OpenCoverage

bn_nist.c

Absolute File Name:/home/opencoverage/opencoverage/guest-scripts/libressl/src/crypto/bn/bn_nist.c
Source codeSwitch to Preprocessed file
LineSourceCount
1/* $OpenBSD: bn_nist.c,v 1.18 2016/07/18 01:04:52 bcook Exp $ */-
2/*-
3 * Written by Nils Larsch for the OpenSSL project-
4 */-
5/* ====================================================================-
6 * Copyright (c) 1998-2005 The OpenSSL Project. All rights reserved.-
7 *-
8 * Redistribution and use in source and binary forms, with or without-
9 * modification, are permitted provided that the following conditions-
10 * are met:-
11 *-
12 * 1. Redistributions of source code must retain the above copyright-
13 * notice, this list of conditions and the following disclaimer.-
14 *-
15 * 2. Redistributions in binary form must reproduce the above copyright-
16 * notice, this list of conditions and the following disclaimer in-
17 * the documentation and/or other materials provided with the-
18 * distribution.-
19 *-
20 * 3. All advertising materials mentioning features or use of this-
21 * software must display the following acknowledgment:-
22 * "This product includes software developed by the OpenSSL Project-
23 * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"-
24 *-
25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to-
26 * endorse or promote products derived from this software without-
27 * prior written permission. For written permission, please contact-
28 * openssl-core@openssl.org.-
29 *-
30 * 5. Products derived from this software may not be called "OpenSSL"-
31 * nor may "OpenSSL" appear in their names without prior written-
32 * permission of the OpenSSL Project.-
33 *-
34 * 6. Redistributions of any form whatsoever must retain the following-
35 * acknowledgment:-
36 * "This product includes software developed by the OpenSSL Project-
37 * for use in the OpenSSL Toolkit (http://www.openssl.org/)"-
38 *-
39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY-
40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE-
41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR-
42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR-
43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,-
44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT-
45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;-
46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)-
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,-
48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)-
49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED-
50 * OF THE POSSIBILITY OF SUCH DAMAGE.-
51 * ====================================================================-
52 *-
53 * This product includes cryptographic software written by Eric Young-
54 * (eay@cryptsoft.com). This product includes software written by Tim-
55 * Hudson (tjh@cryptsoft.com).-
56 *-
57 */-
58-
59#include <machine/endian.h>-
60-
61#include <stdint.h>-
62#include <string.h>-
63-
64#include "bn_lcl.h"-
65-
66#define BN_NIST_192_TOP (192+BN_BITS2-1)/BN_BITS2-
67#define BN_NIST_224_TOP (224+BN_BITS2-1)/BN_BITS2-
68#define BN_NIST_256_TOP (256+BN_BITS2-1)/BN_BITS2-
69#define BN_NIST_384_TOP (384+BN_BITS2-1)/BN_BITS2-
70#define BN_NIST_521_TOP (521+BN_BITS2-1)/BN_BITS2-
71-
72/* pre-computed tables are "carry-less" values of modulus*(i+1) */-
73#if BN_BITS2 == 64-
74static const BN_ULONG _nist_p_192[][BN_NIST_192_TOP] = {-
75 {0xFFFFFFFFFFFFFFFFULL, 0xFFFFFFFFFFFFFFFEULL, 0xFFFFFFFFFFFFFFFFULL},-
76 {0xFFFFFFFFFFFFFFFEULL, 0xFFFFFFFFFFFFFFFDULL, 0xFFFFFFFFFFFFFFFFULL},-
77 {0xFFFFFFFFFFFFFFFDULL, 0xFFFFFFFFFFFFFFFCULL, 0xFFFFFFFFFFFFFFFFULL}-
78};-
79static const BN_ULONG _nist_p_192_sqr[] = {-
80 0x0000000000000001ULL, 0x0000000000000002ULL, 0x0000000000000001ULL,-
81 0xFFFFFFFFFFFFFFFEULL, 0xFFFFFFFFFFFFFFFDULL, 0xFFFFFFFFFFFFFFFFULL-
82};-
83static const BN_ULONG _nist_p_224[][BN_NIST_224_TOP] = {-
84 {-
85 0x0000000000000001ULL, 0xFFFFFFFF00000000ULL,-
86 0xFFFFFFFFFFFFFFFFULL, 0x00000000FFFFFFFFULL-
87 },-
88 {-
89 0x0000000000000002ULL, 0xFFFFFFFE00000000ULL,-
90 0xFFFFFFFFFFFFFFFFULL, 0x00000001FFFFFFFFULL-
91 } /* this one is "carry-full" */-
92};-
93static const BN_ULONG _nist_p_224_sqr[] = {-
94 0x0000000000000001ULL, 0xFFFFFFFE00000000ULL,-
95 0xFFFFFFFFFFFFFFFFULL, 0x0000000200000000ULL,-
96 0x0000000000000000ULL, 0xFFFFFFFFFFFFFFFEULL,-
97 0xFFFFFFFFFFFFFFFFULL-
98};-
99static const BN_ULONG _nist_p_256[][BN_NIST_256_TOP] = {-
100 {-
101 0xFFFFFFFFFFFFFFFFULL, 0x00000000FFFFFFFFULL,-
102 0x0000000000000000ULL, 0xFFFFFFFF00000001ULL-
103 },-
104 {-
105 0xFFFFFFFFFFFFFFFEULL, 0x00000001FFFFFFFFULL,-
106 0x0000000000000000ULL, 0xFFFFFFFE00000002ULL-
107 },-
108 {-
109 0xFFFFFFFFFFFFFFFDULL, 0x00000002FFFFFFFFULL,-
110 0x0000000000000000ULL, 0xFFFFFFFD00000003ULL-
111 },-
112 {-
113 0xFFFFFFFFFFFFFFFCULL, 0x00000003FFFFFFFFULL,-
114 0x0000000000000000ULL, 0xFFFFFFFC00000004ULL-
115 },-
116 {-
117 0xFFFFFFFFFFFFFFFBULL, 0x00000004FFFFFFFFULL,-
118 0x0000000000000000ULL, 0xFFFFFFFB00000005ULL-
119 },-
120};-
121static const BN_ULONG _nist_p_256_sqr[] = {-
122 0x0000000000000001ULL, 0xFFFFFFFE00000000ULL,-
123 0xFFFFFFFFFFFFFFFFULL, 0x00000001FFFFFFFEULL,-
124 0x00000001FFFFFFFEULL, 0x00000001FFFFFFFEULL,-
125 0xFFFFFFFE00000001ULL, 0xFFFFFFFE00000002ULL-
126};-
127static const BN_ULONG _nist_p_384[][BN_NIST_384_TOP] = {-
128 {-
129 0x00000000FFFFFFFFULL, 0xFFFFFFFF00000000ULL,-
130 0xFFFFFFFFFFFFFFFEULL, 0xFFFFFFFFFFFFFFFFULL,-
131 0xFFFFFFFFFFFFFFFFULL, 0xFFFFFFFFFFFFFFFFULL-
132 },-
133 {-
134 0x00000001FFFFFFFEULL, 0xFFFFFFFE00000000ULL,-
135 0xFFFFFFFFFFFFFFFDULL, 0xFFFFFFFFFFFFFFFFULL,-
136 0xFFFFFFFFFFFFFFFFULL, 0xFFFFFFFFFFFFFFFFULL-
137 },-
138 {-
139 0x00000002FFFFFFFDULL, 0xFFFFFFFD00000000ULL,-
140 0xFFFFFFFFFFFFFFFCULL, 0xFFFFFFFFFFFFFFFFULL,-
141 0xFFFFFFFFFFFFFFFFULL, 0xFFFFFFFFFFFFFFFFULL-
142 },-
143 {-
144 0x00000003FFFFFFFCULL, 0xFFFFFFFC00000000ULL,-
145 0xFFFFFFFFFFFFFFFBULL, 0xFFFFFFFFFFFFFFFFULL,-
146 0xFFFFFFFFFFFFFFFFULL, 0xFFFFFFFFFFFFFFFFULL-
147 },-
148 {-
149 0x00000004FFFFFFFBULL, 0xFFFFFFFB00000000ULL,-
150 0xFFFFFFFFFFFFFFFAULL, 0xFFFFFFFFFFFFFFFFULL,-
151 0xFFFFFFFFFFFFFFFFULL, 0xFFFFFFFFFFFFFFFFULL-
152 },-
153};-
154static const BN_ULONG _nist_p_384_sqr[] = {-
155 0xFFFFFFFE00000001ULL, 0x0000000200000000ULL, 0xFFFFFFFE00000000ULL,-
156 0x0000000200000000ULL, 0x0000000000000001ULL, 0x0000000000000000ULL,-
157 0x00000001FFFFFFFEULL, 0xFFFFFFFE00000000ULL, 0xFFFFFFFFFFFFFFFDULL,-
158 0xFFFFFFFFFFFFFFFFULL, 0xFFFFFFFFFFFFFFFFULL, 0xFFFFFFFFFFFFFFFFULL-
159};-
160static const BN_ULONG _nist_p_521[] = {-
161 0xFFFFFFFFFFFFFFFFULL, 0xFFFFFFFFFFFFFFFFULL, 0xFFFFFFFFFFFFFFFFULL,-
162 0xFFFFFFFFFFFFFFFFULL, 0xFFFFFFFFFFFFFFFFULL, 0xFFFFFFFFFFFFFFFFULL,-
163 0xFFFFFFFFFFFFFFFFULL, 0xFFFFFFFFFFFFFFFFULL, 0x00000000000001FFULL-
164};-
165static const BN_ULONG _nist_p_521_sqr[] = {-
166 0x0000000000000001ULL, 0x0000000000000000ULL, 0x0000000000000000ULL,-
167 0x0000000000000000ULL, 0x0000000000000000ULL, 0x0000000000000000ULL,-
168 0x0000000000000000ULL, 0x0000000000000000ULL, 0xFFFFFFFFFFFFFC00ULL,-
169 0xFFFFFFFFFFFFFFFFULL, 0xFFFFFFFFFFFFFFFFULL, 0xFFFFFFFFFFFFFFFFULL,-
170 0xFFFFFFFFFFFFFFFFULL, 0xFFFFFFFFFFFFFFFFULL, 0xFFFFFFFFFFFFFFFFULL,-
171 0xFFFFFFFFFFFFFFFFULL, 0x000000000003FFFFULL-
172};-
173#elif BN_BITS2 == 32-
174static const BN_ULONG _nist_p_192[][BN_NIST_192_TOP] = {-
175 {-
176 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFE, 0xFFFFFFFF,-
177 0xFFFFFFFF, 0xFFFFFFFF-
178 },-
179 {-
180 0xFFFFFFFE, 0xFFFFFFFF, 0xFFFFFFFD, 0xFFFFFFFF,-
181 0xFFFFFFFF, 0xFFFFFFFF-
182 },-
183 {-
184 0xFFFFFFFD, 0xFFFFFFFF, 0xFFFFFFFC, 0xFFFFFFFF,-
185 0xFFFFFFFF, 0xFFFFFFFF-
186 }-
187};-
188static const BN_ULONG _nist_p_192_sqr[] = {-
189 0x00000001, 0x00000000, 0x00000002, 0x00000000, 0x00000001, 0x00000000,-
190 0xFFFFFFFE, 0xFFFFFFFF, 0xFFFFFFFD, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF-
191};-
192static const BN_ULONG _nist_p_224[][BN_NIST_224_TOP] = {-
193 {-
194 0x00000001, 0x00000000, 0x00000000, 0xFFFFFFFF,-
195 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF-
196 },-
197 {-
198 0x00000002, 0x00000000, 0x00000000, 0xFFFFFFFE,-
199 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF-
200 }-
201};-
202static const BN_ULONG _nist_p_224_sqr[] = {-
203 0x00000001, 0x00000000, 0x00000000, 0xFFFFFFFE,-
204 0xFFFFFFFF, 0xFFFFFFFF, 0x00000000, 0x00000002,-
205 0x00000000, 0x00000000, 0xFFFFFFFE, 0xFFFFFFFF,-
206 0xFFFFFFFF, 0xFFFFFFFF-
207};-
208static const BN_ULONG _nist_p_256[][BN_NIST_256_TOP] = {-
209 {-
210 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0x00000000,-
211 0x00000000, 0x00000000, 0x00000001, 0xFFFFFFFF-
212 },-
213 {-
214 0xFFFFFFFE, 0xFFFFFFFF, 0xFFFFFFFF, 0x00000001,-
215 0x00000000, 0x00000000, 0x00000002, 0xFFFFFFFE-
216 },-
217 {-
218 0xFFFFFFFD, 0xFFFFFFFF, 0xFFFFFFFF, 0x00000002,-
219 0x00000000, 0x00000000, 0x00000003, 0xFFFFFFFD-
220 },-
221 {-
222 0xFFFFFFFC, 0xFFFFFFFF, 0xFFFFFFFF, 0x00000003,-
223 0x00000000, 0x00000000, 0x00000004, 0xFFFFFFFC-
224 },-
225 {-
226 0xFFFFFFFB, 0xFFFFFFFF, 0xFFFFFFFF, 0x00000004,-
227 0x00000000, 0x00000000, 0x00000005, 0xFFFFFFFB-
228 },-
229};-
230static const BN_ULONG _nist_p_256_sqr[] = {-
231 0x00000001, 0x00000000, 0x00000000, 0xFFFFFFFE,-
232 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFE, 0x00000001,-
233 0xFFFFFFFE, 0x00000001, 0xFFFFFFFE, 0x00000001,-
234 0x00000001, 0xFFFFFFFE, 0x00000002, 0xFFFFFFFE-
235};-
236static const BN_ULONG _nist_p_384[][BN_NIST_384_TOP] = {-
237 {-
238 0xFFFFFFFF, 0x00000000, 0x00000000, 0xFFFFFFFF,-
239 0xFFFFFFFE, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF,-
240 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF-
241 },-
242 {-
243 0xFFFFFFFE, 0x00000001, 0x00000000, 0xFFFFFFFE,-
244 0xFFFFFFFD, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF,-
245 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF-
246 },-
247 {-
248 0xFFFFFFFD, 0x00000002, 0x00000000, 0xFFFFFFFD,-
249 0xFFFFFFFC, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF,-
250 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF-
251 },-
252 {-
253 0xFFFFFFFC, 0x00000003, 0x00000000, 0xFFFFFFFC,-
254 0xFFFFFFFB, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF,-
255 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF-
256 },-
257 {-
258 0xFFFFFFFB, 0x00000004, 0x00000000, 0xFFFFFFFB,-
259 0xFFFFFFFA, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF,-
260 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF-
261 },-
262};-
263static const BN_ULONG _nist_p_384_sqr[] = {-
264 0x00000001, 0xFFFFFFFE, 0x00000000, 0x00000002, 0x00000000, 0xFFFFFFFE,-
265 0x00000000, 0x00000002, 0x00000001, 0x00000000, 0x00000000, 0x00000000,-
266 0xFFFFFFFE, 0x00000001, 0x00000000, 0xFFFFFFFE, 0xFFFFFFFD, 0xFFFFFFFF,-
267 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF-
268};-
269static const BN_ULONG _nist_p_521[] = {-
270 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF,-
271 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF,-
272 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF,-
273 0xFFFFFFFF, 0x000001FF-
274};-
275static const BN_ULONG _nist_p_521_sqr[] = {-
276 0x00000001, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000,-
277 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000,-
278 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0xFFFFFC00, 0xFFFFFFFF,-
279 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF,-
280 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF,-
281 0xFFFFFFFF, 0xFFFFFFFF, 0x0003FFFF-
282};-
283#else-
284#error "unsupported BN_BITS2"-
285#endif-
286-
287static const BIGNUM _bignum_nist_p_192 = {-
288 (BN_ULONG *)_nist_p_192[0],-
289 BN_NIST_192_TOP,-
290 BN_NIST_192_TOP,-
291 0,-
292 BN_FLG_STATIC_DATA-
293};-
294-
295static const BIGNUM _bignum_nist_p_224 = {-
296 (BN_ULONG *)_nist_p_224[0],-
297 BN_NIST_224_TOP,-
298 BN_NIST_224_TOP,-
299 0,-
300 BN_FLG_STATIC_DATA-
301};-
302-
303static const BIGNUM _bignum_nist_p_256 = {-
304 (BN_ULONG *)_nist_p_256[0],-
305 BN_NIST_256_TOP,-
306 BN_NIST_256_TOP,-
307 0,-
308 BN_FLG_STATIC_DATA-
309};-
310-
311static const BIGNUM _bignum_nist_p_384 = {-
312 (BN_ULONG *)_nist_p_384[0],-
313 BN_NIST_384_TOP,-
314 BN_NIST_384_TOP,-
315 0,-
316 BN_FLG_STATIC_DATA-
317};-
318-
319static const BIGNUM _bignum_nist_p_521 = {-
320 (BN_ULONG *)_nist_p_521,-
321 BN_NIST_521_TOP,-
322 BN_NIST_521_TOP,-
323 0,-
324 BN_FLG_STATIC_DATA-
325};-
326-
327-
328const BIGNUM *-
329BN_get0_nist_prime_192(void)-
330{-
331 return &_bignum_nist_p_192;
never executed: return &_bignum_nist_p_192;
0
332}-
333-
334const BIGNUM *-
335BN_get0_nist_prime_224(void)-
336{-
337 return &_bignum_nist_p_224;
never executed: return &_bignum_nist_p_224;
0
338}-
339-
340const BIGNUM *-
341BN_get0_nist_prime_256(void)-
342{-
343 return &_bignum_nist_p_256;
never executed: return &_bignum_nist_p_256;
0
344}-
345-
346const BIGNUM *-
347BN_get0_nist_prime_384(void)-
348{-
349 return &_bignum_nist_p_384;
never executed: return &_bignum_nist_p_384;
0
350}-
351-
352const BIGNUM *-
353BN_get0_nist_prime_521(void)-
354{-
355 return &_bignum_nist_p_521;
never executed: return &_bignum_nist_p_521;
0
356}-
357-
358static void-
359nist_cp_bn_0(BN_ULONG *dst, const BN_ULONG *src, int top, int max)-
360{-
361 int i;-
362-
363#ifdef BN_DEBUG-
364 OPENSSL_assert(top <= max);-
365#endif-
366 for (i = 0; i < top; i++)
i < topDescription
TRUEnever evaluated
FALSEnever evaluated
0
367 dst[i] = src[i];
never executed: dst[i] = src[i];
0
368 for (; i < max; i++)
i < maxDescription
TRUEnever evaluated
FALSEnever evaluated
0
369 dst[i] = 0;
never executed: dst[i] = 0;
0
370}
never executed: end of block
0
371-
372static void nist_cp_bn(BN_ULONG *dst, const BN_ULONG *src, int top)-
373{-
374 int i;-
375-
376 for (i = 0; i < top; i++)
i < topDescription
TRUEnever evaluated
FALSEnever evaluated
0
377 dst[i] = src[i];
never executed: dst[i] = src[i];
0
378}
never executed: end of block
0
379-
380#if BN_BITS2 == 64-
381#define bn_cp_64(to, n, from, m) (to)[n] = (m>=0)?((from)[m]):0;-
382#define bn_64_set_0(to, n) (to)[n] = (BN_ULONG)0;-
383/*-
384 * two following macros are implemented under assumption that they-
385 * are called in a sequence with *ascending* n, i.e. as they are...-
386 */-
387#define bn_cp_32_naked(to, n, from, m) (((n)&1)?(to[(n)/2]|=((m)&1)?(from[(m)/2]&BN_MASK2h):(from[(m)/2]<<32))\-
388 :(to[(n)/2] =((m)&1)?(from[(m)/2]>>32):(from[(m)/2]&BN_MASK2l)))-
389#define bn_32_set_0(to, n) (((n)&1)?(to[(n)/2]&=BN_MASK2l):(to[(n)/2]=0));-
390#define bn_cp_32(to,n,from,m) ((m)>=0)?bn_cp_32_naked(to,n,from,m):bn_32_set_0(to,n)-
391# if BYTE_ORDER == LITTLE_ENDIAN-
392# if defined(_LP64)-
393# define NIST_INT64 long-
394# else-
395# define NIST_INT64 long long-
396# endif-
397# endif-
398#else-
399#define bn_cp_64(to, n, from, m) \-
400 { \-
401 bn_cp_32(to, (n)*2, from, (m)*2); \-
402 bn_cp_32(to, (n)*2+1, from, (m)*2+1); \-
403 }-
404#define bn_64_set_0(to, n) \-
405 { \-
406 bn_32_set_0(to, (n)*2); \-
407 bn_32_set_0(to, (n)*2+1); \-
408 }-
409#define bn_cp_32(to, n, from, m) (to)[n] = (m>=0)?((from)[m]):0;-
410#define bn_32_set_0(to, n) (to)[n] = (BN_ULONG)0;-
411# if defined(BN_LLONG)-
412# define NIST_INT64 long long-
413# endif-
414#endif /* BN_BITS2 != 64 */-
415-
416#define nist_set_192(to, from, a1, a2, a3) \-
417 { \-
418 bn_cp_64(to, 0, from, (a3) - 3) \-
419 bn_cp_64(to, 1, from, (a2) - 3) \-
420 bn_cp_64(to, 2, from, (a1) - 3) \-
421 }-
422-
423int-
424BN_nist_mod_192(BIGNUM *r, const BIGNUM *a, const BIGNUM *field, BN_CTX *ctx)-
425{-
426 int top = a->top, i;-
427 int carry;-
428 BN_ULONG *r_d, *a_d = a->d;-
429 union {-
430 BN_ULONG bn[BN_NIST_192_TOP];-
431 unsigned int ui[BN_NIST_192_TOP *-
432 sizeof(BN_ULONG) / sizeof(unsigned int)];-
433 } buf;-
434 BN_ULONG c_d[BN_NIST_192_TOP], *res;-
435 uintptr_t mask;-
436 static const BIGNUM _bignum_nist_p_192_sqr = {-
437 (BN_ULONG *)_nist_p_192_sqr,-
438 sizeof(_nist_p_192_sqr) / sizeof(_nist_p_192_sqr[0]),-
439 sizeof(_nist_p_192_sqr) / sizeof(_nist_p_192_sqr[0]),-
440 0,-
441 BN_FLG_STATIC_DATA-
442 };-
443-
444 field = &_bignum_nist_p_192; /* just to make sure */-
445-
446 if (BN_is_negative(a) || BN_ucmp(a, &_bignum_nist_p_192_sqr) >= 0)
((a)->neg != 0)Description
TRUEnever evaluated
FALSEnever evaluated
BN_ucmp(a, &_b..._192_sqr) >= 0Description
TRUEnever evaluated
FALSEnever evaluated
0
447 return BN_nnmod(r, a, field, ctx);
never executed: return BN_nnmod(r, a, field, ctx);
0
448-
449 i = BN_ucmp(field, a);-
450 if (i == 0) {
i == 0Description
TRUEnever evaluated
FALSEnever evaluated
0
451 BN_zero(r);-
452 return 1;
never executed: return 1;
0
453 } else if (i > 0)
i > 0Description
TRUEnever evaluated
FALSEnever evaluated
0
454 return (r == a) ? 1 : (BN_copy(r , a) != NULL);
never executed: return (r == a) ? 1 : (BN_copy(r , a) != ((void *)0) );
(r == a)Description
TRUEnever evaluated
FALSEnever evaluated
0
455-
456 if (r != a) {
r != aDescription
TRUEnever evaluated
FALSEnever evaluated
0
457 if (!bn_wexpand(r, BN_NIST_192_TOP))
!((((192+64 -1...2+64 -1)/64)))Description
TRUEnever evaluated
FALSEnever evaluated
(((192+64 -1)/... <= (r)->dmax)Description
TRUEnever evaluated
FALSEnever evaluated
0
458 return 0;
never executed: return 0;
0
459 r_d = r->d;-
460 nist_cp_bn(r_d, a_d, BN_NIST_192_TOP);-
461 } else
never executed: end of block
0
462 r_d = a_d;
never executed: r_d = a_d;
0
463-
464 nist_cp_bn_0(buf.bn, a_d + BN_NIST_192_TOP, top - BN_NIST_192_TOP,-
465 BN_NIST_192_TOP);-
466-
467#if defined(NIST_INT64)-
468 {-
469 NIST_INT64 acc; /* accumulator */-
470 unsigned int *rp = (unsigned int *)r_d;-
471 const unsigned int *bp = (const unsigned int *)buf.ui;-
472-
473 acc = rp[0];-
474 acc += bp[3 * 2 - 6];-
475 acc += bp[5 * 2 - 6];-
476 rp[0] = (unsigned int)acc;-
477 acc >>= 32;-
478-
479 acc += rp[1];-
480 acc += bp[3 * 2 - 5];-
481 acc += bp[5 * 2 - 5];-
482 rp[1] = (unsigned int)acc;-
483 acc >>= 32;-
484-
485 acc += rp[2];-
486 acc += bp[3 * 2 - 6];-
487 acc += bp[4 * 2 - 6];-
488 acc += bp[5 * 2 - 6];-
489 rp[2] = (unsigned int)acc;-
490 acc >>= 32;-
491-
492 acc += rp[3];-
493 acc += bp[3 * 2 - 5];-
494 acc += bp[4 * 2 - 5];-
495 acc += bp[5 * 2 - 5];-
496 rp[3] = (unsigned int)acc;-
497 acc >>= 32;-
498-
499 acc += rp[4];-
500 acc += bp[4 * 2 - 6];-
501 acc += bp[5 * 2 - 6];-
502 rp[4] = (unsigned int)acc;-
503 acc >>= 32;-
504-
505 acc += rp[5];-
506 acc += bp[4 * 2 - 5];-
507 acc += bp[5 * 2 - 5];-
508 rp[5] = (unsigned int)acc;-
509-
510 carry = (int)(acc >> 32);-
511 }-
512#else-
513 {-
514 BN_ULONG t_d[BN_NIST_192_TOP] = {0};-
515-
516 nist_set_192(t_d, buf.bn, 0, 3, 3);-
517 carry = (int)bn_add_words(r_d, r_d, t_d, BN_NIST_192_TOP);-
518 nist_set_192(t_d, buf.bn, 4, 4, 0);-
519 carry += (int)bn_add_words(r_d, r_d, t_d, BN_NIST_192_TOP);-
520 nist_set_192(t_d, buf.bn, 5, 5, 5)-
521 carry += (int)bn_add_words(r_d, r_d, t_d, BN_NIST_192_TOP);-
522 }-
523#endif-
524 if (carry > 0)
carry > 0Description
TRUEnever evaluated
FALSEnever evaluated
0
525 carry = (int)bn_sub_words(r_d, r_d, _nist_p_192[carry - 1],
never executed: carry = (int)bn_sub_words(r_d, r_d, _nist_p_192[carry - 1], (192+64 -1)/64);
0
526 BN_NIST_192_TOP);
never executed: carry = (int)bn_sub_words(r_d, r_d, _nist_p_192[carry - 1], (192+64 -1)/64);
0
527 else-
528 carry = 1;
never executed: carry = 1;
0
529-
530 /*-
531 * we need 'if (carry==0 || result>=modulus) result-=modulus;'-
532 * as comparison implies subtraction, we can write-
533 * 'tmp=result-modulus; if (!carry || !borrow) result=tmp;'-
534 * this is what happens below, but without explicit if:-) a.-
535 */-
536 mask = 0 - (uintptr_t)bn_sub_words(c_d, r_d, _nist_p_192[0],-
537 BN_NIST_192_TOP);-
538 mask &= 0 - (uintptr_t)carry;-
539 res = c_d;-
540 res = (BN_ULONG *)(((uintptr_t)res & ~mask) | ((uintptr_t)r_d & mask));-
541 nist_cp_bn(r_d, res, BN_NIST_192_TOP);-
542 r->top = BN_NIST_192_TOP;-
543 bn_correct_top(r);
never executed: break;
never executed: end of block
tmp_top > 0Description
TRUEnever evaluated
FALSEnever evaluated
*(ftl--)Description
TRUEnever evaluated
FALSEnever evaluated
tmp_top > 0Description
TRUEnever evaluated
FALSEnever evaluated
0
544-
545 return 1;
never executed: return 1;
0
546}-
547-
548typedef BN_ULONG (*bn_addsub_f)(BN_ULONG *, const BN_ULONG *,-
549 const BN_ULONG *, int);-
550-
551#define nist_set_224(to, from, a1, a2, a3, a4, a5, a6, a7) \-
552 { \-
553 bn_cp_32(to, 0, from, (a7) - 7) \-
554 bn_cp_32(to, 1, from, (a6) - 7) \-
555 bn_cp_32(to, 2, from, (a5) - 7) \-
556 bn_cp_32(to, 3, from, (a4) - 7) \-
557 bn_cp_32(to, 4, from, (a3) - 7) \-
558 bn_cp_32(to, 5, from, (a2) - 7) \-
559 bn_cp_32(to, 6, from, (a1) - 7) \-
560 }-
561-
562int-
563BN_nist_mod_224(BIGNUM *r, const BIGNUM *a, const BIGNUM *field, BN_CTX *ctx)-
564{-
565 int top = a->top, i;-
566 int carry;-
567 BN_ULONG *r_d, *a_d = a->d;-
568 union {-
569 BN_ULONG bn[BN_NIST_224_TOP];-
570 unsigned int ui[BN_NIST_224_TOP *-
571 sizeof(BN_ULONG) / sizeof(unsigned int)];-
572 } buf;-
573 BN_ULONG c_d[BN_NIST_224_TOP], *res;-
574 uintptr_t mask;-
575 union {-
576 bn_addsub_f f;-
577 uintptr_t p;-
578 } u;-
579 static const BIGNUM _bignum_nist_p_224_sqr = {-
580 (BN_ULONG *)_nist_p_224_sqr,-
581 sizeof(_nist_p_224_sqr) / sizeof(_nist_p_224_sqr[0]),-
582 sizeof(_nist_p_224_sqr) / sizeof(_nist_p_224_sqr[0]),-
583 0,-
584 BN_FLG_STATIC_DATA-
585 };-
586-
587 field = &_bignum_nist_p_224; /* just to make sure */-
588-
589 if (BN_is_negative(a) || BN_ucmp(a, &_bignum_nist_p_224_sqr) >= 0)
((a)->neg != 0)Description
TRUEnever evaluated
FALSEnever evaluated
BN_ucmp(a, &_b..._224_sqr) >= 0Description
TRUEnever evaluated
FALSEnever evaluated
0
590 return BN_nnmod(r, a, field, ctx);
never executed: return BN_nnmod(r, a, field, ctx);
0
591-
592 i = BN_ucmp(field, a);-
593 if (i == 0) {
i == 0Description
TRUEnever evaluated
FALSEnever evaluated
0
594 BN_zero(r);-
595 return 1;
never executed: return 1;
0
596 } else if (i > 0)
i > 0Description
TRUEnever evaluated
FALSEnever evaluated
0
597 return (r == a) ? 1 : (BN_copy(r, a) != NULL);
never executed: return (r == a) ? 1 : (BN_copy(r, a) != ((void *)0) );
(r == a)Description
TRUEnever evaluated
FALSEnever evaluated
0
598-
599 if (r != a) {
r != aDescription
TRUEnever evaluated
FALSEnever evaluated
0
600 if (!bn_wexpand(r, BN_NIST_224_TOP))
!((((224+64 -1...4+64 -1)/64)))Description
TRUEnever evaluated
FALSEnever evaluated
(((224+64 -1)/... <= (r)->dmax)Description
TRUEnever evaluated
FALSEnever evaluated
0
601 return 0;
never executed: return 0;
0
602 r_d = r->d;-
603 nist_cp_bn(r_d, a_d, BN_NIST_224_TOP);-
604 } else
never executed: end of block
0
605 r_d = a_d;
never executed: r_d = a_d;
0
606-
607 memset(&buf, 0, sizeof(buf));-
608-
609#if BN_BITS2==64-
610 /* copy upper 256 bits of 448 bit number ... */-
611 nist_cp_bn_0(c_d, a_d + (BN_NIST_224_TOP - 1),-
612 top - (BN_NIST_224_TOP - 1), BN_NIST_224_TOP);-
613 /* ... and right shift by 32 to obtain upper 224 bits */-
614 nist_set_224(buf.bn, c_d, 14, 13, 12, 11, 10, 9, 8);-
615 /* truncate lower part to 224 bits too */-
616 r_d[BN_NIST_224_TOP - 1] &= BN_MASK2l;-
617#else-
618 nist_cp_bn_0(buf.bn, a_d + BN_NIST_224_TOP,-
619 top - BN_NIST_224_TOP, BN_NIST_224_TOP);-
620#endif-
621-
622#if defined(NIST_INT64) && BN_BITS2!=64-
623 {-
624 NIST_INT64 acc; /* accumulator */-
625 unsigned int *rp = (unsigned int *)r_d;-
626 const unsigned int *bp = (const unsigned int *)buf.ui;-
627-
628 acc = rp[0];-
629 acc -= bp[7 - 7];-
630 acc -= bp[11 - 7];-
631 rp[0] = (unsigned int)acc;-
632 acc >>= 32;-
633-
634 acc += rp[1];-
635 acc -= bp[8 - 7];-
636 acc -= bp[12 - 7];-
637 rp[1] = (unsigned int)acc;-
638 acc >>= 32;-
639-
640 acc += rp[2];-
641 acc -= bp[9 - 7];-
642 acc -= bp[13 - 7];-
643 rp[2] = (unsigned int)acc;-
644 acc >>= 32;-
645-
646 acc += rp[3];-
647 acc += bp[7 - 7];-
648 acc += bp[11 - 7];-
649 acc -= bp[10 - 7];-
650 rp[3] = (unsigned int)acc;-
651 acc >>= 32;-
652-
653 acc += rp[4];-
654 acc += bp[8 - 7];-
655 acc += bp[12 - 7];-
656 acc -= bp[11 - 7];-
657 rp[4] = (unsigned int)acc;-
658 acc >>= 32;-
659-
660 acc += rp[5];-
661 acc += bp[9 - 7];-
662 acc += bp[13 - 7];-
663 acc -= bp[12 - 7];-
664 rp[5] = (unsigned int)acc;-
665 acc >>= 32;-
666-
667 acc += rp[6];-
668 acc += bp[10 - 7];-
669 acc -= bp[13 - 7];-
670 rp[6] = (unsigned int)acc;-
671-
672 carry = (int)(acc >> 32);-
673# if BN_BITS2==64-
674 rp[7] = carry;-
675# endif-
676 }-
677#else-
678 {-
679 BN_ULONG t_d[BN_NIST_224_TOP] = {0};-
680-
681 nist_set_224(t_d, buf.bn, 10, 9, 8, 7, 0, 0, 0);-
682 carry = (int)bn_add_words(r_d, r_d, t_d, BN_NIST_224_TOP);-
683 nist_set_224(t_d, buf.bn, 0, 13, 12, 11, 0, 0, 0);-
684 carry += (int)bn_add_words(r_d, r_d, t_d, BN_NIST_224_TOP);-
685 nist_set_224(t_d, buf.bn, 13, 12, 11, 10, 9, 8, 7);-
686 carry -= (int)bn_sub_words(r_d, r_d, t_d, BN_NIST_224_TOP);-
687 nist_set_224(t_d, buf.bn, 0, 0, 0, 0, 13, 12, 11);-
688 carry -= (int)bn_sub_words(r_d, r_d, t_d, BN_NIST_224_TOP);-
689-
690#if BN_BITS2==64-
691 carry = (int)(r_d[BN_NIST_224_TOP - 1] >> 32);-
692#endif-
693 }-
694#endif-
695 u.f = bn_sub_words;-
696 if (carry > 0) {
carry > 0Description
TRUEnever evaluated
FALSEnever evaluated
0
697 carry = (int)bn_sub_words(r_d, r_d, _nist_p_224[carry - 1],-
698 BN_NIST_224_TOP);-
699#if BN_BITS2==64-
700 carry = (int)(~(r_d[BN_NIST_224_TOP - 1] >> 32)) & 1;-
701#endif-
702 } else if (carry < 0) {
never executed: end of block
carry < 0Description
TRUEnever evaluated
FALSEnever evaluated
0
703 /* it's a bit more complicated logic in this case.-
704 * if bn_add_words yields no carry, then result-
705 * has to be adjusted by unconditionally *adding*-
706 * the modulus. but if it does, then result has-
707 * to be compared to the modulus and conditionally-
708 * adjusted by *subtracting* the latter. */-
709 carry = (int)bn_add_words(r_d, r_d, _nist_p_224[-carry - 1],-
710 BN_NIST_224_TOP);-
711 mask = 0 - (uintptr_t)carry;-
712 u.p = ((uintptr_t)bn_sub_words & mask) |-
713 ((uintptr_t)bn_add_words & ~mask);-
714 } else
never executed: end of block
0
715 carry = 1;
never executed: carry = 1;
0
716-
717 /* otherwise it's effectively same as in BN_nist_mod_192... */-
718 mask = 0 - (uintptr_t)(*u.f)(c_d, r_d, _nist_p_224[0], BN_NIST_224_TOP);-
719 mask &= 0 - (uintptr_t)carry;-
720 res = c_d;-
721 res = (BN_ULONG *)(((uintptr_t)res & ~mask) | ((uintptr_t)r_d & mask));-
722 nist_cp_bn(r_d, res, BN_NIST_224_TOP);-
723 r->top = BN_NIST_224_TOP;-
724 bn_correct_top(r);
never executed: break;
never executed: end of block
tmp_top > 0Description
TRUEnever evaluated
FALSEnever evaluated
*(ftl--)Description
TRUEnever evaluated
FALSEnever evaluated
tmp_top > 0Description
TRUEnever evaluated
FALSEnever evaluated
0
725-
726 return 1;
never executed: return 1;
0
727}-
728-
729#define nist_set_256(to, from, a1, a2, a3, a4, a5, a6, a7, a8) \-
730 { \-
731 bn_cp_32(to, 0, from, (a8) - 8) \-
732 bn_cp_32(to, 1, from, (a7) - 8) \-
733 bn_cp_32(to, 2, from, (a6) - 8) \-
734 bn_cp_32(to, 3, from, (a5) - 8) \-
735 bn_cp_32(to, 4, from, (a4) - 8) \-
736 bn_cp_32(to, 5, from, (a3) - 8) \-
737 bn_cp_32(to, 6, from, (a2) - 8) \-
738 bn_cp_32(to, 7, from, (a1) - 8) \-
739 }-
740-
741int-
742BN_nist_mod_256(BIGNUM *r, const BIGNUM *a, const BIGNUM *field, BN_CTX *ctx)-
743{-
744 int i, top = a->top;-
745 int carry = 0;-
746 BN_ULONG *a_d = a->d, *r_d;-
747 union {-
748 BN_ULONG bn[BN_NIST_256_TOP];-
749 unsigned int ui[BN_NIST_256_TOP *-
750 sizeof(BN_ULONG) / sizeof(unsigned int)];-
751 } buf;-
752 BN_ULONG c_d[BN_NIST_256_TOP] = {0}, *res;-
753 uintptr_t mask;-
754 union {-
755 bn_addsub_f f;-
756 uintptr_t p;-
757 } u;-
758 static const BIGNUM _bignum_nist_p_256_sqr = {-
759 (BN_ULONG *)_nist_p_256_sqr,-
760 sizeof(_nist_p_256_sqr) / sizeof(_nist_p_256_sqr[0]),-
761 sizeof(_nist_p_256_sqr) / sizeof(_nist_p_256_sqr[0]),-
762 0,-
763 BN_FLG_STATIC_DATA-
764 };-
765-
766 field = &_bignum_nist_p_256; /* just to make sure */-
767-
768 if (BN_is_negative(a) || BN_ucmp(a, &_bignum_nist_p_256_sqr) >= 0)
((a)->neg != 0)Description
TRUEnever evaluated
FALSEnever evaluated
BN_ucmp(a, &_b..._256_sqr) >= 0Description
TRUEnever evaluated
FALSEnever evaluated
0
769 return BN_nnmod(r, a, field, ctx);
never executed: return BN_nnmod(r, a, field, ctx);
0
770-
771 i = BN_ucmp(field, a);-
772 if (i == 0) {
i == 0Description
TRUEnever evaluated
FALSEnever evaluated
0
773 BN_zero(r);-
774 return 1;
never executed: return 1;
0
775 } else if (i > 0)
i > 0Description
TRUEnever evaluated
FALSEnever evaluated
0
776 return (r == a) ? 1 : (BN_copy(r, a) != NULL);
never executed: return (r == a) ? 1 : (BN_copy(r, a) != ((void *)0) );
(r == a)Description
TRUEnever evaluated
FALSEnever evaluated
0
777-
778 if (r != a) {
r != aDescription
TRUEnever evaluated
FALSEnever evaluated
0
779 if (!bn_wexpand(r, BN_NIST_256_TOP))
!((((256+64 -1...6+64 -1)/64)))Description
TRUEnever evaluated
FALSEnever evaluated
(((256+64 -1)/... <= (r)->dmax)Description
TRUEnever evaluated
FALSEnever evaluated
0
780 return 0;
never executed: return 0;
0
781 r_d = r->d;-
782 nist_cp_bn(r_d, a_d, BN_NIST_256_TOP);-
783 } else
never executed: end of block
0
784 r_d = a_d;
never executed: r_d = a_d;
0
785-
786 nist_cp_bn_0(buf.bn, a_d + BN_NIST_256_TOP,-
787 top - BN_NIST_256_TOP, BN_NIST_256_TOP);-
788-
789#if defined(NIST_INT64)-
790 {-
791 NIST_INT64 acc; /* accumulator */-
792 unsigned int *rp = (unsigned int *)r_d;-
793 const unsigned int *bp = (const unsigned int *)buf.ui;-
794-
795 acc = rp[0];-
796 acc += bp[8 - 8];-
797 acc += bp[9 - 8];-
798 acc -= bp[11 - 8];-
799 acc -= bp[12 - 8];-
800 acc -= bp[13 - 8];-
801 acc -= bp[14 - 8];-
802 rp[0] = (unsigned int)acc;-
803 acc >>= 32;-
804-
805 acc += rp[1];-
806 acc += bp[9 - 8];-
807 acc += bp[10 - 8];-
808 acc -= bp[12 - 8];-
809 acc -= bp[13 - 8];-
810 acc -= bp[14 - 8];-
811 acc -= bp[15 - 8];-
812 rp[1] = (unsigned int)acc;-
813 acc >>= 32;-
814-
815 acc += rp[2];-
816 acc += bp[10 - 8];-
817 acc += bp[11 - 8];-
818 acc -= bp[13 - 8];-
819 acc -= bp[14 - 8];-
820 acc -= bp[15 - 8];-
821 rp[2] = (unsigned int)acc;-
822 acc >>= 32;-
823-
824 acc += rp[3];-
825 acc += bp[11 - 8];-
826 acc += bp[11 - 8];-
827 acc += bp[12 - 8];-
828 acc += bp[12 - 8];-
829 acc += bp[13 - 8];-
830 acc -= bp[15 - 8];-
831 acc -= bp[8 - 8];-
832 acc -= bp[9 - 8];-
833 rp[3] = (unsigned int)acc;-
834 acc >>= 32;-
835-
836 acc += rp[4];-
837 acc += bp[12 - 8];-
838 acc += bp[12 - 8];-
839 acc += bp[13 - 8];-
840 acc += bp[13 - 8];-
841 acc += bp[14 - 8];-
842 acc -= bp[9 - 8];-
843 acc -= bp[10 - 8];-
844 rp[4] = (unsigned int)acc;-
845 acc >>= 32;-
846-
847 acc += rp[5];-
848 acc += bp[13 - 8];-
849 acc += bp[13 - 8];-
850 acc += bp[14 - 8];-
851 acc += bp[14 - 8];-
852 acc += bp[15 - 8];-
853 acc -= bp[10 - 8];-
854 acc -= bp[11 - 8];-
855 rp[5] = (unsigned int)acc;-
856 acc >>= 32;-
857-
858 acc += rp[6];-
859 acc += bp[14 - 8];-
860 acc += bp[14 - 8];-
861 acc += bp[15 - 8];-
862 acc += bp[15 - 8];-
863 acc += bp[14 - 8];-
864 acc += bp[13 - 8];-
865 acc -= bp[8 - 8];-
866 acc -= bp[9 - 8];-
867 rp[6] = (unsigned int)acc;-
868 acc >>= 32;-
869-
870 acc += rp[7];-
871 acc += bp[15 - 8];-
872 acc += bp[15 - 8];-
873 acc += bp[15 - 8];-
874 acc += bp[8 - 8];-
875 acc -= bp[10 - 8];-
876 acc -= bp[11 - 8];-
877 acc -= bp[12 - 8];-
878 acc -= bp[13 - 8];-
879 rp[7] = (unsigned int)acc;-
880-
881 carry = (int)(acc >> 32);-
882 }-
883#else-
884 {-
885 BN_ULONG t_d[BN_NIST_256_TOP] = {0};-
886-
887 /*S1*/-
888 nist_set_256(t_d, buf.bn, 15, 14, 13, 12, 11, 0, 0, 0);-
889 /*S2*/-
890 nist_set_256(c_d, buf.bn, 0, 15, 14, 13, 12, 0, 0, 0);-
891 carry = (int)bn_add_words(t_d, t_d, c_d, BN_NIST_256_TOP);-
892 /* left shift */-
893 {-
894 BN_ULONG *ap, t, c;-
895 ap = t_d;-
896 c = 0;-
897 for (i = BN_NIST_256_TOP; i != 0; --i) {-
898 t = *ap;-
899 *(ap++) = ((t << 1) | c) & BN_MASK2;-
900 c = (t & BN_TBIT) ? 1 : 0;-
901 }-
902 carry <<= 1;-
903 carry |= c;-
904 }-
905 carry += (int)bn_add_words(r_d, r_d, t_d, BN_NIST_256_TOP);-
906 /*S3*/-
907 nist_set_256(t_d, buf.bn, 15, 14, 0, 0, 0, 10, 9, 8);-
908 carry += (int)bn_add_words(r_d, r_d, t_d, BN_NIST_256_TOP);-
909 /*S4*/-
910 nist_set_256(t_d, buf.bn, 8, 13, 15, 14, 13, 11, 10, 9);-
911 carry += (int)bn_add_words(r_d, r_d, t_d, BN_NIST_256_TOP);-
912 /*D1*/-
913 nist_set_256(t_d, buf.bn, 10, 8, 0, 0, 0, 13, 12, 11);-
914 carry -= (int)bn_sub_words(r_d, r_d, t_d, BN_NIST_256_TOP);-
915 /*D2*/-
916 nist_set_256(t_d, buf.bn, 11, 9, 0, 0, 15, 14, 13, 12);-
917 carry -= (int)bn_sub_words(r_d, r_d, t_d, BN_NIST_256_TOP);-
918 /*D3*/-
919 nist_set_256(t_d, buf.bn, 12, 0, 10, 9, 8, 15, 14, 13);-
920 carry -= (int)bn_sub_words(r_d, r_d, t_d, BN_NIST_256_TOP);-
921 /*D4*/-
922 nist_set_256(t_d, buf.bn, 13, 0, 11, 10, 9, 0, 15, 14);-
923 carry -= (int)bn_sub_words(r_d, r_d, t_d, BN_NIST_256_TOP);-
924-
925 }-
926#endif-
927 /* see BN_nist_mod_224 for explanation */-
928 u.f = bn_sub_words;-
929 if (carry > 0)
carry > 0Description
TRUEnever evaluated
FALSEnever evaluated
0
930 carry = (int)bn_sub_words(r_d, r_d, _nist_p_256[carry - 1],
never executed: carry = (int)bn_sub_words(r_d, r_d, _nist_p_256[carry - 1], (256+64 -1)/64);
0
931 BN_NIST_256_TOP);
never executed: carry = (int)bn_sub_words(r_d, r_d, _nist_p_256[carry - 1], (256+64 -1)/64);
0
932 else if (carry < 0) {
carry < 0Description
TRUEnever evaluated
FALSEnever evaluated
0
933 carry = (int)bn_add_words(r_d, r_d, _nist_p_256[-carry - 1],-
934 BN_NIST_256_TOP);-
935 mask = 0 - (uintptr_t)carry;-
936 u.p = ((uintptr_t)bn_sub_words & mask) |-
937 ((uintptr_t)bn_add_words & ~mask);-
938 } else
never executed: end of block
0
939 carry = 1;
never executed: carry = 1;
0
940-
941 mask = 0 - (uintptr_t)(*u.f)(c_d, r_d, _nist_p_256[0], BN_NIST_256_TOP);-
942 mask &= 0 - (uintptr_t)carry;-
943 res = c_d;-
944 res = (BN_ULONG *)(((uintptr_t)res & ~mask) | ((uintptr_t)r_d & mask));-
945 nist_cp_bn(r_d, res, BN_NIST_256_TOP);-
946 r->top = BN_NIST_256_TOP;-
947 bn_correct_top(r);
never executed: break;
never executed: end of block
tmp_top > 0Description
TRUEnever evaluated
FALSEnever evaluated
*(ftl--)Description
TRUEnever evaluated
FALSEnever evaluated
tmp_top > 0Description
TRUEnever evaluated
FALSEnever evaluated
0
948-
949 return 1;
never executed: return 1;
0
950}-
951-
952#define nist_set_384(to,from,a1,a2,a3,a4,a5,a6,a7,a8,a9,a10,a11,a12) \-
953 { \-
954 bn_cp_32(to, 0, from, (a12) - 12) \-
955 bn_cp_32(to, 1, from, (a11) - 12) \-
956 bn_cp_32(to, 2, from, (a10) - 12) \-
957 bn_cp_32(to, 3, from, (a9) - 12) \-
958 bn_cp_32(to, 4, from, (a8) - 12) \-
959 bn_cp_32(to, 5, from, (a7) - 12) \-
960 bn_cp_32(to, 6, from, (a6) - 12) \-
961 bn_cp_32(to, 7, from, (a5) - 12) \-
962 bn_cp_32(to, 8, from, (a4) - 12) \-
963 bn_cp_32(to, 9, from, (a3) - 12) \-
964 bn_cp_32(to, 10, from, (a2) - 12) \-
965 bn_cp_32(to, 11, from, (a1) - 12) \-
966 }-
967-
968int-
969BN_nist_mod_384(BIGNUM *r, const BIGNUM *a, const BIGNUM *field, BN_CTX *ctx)-
970{-
971 int i, top = a->top;-
972 int carry = 0;-
973 BN_ULONG *r_d, *a_d = a->d;-
974 union {-
975 BN_ULONG bn[BN_NIST_384_TOP];-
976 unsigned int ui[BN_NIST_384_TOP *-
977 sizeof(BN_ULONG) / sizeof(unsigned int)];-
978 } buf;-
979 BN_ULONG c_d[BN_NIST_384_TOP], *res;-
980 uintptr_t mask;-
981 union {-
982 bn_addsub_f f;-
983 uintptr_t p;-
984 } u;-
985 static const BIGNUM _bignum_nist_p_384_sqr = {-
986 (BN_ULONG *)_nist_p_384_sqr,-
987 sizeof(_nist_p_384_sqr) / sizeof(_nist_p_384_sqr[0]),-
988 sizeof(_nist_p_384_sqr) / sizeof(_nist_p_384_sqr[0]),-
989 0,-
990 BN_FLG_STATIC_DATA-
991 };-
992-
993 field = &_bignum_nist_p_384; /* just to make sure */-
994-
995 if (BN_is_negative(a) || BN_ucmp(a, &_bignum_nist_p_384_sqr) >= 0)
((a)->neg != 0)Description
TRUEnever evaluated
FALSEnever evaluated
BN_ucmp(a, &_b..._384_sqr) >= 0Description
TRUEnever evaluated
FALSEnever evaluated
0
996 return BN_nnmod(r, a, field, ctx);
never executed: return BN_nnmod(r, a, field, ctx);
0
997-
998 i = BN_ucmp(field, a);-
999 if (i == 0) {
i == 0Description
TRUEnever evaluated
FALSEnever evaluated
0
1000 BN_zero(r);-
1001 return 1;
never executed: return 1;
0
1002 } else if (i > 0)
i > 0Description
TRUEnever evaluated
FALSEnever evaluated
0
1003 return (r == a) ? 1 : (BN_copy(r, a) != NULL);
never executed: return (r == a) ? 1 : (BN_copy(r, a) != ((void *)0) );
(r == a)Description
TRUEnever evaluated
FALSEnever evaluated
0
1004-
1005 if (r != a) {
r != aDescription
TRUEnever evaluated
FALSEnever evaluated
0
1006 if (!bn_wexpand(r, BN_NIST_384_TOP))
!((((384+64 -1...4+64 -1)/64)))Description
TRUEnever evaluated
FALSEnever evaluated
(((384+64 -1)/... <= (r)->dmax)Description
TRUEnever evaluated
FALSEnever evaluated
0
1007 return 0;
never executed: return 0;
0
1008 r_d = r->d;-
1009 nist_cp_bn(r_d, a_d, BN_NIST_384_TOP);-
1010 } else
never executed: end of block
0
1011 r_d = a_d;
never executed: r_d = a_d;
0
1012-
1013 nist_cp_bn_0(buf.bn, a_d + BN_NIST_384_TOP,-
1014 top - BN_NIST_384_TOP, BN_NIST_384_TOP);-
1015-
1016#if defined(NIST_INT64)-
1017 {-
1018 NIST_INT64 acc; /* accumulator */-
1019 unsigned int *rp = (unsigned int *)r_d;-
1020 const unsigned int *bp = (const unsigned int *)buf.ui;-
1021-
1022 acc = rp[0];-
1023 acc += bp[12 - 12];-
1024 acc += bp[21 - 12];-
1025 acc += bp[20 - 12];-
1026 acc -= bp[23 - 12];-
1027 rp[0] = (unsigned int)acc;-
1028 acc >>= 32;-
1029-
1030 acc += rp[1];-
1031 acc += bp[13 - 12];-
1032 acc += bp[22 - 12];-
1033 acc += bp[23 - 12];-
1034 acc -= bp[12 - 12];-
1035 acc -= bp[20 - 12];-
1036 rp[1] = (unsigned int)acc;-
1037 acc >>= 32;-
1038-
1039 acc += rp[2];-
1040 acc += bp[14 - 12];-
1041 acc += bp[23 - 12];-
1042 acc -= bp[13 - 12];-
1043 acc -= bp[21 - 12];-
1044 rp[2] = (unsigned int)acc;-
1045 acc >>= 32;-
1046-
1047 acc += rp[3];-
1048 acc += bp[15 - 12];-
1049 acc += bp[12 - 12];-
1050 acc += bp[20 - 12];-
1051 acc += bp[21 - 12];-
1052 acc -= bp[14 - 12];-
1053 acc -= bp[22 - 12];-
1054 acc -= bp[23 - 12];-
1055 rp[3] = (unsigned int)acc;-
1056 acc >>= 32;-
1057-
1058 acc += rp[4];-
1059 acc += bp[21 - 12];-
1060 acc += bp[21 - 12];-
1061 acc += bp[16 - 12];-
1062 acc += bp[13 - 12];-
1063 acc += bp[12 - 12];-
1064 acc += bp[20 - 12];-
1065 acc += bp[22 - 12];-
1066 acc -= bp[15 - 12];-
1067 acc -= bp[23 - 12];-
1068 acc -= bp[23 - 12];-
1069 rp[4] = (unsigned int)acc;-
1070 acc >>= 32;-
1071-
1072 acc += rp[5];-
1073 acc += bp[22 - 12];-
1074 acc += bp[22 - 12];-
1075 acc += bp[17 - 12];-
1076 acc += bp[14 - 12];-
1077 acc += bp[13 - 12];-
1078 acc += bp[21 - 12];-
1079 acc += bp[23 - 12];-
1080 acc -= bp[16 - 12];-
1081 rp[5] = (unsigned int)acc;-
1082 acc >>= 32;-
1083-
1084 acc += rp[6];-
1085 acc += bp[23 - 12];-
1086 acc += bp[23 - 12];-
1087 acc += bp[18 - 12];-
1088 acc += bp[15 - 12];-
1089 acc += bp[14 - 12];-
1090 acc += bp[22 - 12];-
1091 acc -= bp[17 - 12];-
1092 rp[6] = (unsigned int)acc;-
1093 acc >>= 32;-
1094-
1095 acc += rp[7];-
1096 acc += bp[19 - 12];-
1097 acc += bp[16 - 12];-
1098 acc += bp[15 - 12];-
1099 acc += bp[23 - 12];-
1100 acc -= bp[18 - 12];-
1101 rp[7] = (unsigned int)acc;-
1102 acc >>= 32;-
1103-
1104 acc += rp[8];-
1105 acc += bp[20 - 12];-
1106 acc += bp[17 - 12];-
1107 acc += bp[16 - 12];-
1108 acc -= bp[19 - 12];-
1109 rp[8] = (unsigned int)acc;-
1110 acc >>= 32;-
1111-
1112 acc += rp[9];-
1113 acc += bp[21 - 12];-
1114 acc += bp[18 - 12];-
1115 acc += bp[17 - 12];-
1116 acc -= bp[20 - 12];-
1117 rp[9] = (unsigned int)acc;-
1118 acc >>= 32;-
1119-
1120 acc += rp[10];-
1121 acc += bp[22 - 12];-
1122 acc += bp[19 - 12];-
1123 acc += bp[18 - 12];-
1124 acc -= bp[21 - 12];-
1125 rp[10] = (unsigned int)acc;-
1126 acc >>= 32;-
1127-
1128 acc += rp[11];-
1129 acc += bp[23 - 12];-
1130 acc += bp[20 - 12];-
1131 acc += bp[19 - 12];-
1132 acc -= bp[22 - 12];-
1133 rp[11] = (unsigned int)acc;-
1134-
1135 carry = (int)(acc >> 32);-
1136 }-
1137#else-
1138 {-
1139 BN_ULONG t_d[BN_NIST_384_TOP] = {0};-
1140-
1141 /*S1*/-
1142 nist_set_256(t_d, buf.bn, 0, 0, 0, 0, 0, 23 - 4, 22 - 4,-
1143 21 - 4);-
1144 /* left shift */-
1145 {-
1146 BN_ULONG *ap, t, c;-
1147 ap = t_d;-
1148 c = 0;-
1149 for (i = 3; i != 0; --i) {-
1150 t= *ap;-
1151 *(ap++) = ((t << 1)|c) & BN_MASK2;-
1152 c = (t & BN_TBIT) ? 1 : 0;-
1153 }-
1154 *ap = c;-
1155 }-
1156 carry = (int)bn_add_words(r_d + (128 / BN_BITS2),-
1157 r_d + (128 / BN_BITS2), t_d, BN_NIST_256_TOP);-
1158 /*S2 */-
1159 carry += (int)bn_add_words(r_d, r_d, buf.bn, BN_NIST_384_TOP);-
1160 /*S3*/-
1161 nist_set_384(t_d, buf.bn, 20, 19, 18, 17, 16, 15, 14, 13, 12,-
1162 23, 22, 21);-
1163 carry += (int)bn_add_words(r_d, r_d, t_d, BN_NIST_384_TOP);-
1164 /*S4*/-
1165 nist_set_384(t_d, buf.bn, 19, 18, 17, 16, 15, 14, 13, 12, 20,-
1166 0, 23, 0);-
1167 carry += (int)bn_add_words(r_d, r_d, t_d, BN_NIST_384_TOP);-
1168 /*S5*/-
1169 nist_set_384(t_d, buf.bn, 0,0, 0,0, 23, 22, 21, 20, 0,0, 0, 0);-
1170 carry += (int)bn_add_words(r_d, r_d, t_d, BN_NIST_384_TOP);-
1171 /*S6*/-
1172 nist_set_384(t_d, buf.bn, 0,0, 0,0, 0,0, 23, 22, 21, 0,0, 20);-
1173 carry += (int)bn_add_words(r_d, r_d, t_d, BN_NIST_384_TOP);-
1174 /*D1*/-
1175 nist_set_384(t_d, buf.bn, 22, 21, 20, 19, 18, 17, 16, 15, 14,-
1176 13, 12, 23);-
1177 carry -= (int)bn_sub_words(r_d, r_d, t_d, BN_NIST_384_TOP);-
1178 /*D2*/-
1179 nist_set_384(t_d, buf.bn, 0,0, 0,0, 0,0, 0,23, 22, 21, 20, 0);-
1180 carry -= (int)bn_sub_words(r_d, r_d, t_d, BN_NIST_384_TOP);-
1181 /*D3*/-
1182 nist_set_384(t_d, buf.bn, 0,0, 0,0, 0,0, 0,23, 23, 0,0, 0);-
1183 carry -= (int)bn_sub_words(r_d, r_d, t_d, BN_NIST_384_TOP);-
1184-
1185 }-
1186#endif-
1187 /* see BN_nist_mod_224 for explanation */-
1188 u.f = bn_sub_words;-
1189 if (carry > 0)
carry > 0Description
TRUEnever evaluated
FALSEnever evaluated
0
1190 carry = (int)bn_sub_words(r_d, r_d, _nist_p_384[carry - 1],
never executed: carry = (int)bn_sub_words(r_d, r_d, _nist_p_384[carry - 1], (384+64 -1)/64);
0
1191 BN_NIST_384_TOP);
never executed: carry = (int)bn_sub_words(r_d, r_d, _nist_p_384[carry - 1], (384+64 -1)/64);
0
1192 else if (carry < 0) {
carry < 0Description
TRUEnever evaluated
FALSEnever evaluated
0
1193 carry = (int)bn_add_words(r_d, r_d, _nist_p_384[-carry - 1],-
1194 BN_NIST_384_TOP);-
1195 mask = 0 - (uintptr_t)carry;-
1196 u.p = ((uintptr_t)bn_sub_words & mask) |-
1197 ((uintptr_t)bn_add_words & ~mask);-
1198 } else
never executed: end of block
0
1199 carry = 1;
never executed: carry = 1;
0
1200-
1201 mask = 0 - (uintptr_t)(*u.f)(c_d, r_d, _nist_p_384[0], BN_NIST_384_TOP);-
1202 mask &= 0 - (uintptr_t)carry;-
1203 res = c_d;-
1204 res = (BN_ULONG *)(((uintptr_t)res & ~mask) | ((uintptr_t)r_d & mask));-
1205 nist_cp_bn(r_d, res, BN_NIST_384_TOP);-
1206 r->top = BN_NIST_384_TOP;-
1207 bn_correct_top(r);
never executed: break;
never executed: end of block
tmp_top > 0Description
TRUEnever evaluated
FALSEnever evaluated
*(ftl--)Description
TRUEnever evaluated
FALSEnever evaluated
tmp_top > 0Description
TRUEnever evaluated
FALSEnever evaluated
0
1208-
1209 return 1;
never executed: return 1;
0
1210}-
1211-
1212#define BN_NIST_521_RSHIFT (521%BN_BITS2)-
1213#define BN_NIST_521_LSHIFT (BN_BITS2-BN_NIST_521_RSHIFT)-
1214#define BN_NIST_521_TOP_MASK ((BN_ULONG)BN_MASK2>>BN_NIST_521_LSHIFT)-
1215-
1216int-
1217BN_nist_mod_521(BIGNUM *r, const BIGNUM *a, const BIGNUM *field, BN_CTX *ctx)-
1218{-
1219 int top = a->top, i;-
1220 BN_ULONG *r_d, *a_d = a->d, t_d[BN_NIST_521_TOP], val, tmp, *res;-
1221 uintptr_t mask;-
1222 static const BIGNUM _bignum_nist_p_521_sqr = {-
1223 (BN_ULONG *)_nist_p_521_sqr,-
1224 sizeof(_nist_p_521_sqr) / sizeof(_nist_p_521_sqr[0]),-
1225 sizeof(_nist_p_521_sqr) / sizeof(_nist_p_521_sqr[0]),-
1226 0,-
1227 BN_FLG_STATIC_DATA-
1228 };-
1229-
1230 field = &_bignum_nist_p_521; /* just to make sure */-
1231-
1232 if (BN_is_negative(a) || BN_ucmp(a, &_bignum_nist_p_521_sqr) >= 0)
((a)->neg != 0)Description
TRUEnever evaluated
FALSEnever evaluated
BN_ucmp(a, &_b..._521_sqr) >= 0Description
TRUEnever evaluated
FALSEnever evaluated
0
1233 return BN_nnmod(r, a, field, ctx);
never executed: return BN_nnmod(r, a, field, ctx);
0
1234-
1235 i = BN_ucmp(field, a);-
1236 if (i == 0) {
i == 0Description
TRUEnever evaluated
FALSEnever evaluated
0
1237 BN_zero(r);-
1238 return 1;
never executed: return 1;
0
1239 } else if (i > 0)
i > 0Description
TRUEnever evaluated
FALSEnever evaluated
0
1240 return (r == a) ? 1 : (BN_copy(r, a) != NULL);
never executed: return (r == a) ? 1 : (BN_copy(r, a) != ((void *)0) );
(r == a)Description
TRUEnever evaluated
FALSEnever evaluated
0
1241-
1242 if (r != a) {
r != aDescription
TRUEnever evaluated
FALSEnever evaluated
0
1243 if (!bn_wexpand(r, BN_NIST_521_TOP))
!((((521+64 -1...1+64 -1)/64)))Description
TRUEnever evaluated
FALSEnever evaluated
(((521+64 -1)/... <= (r)->dmax)Description
TRUEnever evaluated
FALSEnever evaluated
0
1244 return 0;
never executed: return 0;
0
1245 r_d = r->d;-
1246 nist_cp_bn(r_d, a_d, BN_NIST_521_TOP);-
1247 } else
never executed: end of block
0
1248 r_d = a_d;
never executed: r_d = a_d;
0
1249-
1250 /* upper 521 bits, copy ... */-
1251 nist_cp_bn_0(t_d, a_d + (BN_NIST_521_TOP - 1),-
1252 top - (BN_NIST_521_TOP - 1), BN_NIST_521_TOP);-
1253 /* ... and right shift */-
1254 for (val = t_d[0], i = 0; i < BN_NIST_521_TOP - 1; i++) {
i < (521+64 -1)/64 - 1Description
TRUEnever evaluated
FALSEnever evaluated
0
1255 tmp = val >> BN_NIST_521_RSHIFT;-
1256 val = t_d[i + 1];-
1257 t_d[i] = (tmp | val << BN_NIST_521_LSHIFT) & BN_MASK2;-
1258 }
never executed: end of block
0
1259 t_d[i] = val >> BN_NIST_521_RSHIFT;-
1260 /* lower 521 bits */-
1261 r_d[i] &= BN_NIST_521_TOP_MASK;-
1262-
1263 bn_add_words(r_d, r_d, t_d, BN_NIST_521_TOP);-
1264 mask = 0 - (uintptr_t)bn_sub_words(t_d, r_d, _nist_p_521,-
1265 BN_NIST_521_TOP);-
1266 res = t_d;-
1267 res = (BN_ULONG *)(((uintptr_t)res & ~mask) | ((uintptr_t)r_d & mask));-
1268 nist_cp_bn(r_d, res, BN_NIST_521_TOP);-
1269 r->top = BN_NIST_521_TOP;-
1270 bn_correct_top(r);
never executed: break;
never executed: end of block
tmp_top > 0Description
TRUEnever evaluated
FALSEnever evaluated
*(ftl--)Description
TRUEnever evaluated
FALSEnever evaluated
tmp_top > 0Description
TRUEnever evaluated
FALSEnever evaluated
0
1271-
1272 return 1;
never executed: return 1;
0
1273}-
Source codeSwitch to Preprocessed file
Generated by Squish Coco 4.2.2