]>
Commit | Line | Data |
---|---|---|
5c6bf031 BM |
1 | /* crypto/bn/bn_nist.p */ |
2 | /* ==================================================================== | |
3 | * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved. | |
4 | * | |
5 | * Redistribution and use in source and binary forms, with or without | |
6 | * modification, are permitted provided that the following conditions | |
7 | * are met: | |
8 | * | |
9 | * 1. Redistributions of source code must retain the above copyright | |
10 | * notice, this list of conditions and the following disclaimer. | |
11 | * | |
12 | * 2. Redistributions in binary form must reproduce the above copyright | |
13 | * notice, this list of conditions and the following disclaimer in | |
14 | * the documentation and/or other materials provided with the | |
15 | * distribution. | |
16 | * | |
17 | * 3. All advertising materials mentioning features or use of this | |
18 | * software must display the following acknowledgment: | |
19 | * "This product includes software developed by the OpenSSL Project | |
20 | * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" | |
21 | * | |
22 | * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to | |
23 | * endorse or promote products derived from this software without | |
24 | * prior written permission. For written permission, please contact | |
25 | * openssl-core@openssl.org. | |
26 | * | |
27 | * 5. Products derived from this software may not be called "OpenSSL" | |
28 | * nor may "OpenSSL" appear in their names without prior written | |
29 | * permission of the OpenSSL Project. | |
30 | * | |
31 | * 6. Redistributions of any form whatsoever must retain the following | |
32 | * acknowledgment: | |
33 | * "This product includes software developed by the OpenSSL Project | |
34 | * for use in the OpenSSL Toolkit (http://www.openssl.org/)" | |
35 | * | |
36 | * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY | |
37 | * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | |
38 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR | |
39 | * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR | |
40 | * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, | |
41 | * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT | |
42 | * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; | |
43 | * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | |
44 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, | |
45 | * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) | |
46 | * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED | |
47 | * OF THE POSSIBILITY OF SUCH DAMAGE. | |
48 | * ==================================================================== | |
49 | * | |
50 | * This product includes cryptographic software written by Eric Young | |
51 | * (eay@cryptsoft.com). This product includes software written by Tim | |
52 | * Hudson (tjh@cryptsoft.com). | |
53 | * | |
54 | */ | |
55 | ||
56 | #include "bn_lcl.h" | |
19b8d06a | 57 | #include "cryptlib.h" |
5c6bf031 BM |
58 | |
59 | #define BN_NIST_192_TOP (192+BN_BITS2-1)/BN_BITS2 | |
60 | #define BN_NIST_224_TOP (224+BN_BITS2-1)/BN_BITS2 | |
61 | #define BN_NIST_256_TOP (256+BN_BITS2-1)/BN_BITS2 | |
19b8d06a | 62 | #define BN_NIST_384_TOP (384+BN_BITS2-1)/BN_BITS2 |
5c6bf031 BM |
63 | #define BN_NIST_521_TOP (521+BN_BITS2-1)/BN_BITS2 |
64 | ||
65 | #if BN_BITS2 == 64 | |
66 | const static BN_ULONG _nist_p_192[] = {0xFFFFFFFFFFFFFFFF,0xFFFFFFFFFFFFFFFE, | |
67 | 0xFFFFFFFFFFFFFFFF}; | |
68 | const static BN_ULONG _nist_p_224[] = {0x0000000000000001,0xFFFFFFFF00000000, | |
69 | 0xFFFFFFFFFFFFFFFF,0x00000000FFFFFFFF}; | |
70 | const static BN_ULONG _nist_p_256[] = {0xFFFFFFFFFFFFFFFF,0x00000000FFFFFFFF, | |
71 | 0x0000000000000000,0xFFFFFFFF00000001}; | |
72 | const static BN_ULONG _nist_p_384[] = {0x00000000FFFFFFFF,0xFFFFFFFF00000000, | |
73 | 0xFFFFFFFFFFFFFFFE,0xFFFFFFFFFFFFFFFF,0xFFFFFFFFFFFFFFFF, | |
74 | 0xFFFFFFFFFFFFFFFF}; | |
75 | const static BN_ULONG _nist_p_521[] = {0xFFFFFFFFFFFFFFFF,0xFFFFFFFFFFFFFFFF, | |
76 | 0xFFFFFFFFFFFFFFFF,0xFFFFFFFFFFFFFFFF,0xFFFFFFFFFFFFFFFF, | |
77 | 0xFFFFFFFFFFFFFFFF,0xFFFFFFFFFFFFFFFF,0xFFFFFFFFFFFFFFFF, | |
78 | 0x00000000000001FF}; | |
79 | #elif BN_BITS2 == 32 | |
80 | const static BN_ULONG _nist_p_192[] = {0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFE, | |
81 | 0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF}; | |
82 | const static BN_ULONG _nist_p_224[] = {0x00000001,0x00000000,0x00000000, | |
83 | 0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF}; | |
84 | const static BN_ULONG _nist_p_256[] = {0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF, | |
85 | 0x00000000,0x00000000,0x00000000,0x00000001,0xFFFFFFFF}; | |
86 | const static BN_ULONG _nist_p_384[] = {0xFFFFFFFF,0x00000000,0x00000000, | |
87 | 0xFFFFFFFF,0xFFFFFFFE,0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF, | |
88 | 0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF}; | |
89 | const static BN_ULONG _nist_p_521[] = {0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF, | |
90 | 0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF, | |
91 | 0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF, | |
92 | 0xFFFFFFFF,0x000001FF}; | |
93 | #elif BN_BITS2 == 16 | |
94 | const static BN_ULONG _nist_p_192[] = {0xFFFF,0xFFFF,0xFFFF,0xFFFF,0xFFFE, | |
95 | 0xFFFF,0xFFFF,0xFFFF,0xFFFF,0xFFFF,0xFFFF,0xFFFF}; | |
96 | const static BN_ULONG _nist_p_224[] = {0x0001,0x0000,0x0000,0x0000,0x0000, | |
97 | 0x0000,0xFFFF,0xFFFF,0xFFFF,0xFFFF,0xFFFF,0xFFFF,0xFFFF,0xFFFF}; | |
98 | const static BN_ULONG _nist_p_256[] = {0xFFFF,0xFFFF,0xFFFF,0xFFFF,0xFFFF, | |
99 | 0xFFFF,0x0000,0x0000,0x0000,0x0000,0x0000,0x0000,0x0001,0x0000,0xFFFF, | |
100 | 0xFFFF}; | |
101 | const static BN_ULONG _nist_p_384[] = {0xFFFF,0xFFFF,0x0000,0x0000,0x0000, | |
102 | 0x0000,0xFFFF,0xFFFF,0xFFFE,0xFFFF,0xFFFF,0xFFFF,0xFFFF,0xFFFF,0xFFFF, | |
103 | 0xFFFF,0xFFFF,0xFFFF,0xFFFF,0xFFFF,0xFFFF,0xFFFF,0xFFFF,0xFFFF}; | |
104 | const static BN_ULONG _nist_p_521[] = {0xFFFF,0xFFFF,0xFFFF,0xFFFF,0xFFFF, | |
105 | 0xFFFF,0xFFFF,0xFFFF,0xFFFF,0xFFFF,0xFFFF,0xFFFF,0xFFFF,0xFFFF,0xFFFF, | |
106 | 0xFFFF,0xFFFF,0xFFFF,0xFFFF,0xFFFF,0xFFFF,0xFFFF,0xFFFF,0xFFFF,0xFFFF, | |
107 | 0xFFFF,0xFFFF,0xFFFF,0xFFFF,0xFFFF,0xFFFF,0xFFFF,0x01FF}; | |
108 | #elif BN_BITS2 == 8 | |
109 | const static BN_ULONG _nist_p_192[] = {0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF, | |
110 | 0xFE,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF, | |
111 | 0xFF,0xFF}; | |
112 | const static BN_ULONG _nist_p_224[] = {0x01,0x00,0x00,0x00,0x00,0x00,0x00,0x00, | |
113 | 0x00,0x00,0x00,0x00,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF, | |
114 | 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF}; | |
115 | const static BN_ULONG _nist_p_256[] = {0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF, | |
116 | 0xFF,0xFF,0xFF,0xFF,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, | |
117 | 0x00,0x00,0x01,0x00,0x00,0x00,0xFF,0xFF,0xFF,0xFF}; | |
118 | const static BN_ULONG _nist_p_384[] = {0xFF,0xFF,0xFF,0xFF,0x00,0x00,0x00,0x00, | |
119 | 0x00,0x00,0x00,0x00,0xFF,0xFF,0xFF,0xFF,0xFE,0xFF,0xFF,0xFF,0xFF,0xFF, | |
120 | 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF, | |
121 | 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF}; | |
122 | const static BN_ULONG _nist_p_521[] = {0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF, | |
123 | 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF, | |
124 | 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF, | |
125 | 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF, | |
126 | 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF, | |
127 | 0xFF,0x01}; | |
128 | #endif | |
129 | ||
c465e794 GT |
130 | static const BIGNUM_C bn_nist_p_192 = |
131 | { _nist_p_192, BN_NIST_192_TOP, BN_NIST_192_TOP, 0, BN_FLG_STATIC_DATA }; | |
132 | static const BIGNUM_C bn_nist_p_224 = | |
133 | { _nist_p_224, BN_NIST_224_TOP, BN_NIST_224_TOP, 0, BN_FLG_STATIC_DATA }; | |
134 | static const BIGNUM_C bn_nist_p_256 = | |
135 | { _nist_p_256, BN_NIST_256_TOP, BN_NIST_256_TOP, 0, BN_FLG_STATIC_DATA }; | |
136 | static const BIGNUM_C bn_nist_p_384 = | |
137 | { _nist_p_384, BN_NIST_384_TOP, BN_NIST_384_TOP, 0, BN_FLG_STATIC_DATA }; | |
138 | static const BIGNUM_C bn_nist_p_521 = | |
139 | { _nist_p_521, BN_NIST_521_TOP, BN_NIST_521_TOP, 0, BN_FLG_STATIC_DATA }; | |
140 | ||
5c6bf031 BM |
141 | const BIGNUM *BN_get0_nist_prime_192(void) |
142 | { | |
c465e794 | 143 | return BIGNUM_CONST(&bn_nist_p_192); |
5c6bf031 BM |
144 | } |
145 | ||
146 | const BIGNUM *BN_get0_nist_prime_224(void) | |
147 | { | |
c465e794 | 148 | return BIGNUM_CONST(&bn_nist_p_224); |
5c6bf031 BM |
149 | } |
150 | ||
151 | const BIGNUM *BN_get0_nist_prime_256(void) | |
152 | { | |
c465e794 | 153 | return BIGNUM_CONST(&bn_nist_p_256); |
5c6bf031 BM |
154 | } |
155 | ||
156 | const BIGNUM *BN_get0_nist_prime_384(void) | |
157 | { | |
c465e794 | 158 | return BIGNUM_CONST(&bn_nist_p_384); |
5c6bf031 BM |
159 | } |
160 | ||
161 | const BIGNUM *BN_get0_nist_prime_521(void) | |
162 | { | |
c465e794 | 163 | return BIGNUM_CONST(&bn_nist_p_521); |
5c6bf031 BM |
164 | } |
165 | ||
166 | /* some misc internal functions */ | |
167 | static BN_ULONG _256_data[BN_NIST_256_TOP*6]; | |
168 | static int _is_set_256_data = 0; | |
169 | static void _init_256_data(void); | |
170 | ||
171 | static BN_ULONG _384_data[BN_NIST_384_TOP*8]; | |
172 | static int _is_set_384_data = 0; | |
173 | static void _init_384_data(void); | |
174 | ||
175 | #define BN_NIST_ADD_ONE(a) while (!(++(*(a)))) ++(a); | |
176 | #define __buf_0 (BN_ULONG)0 | |
177 | #define __buf_0_1 (BN_ULONG)0 | |
178 | #define __buf_0_2 (BN_ULONG)0 | |
179 | #if BN_BITS2 == 64 | |
180 | #define BN_64_BIT_BUF(n) BN_ULONG __buf_##n = (BN_ULONG)0; | |
181 | #define BN_CP_64_TO_BUF(n) __buf_##n = (a)[(n)]; | |
182 | #define BN_CP_64_FROM_BUF(a,n) *(a)++ = __buf_##n; | |
183 | #define BN_CASE_64_BIT(n,a) case (n): __buf_##n = (a)[(n)]; | |
184 | #if UINT_MAX == 4294967295UL | |
185 | #define nist32 unsigned int | |
186 | #define BN_32_BIT_BUF(n) nist32 __buf_##n = (nist32)0; | |
187 | #define BN_CP_32_TO_BUF(n) __buf_##n = ((nist32 *)(a))[(n)]; | |
188 | #define BN_CP_32_FROM_BUF(a,n) *((nist32)(a))++ = __buf_##n; | |
189 | #define BN_CASE_32_BIT(n,a) case (n): __buf_##n = ((nist32)(a))[(n)]; | |
190 | #elif ULONG_MAX == 4294967295UL | |
191 | #define nist32 unsigned long | |
192 | #define BN_32_BIT_BUF(n) nist32 __buf_##n = (nist32)0; | |
193 | #define BN_CP_32_TO_BUF(n) __buf_##n = ((nist32 *)(a))[(n)]; | |
194 | #define BN_CP_32_FROM_BUF(a,n) *((nist32)(a))++ = __buf_##n; | |
195 | #define BN_CASE_32_BIT(n,a) case (n): __buf_##n = ((nist32)(a))[(n)]; | |
196 | #else | |
197 | #define NO_32_BIT_TYPE | |
198 | #endif | |
199 | #elif BN_BITS2 == 32 | |
200 | #define BN_64_BIT_BUF(n) BN_ULONG __buf_##n##_1 = (BN_ULONG)0;\ | |
201 | BN_ULONG __buf_##n##_2 = (BN_ULONG)0; | |
202 | #define BN_CP_64_TO_BUF(n) __buf_##n##_2 = (a)[2*(n)+1];\ | |
203 | __buf_##n##_1 = (a)[2*(n)]; | |
204 | #define BN_CP_64_FROM_BUF(a,n) *(a)++ = __buf_##n##_1;\ | |
205 | *(a)++ = __buf_##n##_2; | |
206 | #define BN_CASE_64_BIT(n,a) case 2*(n)+1: __buf_##n##_2 = (a)[2*(n)+1];\ | |
207 | case 2*(n): __buf_##n##_1 = (a)[2*(n)]; | |
208 | ||
209 | #define BN_32_BIT_BUF(n) BN_ULONG __buf_##n = (BN_ULONG)0; | |
210 | #define BN_CP_32_TO_BUF(n) __buf_##n = (a)[(n)]; | |
211 | #define BN_CP_32_FROM_BUF(a,n) *(a)++ = __buf_##n; | |
212 | #define BN_CASE_32_BIT(n,a) case (n): __buf_##n = (a)[(n)]; | |
213 | #elif BN_BITS2 == 16 | |
214 | #define __buf_0_3 (BN_ULONG)0 | |
215 | #define __buf_0_4 (BN_ULONG)0 | |
216 | #define BN_64_BIT_BUF(n) BN_ULONG __buf_##n##_1 = (BN_ULONG)0;\ | |
217 | BN_ULONG __buf_##n##_2 = (BN_ULONG)0;\ | |
218 | BN_ULONG __buf_##n##_3 = (BN_ULONG)0;\ | |
219 | BN_ULONG __buf_##n##_4 = (BN_ULONG)0; | |
220 | #define BN_CP_64_TO_BUF(n) __buf_##n##_4 = (a)[4*(n)+3];\ | |
221 | __buf_##n##_3 = (a)[4*(n)+2];\ | |
222 | __buf_##n##_2 = (a)[4*(n)+1];\ | |
223 | __buf_##n##_1 = (a)[4*(n)]; | |
224 | #define BN_CP_64_FROM_BUF(a,n) *(a)++ = __buf_##n##_1;\ | |
225 | *(a)++ = __buf_##n##_2;\ | |
226 | *(a)++ = __buf_##n##_3;\ | |
227 | *(a)++ = __buf_##n##_4; | |
228 | #define BN_CASE_64_BIT(n,a) case 4*(n)+3: __buf_##n##_4 = (a)[4*(n)+3];\ | |
229 | case 4*(n)+2: __buf_##n##_3 = (a)[4*(n)+2];\ | |
230 | case 4*(n)+1: __buf_##n##_2 = (a)[4*(n)+1];\ | |
231 | case 4*(n): __buf_##n##_1 = (a)[4*(n)]; | |
232 | #define BN_32_BIT_BUF(n) BN_ULONG __buf_##n##_1 = (BN_ULONG)0;\ | |
233 | BN_ULONG __buf_##n##_2 = (BN_ULONG)0; | |
234 | #define BN_CP_32_TO_BUF(n) __buf_##n##_1 = (a)[2*(n)];\ | |
235 | __buf_##n##_2 = (a)[2*(n)+1]; | |
236 | #define BN_CP_32_FROM_BUF(a,n) *(a)++ = __buf_##n##_1;\ | |
237 | *(a)++ = __buf_##n##_2; | |
238 | #define BN_CASE_32_BIT(n,a) case 2*(n)+1: __buf_##n##_2 = (a)[2*(n)+1];\ | |
239 | case 2*(n): __buf_##n##_1 = (a)[2*(n)]; | |
240 | #elif BN_BITS2 == 8 | |
241 | #define __buf_0_3 (BN_ULONG)0 | |
242 | #define __buf_0_4 (BN_ULONG)0 | |
243 | #define __buf_0_5 (BN_ULONG)0 | |
244 | #define __buf_0_6 (BN_ULONG)0 | |
245 | #define __buf_0_7 (BN_ULONG)0 | |
246 | #define __buf_0_8 (BN_ULONG)0 | |
247 | #define BN_64_BIT_BUF(n) BN_ULONG __buf_##n##_1 = (BN_ULONG)0;\ | |
248 | BN_ULONG __buf_##n##_2 = (BN_ULONG)0;\ | |
249 | BN_ULONG __buf_##n##_3 = (BN_ULONG)0;\ | |
250 | BN_ULONG __buf_##n##_4 = (BN_ULONG)0;\ | |
251 | BN_ULONG __buf_##n##_5 = (BN_ULONG)0;\ | |
252 | BN_ULONG __buf_##n##_6 = (BN_ULONG)0;\ | |
253 | BN_ULONG __buf_##n##_7 = (BN_ULONG)0;\ | |
254 | BN_ULONG __buf_##n##_8 = (BN_ULONG)0; | |
255 | #define BN_CP_64_TO_BUF(n) __buf_##n##_8 = (a)[8*(n)+7];\ | |
256 | __buf_##n##_7 = (a)[8*(n)+6];\ | |
257 | __buf_##n##_6 = (a)[8*(n)+5];\ | |
258 | __buf_##n##_5 = (a)[8*(n)+4];\ | |
259 | __buf_##n##_4 = (a)[8*(n)+3];\ | |
260 | __buf_##n##_3 = (a)[8*(n)+2];\ | |
261 | __buf_##n##_2 = (a)[8*(n)+1];\ | |
262 | __buf_##n##_1 = (a)[8*(n)]; | |
263 | #define BN_CP_64_FROM_BUF(a,n) *(a)++ = __buf_##n##_1;\ | |
264 | *(a)++ = __buf_##n##_2;\ | |
265 | *(a)++ = __buf_##n##_3;\ | |
266 | *(a)++ = __buf_##n##_4;\ | |
267 | *(a)++ = __buf_##n##_5;\ | |
268 | *(a)++ = __buf_##n##_6;\ | |
269 | *(a)++ = __buf_##n##_7;\ | |
270 | *(a)++ = __buf_##n##_8; | |
271 | #define BN_CASE_64_BIT(n,a) case 8*(n)+7: __buf_##n##_8 = (a)[8*(n)+7];\ | |
272 | case 8*(n)+6: __buf_##n##_7 = (a)[8*(n)+6];\ | |
273 | case 8*(n)+5: __buf_##n##_6 = (a)[8*(n)+5];\ | |
274 | case 8*(n)+4: __buf_##n##_5 = (a)[8*(n)+4];\ | |
275 | case 8*(n)+3: __buf_##n##_4 = (a)[8*(n)+3];\ | |
276 | case 8*(n)+2: __buf_##n##_3 = (a)[8*(n)+2];\ | |
277 | case 8*(n)+1: __buf_##n##_2 = (a)[8*(n)+1];\ | |
278 | case 8*(n): __buf_##n##_1 = (a)[8*(n)]; | |
279 | #define BN_32_BIT_BUF(n) BN_ULONG __buf_##n##_1 = (BN_ULONG)0;\ | |
280 | BN_ULONG __buf_##n##_2 = (BN_ULONG)0;\ | |
281 | BN_ULONG __buf_##n##_3 = (BN_ULONG)0;\ | |
282 | BN_ULONG __buf_##n##_4 = (BN_ULONG)0; | |
283 | #define BN_CP_32_TO_BUF(n) __buf_##n##_1 = (a)[4*(n)];\ | |
284 | __buf_##n##_2 = (a)[4*(n)+1];\ | |
285 | __buf_##n##_3 = (a)[4*(n)+2];\ | |
286 | __buf_##n##_4 = (a)[4*(n)+3]; | |
287 | #define BN_CP_32_FROM_BUF(a,n) *(a)++ = __buf_##n##_1;\ | |
288 | *(a)++ = __buf_##n##_2;\ | |
289 | *(a)++ = __buf_##n##_3;\ | |
290 | *(a)++ = __buf_##n##_4; | |
291 | #define BN_CASE_32_BIT(n,a) case 4*(n)+3: __buf_##n##_4 = (a)[4*(n)+3];\ | |
292 | case 4*(n)+2: __buf_##n##_3 = (a)[4*(n)+2];\ | |
293 | case 4*(n)+1: __buf_##n##_2 = (a)[4*(n)+1];\ | |
294 | case 4*(n): __buf_##n##_1 = (a)[4*(n)]; | |
295 | #endif | |
296 | ||
297 | ||
298 | #define BN_192_SET(d,a1,a2,a3) \ | |
299 | {\ | |
300 | register BN_ULONG *td = (d);\ | |
301 | BN_CP_64_FROM_BUF(td,a3); BN_CP_64_FROM_BUF(td,a2);\ | |
302 | BN_CP_64_FROM_BUF(td,a1);\ | |
303 | } | |
304 | ||
305 | int BN_nist_mod_192(BIGNUM *r, const BIGNUM *a, const BIGNUM *field, | |
306 | BN_CTX *ctx) | |
307 | { | |
308 | int top; | |
309 | BN_ULONG carry = 0; | |
310 | register BN_ULONG *r_d, *a_d; | |
311 | BN_ULONG t_d[BN_NIST_192_TOP]; | |
312 | BN_64_BIT_BUF(3) BN_64_BIT_BUF(4) | |
313 | BN_64_BIT_BUF(5) | |
314 | ||
315 | top = BN_ucmp(field, a); | |
316 | if (top == 0) | |
317 | return BN_zero(r); | |
318 | else if (top > 0) | |
19b8d06a | 319 | return (r == a)? 1 : (BN_copy(r ,a) != NULL); |
5c6bf031 BM |
320 | |
321 | if (r != a) | |
322 | if (!BN_ncopy(r, a, BN_NIST_192_TOP)) | |
323 | return 0; | |
324 | ||
325 | r_d = r->d; | |
326 | a_d = a->d; | |
327 | top = a->top-1; | |
328 | ||
329 | switch (top) | |
330 | { | |
331 | BN_CASE_64_BIT(5, a_d) | |
332 | BN_CASE_64_BIT(4, a_d) | |
333 | BN_CASE_64_BIT(3, a_d) | |
334 | break; | |
335 | default: /* a->top == field->top */ | |
336 | return BN_usub(r, a, field); | |
337 | } | |
338 | ||
339 | BN_192_SET(t_d,0,3,3) | |
340 | if (bn_add_words(r_d, r_d, t_d, BN_NIST_192_TOP)) | |
341 | ++carry; | |
342 | ||
343 | BN_192_SET(t_d,4,4,0) | |
344 | if (bn_add_words(r_d, r_d, t_d, BN_NIST_192_TOP)) | |
345 | ++carry; | |
346 | ||
347 | BN_192_SET(t_d,5,5,5) | |
348 | if (bn_add_words(r_d, r_d, t_d, BN_NIST_192_TOP)) | |
349 | ++carry; | |
350 | ||
351 | while (carry) | |
352 | { | |
353 | if (bn_sub_words(r_d, r_d, _nist_p_192, BN_NIST_192_TOP)) | |
354 | --carry; | |
355 | } | |
356 | r->top = BN_NIST_192_TOP; | |
357 | ||
19b8d06a | 358 | #if 1 |
5c6bf031 BM |
359 | bn_clear_top2max(r); |
360 | #endif | |
d870740c | 361 | bn_correct_top(r); |
5c6bf031 BM |
362 | |
363 | if (BN_ucmp(r, field) >= 0) | |
364 | { | |
365 | bn_sub_words(r_d, r_d, _nist_p_192, BN_NIST_192_TOP); | |
d870740c | 366 | bn_correct_top(r); |
5c6bf031 BM |
367 | } |
368 | ||
d870740c | 369 | bn_check_top(r); |
5c6bf031 BM |
370 | return 1; |
371 | } | |
372 | ||
373 | #define BN_224_SET(d,a1,a2,a3,a4,a5,a6,a7) \ | |
374 | {\ | |
375 | register BN_ULONG *td = (d);\ | |
376 | BN_CP_32_FROM_BUF(td,a7); BN_CP_32_FROM_BUF(td,a6);\ | |
377 | BN_CP_32_FROM_BUF(td,a5); BN_CP_32_FROM_BUF(td,a4);\ | |
378 | BN_CP_32_FROM_BUF(td,a3); BN_CP_32_FROM_BUF(td,a2);\ | |
379 | BN_CP_32_FROM_BUF(td,a1);\ | |
380 | } | |
381 | ||
382 | int BN_nist_mod_224(BIGNUM *r, const BIGNUM *a, const BIGNUM *field, | |
383 | BN_CTX *ctx) | |
384 | { | |
385 | #ifndef NO_32_BIT_TYPE | |
386 | int tmp_int; | |
387 | int carry = 0; | |
388 | BN_ULONG *r_d, *a_d; | |
389 | BN_ULONG t_d[BN_NIST_224_TOP]; | |
390 | BN_32_BIT_BUF(7) BN_32_BIT_BUF(8) | |
391 | BN_32_BIT_BUF(9) BN_32_BIT_BUF(10) | |
392 | BN_32_BIT_BUF(11) BN_32_BIT_BUF(12) | |
393 | BN_32_BIT_BUF(13) | |
394 | ||
395 | tmp_int = BN_ucmp(field, a); | |
396 | if (tmp_int == 0) | |
397 | return BN_zero(r); | |
398 | else if (tmp_int > 0) | |
19b8d06a | 399 | return (r == a)? 1 : (BN_copy(r ,a) != NULL); |
5c6bf031 BM |
400 | |
401 | if (r != a) | |
402 | if (!BN_ncopy(r, a, BN_NIST_224_TOP)) | |
403 | return 0; | |
404 | ||
405 | r_d = r->d; | |
406 | a_d = a->d; | |
407 | ||
408 | tmp_int = a->top-1; | |
409 | ||
410 | switch (tmp_int) | |
411 | { | |
412 | BN_CASE_32_BIT(13, a_d) | |
413 | BN_CASE_32_BIT(12, a_d) | |
414 | BN_CASE_32_BIT(11, a_d) | |
415 | BN_CASE_32_BIT(10, a_d) | |
416 | BN_CASE_32_BIT(9, a_d) | |
417 | BN_CASE_32_BIT(8, a_d) | |
418 | BN_CASE_32_BIT(7, a_d) | |
419 | break; | |
420 | default: /* a->top == field->top */ | |
421 | return BN_usub(r, a, field); | |
422 | } | |
423 | ||
424 | BN_224_SET(t_d,10,9,8,7,0,0,0) | |
425 | if (bn_add_words(r_d, r_d, t_d, BN_NIST_224_TOP)) | |
426 | ++carry; | |
427 | BN_224_SET(t_d,0,13,12,11,0,0,0) | |
428 | if (bn_add_words(r_d, r_d, t_d, BN_NIST_224_TOP)) | |
429 | ++carry; | |
430 | BN_224_SET(t_d,13,12,11,10,9,8,7) | |
431 | if (bn_sub_words(r_d, r_d, t_d, BN_NIST_224_TOP)) | |
432 | --carry; | |
433 | BN_224_SET(t_d,0,0,0,0,13,12,11) | |
434 | if (bn_sub_words(r_d, r_d, t_d, BN_NIST_224_TOP)) | |
435 | --carry; | |
436 | ||
437 | if (carry > 0) | |
438 | while (carry) | |
439 | { | |
440 | if (bn_sub_words(r_d,r_d,_nist_p_224,BN_NIST_224_TOP)) | |
441 | --carry; | |
442 | } | |
443 | else if (carry < 0) | |
444 | while (carry) | |
445 | { | |
446 | if (bn_add_words(r_d,r_d,_nist_p_224,BN_NIST_224_TOP)) | |
447 | ++carry; | |
448 | } | |
449 | ||
450 | r->top = BN_NIST_224_TOP; | |
19b8d06a | 451 | #if 1 |
5c6bf031 BM |
452 | bn_clear_top2max(r); |
453 | #endif | |
d870740c | 454 | bn_correct_top(r); |
5c6bf031 BM |
455 | |
456 | if (BN_ucmp(r, field) >= 0) | |
457 | { | |
458 | bn_sub_words(r_d, r_d, _nist_p_224, BN_NIST_224_TOP); | |
d870740c | 459 | bn_correct_top(r); |
5c6bf031 | 460 | } |
d870740c | 461 | bn_check_top(r); |
5c6bf031 BM |
462 | return 1; |
463 | #else | |
464 | return 0; | |
465 | #endif | |
466 | } | |
467 | ||
468 | static void _init_256_data(void) | |
469 | { | |
470 | int i; | |
471 | BN_ULONG *tmp1 = _256_data; | |
472 | const BN_ULONG *tmp2 = tmp1; | |
473 | ||
474 | memcpy(tmp1, _nist_p_256, BN_NIST_256_TOP * sizeof(BN_ULONG)); | |
475 | tmp1 += BN_NIST_256_TOP; | |
476 | ||
477 | for (i=0; i<5; i++) | |
478 | { | |
479 | bn_add_words(tmp1, _nist_p_256, tmp2, BN_NIST_256_TOP); | |
480 | tmp2 = tmp1; | |
481 | tmp1 += BN_NIST_256_TOP; | |
482 | } | |
483 | _is_set_256_data = 1; | |
484 | } | |
485 | ||
486 | #define BN_256_SET(d,a1,a2,a3,a4,a5,a6,a7,a8) \ | |
487 | {\ | |
488 | register BN_ULONG *td = (d);\ | |
489 | BN_CP_32_FROM_BUF(td,a8); BN_CP_32_FROM_BUF(td,a7);\ | |
490 | BN_CP_32_FROM_BUF(td,a6); BN_CP_32_FROM_BUF(td,a5);\ | |
491 | BN_CP_32_FROM_BUF(td,a4); BN_CP_32_FROM_BUF(td,a3);\ | |
492 | BN_CP_32_FROM_BUF(td,a2); BN_CP_32_FROM_BUF(td,a1);\ | |
493 | } | |
494 | ||
495 | int BN_nist_mod_256(BIGNUM *r, const BIGNUM *a, const BIGNUM *field, | |
496 | BN_CTX *ctx) | |
497 | { | |
498 | #ifndef NO_32_BIT_TYPE | |
499 | int tmp_int; | |
500 | int carry = 0; | |
501 | register BN_ULONG *a_d, *r_d; | |
502 | BN_ULONG t_d[BN_NIST_256_TOP]; | |
503 | BN_ULONG t_d2[BN_NIST_256_TOP]; | |
504 | BN_32_BIT_BUF(8) BN_32_BIT_BUF(9) | |
505 | BN_32_BIT_BUF(10) BN_32_BIT_BUF(11) | |
506 | BN_32_BIT_BUF(12) BN_32_BIT_BUF(13) | |
507 | BN_32_BIT_BUF(14) BN_32_BIT_BUF(15) | |
508 | ||
509 | if (!_is_set_256_data) | |
19b8d06a BM |
510 | { |
511 | CRYPTO_w_lock(CRYPTO_LOCK_BN); | |
512 | ||
513 | if (!_is_set_256_data) | |
514 | _init_256_data(); | |
515 | ||
516 | CRYPTO_w_unlock(CRYPTO_LOCK_BN); | |
517 | } | |
518 | ||
5c6bf031 BM |
519 | tmp_int = BN_ucmp(field, a); |
520 | if (tmp_int == 0) | |
521 | return BN_zero(r); | |
522 | else if (tmp_int > 0) | |
19b8d06a | 523 | return (r == a)? 1 : (BN_copy(r ,a) != NULL); |
5c6bf031 BM |
524 | |
525 | if (r != a) | |
526 | if (!BN_ncopy(r, a, BN_NIST_256_TOP)) | |
527 | return 0; | |
528 | ||
529 | tmp_int = a->top-1; | |
530 | ||
531 | a_d = a->d; | |
532 | r_d = r->d; | |
533 | switch (tmp_int) | |
534 | { | |
535 | BN_CASE_32_BIT(15, a_d) | |
536 | BN_CASE_32_BIT(14, a_d) | |
537 | BN_CASE_32_BIT(13, a_d) | |
538 | BN_CASE_32_BIT(12, a_d) | |
539 | BN_CASE_32_BIT(11, a_d) | |
540 | BN_CASE_32_BIT(10, a_d) | |
541 | BN_CASE_32_BIT(9, a_d) | |
542 | BN_CASE_32_BIT(8, a_d) | |
543 | break; | |
544 | default: /* a->top == field->top */ | |
545 | return BN_usub(r, a, field); | |
546 | } | |
547 | ||
548 | /*S1*/ | |
549 | BN_256_SET(t_d,15,14,13,12,11,0,0,0) | |
550 | /*S2*/ | |
551 | BN_256_SET(t_d2,0,15,14,13,12,0,0,0) | |
552 | if (bn_add_words(t_d, t_d, t_d2, BN_NIST_256_TOP)) | |
553 | carry = 2; | |
554 | /* left shift */ | |
555 | { | |
556 | register BN_ULONG *ap,t,c; | |
557 | ap = t_d; | |
558 | c=0; | |
559 | for (tmp_int=BN_NIST_256_TOP; tmp_int != 0; --tmp_int) | |
560 | { | |
561 | t= *ap; | |
562 | *(ap++)=((t<<1)|c)&BN_MASK2; | |
563 | c=(t & BN_TBIT)?1:0; | |
564 | } | |
565 | if (c) | |
566 | ++carry; | |
567 | } | |
568 | ||
569 | if (bn_add_words(r_d, r_d, t_d, BN_NIST_256_TOP)) | |
570 | ++carry; | |
571 | /*S3*/ | |
572 | BN_256_SET(t_d,15,14,0,0,0,10,9,8) | |
573 | if (bn_add_words(r_d, r_d, t_d, BN_NIST_256_TOP)) | |
574 | ++carry; | |
575 | /*S4*/ | |
576 | BN_256_SET(t_d,8,13,15,14,13,11,10,9) | |
577 | if (bn_add_words(r_d, r_d, t_d, BN_NIST_256_TOP)) | |
578 | ++carry; | |
579 | /*D1*/ | |
580 | BN_256_SET(t_d,10,8,0,0,0,13,12,11) | |
581 | if (bn_sub_words(r_d, r_d, t_d, BN_NIST_256_TOP)) | |
582 | --carry; | |
583 | /*D2*/ | |
584 | BN_256_SET(t_d,11,9,0,0,15,14,13,12) | |
585 | if (bn_sub_words(r_d, r_d, t_d, BN_NIST_256_TOP)) | |
586 | --carry; | |
587 | /*D3*/ | |
588 | BN_256_SET(t_d,12,0,10,9,8,15,14,13) | |
589 | if (bn_sub_words(r_d, r_d, t_d, BN_NIST_256_TOP)) | |
590 | --carry; | |
591 | /*D4*/ | |
592 | BN_256_SET(t_d,13,0,11,10,9,0,15,14) | |
593 | if (bn_sub_words(r_d, r_d, t_d, BN_NIST_256_TOP)) | |
594 | --carry; | |
595 | ||
596 | if (carry) | |
597 | { | |
598 | if (carry > 0) | |
599 | bn_sub_words(r_d, r_d, _256_data + BN_NIST_256_TOP * | |
600 | --carry, BN_NIST_256_TOP); | |
601 | else | |
602 | { | |
603 | carry = -carry; | |
604 | bn_add_words(r_d, r_d, _256_data + BN_NIST_256_TOP * | |
605 | --carry, BN_NIST_256_TOP); | |
606 | } | |
607 | } | |
608 | ||
609 | r->top = BN_NIST_256_TOP; | |
19b8d06a | 610 | #if 1 |
5c6bf031 BM |
611 | bn_clear_top2max(r); |
612 | #endif | |
d870740c | 613 | bn_correct_top(r); |
5c6bf031 BM |
614 | |
615 | if (BN_ucmp(r, field) >= 0) | |
616 | { | |
617 | bn_sub_words(r_d, r_d, _nist_p_256, BN_NIST_256_TOP); | |
d870740c | 618 | bn_correct_top(r); |
5c6bf031 | 619 | } |
d870740c | 620 | bn_check_top(r); |
5c6bf031 BM |
621 | return 1; |
622 | #else | |
623 | return 0; | |
624 | #endif | |
625 | } | |
626 | ||
627 | static void _init_384_data(void) | |
628 | { | |
629 | int i; | |
630 | BN_ULONG *tmp1 = _384_data; | |
631 | const BN_ULONG *tmp2 = tmp1; | |
632 | ||
633 | memcpy(tmp1, _nist_p_384, BN_NIST_384_TOP * sizeof(BN_ULONG)); | |
634 | tmp1 += BN_NIST_384_TOP; | |
635 | ||
636 | for (i=0; i<7; i++) | |
637 | { | |
638 | bn_add_words(tmp1, _nist_p_384, tmp2, BN_NIST_384_TOP); | |
639 | tmp2 = tmp1; | |
640 | tmp1 += BN_NIST_384_TOP; | |
641 | } | |
642 | _is_set_384_data = 1; | |
643 | } | |
644 | ||
645 | #define BN_384_SET(d,a1,a2,a3,a4,a5,a6,a7,a8,a9,a10,a11,a12) \ | |
646 | {\ | |
647 | register BN_ULONG *td = (d);\ | |
648 | BN_CP_32_FROM_BUF(td,a12); BN_CP_32_FROM_BUF(td,a11);\ | |
649 | BN_CP_32_FROM_BUF(td,a10); BN_CP_32_FROM_BUF(td,a9);\ | |
650 | BN_CP_32_FROM_BUF(td,a8); BN_CP_32_FROM_BUF(td,a7);\ | |
651 | BN_CP_32_FROM_BUF(td,a6); BN_CP_32_FROM_BUF(td,a5);\ | |
652 | BN_CP_32_FROM_BUF(td,a4); BN_CP_32_FROM_BUF(td,a3);\ | |
653 | BN_CP_32_FROM_BUF(td,a2); BN_CP_32_FROM_BUF(td,a1);\ | |
654 | } | |
655 | ||
656 | int BN_nist_mod_384(BIGNUM *r, const BIGNUM *a, const BIGNUM *field, | |
657 | BN_CTX *ctx) | |
658 | { | |
659 | #ifndef NO_32_BIT_TYPE | |
660 | int tmp_int; | |
661 | int carry = 0; | |
662 | register BN_ULONG *r_d, *a_d; | |
663 | BN_ULONG t_d[BN_NIST_384_TOP]; | |
664 | BN_32_BIT_BUF(12) BN_32_BIT_BUF(13) | |
665 | BN_32_BIT_BUF(14) BN_32_BIT_BUF(15) | |
666 | BN_32_BIT_BUF(16) BN_32_BIT_BUF(17) | |
667 | BN_32_BIT_BUF(18) BN_32_BIT_BUF(19) | |
668 | BN_32_BIT_BUF(20) BN_32_BIT_BUF(21) | |
669 | BN_32_BIT_BUF(22) BN_32_BIT_BUF(23) | |
670 | ||
671 | if (!_is_set_384_data) | |
19b8d06a BM |
672 | { |
673 | CRYPTO_w_lock(CRYPTO_LOCK_BN); | |
674 | ||
675 | if (!_is_set_384_data) | |
676 | _init_384_data(); | |
677 | ||
678 | CRYPTO_w_unlock(CRYPTO_LOCK_BN); | |
679 | } | |
5c6bf031 BM |
680 | |
681 | tmp_int = BN_ucmp(field, a); | |
682 | if (tmp_int == 0) | |
683 | return BN_zero(r); | |
684 | else if (tmp_int > 0) | |
19b8d06a | 685 | return (r == a)? 1 : (BN_copy(r ,a) != NULL); |
5c6bf031 BM |
686 | |
687 | if (r != a) | |
688 | if (!BN_ncopy(r, a, BN_NIST_384_TOP)) | |
689 | return 0; | |
690 | ||
691 | r_d = r->d; | |
692 | a_d = a->d; | |
693 | tmp_int = a->top-1; | |
694 | ||
695 | switch (tmp_int) | |
696 | { | |
697 | BN_CASE_32_BIT(23, a_d) | |
698 | BN_CASE_32_BIT(22, a_d) | |
699 | BN_CASE_32_BIT(21, a_d) | |
700 | BN_CASE_32_BIT(20, a_d) | |
701 | BN_CASE_32_BIT(19, a_d) | |
702 | BN_CASE_32_BIT(18, a_d) | |
703 | BN_CASE_32_BIT(17, a_d) | |
704 | BN_CASE_32_BIT(16, a_d) | |
705 | BN_CASE_32_BIT(15, a_d) | |
706 | BN_CASE_32_BIT(14, a_d) | |
707 | BN_CASE_32_BIT(13, a_d) | |
708 | BN_CASE_32_BIT(12, a_d) | |
709 | break; | |
710 | default: /* a->top == field->top */ | |
711 | return BN_usub(r, a, field); | |
712 | } | |
713 | ||
714 | /*S1*/ | |
715 | BN_256_SET(t_d,0,0,0,0,0,23,22,21) | |
716 | /* left shift */ | |
717 | { | |
718 | register BN_ULONG *ap,t,c; | |
719 | ap = t_d; | |
720 | c=0; | |
721 | for (tmp_int=BN_NIST_256_TOP; tmp_int != 0; --tmp_int) | |
722 | { | |
723 | t= *ap; | |
724 | *(ap++)=((t<<1)|c)&BN_MASK2; | |
725 | c=(t & BN_TBIT)?1:0; | |
726 | } | |
727 | } | |
728 | if (bn_add_words(r_d+(128/BN_BITS2), r_d+(128/BN_BITS2), | |
729 | t_d, BN_NIST_256_TOP)) | |
730 | ++carry; | |
731 | /*S2*/ | |
732 | BN_384_SET(t_d,23,22,21,20,19,18,17,16,15,14,13,12) | |
733 | if (bn_add_words(r_d, r_d, t_d, BN_NIST_384_TOP)) | |
734 | ++carry; | |
735 | /*S3*/ | |
736 | BN_384_SET(t_d,20,19,18,17,16,15,14,13,12,23,22,21) | |
737 | if (bn_add_words(r_d, r_d, t_d, BN_NIST_384_TOP)) | |
738 | ++carry; | |
739 | /*S4*/ | |
740 | BN_384_SET(t_d,19,18,17,16,15,14,13,12,20,0,23,0) | |
741 | if (bn_add_words(r_d, r_d, t_d, BN_NIST_384_TOP)) | |
742 | ++carry; | |
743 | /*S5*/ | |
744 | BN_256_SET(t_d,0,0,0,0,23,22,21,20) | |
745 | if (bn_add_words(r_d+(128/BN_BITS2), r_d+(128/BN_BITS2), | |
746 | t_d, BN_NIST_256_TOP)) | |
747 | ++carry; | |
748 | /*S6*/ | |
749 | BN_384_SET(t_d,0,0,0,0,0,0,23,22,21,0,0,20) | |
750 | if (bn_add_words(r_d, r_d, t_d, BN_NIST_384_TOP)) | |
751 | ++carry; | |
752 | /*D1*/ | |
753 | BN_384_SET(t_d,22,21,20,19,18,17,16,15,14,13,12,23) | |
754 | if (bn_sub_words(r_d, r_d, t_d, BN_NIST_384_TOP)) | |
755 | --carry; | |
756 | /*D2*/ | |
757 | BN_384_SET(t_d,0,0,0,0,0,0,0,23,22,21,20,0) | |
758 | if (bn_sub_words(r_d, r_d, t_d, BN_NIST_384_TOP)) | |
759 | --carry; | |
760 | /*D3*/ | |
761 | BN_384_SET(t_d,0,0,0,0,0,0,0,23,23,0,0,0) | |
762 | if (bn_sub_words(r_d, r_d, t_d, BN_NIST_384_TOP)) | |
763 | --carry; | |
764 | ||
765 | if (carry) | |
766 | { | |
767 | if (carry > 0) | |
768 | bn_sub_words(r_d, r_d, _384_data + BN_NIST_384_TOP * | |
769 | --carry, BN_NIST_384_TOP); | |
770 | else | |
771 | { | |
772 | carry = -carry; | |
773 | bn_add_words(r_d, r_d, _384_data + BN_NIST_384_TOP * | |
774 | --carry, BN_NIST_384_TOP); | |
775 | } | |
776 | } | |
777 | ||
778 | r->top = BN_NIST_384_TOP; | |
19b8d06a | 779 | #if 1 |
5c6bf031 BM |
780 | bn_clear_top2max(r); |
781 | #endif | |
d870740c | 782 | bn_correct_top(r); |
5c6bf031 BM |
783 | |
784 | if (BN_ucmp(r, field) >= 0) | |
785 | { | |
786 | bn_sub_words(r_d, r_d, _nist_p_384, BN_NIST_384_TOP); | |
d870740c | 787 | bn_correct_top(r); |
5c6bf031 | 788 | } |
d870740c | 789 | bn_check_top(r); |
5c6bf031 BM |
790 | return 1; |
791 | #else | |
792 | return 0; | |
793 | #endif | |
794 | } | |
795 | ||
796 | int BN_nist_mod_521(BIGNUM *r, const BIGNUM *a, const BIGNUM *field, | |
797 | BN_CTX *ctx) | |
798 | { | |
799 | #if BN_BITS2 == 64 | |
800 | #define BN_NIST_521_TOP_MASK (BN_ULONG)0x1FF | |
801 | #elif BN_BITS2 == 32 | |
802 | #define BN_NIST_521_TOP_MASK (BN_ULONG)0x1FF | |
803 | #elif BN_BITS2 == 16 | |
804 | #define BN_NIST_521_TOP_MASK (BN_ULONG)0x1FF | |
805 | #elif BN_BITS2 == 8 | |
806 | #define BN_NIST_521_TOP_MASK (BN_ULONG)0x1 | |
807 | #endif | |
808 | int top, ret = 0; | |
809 | BN_ULONG *r_d; | |
810 | BIGNUM *tmp; | |
811 | ||
812 | /* check whether a reduction is necessary */ | |
813 | top = a->top; | |
814 | if (top < BN_NIST_521_TOP || ( top == BN_NIST_521_TOP && | |
815 | (!(a->d[BN_NIST_521_TOP-1] & ~(BN_NIST_521_TOP_MASK))))) | |
19b8d06a | 816 | return (r == a)? 1 : (BN_copy(r ,a) != NULL); |
5c6bf031 BM |
817 | |
818 | BN_CTX_start(ctx); | |
819 | tmp = BN_CTX_get(ctx); | |
820 | if (!tmp) | |
821 | goto err; | |
822 | ||
823 | if (!BN_ncopy(tmp, a, BN_NIST_521_TOP)) | |
824 | return 0; | |
825 | if (!BN_rshift(r, a, 521)) | |
826 | return 0; | |
827 | ||
828 | if (tmp->top == BN_NIST_521_TOP) | |
829 | tmp->d[BN_NIST_521_TOP-1] &= BN_NIST_521_TOP_MASK; | |
830 | ||
d870740c | 831 | bn_correct_top(tmp); |
5c6bf031 BM |
832 | if (!BN_uadd(r, tmp, r)) |
833 | return 0; | |
834 | top = r->top; | |
835 | r_d = r->d; | |
836 | if (top == BN_NIST_521_TOP && | |
837 | (r_d[BN_NIST_521_TOP-1] & ~(BN_NIST_521_TOP_MASK))) | |
838 | { | |
839 | BN_NIST_ADD_ONE(r_d) | |
840 | r_d[BN_NIST_521_TOP-1] &= BN_NIST_521_TOP_MASK; | |
841 | } | |
d870740c | 842 | bn_correct_top(r); |
5c6bf031 BM |
843 | |
844 | ret = 1; | |
845 | err: | |
846 | BN_CTX_end(ctx); | |
31166ec8 | 847 | |
d870740c | 848 | bn_check_top(r); |
5c6bf031 BM |
849 | return ret; |
850 | } |