]> git.ipfire.org Git - thirdparty/openssl.git/blame - crypto/bn/bn_nist.c
projects / thirdparty / openssl.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Put the first stage of my bignum debugging adventures into CVS. This code
[thirdparty/openssl.git] / crypto / bn / bn_nist.c
CommitLineData
5c6bf031
BM		 1/* crypto/bn/bn_nist.p */
2/* ====================================================================
3 * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved.
4 *
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
7 * are met:
8 *
9 * 1. Redistributions of source code must retain the above copyright
10 * notice, this list of conditions and the following disclaimer.
11 *
12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in
14 * the documentation and/or other materials provided with the
15 * distribution.
16 *
17 * 3. All advertising materials mentioning features or use of this
18 * software must display the following acknowledgment:
19 * "This product includes software developed by the OpenSSL Project
20 * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
21 *
22 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
23 * endorse or promote products derived from this software without
24 * prior written permission. For written permission, please contact
25 * openssl-core@openssl.org.
26 *
27 * 5. Products derived from this software may not be called "OpenSSL"
28 * nor may "OpenSSL" appear in their names without prior written
29 * permission of the OpenSSL Project.
30 *
31 * 6. Redistributions of any form whatsoever must retain the following
32 * acknowledgment:
33 * "This product includes software developed by the OpenSSL Project
34 * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
35 *
36 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
37 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
38 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
39 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
40 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
41 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
42 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
43 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
44 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
45 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
46 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
47 * OF THE POSSIBILITY OF SUCH DAMAGE.
48 * ====================================================================
49 *
50 * This product includes cryptographic software written by Eric Young
51 * (eay@cryptsoft.com). This product includes software written by Tim
52 * Hudson (tjh@cryptsoft.com).
53 *
54 */
55
56#include "bn_lcl.h"
19b8d06a 57#include "cryptlib.h"
5c6bf031
BM		 58
59#define BN_NIST_192_TOP (192+BN_BITS2-1)/BN_BITS2
60#define BN_NIST_224_TOP (224+BN_BITS2-1)/BN_BITS2
61#define BN_NIST_256_TOP (256+BN_BITS2-1)/BN_BITS2
19b8d06a 62#define BN_NIST_384_TOP (384+BN_BITS2-1)/BN_BITS2
5c6bf031
BM		 63#define BN_NIST_521_TOP (521+BN_BITS2-1)/BN_BITS2
64
65#if BN_BITS2 == 64
66const static BN_ULONG _nist_p_192[] = {0xFFFFFFFFFFFFFFFF,0xFFFFFFFFFFFFFFFE,
67 0xFFFFFFFFFFFFFFFF};
68const static BN_ULONG _nist_p_224[] = {0x0000000000000001,0xFFFFFFFF00000000,
69 0xFFFFFFFFFFFFFFFF,0x00000000FFFFFFFF};
70const static BN_ULONG _nist_p_256[] = {0xFFFFFFFFFFFFFFFF,0x00000000FFFFFFFF,
71 0x0000000000000000,0xFFFFFFFF00000001};
72const static BN_ULONG _nist_p_384[] = {0x00000000FFFFFFFF,0xFFFFFFFF00000000,
73 0xFFFFFFFFFFFFFFFE,0xFFFFFFFFFFFFFFFF,0xFFFFFFFFFFFFFFFF,
74 0xFFFFFFFFFFFFFFFF};
75const static BN_ULONG _nist_p_521[] = {0xFFFFFFFFFFFFFFFF,0xFFFFFFFFFFFFFFFF,
76 0xFFFFFFFFFFFFFFFF,0xFFFFFFFFFFFFFFFF,0xFFFFFFFFFFFFFFFF,
77 0xFFFFFFFFFFFFFFFF,0xFFFFFFFFFFFFFFFF,0xFFFFFFFFFFFFFFFF,
78 0x00000000000001FF};
79#elif BN_BITS2 == 32
80const static BN_ULONG _nist_p_192[] = {0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFE,
81 0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF};
82const static BN_ULONG _nist_p_224[] = {0x00000001,0x00000000,0x00000000,
83 0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF};
84const static BN_ULONG _nist_p_256[] = {0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,
85 0x00000000,0x00000000,0x00000000,0x00000001,0xFFFFFFFF};
86const static BN_ULONG _nist_p_384[] = {0xFFFFFFFF,0x00000000,0x00000000,
87 0xFFFFFFFF,0xFFFFFFFE,0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,
88 0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF};
89const static BN_ULONG _nist_p_521[] = {0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,
90 0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,
91 0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,
92 0xFFFFFFFF,0x000001FF};
93#elif BN_BITS2 == 16
94const static BN_ULONG _nist_p_192[] = {0xFFFF,0xFFFF,0xFFFF,0xFFFF,0xFFFE,
95 0xFFFF,0xFFFF,0xFFFF,0xFFFF,0xFFFF,0xFFFF,0xFFFF};
96const static BN_ULONG _nist_p_224[] = {0x0001,0x0000,0x0000,0x0000,0x0000,
97 0x0000,0xFFFF,0xFFFF,0xFFFF,0xFFFF,0xFFFF,0xFFFF,0xFFFF,0xFFFF};
98const static BN_ULONG _nist_p_256[] = {0xFFFF,0xFFFF,0xFFFF,0xFFFF,0xFFFF,
99 0xFFFF,0x0000,0x0000,0x0000,0x0000,0x0000,0x0000,0x0001,0x0000,0xFFFF,
100 0xFFFF};
101const static BN_ULONG _nist_p_384[] = {0xFFFF,0xFFFF,0x0000,0x0000,0x0000,
102 0x0000,0xFFFF,0xFFFF,0xFFFE,0xFFFF,0xFFFF,0xFFFF,0xFFFF,0xFFFF,0xFFFF,
103 0xFFFF,0xFFFF,0xFFFF,0xFFFF,0xFFFF,0xFFFF,0xFFFF,0xFFFF,0xFFFF};
104const static BN_ULONG _nist_p_521[] = {0xFFFF,0xFFFF,0xFFFF,0xFFFF,0xFFFF,
105 0xFFFF,0xFFFF,0xFFFF,0xFFFF,0xFFFF,0xFFFF,0xFFFF,0xFFFF,0xFFFF,0xFFFF,
106 0xFFFF,0xFFFF,0xFFFF,0xFFFF,0xFFFF,0xFFFF,0xFFFF,0xFFFF,0xFFFF,0xFFFF,
107 0xFFFF,0xFFFF,0xFFFF,0xFFFF,0xFFFF,0xFFFF,0xFFFF,0x01FF};
108#elif BN_BITS2 == 8
109const static BN_ULONG _nist_p_192[] = {0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
110 0xFE,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
111 0xFF,0xFF};
112const static BN_ULONG _nist_p_224[] = {0x01,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
113 0x00,0x00,0x00,0x00,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
114 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF};
115const static BN_ULONG _nist_p_256[] = {0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
116 0xFF,0xFF,0xFF,0xFF,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
117 0x00,0x00,0x01,0x00,0x00,0x00,0xFF,0xFF,0xFF,0xFF};
118const static BN_ULONG _nist_p_384[] = {0xFF,0xFF,0xFF,0xFF,0x00,0x00,0x00,0x00,
119 0x00,0x00,0x00,0x00,0xFF,0xFF,0xFF,0xFF,0xFE,0xFF,0xFF,0xFF,0xFF,0xFF,
120 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
121 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF};
122const static BN_ULONG _nist_p_521[] = {0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
123 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
124 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
125 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
126 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
127 0xFF,0x01};
128#endif
129
c465e794
GT		 130static const BIGNUM_C bn_nist_p_192 =
131 { _nist_p_192, BN_NIST_192_TOP, BN_NIST_192_TOP, 0, BN_FLG_STATIC_DATA };
132static const BIGNUM_C bn_nist_p_224 =
133 { _nist_p_224, BN_NIST_224_TOP, BN_NIST_224_TOP, 0, BN_FLG_STATIC_DATA };
134static const BIGNUM_C bn_nist_p_256 =
135 { _nist_p_256, BN_NIST_256_TOP, BN_NIST_256_TOP, 0, BN_FLG_STATIC_DATA };
136static const BIGNUM_C bn_nist_p_384 =
137 { _nist_p_384, BN_NIST_384_TOP, BN_NIST_384_TOP, 0, BN_FLG_STATIC_DATA };
138static const BIGNUM_C bn_nist_p_521 =
139 { _nist_p_521, BN_NIST_521_TOP, BN_NIST_521_TOP, 0, BN_FLG_STATIC_DATA };
140
5c6bf031
BM		 141const BIGNUM *BN_get0_nist_prime_192(void)
142 {
c465e794 143 return BIGNUM_CONST(&bn_nist_p_192);
5c6bf031
BM		 144 }
145
146const BIGNUM *BN_get0_nist_prime_224(void)
147 {
c465e794 148 return BIGNUM_CONST(&bn_nist_p_224);
5c6bf031
BM		 149 }
150
151const BIGNUM *BN_get0_nist_prime_256(void)
152 {
c465e794 153 return BIGNUM_CONST(&bn_nist_p_256);
5c6bf031
BM		 154 }
155
156const BIGNUM *BN_get0_nist_prime_384(void)
157 {
c465e794 158 return BIGNUM_CONST(&bn_nist_p_384);
5c6bf031
BM		 159 }
160
161const BIGNUM *BN_get0_nist_prime_521(void)
162 {
c465e794 163 return BIGNUM_CONST(&bn_nist_p_521);
5c6bf031
BM		 164 }
165
166/* some misc internal functions */
167static BN_ULONG _256_data[BN_NIST_256_TOP*6];
168static int _is_set_256_data = 0;
169static void _init_256_data(void);
170
171static BN_ULONG _384_data[BN_NIST_384_TOP*8];
172static int _is_set_384_data = 0;
173static void _init_384_data(void);
174
175#define BN_NIST_ADD_ONE(a) while (!(++(*(a)))) ++(a);
176#define __buf_0 (BN_ULONG)0
177#define __buf_0_1 (BN_ULONG)0
178#define __buf_0_2 (BN_ULONG)0
179#if BN_BITS2 == 64
180#define BN_64_BIT_BUF(n) BN_ULONG __buf_##n = (BN_ULONG)0;
181#define BN_CP_64_TO_BUF(n) __buf_##n = (a)[(n)];
182#define BN_CP_64_FROM_BUF(a,n) *(a)++ = __buf_##n;
183#define BN_CASE_64_BIT(n,a) case (n): __buf_##n = (a)[(n)];
184#if UINT_MAX == 4294967295UL
185#define nist32 unsigned int
186#define BN_32_BIT_BUF(n) nist32 __buf_##n = (nist32)0;
187#define BN_CP_32_TO_BUF(n) __buf_##n = ((nist32 *)(a))[(n)];
188#define BN_CP_32_FROM_BUF(a,n) *((nist32)(a))++ = __buf_##n;
189#define BN_CASE_32_BIT(n,a) case (n): __buf_##n = ((nist32)(a))[(n)];
190#elif ULONG_MAX == 4294967295UL
191#define nist32 unsigned long
192#define BN_32_BIT_BUF(n) nist32 __buf_##n = (nist32)0;
193#define BN_CP_32_TO_BUF(n) __buf_##n = ((nist32 *)(a))[(n)];
194#define BN_CP_32_FROM_BUF(a,n) *((nist32)(a))++ = __buf_##n;
195#define BN_CASE_32_BIT(n,a) case (n): __buf_##n = ((nist32)(a))[(n)];
196#else
197#define NO_32_BIT_TYPE
198#endif
199#elif BN_BITS2 == 32
200#define BN_64_BIT_BUF(n) BN_ULONG __buf_##n##_1 = (BN_ULONG)0;\
201 BN_ULONG __buf_##n##_2 = (BN_ULONG)0;
202#define BN_CP_64_TO_BUF(n) __buf_##n##_2 = (a)[2*(n)+1];\
203 __buf_##n##_1 = (a)[2*(n)];
204#define BN_CP_64_FROM_BUF(a,n) *(a)++ = __buf_##n##_1;\
205 *(a)++ = __buf_##n##_2;
206#define BN_CASE_64_BIT(n,a) case 2*(n)+1: __buf_##n##_2 = (a)[2*(n)+1];\
207 case 2*(n): __buf_##n##_1 = (a)[2*(n)];
208
209#define BN_32_BIT_BUF(n) BN_ULONG __buf_##n = (BN_ULONG)0;
210#define BN_CP_32_TO_BUF(n) __buf_##n = (a)[(n)];
211#define BN_CP_32_FROM_BUF(a,n) *(a)++ = __buf_##n;
212#define BN_CASE_32_BIT(n,a) case (n): __buf_##n = (a)[(n)];
213#elif BN_BITS2 == 16
214#define __buf_0_3 (BN_ULONG)0
215#define __buf_0_4 (BN_ULONG)0
216#define BN_64_BIT_BUF(n) BN_ULONG __buf_##n##_1 = (BN_ULONG)0;\
217 BN_ULONG __buf_##n##_2 = (BN_ULONG)0;\
218 BN_ULONG __buf_##n##_3 = (BN_ULONG)0;\
219 BN_ULONG __buf_##n##_4 = (BN_ULONG)0;
220#define BN_CP_64_TO_BUF(n) __buf_##n##_4 = (a)[4*(n)+3];\
221 __buf_##n##_3 = (a)[4*(n)+2];\
222 __buf_##n##_2 = (a)[4*(n)+1];\
223 __buf_##n##_1 = (a)[4*(n)];
224#define BN_CP_64_FROM_BUF(a,n) *(a)++ = __buf_##n##_1;\
225 *(a)++ = __buf_##n##_2;\
226 *(a)++ = __buf_##n##_3;\
227 *(a)++ = __buf_##n##_4;
228#define BN_CASE_64_BIT(n,a) case 4*(n)+3: __buf_##n##_4 = (a)[4*(n)+3];\
229 case 4*(n)+2: __buf_##n##_3 = (a)[4*(n)+2];\
230 case 4*(n)+1: __buf_##n##_2 = (a)[4*(n)+1];\
231 case 4*(n): __buf_##n##_1 = (a)[4*(n)];
232#define BN_32_BIT_BUF(n) BN_ULONG __buf_##n##_1 = (BN_ULONG)0;\
233 BN_ULONG __buf_##n##_2 = (BN_ULONG)0;
234#define BN_CP_32_TO_BUF(n) __buf_##n##_1 = (a)[2*(n)];\
235 __buf_##n##_2 = (a)[2*(n)+1];
236#define BN_CP_32_FROM_BUF(a,n) *(a)++ = __buf_##n##_1;\
237 *(a)++ = __buf_##n##_2;
238#define BN_CASE_32_BIT(n,a) case 2*(n)+1: __buf_##n##_2 = (a)[2*(n)+1];\
239 case 2*(n): __buf_##n##_1 = (a)[2*(n)];
240#elif BN_BITS2 == 8
241#define __buf_0_3 (BN_ULONG)0
242#define __buf_0_4 (BN_ULONG)0
243#define __buf_0_5 (BN_ULONG)0
244#define __buf_0_6 (BN_ULONG)0
245#define __buf_0_7 (BN_ULONG)0
246#define __buf_0_8 (BN_ULONG)0
247#define BN_64_BIT_BUF(n) BN_ULONG __buf_##n##_1 = (BN_ULONG)0;\
248 BN_ULONG __buf_##n##_2 = (BN_ULONG)0;\
249 BN_ULONG __buf_##n##_3 = (BN_ULONG)0;\
250 BN_ULONG __buf_##n##_4 = (BN_ULONG)0;\
251 BN_ULONG __buf_##n##_5 = (BN_ULONG)0;\
252 BN_ULONG __buf_##n##_6 = (BN_ULONG)0;\
253 BN_ULONG __buf_##n##_7 = (BN_ULONG)0;\
254 BN_ULONG __buf_##n##_8 = (BN_ULONG)0;
255#define BN_CP_64_TO_BUF(n) __buf_##n##_8 = (a)[8*(n)+7];\
256 __buf_##n##_7 = (a)[8*(n)+6];\
257 __buf_##n##_6 = (a)[8*(n)+5];\
258 __buf_##n##_5 = (a)[8*(n)+4];\
259 __buf_##n##_4 = (a)[8*(n)+3];\
260 __buf_##n##_3 = (a)[8*(n)+2];\
261 __buf_##n##_2 = (a)[8*(n)+1];\
262 __buf_##n##_1 = (a)[8*(n)];
263#define BN_CP_64_FROM_BUF(a,n) *(a)++ = __buf_##n##_1;\
264 *(a)++ = __buf_##n##_2;\
265 *(a)++ = __buf_##n##_3;\
266 *(a)++ = __buf_##n##_4;\
267 *(a)++ = __buf_##n##_5;\
268 *(a)++ = __buf_##n##_6;\
269 *(a)++ = __buf_##n##_7;\
270 *(a)++ = __buf_##n##_8;
271#define BN_CASE_64_BIT(n,a) case 8*(n)+7: __buf_##n##_8 = (a)[8*(n)+7];\
272 case 8*(n)+6: __buf_##n##_7 = (a)[8*(n)+6];\
273 case 8*(n)+5: __buf_##n##_6 = (a)[8*(n)+5];\
274 case 8*(n)+4: __buf_##n##_5 = (a)[8*(n)+4];\
275 case 8*(n)+3: __buf_##n##_4 = (a)[8*(n)+3];\
276 case 8*(n)+2: __buf_##n##_3 = (a)[8*(n)+2];\
277 case 8*(n)+1: __buf_##n##_2 = (a)[8*(n)+1];\
278 case 8*(n): __buf_##n##_1 = (a)[8*(n)];
279#define BN_32_BIT_BUF(n) BN_ULONG __buf_##n##_1 = (BN_ULONG)0;\
280 BN_ULONG __buf_##n##_2 = (BN_ULONG)0;\
281 BN_ULONG __buf_##n##_3 = (BN_ULONG)0;\
282 BN_ULONG __buf_##n##_4 = (BN_ULONG)0;
283#define BN_CP_32_TO_BUF(n) __buf_##n##_1 = (a)[4*(n)];\
284 __buf_##n##_2 = (a)[4*(n)+1];\
285 __buf_##n##_3 = (a)[4*(n)+2];\
286 __buf_##n##_4 = (a)[4*(n)+3];
287#define BN_CP_32_FROM_BUF(a,n) *(a)++ = __buf_##n##_1;\
288 *(a)++ = __buf_##n##_2;\
289 *(a)++ = __buf_##n##_3;\
290 *(a)++ = __buf_##n##_4;
291#define BN_CASE_32_BIT(n,a) case 4*(n)+3: __buf_##n##_4 = (a)[4*(n)+3];\
292 case 4*(n)+2: __buf_##n##_3 = (a)[4*(n)+2];\
293 case 4*(n)+1: __buf_##n##_2 = (a)[4*(n)+1];\
294 case 4*(n): __buf_##n##_1 = (a)[4*(n)];
295#endif
296
297
298#define BN_192_SET(d,a1,a2,a3) \
299 {\
300 register BN_ULONG *td = (d);\
301 BN_CP_64_FROM_BUF(td,a3); BN_CP_64_FROM_BUF(td,a2);\
302 BN_CP_64_FROM_BUF(td,a1);\
303 }
304
305int BN_nist_mod_192(BIGNUM *r, const BIGNUM *a, const BIGNUM *field,
306 BN_CTX *ctx)
307 {
308 int top;
309 BN_ULONG carry = 0;
310 register BN_ULONG *r_d, *a_d;
311 BN_ULONG t_d[BN_NIST_192_TOP];
312 BN_64_BIT_BUF(3) BN_64_BIT_BUF(4)
313 BN_64_BIT_BUF(5)
314
315 top = BN_ucmp(field, a);
316 if (top == 0)
317 return BN_zero(r);
318 else if (top > 0)
19b8d06a 319 return (r == a)? 1 : (BN_copy(r ,a) != NULL);
5c6bf031
BM		 320
321 if (r != a)
322 if (!BN_ncopy(r, a, BN_NIST_192_TOP))
323 return 0;
324
325 r_d = r->d;
326 a_d = a->d;
327 top = a->top-1;
328
329 switch (top)
330 {
331 BN_CASE_64_BIT(5, a_d)
332 BN_CASE_64_BIT(4, a_d)
333 BN_CASE_64_BIT(3, a_d)
334 break;
335 default: /* a->top == field->top */
336 return BN_usub(r, a, field);
337 }
338
339 BN_192_SET(t_d,0,3,3)
340 if (bn_add_words(r_d, r_d, t_d, BN_NIST_192_TOP))
341 ++carry;
342
343 BN_192_SET(t_d,4,4,0)
344 if (bn_add_words(r_d, r_d, t_d, BN_NIST_192_TOP))
345 ++carry;
346
347 BN_192_SET(t_d,5,5,5)
348 if (bn_add_words(r_d, r_d, t_d, BN_NIST_192_TOP))
349 ++carry;
350
351 while (carry)
352 {
353 if (bn_sub_words(r_d, r_d, _nist_p_192, BN_NIST_192_TOP))
354 --carry;
355 }
356 r->top = BN_NIST_192_TOP;
357
19b8d06a 358#if 1
5c6bf031
BM		 359 bn_clear_top2max(r);
360#endif
d870740c 361 bn_correct_top(r);
5c6bf031
BM		 362
363 if (BN_ucmp(r, field) >= 0)
364 {
365 bn_sub_words(r_d, r_d, _nist_p_192, BN_NIST_192_TOP);
d870740c 366 bn_correct_top(r);
5c6bf031
BM		 367 }
368
d870740c 369 bn_check_top(r);
5c6bf031
BM		 370 return 1;
371 }
372
373#define BN_224_SET(d,a1,a2,a3,a4,a5,a6,a7) \
374 {\
375 register BN_ULONG *td = (d);\
376 BN_CP_32_FROM_BUF(td,a7); BN_CP_32_FROM_BUF(td,a6);\
377 BN_CP_32_FROM_BUF(td,a5); BN_CP_32_FROM_BUF(td,a4);\
378 BN_CP_32_FROM_BUF(td,a3); BN_CP_32_FROM_BUF(td,a2);\
379 BN_CP_32_FROM_BUF(td,a1);\
380 }
381
382int BN_nist_mod_224(BIGNUM *r, const BIGNUM *a, const BIGNUM *field,
383 BN_CTX *ctx)
384 {
385#ifndef NO_32_BIT_TYPE
386 int tmp_int;
387 int carry = 0;
388 BN_ULONG *r_d, *a_d;
389 BN_ULONG t_d[BN_NIST_224_TOP];
390 BN_32_BIT_BUF(7) BN_32_BIT_BUF(8)
391 BN_32_BIT_BUF(9) BN_32_BIT_BUF(10)
392 BN_32_BIT_BUF(11) BN_32_BIT_BUF(12)
393 BN_32_BIT_BUF(13)
394
395 tmp_int = BN_ucmp(field, a);
396 if (tmp_int == 0)
397 return BN_zero(r);
398 else if (tmp_int > 0)
19b8d06a 399 return (r == a)? 1 : (BN_copy(r ,a) != NULL);
5c6bf031
BM		 400
401 if (r != a)
402 if (!BN_ncopy(r, a, BN_NIST_224_TOP))
403 return 0;
404
405 r_d = r->d;
406 a_d = a->d;
407
408 tmp_int = a->top-1;
409
410 switch (tmp_int)
411 {
412 BN_CASE_32_BIT(13, a_d)
413 BN_CASE_32_BIT(12, a_d)
414 BN_CASE_32_BIT(11, a_d)
415 BN_CASE_32_BIT(10, a_d)
416 BN_CASE_32_BIT(9, a_d)
417 BN_CASE_32_BIT(8, a_d)
418 BN_CASE_32_BIT(7, a_d)
419 break;
420 default: /* a->top == field->top */
421 return BN_usub(r, a, field);
422 }
423
424 BN_224_SET(t_d,10,9,8,7,0,0,0)
425 if (bn_add_words(r_d, r_d, t_d, BN_NIST_224_TOP))
426 ++carry;
427 BN_224_SET(t_d,0,13,12,11,0,0,0)
428 if (bn_add_words(r_d, r_d, t_d, BN_NIST_224_TOP))
429 ++carry;
430 BN_224_SET(t_d,13,12,11,10,9,8,7)
431 if (bn_sub_words(r_d, r_d, t_d, BN_NIST_224_TOP))
432 --carry;
433 BN_224_SET(t_d,0,0,0,0,13,12,11)
434 if (bn_sub_words(r_d, r_d, t_d, BN_NIST_224_TOP))
435 --carry;
436
437 if (carry > 0)
438 while (carry)
439 {
440 if (bn_sub_words(r_d,r_d,_nist_p_224,BN_NIST_224_TOP))
441 --carry;
442 }
443 else if (carry < 0)
444 while (carry)
445 {
446 if (bn_add_words(r_d,r_d,_nist_p_224,BN_NIST_224_TOP))
447 ++carry;
448 }
449
450 r->top = BN_NIST_224_TOP;
19b8d06a 451#if 1
5c6bf031
BM		 452 bn_clear_top2max(r);
453#endif
d870740c 454 bn_correct_top(r);
5c6bf031
BM		 455
456 if (BN_ucmp(r, field) >= 0)
457 {
458 bn_sub_words(r_d, r_d, _nist_p_224, BN_NIST_224_TOP);
d870740c 459 bn_correct_top(r);
5c6bf031 460 }
d870740c 461 bn_check_top(r);
5c6bf031
BM		 462 return 1;
463#else
464 return 0;
465#endif
466 }
467
468static void _init_256_data(void)
469 {
470 int i;
471 BN_ULONG *tmp1 = _256_data;
472 const BN_ULONG *tmp2 = tmp1;
473
474 memcpy(tmp1, _nist_p_256, BN_NIST_256_TOP * sizeof(BN_ULONG));
475 tmp1 += BN_NIST_256_TOP;
476
477 for (i=0; i<5; i++)
478 {
479 bn_add_words(tmp1, _nist_p_256, tmp2, BN_NIST_256_TOP);
480 tmp2 = tmp1;
481 tmp1 += BN_NIST_256_TOP;
482 }
483 _is_set_256_data = 1;
484 }
485
486#define BN_256_SET(d,a1,a2,a3,a4,a5,a6,a7,a8) \
487 {\
488 register BN_ULONG *td = (d);\
489 BN_CP_32_FROM_BUF(td,a8); BN_CP_32_FROM_BUF(td,a7);\
490 BN_CP_32_FROM_BUF(td,a6); BN_CP_32_FROM_BUF(td,a5);\
491 BN_CP_32_FROM_BUF(td,a4); BN_CP_32_FROM_BUF(td,a3);\
492 BN_CP_32_FROM_BUF(td,a2); BN_CP_32_FROM_BUF(td,a1);\
493 }
494
495int BN_nist_mod_256(BIGNUM *r, const BIGNUM *a, const BIGNUM *field,
496 BN_CTX *ctx)
497 {
498#ifndef NO_32_BIT_TYPE
499 int tmp_int;
500 int carry = 0;
501 register BN_ULONG *a_d, *r_d;
502 BN_ULONG t_d[BN_NIST_256_TOP];
503 BN_ULONG t_d2[BN_NIST_256_TOP];
504 BN_32_BIT_BUF(8) BN_32_BIT_BUF(9)
505 BN_32_BIT_BUF(10) BN_32_BIT_BUF(11)
506 BN_32_BIT_BUF(12) BN_32_BIT_BUF(13)
507 BN_32_BIT_BUF(14) BN_32_BIT_BUF(15)
508
509 if (!_is_set_256_data)
19b8d06a
BM		 510 {
511 CRYPTO_w_lock(CRYPTO_LOCK_BN);
512
513 if (!_is_set_256_data)
514 _init_256_data();
515
516 CRYPTO_w_unlock(CRYPTO_LOCK_BN);
517 }
518
5c6bf031
BM		 519 tmp_int = BN_ucmp(field, a);
520 if (tmp_int == 0)
521 return BN_zero(r);
522 else if (tmp_int > 0)
19b8d06a 523 return (r == a)? 1 : (BN_copy(r ,a) != NULL);
5c6bf031
BM		 524
525 if (r != a)
526 if (!BN_ncopy(r, a, BN_NIST_256_TOP))
527 return 0;
528
529 tmp_int = a->top-1;
530
531 a_d = a->d;
532 r_d = r->d;
533 switch (tmp_int)
534 {
535 BN_CASE_32_BIT(15, a_d)
536 BN_CASE_32_BIT(14, a_d)
537 BN_CASE_32_BIT(13, a_d)
538 BN_CASE_32_BIT(12, a_d)
539 BN_CASE_32_BIT(11, a_d)
540 BN_CASE_32_BIT(10, a_d)
541 BN_CASE_32_BIT(9, a_d)
542 BN_CASE_32_BIT(8, a_d)
543 break;
544 default: /* a->top == field->top */
545 return BN_usub(r, a, field);
546 }
547
548 /*S1*/
549 BN_256_SET(t_d,15,14,13,12,11,0,0,0)
550 /*S2*/
551 BN_256_SET(t_d2,0,15,14,13,12,0,0,0)
552 if (bn_add_words(t_d, t_d, t_d2, BN_NIST_256_TOP))
553 carry = 2;
554 /* left shift */
555 {
556 register BN_ULONG *ap,t,c;
557 ap = t_d;
558 c=0;
559 for (tmp_int=BN_NIST_256_TOP; tmp_int != 0; --tmp_int)
560 {
561 t= *ap;
562 *(ap++)=((t<<1)|c)&BN_MASK2;
563 c=(t & BN_TBIT)?1:0;
564 }
565 if (c)
566 ++carry;
567 }
568
569 if (bn_add_words(r_d, r_d, t_d, BN_NIST_256_TOP))
570 ++carry;
571 /*S3*/
572 BN_256_SET(t_d,15,14,0,0,0,10,9,8)
573 if (bn_add_words(r_d, r_d, t_d, BN_NIST_256_TOP))
574 ++carry;
575 /*S4*/
576 BN_256_SET(t_d,8,13,15,14,13,11,10,9)
577 if (bn_add_words(r_d, r_d, t_d, BN_NIST_256_TOP))
578 ++carry;
579 /*D1*/
580 BN_256_SET(t_d,10,8,0,0,0,13,12,11)
581 if (bn_sub_words(r_d, r_d, t_d, BN_NIST_256_TOP))
582 --carry;
583 /*D2*/
584 BN_256_SET(t_d,11,9,0,0,15,14,13,12)
585 if (bn_sub_words(r_d, r_d, t_d, BN_NIST_256_TOP))
586 --carry;
587 /*D3*/
588 BN_256_SET(t_d,12,0,10,9,8,15,14,13)
589 if (bn_sub_words(r_d, r_d, t_d, BN_NIST_256_TOP))
590 --carry;
591 /*D4*/
592 BN_256_SET(t_d,13,0,11,10,9,0,15,14)
593 if (bn_sub_words(r_d, r_d, t_d, BN_NIST_256_TOP))
594 --carry;
595
596 if (carry)
597 {
598 if (carry > 0)
599 bn_sub_words(r_d, r_d, _256_data + BN_NIST_256_TOP *
600 --carry, BN_NIST_256_TOP);
601 else
602 {
603 carry = -carry;
604 bn_add_words(r_d, r_d, _256_data + BN_NIST_256_TOP *
605 --carry, BN_NIST_256_TOP);
606 }
607 }
608
609 r->top = BN_NIST_256_TOP;
19b8d06a 610#if 1
5c6bf031
BM		 611 bn_clear_top2max(r);
612#endif
d870740c 613 bn_correct_top(r);
5c6bf031
BM		 614
615 if (BN_ucmp(r, field) >= 0)
616 {
617 bn_sub_words(r_d, r_d, _nist_p_256, BN_NIST_256_TOP);
d870740c 618 bn_correct_top(r);
5c6bf031 619 }
d870740c 620 bn_check_top(r);
5c6bf031
BM		 621 return 1;
622#else
623 return 0;
624#endif
625 }
626
627static void _init_384_data(void)
628 {
629 int i;
630 BN_ULONG *tmp1 = _384_data;
631 const BN_ULONG *tmp2 = tmp1;
632
633 memcpy(tmp1, _nist_p_384, BN_NIST_384_TOP * sizeof(BN_ULONG));
634 tmp1 += BN_NIST_384_TOP;
635
636 for (i=0; i<7; i++)
637 {
638 bn_add_words(tmp1, _nist_p_384, tmp2, BN_NIST_384_TOP);
639 tmp2 = tmp1;
640 tmp1 += BN_NIST_384_TOP;
641 }
642 _is_set_384_data = 1;
643 }
644
645#define BN_384_SET(d,a1,a2,a3,a4,a5,a6,a7,a8,a9,a10,a11,a12) \
646 {\
647 register BN_ULONG *td = (d);\
648 BN_CP_32_FROM_BUF(td,a12); BN_CP_32_FROM_BUF(td,a11);\
649 BN_CP_32_FROM_BUF(td,a10); BN_CP_32_FROM_BUF(td,a9);\
650 BN_CP_32_FROM_BUF(td,a8); BN_CP_32_FROM_BUF(td,a7);\
651 BN_CP_32_FROM_BUF(td,a6); BN_CP_32_FROM_BUF(td,a5);\
652 BN_CP_32_FROM_BUF(td,a4); BN_CP_32_FROM_BUF(td,a3);\
653 BN_CP_32_FROM_BUF(td,a2); BN_CP_32_FROM_BUF(td,a1);\
654 }
655
656int BN_nist_mod_384(BIGNUM *r, const BIGNUM *a, const BIGNUM *field,
657 BN_CTX *ctx)
658 {
659#ifndef NO_32_BIT_TYPE
660 int tmp_int;
661 int carry = 0;
662 register BN_ULONG *r_d, *a_d;
663 BN_ULONG t_d[BN_NIST_384_TOP];
664 BN_32_BIT_BUF(12) BN_32_BIT_BUF(13)
665 BN_32_BIT_BUF(14) BN_32_BIT_BUF(15)
666 BN_32_BIT_BUF(16) BN_32_BIT_BUF(17)
667 BN_32_BIT_BUF(18) BN_32_BIT_BUF(19)
668 BN_32_BIT_BUF(20) BN_32_BIT_BUF(21)
669 BN_32_BIT_BUF(22) BN_32_BIT_BUF(23)
670
671 if (!_is_set_384_data)
19b8d06a
BM		 672 {
673 CRYPTO_w_lock(CRYPTO_LOCK_BN);
674
675 if (!_is_set_384_data)
676 _init_384_data();
677
678 CRYPTO_w_unlock(CRYPTO_LOCK_BN);
679 }
5c6bf031
BM		 680
681 tmp_int = BN_ucmp(field, a);
682 if (tmp_int == 0)
683 return BN_zero(r);
684 else if (tmp_int > 0)
19b8d06a 685 return (r == a)? 1 : (BN_copy(r ,a) != NULL);
5c6bf031
BM		 686
687 if (r != a)
688 if (!BN_ncopy(r, a, BN_NIST_384_TOP))
689 return 0;
690
691 r_d = r->d;
692 a_d = a->d;
693 tmp_int = a->top-1;
694
695 switch (tmp_int)
696 {
697 BN_CASE_32_BIT(23, a_d)
698 BN_CASE_32_BIT(22, a_d)
699 BN_CASE_32_BIT(21, a_d)
700 BN_CASE_32_BIT(20, a_d)
701 BN_CASE_32_BIT(19, a_d)
702 BN_CASE_32_BIT(18, a_d)
703 BN_CASE_32_BIT(17, a_d)
704 BN_CASE_32_BIT(16, a_d)
705 BN_CASE_32_BIT(15, a_d)
706 BN_CASE_32_BIT(14, a_d)
707 BN_CASE_32_BIT(13, a_d)
708 BN_CASE_32_BIT(12, a_d)
709 break;
710 default: /* a->top == field->top */
711 return BN_usub(r, a, field);
712 }
713
714 /*S1*/
715 BN_256_SET(t_d,0,0,0,0,0,23,22,21)
716 /* left shift */
717 {
718 register BN_ULONG *ap,t,c;
719 ap = t_d;
720 c=0;
721 for (tmp_int=BN_NIST_256_TOP; tmp_int != 0; --tmp_int)
722 {
723 t= *ap;
724 *(ap++)=((t<<1)|c)&BN_MASK2;
725 c=(t & BN_TBIT)?1:0;
726 }
727 }
728 if (bn_add_words(r_d+(128/BN_BITS2), r_d+(128/BN_BITS2),
729 t_d, BN_NIST_256_TOP))
730 ++carry;
731 /*S2*/
732 BN_384_SET(t_d,23,22,21,20,19,18,17,16,15,14,13,12)
733 if (bn_add_words(r_d, r_d, t_d, BN_NIST_384_TOP))
734 ++carry;
735 /*S3*/
736 BN_384_SET(t_d,20,19,18,17,16,15,14,13,12,23,22,21)
737 if (bn_add_words(r_d, r_d, t_d, BN_NIST_384_TOP))
738 ++carry;
739 /*S4*/
740 BN_384_SET(t_d,19,18,17,16,15,14,13,12,20,0,23,0)
741 if (bn_add_words(r_d, r_d, t_d, BN_NIST_384_TOP))
742 ++carry;
743 /*S5*/
744 BN_256_SET(t_d,0,0,0,0,23,22,21,20)
745 if (bn_add_words(r_d+(128/BN_BITS2), r_d+(128/BN_BITS2),
746 t_d, BN_NIST_256_TOP))
747 ++carry;
748 /*S6*/
749 BN_384_SET(t_d,0,0,0,0,0,0,23,22,21,0,0,20)
750 if (bn_add_words(r_d, r_d, t_d, BN_NIST_384_TOP))
751 ++carry;
752 /*D1*/
753 BN_384_SET(t_d,22,21,20,19,18,17,16,15,14,13,12,23)
754 if (bn_sub_words(r_d, r_d, t_d, BN_NIST_384_TOP))
755 --carry;
756 /*D2*/
757 BN_384_SET(t_d,0,0,0,0,0,0,0,23,22,21,20,0)
758 if (bn_sub_words(r_d, r_d, t_d, BN_NIST_384_TOP))
759 --carry;
760 /*D3*/
761 BN_384_SET(t_d,0,0,0,0,0,0,0,23,23,0,0,0)
762 if (bn_sub_words(r_d, r_d, t_d, BN_NIST_384_TOP))
763 --carry;
764
765 if (carry)
766 {
767 if (carry > 0)
768 bn_sub_words(r_d, r_d, _384_data + BN_NIST_384_TOP *
769 --carry, BN_NIST_384_TOP);
770 else
771 {
772 carry = -carry;
773 bn_add_words(r_d, r_d, _384_data + BN_NIST_384_TOP *
774 --carry, BN_NIST_384_TOP);
775 }
776 }
777
778 r->top = BN_NIST_384_TOP;
19b8d06a 779#if 1
5c6bf031
BM		 780 bn_clear_top2max(r);
781#endif
d870740c 782 bn_correct_top(r);
5c6bf031
BM		 783
784 if (BN_ucmp(r, field) >= 0)
785 {
786 bn_sub_words(r_d, r_d, _nist_p_384, BN_NIST_384_TOP);
d870740c 787 bn_correct_top(r);
5c6bf031 788 }
d870740c 789 bn_check_top(r);
5c6bf031
BM		 790 return 1;
791#else
792 return 0;
793#endif
794 }
795
796int BN_nist_mod_521(BIGNUM *r, const BIGNUM *a, const BIGNUM *field,
797 BN_CTX *ctx)
798 {
799#if BN_BITS2 == 64
800#define BN_NIST_521_TOP_MASK (BN_ULONG)0x1FF
801#elif BN_BITS2 == 32
802#define BN_NIST_521_TOP_MASK (BN_ULONG)0x1FF
803#elif BN_BITS2 == 16
804#define BN_NIST_521_TOP_MASK (BN_ULONG)0x1FF
805#elif BN_BITS2 == 8
806#define BN_NIST_521_TOP_MASK (BN_ULONG)0x1
807#endif
808 int top, ret = 0;
809 BN_ULONG *r_d;
810 BIGNUM *tmp;
811
812 /* check whether a reduction is necessary */
813 top = a->top;
814 if (top < BN_NIST_521_TOP || ( top == BN_NIST_521_TOP &&
815 (!(a->d[BN_NIST_521_TOP-1] & ~(BN_NIST_521_TOP_MASK)))))
19b8d06a 816 return (r == a)? 1 : (BN_copy(r ,a) != NULL);
5c6bf031
BM		 817
818 BN_CTX_start(ctx);
819 tmp = BN_CTX_get(ctx);
820 if (!tmp)
821 goto err;
822
823 if (!BN_ncopy(tmp, a, BN_NIST_521_TOP))
824 return 0;
825 if (!BN_rshift(r, a, 521))
826 return 0;
827
828 if (tmp->top == BN_NIST_521_TOP)
829 tmp->d[BN_NIST_521_TOP-1] &= BN_NIST_521_TOP_MASK;
830
d870740c 831 bn_correct_top(tmp);
5c6bf031
BM		 832 if (!BN_uadd(r, tmp, r))
833 return 0;
834 top = r->top;
835 r_d = r->d;
836 if (top == BN_NIST_521_TOP &&
837 (r_d[BN_NIST_521_TOP-1] & ~(BN_NIST_521_TOP_MASK)))
838 {
839 BN_NIST_ADD_ONE(r_d)
840 r_d[BN_NIST_521_TOP-1] &= BN_NIST_521_TOP_MASK;
841 }
d870740c 842 bn_correct_top(r);
5c6bf031
BM		 843
844 ret = 1;
845err:
846 BN_CTX_end(ctx);
31166ec8 847
d870740c 848 bn_check_top(r);
5c6bf031
BM		 849 return ret;
850 }
A mirror of the official openssl repository