
- t[1] = l;
- l = h;
- h = o;
- o = 0;
- SP_ASM_MUL_ADD_NO(l, h, a->dp[0], b->dp[2]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[1], b->dp[1]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[2], b->dp[0]);
- t[2] = l;
- l = h;
- h = o;
- o = 0;
- SP_ASM_MUL_ADD(l, h, o, a->dp[0], b->dp[3]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[1], b->dp[2]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[2], b->dp[1]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[3], b->dp[0]);
- t[3] = l;
- l = h;
- h = o;
- o = 0;
- SP_ASM_MUL_ADD(l, h, o, a->dp[0], b->dp[4]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[1], b->dp[3]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[2], b->dp[2]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[3], b->dp[1]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[4], b->dp[0]);
- t[4] = l;
- l = h;
- h = o;
- o = 0;
- SP_ASM_MUL_ADD(l, h, o, a->dp[0], b->dp[5]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[1], b->dp[4]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[2], b->dp[3]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[3], b->dp[2]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[4], b->dp[1]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[5], b->dp[0]);
- t[5] = l;
- l = h;
- h = o;
- o = 0;
- SP_ASM_MUL_ADD(l, h, o, a->dp[0], b->dp[6]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[1], b->dp[5]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[2], b->dp[4]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[3], b->dp[3]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[4], b->dp[2]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[5], b->dp[1]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[6], b->dp[0]);
- t[6] = l;
- l = h;
- h = o;
- o = 0;
- SP_ASM_MUL_ADD(l, h, o, a->dp[0], b->dp[7]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[1], b->dp[6]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[2], b->dp[5]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[3], b->dp[4]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[4], b->dp[3]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[5], b->dp[2]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[6], b->dp[1]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[7], b->dp[0]);
- t[7] = l;
- l = h;
- h = o;
- o = 0;
- SP_ASM_MUL_ADD(l, h, o, a->dp[0], b->dp[8]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[1], b->dp[7]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[2], b->dp[6]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[3], b->dp[5]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[4], b->dp[4]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[5], b->dp[3]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[6], b->dp[2]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[7], b->dp[1]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[8], b->dp[0]);
- t[8] = l;
- l = h;
- h = o;
- o = 0;
- SP_ASM_MUL_ADD(l, h, o, a->dp[0], b->dp[9]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[1], b->dp[8]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[2], b->dp[7]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[3], b->dp[6]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[4], b->dp[5]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[5], b->dp[4]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[6], b->dp[3]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[7], b->dp[2]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[8], b->dp[1]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[9], b->dp[0]);
- t[9] = l;
- l = h;
- h = o;
- o = 0;
- SP_ASM_MUL_ADD(l, h, o, a->dp[0], b->dp[10]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[1], b->dp[9]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[2], b->dp[8]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[3], b->dp[7]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[4], b->dp[6]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[5], b->dp[5]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[6], b->dp[4]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[7], b->dp[3]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[8], b->dp[2]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[9], b->dp[1]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[10], b->dp[0]);
- t[10] = l;
- l = h;
- h = o;
- o = 0;
- SP_ASM_MUL_ADD(l, h, o, a->dp[0], b->dp[11]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[1], b->dp[10]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[2], b->dp[9]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[3], b->dp[8]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[4], b->dp[7]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[5], b->dp[6]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[6], b->dp[5]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[7], b->dp[4]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[8], b->dp[3]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[9], b->dp[2]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[10], b->dp[1]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[11], b->dp[0]);
- t[11] = l;
- l = h;
- h = o;
- o = 0;
- SP_ASM_MUL_ADD(l, h, o, a->dp[0], b->dp[12]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[1], b->dp[11]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[2], b->dp[10]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[3], b->dp[9]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[4], b->dp[8]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[5], b->dp[7]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[6], b->dp[6]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[7], b->dp[5]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[8], b->dp[4]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[9], b->dp[3]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[10], b->dp[2]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[11], b->dp[1]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[12], b->dp[0]);
- t[12] = l;
- l = h;
- h = o;
- o = 0;
- SP_ASM_MUL_ADD(l, h, o, a->dp[0], b->dp[13]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[1], b->dp[12]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[2], b->dp[11]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[3], b->dp[10]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[4], b->dp[9]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[5], b->dp[8]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[6], b->dp[7]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[7], b->dp[6]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[8], b->dp[5]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[9], b->dp[4]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[10], b->dp[3]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[11], b->dp[2]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[12], b->dp[1]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[13], b->dp[0]);
- t[13] = l;
- l = h;
- h = o;
- o = 0;
- SP_ASM_MUL_ADD(l, h, o, a->dp[0], b->dp[14]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[1], b->dp[13]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[2], b->dp[12]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[3], b->dp[11]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[4], b->dp[10]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[5], b->dp[9]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[6], b->dp[8]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[7], b->dp[7]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[8], b->dp[6]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[9], b->dp[5]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[10], b->dp[4]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[11], b->dp[3]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[12], b->dp[2]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[13], b->dp[1]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[14], b->dp[0]);
- t[14] = l;
- l = h;
- h = o;
- o = 0;
- SP_ASM_MUL_ADD(l, h, o, a->dp[0], b->dp[15]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[1], b->dp[14]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[2], b->dp[13]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[3], b->dp[12]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[4], b->dp[11]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[5], b->dp[10]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[6], b->dp[9]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[7], b->dp[8]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[8], b->dp[7]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[9], b->dp[6]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[10], b->dp[5]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[11], b->dp[4]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[12], b->dp[3]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[13], b->dp[2]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[14], b->dp[1]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[15], b->dp[0]);
- t[15] = l;
- l = h;
- h = o;
- o = 0;
- SP_ASM_MUL_ADD(l, h, o, a->dp[1], b->dp[15]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[2], b->dp[14]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[3], b->dp[13]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[4], b->dp[12]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[5], b->dp[11]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[6], b->dp[10]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[7], b->dp[9]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[8], b->dp[8]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[9], b->dp[7]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[10], b->dp[6]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[11], b->dp[5]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[12], b->dp[4]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[13], b->dp[3]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[14], b->dp[2]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[15], b->dp[1]);
- r->dp[16] = l;
- l = h;
- h = o;
- o = 0;
- SP_ASM_MUL_ADD(l, h, o, a->dp[2], b->dp[15]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[3], b->dp[14]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[4], b->dp[13]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[5], b->dp[12]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[6], b->dp[11]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[7], b->dp[10]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[8], b->dp[9]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[9], b->dp[8]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[10], b->dp[7]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[11], b->dp[6]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[12], b->dp[5]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[13], b->dp[4]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[14], b->dp[3]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[15], b->dp[2]);
- r->dp[17] = l;
- l = h;
- h = o;
- o = 0;
- SP_ASM_MUL_ADD(l, h, o, a->dp[3], b->dp[15]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[4], b->dp[14]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[5], b->dp[13]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[6], b->dp[12]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[7], b->dp[11]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[8], b->dp[10]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[9], b->dp[9]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[10], b->dp[8]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[11], b->dp[7]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[12], b->dp[6]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[13], b->dp[5]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[14], b->dp[4]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[15], b->dp[3]);
- r->dp[18] = l;
- l = h;
- h = o;
- o = 0;
- SP_ASM_MUL_ADD(l, h, o, a->dp[4], b->dp[15]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[5], b->dp[14]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[6], b->dp[13]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[7], b->dp[12]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[8], b->dp[11]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[9], b->dp[10]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[10], b->dp[9]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[11], b->dp[8]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[12], b->dp[7]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[13], b->dp[6]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[14], b->dp[5]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[15], b->dp[4]);
- r->dp[19] = l;
- l = h;
- h = o;
- o = 0;
- SP_ASM_MUL_ADD(l, h, o, a->dp[5], b->dp[15]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[6], b->dp[14]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[7], b->dp[13]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[8], b->dp[12]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[9], b->dp[11]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[10], b->dp[10]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[11], b->dp[9]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[12], b->dp[8]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[13], b->dp[7]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[14], b->dp[6]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[15], b->dp[5]);
- r->dp[20] = l;
- l = h;
- h = o;
- o = 0;
- SP_ASM_MUL_ADD(l, h, o, a->dp[6], b->dp[15]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[7], b->dp[14]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[8], b->dp[13]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[9], b->dp[12]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[10], b->dp[11]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[11], b->dp[10]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[12], b->dp[9]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[13], b->dp[8]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[14], b->dp[7]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[15], b->dp[6]);
- r->dp[21] = l;
- l = h;
- h = o;
- o = 0;
- SP_ASM_MUL_ADD(l, h, o, a->dp[7], b->dp[15]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[8], b->dp[14]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[9], b->dp[13]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[10], b->dp[12]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[11], b->dp[11]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[12], b->dp[10]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[13], b->dp[9]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[14], b->dp[8]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[15], b->dp[7]);
- r->dp[22] = l;
- l = h;
- h = o;
- o = 0;
- SP_ASM_MUL_ADD(l, h, o, a->dp[8], b->dp[15]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[9], b->dp[14]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[10], b->dp[13]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[11], b->dp[12]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[12], b->dp[11]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[13], b->dp[10]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[14], b->dp[9]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[15], b->dp[8]);
- r->dp[23] = l;
- l = h;
- h = o;
- o = 0;
- SP_ASM_MUL_ADD(l, h, o, a->dp[9], b->dp[15]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[10], b->dp[14]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[11], b->dp[13]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[12], b->dp[12]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[13], b->dp[11]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[14], b->dp[10]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[15], b->dp[9]);
- r->dp[24] = l;
- l = h;
- h = o;
- o = 0;
- SP_ASM_MUL_ADD(l, h, o, a->dp[10], b->dp[15]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[11], b->dp[14]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[12], b->dp[13]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[13], b->dp[12]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[14], b->dp[11]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[15], b->dp[10]);
- r->dp[25] = l;
- l = h;
- h = o;
- o = 0;
- SP_ASM_MUL_ADD(l, h, o, a->dp[11], b->dp[15]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[12], b->dp[14]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[13], b->dp[13]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[14], b->dp[12]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[15], b->dp[11]);
- r->dp[26] = l;
- l = h;
- h = o;
- o = 0;
- SP_ASM_MUL_ADD(l, h, o, a->dp[12], b->dp[15]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[13], b->dp[14]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[14], b->dp[13]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[15], b->dp[12]);
- r->dp[27] = l;
- l = h;
- h = o;
- o = 0;
- SP_ASM_MUL_ADD(l, h, o, a->dp[13], b->dp[15]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[14], b->dp[14]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[15], b->dp[13]);
- r->dp[28] = l;
- l = h;
- h = o;
- o = 0;
- SP_ASM_MUL_ADD(l, h, o, a->dp[14], b->dp[15]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[15], b->dp[14]);
- r->dp[29] = l;
- l = h;
- h = o;
- SP_ASM_MUL_ADD_NO(l, h, a->dp[15], b->dp[15]);
- r->dp[30] = l;
- r->dp[31] = h;
- XMEMCPY(r->dp, t, 16 * sizeof(sp_int_digit));
- r->used = 32;
- sp_clamp(r);
- }
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (t != NULL) {
- XFREE(t, NULL, DYNAMIC_TYPE_BIGINT);
- }
- #endif
- return err;
- }
- #endif /* SP_INT_DIGITS >= 32 */
- #if SP_INT_DIGITS >= 48
- /* Multiply a by b and store in r: r = a * b
- *
- * @param [in] a SP integer to multiply.
- * @param [in] b SP integer to multiply.
- * @param [out] r SP integer result.
- *
- * @return MP_OKAY on success.
- * @return MP_MEM when dynamic memory allocation fails.
- */
- static int _sp_mul_24(sp_int* a, sp_int* b, sp_int* r)
- {
- int err = MP_OKAY;
- sp_int_digit l = 0;
- sp_int_digit h = 0;
- sp_int_digit o = 0;
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
- sp_int_digit* t = NULL;
- #else
- sp_int_digit t[24];
- #endif
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
- t = (sp_int_digit*)XMALLOC(sizeof(sp_int_digit) * 24, NULL,
- DYNAMIC_TYPE_BIGINT);
- if (t == NULL) {
- err = MP_MEM;
- }
- #endif
- if (err == MP_OKAY) {
- SP_ASM_MUL(h, l, a->dp[0], b->dp[0]);
- t[0] = h;
- h = 0;
- SP_ASM_MUL_ADD_NO(l, h, a->dp[0], b->dp[1]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[1], b->dp[0]);
- t[1] = l;
- l = h;
- h = o;
- o = 0;
- SP_ASM_MUL_ADD_NO(l, h, a->dp[0], b->dp[2]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[1], b->dp[1]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[2], b->dp[0]);
- t[2] = l;
- l = h;
- h = o;
- o = 0;
- SP_ASM_MUL_ADD(l, h, o, a->dp[0], b->dp[3]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[1], b->dp[2]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[2], b->dp[1]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[3], b->dp[0]);
- t[3] = l;
- l = h;
- h = o;
- o = 0;
- SP_ASM_MUL_ADD(l, h, o, a->dp[0], b->dp[4]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[1], b->dp[3]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[2], b->dp[2]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[3], b->dp[1]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[4], b->dp[0]);
- t[4] = l;
- l = h;
- h = o;
- o = 0;
- SP_ASM_MUL_ADD(l, h, o, a->dp[0], b->dp[5]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[1], b->dp[4]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[2], b->dp[3]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[3], b->dp[2]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[4], b->dp[1]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[5], b->dp[0]);
- t[5] = l;
- l = h;
- h = o;
- o = 0;
- SP_ASM_MUL_ADD(l, h, o, a->dp[0], b->dp[6]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[1], b->dp[5]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[2], b->dp[4]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[3], b->dp[3]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[4], b->dp[2]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[5], b->dp[1]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[6], b->dp[0]);
- t[6] = l;
- l = h;
- h = o;
- o = 0;
- SP_ASM_MUL_ADD(l, h, o, a->dp[0], b->dp[7]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[1], b->dp[6]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[2], b->dp[5]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[3], b->dp[4]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[4], b->dp[3]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[5], b->dp[2]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[6], b->dp[1]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[7], b->dp[0]);
- t[7] = l;
- l = h;
- h = o;
- o = 0;
- SP_ASM_MUL_ADD(l, h, o, a->dp[0], b->dp[8]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[1], b->dp[7]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[2], b->dp[6]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[3], b->dp[5]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[4], b->dp[4]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[5], b->dp[3]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[6], b->dp[2]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[7], b->dp[1]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[8], b->dp[0]);
- t[8] = l;
- l = h;
- h = o;
- o = 0;
- SP_ASM_MUL_ADD(l, h, o, a->dp[0], b->dp[9]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[1], b->dp[8]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[2], b->dp[7]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[3], b->dp[6]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[4], b->dp[5]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[5], b->dp[4]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[6], b->dp[3]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[7], b->dp[2]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[8], b->dp[1]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[9], b->dp[0]);
- t[9] = l;
- l = h;
- h = o;
- o = 0;
- SP_ASM_MUL_ADD(l, h, o, a->dp[0], b->dp[10]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[1], b->dp[9]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[2], b->dp[8]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[3], b->dp[7]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[4], b->dp[6]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[5], b->dp[5]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[6], b->dp[4]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[7], b->dp[3]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[8], b->dp[2]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[9], b->dp[1]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[10], b->dp[0]);
- t[10] = l;
- l = h;
- h = o;
- o = 0;
- SP_ASM_MUL_ADD(l, h, o, a->dp[0], b->dp[11]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[1], b->dp[10]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[2], b->dp[9]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[3], b->dp[8]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[4], b->dp[7]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[5], b->dp[6]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[6], b->dp[5]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[7], b->dp[4]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[8], b->dp[3]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[9], b->dp[2]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[10], b->dp[1]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[11], b->dp[0]);
- t[11] = l;
- l = h;
- h = o;
- o = 0;
- SP_ASM_MUL_ADD(l, h, o, a->dp[0], b->dp[12]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[1], b->dp[11]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[2], b->dp[10]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[3], b->dp[9]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[4], b->dp[8]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[5], b->dp[7]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[6], b->dp[6]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[7], b->dp[5]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[8], b->dp[4]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[9], b->dp[3]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[10], b->dp[2]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[11], b->dp[1]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[12], b->dp[0]);
- t[12] = l;
- l = h;
- h = o;
- o = 0;
- SP_ASM_MUL_ADD(l, h, o, a->dp[0], b->dp[13]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[1], b->dp[12]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[2], b->dp[11]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[3], b->dp[10]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[4], b->dp[9]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[5], b->dp[8]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[6], b->dp[7]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[7], b->dp[6]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[8], b->dp[5]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[9], b->dp[4]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[10], b->dp[3]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[11], b->dp[2]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[12], b->dp[1]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[13], b->dp[0]);
- t[13] = l;
- l = h;
- h = o;
- o = 0;
- SP_ASM_MUL_ADD(l, h, o, a->dp[0], b->dp[14]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[1], b->dp[13]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[2], b->dp[12]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[3], b->dp[11]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[4], b->dp[10]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[5], b->dp[9]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[6], b->dp[8]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[7], b->dp[7]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[8], b->dp[6]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[9], b->dp[5]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[10], b->dp[4]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[11], b->dp[3]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[12], b->dp[2]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[13], b->dp[1]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[14], b->dp[0]);
- t[14] = l;
- l = h;
- h = o;
- o = 0;
- SP_ASM_MUL_ADD(l, h, o, a->dp[0], b->dp[15]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[1], b->dp[14]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[2], b->dp[13]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[3], b->dp[12]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[4], b->dp[11]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[5], b->dp[10]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[6], b->dp[9]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[7], b->dp[8]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[8], b->dp[7]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[9], b->dp[6]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[10], b->dp[5]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[11], b->dp[4]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[12], b->dp[3]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[13], b->dp[2]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[14], b->dp[1]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[15], b->dp[0]);
- t[15] = l;
- l = h;
- h = o;
- o = 0;
- SP_ASM_MUL_ADD(l, h, o, a->dp[0], b->dp[16]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[1], b->dp[15]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[2], b->dp[14]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[3], b->dp[13]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[4], b->dp[12]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[5], b->dp[11]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[6], b->dp[10]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[7], b->dp[9]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[8], b->dp[8]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[9], b->dp[7]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[10], b->dp[6]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[11], b->dp[5]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[12], b->dp[4]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[13], b->dp[3]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[14], b->dp[2]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[15], b->dp[1]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[16], b->dp[0]);
- t[16] = l;
- l = h;
- h = o;
- o = 0;
- SP_ASM_MUL_ADD(l, h, o, a->dp[0], b->dp[17]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[1], b->dp[16]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[2], b->dp[15]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[3], b->dp[14]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[4], b->dp[13]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[5], b->dp[12]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[6], b->dp[11]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[7], b->dp[10]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[8], b->dp[9]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[9], b->dp[8]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[10], b->dp[7]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[11], b->dp[6]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[12], b->dp[5]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[13], b->dp[4]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[14], b->dp[3]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[15], b->dp[2]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[16], b->dp[1]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[17], b->dp[0]);
- t[17] = l;
- l = h;
- h = o;
- o = 0;
- SP_ASM_MUL_ADD(l, h, o, a->dp[0], b->dp[18]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[1], b->dp[17]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[2], b->dp[16]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[3], b->dp[15]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[4], b->dp[14]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[5], b->dp[13]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[6], b->dp[12]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[7], b->dp[11]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[8], b->dp[10]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[9], b->dp[9]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[10], b->dp[8]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[11], b->dp[7]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[12], b->dp[6]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[13], b->dp[5]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[14], b->dp[4]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[15], b->dp[3]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[16], b->dp[2]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[17], b->dp[1]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[18], b->dp[0]);
- t[18] = l;
- l = h;
- h = o;
- o = 0;
- SP_ASM_MUL_ADD(l, h, o, a->dp[0], b->dp[19]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[1], b->dp[18]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[2], b->dp[17]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[3], b->dp[16]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[4], b->dp[15]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[5], b->dp[14]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[6], b->dp[13]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[7], b->dp[12]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[8], b->dp[11]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[9], b->dp[10]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[10], b->dp[9]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[11], b->dp[8]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[12], b->dp[7]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[13], b->dp[6]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[14], b->dp[5]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[15], b->dp[4]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[16], b->dp[3]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[17], b->dp[2]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[18], b->dp[1]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[19], b->dp[0]);
- t[19] = l;
- l = h;
- h = o;
- o = 0;
- SP_ASM_MUL_ADD(l, h, o, a->dp[0], b->dp[20]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[1], b->dp[19]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[2], b->dp[18]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[3], b->dp[17]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[4], b->dp[16]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[5], b->dp[15]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[6], b->dp[14]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[7], b->dp[13]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[8], b->dp[12]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[9], b->dp[11]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[10], b->dp[10]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[11], b->dp[9]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[12], b->dp[8]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[13], b->dp[7]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[14], b->dp[6]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[15], b->dp[5]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[16], b->dp[4]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[17], b->dp[3]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[18], b->dp[2]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[19], b->dp[1]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[20], b->dp[0]);
- t[20] = l;
- l = h;
- h = o;
- o = 0;
- SP_ASM_MUL_ADD(l, h, o, a->dp[0], b->dp[21]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[1], b->dp[20]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[2], b->dp[19]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[3], b->dp[18]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[4], b->dp[17]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[5], b->dp[16]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[6], b->dp[15]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[7], b->dp[14]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[8], b->dp[13]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[9], b->dp[12]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[10], b->dp[11]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[11], b->dp[10]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[12], b->dp[9]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[13], b->dp[8]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[14], b->dp[7]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[15], b->dp[6]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[16], b->dp[5]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[17], b->dp[4]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[18], b->dp[3]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[19], b->dp[2]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[20], b->dp[1]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[21], b->dp[0]);
- t[21] = l;
- l = h;
- h = o;
- o = 0;
- SP_ASM_MUL_ADD(l, h, o, a->dp[0], b->dp[22]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[1], b->dp[21]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[2], b->dp[20]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[3], b->dp[19]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[4], b->dp[18]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[5], b->dp[17]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[6], b->dp[16]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[7], b->dp[15]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[8], b->dp[14]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[9], b->dp[13]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[10], b->dp[12]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[11], b->dp[11]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[12], b->dp[10]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[13], b->dp[9]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[14], b->dp[8]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[15], b->dp[7]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[16], b->dp[6]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[17], b->dp[5]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[18], b->dp[4]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[19], b->dp[3]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[20], b->dp[2]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[21], b->dp[1]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[22], b->dp[0]);
- t[22] = l;
- l = h;
- h = o;
- o = 0;
- SP_ASM_MUL_ADD(l, h, o, a->dp[0], b->dp[23]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[1], b->dp[22]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[2], b->dp[21]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[3], b->dp[20]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[4], b->dp[19]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[5], b->dp[18]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[6], b->dp[17]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[7], b->dp[16]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[8], b->dp[15]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[9], b->dp[14]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[10], b->dp[13]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[11], b->dp[12]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[12], b->dp[11]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[13], b->dp[10]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[14], b->dp[9]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[15], b->dp[8]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[16], b->dp[7]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[17], b->dp[6]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[18], b->dp[5]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[19], b->dp[4]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[20], b->dp[3]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[21], b->dp[2]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[22], b->dp[1]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[23], b->dp[0]);
- t[23] = l;
- l = h;
- h = o;
- o = 0;
- SP_ASM_MUL_ADD(l, h, o, a->dp[1], b->dp[23]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[2], b->dp[22]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[3], b->dp[21]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[4], b->dp[20]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[5], b->dp[19]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[6], b->dp[18]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[7], b->dp[17]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[8], b->dp[16]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[9], b->dp[15]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[10], b->dp[14]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[11], b->dp[13]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[12], b->dp[12]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[13], b->dp[11]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[14], b->dp[10]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[15], b->dp[9]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[16], b->dp[8]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[17], b->dp[7]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[18], b->dp[6]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[19], b->dp[5]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[20], b->dp[4]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[21], b->dp[3]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[22], b->dp[2]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[23], b->dp[1]);
- r->dp[24] = l;
- l = h;
- h = o;
- o = 0;
- SP_ASM_MUL_ADD(l, h, o, a->dp[2], b->dp[23]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[3], b->dp[22]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[4], b->dp[21]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[5], b->dp[20]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[6], b->dp[19]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[7], b->dp[18]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[8], b->dp[17]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[9], b->dp[16]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[10], b->dp[15]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[11], b->dp[14]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[12], b->dp[13]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[13], b->dp[12]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[14], b->dp[11]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[15], b->dp[10]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[16], b->dp[9]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[17], b->dp[8]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[18], b->dp[7]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[19], b->dp[6]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[20], b->dp[5]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[21], b->dp[4]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[22], b->dp[3]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[23], b->dp[2]);
- r->dp[25] = l;
- l = h;
- h = o;
- o = 0;
- SP_ASM_MUL_ADD(l, h, o, a->dp[3], b->dp[23]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[4], b->dp[22]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[5], b->dp[21]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[6], b->dp[20]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[7], b->dp[19]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[8], b->dp[18]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[9], b->dp[17]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[10], b->dp[16]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[11], b->dp[15]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[12], b->dp[14]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[13], b->dp[13]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[14], b->dp[12]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[15], b->dp[11]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[16], b->dp[10]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[17], b->dp[9]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[18], b->dp[8]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[19], b->dp[7]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[20], b->dp[6]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[21], b->dp[5]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[22], b->dp[4]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[23], b->dp[3]);
- r->dp[26] = l;
- l = h;
- h = o;
- o = 0;
- SP_ASM_MUL_ADD(l, h, o, a->dp[4], b->dp[23]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[5], b->dp[22]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[6], b->dp[21]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[7], b->dp[20]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[8], b->dp[19]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[9], b->dp[18]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[10], b->dp[17]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[11], b->dp[16]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[12], b->dp[15]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[13], b->dp[14]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[14], b->dp[13]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[15], b->dp[12]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[16], b->dp[11]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[17], b->dp[10]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[18], b->dp[9]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[19], b->dp[8]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[20], b->dp[7]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[21], b->dp[6]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[22], b->dp[5]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[23], b->dp[4]);
- r->dp[27] = l;
- l = h;
- h = o;
- o = 0;
- SP_ASM_MUL_ADD(l, h, o, a->dp[5], b->dp[23]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[6], b->dp[22]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[7], b->dp[21]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[8], b->dp[20]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[9], b->dp[19]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[10], b->dp[18]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[11], b->dp[17]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[12], b->dp[16]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[13], b->dp[15]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[14], b->dp[14]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[15], b->dp[13]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[16], b->dp[12]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[17], b->dp[11]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[18], b->dp[10]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[19], b->dp[9]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[20], b->dp[8]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[21], b->dp[7]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[22], b->dp[6]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[23], b->dp[5]);
- r->dp[28] = l;
- l = h;
- h = o;
- o = 0;
- SP_ASM_MUL_ADD(l, h, o, a->dp[6], b->dp[23]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[7], b->dp[22]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[8], b->dp[21]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[9], b->dp[20]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[10], b->dp[19]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[11], b->dp[18]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[12], b->dp[17]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[13], b->dp[16]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[14], b->dp[15]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[15], b->dp[14]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[16], b->dp[13]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[17], b->dp[12]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[18], b->dp[11]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[19], b->dp[10]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[20], b->dp[9]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[21], b->dp[8]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[22], b->dp[7]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[23], b->dp[6]);
- r->dp[29] = l;
- l = h;
- h = o;
- o = 0;
- SP_ASM_MUL_ADD(l, h, o, a->dp[7], b->dp[23]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[8], b->dp[22]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[9], b->dp[21]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[10], b->dp[20]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[11], b->dp[19]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[12], b->dp[18]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[13], b->dp[17]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[14], b->dp[16]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[15], b->dp[15]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[16], b->dp[14]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[17], b->dp[13]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[18], b->dp[12]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[19], b->dp[11]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[20], b->dp[10]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[21], b->dp[9]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[22], b->dp[8]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[23], b->dp[7]);
- r->dp[30] = l;
- l = h;
- h = o;
- o = 0;
- SP_ASM_MUL_ADD(l, h, o, a->dp[8], b->dp[23]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[9], b->dp[22]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[10], b->dp[21]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[11], b->dp[20]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[12], b->dp[19]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[13], b->dp[18]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[14], b->dp[17]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[15], b->dp[16]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[16], b->dp[15]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[17], b->dp[14]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[18], b->dp[13]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[19], b->dp[12]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[20], b->dp[11]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[21], b->dp[10]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[22], b->dp[9]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[23], b->dp[8]);
- r->dp[31] = l;
- l = h;
- h = o;
- o = 0;
- SP_ASM_MUL_ADD(l, h, o, a->dp[9], b->dp[23]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[10], b->dp[22]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[11], b->dp[21]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[12], b->dp[20]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[13], b->dp[19]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[14], b->dp[18]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[15], b->dp[17]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[16], b->dp[16]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[17], b->dp[15]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[18], b->dp[14]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[19], b->dp[13]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[20], b->dp[12]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[21], b->dp[11]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[22], b->dp[10]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[23], b->dp[9]);
- r->dp[32] = l;
- l = h;
- h = o;
- o = 0;
- SP_ASM_MUL_ADD(l, h, o, a->dp[10], b->dp[23]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[11], b->dp[22]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[12], b->dp[21]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[13], b->dp[20]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[14], b->dp[19]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[15], b->dp[18]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[16], b->dp[17]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[17], b->dp[16]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[18], b->dp[15]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[19], b->dp[14]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[20], b->dp[13]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[21], b->dp[12]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[22], b->dp[11]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[23], b->dp[10]);
- r->dp[33] = l;
- l = h;
- h = o;
- o = 0;
- SP_ASM_MUL_ADD(l, h, o, a->dp[11], b->dp[23]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[12], b->dp[22]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[13], b->dp[21]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[14], b->dp[20]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[15], b->dp[19]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[16], b->dp[18]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[17], b->dp[17]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[18], b->dp[16]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[19], b->dp[15]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[20], b->dp[14]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[21], b->dp[13]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[22], b->dp[12]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[23], b->dp[11]);
- r->dp[34] = l;
- l = h;
- h = o;
- o = 0;
- SP_ASM_MUL_ADD(l, h, o, a->dp[12], b->dp[23]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[13], b->dp[22]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[14], b->dp[21]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[15], b->dp[20]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[16], b->dp[19]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[17], b->dp[18]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[18], b->dp[17]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[19], b->dp[16]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[20], b->dp[15]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[21], b->dp[14]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[22], b->dp[13]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[23], b->dp[12]);
- r->dp[35] = l;
- l = h;
- h = o;
- o = 0;
- SP_ASM_MUL_ADD(l, h, o, a->dp[13], b->dp[23]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[14], b->dp[22]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[15], b->dp[21]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[16], b->dp[20]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[17], b->dp[19]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[18], b->dp[18]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[19], b->dp[17]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[20], b->dp[16]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[21], b->dp[15]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[22], b->dp[14]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[23], b->dp[13]);
- r->dp[36] = l;
- l = h;
- h = o;
- o = 0;
- SP_ASM_MUL_ADD(l, h, o, a->dp[14], b->dp[23]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[15], b->dp[22]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[16], b->dp[21]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[17], b->dp[20]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[18], b->dp[19]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[19], b->dp[18]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[20], b->dp[17]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[21], b->dp[16]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[22], b->dp[15]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[23], b->dp[14]);
- r->dp[37] = l;
- l = h;
- h = o;
- o = 0;
- SP_ASM_MUL_ADD(l, h, o, a->dp[15], b->dp[23]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[16], b->dp[22]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[17], b->dp[21]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[18], b->dp[20]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[19], b->dp[19]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[20], b->dp[18]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[21], b->dp[17]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[22], b->dp[16]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[23], b->dp[15]);
- r->dp[38] = l;
- l = h;
- h = o;
- o = 0;
- SP_ASM_MUL_ADD(l, h, o, a->dp[16], b->dp[23]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[17], b->dp[22]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[18], b->dp[21]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[19], b->dp[20]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[20], b->dp[19]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[21], b->dp[18]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[22], b->dp[17]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[23], b->dp[16]);
- r->dp[39] = l;
- l = h;
- h = o;
- o = 0;
- SP_ASM_MUL_ADD(l, h, o, a->dp[17], b->dp[23]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[18], b->dp[22]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[19], b->dp[21]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[20], b->dp[20]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[21], b->dp[19]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[22], b->dp[18]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[23], b->dp[17]);
- r->dp[40] = l;
- l = h;
- h = o;
- o = 0;
- SP_ASM_MUL_ADD(l, h, o, a->dp[18], b->dp[23]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[19], b->dp[22]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[20], b->dp[21]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[21], b->dp[20]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[22], b->dp[19]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[23], b->dp[18]);
- r->dp[41] = l;
- l = h;
- h = o;
- o = 0;
- SP_ASM_MUL_ADD(l, h, o, a->dp[19], b->dp[23]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[20], b->dp[22]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[21], b->dp[21]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[22], b->dp[20]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[23], b->dp[19]);
- r->dp[42] = l;
- l = h;
- h = o;
- o = 0;
- SP_ASM_MUL_ADD(l, h, o, a->dp[20], b->dp[23]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[21], b->dp[22]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[22], b->dp[21]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[23], b->dp[20]);
- r->dp[43] = l;
- l = h;
- h = o;
- o = 0;
- SP_ASM_MUL_ADD(l, h, o, a->dp[21], b->dp[23]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[22], b->dp[22]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[23], b->dp[21]);
- r->dp[44] = l;
- l = h;
- h = o;
- o = 0;
- SP_ASM_MUL_ADD(l, h, o, a->dp[22], b->dp[23]);
- SP_ASM_MUL_ADD(l, h, o, a->dp[23], b->dp[22]);
- r->dp[45] = l;
- l = h;
- h = o;
- SP_ASM_MUL_ADD_NO(l, h, a->dp[23], b->dp[23]);
- r->dp[46] = l;
- r->dp[47] = h;
- XMEMCPY(r->dp, t, 24 * sizeof(sp_int_digit));
- r->used = 48;
- sp_clamp(r);
- }
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (t != NULL) {
- XFREE(t, NULL, DYNAMIC_TYPE_BIGINT);
- }
- #endif
- return err;
- }
- #endif /* SP_INT_DIGITS >= 48 */
- #if SP_INT_DIGITS >= 64
- /* Multiply a by b and store in r: r = a * b
- *
- * @param [in] a SP integer to multiply.
- * @param [in] b SP integer to multiply.
- * @param [out] r SP integer result.
- *
- * @return MP_OKAY on success.
- * @return MP_MEM when dynamic memory allocation fails.
- */
- static int _sp_mul_32(sp_int* a, sp_int* b, sp_int* r)
- {
- int err = MP_OKAY;
- int i;
- sp_int_digit l;
- sp_int_digit h;
- sp_int* a1;
- sp_int* b1;
- sp_int* z0;
- sp_int* z1;
- sp_int* z2;
- sp_int_digit ca;
- sp_int_digit cb;
- DECL_SP_INT_ARRAY(t, 16, 2);
- DECL_SP_INT_ARRAY(z, 33, 2);
- ALLOC_SP_INT_ARRAY(t, 16, 2, err, NULL);
- ALLOC_SP_INT_ARRAY(z, 33, 2, err, NULL);
- if (err == MP_OKAY) {
- a1 = t[0];
- b1 = t[1];
- z1 = z[0];
- z2 = z[1];
- z0 = r;
- XMEMCPY(a1->dp, &a->dp[16], sizeof(sp_int_digit) * 16);
- a1->used = 16;
- XMEMCPY(b1->dp, &b->dp[16], sizeof(sp_int_digit) * 16);
- b1->used = 16;
- /* z2 = a1 * b1 */
- err = _sp_mul_16(a1, b1, z2);
- }
- if (err == MP_OKAY) {
- l = a1->dp[0];
- h = 0;
- SP_ASM_ADDC(l, h, a->dp[0]);
- a1->dp[0] = l;
- l = h;
- h = 0;
- for (i = 1; i < 16; i++) {
- SP_ASM_ADDC(l, h, a1->dp[i]);
- SP_ASM_ADDC(l, h, a->dp[i]);
- a1->dp[i] = l;
- l = h;
- h = 0;
- }
- ca = l;
- /* b01 = b0 + b1 */
- l = b1->dp[0];
- h = 0;
- SP_ASM_ADDC(l, h, b->dp[0]);
- b1->dp[0] = l;
- l = h;
- h = 0;
- for (i = 1; i < 16; i++) {
- SP_ASM_ADDC(l, h, b1->dp[i]);
- SP_ASM_ADDC(l, h, b->dp[i]);
- b1->dp[i] = l;
- l = h;
- h = 0;
- }
- cb = l;
- /* z0 = a0 * b0 */
- err = _sp_mul_16(a, b, z0);
- }
- if (err == MP_OKAY) {
- /* z1 = (a0 + a1) * (b0 + b1) */
- err = _sp_mul_16(a1, b1, z1);
- }
- if (err == MP_OKAY) {
- /* r = (z2 << 32) + (z1 - z0 - z2) << 16) + z0 */
- /* r = z0 */
- /* r += (z1 - z0 - z2) << 16 */
- z1->dp[32] = ca & cb;
- l = 0;
- if (ca) {
- h = 0;
- for (i = 0; i < 16; i++) {
- SP_ASM_ADDC(l, h, z1->dp[i + 16]);
- SP_ASM_ADDC(l, h, b1->dp[i]);
- z1->dp[i + 16] = l;
- l = h;
- h = 0;
- }
- }
- z1->dp[32] += l;
- l = 0;
- if (cb) {
- h = 0;
- for (i = 0; i < 16; i++) {
- SP_ASM_ADDC(l, h, z1->dp[i + 16]);
- SP_ASM_ADDC(l, h, a1->dp[i]);
- z1->dp[i + 16] = l;
- l = h;
- h = 0;
- }
- }
- z1->dp[32] += l;
- /* z1 = z1 - z0 - z1 */
- l = 0;
- h = 0;
- for (i = 0; i < 32; i++) {
- l += z1->dp[i];
- SP_ASM_SUBC(l, h, z0->dp[i]);
- SP_ASM_SUBC(l, h, z2->dp[i]);
- z1->dp[i] = l;
- l = h;
- h = 0;
- }
- z1->dp[i] += l;
- /* r += z1 << 16 */
- l = 0;
- h = 0;
- for (i = 0; i < 16; i++) {
- SP_ASM_ADDC(l, h, r->dp[i + 16]);
- SP_ASM_ADDC(l, h, z1->dp[i]);
- r->dp[i + 16] = l;
- l = h;
- h = 0;
- }
- for (; i < 33; i++) {
- SP_ASM_ADDC(l, h, z1->dp[i]);
- r->dp[i + 16] = l;
- l = h;
- h = 0;
- }
- /* r += z2 << 32 */
- l = 0;
- h = 0;
- for (i = 0; i < 17; i++) {
- SP_ASM_ADDC(l, h, r->dp[i + 32]);
- SP_ASM_ADDC(l, h, z2->dp[i]);
- r->dp[i + 32] = l;
- l = h;
- h = 0;
- }
- for (; i < 32; i++) {
- SP_ASM_ADDC(l, h, z2->dp[i]);
- r->dp[i + 32] = l;
- l = h;
- h = 0;
- }
- r->used = 64;
- sp_clamp(r);
- }
- FREE_SP_INT_ARRAY(z, NULL);
- FREE_SP_INT_ARRAY(t, NULL);
- return err;
- }
- #endif /* SP_INT_DIGITS >= 64 */
- #if SP_INT_DIGITS >= 96
- /* Multiply a by b and store in r: r = a * b
- *
- * @param [in] a SP integer to multiply.
- * @param [in] b SP integer to multiply.
- * @param [out] r SP integer result.
- *
- * @return MP_OKAY on success.
- * @return MP_MEM when dynamic memory allocation fails.
- */
- static int _sp_mul_48(sp_int* a, sp_int* b, sp_int* r)
- {
- int err = MP_OKAY;
- int i;
- sp_int_digit l;
- sp_int_digit h;
- sp_int* a1;
- sp_int* b1;
- sp_int* z0;
- sp_int* z1;
- sp_int* z2;
- sp_int_digit ca;
- sp_int_digit cb;
- DECL_SP_INT_ARRAY(t, 24, 2);
- DECL_SP_INT_ARRAY(z, 49, 2);
- ALLOC_SP_INT_ARRAY(t, 24, 2, err, NULL);
- ALLOC_SP_INT_ARRAY(z, 49, 2, err, NULL);
- if (err == MP_OKAY) {
- a1 = t[0];
- b1 = t[1];
- z1 = z[0];
- z2 = z[1];
- z0 = r;
- XMEMCPY(a1->dp, &a->dp[24], sizeof(sp_int_digit) * 24);
- a1->used = 24;
- XMEMCPY(b1->dp, &b->dp[24], sizeof(sp_int_digit) * 24);
- b1->used = 24;
- /* z2 = a1 * b1 */
- err = _sp_mul_24(a1, b1, z2);
- }
- if (err == MP_OKAY) {
- l = a1->dp[0];
- h = 0;
- SP_ASM_ADDC(l, h, a->dp[0]);
- a1->dp[0] = l;
- l = h;
- h = 0;
- for (i = 1; i < 24; i++) {
- SP_ASM_ADDC(l, h, a1->dp[i]);
- SP_ASM_ADDC(l, h, a->dp[i]);
- a1->dp[i] = l;
- l = h;
- h = 0;
- }
- ca = l;
- /* b01 = b0 + b1 */
- l = b1->dp[0];
- h = 0;
- SP_ASM_ADDC(l, h, b->dp[0]);
- b1->dp[0] = l;
- l = h;
- h = 0;
- for (i = 1; i < 24; i++) {
- SP_ASM_ADDC(l, h, b1->dp[i]);
- SP_ASM_ADDC(l, h, b->dp[i]);
- b1->dp[i] = l;
- l = h;
- h = 0;
- }
- cb = l;
- /* z0 = a0 * b0 */
- err = _sp_mul_24(a, b, z0);
- }
- if (err == MP_OKAY) {
- /* z1 = (a0 + a1) * (b0 + b1) */
- err = _sp_mul_24(a1, b1, z1);
- }
- if (err == MP_OKAY) {
- /* r = (z2 << 48) + (z1 - z0 - z2) << 24) + z0 */
- /* r = z0 */
- /* r += (z1 - z0 - z2) << 24 */
- z1->dp[48] = ca & cb;
- l = 0;
- if (ca) {
- h = 0;
- for (i = 0; i < 24; i++) {
- SP_ASM_ADDC(l, h, z1->dp[i + 24]);
- SP_ASM_ADDC(l, h, b1->dp[i]);
- z1->dp[i + 24] = l;
- l = h;
- h = 0;
- }
- }
- z1->dp[48] += l;
- l = 0;
- if (cb) {
- h = 0;
- for (i = 0; i < 24; i++) {
- SP_ASM_ADDC(l, h, z1->dp[i + 24]);
- SP_ASM_ADDC(l, h, a1->dp[i]);
- z1->dp[i + 24] = l;
- l = h;
- h = 0;
- }
- }
- z1->dp[48] += l;
- /* z1 = z1 - z0 - z1 */
- l = 0;
- h = 0;
- for (i = 0; i < 48; i++) {
- l += z1->dp[i];
- SP_ASM_SUBC(l, h, z0->dp[i]);
- SP_ASM_SUBC(l, h, z2->dp[i]);
- z1->dp[i] = l;
- l = h;
- h = 0;
- }
- z1->dp[i] += l;
- /* r += z1 << 16 */
- l = 0;
- h = 0;
- for (i = 0; i < 24; i++) {
- SP_ASM_ADDC(l, h, r->dp[i + 24]);
- SP_ASM_ADDC(l, h, z1->dp[i]);
- r->dp[i + 24] = l;
- l = h;
- h = 0;
- }
- for (; i < 49; i++) {
- SP_ASM_ADDC(l, h, z1->dp[i]);
- r->dp[i + 24] = l;
- l = h;
- h = 0;
- }
- /* r += z2 << 48 */
- l = 0;
- h = 0;
- for (i = 0; i < 25; i++) {
- SP_ASM_ADDC(l, h, r->dp[i + 48]);
- SP_ASM_ADDC(l, h, z2->dp[i]);
- r->dp[i + 48] = l;
- l = h;
- h = 0;
- }
- for (; i < 48; i++) {
- SP_ASM_ADDC(l, h, z2->dp[i]);
- r->dp[i + 48] = l;
- l = h;
- h = 0;
- }
- r->used = 96;
- sp_clamp(r);
- }
- FREE_SP_INT_ARRAY(z, NULL);
- FREE_SP_INT_ARRAY(t, NULL);
- return err;
- }
- #endif /* SP_INT_DIGITS >= 96 */
- #if SP_INT_DIGITS >= 128
- /* Multiply a by b and store in r: r = a * b
- *
- * @param [in] a SP integer to multiply.
- * @param [in] b SP integer to multiply.
- * @param [out] r SP integer result.
- *
- * @return MP_OKAY on success.
- * @return MP_MEM when dynamic memory allocation fails.
- */
- static int _sp_mul_64(sp_int* a, sp_int* b, sp_int* r)
- {
- int err = MP_OKAY;
- int i;
- sp_int_digit l;
- sp_int_digit h;
- sp_int* a1;
- sp_int* b1;
- sp_int* z0;
- sp_int* z1;
- sp_int* z2;
- sp_int_digit ca;
- sp_int_digit cb;
- DECL_SP_INT_ARRAY(t, 32, 2);
- DECL_SP_INT_ARRAY(z, 65, 2);
- ALLOC_SP_INT_ARRAY(t, 32, 2, err, NULL);
- ALLOC_SP_INT_ARRAY(z, 65, 2, err, NULL);
- if (err == MP_OKAY) {
- a1 = t[0];
- b1 = t[1];
- z1 = z[0];
- z2 = z[1];
- z0 = r;
- XMEMCPY(a1->dp, &a->dp[32], sizeof(sp_int_digit) * 32);
- a1->used = 32;
- XMEMCPY(b1->dp, &b->dp[32], sizeof(sp_int_digit) * 32);
- b1->used = 32;
- /* z2 = a1 * b1 */
- err = _sp_mul_32(a1, b1, z2);
- }
- if (err == MP_OKAY) {
- l = a1->dp[0];
- h = 0;
- SP_ASM_ADDC(l, h, a->dp[0]);
- a1->dp[0] = l;
- l = h;
- h = 0;
- for (i = 1; i < 32; i++) {
- SP_ASM_ADDC(l, h, a1->dp[i]);
- SP_ASM_ADDC(l, h, a->dp[i]);
- a1->dp[i] = l;
- l = h;
- h = 0;
- }
- ca = l;
- /* b01 = b0 + b1 */
- l = b1->dp[0];
- h = 0;
- SP_ASM_ADDC(l, h, b->dp[0]);
- b1->dp[0] = l;
- l = h;
- h = 0;
- for (i = 1; i < 32; i++) {
- SP_ASM_ADDC(l, h, b1->dp[i]);
- SP_ASM_ADDC(l, h, b->dp[i]);
- b1->dp[i] = l;
- l = h;
- h = 0;
- }
- cb = l;
- /* z0 = a0 * b0 */
- err = _sp_mul_32(a, b, z0);
- }
- if (err == MP_OKAY) {
- /* z1 = (a0 + a1) * (b0 + b1) */
- err = _sp_mul_32(a1, b1, z1);
- }
- if (err == MP_OKAY) {
- /* r = (z2 << 64) + (z1 - z0 - z2) << 32) + z0 */
- /* r = z0 */
- /* r += (z1 - z0 - z2) << 32 */
- z1->dp[64] = ca & cb;
- l = 0;
- if (ca) {
- h = 0;
- for (i = 0; i < 32; i++) {
- SP_ASM_ADDC(l, h, z1->dp[i + 32]);
- SP_ASM_ADDC(l, h, b1->dp[i]);
- z1->dp[i + 32] = l;
- l = h;
- h = 0;
- }
- }
- z1->dp[64] += l;
- l = 0;
- if (cb) {
- h = 0;
- for (i = 0; i < 32; i++) {
- SP_ASM_ADDC(l, h, z1->dp[i + 32]);
- SP_ASM_ADDC(l, h, a1->dp[i]);
- z1->dp[i + 32] = l;
- l = h;
- h = 0;
- }
- }
- z1->dp[64] += l;
- /* z1 = z1 - z0 - z1 */
- l = 0;
- h = 0;
- for (i = 0; i < 64; i++) {
- l += z1->dp[i];
- SP_ASM_SUBC(l, h, z0->dp[i]);
- SP_ASM_SUBC(l, h, z2->dp[i]);
- z1->dp[i] = l;
- l = h;
- h = 0;
- }
- z1->dp[i] += l;
- /* r += z1 << 16 */
- l = 0;
- h = 0;
- for (i = 0; i < 32; i++) {
- SP_ASM_ADDC(l, h, r->dp[i + 32]);
- SP_ASM_ADDC(l, h, z1->dp[i]);
- r->dp[i + 32] = l;
- l = h;
- h = 0;
- }
- for (; i < 65; i++) {
- SP_ASM_ADDC(l, h, z1->dp[i]);
- r->dp[i + 32] = l;
- l = h;
- h = 0;
- }
- /* r += z2 << 64 */
- l = 0;
- h = 0;
- for (i = 0; i < 33; i++) {
- SP_ASM_ADDC(l, h, r->dp[i + 64]);
- SP_ASM_ADDC(l, h, z2->dp[i]);
- r->dp[i + 64] = l;
- l = h;
- h = 0;
- }
- for (; i < 64; i++) {
- SP_ASM_ADDC(l, h, z2->dp[i]);
- r->dp[i + 64] = l;
- l = h;
- h = 0;
- }
- r->used = 128;
- sp_clamp(r);
- }
- FREE_SP_INT_ARRAY(z, NULL);
- FREE_SP_INT_ARRAY(t, NULL);
- return err;
- }
- #endif /* SP_INT_DIGITS >= 128 */
- #if SP_INT_DIGITS >= 192
- /* Multiply a by b and store in r: r = a * b
- *
- * @param [in] a SP integer to multiply.
- * @param [in] b SP integer to multiply.
- * @param [out] r SP integer result.
- *
- * @return MP_OKAY on success.
- * @return MP_MEM when dynamic memory allocation fails.
- */
- static int _sp_mul_96(sp_int* a, sp_int* b, sp_int* r)
- {
- int err = MP_OKAY;
- int i;
- sp_int_digit l;
- sp_int_digit h;
- sp_int* a1;
- sp_int* b1;
- sp_int* z0;
- sp_int* z1;
- sp_int* z2;
- sp_int_digit ca;
- sp_int_digit cb;
- DECL_SP_INT_ARRAY(t, 48, 2);
- DECL_SP_INT_ARRAY(z, 97, 2);
- ALLOC_SP_INT_ARRAY(t, 48, 2, err, NULL);
- ALLOC_SP_INT_ARRAY(z, 97, 2, err, NULL);
- if (err == MP_OKAY) {
- a1 = t[0];
- b1 = t[1];
- z1 = z[0];
- z2 = z[1];
- z0 = r;
- XMEMCPY(a1->dp, &a->dp[48], sizeof(sp_int_digit) * 48);
- a1->used = 48;
- XMEMCPY(b1->dp, &b->dp[48], sizeof(sp_int_digit) * 48);
- b1->used = 48;
- /* z2 = a1 * b1 */
- err = _sp_mul_48(a1, b1, z2);
- }
- if (err == MP_OKAY) {
- l = a1->dp[0];
- h = 0;
- SP_ASM_ADDC(l, h, a->dp[0]);
- a1->dp[0] = l;
- l = h;
- h = 0;
- for (i = 1; i < 48; i++) {
- SP_ASM_ADDC(l, h, a1->dp[i]);
- SP_ASM_ADDC(l, h, a->dp[i]);
- a1->dp[i] = l;
- l = h;
- h = 0;
- }
- ca = l;
- /* b01 = b0 + b1 */
- l = b1->dp[0];
- h = 0;
- SP_ASM_ADDC(l, h, b->dp[0]);
- b1->dp[0] = l;
- l = h;
- h = 0;
- for (i = 1; i < 48; i++) {
- SP_ASM_ADDC(l, h, b1->dp[i]);
- SP_ASM_ADDC(l, h, b->dp[i]);
- b1->dp[i] = l;
- l = h;
- h = 0;
- }
- cb = l;
- /* z0 = a0 * b0 */
- err = _sp_mul_48(a, b, z0);
- }
- if (err == MP_OKAY) {
- /* z1 = (a0 + a1) * (b0 + b1) */
- err = _sp_mul_48(a1, b1, z1);
- }
- if (err == MP_OKAY) {
- /* r = (z2 << 96) + (z1 - z0 - z2) << 48) + z0 */
- /* r = z0 */
- /* r += (z1 - z0 - z2) << 48 */
- z1->dp[96] = ca & cb;
- l = 0;
- if (ca) {
- h = 0;
- for (i = 0; i < 48; i++) {
- SP_ASM_ADDC(l, h, z1->dp[i + 48]);
- SP_ASM_ADDC(l, h, b1->dp[i]);
- z1->dp[i + 48] = l;
- l = h;
- h = 0;
- }
- }
- z1->dp[96] += l;
- l = 0;
- if (cb) {
- h = 0;
- for (i = 0; i < 48; i++) {
- SP_ASM_ADDC(l, h, z1->dp[i + 48]);
- SP_ASM_ADDC(l, h, a1->dp[i]);
- z1->dp[i + 48] = l;
- l = h;
- h = 0;
- }
- }
- z1->dp[96] += l;
- /* z1 = z1 - z0 - z1 */
- l = 0;
- h = 0;
- for (i = 0; i < 96; i++) {
- l += z1->dp[i];
- SP_ASM_SUBC(l, h, z0->dp[i]);
- SP_ASM_SUBC(l, h, z2->dp[i]);
- z1->dp[i] = l;
- l = h;
- h = 0;
- }
- z1->dp[i] += l;
- /* r += z1 << 16 */
- l = 0;
- h = 0;
- for (i = 0; i < 48; i++) {
- SP_ASM_ADDC(l, h, r->dp[i + 48]);
- SP_ASM_ADDC(l, h, z1->dp[i]);
- r->dp[i + 48] = l;
- l = h;
- h = 0;
- }
- for (; i < 97; i++) {
- SP_ASM_ADDC(l, h, z1->dp[i]);
- r->dp[i + 48] = l;
- l = h;
- h = 0;
- }
- /* r += z2 << 96 */
- l = 0;
- h = 0;
- for (i = 0; i < 49; i++) {
- SP_ASM_ADDC(l, h, r->dp[i + 96]);
- SP_ASM_ADDC(l, h, z2->dp[i]);
- r->dp[i + 96] = l;
- l = h;
- h = 0;
- }
- for (; i < 96; i++) {
- SP_ASM_ADDC(l, h, z2->dp[i]);
- r->dp[i + 96] = l;
- l = h;
- h = 0;
- }
- r->used = 192;
- sp_clamp(r);
- }
- FREE_SP_INT_ARRAY(z, NULL);
- FREE_SP_INT_ARRAY(t, NULL);
- return err;
- }
- #endif /* SP_INT_DIGITS >= 192 */
- #endif /* SQR_MUL_ASM && WOLFSSL_SP_INT_LARGE_COMBA */
- #endif /* !WOLFSSL_SP_SMALL */
- /* Multiply a by b and store in r: r = a * b
- *
- * @param [in] a SP integer to multiply.
- * @param [in] b SP integer to multiply.
- * @param [out] r SP integer result.
- *
- * @return MP_OKAY on success.
- * @return MP_VAL when a, b or is NULL; or the result will be too big for fixed
- * data length.
- * @return MP_MEM when dynamic memory allocation fails.
- */
- int sp_mul(sp_int* a, sp_int* b, sp_int* r)
- {
- int err = MP_OKAY;
- #ifdef WOLFSSL_SP_INT_NEGATIVE
- int sign;
- #endif
- if ((a == NULL) || (b == NULL) || (r == NULL)) {
- err = MP_VAL;
- }
- /* Need extra digit during calculation. */
- if ((err == MP_OKAY) && (a->used + b->used > r->size)) {
- err = MP_VAL;
- }
- if (0 && (err == MP_OKAY)) {
- sp_print(a, "a");
- sp_print(b, "b");
- }
- if (err == MP_OKAY) {
- #ifdef WOLFSSL_SP_INT_NEGATIVE
- sign = a->sign ^ b->sign;
- #endif
- if ((a->used == 0) || (b->used == 0)) {
- _sp_zero(r);
- }
- else
- #ifndef WOLFSSL_SP_SMALL
- #if !defined(WOLFSSL_HAVE_SP_ECC) && defined(HAVE_ECC)
- #if SP_WORD_SIZE == 64
- if ((a->used == 4) && (b->used == 4)) {
- err = _sp_mul_4(a, b, r);
- }
- else
- #endif /* SP_WORD_SIZE == 64 */
- #if SP_WORD_SIZE == 64
- #ifdef SQR_MUL_ASM
- if ((a->used == 6) && (b->used == 6)) {
- err = _sp_mul_6(a, b, r);
- }
- else
- #endif /* SQR_MUL_ASM */
- #endif /* SP_WORD_SIZE == 64 */
- #if SP_WORD_SIZE == 32
- #ifdef SQR_MUL_ASM
- if ((a->used == 8) && (b->used == 8)) {
- err = _sp_mul_8(a, b, r);
- }
- else
- #endif /* SQR_MUL_ASM */
- #endif /* SP_WORD_SIZE == 32 */
- #if SP_WORD_SIZE == 32
- #ifdef SQR_MUL_ASM
- if ((a->used == 12) && (b->used == 12)) {
- err = _sp_mul_12(a, b, r);
- }
- else
- #endif /* SQR_MUL_ASM */
- #endif /* SP_WORD_SIZE == 32 */
- #endif /* !WOLFSSL_HAVE_SP_ECC && HAVE_ECC */
- #if defined(SQR_MUL_ASM) && defined(WOLFSSL_SP_INT_LARGE_COMBA)
- #if SP_INT_DIGITS >= 32
- if ((a->used == 16) && (b->used == 16)) {
- err = _sp_mul_16(a, b, r);
- }
- else
- #endif /* SP_INT_DIGITS >= 32 */
- #if SP_INT_DIGITS >= 48
- if ((a->used == 24) && (b->used == 24)) {
- err = _sp_mul_24(a, b, r);
- }
- else
- #endif /* SP_INT_DIGITS >= 48 */
- #if SP_INT_DIGITS >= 64
- if ((a->used == 32) && (b->used == 32)) {
- err = _sp_mul_32(a, b, r);
- }
- else
- #endif /* SP_INT_DIGITS >= 64 */
- #if SP_INT_DIGITS >= 96
- if ((a->used == 48) && (b->used == 48)) {
- err = _sp_mul_48(a, b, r);
- }
- else
- #endif /* SP_INT_DIGITS >= 96 */
- #if SP_INT_DIGITS >= 128
- if ((a->used == 64) && (b->used == 64)) {
- err = _sp_mul_64(a, b, r);
- }
- else
- #endif /* SP_INT_DIGITS >= 128 */
- #if SP_INT_DIGITS >= 192
- if ((a->used == 96) && (b->used == 96)) {
- err = _sp_mul_96(a, b, r);
- }
- else
- #endif /* SP_INT_DIGITS >= 192 */
- #endif /* SQR_MUL_ASM && WOLFSSL_SP_INT_LARGE_COMBA */
- #endif /* !WOLFSSL_SP_SMALL */
- #ifdef SQR_MUL_ASM
- if (a->used == b->used) {
- err = _sp_mul_nxn(a, b, r);
- }
- else
- #endif
- {
- err = _sp_mul(a, b, r);
- }
- }
- #ifdef WOLFSSL_SP_INT_NEGATIVE
- if (err == MP_OKAY) {
- r->sign = (r->used == 0) ? MP_ZPOS : sign;
- }
- #endif
- if (0 && (err == MP_OKAY)) {
- sp_print(r, "rmul");
- }
- return err;
- }
- /* END SP_MUL implementations. */
- #if defined(WOLFSSL_SP_MATH_ALL) || defined(WOLFSSL_HAVE_SP_DH)
- /* Multiply a by b mod m and store in r: r = (a * b) mod m
- *
- * @param [in] a SP integer to multiply.
- * @param [in] b SP integer to multiply.
- * @param [in] m SP integer that is the modulus.
- * @param [out] r SP integer result.
- *
- * @return MP_OKAY on success.
- * @return MP_VAL when a, b, m or r is NULL; m is 0; or a * b is too big for
- * fixed data length.
- * @return MP_MEM when dynamic memory allocation fails.
- */
- int sp_mulmod(sp_int* a, sp_int* b, sp_int* m, sp_int* r)
- {
- int err = MP_OKAY;
- DECL_SP_INT(t, ((a == NULL) || (b == NULL)) ? 1 : a->used + b->used);
- if ((a == NULL) || (b == NULL) || (m == NULL) || (r == NULL)) {
- err = MP_VAL;
- }
- if ((err == MP_OKAY) && (a->used + b->used > r->size)) {
- err = MP_VAL;
- }
- ALLOC_SP_INT(t, a->used + b->used, err, NULL);
- if (err == MP_OKAY) {
- err = sp_init_size(t, a->used + b->used);
- }
- if (err == MP_OKAY) {
- err = sp_mul(a, b, t);
- }
- if (err == MP_OKAY) {
- err = sp_mod(t, m, r);
- }
- FREE_SP_INT(t, NULL);
- return err;
- }
- #endif
- #if defined(HAVE_ECC) || !defined(NO_DSA) || defined(OPENSSL_EXTRA) || \
- (!defined(NO_RSA) && !defined(WOLFSSL_RSA_VERIFY_ONLY) && \
- !defined(WOLFSSL_RSA_PUBLIC_ONLY))
- /* Calculates the multiplicative inverse in the field.
- *
- * @param [in] a SP integer to find inverse of.
- * @param [in] m SP integer this is the modulus.
- * @param [out] r SP integer to hold result.
- *
- * @return MP_OKAY on success.
- * @return MP_VAL when a, m or r is NULL; a or m is zero; a and m are even or
- * m is negative.
- * @return MP_MEM when dynamic memory allocation fails.
- */
- int sp_invmod(sp_int* a, sp_int* m, sp_int* r)
- {
- int err = MP_OKAY;
- sp_int* u;
- sp_int* v;
- sp_int* b;
- sp_int* c;
- int used = ((m == NULL) || (a == NULL)) ? 1 :
- ((m->used >= a->used) ? m->used + 1 : a->used + 1);
- DECL_SP_INT_ARRAY(t, used, 4);
- if ((a == NULL) || (m == NULL) || (r == NULL)) {
- err = MP_VAL;
- }
- #ifdef WOLFSSL_SP_INT_NEGATIVE
- if ((err == MP_OKAY) && (m->sign == MP_NEG)) {
- err = MP_VAL;
- }
- #endif
- ALLOC_SP_INT_ARRAY(t, (m == NULL) ? 0 : m->used + 1, 4, err, NULL);
- if (err == MP_OKAY) {
- u = t[0];
- v = t[1];
- b = t[2];
- c = t[3];
- sp_init_size(v, used + 1);
- if (_sp_cmp_abs(a, m) != MP_LT) {
- err = sp_mod(a, m, v);
- a = v;
- }
- }
- #ifdef WOLFSSL_SP_INT_NEGATIVE
- if ((err == MP_OKAY) && (a->sign == MP_NEG)) {
- /* Make 'a' positive */
- err = sp_add(m, a, v);
- a = v;
- }
- #endif
- /* 0 != n*m + 1 (+ve m), r*a mod 0 is always 0 (never 1) */
- if ((err == MP_OKAY) && (sp_iszero(a) || sp_iszero(m))) {
- err = MP_VAL;
- }
- /* r*2*x != n*2*y + 1 for integer x,y */
- if ((err == MP_OKAY) && sp_iseven(a) && sp_iseven(m)) {
- err = MP_VAL;
- }
- /* 1*1 = 0*m + 1 */
- if ((err == MP_OKAY) && sp_isone(a)) {
- sp_set(r, 1);
- }
- else if (err != MP_OKAY) {
- }
- else if (sp_iseven(m)) {
- /* a^-1 mod m = m + (1 - m*(m^-1 % a)) / a
- * = m - (m*(m^-1 % a) - 1) / a
- */
- err = sp_invmod(m, a, r);
- if (err == MP_OKAY) {
- err = sp_mul(r, m, r);
- }
- if (err == MP_OKAY) {
- _sp_sub_d(r, 1, r);
- err = sp_div(r, a, r, NULL);
- if (err == MP_OKAY) {
- sp_sub(m, r, r);
- }
- }
- }
- else {
- sp_init_size(u, m->used + 1);
- sp_init_size(b, m->used + 1);
- sp_init_size(c, m->used + 1);
- sp_copy(m, u);
- sp_copy(a, v);
- _sp_zero(b);
- sp_set(c, 1);
- while (!sp_isone(v) && !sp_iszero(u)) {
- if (sp_iseven(u)) {
- sp_div_2(u, u);
- if (sp_isodd(b)) {
- sp_add(b, m, b);
- }
- sp_div_2(b, b);
- }
- else if (sp_iseven(v)) {
- sp_div_2(v, v);
- if (sp_isodd(c)) {
- sp_add(c, m, c);
- }
- sp_div_2(c, c);
- }
- else if (_sp_cmp(u, v) != MP_LT) {
- sp_sub(u, v, u);
- if (_sp_cmp(b, c) == MP_LT) {
- sp_add(b, m, b);
- }
- sp_sub(b, c, b);
- }
- else {
- sp_sub(v, u, v);
- if (_sp_cmp(c, b) == MP_LT) {
- sp_add(c, m, c);
- }
- sp_sub(c, b, c);
- }
- }
- if (sp_iszero(u)) {
- err = MP_VAL;
- }
- else {
- err = sp_copy(c, r);
- }
- }
- FREE_SP_INT_ARRAY(t, NULL);
- return err;
- }
- #endif /* HAVE_ECC || !NO_DSA || OPENSSL_EXTRA || \
- * (!NO_RSA && !WOLFSSL_RSA_VERIFY_ONLY) */
- #if defined(WOLFSSL_SP_MATH_ALL) && defined(HAVE_ECC)
- #define CT_INV_MOD_PRE_CNT 8
- /* Calculates the multiplicative inverse in the field - constant time.
- *
- * Modulus (m) must be a prime and greater than 2.
- *
- * @param [in] a SP integer, Montogmery form, to find inverse of.
- * @param [in] m SP integer this is the modulus.
- * @param [out] r SP integer to hold result.
- * @param [in] mp SP integer digit that is the bottom digit of inv(-m).
- *
- * @return MP_OKAY on success.
- * @return MP_VAL when a, m or r is NULL; a is 0 or m is less than 3.
- * @return MP_MEM when dynamic memory allocation fails.
- */
- int sp_invmod_mont_ct(sp_int* a, sp_int* m, sp_int* r, sp_int_digit mp)
- {
- int err = MP_OKAY;
- int i;
- int j;
- sp_int* t;
- sp_int* e;
- DECL_SP_INT_ARRAY(pre, (m == NULL) ? 1 : m->used * 2 + 1,
- CT_INV_MOD_PRE_CNT + 2);
- if ((a == NULL) || (m == NULL) || (r == NULL)) {
- err = MP_VAL;
- }
- /* 0 != n*m + 1 (+ve m), r*a mod 0 is always 0 (never 1) */
- if ((err == MP_OKAY) && (sp_iszero(a) || sp_iszero(m) ||
- (m->used == 1 && m->dp[0] < 3))) {
- err = MP_VAL;
- }
- ALLOC_SP_INT_ARRAY(pre, m->used * 2 + 1, CT_INV_MOD_PRE_CNT + 2, err, NULL);
- if (err == MP_OKAY) {
- t = pre[CT_INV_MOD_PRE_CNT + 0];
- e = pre[CT_INV_MOD_PRE_CNT + 1];
- sp_init_size(t, m->used * 2 + 1);
- sp_init_size(e, m->used * 2 + 1);
- sp_init_size(pre[0], m->used * 2 + 1);
- err = sp_copy(a, pre[0]);
- for (i = 1; (err == MP_OKAY) && (i < CT_INV_MOD_PRE_CNT); i++) {
- sp_init_size(pre[i], m->used * 2 + 1);
- err = sp_sqr(pre[i-1], pre[i]);
- if (err == MP_OKAY) {
- err = _sp_mont_red(pre[i], m, mp);
- }
- if (err == MP_OKAY) {
- err = sp_mul(pre[i], a, pre[i]);
- }
- if (err == MP_OKAY) {
- err = _sp_mont_red(pre[i], m, mp);
- }
- }
- }
- if (err == MP_OKAY) {
- _sp_sub_d(m, 2, e);
- for (i = sp_count_bits(e)-1, j = 0; i >= 0; i--, j++) {
- if ((!sp_is_bit_set(e, i)) || (j == CT_INV_MOD_PRE_CNT)) {
- break;
- }
- }
- err = sp_copy(pre[j-1], t);
- for (j = 0; (err == MP_OKAY) && (i >= 0); i--) {
- int set = sp_is_bit_set(e, i);
- if ((j == CT_INV_MOD_PRE_CNT) || ((!set) && j > 0)) {
- err = sp_mul(t, pre[j-1], t);
- if (err == MP_OKAY) {
- err = _sp_mont_red(t, m, mp);
- }
- j = 0;
- }
- if (err == MP_OKAY) {
- err = sp_sqr(t, t);
- if (err == MP_OKAY) {
- err = _sp_mont_red(t, m, mp);
- }
- }
- j += set;
- }
- }
- if (err == MP_OKAY) {
- if (j > 0) {
- err = sp_mul(t, pre[j-1], r);
- if (err == MP_OKAY) {
- err = _sp_mont_red(r, m, mp);
- }
- }
- else {
- err = sp_copy(t, r);
- }
- }
- FREE_SP_INT_ARRAY(pre, NULL);
- return err;
- }
- #endif /* WOLFSSL_SP_MATH_ALL && HAVE_ECC */
- /**************************
- * Exponentiation functions
- **************************/
- #if (defined(WOLFSSL_SP_MATH_ALL) && !defined(WOLFSSL_RSA_VERIFY_ONLY) && \
- !defined(WOLFSSL_RSA_PUBLIC_ONLY)) || defined(WOLFSSL_HAVE_SP_DH)
- /* Internal. Exponentiates b to the power of e modulo m into r: r = b ^ e mod m
- * Process the exponent one bit at a time.
- * Is constant time and can be cache attack resistant.
- *
- * @param [in] b SP integer that is the base.
- * @param [in] e SP integer that is the exponent.
- * @param [in] bits Number of bits in base to use. May be greater than
- * count of bits in b.
- * @param [in] m SP integer that is the modulus.
- * @param [out] r SP integer to hold result.
- *
- * @return MP_OKAY on success.
- * @return MP_MEM when dynamic memory allocation fails.
- */
- static int _sp_exptmod_ex(sp_int* b, sp_int* e, int bits, sp_int* m, sp_int* r)
- {
- int i;
- int err = MP_OKAY;
- int done = 0;
- int j;
- int y;
- int seenTopBit = 0;
- #ifdef WC_NO_CACHE_RESISTANT
- DECL_SP_INT_ARRAY(t, 2 * m->used + 1, 2);
- #else
- DECL_SP_INT_ARRAY(t, 2 * m->used + 1, 3);
- #endif
- #ifdef WC_NO_CACHE_RESISTANT
- ALLOC_SP_INT_ARRAY(t, 2 * m->used + 1, 2, err, NULL);
- #else
- ALLOC_SP_INT_ARRAY(t, 2 * m->used + 1, 3, err, NULL);
- #endif
- if (err == MP_OKAY) {
- sp_init_size(t[0], 2 * m->used + 1);
- sp_init_size(t[1], 2 * m->used + 1);
- #ifndef WC_NO_CACHE_RESISTANT
- sp_init_size(t[2], 2 * m->used + 1);
- #endif
- /* Ensure base is less than exponent. */
- if (_sp_cmp(b, m) != MP_LT) {
- err = sp_mod(b, m, t[0]);
- if ((err == MP_OKAY) && sp_iszero(t[0])) {
- sp_set(r, 0);
- done = 1;
- }
- }
- else {
- err = sp_copy(b, t[0]);
- }
- }
- if ((!done) && (err == MP_OKAY)) {
- /* t[0] is dummy value and t[1] is result */
- err = sp_copy(t[0], t[1]);
- for (i = bits - 1; (err == MP_OKAY) && (i >= 0); i--) {
- #ifdef WC_NO_CACHE_RESISTANT
- /* Square real result if seen the top bit. */
- err = sp_sqrmod(t[seenTopBit], m, t[seenTopBit]);
- if (err == MP_OKAY) {
- y = (e->dp[i >> SP_WORD_SHIFT] >> (i & SP_WORD_MASK)) & 1;
- j = y & seenTopBit;
- seenTopBit |= y;
- /* Multiply real result if bit is set and seen the top bit. */
- err = sp_mulmod(t[j], b, m, t[j]);
- }
- #else
- /* Square real result if seen the top bit. */
- sp_copy((sp_int*)(((size_t)t[0] & sp_off_on_addr[seenTopBit^1]) +
- ((size_t)t[1] & sp_off_on_addr[seenTopBit ])),
- t[2]);
- err = sp_sqrmod(t[2], m, t[2]);
- sp_copy(t[2],
- (sp_int*)(((size_t)t[0] & sp_off_on_addr[seenTopBit^1]) +
- ((size_t)t[1] & sp_off_on_addr[seenTopBit ])));
- if (err == MP_OKAY) {
- y = (e->dp[i >> SP_WORD_SHIFT] >> (i & SP_WORD_MASK)) & 1;
- j = y & seenTopBit;
- seenTopBit |= y;
- /* Multiply real result if bit is set and seen the top bit. */
- sp_copy((sp_int*)(((size_t)t[0] & sp_off_on_addr[j^1]) +
- ((size_t)t[1] & sp_off_on_addr[j ])),
- t[2]);
- err = sp_mulmod(t[2], b, m, t[2]);
- sp_copy(t[2],
- (sp_int*)(((size_t)t[0] & sp_off_on_addr[j^1]) +
- ((size_t)t[1] & sp_off_on_addr[j ])));
- }
- #endif
- }
- }
- if ((!done) && (err == MP_OKAY)) {
- err = sp_copy(t[1], r);
- }
- FREE_SP_INT_ARRAY(t, NULL);
- return err;
- }
- #endif /* (WOLFSSL_SP_MATH_ALL && !WOLFSSL_RSA_VERIFY_ONLY) ||
- * WOLFSSL_HAVE_SP_DH */
- #if defined(WOLFSSL_SP_MATH_ALL) && !defined(WOLFSSL_RSA_VERIFY_ONLY) && \
- !defined(WOLFSSL_RSA_PUBLIC_ONLY)
- #ifndef WC_NO_HARDEN
- #if !defined(WC_NO_CACHE_RESISTANT)
- /* Internal. Exponentiates b to the power of e modulo m into r: r = b ^ e mod m
- * Process the exponent one bit at a time with base in montgomery form.
- * Is constant time and cache attack resistant.
- *
- * @param [in] b SP integer that is the base.
- * @param [in] e SP integer that is the exponent.
- * @param [in] bits Number of bits in base to use. May be greater than
- * count of bits in b.
- * @param [in] m SP integer that is the modulus.
- * @param [out] r SP integer to hold result.
- *
- * @return MP_OKAY on success.
- * @return MP_MEM when dynamic memory allocation fails.
- */
- static int _sp_exptmod_mont_ex(sp_int* b, sp_int* e, int bits, sp_int* m,
- sp_int* r)
- {
- int i;
- int err = MP_OKAY;
- int done = 0;
- int j;
- int y;
- int seenTopBit = 0;
- sp_int_digit mp;
- DECL_SP_INT_ARRAY(t, m->used * 2 + 1, 4);
- ALLOC_SP_INT_ARRAY(t, m->used * 2 + 1, 4, err, NULL);
- if (err == MP_OKAY) {
- sp_init_size(t[0], m->used * 2 + 1);
- sp_init_size(t[1], m->used * 2 + 1);
- sp_init_size(t[2], m->used * 2 + 1);
- sp_init_size(t[3], m->used * 2 + 1);
- /* Ensure base is less than exponent. */
- if (_sp_cmp(b, m) != MP_LT) {
- err = sp_mod(b, m, t[0]);
- if ((err == MP_OKAY) && sp_iszero(t[0])) {
- sp_set(r, 0);
- done = 1;
- }
- }
- else {
- err = sp_copy(b, t[0]);
- }
- }
- if ((!done) && (err == MP_OKAY)) {
- err = sp_mont_setup(m, &mp);
- if (err == MP_OKAY) {
- err = sp_mont_norm(t[1], m);
- }
- if (err == MP_OKAY) {
- /* Convert to montgomery form. */
- err = sp_mulmod(t[0], t[1], m, t[0]);
- }
- if (err == MP_OKAY) {
- /* t[0] is fake working value and t[1] is real working value. */
- sp_copy(t[0], t[1]);
- /* Montgomert form of base to multiply by. */
- sp_copy(t[0], t[2]);
- }
- for (i = bits - 1; (err == MP_OKAY) && (i >= 0); i--) {
- /* Square real working value if seen the top bit. */
- sp_copy((sp_int*)(((size_t)t[0] & sp_off_on_addr[seenTopBit^1]) +
- ((size_t)t[1] & sp_off_on_addr[seenTopBit ])),
- t[3]);
- err = sp_sqr(t[3], t[3]);
- if (err == MP_OKAY) {
- err = _sp_mont_red(t[3], m, mp);
- }
- sp_copy(t[3],
- (sp_int*)(((size_t)t[0] & sp_off_on_addr[seenTopBit^1]) +
- ((size_t)t[1] & sp_off_on_addr[seenTopBit ])));
- if (err == MP_OKAY) {
- y = (e->dp[i >> SP_WORD_SHIFT] >> (i & SP_WORD_MASK)) & 1;
- j = y & seenTopBit;
- seenTopBit |= y;
- /* Multiply real value if bit is set and seen the top bit. */
- sp_copy((sp_int*)(((size_t)t[0] & sp_off_on_addr[j^1]) +
- ((size_t)t[1] & sp_off_on_addr[j ])),
- t[3]);
- err = sp_mul(t[3], t[2], t[3]);
- if (err == MP_OKAY) {
- err = _sp_mont_red(t[3], m, mp);
- }
- sp_copy(t[3],
- (sp_int*)(((size_t)t[0] & sp_off_on_addr[j^1]) +
- ((size_t)t[1] & sp_off_on_addr[j ])));
- }
- }
- if (err == MP_OKAY) {
- /* Convert from montgomery form. */
- err = _sp_mont_red(t[1], m, mp);
- /* Reduction implementation returns number to range < m. */
- }
- }
- if ((!done) && (err == MP_OKAY)) {
- err = sp_copy(t[1], r);
- }
- FREE_SP_INT_ARRAY(t, NULL);
- return err;
- }
- #else
- /* Always allocate large array of sp_ints unless defined WOLFSSL_SP_NO_MALLOC */
- #define SP_ALLOC
- /* Internal. Exponentiates b to the power of e modulo m into r: r = b ^ e mod m
- * Creates a window of precalculated exponents with base in montgomery form.
- * Is constant time but NOT cache attack resistant.
- *
- * @param [in] b SP integer that is the base.
- * @param [in] e SP integer that is the exponent.
- * @param [in] bits Number of bits in base to use. May be greater than
- * count of bits in b.
- * @param [in] m SP integer that is the modulus.
- * @param [out] r SP integer to hold result.
- *
- * @return MP_OKAY on success.
- * @return MP_MEM when dynamic memory allocation fails.
- */
- static int _sp_exptmod_mont_ex(sp_int* b, sp_int* e, int bits, sp_int* m,
- sp_int* r)
- {
- int i;
- int j;
- int c;
- int y;
- int winBits;
- int preCnt;
- int err = MP_OKAY;
- int done = 0;
- sp_int_digit mp;
- sp_int_digit n;
- sp_int_digit mask;
- sp_int* tr = NULL;
- DECL_SP_INT_ARRAY(t, m->used * 2 + 1, (1 << 6) + 1);
- if (bits > 450) {
- winBits = 6;
- }
- else if (bits <= 21) {
- winBits = 1;
- }
- else if (bits <= 36) {
- winBits = 3;
- }
- else if (bits <= 140) {
- winBits = 4;
- }
- else {
- winBits = 5;
- }
- preCnt = 1 << winBits;
- mask = preCnt - 1;
- ALLOC_SP_INT_ARRAY(t, m->used * 2 + 1, preCnt + 1, err, NULL);
- if (err == MP_OKAY) {
- tr = t[preCnt];
- for (i = 0; i < preCnt; i++) {
- sp_init_size(t[i], m->used * 2 + 1);
- }
- sp_init_size(tr, m->used * 2 + 1);
- /* Ensure base is less than exponent. */
- if (_sp_cmp(b, m) != MP_LT) {
- err = sp_mod(b, m, t[1]);
- if ((err == MP_OKAY) && sp_iszero(t[1])) {
- sp_set(r, 0);
- done = 1;
- }
- }
- else {
- err = sp_copy(b, t[1]);
- }
- }
- if ((!done) && (err == MP_OKAY)) {
- err = sp_mont_setup(m, &mp);
- if (err == MP_OKAY) {
- /* Norm value is 1 in montgomery form. */
- err = sp_mont_norm(t[0], m);
- }
- if (err == MP_OKAY) {
- /* Convert base to montgomery form. */
- err = sp_mulmod(t[1], t[0], m, t[1]);
- }
- /* Pre-calculate values */
- for (i = 2; (i < preCnt) && (err == MP_OKAY); i++) {
- if ((i & 1) == 0) {
- err = sp_sqr(t[i/2], t[i]);
- }
- else {
- err = sp_mul(t[i-1], t[1], t[i]);
- }
- if (err == MP_OKAY) {
- err = _sp_mont_red(t[i], m, mp);
- }
- }
- if (err == MP_OKAY) {
- /* Bits from the top that - possibly left over. */
- i = (bits - 1) >> SP_WORD_SHIFT;
- n = e->dp[i--];
- c = bits & (SP_WORD_SIZE - 1);
- if (c == 0) {
- c = SP_WORD_SIZE;
- }
- c -= bits % winBits;
- y = (int)(n >> c);
- n <<= SP_WORD_SIZE - c;
- /* Copy window number for top bits. */
- sp_copy(t[y], tr);
- for (; (i >= 0) || (c >= winBits); ) {
- if (c == 0) {
- /* Bits up to end of digit */
- n = e->dp[i--];
- y = (int)(n >> (SP_WORD_SIZE - winBits));
- n <<= winBits;
- c = SP_WORD_SIZE - winBits;
- }
- else if (c < winBits) {
- /* Bits to end of digit and part of next */
- y = (int)(n >> (SP_WORD_SIZE - winBits));
- n = e->dp[i--];
- c = winBits - c;
- y |= (int)(n >> (SP_WORD_SIZE - c));
- n <<= c;
- c = SP_WORD_SIZE - c;
- }
- else {
- /* Bits from middle of digit */
- y = (int)((n >> (SP_WORD_SIZE - winBits)) & mask);
- n <<= winBits;
- c -= winBits;
- }
- /* Square for number of bits in window. */
- for (j = 0; (j < winBits) && (err == MP_OKAY); j++) {
- err = sp_sqr(tr, tr);
- if (err == MP_OKAY) {
- err = _sp_mont_red(tr, m, mp);
- }
- }
- /* Multiply by window number for next set of bits. */
- if (err == MP_OKAY) {
- err = sp_mul(tr, t[y], tr);
- }
- if (err == MP_OKAY) {
- err = _sp_mont_red(tr, m, mp);
- }
- }
- }
- if (err == MP_OKAY) {
- /* Convert from montgomery form. */
- err = _sp_mont_red(tr, m, mp);
- /* Reduction implementation returns number to range < m. */
- }
- }
- if ((!done) && (err == MP_OKAY)) {
- err = sp_copy(tr, r);
- }
- FREE_SP_INT_ARRAY(t, NULL);
- return err;
- }
- #undef SP_ALLOC
- #endif /* !WC_NO_CACHE_RESISTANT */
- #endif /* !WC_NO_HARDEN */
- #if SP_WORD_SIZE <= 16
- #define EXP2_WINSIZE 2
- #elif SP_WORD_SIZE <= 32
- #define EXP2_WINSIZE 3
- #elif SP_WORD_SIZE <= 64
- #define EXP2_WINSIZE 4
- #elif SP_WORD_SIZE <= 128
- #define EXP2_WINSIZE 5
- #endif
- /* Internal. Exponentiates 2 to the power of e modulo m into r: r = 2 ^ e mod m
- * Is constant time and cache attack resistant.
- *
- * @param [in] e SP integer that is the exponent.
- * @param [in] digits Number of digits in base to use. May be greater than
- * count of bits in b.
- * @param [in] m SP integer that is the modulus.
- * @param [out] r SP integer to hold result.
- *
- * @return MP_OKAY on success.
- * @return MP_MEM when dynamic memory allocation fails.
- */
- static int _sp_exptmod_base_2(sp_int* e, int digits, sp_int* m, sp_int* r)
- {
- int i;
- int j;
- int c;
- int y;
- int err = MP_OKAY;
- sp_int* t = NULL;
- sp_int* tr = NULL;
- sp_int_digit mp = 0, n;
- DECL_SP_INT_ARRAY(d, m->used * 2 + 1, 2);
- if (0) {
- sp_print_int(2, "a");
- sp_print(e, "b");
- sp_print(m, "m");
- }
- ALLOC_SP_INT_ARRAY(d, m->used * 2 + 1, 2, err, NULL);
- if (err == MP_OKAY) {
- t = d[0];
- tr = d[1];
- sp_init_size(t, m->used * 2 + 1);
- sp_init_size(tr, m->used * 2 + 1);
- if (m->used > 1) {
- err = sp_mont_setup(m, &mp);
- if (err == MP_OKAY) {
- /* Norm value is 1 in montgomery form. */
- err = sp_mont_norm(tr, m);
- }
- if (err == MP_OKAY) {
- err = sp_mul_2d(m, 1 << EXP2_WINSIZE, t);
- }
- }
- else {
- err = sp_set(tr, 1);
- }
- if (err == MP_OKAY) {
- /* Bits from the top. */
- i = digits - 1;
- n = e->dp[i--];
- c = SP_WORD_SIZE;
- #if (EXP2_WINSIZE != 1) && (EXP2_WINSIZE != 2) && (EXP2_WINSIZE != 4)
- c -= (digits * SP_WORD_SIZE) % EXP2_WINSIZE;
- if (c != SP_WORD_SIZE) {
- y = (int)(n >> c);
- n <<= SP_WORD_SIZE - c;
- }
- else
- #endif
- {
- y = 0;
- }
- /* Multiply montgomery representation of 1 by 2 ^ top */
- err = sp_mul_2d(tr, y, tr);
- }
- if ((err == MP_OKAY) && (m->used > 1)) {
- err = sp_add(tr, t, tr);
- }
- if (err == MP_OKAY) {
- err = sp_mod(tr, m, tr);
- }
- if (err == MP_OKAY) {
- for (; (i >= 0) || (c >= EXP2_WINSIZE); ) {
- if (c == 0) {
- /* Bits up to end of digit */
- n = e->dp[i--];
- y = (int)(n >> (SP_WORD_SIZE - EXP2_WINSIZE));
- n <<= EXP2_WINSIZE;
- c = SP_WORD_SIZE - EXP2_WINSIZE;
- }
- #if (EXP2_WINSIZE != 1) && (EXP2_WINSIZE != 2) && (EXP2_WINSIZE != 4)
- else if (c < EXP2_WINSIZE) {
- /* Bits to end of digit and part of next */
- y = (int)(n >> (SP_WORD_SIZE - EXP2_WINSIZE));
- n = e->dp[i--];
- c = EXP2_WINSIZE - c;
- y |= (int)(n >> (SP_WORD_SIZE - c));
- n <<= c;
- c = SP_WORD_SIZE - c;
- }
- #endif
- else {
- /* Bits from middle of digit */
- y = (int)((n >> (SP_WORD_SIZE - EXP2_WINSIZE)) &
- ((1 << EXP2_WINSIZE) - 1));
- n <<= EXP2_WINSIZE;
- c -= EXP2_WINSIZE;
- }
- /* Square for number of bits in window. */
- for (j = 0; (j < EXP2_WINSIZE) && (err == MP_OKAY); j++) {
- err = sp_sqr(tr, tr);
- if (err != MP_OKAY) {
- break;
- }
- if (m->used > 1) {
- err = _sp_mont_red(tr, m, mp);
- }
- else {
- err = sp_mod(tr, m, tr);
- }
- }
- if (err == MP_OKAY) {
- /* then multiply by 2^y */
- err = sp_mul_2d(tr, y, tr);
- }
- if ((err == MP_OKAY) && (m->used > 1)) {
- /* Add in value to make mod operation take same time */
- err = sp_add(tr, t, tr);
- }
- if (err == MP_OKAY) {
- err = sp_mod(tr, m, tr);
- }
- if (err != MP_OKAY) {
- break;
- }
- }
- }
- if ((err == MP_OKAY) && (m->used > 1)) {
- /* Convert from montgomery form. */
- err = _sp_mont_red(tr, m, mp);
- /* Reduction implementation returns number to range < m. */
- }
- }
- if (err == MP_OKAY) {
- err = sp_copy(tr, r);
- }
- if (0) {
- sp_print(r, "rme");
- }
- FREE_SP_INT_ARRAY(d, NULL);
- return err;
- }
- #endif /* WOLFSSL_SP_MATH_ALL && !WOLFSSL_RSA_VERIFY_ONLY */
- #if (defined(WOLFSSL_SP_MATH_ALL) && !defined(WOLFSSL_RSA_VERIFY_ONLY)) || \
- defined(WOLFSSL_HAVE_SP_DH)
- /* Exponentiates b to the power of e modulo m into r: r = b ^ e mod m
- *
- * @param [in] b SP integer that is the base.
- * @param [in] e SP integer that is the exponent.
- * @param [in] bits Number of bits in base to use. May be greater than
- * count of bits in b.
- * @param [in] m SP integer that is the modulus.
- * @param [out] r SP integer to hold result.
- *
- * @return MP_OKAY on success.
- * @return MP_VAL when b, e, m or r is NULL; or m <= 0 or e is negative.
- * @return MP_MEM when dynamic memory allocation fails.
- */
- int sp_exptmod_ex(sp_int* b, sp_int* e, int digits, sp_int* m, sp_int* r)
- {
- int err = MP_OKAY;
- int done = 0;
- int mBits = sp_count_bits(m);
- int bBits = sp_count_bits(b);
- int eBits = sp_count_bits(e);
- if ((b == NULL) || (e == NULL) || (m == NULL) || (r == NULL)) {
- err = MP_VAL;
- }
- if (0 && (err == MP_OKAY)) {
- sp_print(b, "a");
- sp_print(e, "b");
- sp_print(m, "m");
- }
- if (err != MP_OKAY) {
- }
- /* Handle special cases. */
- else if (sp_iszero(m)) {
- err = MP_VAL;
- }
- #ifdef WOLFSSL_SP_INT_NEGATIVE
- else if ((e->sign == MP_NEG) || (m->sign == MP_NEG)) {
- err = MP_VAL;
- }
- #endif
- else if (sp_isone(m)) {
- sp_set(r, 0);
- done = 1;
- }
- else if (sp_iszero(e)) {
- sp_set(r, 1);
- done = 1;
- }
- else if (sp_iszero(b)) {
- sp_set(r, 0);
- done = 1;
- }
- /* Ensure SP integers have space for intermediate values. */
- else if (m->used * 2 >= r->size) {
- err = MP_VAL;
- }
- if ((!done) && (err == MP_OKAY)) {
- /* Use code optimized for specific sizes if possible */
- #if defined(WOLFSSL_SP_MATH_ALL) && (defined(WOLFSSL_HAVE_SP_RSA) || \
- defined(WOLFSSL_HAVE_SP_DH))
- #ifndef WOLFSSL_SP_NO_2048
- if ((mBits == 1024) && sp_isodd(m) && (bBits <= 1024) &&
- (eBits <= 1024)) {
- err = sp_ModExp_1024(b, e, m, r);
- done = 1;
- }
- else if ((mBits == 2048) && sp_isodd(m) && (bBits <= 2048) &&
- (eBits <= 2048)) {
- err = sp_ModExp_2048(b, e, m, r);
- done = 1;
- }
- else
- #endif
- #ifndef WOLFSSL_SP_NO_3072
- if ((mBits == 1536) && sp_isodd(m) && (bBits <= 1536) &&
- (eBits <= 1536)) {
- err = sp_ModExp_1536(b, e, m, r);
- done = 1;
- }
- else if ((mBits == 3072) && sp_isodd(m) && (bBits <= 3072) &&
- (eBits <= 3072)) {
- err = sp_ModExp_3072(b, e, m, r);
- done = 1;
- }
- else
- #endif
- #ifdef WOLFSSL_SP_4096
- if ((mBits == 4096) && sp_isodd(m) && (bBits <= 4096) &&
- (eBits <= 4096)) {
- err = sp_ModExp_4096(b, e, m, r);
- done = 1;
- }
- else
- #endif
- #endif
- {
- }
- }
- #if defined(WOLFSSL_SP_MATH_ALL) || defined(WOLFSSL_HAVE_SP_DH)
- #if defined(WOLFSSL_SP_MATH_ALL) && !defined(WOLFSSL_RSA_VERIFY_ONLY) && \
- !defined(WOLFSSL_RSA_PUBLIC_ONLY)
- if ((!done) && (err == MP_OKAY) && (b->used == 1) && (b->dp[0] == 2)) {
- /* Use the generic base 2 implementation. */
- err = _sp_exptmod_base_2(e, digits, m, r);
- }
- else if ((!done) && (err == MP_OKAY) && (m->used > 1)) {
- #ifndef WC_NO_HARDEN
- err = _sp_exptmod_mont_ex(b, e, digits * SP_WORD_SIZE, m, r);
- #else
- err = sp_exptmod_nct(b, e, m, r);
- #endif
- }
- else
- #elif defined(WOLFSSL_RSA_VERIFY_ONLY) || defined(WOLFSSL_RSA_PUBLIC_ONLY)
- err = sp_exptmod_nct(b, e, m, r);
- #endif
- #if (defined(WOLFSSL_SP_MATH_ALL) && !defined(WOLFSSL_RSA_VERIFY_ONLY) && \
- !defined(WOLFSSL_RSA_PUBLIC_ONLY)) || defined(WOLFSSL_HAVE_SP_DH)
- if ((!done) && (err == MP_OKAY)) {
- /* Otherwise use the generic implementation. */
- err = _sp_exptmod_ex(b, e, digits * SP_WORD_SIZE, m, r);
- }
- #endif
- #else
- if ((!done) && (err == MP_OKAY)) {
- err = MP_VAL;
- }
- #endif
- (void)mBits;
- (void)bBits;
- (void)eBits;
- (void)digits;
- if (0 && (err == MP_OKAY)) {
- sp_print(r, "rme");
- }
- return err;
- }
- #endif /* WOLFSSL_SP_MATH_ALL || WOLFSSL_HAVE_SP_DH */
- #if (defined(WOLFSSL_SP_MATH_ALL) && !defined(WOLFSSL_RSA_VERIFY_ONLY)) || \
- defined(WOLFSSL_HAVE_SP_DH)
- /* Exponentiates b to the power of e modulo m into r: r = b ^ e mod m
- *
- * @param [in] b SP integer that is the base.
- * @param [in] e SP integer that is the exponent.
- * @param [in] m SP integer that is the modulus.
- * @param [out] r SP integer to hold result.
- *
- * @return MP_OKAY on success.
- * @return MP_VAL when b, e, m or r is NULL; or m <= 0 or e is negative.
- * @return MP_MEM when dynamic memory allocation fails.
- */
- int sp_exptmod(sp_int* b, sp_int* e, sp_int* m, sp_int* r)
- {
- int err = MP_OKAY;
- if ((b == NULL) || (e == NULL) || (m == NULL) || (r == NULL)) {
- err = MP_VAL;
- }
- if (err == MP_OKAY) {
- err = sp_exptmod_ex(b, e, e->used, m, r);
- }
- return err;
- }
- #endif /* (WOLFSSL_SP_MATH_ALL && !WOLFSSL_RSA_VERIFY_ONLY) ||
- * WOLFSSL_HAVE_SP_DH */
- #if defined(WOLFSSL_SP_MATH_ALL) || defined(WOLFSSL_HAVE_SP_DH)
- #if defined(WOLFSSL_SP_FAST_NCT_EXPTMOD) || !defined(WOLFSSL_SP_SMALL)
- /* Always allocate large array of sp_ints unless defined WOLFSSL_SP_NO_MALLOC */
- #define SP_ALLOC
- /* Internal. Exponentiates b to the power of e modulo m into r: r = b ^ e mod m
- * Creates a window of precalculated exponents with base in montgomery form.
- * Sliding window and is NOT constant time.
- *
- * @param [in] b SP integer that is the base.
- * @param [in] e SP integer that is the exponent.
- * @param [in] bits Number of bits in base to use. May be greater than
- * count of bits in b.
- * @param [in] m SP integer that is the modulus.
- * @param [out] r SP integer to hold result.
- *
- * @return MP_OKAY on success.
- * @return MP_MEM when dynamic memory allocation fails.
- */
- static int _sp_exptmod_nct(sp_int* b, sp_int* e, sp_int* m, sp_int* r)
- {
- int i;
- int j;
- int c;
- int y;
- int bits;
- int winBits;
- int preCnt;
- int err = MP_OKAY;
- int done = 0;
- sp_int* tr = NULL;
- sp_int* bm = NULL;
- sp_int_digit mask;
- /* Maximum winBits is 6 and preCnt is (1 << (winBits - 1)). */
- DECL_SP_INT_ARRAY(t, m->used * 2 + 1, (1 << 5) + 2);
- bits = sp_count_bits(e);
- if (bits > 450) {
- winBits = 6;
- }
- else if (bits <= 21) {
- winBits = 1;
- }
- else if (bits <= 36) {
- winBits = 3;
- }
- else if (bits <= 140) {
- winBits = 4;
- }
- else {
- winBits = 5;
- }
- preCnt = 1 << (winBits - 1);
- mask = preCnt - 1;
- ALLOC_SP_INT_ARRAY(t, m->used * 2 + 1, preCnt + 2, err, NULL);
- if (err == MP_OKAY) {
- /* Initialize window numbers and temporary result. */
- tr = t[preCnt + 0];
- bm = t[preCnt + 1];
- for (i = 0; i < preCnt; i++) {
- sp_init_size(t[i], m->used * 2 + 1);
- }
- sp_init_size(tr, m->used * 2 + 1);
- sp_init_size(bm, m->used * 2 + 1);
- /* Ensure base is less than exponent. */
- if (_sp_cmp(b, m) != MP_LT) {
- err = sp_mod(b, m, bm);
- if ((err == MP_OKAY) && sp_iszero(bm)) {
- sp_set(r, 0);
- done = 1;
- }
- }
- else {
- err = sp_copy(b, bm);
- }
- }
- if ((!done) && (err == MP_OKAY)) {
- sp_int_digit mp;
- sp_int_digit n;
- err = sp_mont_setup(m, &mp);
- if (err == MP_OKAY) {
- err = sp_mont_norm(t[0], m);
- }
- if (err == MP_OKAY) {
- err = sp_mulmod(bm, t[0], m, bm);
- }
- if (err == MP_OKAY) {
- err = sp_copy(bm, t[0]);
- }
- for (i = 1; (i < winBits) && (err == MP_OKAY); i++) {
- err = sp_sqr(t[0], t[0]);
- if (err == MP_OKAY) {
- err = _sp_mont_red(t[0], m, mp);
- }
- }
- for (i = 1; (i < preCnt) && (err == MP_OKAY); i++) {
- err = sp_mul(t[i-1], bm, t[i]);
- if (err == MP_OKAY) {
- err = _sp_mont_red(t[i], m, mp);
- }
- }
- if (err == MP_OKAY) {
- /* Find the top bit. */
- i = (bits - 1) >> SP_WORD_SHIFT;
- n = e->dp[i--];
- c = bits % SP_WORD_SIZE;
- if (c == 0) {
- c = SP_WORD_SIZE;
- }
- /* Put top bit at highest offset in digit. */
- n <<= SP_WORD_SIZE - c;
- if (bits >= winBits) {
- /* Top bit set. Copy from window. */
- if (c < winBits) {
- /* Bits to end of digit and part of next */
- y = (int)((n >> (SP_WORD_SIZE - winBits)) & mask);
- n = e->dp[i--];
- c = winBits - c;
- y |= (int)(n >> (SP_WORD_SIZE - c));
- n <<= c;
- c = SP_WORD_SIZE - c;
- }
- else {
- /* Bits from middle of digit */
- y = (int)((n >> (SP_WORD_SIZE - winBits)) & mask);
- n <<= winBits;
- c -= winBits;
- }
- err = sp_copy(t[y], tr);
- }
- else {
- /* 1 in Montgomery form. */
- err = sp_mont_norm(tr, m);
- }
- while (err == MP_OKAY) {
- /* Sqaure until we find bit that is 1 or there's less than a
- * window of bits left.
- */
- while ((i >= 0) || (c >= winBits)) {
- sp_digit n2 = n;
- int c2 = c;
- int i2 = i;
- /* Make sure n2 has bits from the right digit. */
- if (c2 == 0) {
- n2 = e->dp[i2--];
- c2 = SP_WORD_SIZE;
- }
- /* Mask off the next bit. */
- y = (int)((n2 >> (SP_WORD_SIZE - 1)) & 1);
- if (y == 1) {
- break;
- }
- /* Square and update position. */
- err = sp_sqr(tr, tr);
- if (err == MP_OKAY) {
- err = _sp_mont_red(tr, m, mp);
- }
- n = n2 << 1;
- c = c2 - 1;
- i = i2;
- }
- if (err == MP_OKAY) {
- /* Check we have enough bits left for a window. */
- if ((i < 0) && (c < winBits)) {
- break;
- }
- if (c == 0) {
- /* Bits up to end of digit */
- n = e->dp[i--];
- y = (int)(n >> (SP_WORD_SIZE - winBits));
- n <<= winBits;
- c = SP_WORD_SIZE - winBits;
- }
- else if (c < winBits) {
- /* Bits to end of digit and part of next */
- y = (int)(n >> (SP_WORD_SIZE - winBits));
- n = e->dp[i--];
- c = winBits - c;
- y |= (int)(n >> (SP_WORD_SIZE - c));
- n <<= c;
- c = SP_WORD_SIZE - c;
- }
- else {
- /* Bits from middle of digit */
- y = (int)(n >> (SP_WORD_SIZE - winBits));
- n <<= winBits;
- c -= winBits;
- }
- y &= mask;
- }
- /* Square for number of bits in window. */
- for (j = 0; (j < winBits) && (err == MP_OKAY); j++) {
- err = sp_sqr(tr, tr);
- if (err == MP_OKAY) {
- err = _sp_mont_red(tr, m, mp);
- }
- }
- /* Multiply by window number for next set of bits. */
- if (err == MP_OKAY) {
- err = sp_mul(tr, t[y], tr);
- }
- if (err == MP_OKAY) {
- err = _sp_mont_red(tr, m, mp);
- }
- }
- if ((err == MP_OKAY) && (c > 0)) {
- /* Handle remaining bits.
- * Window values have top bit set and can't be used. */
- n = e->dp[0];
- for (--c; (err == MP_OKAY) && (c >= 0); c--) {
- err = sp_sqr(tr, tr);
- if (err == MP_OKAY) {
- err = _sp_mont_red(tr, m, mp);
- }
- if ((err == MP_OKAY) && ((n >> c) & 1)) {
- err = sp_mul(tr, bm, tr);
- if (err == MP_OKAY) {
- err = _sp_mont_red(tr, m, mp);
- }
- }
- }
- }
- }
- if (err == MP_OKAY) {
- /* Convert from montgomery form. */
- err = _sp_mont_red(tr, m, mp);
- /* Reduction implementation returns number to range < m. */
- }
- }
- if ((!done) && (err == MP_OKAY)) {
- err = sp_copy(tr, r);
- }
- FREE_SP_INT_ARRAY(t, NULL);
- return err;
- }
- #undef SP_ALLOC
- #else
- /* Exponentiates b to the power of e modulo m into r: r = b ^ e mod m
- * Non-constant time implementation.
- *
- * @param [in] b SP integer that is the base.
- * @param [in] e SP integer that is the exponent.
- * @param [in] m SP integer that is the modulus.
- * @param [out] r SP integer to hold result.
- *
- * @return MP_OKAY on success.
- * @return MP_VAL when b, e, m or r is NULL; or m <= 0 or e is negative.
- * @return MP_MEM when dynamic memory allocation fails.
- */
- static int _sp_exptmod_nct(sp_int* b, sp_int* e, sp_int* m, sp_int* r)
- {
- int i;
- int err = MP_OKAY;
- int done = 0;
- int y;
- int bits = sp_count_bits(e);
- sp_int_digit mp;
- DECL_SP_INT_ARRAY(t, m->used * 2 + 1, 2);
- ALLOC_SP_INT_ARRAY(t, m->used * 2 + 1, 2, err, NULL);
- if (err == MP_OKAY) {
- sp_init_size(t[0], m->used * 2 + 1);
- sp_init_size(t[1], m->used * 2 + 1);
- /* Ensure base is less than exponent. */
- if (_sp_cmp(b, m) != MP_LT) {
- err = sp_mod(b, m, t[0]);
- if ((err == MP_OKAY) && sp_iszero(t[0])) {
- sp_set(r, 0);
- done = 1;
- }
- }
- else {
- err = sp_copy(b, t[0]);
- }
- }
- if ((!done) && (err == MP_OKAY)) {
- err = sp_mont_setup(m, &mp);
- if (err == MP_OKAY) {
- err = sp_mont_norm(t[1], m);
- }
- if (err == MP_OKAY) {
- /* Convert to montgomery form. */
- err = sp_mulmod(t[0], t[1], m, t[0]);
- }
- if (err == MP_OKAY) {
- /* Montgomert form of base to multiply by. */
- sp_copy(t[0], t[1]);
- }
- for (i = bits - 2; (err == MP_OKAY) && (i >= 0); i--) {
- err = sp_sqr(t[0], t[0]);
- if (err == MP_OKAY) {
- err = _sp_mont_red(t[0], m, mp);
- }
- if (err == MP_OKAY) {
- y = (e->dp[i >> SP_WORD_SHIFT] >> (i & SP_WORD_MASK)) & 1;
- if (y != 0) {
- err = sp_mul(t[0], t[1], t[0]);
- if (err == MP_OKAY) {
- err = _sp_mont_red(t[0], m, mp);
- }
- }
- }
- }
- if (err == MP_OKAY) {
- /* Convert from montgomery form. */
- err = _sp_mont_red(t[0], m, mp);
- /* Reduction implementation returns number to range < m. */
- }
- }
- if ((!done) && (err == MP_OKAY)) {
- err = sp_copy(t[0], r);
- }
- FREE_SP_INT_ARRAY(t, NULL);
- return err;
- }
- #endif /* WOLFSSL_SP_FAST_NCT_EXPTMOD || !WOLFSSL_SP_SMALL */
- /* Exponentiates b to the power of e modulo m into r: r = b ^ e mod m
- * Non-constant time implementation.
- *
- * @param [in] b SP integer that is the base.
- * @param [in] e SP integer that is the exponent.
- * @param [in] m SP integer that is the modulus.
- * @param [out] r SP integer to hold result.
- *
- * @return MP_OKAY on success.
- * @return MP_VAL when b, e, m or r is NULL; or m <= 0 or e is negative.
- * @return MP_MEM when dynamic memory allocation fails.
- */
- int sp_exptmod_nct(sp_int* b, sp_int* e, sp_int* m, sp_int* r)
- {
- int err = MP_OKAY;
- if ((b == NULL) || (e == NULL) || (m == NULL) || (r == NULL)) {
- err = MP_VAL;
- }
- if (0 && (err == MP_OKAY)) {
- sp_print(b, "a");
- sp_print(e, "b");
- sp_print(m, "m");
- }
- if (err != MP_OKAY) {
- }
- /* Handle special cases. */
- else if (sp_iszero(m)) {
- err = MP_VAL;
- }
- #ifdef WOLFSSL_SP_INT_NEGATIVE
- else if ((e->sign == MP_NEG) || (m->sign == MP_NEG)) {
- err = MP_VAL;
- }
- #endif
- else if (sp_isone(m)) {
- sp_set(r, 0);
- }
- else if (sp_iszero(e)) {
- sp_set(r, 1);
- }
- else if (sp_iszero(b)) {
- sp_set(r, 0);
- }
- /* Ensure SP integers have space for intermediate values. */
- else if (m->used * 2 >= r->size) {
- err = MP_VAL;
- }
- else {
- err = _sp_exptmod_nct(b, e, m, r);
- }
- if (0 && (err == MP_OKAY)) {
- sp_print(r, "rme");
- }
- return err;
- }
- #endif /* WOLFSSL_SP_MATH_ALL || WOLFSSL_HAVE_SP_DH */
- /***************
- * 2^e functions
- ***************/
- #if defined(WOLFSSL_SP_MATH_ALL) && !defined(WOLFSSL_RSA_VERIFY_ONLY)
- /* Divide by 2^e: r = a >> e and rem = bits shifted out
- *
- * @param [in] a SP integer to divide.
- * @param [in] e Exponent bits (dividing by 2^e).
- * @param [in] m SP integer that is the modulus.
- * @param [out] r SP integer to hold result.
- * @param [out] rem SP integer to hold remainder.
- *
- * @return MP_OKAY on success.
- * @return MP_VAL when a is NULL.
- */
- int sp_div_2d(sp_int* a, int e, sp_int* r, sp_int* rem)
- {
- int err = MP_OKAY;
- if (a == NULL) {
- err = MP_VAL;
- }
- if (err == MP_OKAY) {
- int remBits = sp_count_bits(a) - e;
- if (remBits <= 0) {
- /* Shifting down by more bits than in number. */
- _sp_zero(r);
- sp_copy(a, rem);
- }
- else {
- if (rem != NULL) {
- /* Copy a in to remainder. */
- err = sp_copy(a, rem);
- }
- /* Shift a down by into result. */
- sp_rshb(a, e, r);
- if (rem != NULL) {
- /* Set used and mask off top digit of remainder. */
- rem->used = (e + SP_WORD_SIZE - 1) >> SP_WORD_SHIFT;
- e &= SP_WORD_MASK;
- if (e > 0) {
- rem->dp[rem->used - 1] &= ((sp_int_digit)1 << e) - 1;
- }
- sp_clamp(rem);
- #ifdef WOLFSSL_SP_INT_NEGATIVE
- rem->sign = MP_ZPOS;
- #endif
- }
- }
- }
- return err;
- }
- #endif /* WOLFSSL_SP_MATH_ALL && !WOLFSSL_RSA_VERIFY_ONLY */
- #if defined(WOLFSSL_SP_MATH_ALL) && !defined(WOLFSSL_RSA_VERIFY_ONLY)
- /* The bottom e bits: r = a & ((1 << e) - 1)
- *
- * @param [in] a SP integer to reduce.
- * @param [in] e Modulus bits (modulus equals 2^e).
- * @param [out] r SP integer to hold result.
- *
- * @return MP_OKAY on success.
- * @return MP_VAL when a or r is NULL.
- */
- int sp_mod_2d(sp_int* a, int e, sp_int* r)
- {
- int err = MP_OKAY;
- if ((a == NULL) || (r == NULL)) {
- err = MP_VAL;
- }
- if (err == MP_OKAY) {
- int digits = (e + SP_WORD_SIZE - 1) >> SP_WORD_SHIFT;
- if (a != r) {
- XMEMCPY(r->dp, a->dp, digits * sizeof(sp_int_digit));
- }
- /* Set used and mask off top digit of result. */
- r->used = digits;
- e &= SP_WORD_MASK;
- if (e > 0) {
- r->dp[r->used - 1] &= ((sp_int_digit)1 << e) - 1;
- }
- sp_clamp(r);
- #ifdef WOLFSSL_SP_INT_NEGATIVE
- if (sp_iszero(r)) {
- r->sign = MP_ZPOS;
- }
- else if (a != r) {
- r->sign = a->sign;
- }
- #endif
- }
- return err;
- }
- #endif /* WOLFSSL_SP_MATH_ALL && !WOLFSSL_RSA_VERIFY_ONLY */
- #if defined(WOLFSSL_SP_MATH_ALL) && !defined(WOLFSSL_RSA_VERIFY_ONLY)
- /* Multiply by 2^e: r = a << e
- *
- * @param [in] a SP integer to multiply.
- * @param [in] e Multiplier bits (multiplier equals 2^e).
- * @param [out] r SP integer to hold result.
- *
- * @return MP_OKAY on success.
- * @return MP_VAL when a or r is NULL, or result is too big for fixed data
- * length.
- */
- int sp_mul_2d(sp_int* a, int e, sp_int* r)
- {
- int err = MP_OKAY;
- if ((a == NULL) || (r == NULL)) {
- err = MP_VAL;
- }
- if ((err == MP_OKAY) && (sp_count_bits(a) + e > r->size * SP_WORD_SIZE)) {
- err = MP_VAL;
- }
- if (err == MP_OKAY) {
- /* Copy a into r as left shift function works on the number. */
- if (a != r) {
- err = sp_copy(a, r);
- }
- }
- if (err == MP_OKAY) {
- if (0) {
- sp_print(a, "a");
- sp_print_int(e, "n");
- }
- err = sp_lshb(r, e);
- if (0) {
- sp_print(r, "rsl");
- }
- }
- return err;
- }
- #endif /* WOLFSSL_SP_MATH_ALL && !WOLFSSL_RSA_VERIFY_ONLY */
- #if defined(WOLFSSL_SP_MATH_ALL) || defined(WOLFSSL_HAVE_SP_DH) || \
- defined(HAVE_ECC) || (!defined(NO_RSA) && !defined(WOLFSSL_RSA_VERIFY_ONLY))
- /* START SP_SQR implementations */
- /* This code is generated.
- * To generate:
- * cd scripts/sp/sp_int
- * ./gen.sh
- * File sp_sqr.c contains code.
- */
- #if !defined(WOLFSSL_SP_MATH) || !defined(WOLFSSL_SP_SMALL)
- #ifdef SQR_MUL_ASM
- /* Square a and store in r. r = a * a
- *
- * @param [in] a SP integer to square.
- * @param [out] r SP integer result.
- *
- * @return MP_OKAY on success.
- * @return MP_MEM when dynamic memory allocation fails.
- */
- static int _sp_sqr(sp_int* a, sp_int* r)
- {
- int err = MP_OKAY;
- int i;
- int j;
- int k;
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
- sp_int_digit* t = NULL;
- #elif defined(__STDC_VERSION__) && (__STDC_VERSION__ >= 199901L) && \
- defined(WOLFSSL_SP_SMALL)
- sp_int_digit t[a->used * 2];
- #else
- sp_int_digit t[SP_INT_DIGITS];
- #endif
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
- t = (sp_int_digit*)XMALLOC(sizeof(sp_int_digit) * (a->used * 2), NULL,
- DYNAMIC_TYPE_BIGINT);
- if (t == NULL) {
- err = MP_MEM;
- }
- #endif
- if ((err == MP_OKAY) && (a->used <= 1)) {
- sp_int_digit l, h;
- h = 0;
- l = 0;
- SP_ASM_SQR(h, l, a->dp[0]);
- t[0] = h;
- t[1] = l;
- }
- else if (err == MP_OKAY) {
- sp_int_digit l, h, o;
- h = 0;
- l = 0;
- SP_ASM_SQR(h, l, a->dp[0]);
- t[0] = h;
- h = 0;
- o = 0;
- for (k = 1; k < (a->used + 1) / 2; k++) {
- i = k;
- j = k - 1;
- for (; (j >= 0); i++, j--) {
- SP_ASM_MUL_ADD2(l, h, o, a->dp[i], a->dp[j]);
- }
- t[k * 2 - 1] = l;
- l = h;
- h = o;
- o = 0;
- SP_ASM_SQR_ADD(l, h, o, a->dp[k]);
- i = k + 1;
- j = k - 1;
- for (; (j >= 0); i++, j--) {
- SP_ASM_MUL_ADD2(l, h, o, a->dp[i], a->dp[j]);
- }
- t[k * 2] = l;
- l = h;
- h = o;
- o = 0;
- }
- for (; k < a->used; k++) {
- i = k;
- j = k - 1;
- for (; (i < a->used); i++, j--) {
- SP_ASM_MUL_ADD2(l, h, o, a->dp[i], a->dp[j]);
- }
- t[k * 2 - 1] = l;
- l = h;
- h = o;
- o = 0;
- SP_ASM_SQR_ADD(l, h, o, a->dp[k]);
- i = k + 1;
- j = k - 1;
- for (; (i < a->used); i++, j--) {
- SP_ASM_MUL_ADD2(l, h, o, a->dp[i], a->dp[j]);
- }
- t[k * 2] = l;
- l = h;
- h = o;
- o = 0;
- }
- t[k * 2 - 1] = l;
- }
- if (err == MP_OKAY) {
- r->used = a->used * 2;
- XMEMCPY(r->dp, t, r->used * sizeof(sp_int_digit));
- sp_clamp(r);
- }
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (t != NULL) {
- XFREE(t, NULL, DYNAMIC_TYPE_BIGINT);
- }
- #endif
- return err;
- }
- #else /* !SQR_MUL_ASM */
- /* Square a and store in r. r = a * a
- *
- * @param [in] a SP integer to square.
- * @param [out] r SP integer result.
- *
- * @return MP_OKAY on success.
- * @return MP_MEM when dynamic memory allocation fails.
- */
- static int _sp_sqr(sp_int* a, sp_int* r)
- {
- int err = MP_OKAY;
- int i;
- int j;
- int k;
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
- sp_int_digit* t = NULL;
- #elif defined(__STDC_VERSION__) && (__STDC_VERSION__ >= 199901L) && \
- defined(WOLFSSL_SP_SMALL)
- sp_int_digit t[a->used * 2];
- #else
- sp_int_digit t[SP_INT_DIGITS];
- #endif
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
- t = (sp_int_digit*)XMALLOC(sizeof(sp_int_digit) * (a->used * 2), NULL,
- DYNAMIC_TYPE_BIGINT);
- if (t == NULL) {
- err = MP_MEM;
- }
- #endif
- if (err == MP_OKAY) {
- sp_int_word w;
- sp_int_word l;
- sp_int_word h;
- #ifdef SP_WORD_OVERFLOW
- sp_int_word o;
- #endif
- w = (sp_int_word)a->dp[0] * a->dp[0];
- t[0] = (sp_int_digit)w;
- l = (sp_int_digit)(w >> SP_WORD_SIZE);
- h = 0;
- #ifdef SP_WORD_OVERFLOW
- o = 0;
- #endif
- for (k = 1; k <= (a->used - 1) * 2; k++) {
- i = k / 2;
- j = k - i;
- if (i == j) {
- w = (sp_int_word)a->dp[i] * a->dp[j];
- l += (sp_int_digit)w;
- h += (sp_int_digit)(w >> SP_WORD_SIZE);
- #ifdef SP_WORD_OVERFLOW
- h += (sp_int_digit)(l >> SP_WORD_SIZE);
- l &= SP_MASK;
- o += (sp_int_digit)(h >> SP_WORD_SIZE);
- h &= SP_MASK;
- #endif
- }
- for (++i, --j; (i < a->used) && (j >= 0); i++, j--) {
- w = (sp_int_word)a->dp[i] * a->dp[j];
- l += (sp_int_digit)w;
- h += (sp_int_digit)(w >> SP_WORD_SIZE);
- #ifdef SP_WORD_OVERFLOW
- h += (sp_int_digit)(l >> SP_WORD_SIZE);
- l &= SP_MASK;
- o += (sp_int_digit)(h >> SP_WORD_SIZE);
- h &= SP_MASK;
- #endif
- l += (sp_int_digit)w;
- h += (sp_int_digit)(w >> SP_WORD_SIZE);
- #ifdef SP_WORD_OVERFLOW
- h += (sp_int_digit)(l >> SP_WORD_SIZE);
- l &= SP_MASK;
- o += (sp_int_digit)(h >> SP_WORD_SIZE);
- h &= SP_MASK;
- #endif
- }
- t[k] = (sp_int_digit)l;
- l >>= SP_WORD_SIZE;
- l += (sp_int_digit)h;
- h >>= SP_WORD_SIZE;
- #ifdef SP_WORD_OVERFLOW
- h += o & SP_MASK;
- o >>= SP_WORD_SIZE;
- #endif
- }
- t[k] = (sp_int_digit)l;
- r->used = k + 1;
- XMEMCPY(r->dp, t, r->used * sizeof(sp_int_digit));
- sp_clamp(r);
- }
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (t != NULL) {
- XFREE(t, NULL, DYNAMIC_TYPE_BIGINT);
- }
- #endif
- return err;
- }
- #endif /* SQR_MUL_ASM */
- #endif /* !WOLFSSL_SP_MATH || !WOLFSSL_SP_SMALL */
- #ifndef WOLFSSL_SP_SMALL
- #if !defined(WOLFSSL_HAVE_SP_ECC) && defined(HAVE_ECC)
- #if SP_WORD_SIZE == 64
- #ifndef SQR_MUL_ASM
- /* Square a and store in r. r = a * a
- *
- * @param [in] a SP integer to square.
- * @param [out] r SP integer result.
- *
- * @return MP_OKAY on success.
- * @return MP_MEM when dynamic memory allocation fails.
- */
- static int _sp_sqr_4(sp_int* a, sp_int* r)
- {
- int err = MP_OKAY;
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
- sp_int_word* w = NULL;
- #else
- sp_int_word w[10];
- #endif
- sp_int_digit* da = a->dp;
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
- w = (sp_int_word*)XMALLOC(sizeof(sp_int_word) * 10, NULL,
- DYNAMIC_TYPE_BIGINT);
- if (w == NULL) {
- err = MP_MEM;
- }
- #endif
- if (err == MP_OKAY) {
- w[0] = (sp_int_word)da[0] * da[0];
- w[1] = (sp_int_word)da[0] * da[1];
- w[2] = (sp_int_word)da[0] * da[2];
- w[3] = (sp_int_word)da[1] * da[1];
- w[4] = (sp_int_word)da[0] * da[3];
- w[5] = (sp_int_word)da[1] * da[2];
- w[6] = (sp_int_word)da[1] * da[3];
- w[7] = (sp_int_word)da[2] * da[2];
- w[8] = (sp_int_word)da[2] * da[3];
- w[9] = (sp_int_word)da[3] * da[3];
- r->dp[0] = w[0];
- w[0] >>= SP_WORD_SIZE;
- w[0] += (sp_int_digit)w[1];
- w[0] += (sp_int_digit)w[1];
- r->dp[1] = w[0];
- w[0] >>= SP_WORD_SIZE;
- w[1] >>= SP_WORD_SIZE;
- w[0] += (sp_int_digit)w[1];
- w[0] += (sp_int_digit)w[1];
- w[0] += (sp_int_digit)w[2];
- w[0] += (sp_int_digit)w[2];
- w[0] += (sp_int_digit)w[3];
- r->dp[2] = w[0];
- w[0] >>= SP_WORD_SIZE;
- w[2] >>= SP_WORD_SIZE;
- w[0] += (sp_int_digit)w[2];
- w[0] += (sp_int_digit)w[2];
- w[3] >>= SP_WORD_SIZE;
- w[0] += (sp_int_digit)w[3];
- w[0] += (sp_int_digit)w[4];
- w[0] += (sp_int_digit)w[4];
- w[0] += (sp_int_digit)w[5];
- w[0] += (sp_int_digit)w[5];
- r->dp[3] = w[0];
- w[0] >>= SP_WORD_SIZE;
- w[4] >>= SP_WORD_SIZE;
- w[0] += (sp_int_digit)w[4];
- w[0] += (sp_int_digit)w[4];
- w[5] >>= SP_WORD_SIZE;
- w[0] += (sp_int_digit)w[5];
- w[0] += (sp_int_digit)w[5];
- w[0] += (sp_int_digit)w[6];
- w[0] += (sp_int_digit)w[6];
- w[0] += (sp_int_digit)w[7];
- r->dp[4] = w[0];
- w[0] >>= SP_WORD_SIZE;
- w[6] >>= SP_WORD_SIZE;
- w[0] += (sp_int_digit)w[6];
- w[0] += (sp_int_digit)w[6];
- w[7] >>= SP_WORD_SIZE;
- w[0] += (sp_int_digit)w[7];
- w[0] += (sp_int_digit)w[8];
- w[0] += (sp_int_digit)w[8];
- r->dp[5] = w[0];
- w[0] >>= SP_WORD_SIZE;
- w[8] >>= SP_WORD_SIZE;
- w[0] += (sp_int_digit)w[8];
- w[0] += (sp_int_digit)w[8];
- w[0] += (sp_int_digit)w[9];
- r->dp[6] = w[0];
- w[0] >>= SP_WORD_SIZE;
- w[9] >>= SP_WORD_SIZE;
- w[0] += (sp_int_digit)w[9];
- r->dp[7] = w[0];
- r->used = 8;
- sp_clamp(r);
- }
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (w != NULL) {
- XFREE(w, NULL, DYNAMIC_TYPE_BIGINT);
- }
- #endif
- return err;
- }
- #else /* SQR_MUL_ASM */
- /* Square a and store in r. r = a * a
- *
- * @param [in] a SP integer to square.
- * @param [out] r SP integer result.
- *
- * @return MP_OKAY on success.
- * @return MP_MEM when dynamic memory allocation fails.
- */
- static int _sp_sqr_4(sp_int* a, sp_int* r)
- {
- sp_int_digit l = 0;
- sp_int_digit h = 0;
- sp_int_digit o = 0;
- sp_int_digit t[4];
- SP_ASM_SQR(h, l, a->dp[0]);
- t[0] = h;
- h = 0;
- SP_ASM_MUL_ADD2_NO(l, h, o, a->dp[0], a->dp[1]);
- t[1] = l;
- l = h;
- h = o;
- o = 0;
- SP_ASM_MUL_ADD2_NO(l, h, o, a->dp[0], a->dp[2]);
- SP_ASM_SQR_ADD(l, h, o, a->dp[1]);
- t[2] = l;
- l = h;
- h = o;
- o = 0;
- SP_ASM_MUL_ADD2(l, h, o, a->dp[0], a->dp[3]);
- SP_ASM_MUL_ADD2(l, h, o, a->dp[1], a->dp[2]);
- t[3] = l;
- l = h;
- h = o;
- o = 0;
- SP_ASM_MUL_ADD2(l, h, o, a->dp[1], a->dp[3]);
- SP_ASM_SQR_ADD(l, h, o, a->dp[2]);
- r->dp[4] = l;
- l = h;
- h = o;
- o = 0;
- SP_ASM_MUL_ADD2(l, h, o, a->dp[2], a->dp[3]);
- r->dp[5] = l;
- l = h;
- h = o;
- SP_ASM_SQR_ADD_NO(l, h, a->dp[3]);
- r->dp[6] = l;
- r->dp[7] = h;
- XMEMCPY(r->dp, t, 4 * sizeof(sp_int_digit));
- r->used = 8;
- sp_clamp(r);
- return MP_OKAY;
- }
- #endif /* SQR_MUL_ASM */
- #endif /* SP_WORD_SIZE == 64 */
- #if SP_WORD_SIZE == 64
- #ifdef SQR_MUL_ASM
- /* Square a and store in r. r = a * a
- *
- * @param [in] a SP integer to square.
- * @param [out] r SP integer result.
- *
- * @return MP_OKAY on success.
- * @return MP_MEM when dynamic memory allocation fails.
- */
- static int _sp_sqr_6(sp_int* a, sp_int* r)
- {
- sp_int_digit l = 0;
- sp_int_digit h = 0;
- sp_int_digit o = 0;
- sp_int_digit tl = 0;
- sp_int_digit th = 0;
- sp_int_digit to;
- sp_int_digit t[6];
- SP_ASM_SQR(h, l, a->dp[0]);
- t[0] = h;
- h = 0;
- SP_ASM_MUL_ADD2_NO(l, h, o, a->dp[0], a->dp[1]);
- t[1] = l;
- l = h;
- h = o;
- o = 0;
- SP_ASM_MUL_ADD2_NO(l, h, o, a->dp[0], a->dp[2]);
- SP_ASM_SQR_ADD(l, h, o, a->dp[1]);
- t[2] = l;
- l = h;
- h = o;
- o = 0;
- SP_ASM_MUL_ADD2(l, h, o, a->dp[0], a->dp[3]);
- SP_ASM_MUL_ADD2(l, h, o, a->dp[1], a->dp[2]);
- t[3] = l;
- l = h;
- h = o;
- o = 0;
- SP_ASM_MUL_ADD2(l, h, o, a->dp[0], a->dp[4]);
- SP_ASM_MUL_ADD2(l, h, o, a->dp[1], a->dp[3]);
- SP_ASM_SQR_ADD(l, h, o, a->dp[2]);
- t[4] = l;
- l = h;
- h = o;
- o = 0;
- SP_ASM_MUL_SET(tl, th, to, a->dp[0], a->dp[5]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[1], a->dp[4]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[2], a->dp[3]);
- SP_ASM_ADD_DBL_3(l, h, o, tl, th, to);
- t[5] = l;
- l = h;
- h = o;
- o = 0;
- SP_ASM_MUL_ADD2(l, h, o, a->dp[1], a->dp[5]);
- SP_ASM_MUL_ADD2(l, h, o, a->dp[2], a->dp[4]);
- SP_ASM_SQR_ADD(l, h, o, a->dp[3]);
- r->dp[6] = l;
- l = h;
- h = o;
- o = 0;
- SP_ASM_MUL_ADD2(l, h, o, a->dp[2], a->dp[5]);
- SP_ASM_MUL_ADD2(l, h, o, a->dp[3], a->dp[4]);
- r->dp[7] = l;
- l = h;
- h = o;
- o = 0;
- SP_ASM_MUL_ADD2(l, h, o, a->dp[3], a->dp[5]);
- SP_ASM_SQR_ADD(l, h, o, a->dp[4]);
- r->dp[8] = l;
- l = h;
- h = o;
- o = 0;
- SP_ASM_MUL_ADD2(l, h, o, a->dp[4], a->dp[5]);
- r->dp[9] = l;
- l = h;
- h = o;
- SP_ASM_SQR_ADD_NO(l, h, a->dp[5]);
- r->dp[10] = l;
- r->dp[11] = h;
- XMEMCPY(r->dp, t, 6 * sizeof(sp_int_digit));
- r->used = 12;
- sp_clamp(r);
- return MP_OKAY;
- }
- #endif /* SQR_MUL_ASM */
- #endif /* SP_WORD_SIZE == 64 */
- #if SP_WORD_SIZE == 32
- #ifdef SQR_MUL_ASM
- /* Square a and store in r. r = a * a
- *
- * @param [in] a SP integer to square.
- * @param [out] r SP integer result.
- *
- * @return MP_OKAY on success.
- * @return MP_MEM when dynamic memory allocation fails.
- */
- static int _sp_sqr_8(sp_int* a, sp_int* r)
- {
- sp_int_digit l = 0;
- sp_int_digit h = 0;
- sp_int_digit o = 0;
- sp_int_digit tl = 0;
- sp_int_digit th = 0;
- sp_int_digit to;
- sp_int_digit t[8];
- SP_ASM_SQR(h, l, a->dp[0]);
- t[0] = h;
- h = 0;
- SP_ASM_MUL_ADD2_NO(l, h, o, a->dp[0], a->dp[1]);
- t[1] = l;
- l = h;
- h = o;
- o = 0;
- SP_ASM_MUL_ADD2_NO(l, h, o, a->dp[0], a->dp[2]);
- SP_ASM_SQR_ADD(l, h, o, a->dp[1]);
- t[2] = l;
- l = h;
- h = o;
- o = 0;
- SP_ASM_MUL_ADD2(l, h, o, a->dp[0], a->dp[3]);
- SP_ASM_MUL_ADD2(l, h, o, a->dp[1], a->dp[2]);
- t[3] = l;
- l = h;
- h = o;
- o = 0;
- SP_ASM_MUL_ADD2(l, h, o, a->dp[0], a->dp[4]);
- SP_ASM_MUL_ADD2(l, h, o, a->dp[1], a->dp[3]);
- SP_ASM_SQR_ADD(l, h, o, a->dp[2]);
- t[4] = l;
- l = h;
- h = o;
- o = 0;
- SP_ASM_MUL_SET(tl, th, to, a->dp[0], a->dp[5]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[1], a->dp[4]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[2], a->dp[3]);
- SP_ASM_ADD_DBL_3(l, h, o, tl, th, to);
- t[5] = l;
- l = h;
- h = o;
- o = 0;
- SP_ASM_MUL_SET(tl, th, to, a->dp[0], a->dp[6]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[1], a->dp[5]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[2], a->dp[4]);
- SP_ASM_SQR_ADD(l, h, o, a->dp[3]);
- SP_ASM_ADD_DBL_3(l, h, o, tl, th, to);
- t[6] = l;
- l = h;
- h = o;
- o = 0;
- SP_ASM_MUL_SET(tl, th, to, a->dp[0], a->dp[7]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[1], a->dp[6]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[2], a->dp[5]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[3], a->dp[4]);
- SP_ASM_ADD_DBL_3(l, h, o, tl, th, to);
- t[7] = l;
- l = h;
- h = o;
- o = 0;
- SP_ASM_MUL_SET(tl, th, to, a->dp[1], a->dp[7]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[2], a->dp[6]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[3], a->dp[5]);
- SP_ASM_SQR_ADD(l, h, o, a->dp[4]);
- SP_ASM_ADD_DBL_3(l, h, o, tl, th, to);
- r->dp[8] = l;
- l = h;
- h = o;
- o = 0;
- SP_ASM_MUL_SET(tl, th, to, a->dp[2], a->dp[7]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[3], a->dp[6]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[4], a->dp[5]);
- SP_ASM_ADD_DBL_3(l, h, o, tl, th, to);
- r->dp[9] = l;
- l = h;
- h = o;
- o = 0;
- SP_ASM_MUL_ADD2(l, h, o, a->dp[3], a->dp[7]);
- SP_ASM_MUL_ADD2(l, h, o, a->dp[4], a->dp[6]);
- SP_ASM_SQR_ADD(l, h, o, a->dp[5]);
- r->dp[10] = l;
- l = h;
- h = o;
- o = 0;
- SP_ASM_MUL_ADD2(l, h, o, a->dp[4], a->dp[7]);
- SP_ASM_MUL_ADD2(l, h, o, a->dp[5], a->dp[6]);
- r->dp[11] = l;
- l = h;
- h = o;
- o = 0;
- SP_ASM_MUL_ADD2(l, h, o, a->dp[5], a->dp[7]);
- SP_ASM_SQR_ADD(l, h, o, a->dp[6]);
- r->dp[12] = l;
- l = h;
- h = o;
- o = 0;
- SP_ASM_MUL_ADD2(l, h, o, a->dp[6], a->dp[7]);
- r->dp[13] = l;
- l = h;
- h = o;
- SP_ASM_SQR_ADD_NO(l, h, a->dp[7]);
- r->dp[14] = l;
- r->dp[15] = h;
- XMEMCPY(r->dp, t, 8 * sizeof(sp_int_digit));
- r->used = 16;
- sp_clamp(r);
- return MP_OKAY;
- }
- #endif /* SQR_MUL_ASM */
- #endif /* SP_WORD_SIZE == 32 */
- #if SP_WORD_SIZE == 32
- #ifdef SQR_MUL_ASM
- /* Square a and store in r. r = a * a
- *
- * @param [in] a SP integer to square.
- * @param [out] r SP integer result.
- *
- * @return MP_OKAY on success.
- * @return MP_MEM when dynamic memory allocation fails.
- */
- static int _sp_sqr_12(sp_int* a, sp_int* r)
- {
- sp_int_digit l = 0;
- sp_int_digit h = 0;
- sp_int_digit o = 0;
- sp_int_digit tl = 0;
- sp_int_digit th = 0;
- sp_int_digit to;
- sp_int_digit t[12];
- SP_ASM_SQR(h, l, a->dp[0]);
- t[0] = h;
- h = 0;
- SP_ASM_MUL_ADD2_NO(l, h, o, a->dp[0], a->dp[1]);
- t[1] = l;
- l = h;
- h = o;
- o = 0;
- SP_ASM_MUL_ADD2_NO(l, h, o, a->dp[0], a->dp[2]);
- SP_ASM_SQR_ADD(l, h, o, a->dp[1]);
- t[2] = l;
- l = h;
- h = o;
- o = 0;
- SP_ASM_MUL_ADD2(l, h, o, a->dp[0], a->dp[3]);
- SP_ASM_MUL_ADD2(l, h, o, a->dp[1], a->dp[2]);
- t[3] = l;
- l = h;
- h = o;
- o = 0;
- SP_ASM_MUL_ADD2(l, h, o, a->dp[0], a->dp[4]);
- SP_ASM_MUL_ADD2(l, h, o, a->dp[1], a->dp[3]);
- SP_ASM_SQR_ADD(l, h, o, a->dp[2]);
- t[4] = l;
- l = h;
- h = o;
- o = 0;
- SP_ASM_MUL_SET(tl, th, to, a->dp[0], a->dp[5]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[1], a->dp[4]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[2], a->dp[3]);
- SP_ASM_ADD_DBL_3(l, h, o, tl, th, to);
- t[5] = l;
- l = h;
- h = o;
- o = 0;
- SP_ASM_MUL_SET(tl, th, to, a->dp[0], a->dp[6]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[1], a->dp[5]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[2], a->dp[4]);
- SP_ASM_SQR_ADD(l, h, o, a->dp[3]);
- SP_ASM_ADD_DBL_3(l, h, o, tl, th, to);
- t[6] = l;
- l = h;
- h = o;
- o = 0;
- SP_ASM_MUL_SET(tl, th, to, a->dp[0], a->dp[7]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[1], a->dp[6]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[2], a->dp[5]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[3], a->dp[4]);
- SP_ASM_ADD_DBL_3(l, h, o, tl, th, to);
- t[7] = l;
- l = h;
- h = o;
- o = 0;
- SP_ASM_MUL_SET(tl, th, to, a->dp[0], a->dp[8]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[1], a->dp[7]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[2], a->dp[6]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[3], a->dp[5]);
- SP_ASM_SQR_ADD(l, h, o, a->dp[4]);
- SP_ASM_ADD_DBL_3(l, h, o, tl, th, to);
- t[8] = l;
- l = h;
- h = o;
- o = 0;
- SP_ASM_MUL_SET(tl, th, to, a->dp[0], a->dp[9]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[1], a->dp[8]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[2], a->dp[7]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[3], a->dp[6]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[4], a->dp[5]);
- SP_ASM_ADD_DBL_3(l, h, o, tl, th, to);
- t[9] = l;
- l = h;
- h = o;
- o = 0;
- SP_ASM_MUL_SET(tl, th, to, a->dp[0], a->dp[10]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[1], a->dp[9]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[2], a->dp[8]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[3], a->dp[7]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[4], a->dp[6]);
- SP_ASM_SQR_ADD(l, h, o, a->dp[5]);
- SP_ASM_ADD_DBL_3(l, h, o, tl, th, to);
- t[10] = l;
- l = h;
- h = o;
- o = 0;
- SP_ASM_MUL_SET(tl, th, to, a->dp[0], a->dp[11]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[1], a->dp[10]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[2], a->dp[9]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[3], a->dp[8]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[4], a->dp[7]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[5], a->dp[6]);
- SP_ASM_ADD_DBL_3(l, h, o, tl, th, to);
- t[11] = l;
- l = h;
- h = o;
- o = 0;
- SP_ASM_MUL_SET(tl, th, to, a->dp[1], a->dp[11]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[2], a->dp[10]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[3], a->dp[9]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[4], a->dp[8]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[5], a->dp[7]);
- SP_ASM_SQR_ADD(l, h, o, a->dp[6]);
- SP_ASM_ADD_DBL_3(l, h, o, tl, th, to);
- r->dp[12] = l;
- l = h;
- h = o;
- o = 0;
- SP_ASM_MUL_SET(tl, th, to, a->dp[2], a->dp[11]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[3], a->dp[10]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[4], a->dp[9]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[5], a->dp[8]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[6], a->dp[7]);
- SP_ASM_ADD_DBL_3(l, h, o, tl, th, to);
- r->dp[13] = l;
- l = h;
- h = o;
- o = 0;
- SP_ASM_MUL_SET(tl, th, to, a->dp[3], a->dp[11]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[4], a->dp[10]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[5], a->dp[9]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[6], a->dp[8]);
- SP_ASM_SQR_ADD(l, h, o, a->dp[7]);
- SP_ASM_ADD_DBL_3(l, h, o, tl, th, to);
- r->dp[14] = l;
- l = h;
- h = o;
- o = 0;
- SP_ASM_MUL_SET(tl, th, to, a->dp[4], a->dp[11]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[5], a->dp[10]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[6], a->dp[9]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[7], a->dp[8]);
- SP_ASM_ADD_DBL_3(l, h, o, tl, th, to);
- r->dp[15] = l;
- l = h;
- h = o;
- o = 0;
- SP_ASM_MUL_SET(tl, th, to, a->dp[5], a->dp[11]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[6], a->dp[10]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[7], a->dp[9]);
- SP_ASM_SQR_ADD(l, h, o, a->dp[8]);
- SP_ASM_ADD_DBL_3(l, h, o, tl, th, to);
- r->dp[16] = l;
- l = h;
- h = o;
- o = 0;
- SP_ASM_MUL_SET(tl, th, to, a->dp[6], a->dp[11]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[7], a->dp[10]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[8], a->dp[9]);
- SP_ASM_ADD_DBL_3(l, h, o, tl, th, to);
- r->dp[17] = l;
- l = h;
- h = o;
- o = 0;
- SP_ASM_MUL_ADD2(l, h, o, a->dp[7], a->dp[11]);
- SP_ASM_MUL_ADD2(l, h, o, a->dp[8], a->dp[10]);
- SP_ASM_SQR_ADD(l, h, o, a->dp[9]);
- r->dp[18] = l;
- l = h;
- h = o;
- o = 0;
- SP_ASM_MUL_ADD2(l, h, o, a->dp[8], a->dp[11]);
- SP_ASM_MUL_ADD2(l, h, o, a->dp[9], a->dp[10]);
- r->dp[19] = l;
- l = h;
- h = o;
- o = 0;
- SP_ASM_MUL_ADD2(l, h, o, a->dp[9], a->dp[11]);
- SP_ASM_SQR_ADD(l, h, o, a->dp[10]);
- r->dp[20] = l;
- l = h;
- h = o;
- o = 0;
- SP_ASM_MUL_ADD2(l, h, o, a->dp[10], a->dp[11]);
- r->dp[21] = l;
- l = h;
- h = o;
- SP_ASM_SQR_ADD_NO(l, h, a->dp[11]);
- r->dp[22] = l;
- r->dp[23] = h;
- XMEMCPY(r->dp, t, 12 * sizeof(sp_int_digit));
- r->used = 24;
- sp_clamp(r);
- return MP_OKAY;
- }
- #endif /* SQR_MUL_ASM */
- #endif /* SP_WORD_SIZE == 32 */
- #endif /* !WOLFSSL_HAVE_SP_ECC && HAVE_ECC */
- #if defined(SQR_MUL_ASM) && defined(WOLFSSL_SP_INT_LARGE_COMBA)
- #if SP_INT_DIGITS >= 32
- /* Square a and store in r. r = a * a
- *
- * @param [in] a SP integer to square.
- * @param [out] r SP integer result.
- *
- * @return MP_OKAY on success.
- * @return MP_MEM when dynamic memory allocation fails.
- */
- static int _sp_sqr_16(sp_int* a, sp_int* r)
- {
- int err = MP_OKAY;
- sp_int_digit l = 0;
- sp_int_digit h = 0;
- sp_int_digit o = 0;
- sp_int_digit tl = 0;
- sp_int_digit th = 0;
- sp_int_digit to;
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
- sp_int_digit* t = NULL;
- #else
- sp_int_digit t[16];
- #endif
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
- t = (sp_int_digit*)XMALLOC(sizeof(sp_int_digit) * 16, NULL,
- DYNAMIC_TYPE_BIGINT);
- if (t == NULL) {
- err = MP_MEM;
- }
- #endif
- if (err == MP_OKAY) {
- SP_ASM_SQR(h, l, a->dp[0]);
- t[0] = h;
- h = 0;
- SP_ASM_MUL_ADD2_NO(l, h, o, a->dp[0], a->dp[1]);
- t[1] = l;
- l = h;
- h = o;
- o = 0;
- SP_ASM_MUL_ADD2_NO(l, h, o, a->dp[0], a->dp[2]);
- SP_ASM_SQR_ADD(l, h, o, a->dp[1]);
- t[2] = l;
- l = h;
- h = o;
- o = 0;
- SP_ASM_MUL_ADD2(l, h, o, a->dp[0], a->dp[3]);
- SP_ASM_MUL_ADD2(l, h, o, a->dp[1], a->dp[2]);
- t[3] = l;
- l = h;
- h = o;
- o = 0;
- SP_ASM_MUL_ADD2(l, h, o, a->dp[0], a->dp[4]);
- SP_ASM_MUL_ADD2(l, h, o, a->dp[1], a->dp[3]);
- SP_ASM_SQR_ADD(l, h, o, a->dp[2]);
- t[4] = l;
- l = h;
- h = o;
- o = 0;
- SP_ASM_MUL_SET(tl, th, to, a->dp[0], a->dp[5]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[1], a->dp[4]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[2], a->dp[3]);
- SP_ASM_ADD_DBL_3(l, h, o, tl, th, to);
- t[5] = l;
- l = h;
- h = o;
- o = 0;
- SP_ASM_MUL_SET(tl, th, to, a->dp[0], a->dp[6]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[1], a->dp[5]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[2], a->dp[4]);
- SP_ASM_SQR_ADD(l, h, o, a->dp[3]);
- SP_ASM_ADD_DBL_3(l, h, o, tl, th, to);
- t[6] = l;
- l = h;
- h = o;
- o = 0;
- SP_ASM_MUL_SET(tl, th, to, a->dp[0], a->dp[7]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[1], a->dp[6]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[2], a->dp[5]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[3], a->dp[4]);
- SP_ASM_ADD_DBL_3(l, h, o, tl, th, to);
- t[7] = l;
- l = h;
- h = o;
- o = 0;
- SP_ASM_MUL_SET(tl, th, to, a->dp[0], a->dp[8]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[1], a->dp[7]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[2], a->dp[6]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[3], a->dp[5]);
- SP_ASM_SQR_ADD(l, h, o, a->dp[4]);
- SP_ASM_ADD_DBL_3(l, h, o, tl, th, to);
- t[8] = l;
- l = h;
- h = o;
- o = 0;
- SP_ASM_MUL_SET(tl, th, to, a->dp[0], a->dp[9]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[1], a->dp[8]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[2], a->dp[7]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[3], a->dp[6]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[4], a->dp[5]);
- SP_ASM_ADD_DBL_3(l, h, o, tl, th, to);
- t[9] = l;
- l = h;
- h = o;
- o = 0;
- SP_ASM_MUL_SET(tl, th, to, a->dp[0], a->dp[10]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[1], a->dp[9]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[2], a->dp[8]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[3], a->dp[7]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[4], a->dp[6]);
- SP_ASM_SQR_ADD(l, h, o, a->dp[5]);
- SP_ASM_ADD_DBL_3(l, h, o, tl, th, to);
- t[10] = l;
- l = h;
- h = o;
- o = 0;
- SP_ASM_MUL_SET(tl, th, to, a->dp[0], a->dp[11]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[1], a->dp[10]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[2], a->dp[9]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[3], a->dp[8]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[4], a->dp[7]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[5], a->dp[6]);
- SP_ASM_ADD_DBL_3(l, h, o, tl, th, to);
- t[11] = l;
- l = h;
- h = o;
- o = 0;
- SP_ASM_MUL_SET(tl, th, to, a->dp[0], a->dp[12]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[1], a->dp[11]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[2], a->dp[10]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[3], a->dp[9]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[4], a->dp[8]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[5], a->dp[7]);
- SP_ASM_SQR_ADD(l, h, o, a->dp[6]);
- SP_ASM_ADD_DBL_3(l, h, o, tl, th, to);
- t[12] = l;
- l = h;
- h = o;
- o = 0;
- SP_ASM_MUL_SET(tl, th, to, a->dp[0], a->dp[13]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[1], a->dp[12]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[2], a->dp[11]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[3], a->dp[10]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[4], a->dp[9]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[5], a->dp[8]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[6], a->dp[7]);
- SP_ASM_ADD_DBL_3(l, h, o, tl, th, to);
- t[13] = l;
- l = h;
- h = o;
- o = 0;
- SP_ASM_MUL_SET(tl, th, to, a->dp[0], a->dp[14]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[1], a->dp[13]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[2], a->dp[12]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[3], a->dp[11]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[4], a->dp[10]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[5], a->dp[9]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[6], a->dp[8]);
- SP_ASM_SQR_ADD(l, h, o, a->dp[7]);
- SP_ASM_ADD_DBL_3(l, h, o, tl, th, to);
- t[14] = l;
- l = h;
- h = o;
- o = 0;
- SP_ASM_MUL_SET(tl, th, to, a->dp[0], a->dp[15]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[1], a->dp[14]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[2], a->dp[13]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[3], a->dp[12]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[4], a->dp[11]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[5], a->dp[10]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[6], a->dp[9]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[7], a->dp[8]);
- SP_ASM_ADD_DBL_3(l, h, o, tl, th, to);
- t[15] = l;
- l = h;
- h = o;
- o = 0;
- SP_ASM_MUL_SET(tl, th, to, a->dp[1], a->dp[15]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[2], a->dp[14]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[3], a->dp[13]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[4], a->dp[12]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[5], a->dp[11]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[6], a->dp[10]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[7], a->dp[9]);
- SP_ASM_SQR_ADD(l, h, o, a->dp[8]);
- SP_ASM_ADD_DBL_3(l, h, o, tl, th, to);
- r->dp[16] = l;
- l = h;
- h = o;
- o = 0;
- SP_ASM_MUL_SET(tl, th, to, a->dp[2], a->dp[15]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[3], a->dp[14]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[4], a->dp[13]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[5], a->dp[12]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[6], a->dp[11]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[7], a->dp[10]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[8], a->dp[9]);
- SP_ASM_ADD_DBL_3(l, h, o, tl, th, to);
- r->dp[17] = l;
- l = h;
- h = o;
- o = 0;
- SP_ASM_MUL_SET(tl, th, to, a->dp[3], a->dp[15]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[4], a->dp[14]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[5], a->dp[13]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[6], a->dp[12]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[7], a->dp[11]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[8], a->dp[10]);
- SP_ASM_SQR_ADD(l, h, o, a->dp[9]);
- SP_ASM_ADD_DBL_3(l, h, o, tl, th, to);
- r->dp[18] = l;
- l = h;
- h = o;
- o = 0;
- SP_ASM_MUL_SET(tl, th, to, a->dp[4], a->dp[15]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[5], a->dp[14]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[6], a->dp[13]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[7], a->dp[12]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[8], a->dp[11]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[9], a->dp[10]);
- SP_ASM_ADD_DBL_3(l, h, o, tl, th, to);
- r->dp[19] = l;
- l = h;
- h = o;
- o = 0;
- SP_ASM_MUL_SET(tl, th, to, a->dp[5], a->dp[15]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[6], a->dp[14]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[7], a->dp[13]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[8], a->dp[12]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[9], a->dp[11]);
- SP_ASM_SQR_ADD(l, h, o, a->dp[10]);
- SP_ASM_ADD_DBL_3(l, h, o, tl, th, to);
- r->dp[20] = l;
- l = h;
- h = o;
- o = 0;
- SP_ASM_MUL_SET(tl, th, to, a->dp[6], a->dp[15]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[7], a->dp[14]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[8], a->dp[13]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[9], a->dp[12]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[10], a->dp[11]);
- SP_ASM_ADD_DBL_3(l, h, o, tl, th, to);
- r->dp[21] = l;
- l = h;
- h = o;
- o = 0;
- SP_ASM_MUL_SET(tl, th, to, a->dp[7], a->dp[15]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[8], a->dp[14]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[9], a->dp[13]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[10], a->dp[12]);
- SP_ASM_SQR_ADD(l, h, o, a->dp[11]);
- SP_ASM_ADD_DBL_3(l, h, o, tl, th, to);
- r->dp[22] = l;
- l = h;
- h = o;
- o = 0;
- SP_ASM_MUL_SET(tl, th, to, a->dp[8], a->dp[15]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[9], a->dp[14]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[10], a->dp[13]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[11], a->dp[12]);
- SP_ASM_ADD_DBL_3(l, h, o, tl, th, to);
- r->dp[23] = l;
- l = h;
- h = o;
- o = 0;
- SP_ASM_MUL_SET(tl, th, to, a->dp[9], a->dp[15]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[10], a->dp[14]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[11], a->dp[13]);
- SP_ASM_SQR_ADD(l, h, o, a->dp[12]);
- SP_ASM_ADD_DBL_3(l, h, o, tl, th, to);
- r->dp[24] = l;
- l = h;
- h = o;
- o = 0;
- SP_ASM_MUL_SET(tl, th, to, a->dp[10], a->dp[15]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[11], a->dp[14]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[12], a->dp[13]);
- SP_ASM_ADD_DBL_3(l, h, o, tl, th, to);
- r->dp[25] = l;
- l = h;
- h = o;
- o = 0;
- SP_ASM_MUL_ADD2(l, h, o, a->dp[11], a->dp[15]);
- SP_ASM_MUL_ADD2(l, h, o, a->dp[12], a->dp[14]);
- SP_ASM_SQR_ADD(l, h, o, a->dp[13]);
- r->dp[26] = l;
- l = h;
- h = o;
- o = 0;
- SP_ASM_MUL_ADD2(l, h, o, a->dp[12], a->dp[15]);
- SP_ASM_MUL_ADD2(l, h, o, a->dp[13], a->dp[14]);
- r->dp[27] = l;
- l = h;
- h = o;
- o = 0;
- SP_ASM_MUL_ADD2(l, h, o, a->dp[13], a->dp[15]);
- SP_ASM_SQR_ADD(l, h, o, a->dp[14]);
- r->dp[28] = l;
- l = h;
- h = o;
- o = 0;
- SP_ASM_MUL_ADD2(l, h, o, a->dp[14], a->dp[15]);
- r->dp[29] = l;
- l = h;
- h = o;
- SP_ASM_SQR_ADD_NO(l, h, a->dp[15]);
- r->dp[30] = l;
- r->dp[31] = h;
- XMEMCPY(r->dp, t, 16 * sizeof(sp_int_digit));
- r->used = 32;
- sp_clamp(r);
- }
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (t != NULL) {
- XFREE(t, NULL, DYNAMIC_TYPE_BIGINT);
- }
- #endif
- return err;
- }
- #endif /* SP_INT_DIGITS >= 32 */
- #if SP_INT_DIGITS >= 48
- /* Square a and store in r. r = a * a
- *
- * @param [in] a SP integer to square.
- * @param [out] r SP integer result.
- *
- * @return MP_OKAY on success.
- * @return MP_MEM when dynamic memory allocation fails.
- */
- static int _sp_sqr_24(sp_int* a, sp_int* r)
- {
- int err = MP_OKAY;
- sp_int_digit l = 0;
- sp_int_digit h = 0;
- sp_int_digit o = 0;
- sp_int_digit tl = 0;
- sp_int_digit th = 0;
- sp_int_digit to;
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
- sp_int_digit* t = NULL;
- #else
- sp_int_digit t[24];
- #endif
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
- t = (sp_int_digit*)XMALLOC(sizeof(sp_int_digit) * 24, NULL,
- DYNAMIC_TYPE_BIGINT);
- if (t == NULL) {
- err = MP_MEM;
- }
- #endif
- if (err == MP_OKAY) {
- SP_ASM_SQR(h, l, a->dp[0]);
- t[0] = h;
- h = 0;
- SP_ASM_MUL_ADD2_NO(l, h, o, a->dp[0], a->dp[1]);
- t[1] = l;
- l = h;
- h = o;
- o = 0;
- SP_ASM_MUL_ADD2_NO(l, h, o, a->dp[0], a->dp[2]);
- SP_ASM_SQR_ADD(l, h, o, a->dp[1]);
- t[2] = l;
- l = h;
- h = o;
- o = 0;
- SP_ASM_MUL_ADD2(l, h, o, a->dp[0], a->dp[3]);
- SP_ASM_MUL_ADD2(l, h, o, a->dp[1], a->dp[2]);
- t[3] = l;
- l = h;
- h = o;
- o = 0;
- SP_ASM_MUL_ADD2(l, h, o, a->dp[0], a->dp[4]);
- SP_ASM_MUL_ADD2(l, h, o, a->dp[1], a->dp[3]);
- SP_ASM_SQR_ADD(l, h, o, a->dp[2]);
- t[4] = l;
- l = h;
- h = o;
- o = 0;
- SP_ASM_MUL_SET(tl, th, to, a->dp[0], a->dp[5]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[1], a->dp[4]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[2], a->dp[3]);
- SP_ASM_ADD_DBL_3(l, h, o, tl, th, to);
- t[5] = l;
- l = h;
- h = o;
- o = 0;
- SP_ASM_MUL_SET(tl, th, to, a->dp[0], a->dp[6]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[1], a->dp[5]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[2], a->dp[4]);
- SP_ASM_SQR_ADD(l, h, o, a->dp[3]);
- SP_ASM_ADD_DBL_3(l, h, o, tl, th, to);
- t[6] = l;
- l = h;
- h = o;
- o = 0;
- SP_ASM_MUL_SET(tl, th, to, a->dp[0], a->dp[7]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[1], a->dp[6]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[2], a->dp[5]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[3], a->dp[4]);
- SP_ASM_ADD_DBL_3(l, h, o, tl, th, to);
- t[7] = l;
- l = h;
- h = o;
- o = 0;
- SP_ASM_MUL_SET(tl, th, to, a->dp[0], a->dp[8]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[1], a->dp[7]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[2], a->dp[6]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[3], a->dp[5]);
- SP_ASM_SQR_ADD(l, h, o, a->dp[4]);
- SP_ASM_ADD_DBL_3(l, h, o, tl, th, to);
- t[8] = l;
- l = h;
- h = o;
- o = 0;
- SP_ASM_MUL_SET(tl, th, to, a->dp[0], a->dp[9]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[1], a->dp[8]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[2], a->dp[7]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[3], a->dp[6]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[4], a->dp[5]);
- SP_ASM_ADD_DBL_3(l, h, o, tl, th, to);
- t[9] = l;
- l = h;
- h = o;
- o = 0;
- SP_ASM_MUL_SET(tl, th, to, a->dp[0], a->dp[10]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[1], a->dp[9]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[2], a->dp[8]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[3], a->dp[7]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[4], a->dp[6]);
- SP_ASM_SQR_ADD(l, h, o, a->dp[5]);
- SP_ASM_ADD_DBL_3(l, h, o, tl, th, to);
- t[10] = l;
- l = h;
- h = o;
- o = 0;
- SP_ASM_MUL_SET(tl, th, to, a->dp[0], a->dp[11]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[1], a->dp[10]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[2], a->dp[9]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[3], a->dp[8]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[4], a->dp[7]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[5], a->dp[6]);
- SP_ASM_ADD_DBL_3(l, h, o, tl, th, to);
- t[11] = l;
- l = h;
- h = o;
- o = 0;
- SP_ASM_MUL_SET(tl, th, to, a->dp[0], a->dp[12]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[1], a->dp[11]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[2], a->dp[10]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[3], a->dp[9]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[4], a->dp[8]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[5], a->dp[7]);
- SP_ASM_SQR_ADD(l, h, o, a->dp[6]);
- SP_ASM_ADD_DBL_3(l, h, o, tl, th, to);
- t[12] = l;
- l = h;
- h = o;
- o = 0;
- SP_ASM_MUL_SET(tl, th, to, a->dp[0], a->dp[13]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[1], a->dp[12]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[2], a->dp[11]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[3], a->dp[10]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[4], a->dp[9]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[5], a->dp[8]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[6], a->dp[7]);
- SP_ASM_ADD_DBL_3(l, h, o, tl, th, to);
- t[13] = l;
- l = h;
- h = o;
- o = 0;
- SP_ASM_MUL_SET(tl, th, to, a->dp[0], a->dp[14]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[1], a->dp[13]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[2], a->dp[12]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[3], a->dp[11]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[4], a->dp[10]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[5], a->dp[9]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[6], a->dp[8]);
- SP_ASM_SQR_ADD(l, h, o, a->dp[7]);
- SP_ASM_ADD_DBL_3(l, h, o, tl, th, to);
- t[14] = l;
- l = h;
- h = o;
- o = 0;
- SP_ASM_MUL_SET(tl, th, to, a->dp[0], a->dp[15]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[1], a->dp[14]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[2], a->dp[13]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[3], a->dp[12]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[4], a->dp[11]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[5], a->dp[10]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[6], a->dp[9]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[7], a->dp[8]);
- SP_ASM_ADD_DBL_3(l, h, o, tl, th, to);
- t[15] = l;
- l = h;
- h = o;
- o = 0;
- SP_ASM_MUL_SET(tl, th, to, a->dp[0], a->dp[16]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[1], a->dp[15]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[2], a->dp[14]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[3], a->dp[13]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[4], a->dp[12]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[5], a->dp[11]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[6], a->dp[10]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[7], a->dp[9]);
- SP_ASM_SQR_ADD(l, h, o, a->dp[8]);
- SP_ASM_ADD_DBL_3(l, h, o, tl, th, to);
- t[16] = l;
- l = h;
- h = o;
- o = 0;
- SP_ASM_MUL_SET(tl, th, to, a->dp[0], a->dp[17]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[1], a->dp[16]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[2], a->dp[15]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[3], a->dp[14]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[4], a->dp[13]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[5], a->dp[12]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[6], a->dp[11]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[7], a->dp[10]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[8], a->dp[9]);
- SP_ASM_ADD_DBL_3(l, h, o, tl, th, to);
- t[17] = l;
- l = h;
- h = o;
- o = 0;
- SP_ASM_MUL_SET(tl, th, to, a->dp[0], a->dp[18]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[1], a->dp[17]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[2], a->dp[16]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[3], a->dp[15]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[4], a->dp[14]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[5], a->dp[13]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[6], a->dp[12]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[7], a->dp[11]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[8], a->dp[10]);
- SP_ASM_SQR_ADD(l, h, o, a->dp[9]);
- SP_ASM_ADD_DBL_3(l, h, o, tl, th, to);
- t[18] = l;
- l = h;
- h = o;
- o = 0;
- SP_ASM_MUL_SET(tl, th, to, a->dp[0], a->dp[19]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[1], a->dp[18]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[2], a->dp[17]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[3], a->dp[16]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[4], a->dp[15]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[5], a->dp[14]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[6], a->dp[13]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[7], a->dp[12]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[8], a->dp[11]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[9], a->dp[10]);
- SP_ASM_ADD_DBL_3(l, h, o, tl, th, to);
- t[19] = l;
- l = h;
- h = o;
- o = 0;
- SP_ASM_MUL_SET(tl, th, to, a->dp[0], a->dp[20]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[1], a->dp[19]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[2], a->dp[18]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[3], a->dp[17]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[4], a->dp[16]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[5], a->dp[15]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[6], a->dp[14]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[7], a->dp[13]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[8], a->dp[12]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[9], a->dp[11]);
- SP_ASM_SQR_ADD(l, h, o, a->dp[10]);
- SP_ASM_ADD_DBL_3(l, h, o, tl, th, to);
- t[20] = l;
- l = h;
- h = o;
- o = 0;
- SP_ASM_MUL_SET(tl, th, to, a->dp[0], a->dp[21]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[1], a->dp[20]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[2], a->dp[19]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[3], a->dp[18]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[4], a->dp[17]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[5], a->dp[16]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[6], a->dp[15]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[7], a->dp[14]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[8], a->dp[13]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[9], a->dp[12]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[10], a->dp[11]);
- SP_ASM_ADD_DBL_3(l, h, o, tl, th, to);
- t[21] = l;
- l = h;
- h = o;
- o = 0;
- SP_ASM_MUL_SET(tl, th, to, a->dp[0], a->dp[22]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[1], a->dp[21]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[2], a->dp[20]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[3], a->dp[19]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[4], a->dp[18]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[5], a->dp[17]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[6], a->dp[16]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[7], a->dp[15]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[8], a->dp[14]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[9], a->dp[13]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[10], a->dp[12]);
- SP_ASM_SQR_ADD(l, h, o, a->dp[11]);
- SP_ASM_ADD_DBL_3(l, h, o, tl, th, to);
- t[22] = l;
- l = h;
- h = o;
- o = 0;
- SP_ASM_MUL_SET(tl, th, to, a->dp[0], a->dp[23]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[1], a->dp[22]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[2], a->dp[21]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[3], a->dp[20]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[4], a->dp[19]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[5], a->dp[18]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[6], a->dp[17]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[7], a->dp[16]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[8], a->dp[15]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[9], a->dp[14]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[10], a->dp[13]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[11], a->dp[12]);
- SP_ASM_ADD_DBL_3(l, h, o, tl, th, to);
- t[23] = l;
- l = h;
- h = o;
- o = 0;
- SP_ASM_MUL_SET(tl, th, to, a->dp[1], a->dp[23]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[2], a->dp[22]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[3], a->dp[21]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[4], a->dp[20]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[5], a->dp[19]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[6], a->dp[18]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[7], a->dp[17]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[8], a->dp[16]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[9], a->dp[15]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[10], a->dp[14]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[11], a->dp[13]);
- SP_ASM_SQR_ADD(l, h, o, a->dp[12]);
- SP_ASM_ADD_DBL_3(l, h, o, tl, th, to);
- r->dp[24] = l;
- l = h;
- h = o;
- o = 0;
- SP_ASM_MUL_SET(tl, th, to, a->dp[2], a->dp[23]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[3], a->dp[22]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[4], a->dp[21]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[5], a->dp[20]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[6], a->dp[19]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[7], a->dp[18]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[8], a->dp[17]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[9], a->dp[16]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[10], a->dp[15]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[11], a->dp[14]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[12], a->dp[13]);
- SP_ASM_ADD_DBL_3(l, h, o, tl, th, to);
- r->dp[25] = l;
- l = h;
- h = o;
- o = 0;
- SP_ASM_MUL_SET(tl, th, to, a->dp[3], a->dp[23]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[4], a->dp[22]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[5], a->dp[21]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[6], a->dp[20]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[7], a->dp[19]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[8], a->dp[18]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[9], a->dp[17]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[10], a->dp[16]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[11], a->dp[15]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[12], a->dp[14]);
- SP_ASM_SQR_ADD(l, h, o, a->dp[13]);
- SP_ASM_ADD_DBL_3(l, h, o, tl, th, to);
- r->dp[26] = l;
- l = h;
- h = o;
- o = 0;
- SP_ASM_MUL_SET(tl, th, to, a->dp[4], a->dp[23]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[5], a->dp[22]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[6], a->dp[21]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[7], a->dp[20]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[8], a->dp[19]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[9], a->dp[18]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[10], a->dp[17]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[11], a->dp[16]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[12], a->dp[15]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[13], a->dp[14]);
- SP_ASM_ADD_DBL_3(l, h, o, tl, th, to);
- r->dp[27] = l;
- l = h;
- h = o;
- o = 0;
- SP_ASM_MUL_SET(tl, th, to, a->dp[5], a->dp[23]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[6], a->dp[22]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[7], a->dp[21]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[8], a->dp[20]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[9], a->dp[19]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[10], a->dp[18]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[11], a->dp[17]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[12], a->dp[16]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[13], a->dp[15]);
- SP_ASM_SQR_ADD(l, h, o, a->dp[14]);
- SP_ASM_ADD_DBL_3(l, h, o, tl, th, to);
- r->dp[28] = l;
- l = h;
- h = o;
- o = 0;
- SP_ASM_MUL_SET(tl, th, to, a->dp[6], a->dp[23]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[7], a->dp[22]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[8], a->dp[21]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[9], a->dp[20]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[10], a->dp[19]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[11], a->dp[18]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[12], a->dp[17]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[13], a->dp[16]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[14], a->dp[15]);
- SP_ASM_ADD_DBL_3(l, h, o, tl, th, to);
- r->dp[29] = l;
- l = h;
- h = o;
- o = 0;
- SP_ASM_MUL_SET(tl, th, to, a->dp[7], a->dp[23]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[8], a->dp[22]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[9], a->dp[21]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[10], a->dp[20]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[11], a->dp[19]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[12], a->dp[18]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[13], a->dp[17]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[14], a->dp[16]);
- SP_ASM_SQR_ADD(l, h, o, a->dp[15]);
- SP_ASM_ADD_DBL_3(l, h, o, tl, th, to);
- r->dp[30] = l;
- l = h;
- h = o;
- o = 0;
- SP_ASM_MUL_SET(tl, th, to, a->dp[8], a->dp[23]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[9], a->dp[22]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[10], a->dp[21]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[11], a->dp[20]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[12], a->dp[19]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[13], a->dp[18]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[14], a->dp[17]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[15], a->dp[16]);
- SP_ASM_ADD_DBL_3(l, h, o, tl, th, to);
- r->dp[31] = l;
- l = h;
- h = o;
- o = 0;
- SP_ASM_MUL_SET(tl, th, to, a->dp[9], a->dp[23]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[10], a->dp[22]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[11], a->dp[21]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[12], a->dp[20]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[13], a->dp[19]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[14], a->dp[18]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[15], a->dp[17]);
- SP_ASM_SQR_ADD(l, h, o, a->dp[16]);
- SP_ASM_ADD_DBL_3(l, h, o, tl, th, to);
- r->dp[32] = l;
- l = h;
- h = o;
- o = 0;
- SP_ASM_MUL_SET(tl, th, to, a->dp[10], a->dp[23]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[11], a->dp[22]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[12], a->dp[21]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[13], a->dp[20]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[14], a->dp[19]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[15], a->dp[18]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[16], a->dp[17]);
- SP_ASM_ADD_DBL_3(l, h, o, tl, th, to);
- r->dp[33] = l;
- l = h;
- h = o;
- o = 0;
- SP_ASM_MUL_SET(tl, th, to, a->dp[11], a->dp[23]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[12], a->dp[22]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[13], a->dp[21]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[14], a->dp[20]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[15], a->dp[19]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[16], a->dp[18]);
- SP_ASM_SQR_ADD(l, h, o, a->dp[17]);
- SP_ASM_ADD_DBL_3(l, h, o, tl, th, to);
- r->dp[34] = l;
- l = h;
- h = o;
- o = 0;
- SP_ASM_MUL_SET(tl, th, to, a->dp[12], a->dp[23]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[13], a->dp[22]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[14], a->dp[21]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[15], a->dp[20]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[16], a->dp[19]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[17], a->dp[18]);
- SP_ASM_ADD_DBL_3(l, h, o, tl, th, to);
- r->dp[35] = l;
- l = h;
- h = o;
- o = 0;
- SP_ASM_MUL_SET(tl, th, to, a->dp[13], a->dp[23]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[14], a->dp[22]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[15], a->dp[21]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[16], a->dp[20]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[17], a->dp[19]);
- SP_ASM_SQR_ADD(l, h, o, a->dp[18]);
- SP_ASM_ADD_DBL_3(l, h, o, tl, th, to);
- r->dp[36] = l;
- l = h;
- h = o;
- o = 0;
- SP_ASM_MUL_SET(tl, th, to, a->dp[14], a->dp[23]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[15], a->dp[22]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[16], a->dp[21]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[17], a->dp[20]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[18], a->dp[19]);
- SP_ASM_ADD_DBL_3(l, h, o, tl, th, to);
- r->dp[37] = l;
- l = h;
- h = o;
- o = 0;
- SP_ASM_MUL_SET(tl, th, to, a->dp[15], a->dp[23]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[16], a->dp[22]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[17], a->dp[21]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[18], a->dp[20]);
- SP_ASM_SQR_ADD(l, h, o, a->dp[19]);
- SP_ASM_ADD_DBL_3(l, h, o, tl, th, to);
- r->dp[38] = l;
- l = h;
- h = o;
- o = 0;
- SP_ASM_MUL_SET(tl, th, to, a->dp[16], a->dp[23]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[17], a->dp[22]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[18], a->dp[21]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[19], a->dp[20]);
- SP_ASM_ADD_DBL_3(l, h, o, tl, th, to);
- r->dp[39] = l;
- l = h;
- h = o;
- o = 0;
- SP_ASM_MUL_SET(tl, th, to, a->dp[17], a->dp[23]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[18], a->dp[22]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[19], a->dp[21]);
- SP_ASM_SQR_ADD(l, h, o, a->dp[20]);
- SP_ASM_ADD_DBL_3(l, h, o, tl, th, to);
- r->dp[40] = l;
- l = h;
- h = o;
- o = 0;
- SP_ASM_MUL_SET(tl, th, to, a->dp[18], a->dp[23]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[19], a->dp[22]);
- SP_ASM_MUL_ADD(tl, th, to, a->dp[20], a->dp[21]);
- SP_ASM_ADD_DBL_3(l, h, o, tl, th, to);
- r->dp[41] = l;
- l = h;
- h = o;
- o = 0;
- SP_ASM_MUL_ADD2(l, h, o, a->dp[19], a->dp[23]);
- SP_ASM_MUL_ADD2(l, h, o, a->dp[20], a->dp[22]);
- SP_ASM_SQR_ADD(l, h, o, a->dp[21]);
- r->dp[42] = l;
- l = h;
- h = o;
- o = 0;
- SP_ASM_MUL_ADD2(l, h, o, a->dp[20], a->dp[23]);
- SP_ASM_MUL_ADD2(l, h, o, a->dp[21], a->dp[22]);
- r->dp[43] = l;
- l = h;
- h = o;
- o = 0;
- SP_ASM_MUL_ADD2(l, h, o, a->dp[21], a->dp[23]);
- SP_ASM_SQR_ADD(l, h, o, a->dp[22]);
- r->dp[44] = l;
- l = h;
- h = o;
- o = 0;
- SP_ASM_MUL_ADD2(l, h, o, a->dp[22], a->dp[23]);
- r->dp[45] = l;
- l = h;
- h = o;
- SP_ASM_SQR_ADD_NO(l, h, a->dp[23]);
- r->dp[46] = l;
- r->dp[47] = h;
- XMEMCPY(r->dp, t, 24 * sizeof(sp_int_digit));
- r->used = 48;
- sp_clamp(r);
- }
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
- if (t != NULL) {
- XFREE(t, NULL, DYNAMIC_TYPE_BIGINT);
- }
- #endif
- return err;
- }
- #endif /* SP_INT_DIGITS >= 48 */
- #if SP_INT_DIGITS >= 64
- /* Square a and store in r. r = a * a
- *
- * @param [in] a SP integer to square.
- * @param [out] r SP integer result.
- *
- * @return MP_OKAY on success.
- * @return MP_MEM when dynamic memory allocation fails.
- */
- static int _sp_sqr_32(sp_int* a, sp_int* r)
- {
- int err = MP_OKAY;
- int i;
- sp_int_digit l;
- sp_int_digit h;
- sp_int* z0;
- sp_int* z1;
- sp_int* z2;
- sp_int_digit ca;
- DECL_SP_INT(a1, 16);
- DECL_SP_INT_ARRAY(z, 33, 2);
- ALLOC_SP_INT(a1, 16, err, NULL);
- ALLOC_SP_INT_ARRAY(z, 33, 2, err, NULL);
- if (err == MP_OKAY) {
- z1 = z[0];
- z2 = z[1];
- z0 = r;
- XMEMCPY(a1->dp, &a->dp[16], sizeof(sp_int_digit) * 16);
- a1->used = 16;
- /* z2 = a1 ^ 2 */
- err = _sp_sqr_16(a1, z2);
- }
- if (err == MP_OKAY) {
- l = 0;
- h = 0;
- for (i = 0; i < 16; i++) {
- SP_ASM_ADDC(l, h, a1->dp[i]);
- SP_ASM_ADDC(l, h, a->dp[i]);
- a1->dp[i] = l;
- l = h;
- h = 0;
- }
- ca = l;
- /* z0 = a0 ^ 2 */
- err = _sp_sqr_16(a, z0);
- }
- if (err == MP_OKAY) {
- /* z1 = (a0 + a1) ^ 2 */
- err = _sp_sqr_16(a1, z1);
- }
- if (err == MP_OKAY) {
- /* r = (z2 << 32) + (z1 - z0 - z2) << 16) + z0 */
- /* r = z0 */
- /* r += (z1 - z0 - z2) << 16 */
- z1->dp[32] = ca;
- l = 0;
- if (ca) {
- l = z1->dp[0 + 16];
- h = 0;
- SP_ASM_ADDC(l, h, a1->dp[0]);
- SP_ASM_ADDC(l, h, a1->dp[0]);
- z1->dp[0 + 16] = l;
- l = h;
- h = 0;
- for (i = 1; i < 16; i++) {
- SP_ASM_ADDC(l, h, z1->dp[i + 16]);
- SP_ASM_ADDC(l, h, a1->dp[i]);
- SP_ASM_ADDC(l, h, a1->dp[i]);
- z1->dp[i + 16] = l;
- l = h;
- h = 0;
- }
- }
- z1->dp[32] += l;
- /* z1 = z1 - z0 - z1 */
- l = z1->dp[0];
- h = 0;
- SP_ASM_SUBC(l, h, z0->dp[0]);
- SP_ASM_SUBC(l, h, z2->dp[0]);
- z1->dp[0] = l;
- l = h;
- h = 0;
- for (i = 1; i < 32; i++) {
- l += z1->dp[i];
- SP_ASM_SUBC(l, h, z0->dp[i]);
- SP_ASM_SUBC(l, h, z2->dp[i]);
- z1->dp[i] = l;
- l = h;
- h = 0;
- }
- z1->dp[i] += l;
- /* r += z1 << 16 */
- l = 0;
- h = 0;
- for (i = 0; i < 16; i++) {
- SP_ASM_ADDC(l, h, r->dp[i + 16]);
- SP_ASM_ADDC(l, h, z1->dp[i]);
- r->dp[i + 16] = l;
- l = h;
- h = 0;
- }
- for (; i < 33; i++) {
- SP_ASM_ADDC(l, h, z1->dp[i]);
- r->dp[i + 16] = l;
- l = h;
- h = 0;
- }
- /* r += z2 << 32 */
- l = 0;
- h = 0;
- for (i = 0; i < 17; i++) {
- SP_ASM_ADDC(l, h, r->dp[i + 32]);
- SP_ASM_ADDC(l, h, z2->dp[i]);
- r->dp[i + 32] = l;
- l = h;
- h = 0;
- }
- for (; i < 32; i++) {
- SP_ASM_ADDC(l, h, z2->dp[i]);
- r->dp[i + 32] = l;
- l = h;
- h = 0;
- }
- r->used = 64;
- sp_clamp(r);
- }
- FREE_SP_INT_ARRAY(z, NULL);
- FREE_SP_INT(a1, NULL);
- return err;
- }
- #endif /* SP_INT_DIGITS >= 64 */
- #if SP_INT_DIGITS >= 96
- /* Square a and store in r. r = a * a
- *
- * @param [in] a SP integer to square.
- * @param [out] r SP integer result.
- *
- * @return MP_OKAY on success.
- * @return MP_MEM when dynamic memory allocation fails.
- */
- static int _sp_sqr_48(sp_int* a, sp_int* r)
- {
- int err = MP_OKAY;
- int i;
- sp_int_digit l;
- sp_int_digit h;
- sp_int* z0;
- sp_int* z1;
- sp_int* z2;
- sp_int_digit ca;
- DECL_SP_INT(a1, 24);
- DECL_SP_INT_ARRAY(z, 49, 2);
- ALLOC_SP_INT(a1, 24, err, NULL);
- ALLOC_SP_INT_ARRAY(z, 49, 2, err, NULL);
- if (err == MP_OKAY) {
- z1 = z[0];
- z2 = z[1];
- z0 = r;
- XMEMCPY(a1->dp, &a->dp[24], sizeof(sp_int_digit) * 24);
- a1->used = 24;
- /* z2 = a1 ^ 2 */
- err = _sp_sqr_24(a1, z2);
- }
- if (err == MP_OKAY) {
- l = 0;
- h = 0;
- for (i = 0; i < 24; i++) {
- SP_ASM_ADDC(l, h, a1->dp[i]);
- SP_ASM_ADDC(l, h, a->dp[i]);
- a1->dp[i] = l;
- l = h;
- h = 0;
- }
- ca = l;
- /* z0 = a0 ^ 2 */
- err = _sp_sqr_24(a, z0);
- }
- if (err == MP_OKAY) {
- /* z1 = (a0 + a1) ^ 2 */
- err = _sp_sqr_24(a1, z1);
- }
- if (err == MP_OKAY) {
- /* r = (z2 << 48) + (z1 - z0 - z2) << 24) + z0 */
- /* r = z0 */
- /* r += (z1 - z0 - z2) << 24 */
- z1->dp[48] = ca;
- l = 0;
- if (ca) {
- l = z1->dp[0 + 24];
- h = 0;
- SP_ASM_ADDC(l, h, a1->dp[0]);
- SP_ASM_ADDC(l, h, a1->dp[0]);
- z1->dp[0 + 24] = l;
- l = h;
- h = 0;
- for (i = 1; i < 24; i++) {
- SP_ASM_ADDC(l, h, z1->dp[i + 24]);
- SP_ASM_ADDC(l, h, a1->dp[i]);
- SP_ASM_ADDC(l, h, a1->dp[i]);
- z1->dp[i + 24] = l;
- l = h;
- h = 0;
- }
- }
- z1->dp[48] += l;
- /* z1 = z1 - z0 - z1 */
- l = z1->dp[0];
- h = 0;
- SP_ASM_SUBC(l, h, z0->dp[0]);
- SP_ASM_SUBC(l, h, z2->dp[0]);
- z1->dp[0] = l;
- l = h;
- h = 0;
- for (i = 1; i < 48; i++) {
- l += z1->dp[i];
- SP_ASM_SUBC(l, h, z0->dp[i]);
- SP_ASM_SUBC(l, h, z2->dp[i]);
- z1->dp[i] = l;
- l = h;
- h = 0;
- }
- z1->dp[i] += l;
- /* r += z1 << 16 */
- l = 0;
- h = 0;
- for (i = 0; i < 24; i++) {
- SP_ASM_ADDC(l, h, r->dp[i + 24]);
- SP_ASM_ADDC(l, h, z1->dp[i]);
- r->dp[i + 24] = l;
- l = h;
- h = 0;
- }
- for (; i < 49; i++) {
- SP_ASM_ADDC(l, h, z1->dp[i]);
- r->dp[i + 24] = l;
- l = h;
- h = 0;
- }
- /* r += z2 << 48 */
- l = 0;
- h = 0;
- for (i = 0; i < 25; i++) {
- SP_ASM_ADDC(l, h, r->dp[i + 48]);
- SP_ASM_ADDC(l, h, z2->dp[i]);
- r->dp[i + 48] = l;
- l = h;
- h = 0;
- }
- for (; i < 48; i++) {
- SP_ASM_ADDC(l, h, z2->dp[i]);
- r->dp[i + 48] = l;
- l = h;
- h = 0;
- }
- r->used = 96;
- sp_clamp(r);
- }
- FREE_SP_INT_ARRAY(z, NULL);
- FREE_SP_INT(a1, NULL);
- return err;
- }
- #endif /* SP_INT_DIGITS >= 96 */
- #if SP_INT_DIGITS >= 128
- /* Square a and store in r. r = a * a
- *
- * @param [in] a SP integer to square.
- * @param [out] r SP integer result.
- *
- * @return MP_OKAY on success.
- * @return MP_MEM when dynamic memory allocation fails.
- */
- static int _sp_sqr_64(sp_int* a, sp_int* r)
- {
- int err = MP_OKAY;
- int i;
- sp_int_digit l;
- sp_int_digit h;
- sp_int* z0;
- sp_int* z1;
- sp_int* z2;
- sp_int_digit ca;
- DECL_SP_INT(a1, 32);
- DECL_SP_INT_ARRAY(z, 65, 2);
- ALLOC_SP_INT(a1, 32, err, NULL);
- ALLOC_SP_INT_ARRAY(z, 65, 2, err, NULL);
- if (err == MP_OKAY) {
- z1 = z[0];
- z2 = z[1];
- z0 = r;
- XMEMCPY(a1->dp, &a->dp[32], sizeof(sp_int_digit) * 32);
- a1->used = 32;
- /* z2 = a1 ^ 2 */
- err = _sp_sqr_32(a1, z2);
- }
- if (err == MP_OKAY) {
- l = 0;
- h = 0;
- for (i = 0; i < 32; i++) {
- SP_ASM_ADDC(l, h, a1->dp[i]);
- SP_ASM_ADDC(l, h, a->dp[i]);
- a1->dp[i] = l;
- l = h;
- h = 0;
- }
- ca = l;
- /* z0 = a0 ^ 2 */
- err = _sp_sqr_32(a, z0);
- }
- if (err == MP_OKAY) {
- /* z1 = (a0 + a1) ^ 2 */
- err = _sp_sqr_32(a1, z1);
- }
- if (err == MP_OKAY) {
- /* r = (z2 << 64) + (z1 - z0 - z2) << 32) + z0 */
- /* r = z0 */
- /* r += (z1 - z0 - z2) << 32 */
- z1->dp[64] = ca;
- l = 0;
- if (ca) {
- l = z1->dp[0 + 32];
- h = 0;
- SP_ASM_ADDC(l, h, a1->dp[0]);
- SP_ASM_ADDC(l, h, a1->dp[0]);
- z1->dp[0 + 32] = l;
- l = h;
- h = 0;
- for (i = 1; i < 32; i++) {
- SP_ASM_ADDC(l, h, z1->dp[i + 32]);
- SP_ASM_ADDC(l, h, a1->dp[i]);
- SP_ASM_ADDC(l, h, a1->dp[i]);
- z1->dp[i + 32] = l;
- l = h;
- h = 0;
- }
- }
- z1->dp[64] += l;
- /* z1 = z1 - z0 - z1 */
- l = z1->dp[0];
- h = 0;
- SP_ASM_SUBC(l, h, z0->dp[0]);
- SP_ASM_SUBC(l, h, z2->dp[0]);
- z1->dp[0] = l;
- l = h;
- h = 0;
- for (i = 1; i < 64; i++) {
- l += z1->dp[i];
- SP_ASM_SUBC(l, h, z0->dp[i]);
- SP_ASM_SUBC(l, h, z2->dp[i]);
- z1->dp[i] = l;
- l = h;
- h = 0;
- }
- z1->dp[i] += l;
- /* r += z1 << 16 */
- l = 0;
- h = 0;
- for (i = 0; i < 32; i++) {
- SP_ASM_ADDC(l, h, r->dp[i + 32]);
- SP_ASM_ADDC(l, h, z1->dp[i]);
- r->dp[i + 32] = l;
- l = h;
- h = 0;
- }
- for (; i < 65; i++) {
- SP_ASM_ADDC(l, h, z1->dp[i]);
- r->dp[i + 32] = l;
- l = h;
- h = 0;
- }
- /* r += z2 << 64 */
- l = 0;
- h = 0;
- for (i = 0; i < 33; i++) {
- SP_ASM_ADDC(l, h, r->dp[i + 64]);
- SP_ASM_ADDC(l, h, z2->dp[i]);
- r->dp[i + 64] = l;
- l = h;
- h = 0;
- }
- for (; i < 64; i++) {
- SP_ASM_ADDC(l, h, z2->dp[i]);
- r->dp[i + 64] = l;
- l = h;
- h = 0;
- }
- r->used = 128;
- sp_clamp(r);
- }
- FREE_SP_INT_ARRAY(z, NULL);
- FREE_SP_INT(a1, NULL);
- return err;
- }
- #endif /* SP_INT_DIGITS >= 128 */
- #if SP_INT_DIGITS >= 192
- /* Square a and store in r. r = a * a
- *
- * @param [in] a SP integer to square.
- * @param [out] r SP integer result.
- *
- * @return MP_OKAY on success.
- * @return MP_MEM when dynamic memory allocation fails.
- */
- static int _sp_sqr_96(sp_int* a, sp_int* r)
- {
- int err = MP_OKAY;
- int i;
- sp_int_digit l;
- sp_int_digit h;
- sp_int* z0;
- sp_int* z1;
- sp_int* z2;
- sp_int_digit ca;
- DECL_SP_INT(a1, 48);
- DECL_SP_INT_ARRAY(z, 97, 2);
- ALLOC_SP_INT(a1, 48, err, NULL);
- ALLOC_SP_INT_ARRAY(z, 97, 2, err, NULL);
- if (err == MP_OKAY) {
- z1 = z[0];
- z2 = z[1];
- z0 = r;
- XMEMCPY(a1->dp, &a->dp[48], sizeof(sp_int_digit) * 48);
- a1->used = 48;
- /* z2 = a1 ^ 2 */
- err = _sp_sqr_48(a1, z2);
- }
- if (err == MP_OKAY) {
- l = 0;
- h = 0;
- for (i = 0; i < 48; i++) {
- SP_ASM_ADDC(l, h, a1->dp[i]);
- SP_ASM_ADDC(l, h, a->dp[i]);
- a1->dp[i] = l;
- l = h;
- h = 0;
- }
- ca = l;
- /* z0 = a0 ^ 2 */
- err = _sp_sqr_48(a, z0);
- }
- if (err == MP_OKAY) {
- /* z1 = (a0 + a1) ^ 2 */
- err = _sp_sqr_48(a1, z1);
- }
- if (err == MP_OKAY) {
- /* r = (z2 << 96) + (z1 - z0 - z2) << 48) + z0 */
- /* r = z0 */
- /* r += (z1 - z0 - z2) << 48 */
- z1->dp[96] = ca;
- l = 0;
- if (ca) {
- l = z1->dp[0 + 48];
- h = 0;
- SP_ASM_ADDC(l, h, a1->dp[0]);
- SP_ASM_ADDC(l, h, a1->dp[0]);
- z1->dp[0 + 48] = l;
- l = h;
- h = 0;
- for (i = 1; i < 48; i++) {
- SP_ASM_ADDC(l, h, z1->dp[i + 48]);
- SP_ASM_ADDC(l, h, a1->dp[i]);
- SP_ASM_ADDC(l, h, a1->dp[i]);
- z1->dp[i + 48] = l;
- l = h;
- h = 0;
- }
- }
- z1->dp[96] += l;
- /* z1 = z1 - z0 - z1 */
- l = z1->dp[0];
- h = 0;
- SP_ASM_SUBC(l, h, z0->dp[0]);
- SP_ASM_SUBC(l, h, z2->dp[0]);
- z1->dp[0] = l;
- l = h;
- h = 0;
- for (i = 1; i < 96; i++) {
- l += z1->dp[i];
- SP_ASM_SUBC(l, h, z0->dp[i]);
- SP_ASM_SUBC(l, h, z2->dp[i]);
- z1->dp[i] = l;
- l = h;
- h = 0;
- }
- z1->dp[i] += l;
- /* r += z1 << 16 */
- l = 0;
- h = 0;
- for (i = 0; i < 48; i++) {
- SP_ASM_ADDC(l, h, r->dp[i + 48]);
- SP_ASM_ADDC(l, h, z1->dp[i]);
- r->dp[i + 48] = l;
- l = h;
- h = 0;
- }
- for (; i < 97; i++) {
- SP_ASM_ADDC(l, h, z1->dp[i]);
- r->dp[i + 48] = l;
- l = h;
- h = 0;
- }
- /* r += z2 << 96 */
- l = 0;
- h = 0;
- for (i = 0; i < 49; i++) {
- SP_ASM_ADDC(l, h, r->dp[i + 96]);
- SP_ASM_ADDC(l, h, z2->dp[i]);
- r->dp[i + 96] = l;
- l = h;
- h = 0;
- }
- for (; i < 96; i++) {
- SP_ASM_ADDC(l, h, z2->dp[i]);
- r->dp[i + 96] = l;
- l = h;
- h = 0;
- }
- r->used = 192;
- sp_clamp(r);
- }
- FREE_SP_INT_ARRAY(z, NULL);
- FREE_SP_INT(a1, NULL);
- return err;
- }
- #endif /* SP_INT_DIGITS >= 192 */
- #endif /* SQR_MUL_ASM && WOLFSSL_SP_INT_LARGE_COMBA */
- #endif /* !WOLFSSL_SP_SMALL */
- /* Square a and store in r. r = a * a
- *
- * @param [in] a SP integer to square.
- * @param [out] r SP integer result.
- *
- * @return MP_OKAY on success.
- * @return MP_VAL when a or r is NULL, or the result will be too big for fixed
- * data length.
- * @return MP_MEM when dynamic memory allocation fails.
- */
- int sp_sqr(sp_int* a, sp_int* r)
- {
- #if defined(WOLFSSL_SP_MATH) && defined(WOLFSSL_SP_SMALL)
- return sp_mul(a, a, r);
- #else
- int err = MP_OKAY;
- if ((a == NULL) || (r == NULL)) {
- err = MP_VAL;
- }
- /* Need extra digit during calculation. */
- if ((err == MP_OKAY) && (a->used * 2 > r->size)) {
- err = MP_VAL;
- }
- if (0 && (err == MP_OKAY)) {
- sp_print(a, "a");
- }
- if (err == MP_OKAY) {
- if (a->used == 0) {
- _sp_zero(r);
- }
- else
- #ifndef WOLFSSL_SP_SMALL
- #if !defined(WOLFSSL_HAVE_SP_ECC) && defined(HAVE_ECC)
- #if SP_WORD_SIZE == 64
- if (a->used == 4) {
- err = _sp_sqr_4(a, r);
- }
- else
- #endif /* SP_WORD_SIZE == 64 */
- #if SP_WORD_SIZE == 64
- #ifdef SQR_MUL_ASM
- if (a->used == 6) {
- err = _sp_sqr_6(a, r);
- }
- else
- #endif /* SQR_MUL_ASM */
- #endif /* SP_WORD_SIZE == 64 */
- #if SP_WORD_SIZE == 32
- #ifdef SQR_MUL_ASM
- if (a->used == 8) {
- err = _sp_sqr_8(a, r);
- }
- else
- #endif /* SQR_MUL_ASM */
- #endif /* SP_WORD_SIZE == 32 */
- #if SP_WORD_SIZE == 32
- #ifdef SQR_MUL_ASM
- if (a->used == 12) {
- err = _sp_sqr_12(a, r);
- }
- else
- #endif /* SQR_MUL_ASM */
- #endif /* SP_WORD_SIZE == 32 */
- #endif /* !WOLFSSL_HAVE_SP_ECC && HAVE_ECC */
- #if defined(SQR_MUL_ASM) && defined(WOLFSSL_SP_INT_LARGE_COMBA)
- #if SP_INT_DIGITS >= 32
- if (a->used == 16) {
- err = _sp_sqr_16(a, r);
- }
- else
- #endif /* SP_INT_DIGITS >= 32 */
- #if SP_INT_DIGITS >= 48
- if (a->used == 24) {
- err = _sp_sqr_24(a, r);
- }
- else
- #endif /* SP_INT_DIGITS >= 48 */
- #if SP_INT_DIGITS >= 64
- if (a->used == 32) {
- err = _sp_sqr_32(a, r);
- }
- else
- #endif /* SP_INT_DIGITS >= 64 */
- #if SP_INT_DIGITS >= 96
- if (a->used == 48) {
- err = _sp_sqr_48(a, r);
- }
- else
- #endif /* SP_INT_DIGITS >= 96 */
- #if SP_INT_DIGITS >= 128
- if (a->used == 64) {
- err = _sp_sqr_64(a, r);
- }
- else
- #endif /* SP_INT_DIGITS >= 128 */
- #if SP_INT_DIGITS >= 192
- if (a->used == 96) {
- err = _sp_sqr_96(a, r);
- }
- else
- #endif /* SP_INT_DIGITS >= 192 */
- #endif /* SQR_MUL_ASM && WOLFSSL_SP_INT_LARGE_COMBA */
- #endif /* !WOLFSSL_SP_SMALL */
- {
- err = _sp_sqr(a, r);
- }
- }
- #ifdef WOLFSSL_SP_INT_NEGATIVE
- if (err == MP_OKAY) {
- r->sign = MP_ZPOS;
- }
- #endif
- if (0 && (err == MP_OKAY)) {
- sp_print(r, "rsqr");
- }
- return err;
- #endif /* WOLFSSL_SP_MATH && WOLFSSL_SP_SMALL */
- }
- /* END SP_SQR implementations */
- #endif /* WOLFSSL_SP_MATH_ALL || WOLFSSL_HAVE_SP_DH || HAVE_ECC ||
- * (!NO_RSA && !WOLFSSL_RSA_VERIFY_ONLY) */
- #if !defined(WOLFSSL_RSA_VERIFY_ONLY) && !defined(WOLFSSL_RSA_PUBLIC_ONLY)
- /* Square a mod m and store in r: r = (a * a) mod m
- *
- * @param [in] a SP integer to square.
- * @param [in] m SP integer that is the modulus.
- * @param [out] r SP integer result.
- *
- * @return MP_OKAY on success.
- * @return MP_VAL when a, m or r is NULL; or m is 0; or a squared is too big
- * for fixed data length.
- * @return MP_MEM when dynamic memory allocation fails.
- */
- int sp_sqrmod(sp_int* a, sp_int* m, sp_int* r)
- {
- int err = MP_OKAY;
- if ((a == NULL) || (m == NULL) || (r == NULL)) {
- err = MP_VAL;
- }
- if ((err == MP_OKAY) && (a->used * 2 > r->size)) {
- err = MP_VAL;
- }
- if (err == MP_OKAY) {
- err = sp_sqr(a, r);
- }
- if (err == MP_OKAY) {
- err = sp_mod(r, m, r);
- }
- return err;
- }
- #endif /* !WOLFSSL_RSA_VERIFY_ONLY */
- /**********************
- * Montogmery functions
- **********************/
- #if defined(WOLFSSL_SP_MATH_ALL) || defined(WOLFSSL_HAVE_SP_DH)
- /* Reduce a number in montgomery form.
- *
- * Assumes a and m are not NULL and m is not 0.
- *
- * @param [in,out] a SP integer to Montgomery reduce.
- * @param [in] m SP integer that is the modulus.
- * @param [in] mp SP integer digit that is the bottom digit of inv(-m).
- *
- * @return MP_OKAY on success.
- */
- static int _sp_mont_red(sp_int* a, sp_int* m, sp_int_digit mp)
- {
- #if !defined(SQR_MUL_ASM)
- int i;
- int bits;
- sp_int_word w;
- sp_int_digit mu;
- if (0) {
- sp_print(a, "a");
- sp_print(m, "m");
- }
- bits = sp_count_bits(m);
- for (i = a->used; i < m->used * 2; i++) {
- a->dp[i] = 0;
- }
- if (m->used == 1) {
- mu = mp * a->dp[0];
- w = a->dp[0];
- w += (sp_int_word)mu * m->dp[0];
- a->dp[0] = (sp_int_digit)w;
- w >>= SP_WORD_SIZE;
- w += a->dp[1];
- a->dp[1] = (sp_int_digit)w;
- w >>= SP_WORD_SIZE;
- a->dp[2] = (sp_int_digit)w;
- a->used = 3;
- /* mp is SP_WORD_SIZE */
- bits = SP_WORD_SIZE;
- }
- else {
- sp_int_digit mask = (sp_int_digit)
- ((1UL << (bits & (SP_WORD_SIZE - 1))) - 1);
- sp_int_word o = 0;
- for (i = 0; i < m->used; i++) {
- int j;
- mu = mp * a->dp[i];
- if ((i == m->used - 1) && (mask != 0)) {
- mu &= mask;
- }
- w = a->dp[i];
- w += (sp_int_word)mu * m->dp[0];
- a->dp[i] = (sp_int_digit)w;
- w >>= SP_WORD_SIZE;
- for (j = 1; j < m->used - 1; j++) {
- w += a->dp[i + j];
- w += (sp_int_word)mu * m->dp[j];
- a->dp[i + j] = (sp_int_digit)w;
- w >>= SP_WORD_SIZE;
- }
- w += o;
- w += a->dp[i + j];
- o = (sp_int_digit)(w >> SP_WORD_SIZE);
- w = ((sp_int_word)mu * m->dp[j]) + (sp_int_digit)w;
- a->dp[i + j] = (sp_int_digit)w;
- w >>= SP_WORD_SIZE;
- o += w;
- }
- o += a->dp[m->used * 2 - 1];
- a->dp[m->used * 2 - 1] = (sp_int_digit)o;
- o >>= SP_WORD_SIZE;
- a->dp[m->used * 2] = (sp_int_digit)o;
- a->used = m->used * 2 + 1;
- }
- sp_clamp(a);
- sp_rshb(a, bits, a);
- if (_sp_cmp(a, m) != MP_LT) {
- _sp_sub_off(a, m, a, 0);
- }
- if (0) {
- sp_print(a, "rr");
- }
- return MP_OKAY;
- #else /* !SQR_MUL_ASM */
- int i;
- int j;
- int bits;
- sp_int_digit mu;
- sp_int_digit o;
- sp_int_digit mask;
- bits = sp_count_bits(m);
- mask = (1UL << (bits & (SP_WORD_SIZE - 1))) - 1;
- for (i = a->used; i < m->used * 2; i++) {
- a->dp[i] = 0;
- }
- if (m->used <= 1) {
- sp_int_word w;
- mu = mp * a->dp[0];
- w = a->dp[0];
- w += (sp_int_word)mu * m->dp[0];
- a->dp[0] = w;
- w >>= SP_WORD_SIZE;
- w += a->dp[1];
- a->dp[1] = w;
- w >>= SP_WORD_SIZE;
- a->dp[2] = w;
- a->used = m->used * 2 + 1;
- /* mp is SP_WORD_SIZE */
- bits = SP_WORD_SIZE;
- }
- #ifndef WOLFSSL_HAVE_SP_ECC
- #if SP_WORD_SIZE == 64
- else if (m->used == 4) {
- sp_int_digit l;
- sp_int_digit h;
- l = 0;
- h = 0;
- o = 0;
- for (i = 0; i < 4; i++) {
- mu = mp * a->dp[i];
- if ((i == 3) && (mask != 0)) {
- mu &= mask;
- }
- l = a->dp[i];
- SP_ASM_MUL_ADD_NO(l, h, mu, m->dp[0]);
- a->dp[i] = l;
- l = h;
- h = 0;
- SP_ASM_ADDC(l, h, a->dp[i + 1]);
- SP_ASM_MUL_ADD_NO(l, h, mu, m->dp[1]);
- a->dp[i + 1] = l;
- l = h;
- h = 0;
- SP_ASM_ADDC(l, h, a->dp[i + 2]);
- SP_ASM_MUL_ADD_NO(l, h, mu, m->dp[2]);
- a->dp[i + 2] = l;
- l = h;
- h = 0;
- SP_ASM_ADDC_REG(l, h, o);
- SP_ASM_ADDC(l, h, a->dp[i + 3]);
- SP_ASM_MUL_ADD_NO(l, h, mu, m->dp[3]);
- a->dp[i + 3] = l;
- o = h;
- l = h;
- h = 0;
- }
- SP_ASM_ADDC(l, h, a->dp[7]);
- a->dp[7] = l;
- a->dp[8] = h;
- a->used = 9;
- }
- else if (m->used == 6) {
- sp_int_digit l;
- sp_int_digit h;
- l = 0;
- h = 0;
- o = 0;
- for (i = 0; i < 6; i++) {
- mu = mp * a->dp[i];
- if ((i == 5) && (mask != 0)) {
- mu &= mask;
- }
- l = a->dp[i];
- SP_ASM_MUL_ADD_NO(l, h, mu, m->dp[0]);
- a->dp[i] = l;
- l = h;
- h = 0;
- SP_ASM_ADDC(l, h, a->dp[i + 1]);
- SP_ASM_MUL_ADD_NO(l, h, mu, m->dp[1]);
- a->dp[i + 1] = l;
- l = h;
- h = 0;
- SP_ASM_ADDC(l, h, a->dp[i + 2]);
- SP_ASM_MUL_ADD_NO(l, h, mu, m->dp[2]);
- a->dp[i + 2] = l;
- l = h;
- h = 0;
- SP_ASM_ADDC(l, h, a->dp[i + 3]);
- SP_ASM_MUL_ADD_NO(l, h, mu, m->dp[3]);
- a->dp[i + 3] = l;
- l = h;
- h = 0;
- SP_ASM_ADDC(l, h, a->dp[i + 4]);
- SP_ASM_MUL_ADD_NO(l, h, mu, m->dp[4]);
- a->dp[i + 4] = l;
- l = h;
- h = 0;
- SP_ASM_ADDC_REG(l, h, o);
- SP_ASM_ADDC(l, h, a->dp[i + 5]);
- SP_ASM_MUL_ADD_NO(l, h, mu, m->dp[5]);
- a->dp[i + 5] = l;
- o = h;
- l = h;
- h = 0;
- }
- SP_ASM_ADDC(l, h, a->dp[11]);
- a->dp[11] = l;
- a->dp[12] = h;
- a->used = 13;
- }
- #endif /* SP_WORD_SIZE == 64 */
- #endif /* WOLFSSL_HAVE_SP_ECC */
- else {
- sp_int_digit l;
- sp_int_digit h;
- sp_int_digit o2;
- sp_int_digit* ad;
- sp_int_digit* md;
- o = 0;
- o2 = 0;
- ad = a->dp;
- for (i = 0; i < m->used; i++, ad++) {
- md = m->dp;
- mu = mp * ad[0];
- if ((i == m->used - 1) && (mask != 0)) {
- mu &= mask;
- }
- l = ad[0];
- h = 0;
- SP_ASM_MUL_ADD_NO(l, h, mu, *(md++));
- ad[0] = l;
- l = h;
- for (j = 1; j + 1 < m->used - 1; j += 2) {
- h = 0;
- SP_ASM_ADDC(l, h, ad[j + 0]);
- SP_ASM_MUL_ADD_NO(l, h, mu, *(md++));
- ad[j + 0] = l;
- l = 0;
- SP_ASM_ADDC(h, l, ad[j + 1]);
- SP_ASM_MUL_ADD_NO(h, l, mu, *(md++));
- ad[j + 1] = h;
- }
- for (; j < m->used - 1; j++) {
- h = 0;
- SP_ASM_ADDC(l, h, ad[j]);
- SP_ASM_MUL_ADD_NO(l, h, mu, *(md++));
- ad[j] = l;
- l = h;
- }
- h = o2;
- o2 = 0;
- SP_ASM_ADDC_REG(l, h, o);
- SP_ASM_ADDC(l, h, ad[j]);
- SP_ASM_MUL_ADD(l, h, o2, mu, *md);
- ad[j] = l;
- o = h;
- }
- l = o;
- h = o2;
- SP_ASM_ADDC(l, h, a->dp[m->used * 2 - 1]);
- a->dp[m->used * 2 - 1] = l;
- a->dp[m->used * 2] = h;
- a->used = m->used * 2 + 1;
- }
- sp_clamp(a);
- sp_rshb(a, bits, a);
- if (_sp_cmp(a, m) != MP_LT) {
- sp_sub(a, m, a);
- }
- return MP_OKAY;
- #endif /* !SQR_MUL_ASM */
- }
- #ifndef WOLFSSL_RSA_VERIFY_ONLY
- /* Reduce a number in montgomery form.
- *
- * @param [in,out] a SP integer to Montgomery reduce.
- * @param [in] m SP integer that is the modulus.
- * @param [in] mp SP integer digit that is the bottom digit of inv(-m).
- *
- * @return MP_OKAY on success.
- * @return MP_VAL when a or m is NULL or m is zero.
- */
- int sp_mont_red(sp_int* a, sp_int* m, sp_int_digit mp)
- {
- int err;
- if ((a == NULL) || (m == NULL) || sp_iszero(m)) {
- err = MP_VAL;
- }
- else if (a->size < m->used * 2 + 1) {
- err = MP_VAL;
- }
- else {
- err = _sp_mont_red(a, m, mp);
- }
- return err;
- }
- #endif
- /* Calculate the bottom digit of the inverse of negative m.
- *
- * Used when performing Montgomery Reduction.
- *
- * @param [in] m SP integer that is the modulus.
- * @param [out] mp SP integer digit that is the bottom digit of inv(-m).
- *
- * @return MP_OKAY on success.
- * @return MP_VAL when m or rho is NULL.
- */
- int sp_mont_setup(sp_int* m, sp_int_digit* rho)
- {
- int err = MP_OKAY;
- if ((m == NULL) || (rho == NULL)) {
- err = MP_VAL;
- }
- if ((err == MP_OKAY) && !sp_isodd(m)) {
- err = MP_VAL;
- }
- if (err == MP_OKAY) {
- sp_int_digit x;
- sp_int_digit b;
- b = m->dp[0];
- x = (((b + 2) & 4) << 1) + b; /* here x*a==1 mod 2**4 */
- x *= 2 - b * x; /* here x*a==1 mod 2**8 */
- #if SP_WORD_SIZE >= 16
- x *= 2 - b * x; /* here x*a==1 mod 2**16 */
- #if SP_WORD_SIZE >= 32
- x *= 2 - b * x; /* here x*a==1 mod 2**32 */
- #if SP_WORD_SIZE >= 64
- x *= 2 - b * x; /* here x*a==1 mod 2**64 */
- #endif /* SP_WORD_SIZE >= 64 */
- #endif /* SP_WORD_SIZE >= 32 */
- #endif /* SP_WORD_SIZE >= 16 */
- /* rho = -1/m mod b */
- *rho = -x;
- }
- return err;
- }
- /* Calculate the normalization value of m.
- * norm = 2^k - m, where k is the number of bits in m
- *
- * @param [out] norm SP integer that normalises numbers into Montgomery
- * form.
- * @param [in] m SP integer that is the modulus.
- *
- * @return MP_OKAY on success.
- * @return MP_VAL when norm or m is NULL, or number of bits in m is maximual.
- */
- int sp_mont_norm(sp_int* norm, sp_int* m)
- {
- int err = MP_OKAY;
- int bits = 0;
- if ((norm == NULL) || (m == NULL)) {
- err = MP_VAL;
- }
- if (err == MP_OKAY) {
- bits = sp_count_bits(m);
- if (bits == m->size * SP_WORD_SIZE) {
- err = MP_VAL;
- }
- }
- if (err == MP_OKAY) {
- if (bits < SP_WORD_SIZE) {
- bits = SP_WORD_SIZE;
- }
- _sp_zero(norm);
- sp_set_bit(norm, bits);
- err = sp_sub(norm, m, norm);
- }
- if ((err == MP_OKAY) && (bits == SP_WORD_SIZE)) {
- norm->dp[0] %= m->dp[0];
- }
- if (err == MP_OKAY) {
- sp_clamp(norm);
- }
- return err;
- }
- #endif
- /*********************************
- * To and from binary and strings.
- *********************************/
- /* Calculate the number of 8-bit values required to represent the
- * multi-precision number.
- *
- * When a is NULL, return s 0.
- *
- * @param [in] a SP integer.
- *
- * @return The count of 8-bit values.
- */
- int sp_unsigned_bin_size(sp_int* a)
- {
- int cnt = 0;
- if (a != NULL) {
- cnt = (sp_count_bits(a) + 7) / 8;
- }
- return cnt;
- }
- /* Convert a number as an array of bytes in big-endian format to a
- * multi-precision number.
- *
- * @param [out] a SP integer.
- * @param [in] in Array of bytes.
- * @param [in] inSz Number of data bytes in array.
- *
- * @return MP_OKAY on success.
- * @return MP_VAL when the number is too big to fit in an SP.
- */
- int sp_read_unsigned_bin(sp_int* a, const byte* in, word32 inSz)
- {
- int err = MP_OKAY;
- if ((a == NULL) || ((in == NULL) && (inSz > 0))) {
- err = MP_VAL;
- }
- /* Extra digit added to SP_INT_DIGITS to be used in calculations. */
- if ((err == MP_OKAY) && (inSz > ((word32)a->size - 1) * SP_WORD_SIZEOF)) {
- err = MP_VAL;
- }
- #ifndef LITTLE_ENDIAN_ORDER
- if (err == MP_OKAY) {
- int i;
- int j;
- int s;
- for (i = inSz-1,j = 0; i > SP_WORD_SIZEOF-1; i -= SP_WORD_SIZEOF,j++) {
- a->dp[j] = *(sp_int_digit*)(in + i - (SP_WORD_SIZEOF - 1));
- }
- a->dp[j] = 0;
- for (s = 0; i >= 0; i--,s += 8) {
- a->dp[j] |= ((sp_int_digit)in[i]) << s;
- }
- a->used = j + 1;
- sp_clamp(a);
- }
- #else
- if (err == MP_OKAY) {
- int i;
- int j;
- a->used = (inSz + SP_WORD_SIZEOF - 1) / SP_WORD_SIZEOF;
- for (i = inSz-1, j = 0; i >= SP_WORD_SIZEOF - 1; i -= SP_WORD_SIZEOF) {
- a->dp[j] = ((sp_int_digit)in[i - 0] << 0);
- #if SP_WORD_SIZE >= 16
- a->dp[j] |= ((sp_int_digit)in[i - 1] << 8);
- #endif
- #if SP_WORD_SIZE >= 32
- a->dp[j] |= ((sp_int_digit)in[i - 2] << 16) |
- ((sp_int_digit)in[i - 3] << 24);
- #endif
- #if SP_WORD_SIZE >= 64
- a->dp[j] |= ((sp_int_digit)in[i - 4] << 32) |
- ((sp_int_digit)in[i - 5] << 40) |
- ((sp_int_digit)in[i - 6] << 48) |
- ((sp_int_digit)in[i - 7] << 56);
- #endif
- j++;
- }
- a->dp[j] = 0;
- #if SP_WORD_SIZE >= 16
- if (i >= 0) {
- byte *d = (byte*)a->dp;
- a->dp[a->used - 1] = 0;
- switch (i) {
- case 6: d[inSz - 1 - 6] = in[6]; FALL_THROUGH;
- case 5: d[inSz - 1 - 5] = in[5]; FALL_THROUGH;
- case 4: d[inSz - 1 - 4] = in[4]; FALL_THROUGH;
- case 3: d[inSz - 1 - 3] = in[3]; FALL_THROUGH;
- case 2: d[inSz - 1 - 2] = in[2]; FALL_THROUGH;
- case 1: d[inSz - 1 - 1] = in[1]; FALL_THROUGH;
- case 0: d[inSz - 1 - 0] = in[0];
- }
- }
- #endif
- sp_clamp(a);
- }
- #endif /* LITTLE_ENDIAN_ORDER */
- return err;
- }
- #if (!defined(NO_DH) || defined(HAVE_ECC) || defined(WC_RSA_BLINDING) || \
- defined(WOLFSSL_RSA_PUBLIC_ONLY)) && !defined(WOLFSSL_RSA_VERIFY_ONLY)
- /* Convert the multi-precision number to an array of bytes in big-endian format.
- *
- * The array must be large enough for encoded number - use mp_unsigned_bin_size
- * to calculate the number of bytes required.
- *
- * @param [in] a SP integer.
- * @param [out] out Array to put encoding into.
- *
- * @return MP_OKAY on success.
- * @return MP_VAL when a or out is NULL.
- */
- int sp_to_unsigned_bin(sp_int* a, byte* out)
- {
- return sp_to_unsigned_bin_len(a, out, sp_unsigned_bin_size(a));
- }
- #endif /* (!NO_DH || HAVE_ECC || WC_RSA_BLINDING || WOLFSSL_RSA_PUBLIC_ONLY)
- && !WOLFSSL_RSA_VERIFY_ONLY */
- /* Convert the multi-precision number to an array of bytes in big-endian format.
- *
- * The array must be large enough for encoded number - use mp_unsigned_bin_size
- * to calculate the number of bytes required.
- * Front-pads the output array with zeros make number the size of the array.
- *
- * @param [in] a SP integer.
- * @param [out] out Array to put encoding into.
- * @param [in] outSz Size of the array in bytes.
- *
- * @return MP_OKAY on success.
- * @return MP_VAL when a or out is NULL.
- */
- int sp_to_unsigned_bin_len(sp_int* a, byte* out, int outSz)
- {
- int err = MP_OKAY;
- if ((a == NULL) || (out == NULL)) {
- err = MP_VAL;
- }
- if (err == MP_OKAY) {
- int j = outSz - 1;
- if (!sp_iszero(a)) {
- int i;
- for (i = 0; (j >= 0) && (i < a->used); i++) {
- int b;
- for (b = 0; b < SP_WORD_SIZE; b += 8) {
- out[j--] = a->dp[i] >> b;
- if (j < 0) {
- break;
- }
- }
- }
- }
- for (; j >= 0; j--) {
- out[j] = 0;
- }
- }
- return err;
- }
- #if defined(WOLFSSL_SP_MATH_ALL) && !defined(WOLFSSL_RSA_VERIFY_ONLY)
- /* Store the number in big-endian format in array at an offset.
- * The array must be large enough for encoded number - use mp_unsigned_bin_size
- * to calculate the number of bytes required.
- *
- * @param [in] o Offset into array o start encoding.
- * @param [in] a SP integer.
- * @param [out] out Array to put encoding into.
- *
- * @return Index of next byte after data.
- * @return MP_VAL when a or out is NULL.
- */
- int sp_to_unsigned_bin_at_pos(int o, sp_int*a, unsigned char* out)
- {
- int ret = sp_to_unsigned_bin(a, out + o);
- if (ret == MP_OKAY) {
- ret = o + sp_unsigned_bin_size(a);
- }
- return ret;
- }
- #endif /* WOLFSSL_SP_MATH_ALL */
- #if (defined(WOLFSSL_SP_MATH_ALL) && !defined(WOLFSSL_RSA_VERIFY_ONLY)) || \
- defined(HAVE_ECC)
- /* Convert hexadecimal number as string in big-endian format to a
- * multi-precision number.
- *
- * Negative values supported when compiled with WOLFSSL_SP_INT_NEGATIVE.
- *
- * @param [out] a SP integer.
- * @param [in] in NUL terminated string.
- *
- * @return MP_OKAY on success.
- * @return MP_VAL when radix not supported, value is negative, or a character
- * is not valid.
- */
- static int _sp_read_radix_16(sp_int* a, const char* in)
- {
- int err = MP_OKAY;
- int i;
- int s = 0;
- int j = 0;
- #ifdef WOLFSSL_SP_INT_NEGATIVE
- if (*in == '-') {
- a->sign = MP_NEG;
- in++;
- }
- #endif
- while (*in == '0') {
- in++;
- }
- a->dp[0] = 0;
- for (i = (int)(XSTRLEN(in) - 1); i >= 0; i--) {
- char ch = in[i];
- if ((ch >= '0') && (ch <= '9')) {
- ch -= '0';
- }
- else if ((ch >= 'A') && (ch <= 'F')) {
- ch -= 'A' - 10;
- }
- else if ((ch >= 'a') && (ch <= 'f')) {
- ch -= 'a' - 10;
- }
- else {
- err = MP_VAL;
- break;
- }
- if (s == SP_WORD_SIZE) {
- j++;
- if (j >= a->size) {
- err = MP_VAL;
- break;
- }
- s = 0;
- a->dp[j] = 0;
- }
- a->dp[j] |= ((sp_int_digit)ch) << s;
- s += 4;
- }
- if (err == MP_OKAY) {
- a->used = j + 1;
- sp_clamp(a);
- #ifdef WOLFSSL_SP_INT_NEGATIVE
- if (sp_iszero(a)) {
- a->sign = MP_ZPOS;
- }
- #endif
- }
- return err;
- }
- #endif /* (WOLFSSL_SP_MATH_ALL && !WOLFSSL_RSA_VERIFY_ONLY) || HAVE_ECC */
- #if defined(WOLFSSL_SP_MATH_ALL) && !defined(WOLFSSL_RSA_VERIFY_ONLY)
- /* Convert decimal number as string in big-endian format to a multi-precision
- * number.
- *
- * Negative values supported when compiled with WOLFSSL_SP_INT_NEGATIVE.
- *
- * @param [out] a SP integer.
- * @param [in] in NUL terminated string.
- *
- * @return MP_OKAY on success.
- * @return MP_VAL when radix not supported, value is negative, or a character
- * is not valid.
- */
- static int _sp_read_radix_10(sp_int* a, const char* in)
- {
- int err = MP_OKAY;
- int i;
- int len;
- char ch;
- _sp_zero(a);
- #ifdef WOLFSSL_SP_INT_NEGATIVE
- if (*in == '-') {
- a->sign = MP_NEG;
- in++;
- }
- #endif /* WOLFSSL_SP_INT_NEGATIVE */
- while (*in == '0') {
- in++;
- }
- len = (int)XSTRLEN(in);
- for (i = 0; i < len; i++) {
- ch = in[i];
- if ((ch >= '0') && (ch <= '9')) {
- ch -= '0';
- }
- else {
- err = MP_VAL;
- break;
- }
- if (a->used + 1 > a->size) {
- err = MP_VAL;
- break;
- }
- _sp_mul_d(a, 10, a, 0);
- (void)_sp_add_d(a, ch, a);
- }
- #ifdef WOLFSSL_SP_INT_NEGATIVE
- if ((err == MP_OKAY) && sp_iszero(a)) {
- a->sign = MP_ZPOS;
- }
- #endif
- return err;
- }
- #endif /* WOLFSSL_SP_MATH_ALL && !WOLFSSL_RSA_VERIFY_ONLY */
- #if (defined(WOLFSSL_SP_MATH_ALL) && !defined(WOLFSSL_RSA_VERIFY_ONLY)) || \
- defined(HAVE_ECC)
- /* Convert a number as string in big-endian format to a big number.
- * Only supports base-16 (hexadecimal) and base-10 (decimal).
- *
- * Negative values supported when WOLFSSL_SP_INT_NEGATIVE is defined.
- *
- * @param [out] a SP integer.
- * @param [in] in NUL terminated string.
- * @param [in] radix Number of values in a digit.
- *
- * @return MP_OKAY on success.
- * @return MP_VAL when a or in is NULL, radix not supported, value is negative,
- * or a character is not valid.
- */
- int sp_read_radix(sp_int* a, const char* in, int radix)
- {
- int err = MP_OKAY;
- if ((a == NULL) || (in == NULL)) {
- err = MP_VAL;
- }
- if (err == MP_OKAY) {
- #ifndef WOLFSSL_SP_INT_NEGATIVE
- if (*in == '-') {
- err = MP_VAL;
- }
- else
- #endif
- if (radix == 16) {
- err = _sp_read_radix_16(a, in);
- }
- #if defined(WOLFSSL_SP_MATH_ALL) && !defined(WOLFSSL_RSA_VERIFY_ONLY)
- else if (radix == 10) {
- err = _sp_read_radix_10(a, in);
- }
- #endif
- else {
- err = MP_VAL;
- }
- }
- return err;
- }
- #endif /* (WOLFSSL_SP_MATH_ALL && !WOLFSSL_RSA_VERIFY_ONLY) || HAVE_ECC */
- #if (defined(WOLFSSL_SP_MATH_ALL) && !defined(WOLFSSL_RSA_VERIFY_ONLY)) || \
- defined(WC_MP_TO_RADIX)
- /* Hex string characters. */
- static const char sp_hex_char[16] = {
- '0', '1', '2', '3', '4', '5', '6', '7',
- '8', '9', 'A', 'B', 'C', 'D', 'E', 'F'
- };
- /* Put the big-endian, hex string encoding of a into str.
- *
- * Assumes str is large enough for result.
- * Use sp_radix_size() to calculate required length.
- *
- * @param [in] a SP integer to convert.
- * @param [out] str String to hold hex string result.
- *
- * @return MP_OKAY on success.
- * @return MP_VAL when a or str is NULL.
- */
- int sp_tohex(sp_int* a, char* str)
- {
- int err = MP_OKAY;
- int i;
- int j;
- if ((a == NULL) || (str == NULL)) {
- err = MP_VAL;
- }
- if (err == MP_OKAY) {
- /* quick out if its zero */
- if (sp_iszero(a) == MP_YES) {
- #ifndef WC_DISABLE_RADIX_ZERO_PAD
- *str++ = '0';
- #endif /* WC_DISABLE_RADIX_ZERO_PAD */
- *str++ = '0';
- *str = '\0';
- }
- else {
- #ifdef WOLFSSL_SP_INT_NEGATIVE
- if (a->sign == MP_NEG) {
- *str = '-';
- str++;
- }
- #endif /* WOLFSSL_SP_INT_NEGATIVE */
- i = a->used - 1;
- #ifndef WC_DISABLE_RADIX_ZERO_PAD
- for (j = SP_WORD_SIZE - 8; j >= 0; j -= 8) {
- if (((a->dp[i] >> j) & 0xff) != 0) {
- break;
- }
- else if (j == 0) {
- j = SP_WORD_SIZE - 8;
- --i;
- }
- }
- j += 4;
- #else
- for (j = SP_WORD_SIZE - 4; j >= 0; j -= 4) {
- if (((a->dp[i] >> j) & 0xf) != 0) {
- break;
- }
- else if (j == 0) {
- j = SP_WORD_SIZE - 4;
- --i;
- }
- }
- #endif /* WC_DISABLE_RADIX_ZERO_PAD */
- for (; j >= 0; j -= 4) {
- *(str++) = sp_hex_char[(a->dp[i] >> j) & 0xf];
- }
- for (--i; i >= 0; i--) {
- for (j = SP_WORD_SIZE - 4; j >= 0; j -= 4) {
- *(str++) = sp_hex_char[(a->dp[i] >> j) & 0xf];
- }
- }
- *str = '\0';
- }
- }
- return err;
- }
- #endif /* (WOLFSSL_SP_MATH_ALL && !WOLFSSL_RSA_VERIFY_ONLY) || WC_MP_TO_RADIX */
- #if (defined(WOLFSSL_SP_MATH_ALL) && !defined(WOLFSSL_RSA_VERIFY_ONLY)) || \
- defined(WOLFSSL_KEY_GEN) || defined(HAVE_COMP_KEY)
- /* Put the big-endian, decimal string encoding of a into str.
- *
- * Assumes str is large enough for result.
- * Use sp_radix_size() to calculate required length.
- *
- * @param [in] a SP integer to convert.
- * @param [out] str String to hold hex string result.
- *
- * @return MP_OKAY on success.
- * @return MP_VAL when a or str is NULL.
- * @return MP_MEM when dynamic memory allocation fails.
- */
- int sp_todecimal(sp_int* a, char* str)
- {
- int err = MP_OKAY;
- int i;
- int j;
- sp_int_digit d;
- if ((a == NULL) || (str == NULL)) {
- err = MP_VAL;
- }
- /* quick out if its zero */
- else if (sp_iszero(a) == MP_YES) {
- *str++ = '0';
- *str = '\0';
- }
- else {
- DECL_SP_INT(t, a->used + 1);
- ALLOC_SP_INT_SIZE(t, a->used + 1, err, NULL);
- if (err == MP_OKAY) {
- err = sp_copy(a, t);
- }
- if (err == MP_OKAY) {
- #ifdef WOLFSSL_SP_INT_NEGATIVE
- if (a->sign == MP_NEG) {
- *str = '-';
- str++;
- }
- #endif /* WOLFSSL_SP_INT_NEGATIVE */
- i = 0;
- while (!sp_iszero(t)) {
- sp_div_d(t, 10, t, &d);
- str[i++] = '0' + d;
- }
- str[i] = '\0';
- for (j = 0; j <= (i - 1) / 2; j++) {
- int c = str[j];
- str[j] = str[i - 1 - j];
- str[i - 1 - j] = c;
- }
- }
- FREE_SP_INT(t, NULL);
- }
- return err;
- }
- #endif /* WOLFSSL_SP_MATH_ALL || WOLFSSL_KEY_GEN || HAVE_COMP_KEY */
- #if defined(WOLFSSL_SP_MATH_ALL) && !defined(WOLFSSL_RSA_VERIFY_ONLY)
- /* Put the string version, big-endian, of a in str using the given radix.
- *
- * @param [in] a SP integer to convert.
- * @param [out] str String to hold hex string result.
- * @param [in] radix Base of character.
- * Valid values: MP_RADIX_HEX, MP_RADIX_DEC.
- *
- * @return MP_OKAY on success.
- * @return MP_VAL when a or str is NULL, or radix not supported.
- */
- int sp_toradix(sp_int* a, char* str, int radix)
- {
- int err = MP_OKAY;
- if ((a == NULL) || (str == NULL)) {
- err = MP_VAL;
- }
- else if (radix == MP_RADIX_HEX) {
- err = sp_tohex(a, str);
- }
- #if defined(WOLFSSL_SP_MATH_ALL) || defined(WOLFSSL_KEY_GEN) || \
- defined(HAVE_COMP_KEY)
- else if (radix == MP_RADIX_DEC) {
- err = sp_todecimal(a, str);
- }
- #endif /* WOLFSSL_SP_MATH_ALL || WOLFSSL_KEY_GEN || HAVE_COMP_KEY */
- else {
- err = MP_VAL;
- }
- return err;
- }
- #endif /* WOLFSSL_SP_MATH_ALL */
- #if defined(WOLFSSL_SP_MATH_ALL) && !defined(WOLFSSL_RSA_VERIFY_ONLY)
- /* Calculate the length of the string version, big-endian, of a using the given
- * radix.
- *
- * @param [in] a SP integer to convert.
- * @param [in] radix Base of character.
- * Valid values: MP_RADIX_HEX, MP_RADIX_DEC.
- * @param [out] size The number of characters in encoding.
- *
- * @return MP_OKAY on success.
- * @return MP_VAL when a or size is NULL, or radix not supported.
- */
- int sp_radix_size(sp_int* a, int radix, int* size)
- {
- int err = MP_OKAY;
- if ((a == NULL) || (size == NULL)) {
- err = MP_VAL;
- }
- else if (radix == MP_RADIX_HEX) {
- if (a->used == 0) {
- #ifndef WC_DISABLE_RADIX_ZERO_PAD
- /* 00 and '\0' */
- *size = 2 + 1;
- #else
- /* Zero and '\0' */
- *size = 1 + 1;
- #endif /* WC_DISABLE_RADIX_ZERO_PAD */
- }
- else {
- int nibbles = (sp_count_bits(a) + 3) / 4;
- #ifdef WOLFSSL_SP_INT_NEGATIVE
- if (a->sign == MP_NEG) {
- nibbles++;
- }
- #endif /* WOLFSSL_SP_INT_NEGATIVE */
- #ifndef WC_DISABLE_RADIX_ZERO_PAD
- if (nibbles & 1) {
- nibbles++;
- }
- #endif /* WC_DISABLE_RADIX_ZERO_PAD */
- /* One more for \0 */
- *size = nibbles + 1;
- }
- }
- #if defined(WOLFSSL_SP_MATH_ALL) || defined(WOLFSSL_KEY_GEN) || \
- defined(HAVE_COMP_KEY)
- else if (radix == MP_RADIX_DEC) {
- int i;
- sp_int_digit d;
- /* quick out if its zero */
- if (sp_iszero(a) == MP_YES) {
- /* Zero and '\0' */
- *size = 1 + 1;
- }
- else {
- DECL_SP_INT(t, a->used + 1);
- ALLOC_SP_INT(t, a->used + 1, err, NULL);
- if (err == MP_OKAY) {
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC)
- t->size = a->used + 1;
- #endif /* WOLFSSL_SMALL_STACK && !WOLFSSL_SP_NO_MALLOC */
- err = sp_copy(a, t);
- }
- if (err == MP_OKAY) {
- for (i = 0; !sp_iszero(t); i++) {
- sp_div_d(t, 10, t, &d);
- }
- #ifdef WOLFSSL_SP_INT_NEGATIVE
- if (a->sign == MP_NEG) {
- i++;
- }
- #endif /* WOLFSSL_SP_INT_NEGATIVE */
- /* One more for \0 */
- *size = i + 1;
- }
- FREE_SP_INT(t, NULL);
- }
- }
- #endif /* WOLFSSL_SP_MATH_ALL || WOLFSSL_KEY_GEN || HAVE_COMP_KEY */
- else {
- err = MP_VAL;
- }
- return err;
- }
- #endif /* WOLFSSL_SP_MATH_ALL && !WOLFSSL_RSA_VERIFY_ONLY */
- /***************************************
- * Prime number generation and checking.
- ***************************************/
- #if defined(WOLFSSL_KEY_GEN) && (!defined(NO_DH) || !defined(NO_DSA)) && \
- !defined(WC_NO_RNG)
- /* Generate a random prime for RSA only.
- *
- * @param [out] r SP integer to hold result.
- * @param [in] len Number of bytes in prime.
- * @param [in] rng Random number generator.
- * @param [in] heap Heap hint. Unused.
- *
- * @return MP_OKAY on success
- * @return MP_VAL when r or rng is NULL, length is not supported or random
- * number generator fails.
- */
- int sp_rand_prime(sp_int* r, int len, WC_RNG* rng, void* heap)
- {
- static const int USE_BBS = 1;
- int err = MP_OKAY;
- int type = 0;
- int isPrime = MP_NO;
- #ifdef WOLFSSL_SP_MATH_ALL
- int bits = 0;
- #endif /* WOLFSSL_SP_MATH_ALL */
- (void)heap;
- /* Check NULL parameters and 0 is not prime so 0 bytes is invalid. */
- if ((r == NULL) || (rng == NULL) || (len == 0)) {
- err = MP_VAL;
- }
- if (err == MP_OKAY) {
- /* get type */
- if (len < 0) {
- type = USE_BBS;
- len = -len;
- }
- #ifndef WOLFSSL_SP_MATH_ALL
- /* For minimal maths, support only what's in SP and needed for DH. */
- #if defined(WOLFSSL_HAVE_SP_DH) && defined(WOLFSSL_KEY_GEN)
- if (len == 32) {
- }
- else
- #endif /* WOLFSSL_HAVE_SP_DH && WOLFSSL_KEY_GEN */
- /* Generate RSA primes that are half the modulus length. */
- #ifndef WOLFSSL_SP_NO_3072
- if ((len != 128) && (len != 192))
- #else
- if (len != 128)
- #endif /* WOLFSSL_SP_NO_3072 */
- {
- err = MP_VAL;
- }
- #endif /* !WOLFSSL_SP_MATH_ALL */
- #ifdef WOLFSSL_SP_INT_NEGATIVE
- r->sign = MP_ZPOS;
- #endif /* WOLFSSL_SP_INT_NEGATIVE */
- r->used = (len + SP_WORD_SIZEOF - 1) / SP_WORD_SIZEOF;
- #ifdef WOLFSSL_SP_MATH_ALL
- bits = (len * 8) & SP_WORD_MASK;
- #endif /* WOLFSSL_SP_MATH_ALL */
- }
- /* Assume the candidate is probably prime and then test until
- * it is proven composite. */
- while (err == MP_OKAY && isPrime == MP_NO) {
- #ifdef SHOW_GEN
- printf(".");
- fflush(stdout);
- #endif /* SHOW_GEN */
- /* generate value */
- err = wc_RNG_GenerateBlock(rng, (byte*)r->dp, len);
- if (err != 0) {
- err = MP_VAL;
- break;
- }
- #ifndef LITTLE_ENDIAN_ORDER
- if (((len * 8) & SP_WORD_MASK) != 0) {
- r->dp[r->used-1] >>= SP_WORD_SIZE - ((len * 8) & SP_WORD_MASK);
- }
- #endif /* LITTLE_ENDIAN_ORDER */
- #ifdef WOLFSSL_SP_MATH_ALL
- if (bits > 0) {
- r->dp[r->used - 1] &= (1L << bits) - 1;
- }
- #endif /* WOLFSSL_SP_MATH_ALL */
- /* munge bits */
- #ifndef LITTLE_ENDIAN_ORDER
- ((byte*)(r->dp + r->used - 1))[0] |= 0x80 | 0x40;
- #else
- ((byte*)r->dp)[len-1] |= 0x80 | 0x40;
- #endif /* LITTLE_ENDIAN_ORDER */
- r->dp[0] |= 0x01 | ((type & USE_BBS) ? 0x02 : 0x00);
- /* test */
- /* Running Miller-Rabin up to 3 times gives us a 2^{-80} chance
- * of a 1024-bit candidate being a false positive, when it is our
- * prime candidate. (Note 4.49 of Handbook of Applied Cryptography.)
- * Using 8 because we've always used 8 */
- sp_prime_is_prime_ex(r, 8, &isPrime, rng);
- }
- return err;
- }
- #endif /* WOLFSSL_KEY_GEN && (!NO_DH || !NO_DSA) && !WC_NO_RNG */
- #if (defined(WOLFSSL_SP_MATH_ALL) && !defined(WOLFSSL_RSA_VERIFY_ONLY) && \
- !defined(WOLFSSL_RSA_PUBLIC_ONLY)) || defined(WOLFSSL_HAVE_SP_DH)
- /* Miller-Rabin test of "a" to the base of "b" as described in
- * HAC pp. 139 Algorithm 4.24
- *
- * Sets result to 0 if definitely composite or 1 if probably prime.
- * Randomly the chance of error is no more than 1/4 and often
- * very much lower.
- *
- * @param [in] a SP integer to check.
- * @param [in] b SP integer that is a small prime.
- * @param [out] result MP_YES when number is likey prime.
- * MP_NO otherwise.
- * @param [in] n1 SP integer temporary.
- * @param [in] y SP integer temporary.
- * @param [in] r SP integer temporary.
- *
- * @return MP_OKAY on success.
- * @return MP_MEM when dynamic memory allocation fails.
- */
- static int sp_prime_miller_rabin_ex(sp_int* a, sp_int* b, int* result,
- sp_int* n1, sp_int* y, sp_int* r)
- {
- int s;
- int j;
- int err = MP_OKAY;
- /* default */
- *result = MP_NO;
- /* ensure b > 1 */
- if (sp_cmp_d(b, 1) == MP_GT) {
- /* get n1 = a - 1 */
- (void)sp_copy(a, n1);
- _sp_sub_d(n1, 1, n1);
- /* set 2**s * r = n1 */
- (void)sp_copy(n1, r);
- /* count the number of least significant bits
- * which are zero
- */
- s = sp_cnt_lsb(r);
- /* now divide n - 1 by 2**s */
- sp_rshb(r, s, r);
- /* compute y = b**r mod a */
- err = sp_exptmod(b, r, a, y);
- if (err == MP_OKAY) {
- /* probably prime until shown otherwise */
- *result = MP_YES;
- /* if y != 1 and y != n1 do */
- if ((sp_cmp_d(y, 1) != MP_EQ) && (_sp_cmp(y, n1) != MP_EQ)) {
- j = 1;
- /* while j <= s-1 and y != n1 */
- while ((j <= (s - 1)) && (_sp_cmp(y, n1) != MP_EQ)) {
- err = sp_sqrmod(y, a, y);
- if (err != MP_OKAY) {
- break;
- }
- /* if y == 1 then composite */
- if (sp_cmp_d(y, 1) == MP_EQ) {
- *result = MP_NO;
- break;
- }
- ++j;
- }
- /* if y != n1 then composite */
- if ((*result == MP_YES) && (_sp_cmp(y, n1) != MP_EQ)) {
- *result = MP_NO;
- }
- }
- }
- }
- return err;
- }
- /* Miller-Rabin test of "a" to the base of "b" as described in
- * HAC pp. 139 Algorithm 4.24
- *
- * Sets result to 0 if definitely composite or 1 if probably prime.
- * Randomly the chance of error is no more than 1/4 and often
- * very much lower.
- *
- * @param [in] a SP integer to check.
- * @param [in] b SP integer that is a small prime.
- * @param [out] result MP_YES when number is likey prime.
- * MP_NO otherwise.
- *
- * @return MP_OKAY on success.
- * @return MP_MEM when dynamic memory allocation fails.
- */
- static int sp_prime_miller_rabin(sp_int* a, sp_int* b, int* result)
- {
- int err = MP_OKAY;
- sp_int *n1;
- sp_int *y;
- sp_int *r;
- DECL_SP_INT_ARRAY(t, a->used * 2 + 1, 3);
- ALLOC_SP_INT_ARRAY(t, a->used * 2 + 1, 3, err, NULL);
- if (err == MP_OKAY) {
- n1 = t[0];
- y = t[1];
- r = t[2];
- /* Only 'y' needs to be twice as big. */
- sp_init_size(n1, a->used * 2 + 1);
- sp_init_size(y, a->used * 2 + 1);
- sp_init_size(r, a->used * 2 + 1);
- err = sp_prime_miller_rabin_ex(a, b, result, n1, y, r);
- sp_clear(n1);
- sp_clear(y);
- sp_clear(r);
- }
- FREE_SP_INT_ARRAY(t, NULL);
- return err;
- }
- #if SP_WORD_SIZE == 8
- /* Number of pre-computed primes. First n primes - fitting in a digit. */
- #define SP_PRIME_SIZE 54
- static const sp_int_digit sp_primes[SP_PRIME_SIZE] = {
- 0x02, 0x03, 0x05, 0x07, 0x0B, 0x0D, 0x11, 0x13,
- 0x17, 0x1D, 0x1F, 0x25, 0x29, 0x2B, 0x2F, 0x35,
- 0x3B, 0x3D, 0x43, 0x47, 0x49, 0x4F, 0x53, 0x59,
- 0x61, 0x65, 0x67, 0x6B, 0x6D, 0x71, 0x7F, 0x83,
- 0x89, 0x8B, 0x95, 0x97, 0x9D, 0xA3, 0xA7, 0xAD,
- 0xB3, 0xB5, 0xBF, 0xC1, 0xC5, 0xC7, 0xD3, 0xDF,
- 0xE3, 0xE5, 0xE9, 0xEF, 0xF1, 0xFB
- };
- #else
- /* Number of pre-computed primes. First n primes. */
- #define SP_PRIME_SIZE 256
- /* The first 256 primes. */
- static const sp_int_digit sp_primes[SP_PRIME_SIZE] = {
- 0x0002, 0x0003, 0x0005, 0x0007, 0x000B, 0x000D, 0x0011, 0x0013,
- 0x0017, 0x001D, 0x001F, 0x0025, 0x0029, 0x002B, 0x002F, 0x0035,
- 0x003B, 0x003D, 0x0043, 0x0047, 0x0049, 0x004F, 0x0053, 0x0059,
- 0x0061, 0x0065, 0x0067, 0x006B, 0x006D, 0x0071, 0x007F, 0x0083,
- 0x0089, 0x008B, 0x0095, 0x0097, 0x009D, 0x00A3, 0x00A7, 0x00AD,
- 0x00B3, 0x00B5, 0x00BF, 0x00C1, 0x00C5, 0x00C7, 0x00D3, 0x00DF,
- 0x00E3, 0x00E5, 0x00E9, 0x00EF, 0x00F1, 0x00FB, 0x0101, 0x0107,
- 0x010D, 0x010F, 0x0115, 0x0119, 0x011B, 0x0125, 0x0133, 0x0137,
- 0x0139, 0x013D, 0x014B, 0x0151, 0x015B, 0x015D, 0x0161, 0x0167,
- 0x016F, 0x0175, 0x017B, 0x017F, 0x0185, 0x018D, 0x0191, 0x0199,
- 0x01A3, 0x01A5, 0x01AF, 0x01B1, 0x01B7, 0x01BB, 0x01C1, 0x01C9,
- 0x01CD, 0x01CF, 0x01D3, 0x01DF, 0x01E7, 0x01EB, 0x01F3, 0x01F7,
- 0x01FD, 0x0209, 0x020B, 0x021D, 0x0223, 0x022D, 0x0233, 0x0239,
- 0x023B, 0x0241, 0x024B, 0x0251, 0x0257, 0x0259, 0x025F, 0x0265,
- 0x0269, 0x026B, 0x0277, 0x0281, 0x0283, 0x0287, 0x028D, 0x0293,
- 0x0295, 0x02A1, 0x02A5, 0x02AB, 0x02B3, 0x02BD, 0x02C5, 0x02CF,
- 0x02D7, 0x02DD, 0x02E3, 0x02E7, 0x02EF, 0x02F5, 0x02F9, 0x0301,
- 0x0305, 0x0313, 0x031D, 0x0329, 0x032B, 0x0335, 0x0337, 0x033B,
- 0x033D, 0x0347, 0x0355, 0x0359, 0x035B, 0x035F, 0x036D, 0x0371,
- 0x0373, 0x0377, 0x038B, 0x038F, 0x0397, 0x03A1, 0x03A9, 0x03AD,
- 0x03B3, 0x03B9, 0x03C7, 0x03CB, 0x03D1, 0x03D7, 0x03DF, 0x03E5,
- 0x03F1, 0x03F5, 0x03FB, 0x03FD, 0x0407, 0x0409, 0x040F, 0x0419,
- 0x041B, 0x0425, 0x0427, 0x042D, 0x043F, 0x0443, 0x0445, 0x0449,
- 0x044F, 0x0455, 0x045D, 0x0463, 0x0469, 0x047F, 0x0481, 0x048B,
- 0x0493, 0x049D, 0x04A3, 0x04A9, 0x04B1, 0x04BD, 0x04C1, 0x04C7,
- 0x04CD, 0x04CF, 0x04D5, 0x04E1, 0x04EB, 0x04FD, 0x04FF, 0x0503,
- 0x0509, 0x050B, 0x0511, 0x0515, 0x0517, 0x051B, 0x0527, 0x0529,
- 0x052F, 0x0551, 0x0557, 0x055D, 0x0565, 0x0577, 0x0581, 0x058F,
- 0x0593, 0x0595, 0x0599, 0x059F, 0x05A7, 0x05AB, 0x05AD, 0x05B3,
- 0x05BF, 0x05C9, 0x05CB, 0x05CF, 0x05D1, 0x05D5, 0x05DB, 0x05E7,
- 0x05F3, 0x05FB, 0x0607, 0x060D, 0x0611, 0x0617, 0x061F, 0x0623,
- 0x062B, 0x062F, 0x063D, 0x0641, 0x0647, 0x0649, 0x064D, 0x0653
- };
- #endif
- /* Check whether a is prime.
- * Checks against a number of small primes and does t iterations of
- * Miller-Rabin.
- *
- * @param [in] a SP integer to check.
- * @param [in] t Number of iterations of Miller-Rabin test to perform.
- * @param [out] result MP_YES when number is prime.
- * MP_NO otherwise.
- *
- * @return MP_OKAY on success.
- * @return MP_VAL when a or result is NULL, or t is out of range.
- * @return MP_MEM when dynamic memory allocation fails.
- */
- int sp_prime_is_prime(sp_int* a, int t, int* result)
- {
- int err = MP_OKAY;
- int i;
- int haveRes = 0;
- sp_int_digit d;
- DECL_SP_INT(b, 2);
- if ((a == NULL) || (result == NULL)) {
- if (result != NULL) {
- *result = MP_NO;
- }
- err = MP_VAL;
- }
- if ((err == MP_OKAY) && ((t <= 0) || (t > SP_PRIME_SIZE))) {
- *result = MP_NO;
- err = MP_VAL;
- }
- if ((err == MP_OKAY) && sp_isone(a)) {
- *result = MP_NO;
- haveRes = 1;
- }
- if ((err == MP_OKAY) && (!haveRes) && (a->used == 1)) {
- /* check against primes table */
- for (i = 0; i < SP_PRIME_SIZE; i++) {
- if (sp_cmp_d(a, sp_primes[i]) == MP_EQ) {
- *result = MP_YES;
- haveRes = 1;
- break;
- }
- }
- }
- if ((err == MP_OKAY) && (!haveRes)) {
- /* do trial division */
- for (i = 0; i < SP_PRIME_SIZE; i++) {
- err = sp_mod_d(a, sp_primes[i], &d);
- if ((err != MP_OKAY) || (d == 0)) {
- *result = MP_NO;
- haveRes = 1;
- break;
- }
- }
- }
- if ((err == MP_OKAY) && (!haveRes)) {
- ALLOC_SP_INT(b, 1, err, NULL);
- if (err == MP_OKAY) {
- /* now do 't' miller rabins */
- sp_init_size(b, 1);
- for (i = 0; i < t; i++) {
- sp_set(b, sp_primes[i]);
- err = sp_prime_miller_rabin(a, b, result);
- if ((err != MP_OKAY) || (*result == MP_NO)) {
- break;
- }
- }
- }
- }
- FREE_SP_INT(b, NULL);
- return err;
- }
- /* Check whether a is prime.
- * Checks against a number of small primes and does t iterations of
- * Miller-Rabin.
- *
- * @param [in] a SP integer to check.
- * @param [in] t Number of iterations of Miller-Rabin test to perform.
- * @param [out] result MP_YES when number is prime.
- * MP_NO otherwise.
- * @param [in] rng Random number generator for Miller-Rabin testing.
- *
- * @return MP_OKAY on success.
- * @return MP_VAL when a, result or rng is NULL.
- * @return MP_MEM when dynamic memory allocation fails.
- */
- int sp_prime_is_prime_ex(sp_int* a, int t, int* result, WC_RNG* rng)
- {
- int err = MP_OKAY;
- int ret = MP_YES;
- int haveRes = 0;
- int i;
- #ifndef WC_NO_RNG
- sp_int *b = NULL;
- sp_int *c = NULL;
- sp_int *n1 = NULL;
- sp_int *y = NULL;
- sp_int *r = NULL;
- #endif /* WC_NO_RNG */
- if ((a == NULL) || (result == NULL) || (rng == NULL)) {
- err = MP_VAL;
- }
- if ((err == MP_OKAY) && sp_isone(a)) {
- ret = MP_NO;
- haveRes = 1;
- }
- if ((err == MP_OKAY) && (!haveRes) && (a->used == 1)) {
- /* check against primes table */
- for (i = 0; i < SP_PRIME_SIZE; i++) {
- if (sp_cmp_d(a, sp_primes[i]) == MP_EQ) {
- ret = MP_YES;
- haveRes = 1;
- break;
- }
- }
- }
- if ((err == MP_OKAY) && (!haveRes)) {
- sp_int_digit d;
- /* do trial division */
- for (i = 0; i < SP_PRIME_SIZE; i++) {
- err = sp_mod_d(a, sp_primes[i], &d);
- if ((err != MP_OKAY) || (d == 0)) {
- ret = MP_NO;
- haveRes = 1;
- break;
- }
- }
- }
- #ifndef WC_NO_RNG
- /* now do a miller rabin with up to t random numbers, this should
- * give a (1/4)^t chance of a false prime. */
- if ((err == MP_OKAY) && (!haveRes)) {
- int bits = sp_count_bits(a);
- word32 baseSz = (bits + 7) / 8;
- DECL_SP_INT_ARRAY(d, a->used * 2 + 1, 5);
- ALLOC_SP_INT_ARRAY(d, a->used * 2 + 1, 5, err, NULL);
- if (err == MP_OKAY) {
- b = d[0];
- c = d[1];
- n1 = d[2];
- y = d[3];
- r = d[4];
- /* Only 'y' needs to be twice as big. */
- sp_init_size(b , a->used * 2 + 1);
- sp_init_size(c , a->used * 2 + 1);
- sp_init_size(n1, a->used * 2 + 1);
- sp_init_size(y , a->used * 2 + 1);
- sp_init_size(r , a->used * 2 + 1);
- _sp_sub_d(a, 2, c);
- bits &= SP_WORD_MASK;
- while (t > 0) {
- err = wc_RNG_GenerateBlock(rng, (byte*)b->dp, baseSz);
- if (err != MP_OKAY) {
- break;
- }
- b->used = a->used;
- /* Ensure the top word has no more bits than necessary. */
- if (bits > 0) {
- b->dp[b->used - 1] &= (1L << bits) - 1;
- }
- if ((sp_cmp_d(b, 2) != MP_GT) || (_sp_cmp(b, c) != MP_LT)) {
- continue;
- }
- err = sp_prime_miller_rabin_ex(a, b, &ret, n1, y, r);
- if ((err != MP_OKAY) || (ret == MP_NO)) {
- break;
- }
- t--;
- }
- sp_clear(n1);
- sp_clear(y);
- sp_clear(r);
- sp_clear(b);
- sp_clear(c);
- }
- FREE_SP_INT_ARRAY(d, NULL);
- }
- #else
- (void)t;
- #endif /* !WC_NO_RNG */
- if (result != NULL) {
- *result = ret;
- }
- return err;
- }
- #endif /* WOLFSSL_SP_MATH_ALL || WOLFSSL_HAVE_SP_DH */
- #if !defined(NO_RSA) && defined(WOLFSSL_KEY_GEN)
- /* Calculates the Greatest Common Denominator (GCD) of a and b into r.
- *
- * @param [in] a SP integer of first operand.
- * @param [in] b SP integer of second operand.
- * @param [out] r SP integer to hold result.
- *
- * @return MP_OKAY on success.
- * @return MP_VAL when a, b or r is NULL.
- * @return MP_MEM when dynamic memory allocation fails.
- */
- int sp_gcd(sp_int* a, sp_int* b, sp_int* r)
- {
- int err = MP_OKAY;
- if ((a == NULL) || (b == NULL) || (r == NULL)) {
- err = MP_VAL;
- }
- else if (sp_iszero(a)) {
- /* GCD of 0 and 0 is undefined as all integers divide 0. */
- if (sp_iszero(b)) {
- err = MP_VAL;
- }
- else {
- err = sp_copy(b, r);
- }
- }
- else if (sp_iszero(b)) {
- err = sp_copy(a, r);
- }
- else {
- sp_int* u = NULL;
- sp_int* v = NULL;
- sp_int* t = NULL;
- int used = (a->used >= b->used) ? a->used + 1 : b->used + 1;
- DECL_SP_INT_ARRAY(d, used, 3);
- ALLOC_SP_INT_ARRAY(d, used, 3, err, NULL);
- if (err == MP_OKAY) {
- u = d[0];
- v = d[1];
- t = d[2];
- sp_init_size(u, used);
- sp_init_size(v, used);
- sp_init_size(t, used);
- if (_sp_cmp(a, b) != MP_LT) {
- sp_copy(b, u);
- /* First iteration - u = a, v = b */
- if (b->used == 1) {
- err = sp_mod_d(a, b->dp[0], &v->dp[0]);
- if (err == MP_OKAY) {
- v->used = (v->dp[0] != 0);
- }
- }
- else {
- err = sp_mod(a, b, v);
- }
- }
- else {
- sp_copy(a, u);
- /* First iteration - u = b, v = a */
- if (a->used == 1) {
- err = sp_mod_d(b, a->dp[0], &v->dp[0]);
- if (err == MP_OKAY) {
- v->used = (v->dp[0] != 0);
- }
- }
- else {
- err = sp_mod(b, a, v);
- }
- }
- }
- if (err == MP_OKAY) {
- #ifdef WOLFSSL_SP_INT_NEGATIVE
- u->sign = MP_ZPOS;
- v->sign = MP_ZPOS;
- #endif /* WOLFSSL_SP_INT_NEGATIVE */
- while (!sp_iszero(v)) {
- if (v->used == 1) {
- err = sp_mod_d(u, v->dp[0], &t->dp[0]);
- if (err == MP_OKAY) {
- t->used = (t->dp[0] != 0);
- }
- }
- else {
- err = sp_mod(u, v, t);
- }
- if (err != MP_OKAY) {
- break;
- }
- sp_copy(v, u);
- sp_copy(t, v);
- }
- if (err == MP_OKAY)
- err = sp_copy(u, r);
- }
- FREE_SP_INT_ARRAY(d, NULL);
- }
- return err;
- }
- #endif /* WOLFSSL_SP_MATH_ALL && !NO_RSA && WOLFSSL_KEY_GEN */
- #if defined(WOLFSSL_SP_MATH_ALL) && !defined(NO_RSA) && defined(WOLFSSL_KEY_GEN)
- /* Calculates the Lowest Common Multiple (LCM) of a and b and stores in r.
- *
- * @param [in] a SP integer of first operand.
- * @param [in] b SP integer of second operand.
- * @param [out] r SP integer to hold result.
- *
- * @return MP_OKAY on success.
- * @return MP_VAL when a, b or r is NULL; or a or b is zero.
- * @return MP_MEM when dynamic memory allocation fails.
- */
- int sp_lcm(sp_int* a, sp_int* b, sp_int* r)
- {
- int err = MP_OKAY;
- int used = ((a == NULL) || (b == NULL)) ? 1 :
- (a->used >= b->used ? a->used + 1: b->used + 1);
- DECL_SP_INT_ARRAY(t, used, 2);
- if ((a == NULL) || (b == NULL) || (r == NULL)) {
- err = MP_VAL;
- }
- /* LCM of 0 and any number is undefined as 0 is not in the set of values
- * being used.
- */
- if ((err == MP_OKAY) && (mp_iszero(a) || mp_iszero(b))) {
- err = MP_VAL;
- }
- ALLOC_SP_INT_ARRAY(t, used, 2, err, NULL);
- if (err == MP_OKAY) {
- sp_init_size(t[0], used);
- sp_init_size(t[1], used);
- err = sp_gcd(a, b, t[0]);
- if (err == MP_OKAY) {
- if (_sp_cmp_abs(a, b) == MP_GT) {
- err = sp_div(a, t[0], t[1], NULL);
- if (err == MP_OKAY) {
- err = sp_mul(b, t[1], r);
- }
- }
- else {
- err = sp_div(b, t[0], t[1], NULL);
- if (err == MP_OKAY) {
- err = sp_mul(a, t[1], r);
- }
- }
- }
- }
- FREE_SP_INT_ARRAY(t, NULL);
- return err;
- }
- #endif /* WOLFSSL_SP_MATH_ALL && !NO_RSA && WOLFSSL_KEY_GEN */
- /* Returns the run time settings.
- *
- * @return Settings value.
- */
- word32 CheckRunTimeSettings(void)
- {
- return CTC_SETTINGS;
- }
- /* Returns the fast math settings.
- *
- * @return Setting - number of bits in a digit.
- */
- word32 CheckRunTimeFastMath(void)
- {
- return SP_WORD_SIZE;
- }
- #endif /* WOLFSSL_SP_MATH || WOLFSSL_SP_MATH_ALL */
|