wolfSSL - wolfSSL SSL/TLS library, support up to TLS1.3

Users » wolfSSL » Code » wolfSSL

wolfSSL SSL/TLS library, support up to TLS1.3

Dependents: CyaSSL-Twitter-OAuth4Tw Example-client-tls-cert TwitterReader TweetTest ... more

wolfcrypt/src/tfm.c@13:f67a6c6013ca, 2017-08-22 (annotated)

Committer:: wolfSSL
Date:: Tue Aug 22 10:48:22 2017 +0000
Revision:: 13:f67a6c6013ca

wolfSSL3.12.0 with TLS1.3

Who changed what in which revision?

User	Revision	Line number	New contents of line
wolfSSL	13:f67a6c6013ca	1	/* tfm.c
wolfSSL	13:f67a6c6013ca	2	*
wolfSSL	13:f67a6c6013ca	3	* Copyright (C) 2006-2016 wolfSSL Inc.
wolfSSL	13:f67a6c6013ca	4	*
wolfSSL	13:f67a6c6013ca	5	* This file is part of wolfSSL.
wolfSSL	13:f67a6c6013ca	6	*
wolfSSL	13:f67a6c6013ca	7	* wolfSSL is free software; you can redistribute it and/or modify
wolfSSL	13:f67a6c6013ca	8	* it under the terms of the GNU General Public License as published by
wolfSSL	13:f67a6c6013ca	9	* the Free Software Foundation; either version 2 of the License, or
wolfSSL	13:f67a6c6013ca	10	* (at your option) any later version.
wolfSSL	13:f67a6c6013ca	11	*
wolfSSL	13:f67a6c6013ca	12	* wolfSSL is distributed in the hope that it will be useful,
wolfSSL	13:f67a6c6013ca	13	* but WITHOUT ANY WARRANTY; without even the implied warranty of
wolfSSL	13:f67a6c6013ca	14	* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
wolfSSL	13:f67a6c6013ca	15	* GNU General Public License for more details.
wolfSSL	13:f67a6c6013ca	16	*
wolfSSL	13:f67a6c6013ca	17	* You should have received a copy of the GNU General Public License
wolfSSL	13:f67a6c6013ca	18	* along with this program; if not, write to the Free Software
wolfSSL	13:f67a6c6013ca	19	* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
wolfSSL	13:f67a6c6013ca	20	*/
wolfSSL	13:f67a6c6013ca	21
wolfSSL	13:f67a6c6013ca	22
wolfSSL	13:f67a6c6013ca	23
wolfSSL	13:f67a6c6013ca	24	/*
wolfSSL	13:f67a6c6013ca	25	* Based on public domain TomsFastMath 0.10 by Tom St Denis, tomstdenis@iahu.ca,
wolfSSL	13:f67a6c6013ca	26	* http://math.libtomcrypt.com
wolfSSL	13:f67a6c6013ca	27	*/
wolfSSL	13:f67a6c6013ca	28
wolfSSL	13:f67a6c6013ca	29	/**
wolfSSL	13:f67a6c6013ca	30	* Edited by Moises Guimaraes (moisesguimaraesm@gmail.com)
wolfSSL	13:f67a6c6013ca	31	* to fit CyaSSL's needs.
wolfSSL	13:f67a6c6013ca	32	*/
wolfSSL	13:f67a6c6013ca	33
wolfSSL	13:f67a6c6013ca	34	#ifdef HAVE_CONFIG_H
wolfSSL	13:f67a6c6013ca	35	#include <config.h>
wolfSSL	13:f67a6c6013ca	36	#endif
wolfSSL	13:f67a6c6013ca	37
wolfSSL	13:f67a6c6013ca	38	/* in case user set USE_FAST_MATH there */
wolfSSL	13:f67a6c6013ca	39	#include <wolfssl/wolfcrypt/settings.h>
wolfSSL	13:f67a6c6013ca	40	#ifdef NO_INLINE
wolfSSL	13:f67a6c6013ca	41	#include <wolfssl/wolfcrypt/misc.h>
wolfSSL	13:f67a6c6013ca	42	#else
wolfSSL	13:f67a6c6013ca	43	#define WOLFSSL_MISC_INCLUDED
wolfSSL	13:f67a6c6013ca	44	#include <wolfcrypt/src/misc.c>
wolfSSL	13:f67a6c6013ca	45	#endif
wolfSSL	13:f67a6c6013ca	46
wolfSSL	13:f67a6c6013ca	47	#ifdef USE_FAST_MATH
wolfSSL	13:f67a6c6013ca	48
wolfSSL	13:f67a6c6013ca	49	#include <wolfssl/wolfcrypt/random.h>
wolfSSL	13:f67a6c6013ca	50	#include <wolfssl/wolfcrypt/tfm.h>
wolfSSL	13:f67a6c6013ca	51	#include <wolfcrypt/src/asm.c> /* will define asm MACROS or C ones */
wolfSSL	13:f67a6c6013ca	52	#include <wolfssl/wolfcrypt/wolfmath.h> /* common functions */
wolfSSL	13:f67a6c6013ca	53
wolfSSL	13:f67a6c6013ca	54	#if defined(FREESCALE_LTC_TFM)
wolfSSL	13:f67a6c6013ca	55	#include <wolfssl/wolfcrypt/port/nxp/ksdk_port.h>
wolfSSL	13:f67a6c6013ca	56	#endif
wolfSSL	13:f67a6c6013ca	57	#ifdef WOLFSSL_DEBUG_MATH
wolfSSL	13:f67a6c6013ca	58	#include <stdio.h>
wolfSSL	13:f67a6c6013ca	59	#endif
wolfSSL	13:f67a6c6013ca	60
wolfSSL	13:f67a6c6013ca	61
wolfSSL	13:f67a6c6013ca	62	/* math settings check */
wolfSSL	13:f67a6c6013ca	63	word32 CheckRunTimeSettings(void)
wolfSSL	13:f67a6c6013ca	64	{
wolfSSL	13:f67a6c6013ca	65	return CTC_SETTINGS;
wolfSSL	13:f67a6c6013ca	66	}
wolfSSL	13:f67a6c6013ca	67
wolfSSL	13:f67a6c6013ca	68
wolfSSL	13:f67a6c6013ca	69	/* math settings size check */
wolfSSL	13:f67a6c6013ca	70	word32 CheckRunTimeFastMath(void)
wolfSSL	13:f67a6c6013ca	71	{
wolfSSL	13:f67a6c6013ca	72	return FP_SIZE;
wolfSSL	13:f67a6c6013ca	73	}
wolfSSL	13:f67a6c6013ca	74
wolfSSL	13:f67a6c6013ca	75
wolfSSL	13:f67a6c6013ca	76	/* Functions */
wolfSSL	13:f67a6c6013ca	77
wolfSSL	13:f67a6c6013ca	78	void fp_add(fp_int a, fp_int b, fp_int *c)
wolfSSL	13:f67a6c6013ca	79	{
wolfSSL	13:f67a6c6013ca	80	int sa, sb;
wolfSSL	13:f67a6c6013ca	81
wolfSSL	13:f67a6c6013ca	82	/* get sign of both inputs */
wolfSSL	13:f67a6c6013ca	83	sa = a->sign;
wolfSSL	13:f67a6c6013ca	84	sb = b->sign;
wolfSSL	13:f67a6c6013ca	85
wolfSSL	13:f67a6c6013ca	86	/* handle two cases, not four */
wolfSSL	13:f67a6c6013ca	87	if (sa == sb) {
wolfSSL	13:f67a6c6013ca	88	/* both positive or both negative */
wolfSSL	13:f67a6c6013ca	89	/* add their magnitudes, copy the sign */
wolfSSL	13:f67a6c6013ca	90	c->sign = sa;
wolfSSL	13:f67a6c6013ca	91	s_fp_add (a, b, c);
wolfSSL	13:f67a6c6013ca	92	} else {
wolfSSL	13:f67a6c6013ca	93	/* one positive, the other negative */
wolfSSL	13:f67a6c6013ca	94	/* subtract the one with the greater magnitude from */
wolfSSL	13:f67a6c6013ca	95	/* the one of the lesser magnitude. The result gets */
wolfSSL	13:f67a6c6013ca	96	/* the sign of the one with the greater magnitude. */
wolfSSL	13:f67a6c6013ca	97	if (fp_cmp_mag (a, b) == FP_LT) {
wolfSSL	13:f67a6c6013ca	98	c->sign = sb;
wolfSSL	13:f67a6c6013ca	99	s_fp_sub (b, a, c);
wolfSSL	13:f67a6c6013ca	100	} else {
wolfSSL	13:f67a6c6013ca	101	c->sign = sa;
wolfSSL	13:f67a6c6013ca	102	s_fp_sub (a, b, c);
wolfSSL	13:f67a6c6013ca	103	}
wolfSSL	13:f67a6c6013ca	104	}
wolfSSL	13:f67a6c6013ca	105	}
wolfSSL	13:f67a6c6013ca	106
wolfSSL	13:f67a6c6013ca	107	/* unsigned addition */
wolfSSL	13:f67a6c6013ca	108	void s_fp_add(fp_int a, fp_int b, fp_int *c)
wolfSSL	13:f67a6c6013ca	109	{
wolfSSL	13:f67a6c6013ca	110	int x, y, oldused;
wolfSSL	13:f67a6c6013ca	111	fp_word t;
wolfSSL	13:f67a6c6013ca	112
wolfSSL	13:f67a6c6013ca	113	y = MAX(a->used, b->used);
wolfSSL	13:f67a6c6013ca	114	oldused = MIN(c->used, FP_SIZE); /* help static analysis w/ largest size */
wolfSSL	13:f67a6c6013ca	115	c->used = y;
wolfSSL	13:f67a6c6013ca	116
wolfSSL	13:f67a6c6013ca	117	t = 0;
wolfSSL	13:f67a6c6013ca	118	for (x = 0; x < y; x++) {
wolfSSL	13:f67a6c6013ca	119	t += ((fp_word)a->dp[x]) + ((fp_word)b->dp[x]);
wolfSSL	13:f67a6c6013ca	120	c->dp[x] = (fp_digit)t;
wolfSSL	13:f67a6c6013ca	121	t >>= DIGIT_BIT;
wolfSSL	13:f67a6c6013ca	122	}
wolfSSL	13:f67a6c6013ca	123	if (t != 0 && x < FP_SIZE) {
wolfSSL	13:f67a6c6013ca	124	c->dp[c->used++] = (fp_digit)t;
wolfSSL	13:f67a6c6013ca	125	++x;
wolfSSL	13:f67a6c6013ca	126	}
wolfSSL	13:f67a6c6013ca	127
wolfSSL	13:f67a6c6013ca	128	c->used = x;
wolfSSL	13:f67a6c6013ca	129
wolfSSL	13:f67a6c6013ca	130	/* zero any excess digits on the destination that we didn't write to */
wolfSSL	13:f67a6c6013ca	131	for (; x < oldused; x++) {
wolfSSL	13:f67a6c6013ca	132	c->dp[x] = 0;
wolfSSL	13:f67a6c6013ca	133	}
wolfSSL	13:f67a6c6013ca	134	fp_clamp(c);
wolfSSL	13:f67a6c6013ca	135	}
wolfSSL	13:f67a6c6013ca	136
wolfSSL	13:f67a6c6013ca	137	/* c = a - b */
wolfSSL	13:f67a6c6013ca	138	void fp_sub(fp_int a, fp_int b, fp_int *c)
wolfSSL	13:f67a6c6013ca	139	{
wolfSSL	13:f67a6c6013ca	140	int sa, sb;
wolfSSL	13:f67a6c6013ca	141
wolfSSL	13:f67a6c6013ca	142	sa = a->sign;
wolfSSL	13:f67a6c6013ca	143	sb = b->sign;
wolfSSL	13:f67a6c6013ca	144
wolfSSL	13:f67a6c6013ca	145	if (sa != sb) {
wolfSSL	13:f67a6c6013ca	146	/* subtract a negative from a positive, OR */
wolfSSL	13:f67a6c6013ca	147	/* subtract a positive from a negative. */
wolfSSL	13:f67a6c6013ca	148	/* In either case, ADD their magnitudes, */
wolfSSL	13:f67a6c6013ca	149	/* and use the sign of the first number. */
wolfSSL	13:f67a6c6013ca	150	c->sign = sa;
wolfSSL	13:f67a6c6013ca	151	s_fp_add (a, b, c);
wolfSSL	13:f67a6c6013ca	152	} else {
wolfSSL	13:f67a6c6013ca	153	/* subtract a positive from a positive, OR */
wolfSSL	13:f67a6c6013ca	154	/* subtract a negative from a negative. */
wolfSSL	13:f67a6c6013ca	155	/* First, take the difference between their */
wolfSSL	13:f67a6c6013ca	156	/* magnitudes, then... */
wolfSSL	13:f67a6c6013ca	157	if (fp_cmp_mag (a, b) != FP_LT) {
wolfSSL	13:f67a6c6013ca	158	/* Copy the sign from the first */
wolfSSL	13:f67a6c6013ca	159	c->sign = sa;
wolfSSL	13:f67a6c6013ca	160	/* The first has a larger or equal magnitude */
wolfSSL	13:f67a6c6013ca	161	s_fp_sub (a, b, c);
wolfSSL	13:f67a6c6013ca	162	} else {
wolfSSL	13:f67a6c6013ca	163	/* The result has the opposite sign from */
wolfSSL	13:f67a6c6013ca	164	/* the first number. */
wolfSSL	13:f67a6c6013ca	165	c->sign = (sa == FP_ZPOS) ? FP_NEG : FP_ZPOS;
wolfSSL	13:f67a6c6013ca	166	/* The second has a larger magnitude */
wolfSSL	13:f67a6c6013ca	167	s_fp_sub (b, a, c);
wolfSSL	13:f67a6c6013ca	168	}
wolfSSL	13:f67a6c6013ca	169	}
wolfSSL	13:f67a6c6013ca	170	}
wolfSSL	13:f67a6c6013ca	171
wolfSSL	13:f67a6c6013ca	172	/* unsigned subtraction \|\|a\|\| >= \|\|b\|\| ALWAYS! */
wolfSSL	13:f67a6c6013ca	173	void s_fp_sub(fp_int a, fp_int b, fp_int *c)
wolfSSL	13:f67a6c6013ca	174	{
wolfSSL	13:f67a6c6013ca	175	int x, oldbused, oldused;
wolfSSL	13:f67a6c6013ca	176	fp_word t;
wolfSSL	13:f67a6c6013ca	177
wolfSSL	13:f67a6c6013ca	178	oldused = c->used;
wolfSSL	13:f67a6c6013ca	179	oldbused = b->used;
wolfSSL	13:f67a6c6013ca	180	c->used = a->used;
wolfSSL	13:f67a6c6013ca	181	t = 0;
wolfSSL	13:f67a6c6013ca	182	for (x = 0; x < oldbused; x++) {
wolfSSL	13:f67a6c6013ca	183	t = ((fp_word)a->dp[x]) - (((fp_word)b->dp[x]) + t);
wolfSSL	13:f67a6c6013ca	184	c->dp[x] = (fp_digit)t;
wolfSSL	13:f67a6c6013ca	185	t = (t >> DIGIT_BIT)&1;
wolfSSL	13:f67a6c6013ca	186	}
wolfSSL	13:f67a6c6013ca	187	for (; x < a->used; x++) {
wolfSSL	13:f67a6c6013ca	188	t = ((fp_word)a->dp[x]) - t;
wolfSSL	13:f67a6c6013ca	189	c->dp[x] = (fp_digit)t;
wolfSSL	13:f67a6c6013ca	190	t = (t >> DIGIT_BIT)&1;
wolfSSL	13:f67a6c6013ca	191	}
wolfSSL	13:f67a6c6013ca	192
wolfSSL	13:f67a6c6013ca	193	/* zero any excess digits on the destination that we didn't write to */
wolfSSL	13:f67a6c6013ca	194	for (; x < oldused; x++) {
wolfSSL	13:f67a6c6013ca	195	c->dp[x] = 0;
wolfSSL	13:f67a6c6013ca	196	}
wolfSSL	13:f67a6c6013ca	197	fp_clamp(c);
wolfSSL	13:f67a6c6013ca	198	}
wolfSSL	13:f67a6c6013ca	199
wolfSSL	13:f67a6c6013ca	200	/* c = a * b */
wolfSSL	13:f67a6c6013ca	201	void fp_mul(fp_int A, fp_int B, fp_int *C)
wolfSSL	13:f67a6c6013ca	202	{
wolfSSL	13:f67a6c6013ca	203	int y, yy, oldused;
wolfSSL	13:f67a6c6013ca	204
wolfSSL	13:f67a6c6013ca	205	oldused = C->used;
wolfSSL	13:f67a6c6013ca	206
wolfSSL	13:f67a6c6013ca	207	y = MAX(A->used, B->used);
wolfSSL	13:f67a6c6013ca	208	yy = MIN(A->used, B->used);
wolfSSL	13:f67a6c6013ca	209
wolfSSL	13:f67a6c6013ca	210	/* call generic if we're out of range */
wolfSSL	13:f67a6c6013ca	211	if (y + yy > FP_SIZE) {
wolfSSL	13:f67a6c6013ca	212	fp_mul_comba(A, B, C);
wolfSSL	13:f67a6c6013ca	213	goto clean;
wolfSSL	13:f67a6c6013ca	214	}
wolfSSL	13:f67a6c6013ca	215
wolfSSL	13:f67a6c6013ca	216	/* pick a comba (unrolled 4/8/16/32 x or rolled) based on the size
wolfSSL	13:f67a6c6013ca	217	of the largest input. We also want to avoid doing excess mults if the
wolfSSL	13:f67a6c6013ca	218	inputs are not close to the next power of two. That is, for example,
wolfSSL	13:f67a6c6013ca	219	if say y=17 then we would do (32-17)^2 = 225 unneeded multiplications
wolfSSL	13:f67a6c6013ca	220	*/
wolfSSL	13:f67a6c6013ca	221
wolfSSL	13:f67a6c6013ca	222	#if defined(TFM_MUL3) && FP_SIZE >= 6
wolfSSL	13:f67a6c6013ca	223	if (y <= 3) {
wolfSSL	13:f67a6c6013ca	224	fp_mul_comba3(A,B,C);
wolfSSL	13:f67a6c6013ca	225	goto clean;
wolfSSL	13:f67a6c6013ca	226	}
wolfSSL	13:f67a6c6013ca	227	#endif
wolfSSL	13:f67a6c6013ca	228	#if defined(TFM_MUL4) && FP_SIZE >= 8
wolfSSL	13:f67a6c6013ca	229	if (y == 4) {
wolfSSL	13:f67a6c6013ca	230	fp_mul_comba4(A,B,C);
wolfSSL	13:f67a6c6013ca	231	goto clean;
wolfSSL	13:f67a6c6013ca	232	}
wolfSSL	13:f67a6c6013ca	233	#endif
wolfSSL	13:f67a6c6013ca	234	#if defined(TFM_MUL6) && FP_SIZE >= 12
wolfSSL	13:f67a6c6013ca	235	if (y <= 6) {
wolfSSL	13:f67a6c6013ca	236	fp_mul_comba6(A,B,C);
wolfSSL	13:f67a6c6013ca	237	goto clean;
wolfSSL	13:f67a6c6013ca	238	}
wolfSSL	13:f67a6c6013ca	239	#endif
wolfSSL	13:f67a6c6013ca	240	#if defined(TFM_MUL7) && FP_SIZE >= 14
wolfSSL	13:f67a6c6013ca	241	if (y == 7) {
wolfSSL	13:f67a6c6013ca	242	fp_mul_comba7(A,B,C);
wolfSSL	13:f67a6c6013ca	243	goto clean;
wolfSSL	13:f67a6c6013ca	244	}
wolfSSL	13:f67a6c6013ca	245	#endif
wolfSSL	13:f67a6c6013ca	246	#if defined(TFM_MUL8) && FP_SIZE >= 16
wolfSSL	13:f67a6c6013ca	247	if (y == 8) {
wolfSSL	13:f67a6c6013ca	248	fp_mul_comba8(A,B,C);
wolfSSL	13:f67a6c6013ca	249	goto clean;
wolfSSL	13:f67a6c6013ca	250	}
wolfSSL	13:f67a6c6013ca	251	#endif
wolfSSL	13:f67a6c6013ca	252	#if defined(TFM_MUL9) && FP_SIZE >= 18
wolfSSL	13:f67a6c6013ca	253	if (y == 9) {
wolfSSL	13:f67a6c6013ca	254	fp_mul_comba9(A,B,C);
wolfSSL	13:f67a6c6013ca	255	goto clean;
wolfSSL	13:f67a6c6013ca	256	}
wolfSSL	13:f67a6c6013ca	257	#endif
wolfSSL	13:f67a6c6013ca	258	#if defined(TFM_MUL12) && FP_SIZE >= 24
wolfSSL	13:f67a6c6013ca	259	if (y <= 12) {
wolfSSL	13:f67a6c6013ca	260	fp_mul_comba12(A,B,C);
wolfSSL	13:f67a6c6013ca	261	goto clean;
wolfSSL	13:f67a6c6013ca	262	}
wolfSSL	13:f67a6c6013ca	263	#endif
wolfSSL	13:f67a6c6013ca	264	#if defined(TFM_MUL17) && FP_SIZE >= 34
wolfSSL	13:f67a6c6013ca	265	if (y <= 17) {
wolfSSL	13:f67a6c6013ca	266	fp_mul_comba17(A,B,C);
wolfSSL	13:f67a6c6013ca	267	goto clean;
wolfSSL	13:f67a6c6013ca	268	}
wolfSSL	13:f67a6c6013ca	269	#endif
wolfSSL	13:f67a6c6013ca	270
wolfSSL	13:f67a6c6013ca	271	#if defined(TFM_SMALL_SET) && FP_SIZE >= 32
wolfSSL	13:f67a6c6013ca	272	if (y <= 16) {
wolfSSL	13:f67a6c6013ca	273	fp_mul_comba_small(A,B,C);
wolfSSL	13:f67a6c6013ca	274	goto clean;
wolfSSL	13:f67a6c6013ca	275	}
wolfSSL	13:f67a6c6013ca	276	#endif
wolfSSL	13:f67a6c6013ca	277	#if defined(TFM_MUL20) && FP_SIZE >= 40
wolfSSL	13:f67a6c6013ca	278	if (y <= 20) {
wolfSSL	13:f67a6c6013ca	279	fp_mul_comba20(A,B,C);
wolfSSL	13:f67a6c6013ca	280	goto clean;
wolfSSL	13:f67a6c6013ca	281	}
wolfSSL	13:f67a6c6013ca	282	#endif
wolfSSL	13:f67a6c6013ca	283	#if defined(TFM_MUL24) && FP_SIZE >= 48
wolfSSL	13:f67a6c6013ca	284	if (yy >= 16 && y <= 24) {
wolfSSL	13:f67a6c6013ca	285	fp_mul_comba24(A,B,C);
wolfSSL	13:f67a6c6013ca	286	goto clean;
wolfSSL	13:f67a6c6013ca	287	}
wolfSSL	13:f67a6c6013ca	288	#endif
wolfSSL	13:f67a6c6013ca	289	#if defined(TFM_MUL28) && FP_SIZE >= 56
wolfSSL	13:f67a6c6013ca	290	if (yy >= 20 && y <= 28) {
wolfSSL	13:f67a6c6013ca	291	fp_mul_comba28(A,B,C);
wolfSSL	13:f67a6c6013ca	292	goto clean;
wolfSSL	13:f67a6c6013ca	293	}
wolfSSL	13:f67a6c6013ca	294	#endif
wolfSSL	13:f67a6c6013ca	295	#if defined(TFM_MUL32) && FP_SIZE >= 64
wolfSSL	13:f67a6c6013ca	296	if (yy >= 24 && y <= 32) {
wolfSSL	13:f67a6c6013ca	297	fp_mul_comba32(A,B,C);
wolfSSL	13:f67a6c6013ca	298	goto clean;
wolfSSL	13:f67a6c6013ca	299	}
wolfSSL	13:f67a6c6013ca	300	#endif
wolfSSL	13:f67a6c6013ca	301	#if defined(TFM_MUL48) && FP_SIZE >= 96
wolfSSL	13:f67a6c6013ca	302	if (yy >= 40 && y <= 48) {
wolfSSL	13:f67a6c6013ca	303	fp_mul_comba48(A,B,C);
wolfSSL	13:f67a6c6013ca	304	goto clean;
wolfSSL	13:f67a6c6013ca	305	}
wolfSSL	13:f67a6c6013ca	306	#endif
wolfSSL	13:f67a6c6013ca	307	#if defined(TFM_MUL64) && FP_SIZE >= 128
wolfSSL	13:f67a6c6013ca	308	if (yy >= 56 && y <= 64) {
wolfSSL	13:f67a6c6013ca	309	fp_mul_comba64(A,B,C);
wolfSSL	13:f67a6c6013ca	310	goto clean;
wolfSSL	13:f67a6c6013ca	311	}
wolfSSL	13:f67a6c6013ca	312	#endif
wolfSSL	13:f67a6c6013ca	313	fp_mul_comba(A,B,C);
wolfSSL	13:f67a6c6013ca	314
wolfSSL	13:f67a6c6013ca	315	clean:
wolfSSL	13:f67a6c6013ca	316	/* zero any excess digits on the destination that we didn't write to */
wolfSSL	13:f67a6c6013ca	317	for (y = C->used; y >= 0 && y < oldused; y++) {
wolfSSL	13:f67a6c6013ca	318	C->dp[y] = 0;
wolfSSL	13:f67a6c6013ca	319	}
wolfSSL	13:f67a6c6013ca	320	}
wolfSSL	13:f67a6c6013ca	321
wolfSSL	13:f67a6c6013ca	322	void fp_mul_2(fp_int * a, fp_int * b)
wolfSSL	13:f67a6c6013ca	323	{
wolfSSL	13:f67a6c6013ca	324	int x, oldused;
wolfSSL	13:f67a6c6013ca	325
wolfSSL	13:f67a6c6013ca	326	oldused = b->used;
wolfSSL	13:f67a6c6013ca	327	b->used = a->used;
wolfSSL	13:f67a6c6013ca	328
wolfSSL	13:f67a6c6013ca	329	{
wolfSSL	13:f67a6c6013ca	330	fp_digit r, rr, tmpa, tmpb;
wolfSSL	13:f67a6c6013ca	331
wolfSSL	13:f67a6c6013ca	332	/* alias for source */
wolfSSL	13:f67a6c6013ca	333	tmpa = a->dp;
wolfSSL	13:f67a6c6013ca	334
wolfSSL	13:f67a6c6013ca	335	/* alias for dest */
wolfSSL	13:f67a6c6013ca	336	tmpb = b->dp;
wolfSSL	13:f67a6c6013ca	337
wolfSSL	13:f67a6c6013ca	338	/* carry */
wolfSSL	13:f67a6c6013ca	339	r = 0;
wolfSSL	13:f67a6c6013ca	340	for (x = 0; x < a->used; x++) {
wolfSSL	13:f67a6c6013ca	341
wolfSSL	13:f67a6c6013ca	342	/* get what will be the next carry bit from the
wolfSSL	13:f67a6c6013ca	343	* MSB of the current digit
wolfSSL	13:f67a6c6013ca	344	*/
wolfSSL	13:f67a6c6013ca	345	rr = *tmpa >> ((fp_digit)(DIGIT_BIT - 1));
wolfSSL	13:f67a6c6013ca	346
wolfSSL	13:f67a6c6013ca	347	/* now shift up this digit, add in the carry [from the previous] */
wolfSSL	13:f67a6c6013ca	348	tmpb++ = ((tmpa++ << ((fp_digit)1)) \| r);
wolfSSL	13:f67a6c6013ca	349
wolfSSL	13:f67a6c6013ca	350	/* copy the carry that would be from the source
wolfSSL	13:f67a6c6013ca	351	* digit into the next iteration
wolfSSL	13:f67a6c6013ca	352	*/
wolfSSL	13:f67a6c6013ca	353	r = rr;
wolfSSL	13:f67a6c6013ca	354	}
wolfSSL	13:f67a6c6013ca	355
wolfSSL	13:f67a6c6013ca	356	/* new leading digit? */
wolfSSL	13:f67a6c6013ca	357	if (r != 0 && b->used != (FP_SIZE-1)) {
wolfSSL	13:f67a6c6013ca	358	/* add a MSB which is always 1 at this point */
wolfSSL	13:f67a6c6013ca	359	*tmpb = 1;
wolfSSL	13:f67a6c6013ca	360	++(b->used);
wolfSSL	13:f67a6c6013ca	361	}
wolfSSL	13:f67a6c6013ca	362
wolfSSL	13:f67a6c6013ca	363	/* zero any excess digits on the destination that we didn't write to */
wolfSSL	13:f67a6c6013ca	364	tmpb = b->dp + b->used;
wolfSSL	13:f67a6c6013ca	365	for (x = b->used; x < oldused; x++) {
wolfSSL	13:f67a6c6013ca	366	*tmpb++ = 0;
wolfSSL	13:f67a6c6013ca	367	}
wolfSSL	13:f67a6c6013ca	368	}
wolfSSL	13:f67a6c6013ca	369	b->sign = a->sign;
wolfSSL	13:f67a6c6013ca	370	}
wolfSSL	13:f67a6c6013ca	371
wolfSSL	13:f67a6c6013ca	372	/* c = a * b */
wolfSSL	13:f67a6c6013ca	373	void fp_mul_d(fp_int a, fp_digit b, fp_int c)
wolfSSL	13:f67a6c6013ca	374	{
wolfSSL	13:f67a6c6013ca	375	fp_word w;
wolfSSL	13:f67a6c6013ca	376	int x, oldused;
wolfSSL	13:f67a6c6013ca	377
wolfSSL	13:f67a6c6013ca	378	oldused = c->used;
wolfSSL	13:f67a6c6013ca	379	c->used = a->used;
wolfSSL	13:f67a6c6013ca	380	c->sign = a->sign;
wolfSSL	13:f67a6c6013ca	381	w = 0;
wolfSSL	13:f67a6c6013ca	382	for (x = 0; x < a->used; x++) {
wolfSSL	13:f67a6c6013ca	383	w = ((fp_word)a->dp[x]) * ((fp_word)b) + w;
wolfSSL	13:f67a6c6013ca	384	c->dp[x] = (fp_digit)w;
wolfSSL	13:f67a6c6013ca	385	w = w >> DIGIT_BIT;
wolfSSL	13:f67a6c6013ca	386	}
wolfSSL	13:f67a6c6013ca	387	if (w != 0 && (a->used != FP_SIZE)) {
wolfSSL	13:f67a6c6013ca	388	c->dp[c->used++] = (fp_digit) w;
wolfSSL	13:f67a6c6013ca	389	++x;
wolfSSL	13:f67a6c6013ca	390	}
wolfSSL	13:f67a6c6013ca	391
wolfSSL	13:f67a6c6013ca	392	/* zero any excess digits on the destination that we didn't write to */
wolfSSL	13:f67a6c6013ca	393	for (; x < oldused; x++) {
wolfSSL	13:f67a6c6013ca	394	c->dp[x] = 0;
wolfSSL	13:f67a6c6013ca	395	}
wolfSSL	13:f67a6c6013ca	396	fp_clamp(c);
wolfSSL	13:f67a6c6013ca	397	}
wolfSSL	13:f67a6c6013ca	398
wolfSSL	13:f67a6c6013ca	399	/* c = a * 2*d /
wolfSSL	13:f67a6c6013ca	400	void fp_mul_2d(fp_int a, int b, fp_int c)
wolfSSL	13:f67a6c6013ca	401	{
wolfSSL	13:f67a6c6013ca	402	fp_digit carry, carrytmp, shift;
wolfSSL	13:f67a6c6013ca	403	int x;
wolfSSL	13:f67a6c6013ca	404
wolfSSL	13:f67a6c6013ca	405	/* copy it */
wolfSSL	13:f67a6c6013ca	406	fp_copy(a, c);
wolfSSL	13:f67a6c6013ca	407
wolfSSL	13:f67a6c6013ca	408	/* handle whole digits */
wolfSSL	13:f67a6c6013ca	409	if (b >= DIGIT_BIT) {
wolfSSL	13:f67a6c6013ca	410	fp_lshd(c, b/DIGIT_BIT);
wolfSSL	13:f67a6c6013ca	411	}
wolfSSL	13:f67a6c6013ca	412	b %= DIGIT_BIT;
wolfSSL	13:f67a6c6013ca	413
wolfSSL	13:f67a6c6013ca	414	/* shift the digits */
wolfSSL	13:f67a6c6013ca	415	if (b != 0) {
wolfSSL	13:f67a6c6013ca	416	carry = 0;
wolfSSL	13:f67a6c6013ca	417	shift = DIGIT_BIT - b;
wolfSSL	13:f67a6c6013ca	418	for (x = 0; x < c->used; x++) {
wolfSSL	13:f67a6c6013ca	419	carrytmp = c->dp[x] >> shift;
wolfSSL	13:f67a6c6013ca	420	c->dp[x] = (c->dp[x] << b) + carry;
wolfSSL	13:f67a6c6013ca	421	carry = carrytmp;
wolfSSL	13:f67a6c6013ca	422	}
wolfSSL	13:f67a6c6013ca	423	/* store last carry if room */
wolfSSL	13:f67a6c6013ca	424	if (carry && x < FP_SIZE) {
wolfSSL	13:f67a6c6013ca	425	c->dp[c->used++] = carry;
wolfSSL	13:f67a6c6013ca	426	}
wolfSSL	13:f67a6c6013ca	427	}
wolfSSL	13:f67a6c6013ca	428	fp_clamp(c);
wolfSSL	13:f67a6c6013ca	429	}
wolfSSL	13:f67a6c6013ca	430
wolfSSL	13:f67a6c6013ca	431	/* generic PxQ multiplier */
wolfSSL	13:f67a6c6013ca	432	#if defined(HAVE_INTEL_MULX)
wolfSSL	13:f67a6c6013ca	433
wolfSSL	13:f67a6c6013ca	434	INLINE static void fp_mul_comba_mulx(fp_int A, fp_int B, fp_int *C)
wolfSSL	13:f67a6c6013ca	435
wolfSSL	13:f67a6c6013ca	436	{
wolfSSL	13:f67a6c6013ca	437	int ix, iy, iz, pa;
wolfSSL	13:f67a6c6013ca	438	fp_int tmp, *dst;
wolfSSL	13:f67a6c6013ca	439
wolfSSL	13:f67a6c6013ca	440	/* get size of output and trim */
wolfSSL	13:f67a6c6013ca	441	pa = A->used + B->used;
wolfSSL	13:f67a6c6013ca	442	if (pa >= FP_SIZE) {
wolfSSL	13:f67a6c6013ca	443	pa = FP_SIZE-1;
wolfSSL	13:f67a6c6013ca	444	}
wolfSSL	13:f67a6c6013ca	445
wolfSSL	13:f67a6c6013ca	446	/* Always take branch to use tmp variable. This avoids a cache attack for
wolfSSL	13:f67a6c6013ca	447	* determining if C equals A */
wolfSSL	13:f67a6c6013ca	448	if (1) {
wolfSSL	13:f67a6c6013ca	449	fp_init(&tmp);
wolfSSL	13:f67a6c6013ca	450	dst = &tmp;
wolfSSL	13:f67a6c6013ca	451	}
wolfSSL	13:f67a6c6013ca	452
wolfSSL	13:f67a6c6013ca	453	TFM_INTEL_MUL_COMBA(A, B, dst) ;
wolfSSL	13:f67a6c6013ca	454
wolfSSL	13:f67a6c6013ca	455	dst->used = pa;
wolfSSL	13:f67a6c6013ca	456	dst->sign = A->sign ^ B->sign;
wolfSSL	13:f67a6c6013ca	457	fp_clamp(dst);
wolfSSL	13:f67a6c6013ca	458	fp_copy(dst, C);
wolfSSL	13:f67a6c6013ca	459	}
wolfSSL	13:f67a6c6013ca	460	#endif
wolfSSL	13:f67a6c6013ca	461
wolfSSL	13:f67a6c6013ca	462	void fp_mul_comba(fp_int A, fp_int B, fp_int *C)
wolfSSL	13:f67a6c6013ca	463	{
wolfSSL	13:f67a6c6013ca	464	int ix, iy, iz, tx, ty, pa;
wolfSSL	13:f67a6c6013ca	465	fp_digit c0, c1, c2, tmpx, tmpy;
wolfSSL	13:f67a6c6013ca	466	fp_int tmp, *dst;
wolfSSL	13:f67a6c6013ca	467
wolfSSL	13:f67a6c6013ca	468	IF_HAVE_INTEL_MULX(fp_mul_comba_mulx(A, B, C), return) ;
wolfSSL	13:f67a6c6013ca	469
wolfSSL	13:f67a6c6013ca	470	COMBA_START;
wolfSSL	13:f67a6c6013ca	471	COMBA_CLEAR;
wolfSSL	13:f67a6c6013ca	472
wolfSSL	13:f67a6c6013ca	473	/* get size of output and trim */
wolfSSL	13:f67a6c6013ca	474	pa = A->used + B->used;
wolfSSL	13:f67a6c6013ca	475	if (pa >= FP_SIZE) {
wolfSSL	13:f67a6c6013ca	476	pa = FP_SIZE-1;
wolfSSL	13:f67a6c6013ca	477	}
wolfSSL	13:f67a6c6013ca	478
wolfSSL	13:f67a6c6013ca	479	/* Always take branch to use tmp variable. This avoids a cache attack for
wolfSSL	13:f67a6c6013ca	480	* determining if C equals A */
wolfSSL	13:f67a6c6013ca	481	if (1) {
wolfSSL	13:f67a6c6013ca	482	fp_init(&tmp);
wolfSSL	13:f67a6c6013ca	483	dst = &tmp;
wolfSSL	13:f67a6c6013ca	484	}
wolfSSL	13:f67a6c6013ca	485
wolfSSL	13:f67a6c6013ca	486	for (ix = 0; ix < pa; ix++) {
wolfSSL	13:f67a6c6013ca	487	/* get offsets into the two bignums */
wolfSSL	13:f67a6c6013ca	488	ty = MIN(ix, B->used-1);
wolfSSL	13:f67a6c6013ca	489	tx = ix - ty;
wolfSSL	13:f67a6c6013ca	490
wolfSSL	13:f67a6c6013ca	491	/* setup temp aliases */
wolfSSL	13:f67a6c6013ca	492	tmpx = A->dp + tx;
wolfSSL	13:f67a6c6013ca	493	tmpy = B->dp + ty;
wolfSSL	13:f67a6c6013ca	494
wolfSSL	13:f67a6c6013ca	495	/* this is the number of times the loop will iterate, essentially its
wolfSSL	13:f67a6c6013ca	496	while (tx++ < a->used && ty-- >= 0) { ... }
wolfSSL	13:f67a6c6013ca	497	*/
wolfSSL	13:f67a6c6013ca	498	iy = MIN(A->used-tx, ty+1);
wolfSSL	13:f67a6c6013ca	499
wolfSSL	13:f67a6c6013ca	500	/* execute loop */
wolfSSL	13:f67a6c6013ca	501	COMBA_FORWARD;
wolfSSL	13:f67a6c6013ca	502	for (iz = 0; iz < iy; ++iz) {
wolfSSL	13:f67a6c6013ca	503	fp_digit _tmpx = *tmpx++;
wolfSSL	13:f67a6c6013ca	504	fp_digit _tmpy = *tmpy--;
wolfSSL	13:f67a6c6013ca	505	MULADD(_tmpx, _tmpy);
wolfSSL	13:f67a6c6013ca	506	}
wolfSSL	13:f67a6c6013ca	507
wolfSSL	13:f67a6c6013ca	508	/* store term */
wolfSSL	13:f67a6c6013ca	509	COMBA_STORE(dst->dp[ix]);
wolfSSL	13:f67a6c6013ca	510	}
wolfSSL	13:f67a6c6013ca	511	COMBA_FINI;
wolfSSL	13:f67a6c6013ca	512
wolfSSL	13:f67a6c6013ca	513	dst->used = pa;
wolfSSL	13:f67a6c6013ca	514	dst->sign = A->sign ^ B->sign;
wolfSSL	13:f67a6c6013ca	515	fp_clamp(dst);
wolfSSL	13:f67a6c6013ca	516	fp_copy(dst, C);
wolfSSL	13:f67a6c6013ca	517	}
wolfSSL	13:f67a6c6013ca	518
wolfSSL	13:f67a6c6013ca	519	/* a/b => cb + d == a */
wolfSSL	13:f67a6c6013ca	520	int fp_div(fp_int a, fp_int b, fp_int c, fp_int d)
wolfSSL	13:f67a6c6013ca	521	{
wolfSSL	13:f67a6c6013ca	522	fp_int q, x, y, t1, t2;
wolfSSL	13:f67a6c6013ca	523	int n, t, i, norm, neg;
wolfSSL	13:f67a6c6013ca	524
wolfSSL	13:f67a6c6013ca	525	/* is divisor zero ? */
wolfSSL	13:f67a6c6013ca	526	if (fp_iszero (b) == FP_YES) {
wolfSSL	13:f67a6c6013ca	527	return FP_VAL;
wolfSSL	13:f67a6c6013ca	528	}
wolfSSL	13:f67a6c6013ca	529
wolfSSL	13:f67a6c6013ca	530	/* if a < b then q=0, r = a */
wolfSSL	13:f67a6c6013ca	531	if (fp_cmp_mag (a, b) == FP_LT) {
wolfSSL	13:f67a6c6013ca	532	if (d != NULL) {
wolfSSL	13:f67a6c6013ca	533	fp_copy (a, d);
wolfSSL	13:f67a6c6013ca	534	}
wolfSSL	13:f67a6c6013ca	535	if (c != NULL) {
wolfSSL	13:f67a6c6013ca	536	fp_zero (c);
wolfSSL	13:f67a6c6013ca	537	}
wolfSSL	13:f67a6c6013ca	538	return FP_OKAY;
wolfSSL	13:f67a6c6013ca	539	}
wolfSSL	13:f67a6c6013ca	540
wolfSSL	13:f67a6c6013ca	541	fp_init(&q);
wolfSSL	13:f67a6c6013ca	542	q.used = a->used + 2;
wolfSSL	13:f67a6c6013ca	543
wolfSSL	13:f67a6c6013ca	544	fp_init(&t1);
wolfSSL	13:f67a6c6013ca	545	fp_init(&t2);
wolfSSL	13:f67a6c6013ca	546	fp_init_copy(&x, a);
wolfSSL	13:f67a6c6013ca	547	fp_init_copy(&y, b);
wolfSSL	13:f67a6c6013ca	548
wolfSSL	13:f67a6c6013ca	549	/* fix the sign */
wolfSSL	13:f67a6c6013ca	550	neg = (a->sign == b->sign) ? FP_ZPOS : FP_NEG;
wolfSSL	13:f67a6c6013ca	551	x.sign = y.sign = FP_ZPOS;
wolfSSL	13:f67a6c6013ca	552
wolfSSL	13:f67a6c6013ca	553	/* normalize both x and y, ensure that y >= b/2, [b == 2*DIGIT_BIT] /
wolfSSL	13:f67a6c6013ca	554	norm = fp_count_bits(&y) % DIGIT_BIT;
wolfSSL	13:f67a6c6013ca	555	if (norm < (int)(DIGIT_BIT-1)) {
wolfSSL	13:f67a6c6013ca	556	norm = (DIGIT_BIT-1) - norm;
wolfSSL	13:f67a6c6013ca	557	fp_mul_2d (&x, norm, &x);
wolfSSL	13:f67a6c6013ca	558	fp_mul_2d (&y, norm, &y);
wolfSSL	13:f67a6c6013ca	559	} else {
wolfSSL	13:f67a6c6013ca	560	norm = 0;
wolfSSL	13:f67a6c6013ca	561	}
wolfSSL	13:f67a6c6013ca	562
wolfSSL	13:f67a6c6013ca	563	/* note hac does 0 based, so if used==5 then its 0,1,2,3,4, e.g. use 4 */
wolfSSL	13:f67a6c6013ca	564	n = x.used - 1;
wolfSSL	13:f67a6c6013ca	565	t = y.used - 1;
wolfSSL	13:f67a6c6013ca	566
wolfSSL	13:f67a6c6013ca	567	/* while (x >= ybn-t) do { q[n-t] += 1; x -= yb*{n-t} } /
wolfSSL	13:f67a6c6013ca	568	fp_lshd (&y, n - t); /* y = yb{n-t} /
wolfSSL	13:f67a6c6013ca	569
wolfSSL	13:f67a6c6013ca	570	while (fp_cmp (&x, &y) != FP_LT) {
wolfSSL	13:f67a6c6013ca	571	++(q.dp[n - t]);
wolfSSL	13:f67a6c6013ca	572	fp_sub (&x, &y, &x);
wolfSSL	13:f67a6c6013ca	573	}
wolfSSL	13:f67a6c6013ca	574
wolfSSL	13:f67a6c6013ca	575	/* reset y by shifting it back down */
wolfSSL	13:f67a6c6013ca	576	fp_rshd (&y, n - t);
wolfSSL	13:f67a6c6013ca	577
wolfSSL	13:f67a6c6013ca	578	/* step 3. for i from n down to (t + 1) */
wolfSSL	13:f67a6c6013ca	579	for (i = n; i >= (t + 1); i--) {
wolfSSL	13:f67a6c6013ca	580	if (i > x.used) {
wolfSSL	13:f67a6c6013ca	581	continue;
wolfSSL	13:f67a6c6013ca	582	}
wolfSSL	13:f67a6c6013ca	583
wolfSSL	13:f67a6c6013ca	584	/* step 3.1 if xi == yt then set q{i-t-1} to b-1,
wolfSSL	13:f67a6c6013ca	585	* otherwise set q{i-t-1} to (xib + x{i-1})/yt /
wolfSSL	13:f67a6c6013ca	586	if (x.dp[i] == y.dp[t]) {
wolfSSL	13:f67a6c6013ca	587	q.dp[i - t - 1] = (fp_digit) ((((fp_word)1) << DIGIT_BIT) - 1);
wolfSSL	13:f67a6c6013ca	588	} else {
wolfSSL	13:f67a6c6013ca	589	fp_word tmp;
wolfSSL	13:f67a6c6013ca	590	tmp = ((fp_word) x.dp[i]) << ((fp_word) DIGIT_BIT);
wolfSSL	13:f67a6c6013ca	591	tmp \|= ((fp_word) x.dp[i - 1]);
wolfSSL	13:f67a6c6013ca	592	tmp /= ((fp_word)y.dp[t]);
wolfSSL	13:f67a6c6013ca	593	q.dp[i - t - 1] = (fp_digit) (tmp);
wolfSSL	13:f67a6c6013ca	594	}
wolfSSL	13:f67a6c6013ca	595
wolfSSL	13:f67a6c6013ca	596	/* while (q{i-t-1} * (yt * b + y{t-1})) >
wolfSSL	13:f67a6c6013ca	597	xi * b*2 + xi-1 b + xi-2
wolfSSL	13:f67a6c6013ca	598
wolfSSL	13:f67a6c6013ca	599	do q{i-t-1} -= 1;
wolfSSL	13:f67a6c6013ca	600	*/
wolfSSL	13:f67a6c6013ca	601	q.dp[i - t - 1] = (q.dp[i - t - 1] + 1);
wolfSSL	13:f67a6c6013ca	602	do {
wolfSSL	13:f67a6c6013ca	603	q.dp[i - t - 1] = (q.dp[i - t - 1] - 1);
wolfSSL	13:f67a6c6013ca	604
wolfSSL	13:f67a6c6013ca	605	/* find left hand */
wolfSSL	13:f67a6c6013ca	606	fp_zero (&t1);
wolfSSL	13:f67a6c6013ca	607	t1.dp[0] = (t - 1 < 0) ? 0 : y.dp[t - 1];
wolfSSL	13:f67a6c6013ca	608	t1.dp[1] = y.dp[t];
wolfSSL	13:f67a6c6013ca	609	t1.used = 2;
wolfSSL	13:f67a6c6013ca	610	fp_mul_d (&t1, q.dp[i - t - 1], &t1);
wolfSSL	13:f67a6c6013ca	611
wolfSSL	13:f67a6c6013ca	612	/* find right hand */
wolfSSL	13:f67a6c6013ca	613	t2.dp[0] = (i - 2 < 0) ? 0 : x.dp[i - 2];
wolfSSL	13:f67a6c6013ca	614	t2.dp[1] = (i - 1 < 0) ? 0 : x.dp[i - 1];
wolfSSL	13:f67a6c6013ca	615	t2.dp[2] = x.dp[i];
wolfSSL	13:f67a6c6013ca	616	t2.used = 3;
wolfSSL	13:f67a6c6013ca	617	} while (fp_cmp_mag(&t1, &t2) == FP_GT);
wolfSSL	13:f67a6c6013ca	618
wolfSSL	13:f67a6c6013ca	619	/* step 3.3 x = x - q{i-t-1} * y * b*{i-t-1} /
wolfSSL	13:f67a6c6013ca	620	fp_mul_d (&y, q.dp[i - t - 1], &t1);
wolfSSL	13:f67a6c6013ca	621	fp_lshd (&t1, i - t - 1);
wolfSSL	13:f67a6c6013ca	622	fp_sub (&x, &t1, &x);
wolfSSL	13:f67a6c6013ca	623
wolfSSL	13:f67a6c6013ca	624	/* if x < 0 then { x = x + yb{i-t-1}; q{i-t-1} -= 1; } /
wolfSSL	13:f67a6c6013ca	625	if (x.sign == FP_NEG) {
wolfSSL	13:f67a6c6013ca	626	fp_copy (&y, &t1);
wolfSSL	13:f67a6c6013ca	627	fp_lshd (&t1, i - t - 1);
wolfSSL	13:f67a6c6013ca	628	fp_add (&x, &t1, &x);
wolfSSL	13:f67a6c6013ca	629	q.dp[i - t - 1] = q.dp[i - t - 1] - 1;
wolfSSL	13:f67a6c6013ca	630	}
wolfSSL	13:f67a6c6013ca	631	}
wolfSSL	13:f67a6c6013ca	632
wolfSSL	13:f67a6c6013ca	633	/* now q is the quotient and x is the remainder
wolfSSL	13:f67a6c6013ca	634	* [which we have to normalize]
wolfSSL	13:f67a6c6013ca	635	*/
wolfSSL	13:f67a6c6013ca	636
wolfSSL	13:f67a6c6013ca	637	/* get sign before writing to c */
wolfSSL	13:f67a6c6013ca	638	x.sign = x.used == 0 ? FP_ZPOS : a->sign;
wolfSSL	13:f67a6c6013ca	639
wolfSSL	13:f67a6c6013ca	640	if (c != NULL) {
wolfSSL	13:f67a6c6013ca	641	fp_clamp (&q);
wolfSSL	13:f67a6c6013ca	642	fp_copy (&q, c);
wolfSSL	13:f67a6c6013ca	643	c->sign = neg;
wolfSSL	13:f67a6c6013ca	644	}
wolfSSL	13:f67a6c6013ca	645
wolfSSL	13:f67a6c6013ca	646	if (d != NULL) {
wolfSSL	13:f67a6c6013ca	647	fp_div_2d (&x, norm, &x, NULL);
wolfSSL	13:f67a6c6013ca	648
wolfSSL	13:f67a6c6013ca	649	/* zero any excess digits on the destination that we didn't write to */
wolfSSL	13:f67a6c6013ca	650	for (i = b->used; i < x.used; i++) {
wolfSSL	13:f67a6c6013ca	651	x.dp[i] = 0;
wolfSSL	13:f67a6c6013ca	652	}
wolfSSL	13:f67a6c6013ca	653	fp_clamp(&x);
wolfSSL	13:f67a6c6013ca	654	fp_copy (&x, d);
wolfSSL	13:f67a6c6013ca	655	}
wolfSSL	13:f67a6c6013ca	656
wolfSSL	13:f67a6c6013ca	657	return FP_OKAY;
wolfSSL	13:f67a6c6013ca	658	}
wolfSSL	13:f67a6c6013ca	659
wolfSSL	13:f67a6c6013ca	660	/* b = a/2 */
wolfSSL	13:f67a6c6013ca	661	void fp_div_2(fp_int * a, fp_int * b)
wolfSSL	13:f67a6c6013ca	662	{
wolfSSL	13:f67a6c6013ca	663	int x, oldused;
wolfSSL	13:f67a6c6013ca	664
wolfSSL	13:f67a6c6013ca	665	oldused = b->used;
wolfSSL	13:f67a6c6013ca	666	b->used = a->used;
wolfSSL	13:f67a6c6013ca	667	{
wolfSSL	13:f67a6c6013ca	668	fp_digit r, rr, tmpa, tmpb;
wolfSSL	13:f67a6c6013ca	669
wolfSSL	13:f67a6c6013ca	670	/* source alias */
wolfSSL	13:f67a6c6013ca	671	tmpa = a->dp + b->used - 1;
wolfSSL	13:f67a6c6013ca	672
wolfSSL	13:f67a6c6013ca	673	/* dest alias */
wolfSSL	13:f67a6c6013ca	674	tmpb = b->dp + b->used - 1;
wolfSSL	13:f67a6c6013ca	675
wolfSSL	13:f67a6c6013ca	676	/* carry */
wolfSSL	13:f67a6c6013ca	677	r = 0;
wolfSSL	13:f67a6c6013ca	678	for (x = b->used - 1; x >= 0; x--) {
wolfSSL	13:f67a6c6013ca	679	/* get the carry for the next iteration */
wolfSSL	13:f67a6c6013ca	680	rr = *tmpa & 1;
wolfSSL	13:f67a6c6013ca	681
wolfSSL	13:f67a6c6013ca	682	/* shift the current digit, add in carry and store */
wolfSSL	13:f67a6c6013ca	683	tmpb-- = (tmpa-- >> 1) \| (r << (DIGIT_BIT - 1));
wolfSSL	13:f67a6c6013ca	684
wolfSSL	13:f67a6c6013ca	685	/* forward carry to next iteration */
wolfSSL	13:f67a6c6013ca	686	r = rr;
wolfSSL	13:f67a6c6013ca	687	}
wolfSSL	13:f67a6c6013ca	688
wolfSSL	13:f67a6c6013ca	689	/* zero any excess digits on the destination that we didn't write to */
wolfSSL	13:f67a6c6013ca	690	tmpb = b->dp + b->used;
wolfSSL	13:f67a6c6013ca	691	for (x = b->used; x < oldused; x++) {
wolfSSL	13:f67a6c6013ca	692	*tmpb++ = 0;
wolfSSL	13:f67a6c6013ca	693	}
wolfSSL	13:f67a6c6013ca	694	}
wolfSSL	13:f67a6c6013ca	695	b->sign = a->sign;
wolfSSL	13:f67a6c6013ca	696	fp_clamp (b);
wolfSSL	13:f67a6c6013ca	697	}
wolfSSL	13:f67a6c6013ca	698
wolfSSL	13:f67a6c6013ca	699	/* c = a / 2*b /
wolfSSL	13:f67a6c6013ca	700	void fp_div_2d(fp_int a, int b, fp_int c, fp_int *d)
wolfSSL	13:f67a6c6013ca	701	{
wolfSSL	13:f67a6c6013ca	702	int D;
wolfSSL	13:f67a6c6013ca	703	fp_int t;
wolfSSL	13:f67a6c6013ca	704
wolfSSL	13:f67a6c6013ca	705	/* if the shift count is <= 0 then we do no work */
wolfSSL	13:f67a6c6013ca	706	if (b <= 0) {
wolfSSL	13:f67a6c6013ca	707	fp_copy (a, c);
wolfSSL	13:f67a6c6013ca	708	if (d != NULL) {
wolfSSL	13:f67a6c6013ca	709	fp_zero (d);
wolfSSL	13:f67a6c6013ca	710	}
wolfSSL	13:f67a6c6013ca	711	return;
wolfSSL	13:f67a6c6013ca	712	}
wolfSSL	13:f67a6c6013ca	713
wolfSSL	13:f67a6c6013ca	714	fp_init(&t);
wolfSSL	13:f67a6c6013ca	715
wolfSSL	13:f67a6c6013ca	716	/* get the remainder */
wolfSSL	13:f67a6c6013ca	717	if (d != NULL) {
wolfSSL	13:f67a6c6013ca	718	fp_mod_2d (a, b, &t);
wolfSSL	13:f67a6c6013ca	719	}
wolfSSL	13:f67a6c6013ca	720
wolfSSL	13:f67a6c6013ca	721	/* copy */
wolfSSL	13:f67a6c6013ca	722	fp_copy(a, c);
wolfSSL	13:f67a6c6013ca	723
wolfSSL	13:f67a6c6013ca	724	/* shift by as many digits in the bit count */
wolfSSL	13:f67a6c6013ca	725	if (b >= (int)DIGIT_BIT) {
wolfSSL	13:f67a6c6013ca	726	fp_rshd (c, b / DIGIT_BIT);
wolfSSL	13:f67a6c6013ca	727	}
wolfSSL	13:f67a6c6013ca	728
wolfSSL	13:f67a6c6013ca	729	/* shift any bit count < DIGIT_BIT */
wolfSSL	13:f67a6c6013ca	730	D = (b % DIGIT_BIT);
wolfSSL	13:f67a6c6013ca	731	if (D != 0) {
wolfSSL	13:f67a6c6013ca	732	fp_rshb(c, D);
wolfSSL	13:f67a6c6013ca	733	}
wolfSSL	13:f67a6c6013ca	734	fp_clamp (c);
wolfSSL	13:f67a6c6013ca	735	if (d != NULL) {
wolfSSL	13:f67a6c6013ca	736	fp_copy (&t, d);
wolfSSL	13:f67a6c6013ca	737	}
wolfSSL	13:f67a6c6013ca	738	}
wolfSSL	13:f67a6c6013ca	739
wolfSSL	13:f67a6c6013ca	740	/* c = a mod b, 0 <= c < b */
wolfSSL	13:f67a6c6013ca	741	int fp_mod(fp_int a, fp_int b, fp_int *c)
wolfSSL	13:f67a6c6013ca	742	{
wolfSSL	13:f67a6c6013ca	743	fp_int t;
wolfSSL	13:f67a6c6013ca	744	int err;
wolfSSL	13:f67a6c6013ca	745
wolfSSL	13:f67a6c6013ca	746	fp_init(&t);
wolfSSL	13:f67a6c6013ca	747	if ((err = fp_div(a, b, NULL, &t)) != FP_OKAY) {
wolfSSL	13:f67a6c6013ca	748	return err;
wolfSSL	13:f67a6c6013ca	749	}
wolfSSL	13:f67a6c6013ca	750	if (t.sign != b->sign) {
wolfSSL	13:f67a6c6013ca	751	fp_add(&t, b, c);
wolfSSL	13:f67a6c6013ca	752	} else {
wolfSSL	13:f67a6c6013ca	753	fp_copy(&t, c);
wolfSSL	13:f67a6c6013ca	754	}
wolfSSL	13:f67a6c6013ca	755	return FP_OKAY;
wolfSSL	13:f67a6c6013ca	756	}
wolfSSL	13:f67a6c6013ca	757
wolfSSL	13:f67a6c6013ca	758	/* c = a mod 2*d /
wolfSSL	13:f67a6c6013ca	759	void fp_mod_2d(fp_int a, int b, fp_int c)
wolfSSL	13:f67a6c6013ca	760	{
wolfSSL	13:f67a6c6013ca	761	int x;
wolfSSL	13:f67a6c6013ca	762
wolfSSL	13:f67a6c6013ca	763	/* zero if count less than or equal to zero */
wolfSSL	13:f67a6c6013ca	764	if (b <= 0) {
wolfSSL	13:f67a6c6013ca	765	fp_zero(c);
wolfSSL	13:f67a6c6013ca	766	return;
wolfSSL	13:f67a6c6013ca	767	}
wolfSSL	13:f67a6c6013ca	768
wolfSSL	13:f67a6c6013ca	769	/* get copy of input */
wolfSSL	13:f67a6c6013ca	770	fp_copy(a, c);
wolfSSL	13:f67a6c6013ca	771
wolfSSL	13:f67a6c6013ca	772	/* if 2*d is larger than we just return /
wolfSSL	13:f67a6c6013ca	773	if (b >= (DIGIT_BIT * a->used)) {
wolfSSL	13:f67a6c6013ca	774	return;
wolfSSL	13:f67a6c6013ca	775	}
wolfSSL	13:f67a6c6013ca	776
wolfSSL	13:f67a6c6013ca	777	/* zero digits above the last digit of the modulus */
wolfSSL	13:f67a6c6013ca	778	for (x = (b / DIGIT_BIT) + ((b % DIGIT_BIT) == 0 ? 0 : 1); x < c->used; x++) {
wolfSSL	13:f67a6c6013ca	779	c->dp[x] = 0;
wolfSSL	13:f67a6c6013ca	780	}
wolfSSL	13:f67a6c6013ca	781	/* clear the digit that is not completely outside/inside the modulus */
wolfSSL	13:f67a6c6013ca	782	c->dp[b / DIGIT_BIT] &= ~((fp_digit)0) >> (DIGIT_BIT - b);
wolfSSL	13:f67a6c6013ca	783	fp_clamp (c);
wolfSSL	13:f67a6c6013ca	784	}
wolfSSL	13:f67a6c6013ca	785
wolfSSL	13:f67a6c6013ca	786	static int fp_invmod_slow (fp_int * a, fp_int * b, fp_int * c)
wolfSSL	13:f67a6c6013ca	787	{
wolfSSL	13:f67a6c6013ca	788	fp_int x, y, u, v, A, B, C, D;
wolfSSL	13:f67a6c6013ca	789	int res;
wolfSSL	13:f67a6c6013ca	790
wolfSSL	13:f67a6c6013ca	791	/* b cannot be negative */
wolfSSL	13:f67a6c6013ca	792	if (b->sign == FP_NEG \|\| fp_iszero(b) == FP_YES) {
wolfSSL	13:f67a6c6013ca	793	return FP_VAL;
wolfSSL	13:f67a6c6013ca	794	}
wolfSSL	13:f67a6c6013ca	795
wolfSSL	13:f67a6c6013ca	796	/* init temps */
wolfSSL	13:f67a6c6013ca	797	fp_init(&x); fp_init(&y);
wolfSSL	13:f67a6c6013ca	798	fp_init(&u); fp_init(&v);
wolfSSL	13:f67a6c6013ca	799	fp_init(&A); fp_init(&B);
wolfSSL	13:f67a6c6013ca	800	fp_init(&C); fp_init(&D);
wolfSSL	13:f67a6c6013ca	801
wolfSSL	13:f67a6c6013ca	802	/* x = a, y = b */
wolfSSL	13:f67a6c6013ca	803	if ((res = fp_mod(a, b, &x)) != FP_OKAY) {
wolfSSL	13:f67a6c6013ca	804	return res;
wolfSSL	13:f67a6c6013ca	805	}
wolfSSL	13:f67a6c6013ca	806	fp_copy(b, &y);
wolfSSL	13:f67a6c6013ca	807
wolfSSL	13:f67a6c6013ca	808	/* 2. [modified] if x,y are both even then return an error! */
wolfSSL	13:f67a6c6013ca	809	if (fp_iseven (&x) == FP_YES && fp_iseven (&y) == FP_YES) {
wolfSSL	13:f67a6c6013ca	810	return FP_VAL;
wolfSSL	13:f67a6c6013ca	811	}
wolfSSL	13:f67a6c6013ca	812
wolfSSL	13:f67a6c6013ca	813	/* 3. u=x, v=y, A=1, B=0, C=0,D=1 */
wolfSSL	13:f67a6c6013ca	814	fp_copy (&x, &u);
wolfSSL	13:f67a6c6013ca	815	fp_copy (&y, &v);
wolfSSL	13:f67a6c6013ca	816	fp_set (&A, 1);
wolfSSL	13:f67a6c6013ca	817	fp_set (&D, 1);
wolfSSL	13:f67a6c6013ca	818
wolfSSL	13:f67a6c6013ca	819	top:
wolfSSL	13:f67a6c6013ca	820	/* 4. while u is even do */
wolfSSL	13:f67a6c6013ca	821	while (fp_iseven (&u) == FP_YES) {
wolfSSL	13:f67a6c6013ca	822	/* 4.1 u = u/2 */
wolfSSL	13:f67a6c6013ca	823	fp_div_2 (&u, &u);
wolfSSL	13:f67a6c6013ca	824
wolfSSL	13:f67a6c6013ca	825	/* 4.2 if A or B is odd then */
wolfSSL	13:f67a6c6013ca	826	if (fp_isodd (&A) == FP_YES \|\| fp_isodd (&B) == FP_YES) {
wolfSSL	13:f67a6c6013ca	827	/* A = (A+y)/2, B = (B-x)/2 */
wolfSSL	13:f67a6c6013ca	828	fp_add (&A, &y, &A);
wolfSSL	13:f67a6c6013ca	829	fp_sub (&B, &x, &B);
wolfSSL	13:f67a6c6013ca	830	}
wolfSSL	13:f67a6c6013ca	831	/* A = A/2, B = B/2 */
wolfSSL	13:f67a6c6013ca	832	fp_div_2 (&A, &A);
wolfSSL	13:f67a6c6013ca	833	fp_div_2 (&B, &B);
wolfSSL	13:f67a6c6013ca	834	}
wolfSSL	13:f67a6c6013ca	835
wolfSSL	13:f67a6c6013ca	836	/* 5. while v is even do */
wolfSSL	13:f67a6c6013ca	837	while (fp_iseven (&v) == FP_YES) {
wolfSSL	13:f67a6c6013ca	838	/* 5.1 v = v/2 */
wolfSSL	13:f67a6c6013ca	839	fp_div_2 (&v, &v);
wolfSSL	13:f67a6c6013ca	840
wolfSSL	13:f67a6c6013ca	841	/* 5.2 if C or D is odd then */
wolfSSL	13:f67a6c6013ca	842	if (fp_isodd (&C) == FP_YES \|\| fp_isodd (&D) == FP_YES) {
wolfSSL	13:f67a6c6013ca	843	/* C = (C+y)/2, D = (D-x)/2 */
wolfSSL	13:f67a6c6013ca	844	fp_add (&C, &y, &C);
wolfSSL	13:f67a6c6013ca	845	fp_sub (&D, &x, &D);
wolfSSL	13:f67a6c6013ca	846	}
wolfSSL	13:f67a6c6013ca	847	/* C = C/2, D = D/2 */
wolfSSL	13:f67a6c6013ca	848	fp_div_2 (&C, &C);
wolfSSL	13:f67a6c6013ca	849	fp_div_2 (&D, &D);
wolfSSL	13:f67a6c6013ca	850	}
wolfSSL	13:f67a6c6013ca	851
wolfSSL	13:f67a6c6013ca	852	/* 6. if u >= v then */
wolfSSL	13:f67a6c6013ca	853	if (fp_cmp (&u, &v) != FP_LT) {
wolfSSL	13:f67a6c6013ca	854	/* u = u - v, A = A - C, B = B - D */
wolfSSL	13:f67a6c6013ca	855	fp_sub (&u, &v, &u);
wolfSSL	13:f67a6c6013ca	856	fp_sub (&A, &C, &A);
wolfSSL	13:f67a6c6013ca	857	fp_sub (&B, &D, &B);
wolfSSL	13:f67a6c6013ca	858	} else {
wolfSSL	13:f67a6c6013ca	859	/* v - v - u, C = C - A, D = D - B */
wolfSSL	13:f67a6c6013ca	860	fp_sub (&v, &u, &v);
wolfSSL	13:f67a6c6013ca	861	fp_sub (&C, &A, &C);
wolfSSL	13:f67a6c6013ca	862	fp_sub (&D, &B, &D);
wolfSSL	13:f67a6c6013ca	863	}
wolfSSL	13:f67a6c6013ca	864
wolfSSL	13:f67a6c6013ca	865	/* if not zero goto step 4 */
wolfSSL	13:f67a6c6013ca	866	if (fp_iszero (&u) == FP_NO)
wolfSSL	13:f67a6c6013ca	867	goto top;
wolfSSL	13:f67a6c6013ca	868
wolfSSL	13:f67a6c6013ca	869	/* now a = C, b = D, gcd == gv /
wolfSSL	13:f67a6c6013ca	870
wolfSSL	13:f67a6c6013ca	871	/* if v != 1 then there is no inverse */
wolfSSL	13:f67a6c6013ca	872	if (fp_cmp_d (&v, 1) != FP_EQ) {
wolfSSL	13:f67a6c6013ca	873	return FP_VAL;
wolfSSL	13:f67a6c6013ca	874	}
wolfSSL	13:f67a6c6013ca	875
wolfSSL	13:f67a6c6013ca	876	/* if its too low */
wolfSSL	13:f67a6c6013ca	877	while (fp_cmp_d(&C, 0) == FP_LT) {
wolfSSL	13:f67a6c6013ca	878	fp_add(&C, b, &C);
wolfSSL	13:f67a6c6013ca	879	}
wolfSSL	13:f67a6c6013ca	880
wolfSSL	13:f67a6c6013ca	881	/* too big */
wolfSSL	13:f67a6c6013ca	882	while (fp_cmp_mag(&C, b) != FP_LT) {
wolfSSL	13:f67a6c6013ca	883	fp_sub(&C, b, &C);
wolfSSL	13:f67a6c6013ca	884	}
wolfSSL	13:f67a6c6013ca	885
wolfSSL	13:f67a6c6013ca	886	/* C is now the inverse */
wolfSSL	13:f67a6c6013ca	887	fp_copy(&C, c);
wolfSSL	13:f67a6c6013ca	888	return FP_OKAY;
wolfSSL	13:f67a6c6013ca	889	}
wolfSSL	13:f67a6c6013ca	890
wolfSSL	13:f67a6c6013ca	891	/* c = 1/a (mod b) for odd b only */
wolfSSL	13:f67a6c6013ca	892	int fp_invmod(fp_int a, fp_int b, fp_int *c)
wolfSSL	13:f67a6c6013ca	893	{
wolfSSL	13:f67a6c6013ca	894	fp_int x, y, u, v, B, D;
wolfSSL	13:f67a6c6013ca	895	int neg;
wolfSSL	13:f67a6c6013ca	896
wolfSSL	13:f67a6c6013ca	897	/* 2. [modified] b must be odd */
wolfSSL	13:f67a6c6013ca	898	if (fp_iseven (b) == FP_YES) {
wolfSSL	13:f67a6c6013ca	899	return fp_invmod_slow(a,b,c);
wolfSSL	13:f67a6c6013ca	900	}
wolfSSL	13:f67a6c6013ca	901
wolfSSL	13:f67a6c6013ca	902	/* init all our temps */
wolfSSL	13:f67a6c6013ca	903	fp_init(&x); fp_init(&y);
wolfSSL	13:f67a6c6013ca	904	fp_init(&u); fp_init(&v);
wolfSSL	13:f67a6c6013ca	905	fp_init(&B); fp_init(&D);
wolfSSL	13:f67a6c6013ca	906
wolfSSL	13:f67a6c6013ca	907	/* x == modulus, y == value to invert */
wolfSSL	13:f67a6c6013ca	908	fp_copy(b, &x);
wolfSSL	13:f67a6c6013ca	909
wolfSSL	13:f67a6c6013ca	910	/* we need y = \|a\| */
wolfSSL	13:f67a6c6013ca	911	fp_abs(a, &y);
wolfSSL	13:f67a6c6013ca	912
wolfSSL	13:f67a6c6013ca	913	/* 3. u=x, v=y, A=1, B=0, C=0,D=1 */
wolfSSL	13:f67a6c6013ca	914	fp_copy(&x, &u);
wolfSSL	13:f67a6c6013ca	915	fp_copy(&y, &v);
wolfSSL	13:f67a6c6013ca	916	fp_set (&D, 1);
wolfSSL	13:f67a6c6013ca	917
wolfSSL	13:f67a6c6013ca	918	top:
wolfSSL	13:f67a6c6013ca	919	/* 4. while u is even do */
wolfSSL	13:f67a6c6013ca	920	while (fp_iseven (&u) == FP_YES) {
wolfSSL	13:f67a6c6013ca	921	/* 4.1 u = u/2 */
wolfSSL	13:f67a6c6013ca	922	fp_div_2 (&u, &u);
wolfSSL	13:f67a6c6013ca	923
wolfSSL	13:f67a6c6013ca	924	/* 4.2 if B is odd then */
wolfSSL	13:f67a6c6013ca	925	if (fp_isodd (&B) == FP_YES) {
wolfSSL	13:f67a6c6013ca	926	fp_sub (&B, &x, &B);
wolfSSL	13:f67a6c6013ca	927	}
wolfSSL	13:f67a6c6013ca	928	/* B = B/2 */
wolfSSL	13:f67a6c6013ca	929	fp_div_2 (&B, &B);
wolfSSL	13:f67a6c6013ca	930	}
wolfSSL	13:f67a6c6013ca	931
wolfSSL	13:f67a6c6013ca	932	/* 5. while v is even do */
wolfSSL	13:f67a6c6013ca	933	while (fp_iseven (&v) == FP_YES) {
wolfSSL	13:f67a6c6013ca	934	/* 5.1 v = v/2 */
wolfSSL	13:f67a6c6013ca	935	fp_div_2 (&v, &v);
wolfSSL	13:f67a6c6013ca	936
wolfSSL	13:f67a6c6013ca	937	/* 5.2 if D is odd then */
wolfSSL	13:f67a6c6013ca	938	if (fp_isodd (&D) == FP_YES) {
wolfSSL	13:f67a6c6013ca	939	/* D = (D-x)/2 */
wolfSSL	13:f67a6c6013ca	940	fp_sub (&D, &x, &D);
wolfSSL	13:f67a6c6013ca	941	}
wolfSSL	13:f67a6c6013ca	942	/* D = D/2 */
wolfSSL	13:f67a6c6013ca	943	fp_div_2 (&D, &D);
wolfSSL	13:f67a6c6013ca	944	}
wolfSSL	13:f67a6c6013ca	945
wolfSSL	13:f67a6c6013ca	946	/* 6. if u >= v then */
wolfSSL	13:f67a6c6013ca	947	if (fp_cmp (&u, &v) != FP_LT) {
wolfSSL	13:f67a6c6013ca	948	/* u = u - v, B = B - D */
wolfSSL	13:f67a6c6013ca	949	fp_sub (&u, &v, &u);
wolfSSL	13:f67a6c6013ca	950	fp_sub (&B, &D, &B);
wolfSSL	13:f67a6c6013ca	951	} else {
wolfSSL	13:f67a6c6013ca	952	/* v - v - u, D = D - B */
wolfSSL	13:f67a6c6013ca	953	fp_sub (&v, &u, &v);
wolfSSL	13:f67a6c6013ca	954	fp_sub (&D, &B, &D);
wolfSSL	13:f67a6c6013ca	955	}
wolfSSL	13:f67a6c6013ca	956
wolfSSL	13:f67a6c6013ca	957	/* if not zero goto step 4 */
wolfSSL	13:f67a6c6013ca	958	if (fp_iszero (&u) == FP_NO) {
wolfSSL	13:f67a6c6013ca	959	goto top;
wolfSSL	13:f67a6c6013ca	960	}
wolfSSL	13:f67a6c6013ca	961
wolfSSL	13:f67a6c6013ca	962	/* now a = C, b = D, gcd == gv /
wolfSSL	13:f67a6c6013ca	963
wolfSSL	13:f67a6c6013ca	964	/* if v != 1 then there is no inverse */
wolfSSL	13:f67a6c6013ca	965	if (fp_cmp_d (&v, 1) != FP_EQ) {
wolfSSL	13:f67a6c6013ca	966	return FP_VAL;
wolfSSL	13:f67a6c6013ca	967	}
wolfSSL	13:f67a6c6013ca	968
wolfSSL	13:f67a6c6013ca	969	/* b is now the inverse */
wolfSSL	13:f67a6c6013ca	970	neg = a->sign;
wolfSSL	13:f67a6c6013ca	971	while (D.sign == FP_NEG) {
wolfSSL	13:f67a6c6013ca	972	fp_add (&D, b, &D);
wolfSSL	13:f67a6c6013ca	973	}
wolfSSL	13:f67a6c6013ca	974	/* too big */
wolfSSL	13:f67a6c6013ca	975	while (fp_cmp_mag(&D, b) != FP_LT) {
wolfSSL	13:f67a6c6013ca	976	fp_sub(&D, b, &D);
wolfSSL	13:f67a6c6013ca	977	}
wolfSSL	13:f67a6c6013ca	978	fp_copy (&D, c);
wolfSSL	13:f67a6c6013ca	979	c->sign = neg;
wolfSSL	13:f67a6c6013ca	980	return FP_OKAY;
wolfSSL	13:f67a6c6013ca	981	}
wolfSSL	13:f67a6c6013ca	982
wolfSSL	13:f67a6c6013ca	983	/* d = a * b (mod c) */
wolfSSL	13:f67a6c6013ca	984	int fp_mulmod(fp_int a, fp_int b, fp_int c, fp_int d)
wolfSSL	13:f67a6c6013ca	985	{
wolfSSL	13:f67a6c6013ca	986	int err;
wolfSSL	13:f67a6c6013ca	987	fp_int t;
wolfSSL	13:f67a6c6013ca	988
wolfSSL	13:f67a6c6013ca	989	fp_init(&t);
wolfSSL	13:f67a6c6013ca	990	fp_mul(a, b, &t);
wolfSSL	13:f67a6c6013ca	991	#if defined(ALT_ECC_SIZE) \|\| defined(HAVE_WOLF_BIGINT)
wolfSSL	13:f67a6c6013ca	992	if (d->size < FP_SIZE) {
wolfSSL	13:f67a6c6013ca	993	err = fp_mod(&t, c, &t);
wolfSSL	13:f67a6c6013ca	994	fp_copy(&t, d);
wolfSSL	13:f67a6c6013ca	995	} else
wolfSSL	13:f67a6c6013ca	996	#endif
wolfSSL	13:f67a6c6013ca	997	{
wolfSSL	13:f67a6c6013ca	998	err = fp_mod(&t, c, d);
wolfSSL	13:f67a6c6013ca	999	}
wolfSSL	13:f67a6c6013ca	1000
wolfSSL	13:f67a6c6013ca	1001	return err;
wolfSSL	13:f67a6c6013ca	1002	}
wolfSSL	13:f67a6c6013ca	1003
wolfSSL	13:f67a6c6013ca	1004	/* d = a - b (mod c) */
wolfSSL	13:f67a6c6013ca	1005	int fp_submod(fp_int a, fp_int b, fp_int c, fp_int d)
wolfSSL	13:f67a6c6013ca	1006	{
wolfSSL	13:f67a6c6013ca	1007	int err;
wolfSSL	13:f67a6c6013ca	1008	fp_int t;
wolfSSL	13:f67a6c6013ca	1009
wolfSSL	13:f67a6c6013ca	1010	fp_init(&t);
wolfSSL	13:f67a6c6013ca	1011	fp_sub(a, b, &t);
wolfSSL	13:f67a6c6013ca	1012	#if defined(ALT_ECC_SIZE) \|\| defined(HAVE_WOLF_BIGINT)
wolfSSL	13:f67a6c6013ca	1013	if (d->size < FP_SIZE) {
wolfSSL	13:f67a6c6013ca	1014	err = fp_mod(&t, c, &t);
wolfSSL	13:f67a6c6013ca	1015	fp_copy(&t, d);
wolfSSL	13:f67a6c6013ca	1016	} else
wolfSSL	13:f67a6c6013ca	1017	#endif
wolfSSL	13:f67a6c6013ca	1018	{
wolfSSL	13:f67a6c6013ca	1019	err = fp_mod(&t, c, d);
wolfSSL	13:f67a6c6013ca	1020	}
wolfSSL	13:f67a6c6013ca	1021
wolfSSL	13:f67a6c6013ca	1022	return err;
wolfSSL	13:f67a6c6013ca	1023	}
wolfSSL	13:f67a6c6013ca	1024
wolfSSL	13:f67a6c6013ca	1025	/* d = a + b (mod c) */
wolfSSL	13:f67a6c6013ca	1026	int fp_addmod(fp_int a, fp_int b, fp_int c, fp_int d)
wolfSSL	13:f67a6c6013ca	1027	{
wolfSSL	13:f67a6c6013ca	1028	int err;
wolfSSL	13:f67a6c6013ca	1029	fp_int t;
wolfSSL	13:f67a6c6013ca	1030
wolfSSL	13:f67a6c6013ca	1031	fp_init(&t);
wolfSSL	13:f67a6c6013ca	1032	fp_add(a, b, &t);
wolfSSL	13:f67a6c6013ca	1033	#if defined(ALT_ECC_SIZE) \|\| defined(HAVE_WOLF_BIGINT)
wolfSSL	13:f67a6c6013ca	1034	if (d->size < FP_SIZE) {
wolfSSL	13:f67a6c6013ca	1035	err = fp_mod(&t, c, &t);
wolfSSL	13:f67a6c6013ca	1036	fp_copy(&t, d);
wolfSSL	13:f67a6c6013ca	1037	} else
wolfSSL	13:f67a6c6013ca	1038	#endif
wolfSSL	13:f67a6c6013ca	1039	{
wolfSSL	13:f67a6c6013ca	1040	err = fp_mod(&t, c, d);
wolfSSL	13:f67a6c6013ca	1041	}
wolfSSL	13:f67a6c6013ca	1042
wolfSSL	13:f67a6c6013ca	1043	return err;
wolfSSL	13:f67a6c6013ca	1044	}
wolfSSL	13:f67a6c6013ca	1045
wolfSSL	13:f67a6c6013ca	1046	#ifdef TFM_TIMING_RESISTANT
wolfSSL	13:f67a6c6013ca	1047
wolfSSL	13:f67a6c6013ca	1048	/* timing resistant montgomery ladder based exptmod
wolfSSL	13:f67a6c6013ca	1049	Based on work by Marc Joye, Sung-Ming Yen, "The Montgomery Powering Ladder",
wolfSSL	13:f67a6c6013ca	1050	Cryptographic Hardware and Embedded Systems, CHES 2002
wolfSSL	13:f67a6c6013ca	1051	*/
wolfSSL	13:f67a6c6013ca	1052	static int _fp_exptmod(fp_int * G, fp_int * X, fp_int * P, fp_int * Y)
wolfSSL	13:f67a6c6013ca	1053	{
wolfSSL	13:f67a6c6013ca	1054	#ifdef WC_NO_CACHE_RESISTANT
wolfSSL	13:f67a6c6013ca	1055	fp_int R[2];
wolfSSL	13:f67a6c6013ca	1056	#else
wolfSSL	13:f67a6c6013ca	1057	fp_int R[3]; /* need a temp for cache resistance */
wolfSSL	13:f67a6c6013ca	1058	#endif
wolfSSL	13:f67a6c6013ca	1059	fp_digit buf, mp;
wolfSSL	13:f67a6c6013ca	1060	int err, bitcnt, digidx, y;
wolfSSL	13:f67a6c6013ca	1061
wolfSSL	13:f67a6c6013ca	1062	/* now setup montgomery */
wolfSSL	13:f67a6c6013ca	1063	if ((err = fp_montgomery_setup (P, &mp)) != FP_OKAY) {
wolfSSL	13:f67a6c6013ca	1064	return err;
wolfSSL	13:f67a6c6013ca	1065	}
wolfSSL	13:f67a6c6013ca	1066
wolfSSL	13:f67a6c6013ca	1067	fp_init(&R[0]);
wolfSSL	13:f67a6c6013ca	1068	fp_init(&R[1]);
wolfSSL	13:f67a6c6013ca	1069	#ifndef WC_NO_CACHE_RESISTANT
wolfSSL	13:f67a6c6013ca	1070	fp_init(&R[2]);
wolfSSL	13:f67a6c6013ca	1071	#endif
wolfSSL	13:f67a6c6013ca	1072
wolfSSL	13:f67a6c6013ca	1073	/* now we need R mod m */
wolfSSL	13:f67a6c6013ca	1074	fp_montgomery_calc_normalization (&R[0], P);
wolfSSL	13:f67a6c6013ca	1075
wolfSSL	13:f67a6c6013ca	1076	/* now set R[0][1] to G * R mod m */
wolfSSL	13:f67a6c6013ca	1077	if (fp_cmp_mag(P, G) != FP_GT) {
wolfSSL	13:f67a6c6013ca	1078	/* G > P so we reduce it first */
wolfSSL	13:f67a6c6013ca	1079	fp_mod(G, P, &R[1]);
wolfSSL	13:f67a6c6013ca	1080	} else {
wolfSSL	13:f67a6c6013ca	1081	fp_copy(G, &R[1]);
wolfSSL	13:f67a6c6013ca	1082	}
wolfSSL	13:f67a6c6013ca	1083	fp_mulmod (&R[1], &R[0], P, &R[1]);
wolfSSL	13:f67a6c6013ca	1084
wolfSSL	13:f67a6c6013ca	1085	/* for j = t-1 downto 0 do
wolfSSL	13:f67a6c6013ca	1086	r_!k = R0*R1; r_k = r_k^2
wolfSSL	13:f67a6c6013ca	1087	*/
wolfSSL	13:f67a6c6013ca	1088
wolfSSL	13:f67a6c6013ca	1089	/* set initial mode and bit cnt */
wolfSSL	13:f67a6c6013ca	1090	bitcnt = 1;
wolfSSL	13:f67a6c6013ca	1091	buf = 0;
wolfSSL	13:f67a6c6013ca	1092	digidx = X->used - 1;
wolfSSL	13:f67a6c6013ca	1093
wolfSSL	13:f67a6c6013ca	1094	for (;;) {
wolfSSL	13:f67a6c6013ca	1095	/* grab next digit as required */
wolfSSL	13:f67a6c6013ca	1096	if (--bitcnt == 0) {
wolfSSL	13:f67a6c6013ca	1097	/* if digidx == -1 we are out of digits so break */
wolfSSL	13:f67a6c6013ca	1098	if (digidx == -1) {
wolfSSL	13:f67a6c6013ca	1099	break;
wolfSSL	13:f67a6c6013ca	1100	}
wolfSSL	13:f67a6c6013ca	1101	/* read next digit and reset bitcnt */
wolfSSL	13:f67a6c6013ca	1102	buf = X->dp[digidx--];
wolfSSL	13:f67a6c6013ca	1103	bitcnt = (int)DIGIT_BIT;
wolfSSL	13:f67a6c6013ca	1104	}
wolfSSL	13:f67a6c6013ca	1105
wolfSSL	13:f67a6c6013ca	1106	/* grab the next msb from the exponent */
wolfSSL	13:f67a6c6013ca	1107	y = (int)(buf >> (DIGIT_BIT - 1)) & 1;
wolfSSL	13:f67a6c6013ca	1108	buf <<= (fp_digit)1;
wolfSSL	13:f67a6c6013ca	1109
wolfSSL	13:f67a6c6013ca	1110	/* do ops */
wolfSSL	13:f67a6c6013ca	1111	fp_mul(&R[0], &R[1], &R[y^1]); fp_montgomery_reduce(&R[y^1], P, mp);
wolfSSL	13:f67a6c6013ca	1112
wolfSSL	13:f67a6c6013ca	1113	#ifdef WC_NO_CACHE_RESISTANT
wolfSSL	13:f67a6c6013ca	1114	fp_sqr(&R[y], &R[y]); fp_montgomery_reduce(&R[y], P, mp);
wolfSSL	13:f67a6c6013ca	1115	#else
wolfSSL	13:f67a6c6013ca	1116	/* instead of using R[y] for sqr, which leaks key bit to cache monitor,
wolfSSL	13:f67a6c6013ca	1117	* use R[2] as temp, make sure address calc is constant, keep
wolfSSL	13:f67a6c6013ca	1118	* &R[0] and &R[1] in cache */
wolfSSL	13:f67a6c6013ca	1119	fp_copy((fp_int*) ( ((wolfssl_word)&R[0] & wc_off_on_addr[y^1]) +
wolfSSL	13:f67a6c6013ca	1120	((wolfssl_word)&R[1] & wc_off_on_addr[y]) ),
wolfSSL	13:f67a6c6013ca	1121	&R[2]);
wolfSSL	13:f67a6c6013ca	1122	fp_sqr(&R[2], &R[2]); fp_montgomery_reduce(&R[2], P, mp);
wolfSSL	13:f67a6c6013ca	1123	fp_copy(&R[2],
wolfSSL	13:f67a6c6013ca	1124	(fp_int*) ( ((wolfssl_word)&R[0] & wc_off_on_addr[y^1]) +
wolfSSL	13:f67a6c6013ca	1125	((wolfssl_word)&R[1] & wc_off_on_addr[y]) ) );
wolfSSL	13:f67a6c6013ca	1126	#endif /* WC_NO_CACHE_RESISTANT */
wolfSSL	13:f67a6c6013ca	1127	}
wolfSSL	13:f67a6c6013ca	1128
wolfSSL	13:f67a6c6013ca	1129	fp_montgomery_reduce(&R[0], P, mp);
wolfSSL	13:f67a6c6013ca	1130	fp_copy(&R[0], Y);
wolfSSL	13:f67a6c6013ca	1131	return FP_OKAY;
wolfSSL	13:f67a6c6013ca	1132	}
wolfSSL	13:f67a6c6013ca	1133
wolfSSL	13:f67a6c6013ca	1134	#else /* TFM_TIMING_RESISTANT */
wolfSSL	13:f67a6c6013ca	1135
wolfSSL	13:f67a6c6013ca	1136	/* y = g**x (mod b)
wolfSSL	13:f67a6c6013ca	1137	* Some restrictions... x must be positive and < b
wolfSSL	13:f67a6c6013ca	1138	*/
wolfSSL	13:f67a6c6013ca	1139	static int _fp_exptmod(fp_int * G, fp_int * X, fp_int * P, fp_int * Y)
wolfSSL	13:f67a6c6013ca	1140	{
wolfSSL	13:f67a6c6013ca	1141	fp_int res;
wolfSSL	13:f67a6c6013ca	1142	fp_digit buf, mp;
wolfSSL	13:f67a6c6013ca	1143	int err, bitbuf, bitcpy, bitcnt, mode, digidx, x, y, winsize;
wolfSSL	13:f67a6c6013ca	1144	#ifdef WOLFSSL_SMALL_STACK
wolfSSL	13:f67a6c6013ca	1145	fp_int *M;
wolfSSL	13:f67a6c6013ca	1146	#else
wolfSSL	13:f67a6c6013ca	1147	fp_int M[64];
wolfSSL	13:f67a6c6013ca	1148	#endif
wolfSSL	13:f67a6c6013ca	1149
wolfSSL	13:f67a6c6013ca	1150	/* find window size */
wolfSSL	13:f67a6c6013ca	1151	x = fp_count_bits (X);
wolfSSL	13:f67a6c6013ca	1152	if (x <= 21) {
wolfSSL	13:f67a6c6013ca	1153	winsize = 1;
wolfSSL	13:f67a6c6013ca	1154	} else if (x <= 36) {
wolfSSL	13:f67a6c6013ca	1155	winsize = 3;
wolfSSL	13:f67a6c6013ca	1156	} else if (x <= 140) {
wolfSSL	13:f67a6c6013ca	1157	winsize = 4;
wolfSSL	13:f67a6c6013ca	1158	} else if (x <= 450) {
wolfSSL	13:f67a6c6013ca	1159	winsize = 5;
wolfSSL	13:f67a6c6013ca	1160	} else {
wolfSSL	13:f67a6c6013ca	1161	winsize = 6;
wolfSSL	13:f67a6c6013ca	1162	}
wolfSSL	13:f67a6c6013ca	1163
wolfSSL	13:f67a6c6013ca	1164	/* now setup montgomery */
wolfSSL	13:f67a6c6013ca	1165	if ((err = fp_montgomery_setup (P, &mp)) != FP_OKAY) {
wolfSSL	13:f67a6c6013ca	1166	return err;
wolfSSL	13:f67a6c6013ca	1167	}
wolfSSL	13:f67a6c6013ca	1168
wolfSSL	13:f67a6c6013ca	1169	#ifdef WOLFSSL_SMALL_STACK
wolfSSL	13:f67a6c6013ca	1170	/* only allocate space for what's needed */
wolfSSL	13:f67a6c6013ca	1171	M = (fp_int)XMALLOC(sizeof(fp_int)(1 << winsize), NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL	13:f67a6c6013ca	1172	if (M == NULL) {
wolfSSL	13:f67a6c6013ca	1173	return FP_MEM;
wolfSSL	13:f67a6c6013ca	1174	}
wolfSSL	13:f67a6c6013ca	1175	#endif
wolfSSL	13:f67a6c6013ca	1176
wolfSSL	13:f67a6c6013ca	1177	/* init M array */
wolfSSL	13:f67a6c6013ca	1178	for(x = 0; x < (1 << winsize); x++)
wolfSSL	13:f67a6c6013ca	1179	fp_init(&M[x]);
wolfSSL	13:f67a6c6013ca	1180
wolfSSL	13:f67a6c6013ca	1181	/* setup result */
wolfSSL	13:f67a6c6013ca	1182	fp_init(&res);
wolfSSL	13:f67a6c6013ca	1183
wolfSSL	13:f67a6c6013ca	1184	/* create M table
wolfSSL	13:f67a6c6013ca	1185	*
wolfSSL	13:f67a6c6013ca	1186	* The M table contains powers of the input base, e.g. M[x] = G^x mod P
wolfSSL	13:f67a6c6013ca	1187	*
wolfSSL	13:f67a6c6013ca	1188	* The first half of the table is not computed though except for M[0] and M[1]
wolfSSL	13:f67a6c6013ca	1189	*/
wolfSSL	13:f67a6c6013ca	1190
wolfSSL	13:f67a6c6013ca	1191	/* now we need R mod m */
wolfSSL	13:f67a6c6013ca	1192	fp_montgomery_calc_normalization (&res, P);
wolfSSL	13:f67a6c6013ca	1193
wolfSSL	13:f67a6c6013ca	1194	/* now set M[1] to G * R mod m */
wolfSSL	13:f67a6c6013ca	1195	if (fp_cmp_mag(P, G) != FP_GT) {
wolfSSL	13:f67a6c6013ca	1196	/* G > P so we reduce it first */
wolfSSL	13:f67a6c6013ca	1197	fp_mod(G, P, &M[1]);
wolfSSL	13:f67a6c6013ca	1198	} else {
wolfSSL	13:f67a6c6013ca	1199	fp_copy(G, &M[1]);
wolfSSL	13:f67a6c6013ca	1200	}
wolfSSL	13:f67a6c6013ca	1201	fp_mulmod (&M[1], &res, P, &M[1]);
wolfSSL	13:f67a6c6013ca	1202
wolfSSL	13:f67a6c6013ca	1203	/* compute the value at M[1<<(winsize-1)] by
wolfSSL	13:f67a6c6013ca	1204	* squaring M[1] (winsize-1) times */
wolfSSL	13:f67a6c6013ca	1205	fp_copy (&M[1], &M[1 << (winsize - 1)]);
wolfSSL	13:f67a6c6013ca	1206	for (x = 0; x < (winsize - 1); x++) {
wolfSSL	13:f67a6c6013ca	1207	fp_sqr (&M[1 << (winsize - 1)], &M[1 << (winsize - 1)]);
wolfSSL	13:f67a6c6013ca	1208	fp_montgomery_reduce (&M[1 << (winsize - 1)], P, mp);
wolfSSL	13:f67a6c6013ca	1209	}
wolfSSL	13:f67a6c6013ca	1210
wolfSSL	13:f67a6c6013ca	1211	/* create upper table */
wolfSSL	13:f67a6c6013ca	1212	for (x = (1 << (winsize - 1)) + 1; x < (1 << winsize); x++) {
wolfSSL	13:f67a6c6013ca	1213	fp_mul(&M[x - 1], &M[1], &M[x]);
wolfSSL	13:f67a6c6013ca	1214	fp_montgomery_reduce(&M[x], P, mp);
wolfSSL	13:f67a6c6013ca	1215	}
wolfSSL	13:f67a6c6013ca	1216
wolfSSL	13:f67a6c6013ca	1217	/* set initial mode and bit cnt */
wolfSSL	13:f67a6c6013ca	1218	mode = 0;
wolfSSL	13:f67a6c6013ca	1219	bitcnt = 1;
wolfSSL	13:f67a6c6013ca	1220	buf = 0;
wolfSSL	13:f67a6c6013ca	1221	digidx = X->used - 1;
wolfSSL	13:f67a6c6013ca	1222	bitcpy = 0;
wolfSSL	13:f67a6c6013ca	1223	bitbuf = 0;
wolfSSL	13:f67a6c6013ca	1224
wolfSSL	13:f67a6c6013ca	1225	for (;;) {
wolfSSL	13:f67a6c6013ca	1226	/* grab next digit as required */
wolfSSL	13:f67a6c6013ca	1227	if (--bitcnt == 0) {
wolfSSL	13:f67a6c6013ca	1228	/* if digidx == -1 we are out of digits so break */
wolfSSL	13:f67a6c6013ca	1229	if (digidx == -1) {
wolfSSL	13:f67a6c6013ca	1230	break;
wolfSSL	13:f67a6c6013ca	1231	}
wolfSSL	13:f67a6c6013ca	1232	/* read next digit and reset bitcnt */
wolfSSL	13:f67a6c6013ca	1233	buf = X->dp[digidx--];
wolfSSL	13:f67a6c6013ca	1234	bitcnt = (int)DIGIT_BIT;
wolfSSL	13:f67a6c6013ca	1235	}
wolfSSL	13:f67a6c6013ca	1236
wolfSSL	13:f67a6c6013ca	1237	/* grab the next msb from the exponent */
wolfSSL	13:f67a6c6013ca	1238	y = (int)(buf >> (DIGIT_BIT - 1)) & 1;
wolfSSL	13:f67a6c6013ca	1239	buf <<= (fp_digit)1;
wolfSSL	13:f67a6c6013ca	1240
wolfSSL	13:f67a6c6013ca	1241	/* if the bit is zero and mode == 0 then we ignore it
wolfSSL	13:f67a6c6013ca	1242	* These represent the leading zero bits before the first 1 bit
wolfSSL	13:f67a6c6013ca	1243	* in the exponent. Technically this opt is not required but it
wolfSSL	13:f67a6c6013ca	1244	* does lower the # of trivial squaring/reductions used
wolfSSL	13:f67a6c6013ca	1245	*/
wolfSSL	13:f67a6c6013ca	1246	if (mode == 0 && y == 0) {
wolfSSL	13:f67a6c6013ca	1247	continue;
wolfSSL	13:f67a6c6013ca	1248	}
wolfSSL	13:f67a6c6013ca	1249
wolfSSL	13:f67a6c6013ca	1250	/* if the bit is zero and mode == 1 then we square */
wolfSSL	13:f67a6c6013ca	1251	if (mode == 1 && y == 0) {
wolfSSL	13:f67a6c6013ca	1252	fp_sqr(&res, &res);
wolfSSL	13:f67a6c6013ca	1253	fp_montgomery_reduce(&res, P, mp);
wolfSSL	13:f67a6c6013ca	1254	continue;
wolfSSL	13:f67a6c6013ca	1255	}
wolfSSL	13:f67a6c6013ca	1256
wolfSSL	13:f67a6c6013ca	1257	/* else we add it to the window */
wolfSSL	13:f67a6c6013ca	1258	bitbuf \|= (y << (winsize - ++bitcpy));
wolfSSL	13:f67a6c6013ca	1259	mode = 2;
wolfSSL	13:f67a6c6013ca	1260
wolfSSL	13:f67a6c6013ca	1261	if (bitcpy == winsize) {
wolfSSL	13:f67a6c6013ca	1262	/* ok window is filled so square as required and multiply */
wolfSSL	13:f67a6c6013ca	1263	/* square first */
wolfSSL	13:f67a6c6013ca	1264	for (x = 0; x < winsize; x++) {
wolfSSL	13:f67a6c6013ca	1265	fp_sqr(&res, &res);
wolfSSL	13:f67a6c6013ca	1266	fp_montgomery_reduce(&res, P, mp);
wolfSSL	13:f67a6c6013ca	1267	}
wolfSSL	13:f67a6c6013ca	1268
wolfSSL	13:f67a6c6013ca	1269	/* then multiply */
wolfSSL	13:f67a6c6013ca	1270	fp_mul(&res, &M[bitbuf], &res);
wolfSSL	13:f67a6c6013ca	1271	fp_montgomery_reduce(&res, P, mp);
wolfSSL	13:f67a6c6013ca	1272
wolfSSL	13:f67a6c6013ca	1273	/* empty window and reset */
wolfSSL	13:f67a6c6013ca	1274	bitcpy = 0;
wolfSSL	13:f67a6c6013ca	1275	bitbuf = 0;
wolfSSL	13:f67a6c6013ca	1276	mode = 1;
wolfSSL	13:f67a6c6013ca	1277	}
wolfSSL	13:f67a6c6013ca	1278	}
wolfSSL	13:f67a6c6013ca	1279
wolfSSL	13:f67a6c6013ca	1280	/* if bits remain then square/multiply */
wolfSSL	13:f67a6c6013ca	1281	if (mode == 2 && bitcpy > 0) {
wolfSSL	13:f67a6c6013ca	1282	/* square then multiply if the bit is set */
wolfSSL	13:f67a6c6013ca	1283	for (x = 0; x < bitcpy; x++) {
wolfSSL	13:f67a6c6013ca	1284	fp_sqr(&res, &res);
wolfSSL	13:f67a6c6013ca	1285	fp_montgomery_reduce(&res, P, mp);
wolfSSL	13:f67a6c6013ca	1286
wolfSSL	13:f67a6c6013ca	1287	/* get next bit of the window */
wolfSSL	13:f67a6c6013ca	1288	bitbuf <<= 1;
wolfSSL	13:f67a6c6013ca	1289	if ((bitbuf & (1 << winsize)) != 0) {
wolfSSL	13:f67a6c6013ca	1290	/* then multiply */
wolfSSL	13:f67a6c6013ca	1291	fp_mul(&res, &M[1], &res);
wolfSSL	13:f67a6c6013ca	1292	fp_montgomery_reduce(&res, P, mp);
wolfSSL	13:f67a6c6013ca	1293	}
wolfSSL	13:f67a6c6013ca	1294	}
wolfSSL	13:f67a6c6013ca	1295	}
wolfSSL	13:f67a6c6013ca	1296
wolfSSL	13:f67a6c6013ca	1297	/* fixup result if Montgomery reduction is used
wolfSSL	13:f67a6c6013ca	1298	* recall that any value in a Montgomery system is
wolfSSL	13:f67a6c6013ca	1299	* actually multiplied by R mod n. So we have
wolfSSL	13:f67a6c6013ca	1300	* to reduce one more time to cancel out the factor
wolfSSL	13:f67a6c6013ca	1301	* of R.
wolfSSL	13:f67a6c6013ca	1302	*/
wolfSSL	13:f67a6c6013ca	1303	fp_montgomery_reduce(&res, P, mp);
wolfSSL	13:f67a6c6013ca	1304
wolfSSL	13:f67a6c6013ca	1305	/* swap res with Y */
wolfSSL	13:f67a6c6013ca	1306	fp_copy (&res, Y);
wolfSSL	13:f67a6c6013ca	1307
wolfSSL	13:f67a6c6013ca	1308	#ifdef WOLFSSL_SMALL_STACK
wolfSSL	13:f67a6c6013ca	1309	XFREE(M, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL	13:f67a6c6013ca	1310	#endif
wolfSSL	13:f67a6c6013ca	1311
wolfSSL	13:f67a6c6013ca	1312	return FP_OKAY;
wolfSSL	13:f67a6c6013ca	1313	}
wolfSSL	13:f67a6c6013ca	1314
wolfSSL	13:f67a6c6013ca	1315	#endif /* TFM_TIMING_RESISTANT */
wolfSSL	13:f67a6c6013ca	1316
wolfSSL	13:f67a6c6013ca	1317	int fp_exptmod(fp_int * G, fp_int * X, fp_int * P, fp_int * Y)
wolfSSL	13:f67a6c6013ca	1318	{
wolfSSL	13:f67a6c6013ca	1319	/* prevent overflows */
wolfSSL	13:f67a6c6013ca	1320	if (P->used > (FP_SIZE/2)) {
wolfSSL	13:f67a6c6013ca	1321	return FP_VAL;
wolfSSL	13:f67a6c6013ca	1322	}
wolfSSL	13:f67a6c6013ca	1323
wolfSSL	13:f67a6c6013ca	1324	if (X->sign == FP_NEG) {
wolfSSL	13:f67a6c6013ca	1325	#ifndef POSITIVE_EXP_ONLY /* reduce stack if assume no negatives */
wolfSSL	13:f67a6c6013ca	1326	int err;
wolfSSL	13:f67a6c6013ca	1327	fp_int tmp;
wolfSSL	13:f67a6c6013ca	1328
wolfSSL	13:f67a6c6013ca	1329	/* yes, copy G and invmod it */
wolfSSL	13:f67a6c6013ca	1330	fp_init_copy(&tmp, G);
wolfSSL	13:f67a6c6013ca	1331	if ((err = fp_invmod(&tmp, P, &tmp)) != FP_OKAY) {
wolfSSL	13:f67a6c6013ca	1332	return err;
wolfSSL	13:f67a6c6013ca	1333	}
wolfSSL	13:f67a6c6013ca	1334	X->sign = FP_ZPOS;
wolfSSL	13:f67a6c6013ca	1335	err = _fp_exptmod(&tmp, X, P, Y);
wolfSSL	13:f67a6c6013ca	1336	if (X != Y) {
wolfSSL	13:f67a6c6013ca	1337	X->sign = FP_NEG;
wolfSSL	13:f67a6c6013ca	1338	}
wolfSSL	13:f67a6c6013ca	1339	return err;
wolfSSL	13:f67a6c6013ca	1340	#else
wolfSSL	13:f67a6c6013ca	1341	return FP_VAL;
wolfSSL	13:f67a6c6013ca	1342	#endif
wolfSSL	13:f67a6c6013ca	1343	}
wolfSSL	13:f67a6c6013ca	1344	else {
wolfSSL	13:f67a6c6013ca	1345	/* Positive exponent so just exptmod */
wolfSSL	13:f67a6c6013ca	1346	return _fp_exptmod(G, X, P, Y);
wolfSSL	13:f67a6c6013ca	1347	}
wolfSSL	13:f67a6c6013ca	1348	}
wolfSSL	13:f67a6c6013ca	1349
wolfSSL	13:f67a6c6013ca	1350	/* computes a = 2*b /
wolfSSL	13:f67a6c6013ca	1351	void fp_2expt(fp_int *a, int b)
wolfSSL	13:f67a6c6013ca	1352	{
wolfSSL	13:f67a6c6013ca	1353	int z;
wolfSSL	13:f67a6c6013ca	1354
wolfSSL	13:f67a6c6013ca	1355	/* zero a as per default */
wolfSSL	13:f67a6c6013ca	1356	fp_zero (a);
wolfSSL	13:f67a6c6013ca	1357
wolfSSL	13:f67a6c6013ca	1358	if (b < 0) {
wolfSSL	13:f67a6c6013ca	1359	return;
wolfSSL	13:f67a6c6013ca	1360	}
wolfSSL	13:f67a6c6013ca	1361
wolfSSL	13:f67a6c6013ca	1362	z = b / DIGIT_BIT;
wolfSSL	13:f67a6c6013ca	1363	if (z >= FP_SIZE) {
wolfSSL	13:f67a6c6013ca	1364	return;
wolfSSL	13:f67a6c6013ca	1365	}
wolfSSL	13:f67a6c6013ca	1366
wolfSSL	13:f67a6c6013ca	1367	/* set the used count of where the bit will go */
wolfSSL	13:f67a6c6013ca	1368	a->used = z + 1;
wolfSSL	13:f67a6c6013ca	1369
wolfSSL	13:f67a6c6013ca	1370	/* put the single bit in its place */
wolfSSL	13:f67a6c6013ca	1371	a->dp[z] = ((fp_digit)1) << (b % DIGIT_BIT);
wolfSSL	13:f67a6c6013ca	1372	}
wolfSSL	13:f67a6c6013ca	1373
wolfSSL	13:f67a6c6013ca	1374	/* b = aa /
wolfSSL	13:f67a6c6013ca	1375	void fp_sqr(fp_int A, fp_int B)
wolfSSL	13:f67a6c6013ca	1376	{
wolfSSL	13:f67a6c6013ca	1377	int y, oldused;
wolfSSL	13:f67a6c6013ca	1378
wolfSSL	13:f67a6c6013ca	1379	oldused = B->used;
wolfSSL	13:f67a6c6013ca	1380	y = A->used;
wolfSSL	13:f67a6c6013ca	1381
wolfSSL	13:f67a6c6013ca	1382	/* call generic if we're out of range */
wolfSSL	13:f67a6c6013ca	1383	if (y + y > FP_SIZE) {
wolfSSL	13:f67a6c6013ca	1384	fp_sqr_comba(A, B);
wolfSSL	13:f67a6c6013ca	1385	goto clean;
wolfSSL	13:f67a6c6013ca	1386	}
wolfSSL	13:f67a6c6013ca	1387
wolfSSL	13:f67a6c6013ca	1388	#if defined(TFM_SQR3) && FP_SIZE >= 6
wolfSSL	13:f67a6c6013ca	1389	if (y <= 3) {
wolfSSL	13:f67a6c6013ca	1390	fp_sqr_comba3(A,B);
wolfSSL	13:f67a6c6013ca	1391	goto clean;
wolfSSL	13:f67a6c6013ca	1392	}
wolfSSL	13:f67a6c6013ca	1393	#endif
wolfSSL	13:f67a6c6013ca	1394	#if defined(TFM_SQR4) && FP_SIZE >= 8
wolfSSL	13:f67a6c6013ca	1395	if (y == 4) {
wolfSSL	13:f67a6c6013ca	1396	fp_sqr_comba4(A,B);
wolfSSL	13:f67a6c6013ca	1397	goto clean;
wolfSSL	13:f67a6c6013ca	1398	}
wolfSSL	13:f67a6c6013ca	1399	#endif
wolfSSL	13:f67a6c6013ca	1400	#if defined(TFM_SQR6) && FP_SIZE >= 12
wolfSSL	13:f67a6c6013ca	1401	if (y <= 6) {
wolfSSL	13:f67a6c6013ca	1402	fp_sqr_comba6(A,B);
wolfSSL	13:f67a6c6013ca	1403	goto clean;
wolfSSL	13:f67a6c6013ca	1404	}
wolfSSL	13:f67a6c6013ca	1405	#endif
wolfSSL	13:f67a6c6013ca	1406	#if defined(TFM_SQR7) && FP_SIZE >= 14
wolfSSL	13:f67a6c6013ca	1407	if (y == 7) {
wolfSSL	13:f67a6c6013ca	1408	fp_sqr_comba7(A,B);
wolfSSL	13:f67a6c6013ca	1409	goto clean;
wolfSSL	13:f67a6c6013ca	1410	}
wolfSSL	13:f67a6c6013ca	1411	#endif
wolfSSL	13:f67a6c6013ca	1412	#if defined(TFM_SQR8) && FP_SIZE >= 16
wolfSSL	13:f67a6c6013ca	1413	if (y == 8) {
wolfSSL	13:f67a6c6013ca	1414	fp_sqr_comba8(A,B);
wolfSSL	13:f67a6c6013ca	1415	goto clean;
wolfSSL	13:f67a6c6013ca	1416	}
wolfSSL	13:f67a6c6013ca	1417	#endif
wolfSSL	13:f67a6c6013ca	1418	#if defined(TFM_SQR9) && FP_SIZE >= 18
wolfSSL	13:f67a6c6013ca	1419	if (y == 9) {
wolfSSL	13:f67a6c6013ca	1420	fp_sqr_comba9(A,B);
wolfSSL	13:f67a6c6013ca	1421	goto clean;
wolfSSL	13:f67a6c6013ca	1422	}
wolfSSL	13:f67a6c6013ca	1423	#endif
wolfSSL	13:f67a6c6013ca	1424	#if defined(TFM_SQR12) && FP_SIZE >= 24
wolfSSL	13:f67a6c6013ca	1425	if (y <= 12) {
wolfSSL	13:f67a6c6013ca	1426	fp_sqr_comba12(A,B);
wolfSSL	13:f67a6c6013ca	1427	goto clean;
wolfSSL	13:f67a6c6013ca	1428	}
wolfSSL	13:f67a6c6013ca	1429	#endif
wolfSSL	13:f67a6c6013ca	1430	#if defined(TFM_SQR17) && FP_SIZE >= 34
wolfSSL	13:f67a6c6013ca	1431	if (y <= 17) {
wolfSSL	13:f67a6c6013ca	1432	fp_sqr_comba17(A,B);
wolfSSL	13:f67a6c6013ca	1433	goto clean;
wolfSSL	13:f67a6c6013ca	1434	}
wolfSSL	13:f67a6c6013ca	1435	#endif
wolfSSL	13:f67a6c6013ca	1436	#if defined(TFM_SMALL_SET)
wolfSSL	13:f67a6c6013ca	1437	if (y <= 16) {
wolfSSL	13:f67a6c6013ca	1438	fp_sqr_comba_small(A,B);
wolfSSL	13:f67a6c6013ca	1439	goto clean;
wolfSSL	13:f67a6c6013ca	1440	}
wolfSSL	13:f67a6c6013ca	1441	#endif
wolfSSL	13:f67a6c6013ca	1442	#if defined(TFM_SQR20) && FP_SIZE >= 40
wolfSSL	13:f67a6c6013ca	1443	if (y <= 20) {
wolfSSL	13:f67a6c6013ca	1444	fp_sqr_comba20(A,B);
wolfSSL	13:f67a6c6013ca	1445	goto clean;
wolfSSL	13:f67a6c6013ca	1446	}
wolfSSL	13:f67a6c6013ca	1447	#endif
wolfSSL	13:f67a6c6013ca	1448	#if defined(TFM_SQR24) && FP_SIZE >= 48
wolfSSL	13:f67a6c6013ca	1449	if (y <= 24) {
wolfSSL	13:f67a6c6013ca	1450	fp_sqr_comba24(A,B);
wolfSSL	13:f67a6c6013ca	1451	goto clean;
wolfSSL	13:f67a6c6013ca	1452	}
wolfSSL	13:f67a6c6013ca	1453	#endif
wolfSSL	13:f67a6c6013ca	1454	#if defined(TFM_SQR28) && FP_SIZE >= 56
wolfSSL	13:f67a6c6013ca	1455	if (y <= 28) {
wolfSSL	13:f67a6c6013ca	1456	fp_sqr_comba28(A,B);
wolfSSL	13:f67a6c6013ca	1457	goto clean;
wolfSSL	13:f67a6c6013ca	1458	}
wolfSSL	13:f67a6c6013ca	1459	#endif
wolfSSL	13:f67a6c6013ca	1460	#if defined(TFM_SQR32) && FP_SIZE >= 64
wolfSSL	13:f67a6c6013ca	1461	if (y <= 32) {
wolfSSL	13:f67a6c6013ca	1462	fp_sqr_comba32(A,B);
wolfSSL	13:f67a6c6013ca	1463	goto clean;
wolfSSL	13:f67a6c6013ca	1464	}
wolfSSL	13:f67a6c6013ca	1465	#endif
wolfSSL	13:f67a6c6013ca	1466	#if defined(TFM_SQR48) && FP_SIZE >= 96
wolfSSL	13:f67a6c6013ca	1467	if (y <= 48) {
wolfSSL	13:f67a6c6013ca	1468	fp_sqr_comba48(A,B);
wolfSSL	13:f67a6c6013ca	1469	goto clean;
wolfSSL	13:f67a6c6013ca	1470	}
wolfSSL	13:f67a6c6013ca	1471	#endif
wolfSSL	13:f67a6c6013ca	1472	#if defined(TFM_SQR64) && FP_SIZE >= 128
wolfSSL	13:f67a6c6013ca	1473	if (y <= 64) {
wolfSSL	13:f67a6c6013ca	1474	fp_sqr_comba64(A,B);
wolfSSL	13:f67a6c6013ca	1475	goto clean;
wolfSSL	13:f67a6c6013ca	1476	}
wolfSSL	13:f67a6c6013ca	1477	#endif
wolfSSL	13:f67a6c6013ca	1478	fp_sqr_comba(A, B);
wolfSSL	13:f67a6c6013ca	1479
wolfSSL	13:f67a6c6013ca	1480	clean:
wolfSSL	13:f67a6c6013ca	1481	/* zero any excess digits on the destination that we didn't write to */
wolfSSL	13:f67a6c6013ca	1482	for (y = B->used; y >= 0 && y < oldused; y++) {
wolfSSL	13:f67a6c6013ca	1483	B->dp[y] = 0;
wolfSSL	13:f67a6c6013ca	1484	}
wolfSSL	13:f67a6c6013ca	1485	}
wolfSSL	13:f67a6c6013ca	1486
wolfSSL	13:f67a6c6013ca	1487	/* generic comba squarer */
wolfSSL	13:f67a6c6013ca	1488	void fp_sqr_comba(fp_int A, fp_int B)
wolfSSL	13:f67a6c6013ca	1489	{
wolfSSL	13:f67a6c6013ca	1490	int pa, ix, iz;
wolfSSL	13:f67a6c6013ca	1491	fp_digit c0, c1, c2;
wolfSSL	13:f67a6c6013ca	1492	fp_int tmp, *dst;
wolfSSL	13:f67a6c6013ca	1493	#ifdef TFM_ISO
wolfSSL	13:f67a6c6013ca	1494	fp_word tt;
wolfSSL	13:f67a6c6013ca	1495	#endif
wolfSSL	13:f67a6c6013ca	1496
wolfSSL	13:f67a6c6013ca	1497	/* get size of output and trim */
wolfSSL	13:f67a6c6013ca	1498	pa = A->used + A->used;
wolfSSL	13:f67a6c6013ca	1499	if (pa >= FP_SIZE) {
wolfSSL	13:f67a6c6013ca	1500	pa = FP_SIZE-1;
wolfSSL	13:f67a6c6013ca	1501	}
wolfSSL	13:f67a6c6013ca	1502
wolfSSL	13:f67a6c6013ca	1503	/* number of output digits to produce */
wolfSSL	13:f67a6c6013ca	1504	COMBA_START;
wolfSSL	13:f67a6c6013ca	1505	COMBA_CLEAR;
wolfSSL	13:f67a6c6013ca	1506
wolfSSL	13:f67a6c6013ca	1507	if (A == B) {
wolfSSL	13:f67a6c6013ca	1508	fp_init(&tmp);
wolfSSL	13:f67a6c6013ca	1509	dst = &tmp;
wolfSSL	13:f67a6c6013ca	1510	} else {
wolfSSL	13:f67a6c6013ca	1511	fp_zero(B);
wolfSSL	13:f67a6c6013ca	1512	dst = B;
wolfSSL	13:f67a6c6013ca	1513	}
wolfSSL	13:f67a6c6013ca	1514
wolfSSL	13:f67a6c6013ca	1515	for (ix = 0; ix < pa; ix++) {
wolfSSL	13:f67a6c6013ca	1516	int tx, ty, iy;
wolfSSL	13:f67a6c6013ca	1517	fp_digit tmpy, tmpx;
wolfSSL	13:f67a6c6013ca	1518
wolfSSL	13:f67a6c6013ca	1519	/* get offsets into the two bignums */
wolfSSL	13:f67a6c6013ca	1520	ty = MIN(A->used-1, ix);
wolfSSL	13:f67a6c6013ca	1521	tx = ix - ty;
wolfSSL	13:f67a6c6013ca	1522
wolfSSL	13:f67a6c6013ca	1523	/* setup temp aliases */
wolfSSL	13:f67a6c6013ca	1524	tmpx = A->dp + tx;
wolfSSL	13:f67a6c6013ca	1525	tmpy = A->dp + ty;
wolfSSL	13:f67a6c6013ca	1526
wolfSSL	13:f67a6c6013ca	1527	/* this is the number of times the loop will iterate,
wolfSSL	13:f67a6c6013ca	1528	while (tx++ < a->used && ty-- >= 0) { ... }
wolfSSL	13:f67a6c6013ca	1529	*/
wolfSSL	13:f67a6c6013ca	1530	iy = MIN(A->used-tx, ty+1);
wolfSSL	13:f67a6c6013ca	1531
wolfSSL	13:f67a6c6013ca	1532	/* now for squaring tx can never equal ty
wolfSSL	13:f67a6c6013ca	1533	* we halve the distance since they approach
wolfSSL	13:f67a6c6013ca	1534	* at a rate of 2x and we have to round because
wolfSSL	13:f67a6c6013ca	1535	* odd cases need to be executed
wolfSSL	13:f67a6c6013ca	1536	*/
wolfSSL	13:f67a6c6013ca	1537	iy = MIN(iy, (ty-tx+1)>>1);
wolfSSL	13:f67a6c6013ca	1538
wolfSSL	13:f67a6c6013ca	1539	/* forward carries */
wolfSSL	13:f67a6c6013ca	1540	COMBA_FORWARD;
wolfSSL	13:f67a6c6013ca	1541
wolfSSL	13:f67a6c6013ca	1542	/* execute loop */
wolfSSL	13:f67a6c6013ca	1543	for (iz = 0; iz < iy; iz++) {
wolfSSL	13:f67a6c6013ca	1544	SQRADD2(tmpx++, tmpy--);
wolfSSL	13:f67a6c6013ca	1545	}
wolfSSL	13:f67a6c6013ca	1546
wolfSSL	13:f67a6c6013ca	1547	/* even columns have the square term in them */
wolfSSL	13:f67a6c6013ca	1548	if ((ix&1) == 0) {
wolfSSL	13:f67a6c6013ca	1549	/* TAO change COMBA_ADD back to SQRADD */
wolfSSL	13:f67a6c6013ca	1550	SQRADD(A->dp[ix>>1], A->dp[ix>>1]);
wolfSSL	13:f67a6c6013ca	1551	}
wolfSSL	13:f67a6c6013ca	1552
wolfSSL	13:f67a6c6013ca	1553	/* store it */
wolfSSL	13:f67a6c6013ca	1554	COMBA_STORE(dst->dp[ix]);
wolfSSL	13:f67a6c6013ca	1555	}
wolfSSL	13:f67a6c6013ca	1556
wolfSSL	13:f67a6c6013ca	1557	COMBA_FINI;
wolfSSL	13:f67a6c6013ca	1558
wolfSSL	13:f67a6c6013ca	1559	/* setup dest */
wolfSSL	13:f67a6c6013ca	1560	dst->used = pa;
wolfSSL	13:f67a6c6013ca	1561	fp_clamp (dst);
wolfSSL	13:f67a6c6013ca	1562	if (dst != B) {
wolfSSL	13:f67a6c6013ca	1563	fp_copy(dst, B);
wolfSSL	13:f67a6c6013ca	1564	}
wolfSSL	13:f67a6c6013ca	1565	}
wolfSSL	13:f67a6c6013ca	1566
wolfSSL	13:f67a6c6013ca	1567	int fp_cmp(fp_int a, fp_int b)
wolfSSL	13:f67a6c6013ca	1568	{
wolfSSL	13:f67a6c6013ca	1569	if (a->sign == FP_NEG && b->sign == FP_ZPOS) {
wolfSSL	13:f67a6c6013ca	1570	return FP_LT;
wolfSSL	13:f67a6c6013ca	1571	} else if (a->sign == FP_ZPOS && b->sign == FP_NEG) {
wolfSSL	13:f67a6c6013ca	1572	return FP_GT;
wolfSSL	13:f67a6c6013ca	1573	} else {
wolfSSL	13:f67a6c6013ca	1574	/* compare digits */
wolfSSL	13:f67a6c6013ca	1575	if (a->sign == FP_NEG) {
wolfSSL	13:f67a6c6013ca	1576	/* if negative compare opposite direction */
wolfSSL	13:f67a6c6013ca	1577	return fp_cmp_mag(b, a);
wolfSSL	13:f67a6c6013ca	1578	} else {
wolfSSL	13:f67a6c6013ca	1579	return fp_cmp_mag(a, b);
wolfSSL	13:f67a6c6013ca	1580	}
wolfSSL	13:f67a6c6013ca	1581	}
wolfSSL	13:f67a6c6013ca	1582	}
wolfSSL	13:f67a6c6013ca	1583
wolfSSL	13:f67a6c6013ca	1584	/* compare against a single digit */
wolfSSL	13:f67a6c6013ca	1585	int fp_cmp_d(fp_int *a, fp_digit b)
wolfSSL	13:f67a6c6013ca	1586	{
wolfSSL	13:f67a6c6013ca	1587	/* special case for zero*/
wolfSSL	13:f67a6c6013ca	1588	if (a->used == 0 && b == 0)
wolfSSL	13:f67a6c6013ca	1589	return FP_EQ;
wolfSSL	13:f67a6c6013ca	1590
wolfSSL	13:f67a6c6013ca	1591	/* compare based on sign */
wolfSSL	13:f67a6c6013ca	1592	if ((b && a->used == 0) \|\| a->sign == FP_NEG) {
wolfSSL	13:f67a6c6013ca	1593	return FP_LT;
wolfSSL	13:f67a6c6013ca	1594	}
wolfSSL	13:f67a6c6013ca	1595
wolfSSL	13:f67a6c6013ca	1596	/* compare based on magnitude */
wolfSSL	13:f67a6c6013ca	1597	if (a->used > 1) {
wolfSSL	13:f67a6c6013ca	1598	return FP_GT;
wolfSSL	13:f67a6c6013ca	1599	}
wolfSSL	13:f67a6c6013ca	1600
wolfSSL	13:f67a6c6013ca	1601	/* compare the only digit of a to b */
wolfSSL	13:f67a6c6013ca	1602	if (a->dp[0] > b) {
wolfSSL	13:f67a6c6013ca	1603	return FP_GT;
wolfSSL	13:f67a6c6013ca	1604	} else if (a->dp[0] < b) {
wolfSSL	13:f67a6c6013ca	1605	return FP_LT;
wolfSSL	13:f67a6c6013ca	1606	} else {
wolfSSL	13:f67a6c6013ca	1607	return FP_EQ;
wolfSSL	13:f67a6c6013ca	1608	}
wolfSSL	13:f67a6c6013ca	1609
wolfSSL	13:f67a6c6013ca	1610	}
wolfSSL	13:f67a6c6013ca	1611
wolfSSL	13:f67a6c6013ca	1612	int fp_cmp_mag(fp_int a, fp_int b)
wolfSSL	13:f67a6c6013ca	1613	{
wolfSSL	13:f67a6c6013ca	1614	int x;
wolfSSL	13:f67a6c6013ca	1615
wolfSSL	13:f67a6c6013ca	1616	if (a->used > b->used) {
wolfSSL	13:f67a6c6013ca	1617	return FP_GT;
wolfSSL	13:f67a6c6013ca	1618	} else if (a->used < b->used) {
wolfSSL	13:f67a6c6013ca	1619	return FP_LT;
wolfSSL	13:f67a6c6013ca	1620	} else {
wolfSSL	13:f67a6c6013ca	1621	for (x = a->used - 1; x >= 0; x--) {
wolfSSL	13:f67a6c6013ca	1622	if (a->dp[x] > b->dp[x]) {
wolfSSL	13:f67a6c6013ca	1623	return FP_GT;
wolfSSL	13:f67a6c6013ca	1624	} else if (a->dp[x] < b->dp[x]) {
wolfSSL	13:f67a6c6013ca	1625	return FP_LT;
wolfSSL	13:f67a6c6013ca	1626	}
wolfSSL	13:f67a6c6013ca	1627	}
wolfSSL	13:f67a6c6013ca	1628	}
wolfSSL	13:f67a6c6013ca	1629	return FP_EQ;
wolfSSL	13:f67a6c6013ca	1630	}
wolfSSL	13:f67a6c6013ca	1631
wolfSSL	13:f67a6c6013ca	1632	/* sets up the montgomery reduction */
wolfSSL	13:f67a6c6013ca	1633	int fp_montgomery_setup(fp_int a, fp_digit rho)
wolfSSL	13:f67a6c6013ca	1634	{
wolfSSL	13:f67a6c6013ca	1635	fp_digit x, b;
wolfSSL	13:f67a6c6013ca	1636
wolfSSL	13:f67a6c6013ca	1637	/* fast inversion mod 2**k
wolfSSL	13:f67a6c6013ca	1638	*
wolfSSL	13:f67a6c6013ca	1639	* Based on the fact that
wolfSSL	13:f67a6c6013ca	1640	*
wolfSSL	13:f67a6c6013ca	1641	* XA = 1 (mod 2n) => (X(2-XA)) A = 1 (mod 22n)
wolfSSL	13:f67a6c6013ca	1642	* => 2XA - XXA*A = 1
wolfSSL	13:f67a6c6013ca	1643	* => 2*(1) - (1) = 1
wolfSSL	13:f67a6c6013ca	1644	*/
wolfSSL	13:f67a6c6013ca	1645	b = a->dp[0];
wolfSSL	13:f67a6c6013ca	1646
wolfSSL	13:f67a6c6013ca	1647	if ((b & 1) == 0) {
wolfSSL	13:f67a6c6013ca	1648	return FP_VAL;
wolfSSL	13:f67a6c6013ca	1649	}
wolfSSL	13:f67a6c6013ca	1650
wolfSSL	13:f67a6c6013ca	1651	x = (((b + 2) & 4) << 1) + b; /* here xa==1 mod 24 /
wolfSSL	13:f67a6c6013ca	1652	x = 2 - b x; /* here xa==1 mod 28 /
wolfSSL	13:f67a6c6013ca	1653	x = 2 - b x; /* here xa==1 mod 216 /
wolfSSL	13:f67a6c6013ca	1654	x = 2 - b x; /* here xa==1 mod 232 /
wolfSSL	13:f67a6c6013ca	1655	#ifdef FP_64BIT
wolfSSL	13:f67a6c6013ca	1656	x = 2 - b x; /* here xa==1 mod 264 /
wolfSSL	13:f67a6c6013ca	1657	#endif
wolfSSL	13:f67a6c6013ca	1658
wolfSSL	13:f67a6c6013ca	1659	/* rho = -1/m mod b */
wolfSSL	13:f67a6c6013ca	1660	*rho = (fp_digit) (((fp_word) 1 << ((fp_word) DIGIT_BIT)) - ((fp_word)x));
wolfSSL	13:f67a6c6013ca	1661
wolfSSL	13:f67a6c6013ca	1662	return FP_OKAY;
wolfSSL	13:f67a6c6013ca	1663	}
wolfSSL	13:f67a6c6013ca	1664
wolfSSL	13:f67a6c6013ca	1665	/* computes a = B**n mod b without division or multiplication useful for
wolfSSL	13:f67a6c6013ca	1666	* normalizing numbers in a Montgomery system.
wolfSSL	13:f67a6c6013ca	1667	*/
wolfSSL	13:f67a6c6013ca	1668	void fp_montgomery_calc_normalization(fp_int a, fp_int b)
wolfSSL	13:f67a6c6013ca	1669	{
wolfSSL	13:f67a6c6013ca	1670	int x, bits;
wolfSSL	13:f67a6c6013ca	1671
wolfSSL	13:f67a6c6013ca	1672	/* how many bits of last digit does b use */
wolfSSL	13:f67a6c6013ca	1673	bits = fp_count_bits (b) % DIGIT_BIT;
wolfSSL	13:f67a6c6013ca	1674	if (!bits) bits = DIGIT_BIT;
wolfSSL	13:f67a6c6013ca	1675
wolfSSL	13:f67a6c6013ca	1676	/* compute A = B^(n-1) * 2^(bits-1) */
wolfSSL	13:f67a6c6013ca	1677	if (b->used > 1) {
wolfSSL	13:f67a6c6013ca	1678	fp_2expt (a, (b->used - 1) * DIGIT_BIT + bits - 1);
wolfSSL	13:f67a6c6013ca	1679	} else {
wolfSSL	13:f67a6c6013ca	1680	fp_set(a, 1);
wolfSSL	13:f67a6c6013ca	1681	bits = 1;
wolfSSL	13:f67a6c6013ca	1682	}
wolfSSL	13:f67a6c6013ca	1683
wolfSSL	13:f67a6c6013ca	1684	/* now compute C = A * B mod b */
wolfSSL	13:f67a6c6013ca	1685	for (x = bits - 1; x < (int)DIGIT_BIT; x++) {
wolfSSL	13:f67a6c6013ca	1686	fp_mul_2 (a, a);
wolfSSL	13:f67a6c6013ca	1687	if (fp_cmp_mag (a, b) != FP_LT) {
wolfSSL	13:f67a6c6013ca	1688	s_fp_sub (a, b, a);
wolfSSL	13:f67a6c6013ca	1689	}
wolfSSL	13:f67a6c6013ca	1690	}
wolfSSL	13:f67a6c6013ca	1691	}
wolfSSL	13:f67a6c6013ca	1692
wolfSSL	13:f67a6c6013ca	1693
wolfSSL	13:f67a6c6013ca	1694	#ifdef TFM_SMALL_MONT_SET
wolfSSL	13:f67a6c6013ca	1695	#include "fp_mont_small.i"
wolfSSL	13:f67a6c6013ca	1696	#endif
wolfSSL	13:f67a6c6013ca	1697
wolfSSL	13:f67a6c6013ca	1698	#ifdef HAVE_INTEL_MULX
wolfSSL	13:f67a6c6013ca	1699	static INLINE void innermul8_mulx(fp_digit c_mulx, fp_digit cy_mulx, fp_digit *tmpm, fp_digit mu)
wolfSSL	13:f67a6c6013ca	1700	{
wolfSSL	13:f67a6c6013ca	1701	fp_digit _c0, _c1, _c2, _c3, _c4, _c5, _c6, _c7, cy ;
wolfSSL	13:f67a6c6013ca	1702
wolfSSL	13:f67a6c6013ca	1703	cy = *cy_mulx ;
wolfSSL	13:f67a6c6013ca	1704	_c0=c_mulx[0]; _c1=c_mulx[1]; _c2=c_mulx[2]; _c3=c_mulx[3]; _c4=c_mulx[4]; _c5=c_mulx[5]; _c6=c_mulx[6]; _c7=c_mulx[7];
wolfSSL	13:f67a6c6013ca	1705	INNERMUL8_MULX ;
wolfSSL	13:f67a6c6013ca	1706	c_mulx[0]=_c0; c_mulx[1]=_c1; c_mulx[2]=_c2; c_mulx[3]=_c3; c_mulx[4]=_c4; c_mulx[5]=_c5; c_mulx[6]=_c6; c_mulx[7]=_c7;
wolfSSL	13:f67a6c6013ca	1707	*cy_mulx = cy ;
wolfSSL	13:f67a6c6013ca	1708	}
wolfSSL	13:f67a6c6013ca	1709
wolfSSL	13:f67a6c6013ca	1710	/* computes x/R == x (mod N) via Montgomery Reduction */
wolfSSL	13:f67a6c6013ca	1711	static void fp_montgomery_reduce_mulx(fp_int a, fp_int m, fp_digit mp)
wolfSSL	13:f67a6c6013ca	1712	{
wolfSSL	13:f67a6c6013ca	1713	fp_digit c[FP_SIZE+1], _c, tmpm, mu = 0;
wolfSSL	13:f67a6c6013ca	1714	int oldused, x, y, pa;
wolfSSL	13:f67a6c6013ca	1715
wolfSSL	13:f67a6c6013ca	1716	/* bail if too large */
wolfSSL	13:f67a6c6013ca	1717	if (m->used > (FP_SIZE/2)) {
wolfSSL	13:f67a6c6013ca	1718	(void)mu; /* shut up compiler */
wolfSSL	13:f67a6c6013ca	1719	return;
wolfSSL	13:f67a6c6013ca	1720	}
wolfSSL	13:f67a6c6013ca	1721
wolfSSL	13:f67a6c6013ca	1722	#ifdef TFM_SMALL_MONT_SET
wolfSSL	13:f67a6c6013ca	1723	if (m->used <= 16) {
wolfSSL	13:f67a6c6013ca	1724	fp_montgomery_reduce_small(a, m, mp);
wolfSSL	13:f67a6c6013ca	1725	return;
wolfSSL	13:f67a6c6013ca	1726	}
wolfSSL	13:f67a6c6013ca	1727	#endif
wolfSSL	13:f67a6c6013ca	1728
wolfSSL	13:f67a6c6013ca	1729
wolfSSL	13:f67a6c6013ca	1730	/* now zero the buff */
wolfSSL	13:f67a6c6013ca	1731	XMEMSET(c, 0, sizeof(c));
wolfSSL	13:f67a6c6013ca	1732	pa = m->used;
wolfSSL	13:f67a6c6013ca	1733
wolfSSL	13:f67a6c6013ca	1734	/* copy the input */
wolfSSL	13:f67a6c6013ca	1735	oldused = a->used;
wolfSSL	13:f67a6c6013ca	1736	for (x = 0; x < oldused; x++) {
wolfSSL	13:f67a6c6013ca	1737	c[x] = a->dp[x];
wolfSSL	13:f67a6c6013ca	1738	}
wolfSSL	13:f67a6c6013ca	1739	MONT_START;
wolfSSL	13:f67a6c6013ca	1740
wolfSSL	13:f67a6c6013ca	1741	for (x = 0; x < pa; x++) {
wolfSSL	13:f67a6c6013ca	1742	fp_digit cy = 0;
wolfSSL	13:f67a6c6013ca	1743	/* get Mu for this round */
wolfSSL	13:f67a6c6013ca	1744	LOOP_START;
wolfSSL	13:f67a6c6013ca	1745	_c = c + x;
wolfSSL	13:f67a6c6013ca	1746	tmpm = m->dp;
wolfSSL	13:f67a6c6013ca	1747	y = 0;
wolfSSL	13:f67a6c6013ca	1748	for (; y < (pa & ~7); y += 8) {
wolfSSL	13:f67a6c6013ca	1749	innermul8_mulx(_c, &cy, tmpm, mu) ;
wolfSSL	13:f67a6c6013ca	1750	_c += 8;
wolfSSL	13:f67a6c6013ca	1751	tmpm += 8;
wolfSSL	13:f67a6c6013ca	1752	}
wolfSSL	13:f67a6c6013ca	1753	for (; y < pa; y++) {
wolfSSL	13:f67a6c6013ca	1754	INNERMUL;
wolfSSL	13:f67a6c6013ca	1755	++_c;
wolfSSL	13:f67a6c6013ca	1756	}
wolfSSL	13:f67a6c6013ca	1757	LOOP_END;
wolfSSL	13:f67a6c6013ca	1758	while (cy) {
wolfSSL	13:f67a6c6013ca	1759	PROPCARRY;
wolfSSL	13:f67a6c6013ca	1760	++_c;
wolfSSL	13:f67a6c6013ca	1761	}
wolfSSL	13:f67a6c6013ca	1762	}
wolfSSL	13:f67a6c6013ca	1763
wolfSSL	13:f67a6c6013ca	1764	/* now copy out */
wolfSSL	13:f67a6c6013ca	1765	_c = c + pa;
wolfSSL	13:f67a6c6013ca	1766	tmpm = a->dp;
wolfSSL	13:f67a6c6013ca	1767	for (x = 0; x < pa+1; x++) {
wolfSSL	13:f67a6c6013ca	1768	tmpm++ = _c++;
wolfSSL	13:f67a6c6013ca	1769	}
wolfSSL	13:f67a6c6013ca	1770
wolfSSL	13:f67a6c6013ca	1771	/* zero any excess digits on the destination that we didn't write to */
wolfSSL	13:f67a6c6013ca	1772	for (; x < oldused; x++) {
wolfSSL	13:f67a6c6013ca	1773	*tmpm++ = 0;
wolfSSL	13:f67a6c6013ca	1774	}
wolfSSL	13:f67a6c6013ca	1775
wolfSSL	13:f67a6c6013ca	1776	MONT_FINI;
wolfSSL	13:f67a6c6013ca	1777
wolfSSL	13:f67a6c6013ca	1778	a->used = pa+1;
wolfSSL	13:f67a6c6013ca	1779	fp_clamp(a);
wolfSSL	13:f67a6c6013ca	1780
wolfSSL	13:f67a6c6013ca	1781	/* if A >= m then A = A - m */
wolfSSL	13:f67a6c6013ca	1782	if (fp_cmp_mag (a, m) != FP_LT) {
wolfSSL	13:f67a6c6013ca	1783	s_fp_sub (a, m, a);
wolfSSL	13:f67a6c6013ca	1784	}
wolfSSL	13:f67a6c6013ca	1785	}
wolfSSL	13:f67a6c6013ca	1786	#endif
wolfSSL	13:f67a6c6013ca	1787
wolfSSL	13:f67a6c6013ca	1788	/* computes x/R == x (mod N) via Montgomery Reduction */
wolfSSL	13:f67a6c6013ca	1789	void fp_montgomery_reduce(fp_int a, fp_int m, fp_digit mp)
wolfSSL	13:f67a6c6013ca	1790	{
wolfSSL	13:f67a6c6013ca	1791	fp_digit c[FP_SIZE+1], _c, tmpm, mu = 0;
wolfSSL	13:f67a6c6013ca	1792	int oldused, x, y, pa;
wolfSSL	13:f67a6c6013ca	1793
wolfSSL	13:f67a6c6013ca	1794	IF_HAVE_INTEL_MULX(fp_montgomery_reduce_mulx(a, m, mp), return) ;
wolfSSL	13:f67a6c6013ca	1795
wolfSSL	13:f67a6c6013ca	1796	/* bail if too large */
wolfSSL	13:f67a6c6013ca	1797	if (m->used > (FP_SIZE/2)) {
wolfSSL	13:f67a6c6013ca	1798	(void)mu; /* shut up compiler */
wolfSSL	13:f67a6c6013ca	1799	return;
wolfSSL	13:f67a6c6013ca	1800	}
wolfSSL	13:f67a6c6013ca	1801
wolfSSL	13:f67a6c6013ca	1802	#ifdef TFM_SMALL_MONT_SET
wolfSSL	13:f67a6c6013ca	1803	if (m->used <= 16) {
wolfSSL	13:f67a6c6013ca	1804	fp_montgomery_reduce_small(a, m, mp);
wolfSSL	13:f67a6c6013ca	1805	return;
wolfSSL	13:f67a6c6013ca	1806	}
wolfSSL	13:f67a6c6013ca	1807	#endif
wolfSSL	13:f67a6c6013ca	1808
wolfSSL	13:f67a6c6013ca	1809
wolfSSL	13:f67a6c6013ca	1810	/* now zero the buff */
wolfSSL	13:f67a6c6013ca	1811	XMEMSET(c, 0, sizeof(c));
wolfSSL	13:f67a6c6013ca	1812	pa = m->used;
wolfSSL	13:f67a6c6013ca	1813
wolfSSL	13:f67a6c6013ca	1814	/* copy the input */
wolfSSL	13:f67a6c6013ca	1815	oldused = a->used;
wolfSSL	13:f67a6c6013ca	1816	for (x = 0; x < oldused; x++) {
wolfSSL	13:f67a6c6013ca	1817	c[x] = a->dp[x];
wolfSSL	13:f67a6c6013ca	1818	}
wolfSSL	13:f67a6c6013ca	1819	MONT_START;
wolfSSL	13:f67a6c6013ca	1820
wolfSSL	13:f67a6c6013ca	1821	for (x = 0; x < pa; x++) {
wolfSSL	13:f67a6c6013ca	1822	fp_digit cy = 0;
wolfSSL	13:f67a6c6013ca	1823	/* get Mu for this round */
wolfSSL	13:f67a6c6013ca	1824	LOOP_START;
wolfSSL	13:f67a6c6013ca	1825	_c = c + x;
wolfSSL	13:f67a6c6013ca	1826	tmpm = m->dp;
wolfSSL	13:f67a6c6013ca	1827	y = 0;
wolfSSL	13:f67a6c6013ca	1828	#if defined(INNERMUL8)
wolfSSL	13:f67a6c6013ca	1829	for (; y < (pa & ~7); y += 8) {
wolfSSL	13:f67a6c6013ca	1830	INNERMUL8 ;
wolfSSL	13:f67a6c6013ca	1831	_c += 8;
wolfSSL	13:f67a6c6013ca	1832	tmpm += 8;
wolfSSL	13:f67a6c6013ca	1833	}
wolfSSL	13:f67a6c6013ca	1834	#endif
wolfSSL	13:f67a6c6013ca	1835	for (; y < pa; y++) {
wolfSSL	13:f67a6c6013ca	1836	INNERMUL;
wolfSSL	13:f67a6c6013ca	1837	++_c;
wolfSSL	13:f67a6c6013ca	1838	}
wolfSSL	13:f67a6c6013ca	1839	LOOP_END;
wolfSSL	13:f67a6c6013ca	1840	while (cy) {
wolfSSL	13:f67a6c6013ca	1841	PROPCARRY;
wolfSSL	13:f67a6c6013ca	1842	++_c;
wolfSSL	13:f67a6c6013ca	1843	}
wolfSSL	13:f67a6c6013ca	1844	}
wolfSSL	13:f67a6c6013ca	1845
wolfSSL	13:f67a6c6013ca	1846	/* now copy out */
wolfSSL	13:f67a6c6013ca	1847	_c = c + pa;
wolfSSL	13:f67a6c6013ca	1848	tmpm = a->dp;
wolfSSL	13:f67a6c6013ca	1849	for (x = 0; x < pa+1; x++) {
wolfSSL	13:f67a6c6013ca	1850	tmpm++ = _c++;
wolfSSL	13:f67a6c6013ca	1851	}
wolfSSL	13:f67a6c6013ca	1852
wolfSSL	13:f67a6c6013ca	1853	/* zero any excess digits on the destination that we didn't write to */
wolfSSL	13:f67a6c6013ca	1854	for (; x < oldused; x++) {
wolfSSL	13:f67a6c6013ca	1855	*tmpm++ = 0;
wolfSSL	13:f67a6c6013ca	1856	}
wolfSSL	13:f67a6c6013ca	1857
wolfSSL	13:f67a6c6013ca	1858	MONT_FINI;
wolfSSL	13:f67a6c6013ca	1859
wolfSSL	13:f67a6c6013ca	1860	a->used = pa+1;
wolfSSL	13:f67a6c6013ca	1861	fp_clamp(a);
wolfSSL	13:f67a6c6013ca	1862
wolfSSL	13:f67a6c6013ca	1863	/* if A >= m then A = A - m */
wolfSSL	13:f67a6c6013ca	1864	if (fp_cmp_mag (a, m) != FP_LT) {
wolfSSL	13:f67a6c6013ca	1865	s_fp_sub (a, m, a);
wolfSSL	13:f67a6c6013ca	1866	}
wolfSSL	13:f67a6c6013ca	1867	}
wolfSSL	13:f67a6c6013ca	1868
wolfSSL	13:f67a6c6013ca	1869	void fp_read_unsigned_bin(fp_int a, const unsigned char b, int c)
wolfSSL	13:f67a6c6013ca	1870	{
wolfSSL	13:f67a6c6013ca	1871	#if defined(ALT_ECC_SIZE) \|\| defined(HAVE_WOLF_BIGINT)
wolfSSL	13:f67a6c6013ca	1872	const word32 maxC = (a->size * sizeof(fp_digit));
wolfSSL	13:f67a6c6013ca	1873	#else
wolfSSL	13:f67a6c6013ca	1874	const word32 maxC = (FP_SIZE * sizeof(fp_digit));
wolfSSL	13:f67a6c6013ca	1875	#endif
wolfSSL	13:f67a6c6013ca	1876
wolfSSL	13:f67a6c6013ca	1877	/* zero the int */
wolfSSL	13:f67a6c6013ca	1878	fp_zero (a);
wolfSSL	13:f67a6c6013ca	1879
wolfSSL	13:f67a6c6013ca	1880	/* if input b excess max, then truncate */
wolfSSL	13:f67a6c6013ca	1881	if (c > 0 && (word32)c > maxC) {
wolfSSL	13:f67a6c6013ca	1882	int excess = (c - maxC);
wolfSSL	13:f67a6c6013ca	1883	c -= excess;
wolfSSL	13:f67a6c6013ca	1884	b += excess;
wolfSSL	13:f67a6c6013ca	1885	}
wolfSSL	13:f67a6c6013ca	1886
wolfSSL	13:f67a6c6013ca	1887	/* If we know the endianness of this architecture, and we're using
wolfSSL	13:f67a6c6013ca	1888	32-bit fp_digits, we can optimize this */
wolfSSL	13:f67a6c6013ca	1889	#if (defined(LITTLE_ENDIAN_ORDER) \|\| defined(BIG_ENDIAN_ORDER)) && \
wolfSSL	13:f67a6c6013ca	1890	defined(FP_32BIT)
wolfSSL	13:f67a6c6013ca	1891	/* But not for both simultaneously */
wolfSSL	13:f67a6c6013ca	1892	#if defined(LITTLE_ENDIAN_ORDER) && defined(BIG_ENDIAN_ORDER)
wolfSSL	13:f67a6c6013ca	1893	#error Both LITTLE_ENDIAN_ORDER and BIG_ENDIAN_ORDER defined.
wolfSSL	13:f67a6c6013ca	1894	#endif
wolfSSL	13:f67a6c6013ca	1895	{
wolfSSL	13:f67a6c6013ca	1896	unsigned char pd = (unsigned char )a->dp;
wolfSSL	13:f67a6c6013ca	1897
wolfSSL	13:f67a6c6013ca	1898	a->used = (c + sizeof(fp_digit) - 1)/sizeof(fp_digit);
wolfSSL	13:f67a6c6013ca	1899	/* read the bytes in */
wolfSSL	13:f67a6c6013ca	1900	#ifdef BIG_ENDIAN_ORDER
wolfSSL	13:f67a6c6013ca	1901	{
wolfSSL	13:f67a6c6013ca	1902	/* Use Duff's device to unroll the loop. */
wolfSSL	13:f67a6c6013ca	1903	int idx = (c - 1) & ~3;
wolfSSL	13:f67a6c6013ca	1904	switch (c % 4) {
wolfSSL	13:f67a6c6013ca	1905	case 0: do { pd[idx+0] = *b++;
wolfSSL	13:f67a6c6013ca	1906	case 3: pd[idx+1] = *b++;
wolfSSL	13:f67a6c6013ca	1907	case 2: pd[idx+2] = *b++;
wolfSSL	13:f67a6c6013ca	1908	case 1: pd[idx+3] = *b++;
wolfSSL	13:f67a6c6013ca	1909	idx -= 4;
wolfSSL	13:f67a6c6013ca	1910	} while ((c -= 4) > 0);
wolfSSL	13:f67a6c6013ca	1911	}
wolfSSL	13:f67a6c6013ca	1912	}
wolfSSL	13:f67a6c6013ca	1913	#else
wolfSSL	13:f67a6c6013ca	1914	for (c -= 1; c >= 0; c -= 1) {
wolfSSL	13:f67a6c6013ca	1915	pd[c] = *b++;
wolfSSL	13:f67a6c6013ca	1916	}
wolfSSL	13:f67a6c6013ca	1917	#endif
wolfSSL	13:f67a6c6013ca	1918	}
wolfSSL	13:f67a6c6013ca	1919	#else
wolfSSL	13:f67a6c6013ca	1920	/* read the bytes in */
wolfSSL	13:f67a6c6013ca	1921	for (; c > 0; c--) {
wolfSSL	13:f67a6c6013ca	1922	fp_mul_2d (a, 8, a);
wolfSSL	13:f67a6c6013ca	1923	a->dp[0] \|= *b++;
wolfSSL	13:f67a6c6013ca	1924
wolfSSL	13:f67a6c6013ca	1925	if (a->used == 0) {
wolfSSL	13:f67a6c6013ca	1926	a->used = 1;
wolfSSL	13:f67a6c6013ca	1927	}
wolfSSL	13:f67a6c6013ca	1928	}
wolfSSL	13:f67a6c6013ca	1929	#endif
wolfSSL	13:f67a6c6013ca	1930	fp_clamp (a);
wolfSSL	13:f67a6c6013ca	1931	}
wolfSSL	13:f67a6c6013ca	1932
wolfSSL	13:f67a6c6013ca	1933	int fp_to_unsigned_bin_at_pos(int x, fp_int t, unsigned char b)
wolfSSL	13:f67a6c6013ca	1934	{
wolfSSL	13:f67a6c6013ca	1935	while (fp_iszero (t) == FP_NO) {
wolfSSL	13:f67a6c6013ca	1936	b[x++] = (unsigned char) (t->dp[0] & 255);
wolfSSL	13:f67a6c6013ca	1937	fp_div_2d (t, 8, t, NULL);
wolfSSL	13:f67a6c6013ca	1938	}
wolfSSL	13:f67a6c6013ca	1939	return x;
wolfSSL	13:f67a6c6013ca	1940	}
wolfSSL	13:f67a6c6013ca	1941
wolfSSL	13:f67a6c6013ca	1942	void fp_to_unsigned_bin(fp_int a, unsigned char b)
wolfSSL	13:f67a6c6013ca	1943	{
wolfSSL	13:f67a6c6013ca	1944	int x;
wolfSSL	13:f67a6c6013ca	1945	fp_int t;
wolfSSL	13:f67a6c6013ca	1946
wolfSSL	13:f67a6c6013ca	1947	fp_init_copy(&t, a);
wolfSSL	13:f67a6c6013ca	1948
wolfSSL	13:f67a6c6013ca	1949	x = fp_to_unsigned_bin_at_pos(0, &t, b);
wolfSSL	13:f67a6c6013ca	1950	fp_reverse (b, x);
wolfSSL	13:f67a6c6013ca	1951	}
wolfSSL	13:f67a6c6013ca	1952
wolfSSL	13:f67a6c6013ca	1953	int fp_unsigned_bin_size(fp_int *a)
wolfSSL	13:f67a6c6013ca	1954	{
wolfSSL	13:f67a6c6013ca	1955	int size = fp_count_bits (a);
wolfSSL	13:f67a6c6013ca	1956	return (size / 8 + ((size & 7) != 0 ? 1 : 0));
wolfSSL	13:f67a6c6013ca	1957	}
wolfSSL	13:f67a6c6013ca	1958
wolfSSL	13:f67a6c6013ca	1959	void fp_set(fp_int *a, fp_digit b)
wolfSSL	13:f67a6c6013ca	1960	{
wolfSSL	13:f67a6c6013ca	1961	fp_zero(a);
wolfSSL	13:f67a6c6013ca	1962	a->dp[0] = b;
wolfSSL	13:f67a6c6013ca	1963	a->used = a->dp[0] ? 1 : 0;
wolfSSL	13:f67a6c6013ca	1964	}
wolfSSL	13:f67a6c6013ca	1965
wolfSSL	13:f67a6c6013ca	1966
wolfSSL	13:f67a6c6013ca	1967	#ifndef MP_SET_CHUNK_BITS
wolfSSL	13:f67a6c6013ca	1968	#define MP_SET_CHUNK_BITS 4
wolfSSL	13:f67a6c6013ca	1969	#endif
wolfSSL	13:f67a6c6013ca	1970	void fp_set_int(fp_int *a, unsigned long b)
wolfSSL	13:f67a6c6013ca	1971	{
wolfSSL	13:f67a6c6013ca	1972	int x;
wolfSSL	13:f67a6c6013ca	1973
wolfSSL	13:f67a6c6013ca	1974	/* use direct fp_set if b is less than fp_digit max */
wolfSSL	13:f67a6c6013ca	1975	if (b < FP_DIGIT_MAX) {
wolfSSL	13:f67a6c6013ca	1976	fp_set (a, b);
wolfSSL	13:f67a6c6013ca	1977	return;
wolfSSL	13:f67a6c6013ca	1978	}
wolfSSL	13:f67a6c6013ca	1979
wolfSSL	13:f67a6c6013ca	1980	fp_zero (a);
wolfSSL	13:f67a6c6013ca	1981
wolfSSL	13:f67a6c6013ca	1982	/* set chunk bits at a time */
wolfSSL	13:f67a6c6013ca	1983	for (x = 0; x < (int)(sizeof(b) * 8) / MP_SET_CHUNK_BITS; x++) {
wolfSSL	13:f67a6c6013ca	1984	fp_mul_2d (a, MP_SET_CHUNK_BITS, a);
wolfSSL	13:f67a6c6013ca	1985
wolfSSL	13:f67a6c6013ca	1986	/* OR in the top bits of the source */
wolfSSL	13:f67a6c6013ca	1987	a->dp[0] \|= (b >> ((sizeof(b) * 8) - MP_SET_CHUNK_BITS)) &
wolfSSL	13:f67a6c6013ca	1988	((1 << MP_SET_CHUNK_BITS) - 1);
wolfSSL	13:f67a6c6013ca	1989
wolfSSL	13:f67a6c6013ca	1990	/* shift the source up to the next chunk bits */
wolfSSL	13:f67a6c6013ca	1991	b <<= MP_SET_CHUNK_BITS;
wolfSSL	13:f67a6c6013ca	1992
wolfSSL	13:f67a6c6013ca	1993	/* ensure that digits are not clamped off */
wolfSSL	13:f67a6c6013ca	1994	a->used += 1;
wolfSSL	13:f67a6c6013ca	1995	}
wolfSSL	13:f67a6c6013ca	1996
wolfSSL	13:f67a6c6013ca	1997	/* clamp digits */
wolfSSL	13:f67a6c6013ca	1998	fp_clamp(a);
wolfSSL	13:f67a6c6013ca	1999	}
wolfSSL	13:f67a6c6013ca	2000
wolfSSL	13:f67a6c6013ca	2001	/* check if a bit is set */
wolfSSL	13:f67a6c6013ca	2002	int fp_is_bit_set (fp_int *a, fp_digit b)
wolfSSL	13:f67a6c6013ca	2003	{
wolfSSL	13:f67a6c6013ca	2004	fp_digit i;
wolfSSL	13:f67a6c6013ca	2005
wolfSSL	13:f67a6c6013ca	2006	if (b > FP_MAX_BITS)
wolfSSL	13:f67a6c6013ca	2007	return 0;
wolfSSL	13:f67a6c6013ca	2008	else
wolfSSL	13:f67a6c6013ca	2009	i = b/DIGIT_BIT;
wolfSSL	13:f67a6c6013ca	2010
wolfSSL	13:f67a6c6013ca	2011	if ((fp_digit)a->used < i)
wolfSSL	13:f67a6c6013ca	2012	return 0;
wolfSSL	13:f67a6c6013ca	2013
wolfSSL	13:f67a6c6013ca	2014	return (int)((a->dp[i] >> b%DIGIT_BIT) & (fp_digit)1);
wolfSSL	13:f67a6c6013ca	2015	}
wolfSSL	13:f67a6c6013ca	2016
wolfSSL	13:f67a6c6013ca	2017	/* set the b bit of a */
wolfSSL	13:f67a6c6013ca	2018	int fp_set_bit (fp_int * a, fp_digit b)
wolfSSL	13:f67a6c6013ca	2019	{
wolfSSL	13:f67a6c6013ca	2020	fp_digit i;
wolfSSL	13:f67a6c6013ca	2021
wolfSSL	13:f67a6c6013ca	2022	if (b > FP_MAX_BITS)
wolfSSL	13:f67a6c6013ca	2023	return 0;
wolfSSL	13:f67a6c6013ca	2024	else
wolfSSL	13:f67a6c6013ca	2025	i = b/DIGIT_BIT;
wolfSSL	13:f67a6c6013ca	2026
wolfSSL	13:f67a6c6013ca	2027	/* set the used count of where the bit will go if required */
wolfSSL	13:f67a6c6013ca	2028	if (a->used < (int)(i+1))
wolfSSL	13:f67a6c6013ca	2029	a->used = (int)(i+1);
wolfSSL	13:f67a6c6013ca	2030
wolfSSL	13:f67a6c6013ca	2031	/* put the single bit in its place */
wolfSSL	13:f67a6c6013ca	2032	a->dp[i] \|= ((fp_digit)1) << (b % DIGIT_BIT);
wolfSSL	13:f67a6c6013ca	2033
wolfSSL	13:f67a6c6013ca	2034	return MP_OKAY;
wolfSSL	13:f67a6c6013ca	2035	}
wolfSSL	13:f67a6c6013ca	2036
wolfSSL	13:f67a6c6013ca	2037	int fp_count_bits (fp_int * a)
wolfSSL	13:f67a6c6013ca	2038	{
wolfSSL	13:f67a6c6013ca	2039	int r;
wolfSSL	13:f67a6c6013ca	2040	fp_digit q;
wolfSSL	13:f67a6c6013ca	2041
wolfSSL	13:f67a6c6013ca	2042	/* shortcut */
wolfSSL	13:f67a6c6013ca	2043	if (a->used == 0) {
wolfSSL	13:f67a6c6013ca	2044	return 0;
wolfSSL	13:f67a6c6013ca	2045	}
wolfSSL	13:f67a6c6013ca	2046
wolfSSL	13:f67a6c6013ca	2047	/* get number of digits and add that */
wolfSSL	13:f67a6c6013ca	2048	r = (a->used - 1) * DIGIT_BIT;
wolfSSL	13:f67a6c6013ca	2049
wolfSSL	13:f67a6c6013ca	2050	/* take the last digit and count the bits in it */
wolfSSL	13:f67a6c6013ca	2051	q = a->dp[a->used - 1];
wolfSSL	13:f67a6c6013ca	2052	while (q > ((fp_digit) 0)) {
wolfSSL	13:f67a6c6013ca	2053	++r;
wolfSSL	13:f67a6c6013ca	2054	q >>= ((fp_digit) 1);
wolfSSL	13:f67a6c6013ca	2055	}
wolfSSL	13:f67a6c6013ca	2056
wolfSSL	13:f67a6c6013ca	2057	return r;
wolfSSL	13:f67a6c6013ca	2058	}
wolfSSL	13:f67a6c6013ca	2059
wolfSSL	13:f67a6c6013ca	2060	int fp_leading_bit(fp_int *a)
wolfSSL	13:f67a6c6013ca	2061	{
wolfSSL	13:f67a6c6013ca	2062	int bit = 0;
wolfSSL	13:f67a6c6013ca	2063
wolfSSL	13:f67a6c6013ca	2064	if (a->used != 0) {
wolfSSL	13:f67a6c6013ca	2065	fp_digit q = a->dp[a->used - 1];
wolfSSL	13:f67a6c6013ca	2066	int qSz = sizeof(fp_digit);
wolfSSL	13:f67a6c6013ca	2067
wolfSSL	13:f67a6c6013ca	2068	while (qSz > 0) {
wolfSSL	13:f67a6c6013ca	2069	if ((unsigned char)q != 0)
wolfSSL	13:f67a6c6013ca	2070	bit = (q & 0x80) != 0;
wolfSSL	13:f67a6c6013ca	2071	q >>= 8;
wolfSSL	13:f67a6c6013ca	2072	qSz--;
wolfSSL	13:f67a6c6013ca	2073	}
wolfSSL	13:f67a6c6013ca	2074	}
wolfSSL	13:f67a6c6013ca	2075
wolfSSL	13:f67a6c6013ca	2076	return bit;
wolfSSL	13:f67a6c6013ca	2077	}
wolfSSL	13:f67a6c6013ca	2078
wolfSSL	13:f67a6c6013ca	2079	void fp_lshd(fp_int *a, int x)
wolfSSL	13:f67a6c6013ca	2080	{
wolfSSL	13:f67a6c6013ca	2081	int y;
wolfSSL	13:f67a6c6013ca	2082
wolfSSL	13:f67a6c6013ca	2083	/* move up and truncate as required */
wolfSSL	13:f67a6c6013ca	2084	y = MIN(a->used + x - 1, (int)(FP_SIZE-1));
wolfSSL	13:f67a6c6013ca	2085
wolfSSL	13:f67a6c6013ca	2086	/* store new size */
wolfSSL	13:f67a6c6013ca	2087	a->used = y + 1;
wolfSSL	13:f67a6c6013ca	2088
wolfSSL	13:f67a6c6013ca	2089	/* move digits */
wolfSSL	13:f67a6c6013ca	2090	for (; y >= x; y--) {
wolfSSL	13:f67a6c6013ca	2091	a->dp[y] = a->dp[y-x];
wolfSSL	13:f67a6c6013ca	2092	}
wolfSSL	13:f67a6c6013ca	2093
wolfSSL	13:f67a6c6013ca	2094	/* zero lower digits */
wolfSSL	13:f67a6c6013ca	2095	for (; y >= 0; y--) {
wolfSSL	13:f67a6c6013ca	2096	a->dp[y] = 0;
wolfSSL	13:f67a6c6013ca	2097	}
wolfSSL	13:f67a6c6013ca	2098
wolfSSL	13:f67a6c6013ca	2099	/* clamp digits */
wolfSSL	13:f67a6c6013ca	2100	fp_clamp(a);
wolfSSL	13:f67a6c6013ca	2101	}
wolfSSL	13:f67a6c6013ca	2102
wolfSSL	13:f67a6c6013ca	2103
wolfSSL	13:f67a6c6013ca	2104	/* right shift by bit count */
wolfSSL	13:f67a6c6013ca	2105	void fp_rshb(fp_int *c, int x)
wolfSSL	13:f67a6c6013ca	2106	{
wolfSSL	13:f67a6c6013ca	2107	fp_digit *tmpc, mask, shift;
wolfSSL	13:f67a6c6013ca	2108	fp_digit r, rr;
wolfSSL	13:f67a6c6013ca	2109	fp_digit D = x;
wolfSSL	13:f67a6c6013ca	2110
wolfSSL	13:f67a6c6013ca	2111	/* mask */
wolfSSL	13:f67a6c6013ca	2112	mask = (((fp_digit)1) << D) - 1;
wolfSSL	13:f67a6c6013ca	2113
wolfSSL	13:f67a6c6013ca	2114	/* shift for lsb */
wolfSSL	13:f67a6c6013ca	2115	shift = DIGIT_BIT - D;
wolfSSL	13:f67a6c6013ca	2116
wolfSSL	13:f67a6c6013ca	2117	/* alias */
wolfSSL	13:f67a6c6013ca	2118	tmpc = c->dp + (c->used - 1);
wolfSSL	13:f67a6c6013ca	2119
wolfSSL	13:f67a6c6013ca	2120	/* carry */
wolfSSL	13:f67a6c6013ca	2121	r = 0;
wolfSSL	13:f67a6c6013ca	2122	for (x = c->used - 1; x >= 0; x--) {
wolfSSL	13:f67a6c6013ca	2123	/* get the lower bits of this word in a temp */
wolfSSL	13:f67a6c6013ca	2124	rr = *tmpc & mask;
wolfSSL	13:f67a6c6013ca	2125
wolfSSL	13:f67a6c6013ca	2126	/* shift the current word and mix in the carry bits from previous word */
wolfSSL	13:f67a6c6013ca	2127	tmpc = (tmpc >> D) \| (r << shift);
wolfSSL	13:f67a6c6013ca	2128	--tmpc;
wolfSSL	13:f67a6c6013ca	2129
wolfSSL	13:f67a6c6013ca	2130	/* set the carry to the carry bits of the current word found above */
wolfSSL	13:f67a6c6013ca	2131	r = rr;
wolfSSL	13:f67a6c6013ca	2132	}
wolfSSL	13:f67a6c6013ca	2133
wolfSSL	13:f67a6c6013ca	2134	/* clamp digits */
wolfSSL	13:f67a6c6013ca	2135	fp_clamp(c);
wolfSSL	13:f67a6c6013ca	2136	}
wolfSSL	13:f67a6c6013ca	2137
wolfSSL	13:f67a6c6013ca	2138
wolfSSL	13:f67a6c6013ca	2139	void fp_rshd(fp_int *a, int x)
wolfSSL	13:f67a6c6013ca	2140	{
wolfSSL	13:f67a6c6013ca	2141	int y;
wolfSSL	13:f67a6c6013ca	2142
wolfSSL	13:f67a6c6013ca	2143	/* too many digits just zero and return */
wolfSSL	13:f67a6c6013ca	2144	if (x >= a->used) {
wolfSSL	13:f67a6c6013ca	2145	fp_zero(a);
wolfSSL	13:f67a6c6013ca	2146	return;
wolfSSL	13:f67a6c6013ca	2147	}
wolfSSL	13:f67a6c6013ca	2148
wolfSSL	13:f67a6c6013ca	2149	/* shift */
wolfSSL	13:f67a6c6013ca	2150	for (y = 0; y < a->used - x; y++) {
wolfSSL	13:f67a6c6013ca	2151	a->dp[y] = a->dp[y+x];
wolfSSL	13:f67a6c6013ca	2152	}
wolfSSL	13:f67a6c6013ca	2153
wolfSSL	13:f67a6c6013ca	2154	/* zero rest */
wolfSSL	13:f67a6c6013ca	2155	for (; y < a->used; y++) {
wolfSSL	13:f67a6c6013ca	2156	a->dp[y] = 0;
wolfSSL	13:f67a6c6013ca	2157	}
wolfSSL	13:f67a6c6013ca	2158
wolfSSL	13:f67a6c6013ca	2159	/* decrement count */
wolfSSL	13:f67a6c6013ca	2160	a->used -= x;
wolfSSL	13:f67a6c6013ca	2161	fp_clamp(a);
wolfSSL	13:f67a6c6013ca	2162	}
wolfSSL	13:f67a6c6013ca	2163
wolfSSL	13:f67a6c6013ca	2164	/* reverse an array, used for radix code */
wolfSSL	13:f67a6c6013ca	2165	void fp_reverse (unsigned char *s, int len)
wolfSSL	13:f67a6c6013ca	2166	{
wolfSSL	13:f67a6c6013ca	2167	int ix, iy;
wolfSSL	13:f67a6c6013ca	2168	unsigned char t;
wolfSSL	13:f67a6c6013ca	2169
wolfSSL	13:f67a6c6013ca	2170	ix = 0;
wolfSSL	13:f67a6c6013ca	2171	iy = len - 1;
wolfSSL	13:f67a6c6013ca	2172	while (ix < iy) {
wolfSSL	13:f67a6c6013ca	2173	t = s[ix];
wolfSSL	13:f67a6c6013ca	2174	s[ix] = s[iy];
wolfSSL	13:f67a6c6013ca	2175	s[iy] = t;
wolfSSL	13:f67a6c6013ca	2176	++ix;
wolfSSL	13:f67a6c6013ca	2177	--iy;
wolfSSL	13:f67a6c6013ca	2178	}
wolfSSL	13:f67a6c6013ca	2179	}
wolfSSL	13:f67a6c6013ca	2180
wolfSSL	13:f67a6c6013ca	2181
wolfSSL	13:f67a6c6013ca	2182	/* c = a - b */
wolfSSL	13:f67a6c6013ca	2183	void fp_sub_d(fp_int a, fp_digit b, fp_int c)
wolfSSL	13:f67a6c6013ca	2184	{
wolfSSL	13:f67a6c6013ca	2185	fp_int tmp;
wolfSSL	13:f67a6c6013ca	2186	fp_init(&tmp);
wolfSSL	13:f67a6c6013ca	2187	fp_set(&tmp, b);
wolfSSL	13:f67a6c6013ca	2188	#if defined(ALT_ECC_SIZE) \|\| defined(HAVE_WOLF_BIGINT)
wolfSSL	13:f67a6c6013ca	2189	if (c->size < FP_SIZE) {
wolfSSL	13:f67a6c6013ca	2190	fp_sub(a, &tmp, &tmp);
wolfSSL	13:f67a6c6013ca	2191	fp_copy(&tmp, c);
wolfSSL	13:f67a6c6013ca	2192	} else
wolfSSL	13:f67a6c6013ca	2193	#endif
wolfSSL	13:f67a6c6013ca	2194	{
wolfSSL	13:f67a6c6013ca	2195	fp_sub(a, &tmp, c);
wolfSSL	13:f67a6c6013ca	2196	}
wolfSSL	13:f67a6c6013ca	2197	}
wolfSSL	13:f67a6c6013ca	2198
wolfSSL	13:f67a6c6013ca	2199
wolfSSL	13:f67a6c6013ca	2200	/* wolfSSL callers from normal lib */
wolfSSL	13:f67a6c6013ca	2201
wolfSSL	13:f67a6c6013ca	2202	/* init a new mp_int */
wolfSSL	13:f67a6c6013ca	2203	int mp_init (mp_int * a)
wolfSSL	13:f67a6c6013ca	2204	{
wolfSSL	13:f67a6c6013ca	2205	if (a)
wolfSSL	13:f67a6c6013ca	2206	fp_init(a);
wolfSSL	13:f67a6c6013ca	2207	return MP_OKAY;
wolfSSL	13:f67a6c6013ca	2208	}
wolfSSL	13:f67a6c6013ca	2209
wolfSSL	13:f67a6c6013ca	2210	void fp_init(fp_int *a)
wolfSSL	13:f67a6c6013ca	2211	{
wolfSSL	13:f67a6c6013ca	2212	#if defined(ALT_ECC_SIZE) \|\| defined(HAVE_WOLF_BIGINT)
wolfSSL	13:f67a6c6013ca	2213	a->size = FP_SIZE;
wolfSSL	13:f67a6c6013ca	2214	#endif
wolfSSL	13:f67a6c6013ca	2215	#ifdef HAVE_WOLF_BIGINT
wolfSSL	13:f67a6c6013ca	2216	wc_bigint_init(&a->raw);
wolfSSL	13:f67a6c6013ca	2217	#endif
wolfSSL	13:f67a6c6013ca	2218	fp_zero(a);
wolfSSL	13:f67a6c6013ca	2219	}
wolfSSL	13:f67a6c6013ca	2220
wolfSSL	13:f67a6c6013ca	2221	void fp_zero(fp_int *a)
wolfSSL	13:f67a6c6013ca	2222	{
wolfSSL	13:f67a6c6013ca	2223	int size = FP_SIZE;
wolfSSL	13:f67a6c6013ca	2224	a->used = 0;
wolfSSL	13:f67a6c6013ca	2225	a->sign = FP_ZPOS;
wolfSSL	13:f67a6c6013ca	2226	#if defined(ALT_ECC_SIZE) \|\| defined(HAVE_WOLF_BIGINT)
wolfSSL	13:f67a6c6013ca	2227	size = a->size;
wolfSSL	13:f67a6c6013ca	2228	#endif
wolfSSL	13:f67a6c6013ca	2229	XMEMSET(a->dp, 0, size * sizeof(fp_digit));
wolfSSL	13:f67a6c6013ca	2230	}
wolfSSL	13:f67a6c6013ca	2231
wolfSSL	13:f67a6c6013ca	2232	void fp_clear(fp_int *a)
wolfSSL	13:f67a6c6013ca	2233	{
wolfSSL	13:f67a6c6013ca	2234	int size = FP_SIZE;
wolfSSL	13:f67a6c6013ca	2235	a->used = 0;
wolfSSL	13:f67a6c6013ca	2236	a->sign = FP_ZPOS;
wolfSSL	13:f67a6c6013ca	2237	#if defined(ALT_ECC_SIZE) \|\| defined(HAVE_WOLF_BIGINT)
wolfSSL	13:f67a6c6013ca	2238	size = a->size;
wolfSSL	13:f67a6c6013ca	2239	#endif
wolfSSL	13:f67a6c6013ca	2240	XMEMSET(a->dp, 0, size * sizeof(fp_digit));
wolfSSL	13:f67a6c6013ca	2241	fp_free(a);
wolfSSL	13:f67a6c6013ca	2242	}
wolfSSL	13:f67a6c6013ca	2243
wolfSSL	13:f67a6c6013ca	2244	void fp_forcezero (mp_int * a)
wolfSSL	13:f67a6c6013ca	2245	{
wolfSSL	13:f67a6c6013ca	2246	int size = FP_SIZE;
wolfSSL	13:f67a6c6013ca	2247	a->used = 0;
wolfSSL	13:f67a6c6013ca	2248	a->sign = FP_ZPOS;
wolfSSL	13:f67a6c6013ca	2249	#if defined(ALT_ECC_SIZE) \|\| defined(HAVE_WOLF_BIGINT)
wolfSSL	13:f67a6c6013ca	2250	size = a->size;
wolfSSL	13:f67a6c6013ca	2251	#endif
wolfSSL	13:f67a6c6013ca	2252	ForceZero(a->dp, size * sizeof(fp_digit));
wolfSSL	13:f67a6c6013ca	2253	#ifdef HAVE_WOLF_BIGINT
wolfSSL	13:f67a6c6013ca	2254	wc_bigint_zero(&a->raw);
wolfSSL	13:f67a6c6013ca	2255	#endif
wolfSSL	13:f67a6c6013ca	2256	fp_free(a);
wolfSSL	13:f67a6c6013ca	2257	}
wolfSSL	13:f67a6c6013ca	2258
wolfSSL	13:f67a6c6013ca	2259	void mp_forcezero (mp_int * a)
wolfSSL	13:f67a6c6013ca	2260	{
wolfSSL	13:f67a6c6013ca	2261	fp_forcezero(a);
wolfSSL	13:f67a6c6013ca	2262	}
wolfSSL	13:f67a6c6013ca	2263
wolfSSL	13:f67a6c6013ca	2264	void fp_free(fp_int* a)
wolfSSL	13:f67a6c6013ca	2265	{
wolfSSL	13:f67a6c6013ca	2266	#ifdef HAVE_WOLF_BIGINT
wolfSSL	13:f67a6c6013ca	2267	wc_bigint_free(&a->raw);
wolfSSL	13:f67a6c6013ca	2268	#else
wolfSSL	13:f67a6c6013ca	2269	(void)a;
wolfSSL	13:f67a6c6013ca	2270	#endif
wolfSSL	13:f67a6c6013ca	2271	}
wolfSSL	13:f67a6c6013ca	2272
wolfSSL	13:f67a6c6013ca	2273
wolfSSL	13:f67a6c6013ca	2274	/* clear one (frees) */
wolfSSL	13:f67a6c6013ca	2275	void mp_clear (mp_int * a)
wolfSSL	13:f67a6c6013ca	2276	{
wolfSSL	13:f67a6c6013ca	2277	if (a == NULL)
wolfSSL	13:f67a6c6013ca	2278	return;
wolfSSL	13:f67a6c6013ca	2279	fp_clear(a);
wolfSSL	13:f67a6c6013ca	2280	}
wolfSSL	13:f67a6c6013ca	2281
wolfSSL	13:f67a6c6013ca	2282	void mp_free(mp_int* a)
wolfSSL	13:f67a6c6013ca	2283	{
wolfSSL	13:f67a6c6013ca	2284	fp_free(a);
wolfSSL	13:f67a6c6013ca	2285	}
wolfSSL	13:f67a6c6013ca	2286
wolfSSL	13:f67a6c6013ca	2287	/* handle up to 6 inits */
wolfSSL	13:f67a6c6013ca	2288	int mp_init_multi(mp_int* a, mp_int* b, mp_int* c, mp_int* d,
wolfSSL	13:f67a6c6013ca	2289	mp_int* e, mp_int* f)
wolfSSL	13:f67a6c6013ca	2290	{
wolfSSL	13:f67a6c6013ca	2291	if (a)
wolfSSL	13:f67a6c6013ca	2292	fp_init(a);
wolfSSL	13:f67a6c6013ca	2293	if (b)
wolfSSL	13:f67a6c6013ca	2294	fp_init(b);
wolfSSL	13:f67a6c6013ca	2295	if (c)
wolfSSL	13:f67a6c6013ca	2296	fp_init(c);
wolfSSL	13:f67a6c6013ca	2297	if (d)
wolfSSL	13:f67a6c6013ca	2298	fp_init(d);
wolfSSL	13:f67a6c6013ca	2299	if (e)
wolfSSL	13:f67a6c6013ca	2300	fp_init(e);
wolfSSL	13:f67a6c6013ca	2301	if (f)
wolfSSL	13:f67a6c6013ca	2302	fp_init(f);
wolfSSL	13:f67a6c6013ca	2303
wolfSSL	13:f67a6c6013ca	2304	return MP_OKAY;
wolfSSL	13:f67a6c6013ca	2305	}
wolfSSL	13:f67a6c6013ca	2306
wolfSSL	13:f67a6c6013ca	2307	/* high level addition (handles signs) */
wolfSSL	13:f67a6c6013ca	2308	int mp_add (mp_int * a, mp_int * b, mp_int * c)
wolfSSL	13:f67a6c6013ca	2309	{
wolfSSL	13:f67a6c6013ca	2310	fp_add(a, b, c);
wolfSSL	13:f67a6c6013ca	2311	return MP_OKAY;
wolfSSL	13:f67a6c6013ca	2312	}
wolfSSL	13:f67a6c6013ca	2313
wolfSSL	13:f67a6c6013ca	2314	/* high level subtraction (handles signs) */
wolfSSL	13:f67a6c6013ca	2315	int mp_sub (mp_int * a, mp_int * b, mp_int * c)
wolfSSL	13:f67a6c6013ca	2316	{
wolfSSL	13:f67a6c6013ca	2317	fp_sub(a, b, c);
wolfSSL	13:f67a6c6013ca	2318	return MP_OKAY;
wolfSSL	13:f67a6c6013ca	2319	}
wolfSSL	13:f67a6c6013ca	2320
wolfSSL	13:f67a6c6013ca	2321	/* high level multiplication (handles sign) */
wolfSSL	13:f67a6c6013ca	2322	#if defined(FREESCALE_LTC_TFM)
wolfSSL	13:f67a6c6013ca	2323	int wolfcrypt_mp_mul(mp_int * a, mp_int * b, mp_int * c)
wolfSSL	13:f67a6c6013ca	2324	#else
wolfSSL	13:f67a6c6013ca	2325	int mp_mul (mp_int * a, mp_int * b, mp_int * c)
wolfSSL	13:f67a6c6013ca	2326	#endif
wolfSSL	13:f67a6c6013ca	2327	{
wolfSSL	13:f67a6c6013ca	2328	fp_mul(a, b, c);
wolfSSL	13:f67a6c6013ca	2329	return MP_OKAY;
wolfSSL	13:f67a6c6013ca	2330	}
wolfSSL	13:f67a6c6013ca	2331
wolfSSL	13:f67a6c6013ca	2332	int mp_mul_d (mp_int * a, mp_digit b, mp_int * c)
wolfSSL	13:f67a6c6013ca	2333	{
wolfSSL	13:f67a6c6013ca	2334	fp_mul_d(a, b, c);
wolfSSL	13:f67a6c6013ca	2335	return MP_OKAY;
wolfSSL	13:f67a6c6013ca	2336	}
wolfSSL	13:f67a6c6013ca	2337
wolfSSL	13:f67a6c6013ca	2338	/* d = a * b (mod c) */
wolfSSL	13:f67a6c6013ca	2339	#if defined(FREESCALE_LTC_TFM)
wolfSSL	13:f67a6c6013ca	2340	int wolfcrypt_mp_mulmod (mp_int * a, mp_int * b, mp_int * c, mp_int * d)
wolfSSL	13:f67a6c6013ca	2341	#else
wolfSSL	13:f67a6c6013ca	2342	int mp_mulmod (mp_int * a, mp_int * b, mp_int * c, mp_int * d)
wolfSSL	13:f67a6c6013ca	2343	#endif
wolfSSL	13:f67a6c6013ca	2344	{
wolfSSL	13:f67a6c6013ca	2345	return fp_mulmod(a, b, c, d);
wolfSSL	13:f67a6c6013ca	2346	}
wolfSSL	13:f67a6c6013ca	2347
wolfSSL	13:f67a6c6013ca	2348	/* d = a - b (mod c) */
wolfSSL	13:f67a6c6013ca	2349	int mp_submod(mp_int a, mp_int b, mp_int c, mp_int d)
wolfSSL	13:f67a6c6013ca	2350	{
wolfSSL	13:f67a6c6013ca	2351	return fp_submod(a, b, c, d);
wolfSSL	13:f67a6c6013ca	2352	}
wolfSSL	13:f67a6c6013ca	2353
wolfSSL	13:f67a6c6013ca	2354	/* d = a + b (mod c) */
wolfSSL	13:f67a6c6013ca	2355	int mp_addmod(mp_int a, mp_int b, mp_int c, mp_int d)
wolfSSL	13:f67a6c6013ca	2356	{
wolfSSL	13:f67a6c6013ca	2357	return fp_addmod(a, b, c, d);
wolfSSL	13:f67a6c6013ca	2358	}
wolfSSL	13:f67a6c6013ca	2359
wolfSSL	13:f67a6c6013ca	2360	/* c = a mod b, 0 <= c < b */
wolfSSL	13:f67a6c6013ca	2361	#if defined(FREESCALE_LTC_TFM)
wolfSSL	13:f67a6c6013ca	2362	int wolfcrypt_mp_mod (mp_int * a, mp_int * b, mp_int * c)
wolfSSL	13:f67a6c6013ca	2363	#else
wolfSSL	13:f67a6c6013ca	2364	int mp_mod (mp_int * a, mp_int * b, mp_int * c)
wolfSSL	13:f67a6c6013ca	2365	#endif
wolfSSL	13:f67a6c6013ca	2366	{
wolfSSL	13:f67a6c6013ca	2367	return fp_mod (a, b, c);
wolfSSL	13:f67a6c6013ca	2368	}
wolfSSL	13:f67a6c6013ca	2369
wolfSSL	13:f67a6c6013ca	2370	/* hac 14.61, pp608 */
wolfSSL	13:f67a6c6013ca	2371	#if defined(FREESCALE_LTC_TFM)
wolfSSL	13:f67a6c6013ca	2372	int wolfcrypt_mp_invmod (mp_int * a, mp_int * b, mp_int * c)
wolfSSL	13:f67a6c6013ca	2373	#else
wolfSSL	13:f67a6c6013ca	2374	int mp_invmod (mp_int * a, mp_int * b, mp_int * c)
wolfSSL	13:f67a6c6013ca	2375	#endif
wolfSSL	13:f67a6c6013ca	2376	{
wolfSSL	13:f67a6c6013ca	2377	return fp_invmod(a, b, c);
wolfSSL	13:f67a6c6013ca	2378	}
wolfSSL	13:f67a6c6013ca	2379
wolfSSL	13:f67a6c6013ca	2380	/* this is a shell function that calls either the normal or Montgomery
wolfSSL	13:f67a6c6013ca	2381	* exptmod functions. Originally the call to the montgomery code was
wolfSSL	13:f67a6c6013ca	2382	* embedded in the normal function but that wasted alot of stack space
wolfSSL	13:f67a6c6013ca	2383	* for nothing (since 99% of the time the Montgomery code would be called)
wolfSSL	13:f67a6c6013ca	2384	*/
wolfSSL	13:f67a6c6013ca	2385	#if defined(FREESCALE_LTC_TFM)
wolfSSL	13:f67a6c6013ca	2386	int wolfcrypt_mp_exptmod (mp_int * G, mp_int * X, mp_int * P, mp_int * Y)
wolfSSL	13:f67a6c6013ca	2387	#else
wolfSSL	13:f67a6c6013ca	2388	int mp_exptmod (mp_int * G, mp_int * X, mp_int * P, mp_int * Y)
wolfSSL	13:f67a6c6013ca	2389	#endif
wolfSSL	13:f67a6c6013ca	2390	{
wolfSSL	13:f67a6c6013ca	2391	return fp_exptmod(G, X, P, Y);
wolfSSL	13:f67a6c6013ca	2392	}
wolfSSL	13:f67a6c6013ca	2393
wolfSSL	13:f67a6c6013ca	2394	/* compare two ints (signed)*/
wolfSSL	13:f67a6c6013ca	2395	int mp_cmp (mp_int * a, mp_int * b)
wolfSSL	13:f67a6c6013ca	2396	{
wolfSSL	13:f67a6c6013ca	2397	return fp_cmp(a, b);
wolfSSL	13:f67a6c6013ca	2398	}
wolfSSL	13:f67a6c6013ca	2399
wolfSSL	13:f67a6c6013ca	2400	/* compare a digit */
wolfSSL	13:f67a6c6013ca	2401	int mp_cmp_d(mp_int * a, mp_digit b)
wolfSSL	13:f67a6c6013ca	2402	{
wolfSSL	13:f67a6c6013ca	2403	return fp_cmp_d(a, b);
wolfSSL	13:f67a6c6013ca	2404	}
wolfSSL	13:f67a6c6013ca	2405
wolfSSL	13:f67a6c6013ca	2406	/* get the size for an unsigned equivalent */
wolfSSL	13:f67a6c6013ca	2407	int mp_unsigned_bin_size (mp_int * a)
wolfSSL	13:f67a6c6013ca	2408	{
wolfSSL	13:f67a6c6013ca	2409	return fp_unsigned_bin_size(a);
wolfSSL	13:f67a6c6013ca	2410	}
wolfSSL	13:f67a6c6013ca	2411
wolfSSL	13:f67a6c6013ca	2412	int mp_to_unsigned_bin_at_pos(int x, fp_int t, unsigned char b)
wolfSSL	13:f67a6c6013ca	2413	{
wolfSSL	13:f67a6c6013ca	2414	return fp_to_unsigned_bin_at_pos(x, t, b);
wolfSSL	13:f67a6c6013ca	2415	}
wolfSSL	13:f67a6c6013ca	2416
wolfSSL	13:f67a6c6013ca	2417	/* store in unsigned [big endian] format */
wolfSSL	13:f67a6c6013ca	2418	int mp_to_unsigned_bin (mp_int * a, unsigned char *b)
wolfSSL	13:f67a6c6013ca	2419	{
wolfSSL	13:f67a6c6013ca	2420	fp_to_unsigned_bin(a,b);
wolfSSL	13:f67a6c6013ca	2421	return MP_OKAY;
wolfSSL	13:f67a6c6013ca	2422	}
wolfSSL	13:f67a6c6013ca	2423
wolfSSL	13:f67a6c6013ca	2424	/* reads a unsigned char array, assumes the msb is stored first [big endian] */
wolfSSL	13:f67a6c6013ca	2425	int mp_read_unsigned_bin (mp_int * a, const unsigned char *b, int c)
wolfSSL	13:f67a6c6013ca	2426	{
wolfSSL	13:f67a6c6013ca	2427	fp_read_unsigned_bin(a, b, c);
wolfSSL	13:f67a6c6013ca	2428	return MP_OKAY;
wolfSSL	13:f67a6c6013ca	2429	}
wolfSSL	13:f67a6c6013ca	2430
wolfSSL	13:f67a6c6013ca	2431
wolfSSL	13:f67a6c6013ca	2432	int mp_sub_d(fp_int a, fp_digit b, fp_int c)
wolfSSL	13:f67a6c6013ca	2433	{
wolfSSL	13:f67a6c6013ca	2434	fp_sub_d(a, b, c);
wolfSSL	13:f67a6c6013ca	2435	return MP_OKAY;
wolfSSL	13:f67a6c6013ca	2436	}
wolfSSL	13:f67a6c6013ca	2437
wolfSSL	13:f67a6c6013ca	2438	int mp_mul_2d(fp_int a, int b, fp_int c)
wolfSSL	13:f67a6c6013ca	2439	{
wolfSSL	13:f67a6c6013ca	2440	fp_mul_2d(a, b, c);
wolfSSL	13:f67a6c6013ca	2441	return MP_OKAY;
wolfSSL	13:f67a6c6013ca	2442	}
wolfSSL	13:f67a6c6013ca	2443
wolfSSL	13:f67a6c6013ca	2444	int mp_div(fp_int * a, fp_int * b, fp_int * c, fp_int * d)
wolfSSL	13:f67a6c6013ca	2445	{
wolfSSL	13:f67a6c6013ca	2446	return fp_div(a, b, c, d);
wolfSSL	13:f67a6c6013ca	2447	}
wolfSSL	13:f67a6c6013ca	2448
wolfSSL	13:f67a6c6013ca	2449	int mp_div_2d(fp_int* a, int b, fp_int* c, fp_int* d)
wolfSSL	13:f67a6c6013ca	2450	{
wolfSSL	13:f67a6c6013ca	2451	fp_div_2d(a, b, c, d);
wolfSSL	13:f67a6c6013ca	2452	return MP_OKAY;
wolfSSL	13:f67a6c6013ca	2453	}
wolfSSL	13:f67a6c6013ca	2454
wolfSSL	13:f67a6c6013ca	2455	void fp_copy(fp_int a, fp_int b)
wolfSSL	13:f67a6c6013ca	2456	{
wolfSSL	13:f67a6c6013ca	2457	/* if source and destination are different */
wolfSSL	13:f67a6c6013ca	2458	if (a != b) {
wolfSSL	13:f67a6c6013ca	2459	#if defined(ALT_ECC_SIZE) \|\| defined(HAVE_WOLF_BIGINT)
wolfSSL	13:f67a6c6013ca	2460	/* verify a will fit in b */
wolfSSL	13:f67a6c6013ca	2461	if (b->size >= a->used) {
wolfSSL	13:f67a6c6013ca	2462	int x, oldused;
wolfSSL	13:f67a6c6013ca	2463	oldused = b->used;
wolfSSL	13:f67a6c6013ca	2464	b->used = a->used;
wolfSSL	13:f67a6c6013ca	2465	b->sign = a->sign;
wolfSSL	13:f67a6c6013ca	2466
wolfSSL	13:f67a6c6013ca	2467	XMEMCPY(b->dp, a->dp, a->used * sizeof(fp_digit));
wolfSSL	13:f67a6c6013ca	2468
wolfSSL	13:f67a6c6013ca	2469	/* zero any excess digits on the destination that we didn't write to */
wolfSSL	13:f67a6c6013ca	2470	for (x = b->used; x >= 0 && x < oldused; x++) {
wolfSSL	13:f67a6c6013ca	2471	b->dp[x] = 0;
wolfSSL	13:f67a6c6013ca	2472	}
wolfSSL	13:f67a6c6013ca	2473	}
wolfSSL	13:f67a6c6013ca	2474	else {
wolfSSL	13:f67a6c6013ca	2475	/* TODO: Handle error case */
wolfSSL	13:f67a6c6013ca	2476	}
wolfSSL	13:f67a6c6013ca	2477	#else
wolfSSL	13:f67a6c6013ca	2478	/* all dp's are same size, so do straight copy */
wolfSSL	13:f67a6c6013ca	2479	b->used = a->used;
wolfSSL	13:f67a6c6013ca	2480	b->sign = a->sign;
wolfSSL	13:f67a6c6013ca	2481	XMEMCPY(b->dp, a->dp, FP_SIZE * sizeof(fp_digit));
wolfSSL	13:f67a6c6013ca	2482	#endif
wolfSSL	13:f67a6c6013ca	2483	}
wolfSSL	13:f67a6c6013ca	2484	}
wolfSSL	13:f67a6c6013ca	2485
wolfSSL	13:f67a6c6013ca	2486	void fp_init_copy(fp_int a, fp_int b)
wolfSSL	13:f67a6c6013ca	2487	{
wolfSSL	13:f67a6c6013ca	2488	if (a != b) {
wolfSSL	13:f67a6c6013ca	2489	fp_init(a);
wolfSSL	13:f67a6c6013ca	2490	fp_copy(b, a);
wolfSSL	13:f67a6c6013ca	2491	}
wolfSSL	13:f67a6c6013ca	2492	}
wolfSSL	13:f67a6c6013ca	2493
wolfSSL	13:f67a6c6013ca	2494	/* fast math wrappers */
wolfSSL	13:f67a6c6013ca	2495	int mp_copy(fp_int* a, fp_int* b)
wolfSSL	13:f67a6c6013ca	2496	{
wolfSSL	13:f67a6c6013ca	2497	fp_copy(a, b);
wolfSSL	13:f67a6c6013ca	2498	return MP_OKAY;
wolfSSL	13:f67a6c6013ca	2499	}
wolfSSL	13:f67a6c6013ca	2500
wolfSSL	13:f67a6c6013ca	2501	int mp_isodd(mp_int* a)
wolfSSL	13:f67a6c6013ca	2502	{
wolfSSL	13:f67a6c6013ca	2503	return fp_isodd(a);
wolfSSL	13:f67a6c6013ca	2504	}
wolfSSL	13:f67a6c6013ca	2505
wolfSSL	13:f67a6c6013ca	2506	int mp_iszero(mp_int* a)
wolfSSL	13:f67a6c6013ca	2507	{
wolfSSL	13:f67a6c6013ca	2508	return fp_iszero(a);
wolfSSL	13:f67a6c6013ca	2509	}
wolfSSL	13:f67a6c6013ca	2510
wolfSSL	13:f67a6c6013ca	2511	int mp_count_bits (mp_int* a)
wolfSSL	13:f67a6c6013ca	2512	{
wolfSSL	13:f67a6c6013ca	2513	return fp_count_bits(a);
wolfSSL	13:f67a6c6013ca	2514	}
wolfSSL	13:f67a6c6013ca	2515
wolfSSL	13:f67a6c6013ca	2516	int mp_leading_bit (mp_int* a)
wolfSSL	13:f67a6c6013ca	2517	{
wolfSSL	13:f67a6c6013ca	2518	return fp_leading_bit(a);
wolfSSL	13:f67a6c6013ca	2519	}
wolfSSL	13:f67a6c6013ca	2520
wolfSSL	13:f67a6c6013ca	2521	void mp_rshb (mp_int* a, int x)
wolfSSL	13:f67a6c6013ca	2522	{
wolfSSL	13:f67a6c6013ca	2523	fp_rshb(a, x);
wolfSSL	13:f67a6c6013ca	2524	}
wolfSSL	13:f67a6c6013ca	2525
wolfSSL	13:f67a6c6013ca	2526	void mp_rshd (mp_int* a, int x)
wolfSSL	13:f67a6c6013ca	2527	{
wolfSSL	13:f67a6c6013ca	2528	fp_rshd(a, x);
wolfSSL	13:f67a6c6013ca	2529	}
wolfSSL	13:f67a6c6013ca	2530
wolfSSL	13:f67a6c6013ca	2531	int mp_set_int(mp_int *a, unsigned long b)
wolfSSL	13:f67a6c6013ca	2532	{
wolfSSL	13:f67a6c6013ca	2533	fp_set_int(a, b);
wolfSSL	13:f67a6c6013ca	2534	return MP_OKAY;
wolfSSL	13:f67a6c6013ca	2535	}
wolfSSL	13:f67a6c6013ca	2536
wolfSSL	13:f67a6c6013ca	2537	int mp_is_bit_set (mp_int *a, mp_digit b)
wolfSSL	13:f67a6c6013ca	2538	{
wolfSSL	13:f67a6c6013ca	2539	return fp_is_bit_set(a, b);
wolfSSL	13:f67a6c6013ca	2540	}
wolfSSL	13:f67a6c6013ca	2541
wolfSSL	13:f67a6c6013ca	2542	int mp_set_bit(mp_int *a, mp_digit b)
wolfSSL	13:f67a6c6013ca	2543	{
wolfSSL	13:f67a6c6013ca	2544	return fp_set_bit(a, b);
wolfSSL	13:f67a6c6013ca	2545	}
wolfSSL	13:f67a6c6013ca	2546
wolfSSL	13:f67a6c6013ca	2547	#if defined(WOLFSSL_KEY_GEN) \|\| defined (HAVE_ECC)
wolfSSL	13:f67a6c6013ca	2548
wolfSSL	13:f67a6c6013ca	2549	/* c = a * a (mod b) */
wolfSSL	13:f67a6c6013ca	2550	int fp_sqrmod(fp_int a, fp_int b, fp_int *c)
wolfSSL	13:f67a6c6013ca	2551	{
wolfSSL	13:f67a6c6013ca	2552	int err;
wolfSSL	13:f67a6c6013ca	2553	fp_int t;
wolfSSL	13:f67a6c6013ca	2554
wolfSSL	13:f67a6c6013ca	2555	fp_init(&t);
wolfSSL	13:f67a6c6013ca	2556	fp_sqr(a, &t);
wolfSSL	13:f67a6c6013ca	2557
wolfSSL	13:f67a6c6013ca	2558	#if defined(ALT_ECC_SIZE) \|\| defined(HAVE_WOLF_BIGINT)
wolfSSL	13:f67a6c6013ca	2559	if (c->size < FP_SIZE) {
wolfSSL	13:f67a6c6013ca	2560	err = fp_mod(&t, b, &t);
wolfSSL	13:f67a6c6013ca	2561	fp_copy(&t, c);
wolfSSL	13:f67a6c6013ca	2562	}
wolfSSL	13:f67a6c6013ca	2563	else
wolfSSL	13:f67a6c6013ca	2564	#endif
wolfSSL	13:f67a6c6013ca	2565	{
wolfSSL	13:f67a6c6013ca	2566	err = fp_mod(&t, b, c);
wolfSSL	13:f67a6c6013ca	2567	}
wolfSSL	13:f67a6c6013ca	2568
wolfSSL	13:f67a6c6013ca	2569	return err;
wolfSSL	13:f67a6c6013ca	2570	}
wolfSSL	13:f67a6c6013ca	2571
wolfSSL	13:f67a6c6013ca	2572	/* fast math conversion */
wolfSSL	13:f67a6c6013ca	2573	int mp_sqrmod(mp_int a, mp_int b, mp_int *c)
wolfSSL	13:f67a6c6013ca	2574	{
wolfSSL	13:f67a6c6013ca	2575	return fp_sqrmod(a, b, c);
wolfSSL	13:f67a6c6013ca	2576	}
wolfSSL	13:f67a6c6013ca	2577
wolfSSL	13:f67a6c6013ca	2578	/* fast math conversion */
wolfSSL	13:f67a6c6013ca	2579	int mp_montgomery_calc_normalization(mp_int a, mp_int b)
wolfSSL	13:f67a6c6013ca	2580	{
wolfSSL	13:f67a6c6013ca	2581	fp_montgomery_calc_normalization(a, b);
wolfSSL	13:f67a6c6013ca	2582	return MP_OKAY;
wolfSSL	13:f67a6c6013ca	2583	}
wolfSSL	13:f67a6c6013ca	2584
wolfSSL	13:f67a6c6013ca	2585	#endif /* WOLFSSL_KEYGEN \|\| HAVE_ECC */
wolfSSL	13:f67a6c6013ca	2586
wolfSSL	13:f67a6c6013ca	2587
wolfSSL	13:f67a6c6013ca	2588	#if defined(WOLFSSL_KEY_GEN) \|\| defined(HAVE_COMP_KEY) \|\| \
wolfSSL	13:f67a6c6013ca	2589	defined(WOLFSSL_DEBUG_MATH)
wolfSSL	13:f67a6c6013ca	2590
wolfSSL	13:f67a6c6013ca	2591	#ifdef WOLFSSL_KEY_GEN
wolfSSL	13:f67a6c6013ca	2592	/* swap the elements of two integers, for cases where you can't simply swap the
wolfSSL	13:f67a6c6013ca	2593	* mp_int pointers around
wolfSSL	13:f67a6c6013ca	2594	*/
wolfSSL	13:f67a6c6013ca	2595	static void fp_exch (fp_int * a, fp_int * b)
wolfSSL	13:f67a6c6013ca	2596	{
wolfSSL	13:f67a6c6013ca	2597	fp_int t;
wolfSSL	13:f67a6c6013ca	2598
wolfSSL	13:f67a6c6013ca	2599	t = *a;
wolfSSL	13:f67a6c6013ca	2600	a = b;
wolfSSL	13:f67a6c6013ca	2601	*b = t;
wolfSSL	13:f67a6c6013ca	2602	}
wolfSSL	13:f67a6c6013ca	2603	#endif
wolfSSL	13:f67a6c6013ca	2604
wolfSSL	13:f67a6c6013ca	2605	static const int lnz[16] = {
wolfSSL	13:f67a6c6013ca	2606	4, 0, 1, 0, 2, 0, 1, 0, 3, 0, 1, 0, 2, 0, 1, 0
wolfSSL	13:f67a6c6013ca	2607	};
wolfSSL	13:f67a6c6013ca	2608
wolfSSL	13:f67a6c6013ca	2609	/* Counts the number of lsbs which are zero before the first zero bit */
wolfSSL	13:f67a6c6013ca	2610	int fp_cnt_lsb(fp_int *a)
wolfSSL	13:f67a6c6013ca	2611	{
wolfSSL	13:f67a6c6013ca	2612	int x;
wolfSSL	13:f67a6c6013ca	2613	fp_digit q, qq;
wolfSSL	13:f67a6c6013ca	2614
wolfSSL	13:f67a6c6013ca	2615	/* easy out */
wolfSSL	13:f67a6c6013ca	2616	if (fp_iszero(a) == FP_YES) {
wolfSSL	13:f67a6c6013ca	2617	return 0;
wolfSSL	13:f67a6c6013ca	2618	}
wolfSSL	13:f67a6c6013ca	2619
wolfSSL	13:f67a6c6013ca	2620	/* scan lower digits until non-zero */
wolfSSL	13:f67a6c6013ca	2621	for (x = 0; x < a->used && a->dp[x] == 0; x++) {}
wolfSSL	13:f67a6c6013ca	2622	q = a->dp[x];
wolfSSL	13:f67a6c6013ca	2623	x *= DIGIT_BIT;
wolfSSL	13:f67a6c6013ca	2624
wolfSSL	13:f67a6c6013ca	2625	/* now scan this digit until a 1 is found */
wolfSSL	13:f67a6c6013ca	2626	if ((q & 1) == 0) {
wolfSSL	13:f67a6c6013ca	2627	do {
wolfSSL	13:f67a6c6013ca	2628	qq = q & 15;
wolfSSL	13:f67a6c6013ca	2629	x += lnz[qq];
wolfSSL	13:f67a6c6013ca	2630	q >>= 4;
wolfSSL	13:f67a6c6013ca	2631	} while (qq == 0);
wolfSSL	13:f67a6c6013ca	2632	}
wolfSSL	13:f67a6c6013ca	2633	return x;
wolfSSL	13:f67a6c6013ca	2634	}
wolfSSL	13:f67a6c6013ca	2635
wolfSSL	13:f67a6c6013ca	2636
wolfSSL	13:f67a6c6013ca	2637	static int s_is_power_of_two(fp_digit b, int *p)
wolfSSL	13:f67a6c6013ca	2638	{
wolfSSL	13:f67a6c6013ca	2639	int x;
wolfSSL	13:f67a6c6013ca	2640
wolfSSL	13:f67a6c6013ca	2641	/* fast return if no power of two */
wolfSSL	13:f67a6c6013ca	2642	if ((b==0) \|\| (b & (b-1))) {
wolfSSL	13:f67a6c6013ca	2643	return FP_NO;
wolfSSL	13:f67a6c6013ca	2644	}
wolfSSL	13:f67a6c6013ca	2645
wolfSSL	13:f67a6c6013ca	2646	for (x = 0; x < DIGIT_BIT; x++) {
wolfSSL	13:f67a6c6013ca	2647	if (b == (((fp_digit)1)<<x)) {
wolfSSL	13:f67a6c6013ca	2648	*p = x;
wolfSSL	13:f67a6c6013ca	2649	return FP_YES;
wolfSSL	13:f67a6c6013ca	2650	}
wolfSSL	13:f67a6c6013ca	2651	}
wolfSSL	13:f67a6c6013ca	2652	return FP_NO;
wolfSSL	13:f67a6c6013ca	2653	}
wolfSSL	13:f67a6c6013ca	2654
wolfSSL	13:f67a6c6013ca	2655	/* a/b => cb + d == a */
wolfSSL	13:f67a6c6013ca	2656	static int fp_div_d(fp_int a, fp_digit b, fp_int c, fp_digit *d)
wolfSSL	13:f67a6c6013ca	2657	{
wolfSSL	13:f67a6c6013ca	2658	fp_int q;
wolfSSL	13:f67a6c6013ca	2659	fp_word w;
wolfSSL	13:f67a6c6013ca	2660	fp_digit t;
wolfSSL	13:f67a6c6013ca	2661	int ix;
wolfSSL	13:f67a6c6013ca	2662
wolfSSL	13:f67a6c6013ca	2663	/* cannot divide by zero */
wolfSSL	13:f67a6c6013ca	2664	if (b == 0) {
wolfSSL	13:f67a6c6013ca	2665	return FP_VAL;
wolfSSL	13:f67a6c6013ca	2666	}
wolfSSL	13:f67a6c6013ca	2667
wolfSSL	13:f67a6c6013ca	2668	/* quick outs */
wolfSSL	13:f67a6c6013ca	2669	if (b == 1 \|\| fp_iszero(a) == FP_YES) {
wolfSSL	13:f67a6c6013ca	2670	if (d != NULL) {
wolfSSL	13:f67a6c6013ca	2671	*d = 0;
wolfSSL	13:f67a6c6013ca	2672	}
wolfSSL	13:f67a6c6013ca	2673	if (c != NULL) {
wolfSSL	13:f67a6c6013ca	2674	fp_copy(a, c);
wolfSSL	13:f67a6c6013ca	2675	}
wolfSSL	13:f67a6c6013ca	2676	return FP_OKAY;
wolfSSL	13:f67a6c6013ca	2677	}
wolfSSL	13:f67a6c6013ca	2678
wolfSSL	13:f67a6c6013ca	2679	/* power of two ? */
wolfSSL	13:f67a6c6013ca	2680	if (s_is_power_of_two(b, &ix) == FP_YES) {
wolfSSL	13:f67a6c6013ca	2681	if (d != NULL) {
wolfSSL	13:f67a6c6013ca	2682	*d = a->dp[0] & ((((fp_digit)1)<<ix) - 1);
wolfSSL	13:f67a6c6013ca	2683	}
wolfSSL	13:f67a6c6013ca	2684	if (c != NULL) {
wolfSSL	13:f67a6c6013ca	2685	fp_div_2d(a, ix, c, NULL);
wolfSSL	13:f67a6c6013ca	2686	}
wolfSSL	13:f67a6c6013ca	2687	return FP_OKAY;
wolfSSL	13:f67a6c6013ca	2688	}
wolfSSL	13:f67a6c6013ca	2689
wolfSSL	13:f67a6c6013ca	2690	if (c != NULL) {
wolfSSL	13:f67a6c6013ca	2691	/* no easy answer [c'est la vie]. Just division */
wolfSSL	13:f67a6c6013ca	2692	fp_init(&q);
wolfSSL	13:f67a6c6013ca	2693
wolfSSL	13:f67a6c6013ca	2694	q.used = a->used;
wolfSSL	13:f67a6c6013ca	2695	q.sign = a->sign;
wolfSSL	13:f67a6c6013ca	2696	}
wolfSSL	13:f67a6c6013ca	2697
wolfSSL	13:f67a6c6013ca	2698	w = 0;
wolfSSL	13:f67a6c6013ca	2699	for (ix = a->used - 1; ix >= 0; ix--) {
wolfSSL	13:f67a6c6013ca	2700	w = (w << ((fp_word)DIGIT_BIT)) \| ((fp_word)a->dp[ix]);
wolfSSL	13:f67a6c6013ca	2701
wolfSSL	13:f67a6c6013ca	2702	if (w >= b) {
wolfSSL	13:f67a6c6013ca	2703	t = (fp_digit)(w / b);
wolfSSL	13:f67a6c6013ca	2704	w -= ((fp_word)t) * ((fp_word)b);
wolfSSL	13:f67a6c6013ca	2705	} else {
wolfSSL	13:f67a6c6013ca	2706	t = 0;
wolfSSL	13:f67a6c6013ca	2707	}
wolfSSL	13:f67a6c6013ca	2708	if (c != NULL)
wolfSSL	13:f67a6c6013ca	2709	q.dp[ix] = (fp_digit)t;
wolfSSL	13:f67a6c6013ca	2710	}
wolfSSL	13:f67a6c6013ca	2711
wolfSSL	13:f67a6c6013ca	2712	if (d != NULL) {
wolfSSL	13:f67a6c6013ca	2713	*d = (fp_digit)w;
wolfSSL	13:f67a6c6013ca	2714	}
wolfSSL	13:f67a6c6013ca	2715
wolfSSL	13:f67a6c6013ca	2716	if (c != NULL) {
wolfSSL	13:f67a6c6013ca	2717	fp_clamp(&q);
wolfSSL	13:f67a6c6013ca	2718	fp_copy(&q, c);
wolfSSL	13:f67a6c6013ca	2719	}
wolfSSL	13:f67a6c6013ca	2720
wolfSSL	13:f67a6c6013ca	2721	return FP_OKAY;
wolfSSL	13:f67a6c6013ca	2722	}
wolfSSL	13:f67a6c6013ca	2723
wolfSSL	13:f67a6c6013ca	2724
wolfSSL	13:f67a6c6013ca	2725	/* c = a mod b, 0 <= c < b */
wolfSSL	13:f67a6c6013ca	2726	static int fp_mod_d(fp_int a, fp_digit b, fp_digit c)
wolfSSL	13:f67a6c6013ca	2727	{
wolfSSL	13:f67a6c6013ca	2728	return fp_div_d(a, b, NULL, c);
wolfSSL	13:f67a6c6013ca	2729	}
wolfSSL	13:f67a6c6013ca	2730
wolfSSL	13:f67a6c6013ca	2731	int mp_mod_d(fp_int a, fp_digit b, fp_digit c)
wolfSSL	13:f67a6c6013ca	2732	{
wolfSSL	13:f67a6c6013ca	2733	return fp_mod_d(a, b, c);
wolfSSL	13:f67a6c6013ca	2734	}
wolfSSL	13:f67a6c6013ca	2735
wolfSSL	13:f67a6c6013ca	2736	#endif /* defined(WOLFSSL_KEY_GEN) \|\| defined(HAVE_COMP_KEY) \|\| defined(WOLFSSL_DEBUG_MATH) */
wolfSSL	13:f67a6c6013ca	2737
wolfSSL	13:f67a6c6013ca	2738	#ifdef WOLFSSL_KEY_GEN
wolfSSL	13:f67a6c6013ca	2739
wolfSSL	13:f67a6c6013ca	2740	static void fp_gcd(fp_int a, fp_int b, fp_int *c);
wolfSSL	13:f67a6c6013ca	2741	static void fp_lcm(fp_int a, fp_int b, fp_int *c);
wolfSSL	13:f67a6c6013ca	2742	static int fp_isprime_ex(fp_int *a, int t);
wolfSSL	13:f67a6c6013ca	2743	static int fp_isprime(fp_int *a);
wolfSSL	13:f67a6c6013ca	2744	static int fp_randprime(fp_int* N, int len, WC_RNG* rng, void* heap);
wolfSSL	13:f67a6c6013ca	2745
wolfSSL	13:f67a6c6013ca	2746	int mp_gcd(fp_int a, fp_int b, fp_int *c)
wolfSSL	13:f67a6c6013ca	2747	{
wolfSSL	13:f67a6c6013ca	2748	fp_gcd(a, b, c);
wolfSSL	13:f67a6c6013ca	2749	return MP_OKAY;
wolfSSL	13:f67a6c6013ca	2750	}
wolfSSL	13:f67a6c6013ca	2751
wolfSSL	13:f67a6c6013ca	2752
wolfSSL	13:f67a6c6013ca	2753	int mp_lcm(fp_int a, fp_int b, fp_int *c)
wolfSSL	13:f67a6c6013ca	2754	{
wolfSSL	13:f67a6c6013ca	2755	fp_lcm(a, b, c);
wolfSSL	13:f67a6c6013ca	2756	return MP_OKAY;
wolfSSL	13:f67a6c6013ca	2757	}
wolfSSL	13:f67a6c6013ca	2758
wolfSSL	13:f67a6c6013ca	2759
wolfSSL	13:f67a6c6013ca	2760	int mp_prime_is_prime(mp_int* a, int t, int* result)
wolfSSL	13:f67a6c6013ca	2761	{
wolfSSL	13:f67a6c6013ca	2762	(void)t;
wolfSSL	13:f67a6c6013ca	2763	*result = fp_isprime(a);
wolfSSL	13:f67a6c6013ca	2764	return MP_OKAY;
wolfSSL	13:f67a6c6013ca	2765	}
wolfSSL	13:f67a6c6013ca	2766
wolfSSL	13:f67a6c6013ca	2767	int mp_rand_prime(mp_int* N, int len, WC_RNG* rng, void* heap)
wolfSSL	13:f67a6c6013ca	2768	{
wolfSSL	13:f67a6c6013ca	2769	int err;
wolfSSL	13:f67a6c6013ca	2770
wolfSSL	13:f67a6c6013ca	2771	err = fp_randprime(N, len, rng, heap);
wolfSSL	13:f67a6c6013ca	2772	switch(err) {
wolfSSL	13:f67a6c6013ca	2773	case FP_VAL:
wolfSSL	13:f67a6c6013ca	2774	return MP_VAL;
wolfSSL	13:f67a6c6013ca	2775	case FP_MEM:
wolfSSL	13:f67a6c6013ca	2776	return MP_MEM;
wolfSSL	13:f67a6c6013ca	2777	default:
wolfSSL	13:f67a6c6013ca	2778	break;
wolfSSL	13:f67a6c6013ca	2779	}
wolfSSL	13:f67a6c6013ca	2780
wolfSSL	13:f67a6c6013ca	2781	return MP_OKAY;
wolfSSL	13:f67a6c6013ca	2782	}
wolfSSL	13:f67a6c6013ca	2783
wolfSSL	13:f67a6c6013ca	2784	int mp_exch (mp_int * a, mp_int * b)
wolfSSL	13:f67a6c6013ca	2785	{
wolfSSL	13:f67a6c6013ca	2786	fp_exch(a, b);
wolfSSL	13:f67a6c6013ca	2787	return MP_OKAY;
wolfSSL	13:f67a6c6013ca	2788	}
wolfSSL	13:f67a6c6013ca	2789
wolfSSL	13:f67a6c6013ca	2790	/* Miller-Rabin test of "a" to the base of "b" as described in
wolfSSL	13:f67a6c6013ca	2791	* HAC pp. 139 Algorithm 4.24
wolfSSL	13:f67a6c6013ca	2792	*
wolfSSL	13:f67a6c6013ca	2793	* Sets result to 0 if definitely composite or 1 if probably prime.
wolfSSL	13:f67a6c6013ca	2794	* Randomly the chance of error is no more than 1/4 and often
wolfSSL	13:f67a6c6013ca	2795	* very much lower.
wolfSSL	13:f67a6c6013ca	2796	*/
wolfSSL	13:f67a6c6013ca	2797	static void fp_prime_miller_rabin (fp_int * a, fp_int * b, int *result)
wolfSSL	13:f67a6c6013ca	2798	{
wolfSSL	13:f67a6c6013ca	2799	fp_int n1, y, r;
wolfSSL	13:f67a6c6013ca	2800	int s, j;
wolfSSL	13:f67a6c6013ca	2801
wolfSSL	13:f67a6c6013ca	2802	/* default */
wolfSSL	13:f67a6c6013ca	2803	*result = FP_NO;
wolfSSL	13:f67a6c6013ca	2804
wolfSSL	13:f67a6c6013ca	2805	/* ensure b > 1 */
wolfSSL	13:f67a6c6013ca	2806	if (fp_cmp_d(b, 1) != FP_GT) {
wolfSSL	13:f67a6c6013ca	2807	return;
wolfSSL	13:f67a6c6013ca	2808	}
wolfSSL	13:f67a6c6013ca	2809
wolfSSL	13:f67a6c6013ca	2810	/* get n1 = a - 1 */
wolfSSL	13:f67a6c6013ca	2811	fp_init_copy(&n1, a);
wolfSSL	13:f67a6c6013ca	2812	fp_sub_d(&n1, 1, &n1);
wolfSSL	13:f67a6c6013ca	2813
wolfSSL	13:f67a6c6013ca	2814	/* set 2*s r = n1 */
wolfSSL	13:f67a6c6013ca	2815	fp_init_copy(&r, &n1);
wolfSSL	13:f67a6c6013ca	2816
wolfSSL	13:f67a6c6013ca	2817	/* count the number of least significant bits
wolfSSL	13:f67a6c6013ca	2818	* which are zero
wolfSSL	13:f67a6c6013ca	2819	*/
wolfSSL	13:f67a6c6013ca	2820	s = fp_cnt_lsb(&r);
wolfSSL	13:f67a6c6013ca	2821
wolfSSL	13:f67a6c6013ca	2822	/* now divide n - 1 by 2*s /
wolfSSL	13:f67a6c6013ca	2823	fp_div_2d (&r, s, &r, NULL);
wolfSSL	13:f67a6c6013ca	2824
wolfSSL	13:f67a6c6013ca	2825	/* compute y = b*r mod a /
wolfSSL	13:f67a6c6013ca	2826	fp_init(&y);
wolfSSL	13:f67a6c6013ca	2827	fp_exptmod(b, &r, a, &y);
wolfSSL	13:f67a6c6013ca	2828
wolfSSL	13:f67a6c6013ca	2829	/* if y != 1 and y != n1 do */
wolfSSL	13:f67a6c6013ca	2830	if (fp_cmp_d (&y, 1) != FP_EQ && fp_cmp (&y, &n1) != FP_EQ) {
wolfSSL	13:f67a6c6013ca	2831	j = 1;
wolfSSL	13:f67a6c6013ca	2832	/* while j <= s-1 and y != n1 */
wolfSSL	13:f67a6c6013ca	2833	while ((j <= (s - 1)) && fp_cmp (&y, &n1) != FP_EQ) {
wolfSSL	13:f67a6c6013ca	2834	fp_sqrmod (&y, a, &y);
wolfSSL	13:f67a6c6013ca	2835
wolfSSL	13:f67a6c6013ca	2836	/* if y == 1 then composite */
wolfSSL	13:f67a6c6013ca	2837	if (fp_cmp_d (&y, 1) == FP_EQ) {
wolfSSL	13:f67a6c6013ca	2838	return;
wolfSSL	13:f67a6c6013ca	2839	}
wolfSSL	13:f67a6c6013ca	2840	++j;
wolfSSL	13:f67a6c6013ca	2841	}
wolfSSL	13:f67a6c6013ca	2842
wolfSSL	13:f67a6c6013ca	2843	/* if y != n1 then composite */
wolfSSL	13:f67a6c6013ca	2844	if (fp_cmp (&y, &n1) != FP_EQ) {
wolfSSL	13:f67a6c6013ca	2845	return;
wolfSSL	13:f67a6c6013ca	2846	}
wolfSSL	13:f67a6c6013ca	2847	}
wolfSSL	13:f67a6c6013ca	2848
wolfSSL	13:f67a6c6013ca	2849	/* probably prime now */
wolfSSL	13:f67a6c6013ca	2850	*result = FP_YES;
wolfSSL	13:f67a6c6013ca	2851	}
wolfSSL	13:f67a6c6013ca	2852
wolfSSL	13:f67a6c6013ca	2853
wolfSSL	13:f67a6c6013ca	2854	/* a few primes */
wolfSSL	13:f67a6c6013ca	2855	static const fp_digit primes[FP_PRIME_SIZE] = {
wolfSSL	13:f67a6c6013ca	2856	0x0002, 0x0003, 0x0005, 0x0007, 0x000B, 0x000D, 0x0011, 0x0013,
wolfSSL	13:f67a6c6013ca	2857	0x0017, 0x001D, 0x001F, 0x0025, 0x0029, 0x002B, 0x002F, 0x0035,
wolfSSL	13:f67a6c6013ca	2858	0x003B, 0x003D, 0x0043, 0x0047, 0x0049, 0x004F, 0x0053, 0x0059,
wolfSSL	13:f67a6c6013ca	2859	0x0061, 0x0065, 0x0067, 0x006B, 0x006D, 0x0071, 0x007F, 0x0083,
wolfSSL	13:f67a6c6013ca	2860	0x0089, 0x008B, 0x0095, 0x0097, 0x009D, 0x00A3, 0x00A7, 0x00AD,
wolfSSL	13:f67a6c6013ca	2861	0x00B3, 0x00B5, 0x00BF, 0x00C1, 0x00C5, 0x00C7, 0x00D3, 0x00DF,
wolfSSL	13:f67a6c6013ca	2862	0x00E3, 0x00E5, 0x00E9, 0x00EF, 0x00F1, 0x00FB, 0x0101, 0x0107,
wolfSSL	13:f67a6c6013ca	2863	0x010D, 0x010F, 0x0115, 0x0119, 0x011B, 0x0125, 0x0133, 0x0137,
wolfSSL	13:f67a6c6013ca	2864
wolfSSL	13:f67a6c6013ca	2865	0x0139, 0x013D, 0x014B, 0x0151, 0x015B, 0x015D, 0x0161, 0x0167,
wolfSSL	13:f67a6c6013ca	2866	0x016F, 0x0175, 0x017B, 0x017F, 0x0185, 0x018D, 0x0191, 0x0199,
wolfSSL	13:f67a6c6013ca	2867	0x01A3, 0x01A5, 0x01AF, 0x01B1, 0x01B7, 0x01BB, 0x01C1, 0x01C9,
wolfSSL	13:f67a6c6013ca	2868	0x01CD, 0x01CF, 0x01D3, 0x01DF, 0x01E7, 0x01EB, 0x01F3, 0x01F7,
wolfSSL	13:f67a6c6013ca	2869	0x01FD, 0x0209, 0x020B, 0x021D, 0x0223, 0x022D, 0x0233, 0x0239,
wolfSSL	13:f67a6c6013ca	2870	0x023B, 0x0241, 0x024B, 0x0251, 0x0257, 0x0259, 0x025F, 0x0265,
wolfSSL	13:f67a6c6013ca	2871	0x0269, 0x026B, 0x0277, 0x0281, 0x0283, 0x0287, 0x028D, 0x0293,
wolfSSL	13:f67a6c6013ca	2872	0x0295, 0x02A1, 0x02A5, 0x02AB, 0x02B3, 0x02BD, 0x02C5, 0x02CF,
wolfSSL	13:f67a6c6013ca	2873
wolfSSL	13:f67a6c6013ca	2874	0x02D7, 0x02DD, 0x02E3, 0x02E7, 0x02EF, 0x02F5, 0x02F9, 0x0301,
wolfSSL	13:f67a6c6013ca	2875	0x0305, 0x0313, 0x031D, 0x0329, 0x032B, 0x0335, 0x0337, 0x033B,
wolfSSL	13:f67a6c6013ca	2876	0x033D, 0x0347, 0x0355, 0x0359, 0x035B, 0x035F, 0x036D, 0x0371,
wolfSSL	13:f67a6c6013ca	2877	0x0373, 0x0377, 0x038B, 0x038F, 0x0397, 0x03A1, 0x03A9, 0x03AD,
wolfSSL	13:f67a6c6013ca	2878	0x03B3, 0x03B9, 0x03C7, 0x03CB, 0x03D1, 0x03D7, 0x03DF, 0x03E5,
wolfSSL	13:f67a6c6013ca	2879	0x03F1, 0x03F5, 0x03FB, 0x03FD, 0x0407, 0x0409, 0x040F, 0x0419,
wolfSSL	13:f67a6c6013ca	2880	0x041B, 0x0425, 0x0427, 0x042D, 0x043F, 0x0443, 0x0445, 0x0449,
wolfSSL	13:f67a6c6013ca	2881	0x044F, 0x0455, 0x045D, 0x0463, 0x0469, 0x047F, 0x0481, 0x048B,
wolfSSL	13:f67a6c6013ca	2882
wolfSSL	13:f67a6c6013ca	2883	0x0493, 0x049D, 0x04A3, 0x04A9, 0x04B1, 0x04BD, 0x04C1, 0x04C7,
wolfSSL	13:f67a6c6013ca	2884	0x04CD, 0x04CF, 0x04D5, 0x04E1, 0x04EB, 0x04FD, 0x04FF, 0x0503,
wolfSSL	13:f67a6c6013ca	2885	0x0509, 0x050B, 0x0511, 0x0515, 0x0517, 0x051B, 0x0527, 0x0529,
wolfSSL	13:f67a6c6013ca	2886	0x052F, 0x0551, 0x0557, 0x055D, 0x0565, 0x0577, 0x0581, 0x058F,
wolfSSL	13:f67a6c6013ca	2887	0x0593, 0x0595, 0x0599, 0x059F, 0x05A7, 0x05AB, 0x05AD, 0x05B3,
wolfSSL	13:f67a6c6013ca	2888	0x05BF, 0x05C9, 0x05CB, 0x05CF, 0x05D1, 0x05D5, 0x05DB, 0x05E7,
wolfSSL	13:f67a6c6013ca	2889	0x05F3, 0x05FB, 0x0607, 0x060D, 0x0611, 0x0617, 0x061F, 0x0623,
wolfSSL	13:f67a6c6013ca	2890	0x062B, 0x062F, 0x063D, 0x0641, 0x0647, 0x0649, 0x064D, 0x0653
wolfSSL	13:f67a6c6013ca	2891	};
wolfSSL	13:f67a6c6013ca	2892
wolfSSL	13:f67a6c6013ca	2893	int fp_isprime_ex(fp_int *a, int t)
wolfSSL	13:f67a6c6013ca	2894	{
wolfSSL	13:f67a6c6013ca	2895	fp_int b;
wolfSSL	13:f67a6c6013ca	2896	fp_digit d;
wolfSSL	13:f67a6c6013ca	2897	int r, res;
wolfSSL	13:f67a6c6013ca	2898
wolfSSL	13:f67a6c6013ca	2899	if (t <= 0 \|\| t > FP_PRIME_SIZE) {
wolfSSL	13:f67a6c6013ca	2900	return FP_NO;
wolfSSL	13:f67a6c6013ca	2901	}
wolfSSL	13:f67a6c6013ca	2902
wolfSSL	13:f67a6c6013ca	2903	/* do trial division */
wolfSSL	13:f67a6c6013ca	2904	for (r = 0; r < FP_PRIME_SIZE; r++) {
wolfSSL	13:f67a6c6013ca	2905	fp_mod_d(a, primes[r], &d);
wolfSSL	13:f67a6c6013ca	2906	if (d == 0) {
wolfSSL	13:f67a6c6013ca	2907	return FP_NO;
wolfSSL	13:f67a6c6013ca	2908	}
wolfSSL	13:f67a6c6013ca	2909	}
wolfSSL	13:f67a6c6013ca	2910
wolfSSL	13:f67a6c6013ca	2911	/* now do 't' miller rabins */
wolfSSL	13:f67a6c6013ca	2912	fp_init(&b);
wolfSSL	13:f67a6c6013ca	2913	for (r = 0; r < t; r++) {
wolfSSL	13:f67a6c6013ca	2914	fp_set(&b, primes[r]);
wolfSSL	13:f67a6c6013ca	2915	fp_prime_miller_rabin(a, &b, &res);
wolfSSL	13:f67a6c6013ca	2916	if (res == FP_NO) {
wolfSSL	13:f67a6c6013ca	2917	return FP_NO;
wolfSSL	13:f67a6c6013ca	2918	}
wolfSSL	13:f67a6c6013ca	2919	}
wolfSSL	13:f67a6c6013ca	2920	return FP_YES;
wolfSSL	13:f67a6c6013ca	2921	}
wolfSSL	13:f67a6c6013ca	2922
wolfSSL	13:f67a6c6013ca	2923	int fp_isprime(fp_int *a)
wolfSSL	13:f67a6c6013ca	2924	{
wolfSSL	13:f67a6c6013ca	2925	return fp_isprime_ex(a, 8);
wolfSSL	13:f67a6c6013ca	2926	}
wolfSSL	13:f67a6c6013ca	2927
wolfSSL	13:f67a6c6013ca	2928	int fp_randprime(fp_int* N, int len, WC_RNG* rng, void* heap)
wolfSSL	13:f67a6c6013ca	2929	{
wolfSSL	13:f67a6c6013ca	2930	static const int USE_BBS = 1;
wolfSSL	13:f67a6c6013ca	2931	int err, type;
wolfSSL	13:f67a6c6013ca	2932	byte* buf;
wolfSSL	13:f67a6c6013ca	2933
wolfSSL	13:f67a6c6013ca	2934	/* get type */
wolfSSL	13:f67a6c6013ca	2935	if (len < 0) {
wolfSSL	13:f67a6c6013ca	2936	type = USE_BBS;
wolfSSL	13:f67a6c6013ca	2937	len = -len;
wolfSSL	13:f67a6c6013ca	2938	} else {
wolfSSL	13:f67a6c6013ca	2939	type = 0;
wolfSSL	13:f67a6c6013ca	2940	}
wolfSSL	13:f67a6c6013ca	2941
wolfSSL	13:f67a6c6013ca	2942	/* allow sizes between 2 and 512 bytes for a prime size */
wolfSSL	13:f67a6c6013ca	2943	if (len < 2 \|\| len > 512) {
wolfSSL	13:f67a6c6013ca	2944	return FP_VAL;
wolfSSL	13:f67a6c6013ca	2945	}
wolfSSL	13:f67a6c6013ca	2946
wolfSSL	13:f67a6c6013ca	2947	/* allocate buffer to work with */
wolfSSL	13:f67a6c6013ca	2948	buf = (byte*)XMALLOC(len, heap, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL	13:f67a6c6013ca	2949	if (buf == NULL) {
wolfSSL	13:f67a6c6013ca	2950	return FP_MEM;
wolfSSL	13:f67a6c6013ca	2951	}
wolfSSL	13:f67a6c6013ca	2952	XMEMSET(buf, 0, len);
wolfSSL	13:f67a6c6013ca	2953
wolfSSL	13:f67a6c6013ca	2954	do {
wolfSSL	13:f67a6c6013ca	2955	#ifdef SHOW_GEN
wolfSSL	13:f67a6c6013ca	2956	printf(".");
wolfSSL	13:f67a6c6013ca	2957	fflush(stdout);
wolfSSL	13:f67a6c6013ca	2958	#endif
wolfSSL	13:f67a6c6013ca	2959	/* generate value */
wolfSSL	13:f67a6c6013ca	2960	err = wc_RNG_GenerateBlock(rng, buf, len);
wolfSSL	13:f67a6c6013ca	2961	if (err != 0) {
wolfSSL	13:f67a6c6013ca	2962	XFREE(buf, heap, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL	13:f67a6c6013ca	2963	return FP_VAL;
wolfSSL	13:f67a6c6013ca	2964	}
wolfSSL	13:f67a6c6013ca	2965
wolfSSL	13:f67a6c6013ca	2966	/* munge bits */
wolfSSL	13:f67a6c6013ca	2967	buf[0] \|= 0x80 \| 0x40;
wolfSSL	13:f67a6c6013ca	2968	buf[len-1] \|= 0x01 \| ((type & USE_BBS) ? 0x02 : 0x00);
wolfSSL	13:f67a6c6013ca	2969
wolfSSL	13:f67a6c6013ca	2970	/* load value */
wolfSSL	13:f67a6c6013ca	2971	fp_read_unsigned_bin(N, buf, len);
wolfSSL	13:f67a6c6013ca	2972
wolfSSL	13:f67a6c6013ca	2973	/* test */
wolfSSL	13:f67a6c6013ca	2974	} while (fp_isprime(N) == FP_NO);
wolfSSL	13:f67a6c6013ca	2975
wolfSSL	13:f67a6c6013ca	2976	XMEMSET(buf, 0, len);
wolfSSL	13:f67a6c6013ca	2977	XFREE(buf, heap, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL	13:f67a6c6013ca	2978
wolfSSL	13:f67a6c6013ca	2979	return FP_OKAY;
wolfSSL	13:f67a6c6013ca	2980	}
wolfSSL	13:f67a6c6013ca	2981
wolfSSL	13:f67a6c6013ca	2982	/* c = [a, b] */
wolfSSL	13:f67a6c6013ca	2983	void fp_lcm(fp_int a, fp_int b, fp_int *c)
wolfSSL	13:f67a6c6013ca	2984	{
wolfSSL	13:f67a6c6013ca	2985	fp_int t1, t2;
wolfSSL	13:f67a6c6013ca	2986
wolfSSL	13:f67a6c6013ca	2987	fp_init(&t1);
wolfSSL	13:f67a6c6013ca	2988	fp_init(&t2);
wolfSSL	13:f67a6c6013ca	2989	fp_gcd(a, b, &t1);
wolfSSL	13:f67a6c6013ca	2990	if (fp_cmp_mag(a, b) == FP_GT) {
wolfSSL	13:f67a6c6013ca	2991	fp_div(a, &t1, &t2, NULL);
wolfSSL	13:f67a6c6013ca	2992	fp_mul(b, &t2, c);
wolfSSL	13:f67a6c6013ca	2993	} else {
wolfSSL	13:f67a6c6013ca	2994	fp_div(b, &t1, &t2, NULL);
wolfSSL	13:f67a6c6013ca	2995	fp_mul(a, &t2, c);
wolfSSL	13:f67a6c6013ca	2996	}
wolfSSL	13:f67a6c6013ca	2997	}
wolfSSL	13:f67a6c6013ca	2998
wolfSSL	13:f67a6c6013ca	2999
wolfSSL	13:f67a6c6013ca	3000
wolfSSL	13:f67a6c6013ca	3001	/* c = (a, b) */
wolfSSL	13:f67a6c6013ca	3002	void fp_gcd(fp_int a, fp_int b, fp_int *c)
wolfSSL	13:f67a6c6013ca	3003	{
wolfSSL	13:f67a6c6013ca	3004	fp_int u, v, r;
wolfSSL	13:f67a6c6013ca	3005
wolfSSL	13:f67a6c6013ca	3006	/* either zero than gcd is the largest */
wolfSSL	13:f67a6c6013ca	3007	if (fp_iszero (a) == FP_YES && fp_iszero (b) == FP_NO) {
wolfSSL	13:f67a6c6013ca	3008	fp_abs (b, c);
wolfSSL	13:f67a6c6013ca	3009	return;
wolfSSL	13:f67a6c6013ca	3010	}
wolfSSL	13:f67a6c6013ca	3011	if (fp_iszero (a) == FP_NO && fp_iszero (b) == FP_YES) {
wolfSSL	13:f67a6c6013ca	3012	fp_abs (a, c);
wolfSSL	13:f67a6c6013ca	3013	return;
wolfSSL	13:f67a6c6013ca	3014	}
wolfSSL	13:f67a6c6013ca	3015
wolfSSL	13:f67a6c6013ca	3016	/* optimized. At this point if a == 0 then
wolfSSL	13:f67a6c6013ca	3017	* b must equal zero too
wolfSSL	13:f67a6c6013ca	3018	*/
wolfSSL	13:f67a6c6013ca	3019	if (fp_iszero (a) == FP_YES) {
wolfSSL	13:f67a6c6013ca	3020	fp_zero(c);
wolfSSL	13:f67a6c6013ca	3021	return;
wolfSSL	13:f67a6c6013ca	3022	}
wolfSSL	13:f67a6c6013ca	3023
wolfSSL	13:f67a6c6013ca	3024	/* sort inputs */
wolfSSL	13:f67a6c6013ca	3025	if (fp_cmp_mag(a, b) != FP_LT) {
wolfSSL	13:f67a6c6013ca	3026	fp_init_copy(&u, a);
wolfSSL	13:f67a6c6013ca	3027	fp_init_copy(&v, b);
wolfSSL	13:f67a6c6013ca	3028	} else {
wolfSSL	13:f67a6c6013ca	3029	fp_init_copy(&u, b);
wolfSSL	13:f67a6c6013ca	3030	fp_init_copy(&v, a);
wolfSSL	13:f67a6c6013ca	3031	}
wolfSSL	13:f67a6c6013ca	3032
wolfSSL	13:f67a6c6013ca	3033	fp_init(&r);
wolfSSL	13:f67a6c6013ca	3034	while (fp_iszero(&v) == FP_NO) {
wolfSSL	13:f67a6c6013ca	3035	fp_mod(&u, &v, &r);
wolfSSL	13:f67a6c6013ca	3036	fp_copy(&v, &u);
wolfSSL	13:f67a6c6013ca	3037	fp_copy(&r, &v);
wolfSSL	13:f67a6c6013ca	3038	}
wolfSSL	13:f67a6c6013ca	3039	fp_copy(&u, c);
wolfSSL	13:f67a6c6013ca	3040	}
wolfSSL	13:f67a6c6013ca	3041
wolfSSL	13:f67a6c6013ca	3042	#endif /* WOLFSSL_KEY_GEN */
wolfSSL	13:f67a6c6013ca	3043
wolfSSL	13:f67a6c6013ca	3044
wolfSSL	13:f67a6c6013ca	3045	#if defined(HAVE_ECC) \|\| !defined(NO_PWDBASED) \|\| defined(OPENSSL_EXTRA) \|\| \
wolfSSL	13:f67a6c6013ca	3046	defined(WC_RSA_BLINDING)
wolfSSL	13:f67a6c6013ca	3047	/* c = a + b */
wolfSSL	13:f67a6c6013ca	3048	void fp_add_d(fp_int a, fp_digit b, fp_int c)
wolfSSL	13:f67a6c6013ca	3049	{
wolfSSL	13:f67a6c6013ca	3050	fp_int tmp;
wolfSSL	13:f67a6c6013ca	3051	fp_init(&tmp);
wolfSSL	13:f67a6c6013ca	3052	fp_set(&tmp, b);
wolfSSL	13:f67a6c6013ca	3053	fp_add(a, &tmp, c);
wolfSSL	13:f67a6c6013ca	3054	}
wolfSSL	13:f67a6c6013ca	3055
wolfSSL	13:f67a6c6013ca	3056	/* external compatibility */
wolfSSL	13:f67a6c6013ca	3057	int mp_add_d(fp_int a, fp_digit b, fp_int c)
wolfSSL	13:f67a6c6013ca	3058	{
wolfSSL	13:f67a6c6013ca	3059	fp_add_d(a, b, c);
wolfSSL	13:f67a6c6013ca	3060	return MP_OKAY;
wolfSSL	13:f67a6c6013ca	3061	}
wolfSSL	13:f67a6c6013ca	3062
wolfSSL	13:f67a6c6013ca	3063	#endif /* HAVE_ECC \|\| !NO_PWDBASED */
wolfSSL	13:f67a6c6013ca	3064
wolfSSL	13:f67a6c6013ca	3065
wolfSSL	13:f67a6c6013ca	3066	#if defined(HAVE_ECC) \|\| defined(WOLFSSL_KEY_GEN) \|\| defined(HAVE_COMP_KEY)
wolfSSL	13:f67a6c6013ca	3067
wolfSSL	13:f67a6c6013ca	3068	/* chars used in radix conversions */
wolfSSL	13:f67a6c6013ca	3069	static const char *fp_s_rmap = "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ\
wolfSSL	13:f67a6c6013ca	3070	abcdefghijklmnopqrstuvwxyz+/";
wolfSSL	13:f67a6c6013ca	3071	#endif
wolfSSL	13:f67a6c6013ca	3072
wolfSSL	13:f67a6c6013ca	3073	#ifdef HAVE_ECC
wolfSSL	13:f67a6c6013ca	3074	static int fp_read_radix(fp_int a, const char str, int radix)
wolfSSL	13:f67a6c6013ca	3075	{
wolfSSL	13:f67a6c6013ca	3076	int y, neg;
wolfSSL	13:f67a6c6013ca	3077	char ch;
wolfSSL	13:f67a6c6013ca	3078
wolfSSL	13:f67a6c6013ca	3079	/* set the integer to the default of zero */
wolfSSL	13:f67a6c6013ca	3080	fp_zero (a);
wolfSSL	13:f67a6c6013ca	3081
wolfSSL	13:f67a6c6013ca	3082	/* make sure the radix is ok */
wolfSSL	13:f67a6c6013ca	3083	if (radix < 2 \|\| radix > 64) {
wolfSSL	13:f67a6c6013ca	3084	return FP_VAL;
wolfSSL	13:f67a6c6013ca	3085	}
wolfSSL	13:f67a6c6013ca	3086
wolfSSL	13:f67a6c6013ca	3087	/* if the leading digit is a
wolfSSL	13:f67a6c6013ca	3088	* minus set the sign to negative.
wolfSSL	13:f67a6c6013ca	3089	*/
wolfSSL	13:f67a6c6013ca	3090	if (*str == '-') {
wolfSSL	13:f67a6c6013ca	3091	++str;
wolfSSL	13:f67a6c6013ca	3092	neg = FP_NEG;
wolfSSL	13:f67a6c6013ca	3093	} else {
wolfSSL	13:f67a6c6013ca	3094	neg = FP_ZPOS;
wolfSSL	13:f67a6c6013ca	3095	}
wolfSSL	13:f67a6c6013ca	3096
wolfSSL	13:f67a6c6013ca	3097	/* process each digit of the string */
wolfSSL	13:f67a6c6013ca	3098	while (*str) {
wolfSSL	13:f67a6c6013ca	3099	/* if the radix <= 36 the conversion is case insensitive
wolfSSL	13:f67a6c6013ca	3100	* this allows numbers like 1AB and 1ab to represent the same value
wolfSSL	13:f67a6c6013ca	3101	* [e.g. in hex]
wolfSSL	13:f67a6c6013ca	3102	*/
wolfSSL	13:f67a6c6013ca	3103	ch = (char)((radix <= 36) ? XTOUPPER((unsigned char)str) : str);
wolfSSL	13:f67a6c6013ca	3104	for (y = 0; y < 64; y++) {
wolfSSL	13:f67a6c6013ca	3105	if (ch == fp_s_rmap[y]) {
wolfSSL	13:f67a6c6013ca	3106	break;
wolfSSL	13:f67a6c6013ca	3107	}
wolfSSL	13:f67a6c6013ca	3108	}
wolfSSL	13:f67a6c6013ca	3109
wolfSSL	13:f67a6c6013ca	3110	/* if the char was found in the map
wolfSSL	13:f67a6c6013ca	3111	* and is less than the given radix add it
wolfSSL	13:f67a6c6013ca	3112	* to the number, otherwise exit the loop.
wolfSSL	13:f67a6c6013ca	3113	*/
wolfSSL	13:f67a6c6013ca	3114	if (y < radix) {
wolfSSL	13:f67a6c6013ca	3115	fp_mul_d (a, (fp_digit) radix, a);
wolfSSL	13:f67a6c6013ca	3116	fp_add_d (a, (fp_digit) y, a);
wolfSSL	13:f67a6c6013ca	3117	} else {
wolfSSL	13:f67a6c6013ca	3118	break;
wolfSSL	13:f67a6c6013ca	3119	}
wolfSSL	13:f67a6c6013ca	3120	++str;
wolfSSL	13:f67a6c6013ca	3121	}
wolfSSL	13:f67a6c6013ca	3122
wolfSSL	13:f67a6c6013ca	3123	/* set the sign only if a != 0 */
wolfSSL	13:f67a6c6013ca	3124	if (fp_iszero(a) != FP_YES) {
wolfSSL	13:f67a6c6013ca	3125	a->sign = neg;
wolfSSL	13:f67a6c6013ca	3126	}
wolfSSL	13:f67a6c6013ca	3127	return FP_OKAY;
wolfSSL	13:f67a6c6013ca	3128	}
wolfSSL	13:f67a6c6013ca	3129
wolfSSL	13:f67a6c6013ca	3130	/* fast math conversion */
wolfSSL	13:f67a6c6013ca	3131	int mp_read_radix(mp_int a, const char str, int radix)
wolfSSL	13:f67a6c6013ca	3132	{
wolfSSL	13:f67a6c6013ca	3133	return fp_read_radix(a, str, radix);
wolfSSL	13:f67a6c6013ca	3134	}
wolfSSL	13:f67a6c6013ca	3135
wolfSSL	13:f67a6c6013ca	3136	/* fast math conversion */
wolfSSL	13:f67a6c6013ca	3137	int mp_sqr(fp_int A, fp_int B)
wolfSSL	13:f67a6c6013ca	3138	{
wolfSSL	13:f67a6c6013ca	3139	fp_sqr(A, B);
wolfSSL	13:f67a6c6013ca	3140	return MP_OKAY;
wolfSSL	13:f67a6c6013ca	3141	}
wolfSSL	13:f67a6c6013ca	3142
wolfSSL	13:f67a6c6013ca	3143	/* fast math conversion */
wolfSSL	13:f67a6c6013ca	3144	int mp_montgomery_reduce(fp_int a, fp_int m, fp_digit mp)
wolfSSL	13:f67a6c6013ca	3145	{
wolfSSL	13:f67a6c6013ca	3146	fp_montgomery_reduce(a, m, mp);
wolfSSL	13:f67a6c6013ca	3147	return MP_OKAY;
wolfSSL	13:f67a6c6013ca	3148	}
wolfSSL	13:f67a6c6013ca	3149
wolfSSL	13:f67a6c6013ca	3150
wolfSSL	13:f67a6c6013ca	3151	/* fast math conversion */
wolfSSL	13:f67a6c6013ca	3152	int mp_montgomery_setup(fp_int a, fp_digit rho)
wolfSSL	13:f67a6c6013ca	3153	{
wolfSSL	13:f67a6c6013ca	3154	return fp_montgomery_setup(a, rho);
wolfSSL	13:f67a6c6013ca	3155	}
wolfSSL	13:f67a6c6013ca	3156
wolfSSL	13:f67a6c6013ca	3157	int mp_div_2(fp_int * a, fp_int * b)
wolfSSL	13:f67a6c6013ca	3158	{
wolfSSL	13:f67a6c6013ca	3159	fp_div_2(a, b);
wolfSSL	13:f67a6c6013ca	3160	return MP_OKAY;
wolfSSL	13:f67a6c6013ca	3161	}
wolfSSL	13:f67a6c6013ca	3162
wolfSSL	13:f67a6c6013ca	3163
wolfSSL	13:f67a6c6013ca	3164	int mp_init_copy(fp_int * a, fp_int * b)
wolfSSL	13:f67a6c6013ca	3165	{
wolfSSL	13:f67a6c6013ca	3166	fp_init_copy(a, b);
wolfSSL	13:f67a6c6013ca	3167	return MP_OKAY;
wolfSSL	13:f67a6c6013ca	3168	}
wolfSSL	13:f67a6c6013ca	3169
wolfSSL	13:f67a6c6013ca	3170	#ifdef HAVE_COMP_KEY
wolfSSL	13:f67a6c6013ca	3171
wolfSSL	13:f67a6c6013ca	3172	int mp_cnt_lsb(fp_int* a)
wolfSSL	13:f67a6c6013ca	3173	{
wolfSSL	13:f67a6c6013ca	3174	return fp_cnt_lsb(a);
wolfSSL	13:f67a6c6013ca	3175	}
wolfSSL	13:f67a6c6013ca	3176
wolfSSL	13:f67a6c6013ca	3177	#endif /* HAVE_COMP_KEY */
wolfSSL	13:f67a6c6013ca	3178
wolfSSL	13:f67a6c6013ca	3179	#endif /* HAVE_ECC */
wolfSSL	13:f67a6c6013ca	3180
wolfSSL	13:f67a6c6013ca	3181	#if defined(HAVE_ECC) \|\| !defined(NO_RSA) \|\| !defined(NO_DSA)
wolfSSL	13:f67a6c6013ca	3182	/* fast math conversion */
wolfSSL	13:f67a6c6013ca	3183	int mp_set(fp_int *a, fp_digit b)
wolfSSL	13:f67a6c6013ca	3184	{
wolfSSL	13:f67a6c6013ca	3185	fp_set(a,b);
wolfSSL	13:f67a6c6013ca	3186	return MP_OKAY;
wolfSSL	13:f67a6c6013ca	3187	}
wolfSSL	13:f67a6c6013ca	3188	#endif
wolfSSL	13:f67a6c6013ca	3189
wolfSSL	13:f67a6c6013ca	3190	#if defined(WOLFSSL_KEY_GEN) \|\| defined(HAVE_COMP_KEY) \|\| \
wolfSSL	13:f67a6c6013ca	3191	defined(WOLFSSL_DEBUG_MATH)
wolfSSL	13:f67a6c6013ca	3192
wolfSSL	13:f67a6c6013ca	3193	/* returns size of ASCII representation */
wolfSSL	13:f67a6c6013ca	3194	int mp_radix_size (mp_int a, int radix, int size)
wolfSSL	13:f67a6c6013ca	3195	{
wolfSSL	13:f67a6c6013ca	3196	int res, digs;
wolfSSL	13:f67a6c6013ca	3197	fp_int t;
wolfSSL	13:f67a6c6013ca	3198	fp_digit d;
wolfSSL	13:f67a6c6013ca	3199
wolfSSL	13:f67a6c6013ca	3200	*size = 0;
wolfSSL	13:f67a6c6013ca	3201
wolfSSL	13:f67a6c6013ca	3202	/* special case for binary */
wolfSSL	13:f67a6c6013ca	3203	if (radix == 2) {
wolfSSL	13:f67a6c6013ca	3204	*size = fp_count_bits (a) + (a->sign == FP_NEG ? 1 : 0) + 1;
wolfSSL	13:f67a6c6013ca	3205	return FP_YES;
wolfSSL	13:f67a6c6013ca	3206	}
wolfSSL	13:f67a6c6013ca	3207
wolfSSL	13:f67a6c6013ca	3208	/* make sure the radix is in range */
wolfSSL	13:f67a6c6013ca	3209	if (radix < 2 \|\| radix > 64) {
wolfSSL	13:f67a6c6013ca	3210	return FP_VAL;
wolfSSL	13:f67a6c6013ca	3211	}
wolfSSL	13:f67a6c6013ca	3212
wolfSSL	13:f67a6c6013ca	3213	if (fp_iszero(a) == MP_YES) {
wolfSSL	13:f67a6c6013ca	3214	*size = 2;
wolfSSL	13:f67a6c6013ca	3215	return FP_OKAY;
wolfSSL	13:f67a6c6013ca	3216	}
wolfSSL	13:f67a6c6013ca	3217
wolfSSL	13:f67a6c6013ca	3218	/* digs is the digit count */
wolfSSL	13:f67a6c6013ca	3219	digs = 0;
wolfSSL	13:f67a6c6013ca	3220
wolfSSL	13:f67a6c6013ca	3221	/* if it's negative add one for the sign */
wolfSSL	13:f67a6c6013ca	3222	if (a->sign == FP_NEG) {
wolfSSL	13:f67a6c6013ca	3223	++digs;
wolfSSL	13:f67a6c6013ca	3224	}
wolfSSL	13:f67a6c6013ca	3225
wolfSSL	13:f67a6c6013ca	3226	/* init a copy of the input */
wolfSSL	13:f67a6c6013ca	3227	fp_init_copy (&t, a);
wolfSSL	13:f67a6c6013ca	3228
wolfSSL	13:f67a6c6013ca	3229	/* force temp to positive */
wolfSSL	13:f67a6c6013ca	3230	t.sign = FP_ZPOS;
wolfSSL	13:f67a6c6013ca	3231
wolfSSL	13:f67a6c6013ca	3232	/* fetch out all of the digits */
wolfSSL	13:f67a6c6013ca	3233	while (fp_iszero (&t) == FP_NO) {
wolfSSL	13:f67a6c6013ca	3234	if ((res = fp_div_d (&t, (mp_digit) radix, &t, &d)) != FP_OKAY) {
wolfSSL	13:f67a6c6013ca	3235	fp_zero (&t);
wolfSSL	13:f67a6c6013ca	3236	return res;
wolfSSL	13:f67a6c6013ca	3237	}
wolfSSL	13:f67a6c6013ca	3238	++digs;
wolfSSL	13:f67a6c6013ca	3239	}
wolfSSL	13:f67a6c6013ca	3240	fp_zero (&t);
wolfSSL	13:f67a6c6013ca	3241
wolfSSL	13:f67a6c6013ca	3242	/* return digs + 1, the 1 is for the NULL byte that would be required. */
wolfSSL	13:f67a6c6013ca	3243	*size = digs + 1;
wolfSSL	13:f67a6c6013ca	3244	return FP_OKAY;
wolfSSL	13:f67a6c6013ca	3245	}
wolfSSL	13:f67a6c6013ca	3246
wolfSSL	13:f67a6c6013ca	3247	/* stores a bignum as a ASCII string in a given radix (2..64) */
wolfSSL	13:f67a6c6013ca	3248	int mp_toradix (mp_int a, char str, int radix)
wolfSSL	13:f67a6c6013ca	3249	{
wolfSSL	13:f67a6c6013ca	3250	int res, digs;
wolfSSL	13:f67a6c6013ca	3251	fp_int t;
wolfSSL	13:f67a6c6013ca	3252	fp_digit d;
wolfSSL	13:f67a6c6013ca	3253	char *_s = str;
wolfSSL	13:f67a6c6013ca	3254
wolfSSL	13:f67a6c6013ca	3255	/* check range of the radix */
wolfSSL	13:f67a6c6013ca	3256	if (radix < 2 \|\| radix > 64) {
wolfSSL	13:f67a6c6013ca	3257	return FP_VAL;
wolfSSL	13:f67a6c6013ca	3258	}
wolfSSL	13:f67a6c6013ca	3259
wolfSSL	13:f67a6c6013ca	3260	/* quick out if its zero */
wolfSSL	13:f67a6c6013ca	3261	if (fp_iszero(a) == FP_YES) {
wolfSSL	13:f67a6c6013ca	3262	*str++ = '0';
wolfSSL	13:f67a6c6013ca	3263	*str = '\0';
wolfSSL	13:f67a6c6013ca	3264	return FP_YES;
wolfSSL	13:f67a6c6013ca	3265	}
wolfSSL	13:f67a6c6013ca	3266
wolfSSL	13:f67a6c6013ca	3267	/* init a copy of the input */
wolfSSL	13:f67a6c6013ca	3268	fp_init_copy (&t, a);
wolfSSL	13:f67a6c6013ca	3269
wolfSSL	13:f67a6c6013ca	3270	/* if it is negative output a - */
wolfSSL	13:f67a6c6013ca	3271	if (t.sign == FP_NEG) {
wolfSSL	13:f67a6c6013ca	3272	++_s;
wolfSSL	13:f67a6c6013ca	3273	*str++ = '-';
wolfSSL	13:f67a6c6013ca	3274	t.sign = FP_ZPOS;
wolfSSL	13:f67a6c6013ca	3275	}
wolfSSL	13:f67a6c6013ca	3276
wolfSSL	13:f67a6c6013ca	3277	digs = 0;
wolfSSL	13:f67a6c6013ca	3278	while (fp_iszero (&t) == FP_NO) {
wolfSSL	13:f67a6c6013ca	3279	if ((res = fp_div_d (&t, (fp_digit) radix, &t, &d)) != FP_OKAY) {
wolfSSL	13:f67a6c6013ca	3280	fp_zero (&t);
wolfSSL	13:f67a6c6013ca	3281	return res;
wolfSSL	13:f67a6c6013ca	3282	}
wolfSSL	13:f67a6c6013ca	3283	*str++ = fp_s_rmap[d];
wolfSSL	13:f67a6c6013ca	3284	++digs;
wolfSSL	13:f67a6c6013ca	3285	}
wolfSSL	13:f67a6c6013ca	3286
wolfSSL	13:f67a6c6013ca	3287	/* reverse the digits of the string. In this case _s points
wolfSSL	13:f67a6c6013ca	3288	* to the first digit [excluding the sign] of the number]
wolfSSL	13:f67a6c6013ca	3289	*/
wolfSSL	13:f67a6c6013ca	3290	fp_reverse ((unsigned char *)_s, digs);
wolfSSL	13:f67a6c6013ca	3291
wolfSSL	13:f67a6c6013ca	3292	/* append a NULL so the string is properly terminated */
wolfSSL	13:f67a6c6013ca	3293	*str = '\0';
wolfSSL	13:f67a6c6013ca	3294
wolfSSL	13:f67a6c6013ca	3295	fp_zero (&t);
wolfSSL	13:f67a6c6013ca	3296	return FP_OKAY;
wolfSSL	13:f67a6c6013ca	3297	}
wolfSSL	13:f67a6c6013ca	3298
wolfSSL	13:f67a6c6013ca	3299	#ifdef WOLFSSL_DEBUG_MATH
wolfSSL	13:f67a6c6013ca	3300	void mp_dump(const char* desc, mp_int* a, byte verbose)
wolfSSL	13:f67a6c6013ca	3301	{
wolfSSL	13:f67a6c6013ca	3302	char buffer[FP_SIZE * sizeof(fp_digit) * 2];
wolfSSL	13:f67a6c6013ca	3303	int size = FP_SIZE;
wolfSSL	13:f67a6c6013ca	3304
wolfSSL	13:f67a6c6013ca	3305	#if defined(ALT_ECC_SIZE) \|\| defined(HAVE_WOLF_BIGINT)
wolfSSL	13:f67a6c6013ca	3306	size = a->size;
wolfSSL	13:f67a6c6013ca	3307	#endif
wolfSSL	13:f67a6c6013ca	3308
wolfSSL	13:f67a6c6013ca	3309	printf("%s: ptr=%p, used=%d, sign=%d, size=%d, fpd=%d\n",
wolfSSL	13:f67a6c6013ca	3310	desc, a, a->used, a->sign, size, (int)sizeof(fp_digit));
wolfSSL	13:f67a6c6013ca	3311
wolfSSL	13:f67a6c6013ca	3312	mp_toradix(a, buffer, 16);
wolfSSL	13:f67a6c6013ca	3313	printf(" %s\n ", buffer);
wolfSSL	13:f67a6c6013ca	3314
wolfSSL	13:f67a6c6013ca	3315	if (verbose) {
wolfSSL	13:f67a6c6013ca	3316	int i;
wolfSSL	13:f67a6c6013ca	3317	for(i=0; i<size * (int)sizeof(fp_digit); i++) {
wolfSSL	13:f67a6c6013ca	3318	printf("%x ", (((byte)a->dp) + i));
wolfSSL	13:f67a6c6013ca	3319	}
wolfSSL	13:f67a6c6013ca	3320	printf("\n");
wolfSSL	13:f67a6c6013ca	3321	}
wolfSSL	13:f67a6c6013ca	3322	}
wolfSSL	13:f67a6c6013ca	3323	#endif /* WOLFSSL_DEBUG_MATH */
wolfSSL	13:f67a6c6013ca	3324
wolfSSL	13:f67a6c6013ca	3325	#endif /* defined(WOLFSSL_KEY_GEN) \|\| defined(HAVE_COMP_KEY) \|\| defined(WOLFSSL_DEBUG_MATH) */
wolfSSL	13:f67a6c6013ca	3326
wolfSSL	13:f67a6c6013ca	3327
wolfSSL	13:f67a6c6013ca	3328	int mp_lshd (mp_int * a, int b)
wolfSSL	13:f67a6c6013ca	3329	{
wolfSSL	13:f67a6c6013ca	3330	fp_lshd(a, b);
wolfSSL	13:f67a6c6013ca	3331	return FP_OKAY;
wolfSSL	13:f67a6c6013ca	3332	}
wolfSSL	13:f67a6c6013ca	3333
wolfSSL	13:f67a6c6013ca	3334	#endif /* USE_FAST_MATH */
wolfSSL	13:f67a6c6013ca	3335

Repository toolbox

Export to desktop IDE

Repository details

Type:	Library
Created:	26 Jun 2015
Imports:	673
Forks:	0
Commits:	18
Dependents:	29
Dependencies:	0
Followers:	21

wolfcrypt/src/tfm.c@13:f67a6c6013ca, 2017-08-22 (annotated)

Who changed what in which revision?

Repository toolbox

Repository details

Important Information for this Arm website

Access Warning