feedc0de/wolfssl
1
0
Fork 0
forked from wolfSSL/wolfssl
Code Pull Requests Activity

SP P521: hash len needs special attention when 521 bits

Browse Source 
Need to right shift number down when hash is more than 521 bits.
Previously handled at a byte level and now at bit level.
Always return err from sp_*_ecc_mulmod_add_only_*().
When ECC add and double points are public and only have SP
implementation, check that the point ordinates are the right size.
This commit is contained in:
Sean Parkinson
2022-02-25 10:25:45 +10:00
parent 07fdca1d62
commit 605d701113
10 changed files with 4052 additions and 3670 deletions
Download Patch File Download Diff File Expand all files Collapse all files

37
wolfcrypt/src/ecc.c
View File

@ -1971,27 +1971,41 @@ done:
return err;
#else
int modBits;
if (P == NULL || Q == NULL || R == NULL || modulus == NULL) {
return ECC_BAD_ARG_E;
}
modBits = mp_count_bits(modulus);
#ifdef WOLFSSL_PUBLIC_ECC_ADD_DBL
if ((mp_count_bits(P->x) > modBits) ||
(mp_count_bits(P->y) > modBits) ||
(mp_count_bits(P->z) > modBits) ||
(mp_count_bits(Q->x) > modBits) ||
(mp_count_bits(Q->y) > modBits) ||
(mp_count_bits(Q->z) > modBits)) {
return ECC_OUT_OF_RANGE_E;
}
#endif
(void)a;
(void)mp;
#ifndef WOLFSSL_SP_NO_256
if (mp_count_bits(modulus) == 256) {
if (modBits == 256) {
return sp_ecc_proj_add_point_256(P->x, P->y, P->z, Q->x, Q->y, Q->z,
R->x, R->y, R->z);
}
#endif
#ifdef WOLFSSL_SP_384
if (mp_count_bits(modulus) == 384) {
if (modBits == 384) {
return sp_ecc_proj_add_point_384(P->x, P->y, P->z, Q->x, Q->y, Q->z,
R->x, R->y, R->z);
}
#endif
#ifdef WOLFSSL_SP_521
if (mp_count_bits(modulus) == 521) {
if (modBits == 521) {
return sp_ecc_proj_add_point_521(P->x, P->y, P->z, Q->x, Q->y, Q->z,
R->x, R->y, R->z);
}
@ -2315,24 +2329,35 @@ int ecc_projective_dbl_point(ecc_point *P, ecc_point *R, mp_int* a,
return err;
#else
int modBits;
if (P == NULL || R == NULL || modulus == NULL)
return ECC_BAD_ARG_E;
modBits = mp_count_bits(modulus);
#ifdef WOLFSSL_PUBLIC_ECC_ADD_DBL
if ((mp_count_bits(P->x) > modBits) ||
(mp_count_bits(P->y) > modBits) ||
(mp_count_bits(P->z) > modBits)) {
return ECC_OUT_OF_RANGE_E;
}
#endif
(void)a;
(void)mp;
#ifndef WOLFSSL_SP_NO_256
if (mp_count_bits(modulus) == 256) {
if (modBits == 256) {
return sp_ecc_proj_dbl_point_256(P->x, P->y, P->z, R->x, R->y, R->z);
}
#endif
#ifdef WOLFSSL_SP_384
if (mp_count_bits(modulus) == 384) {
if (modBits == 384) {
return sp_ecc_proj_dbl_point_384(P->x, P->y, P->z, R->x, R->y, R->z);
}
#endif
#ifdef WOLFSSL_SP_521
if (mp_count_bits(modulus) == 521) {
if (modBits == 521) {
return sp_ecc_proj_dbl_point_521(P->x, P->y, P->z, R->x, R->y, R->z);
}
#endif

218
wolfcrypt/src/sp_arm32.c
View File

@ -34578,6 +34578,8 @@ int sp_ecc_secret_gen_256(const mp_int* priv, const ecc_point* pub, byte* out,
}
#endif /* HAVE_ECC_DHE */
#if defined(HAVE_ECC_SIGN) || defined(HAVE_ECC_VERIFY)
#endif
#if defined(HAVE_ECC_SIGN) || defined(HAVE_ECC_VERIFY)
#endif
#if defined(HAVE_ECC_SIGN) || defined(HAVE_ECC_VERIFY)
@ -43653,6 +43655,8 @@ int sp_ecc_secret_gen_384(const mp_int* priv, const ecc_point* pub, byte* out,
}
#endif /* HAVE_ECC_DHE */
#if defined(HAVE_ECC_SIGN) || defined(HAVE_ECC_VERIFY)
#endif
#if defined(HAVE_ECC_SIGN) || defined(HAVE_ECC_VERIFY)
#endif
#if defined(HAVE_ECC_SIGN) || defined(HAVE_ECC_VERIFY)
@ -55681,6 +55685,99 @@ int sp_ecc_secret_gen_521(const mp_int* priv, const ecc_point* pub, byte* out,
}
#endif /* HAVE_ECC_DHE */
#if defined(HAVE_ECC_SIGN) || defined(HAVE_ECC_VERIFY)
static void sp_521_rshift_17(sp_digit* r, const sp_digit* a, byte n)
{
__asm__ __volatile__ (
"rsb r6, %[n], #32\n\t"
"ldrd r2, r3, [%[a]]\n\t"
"lsr r2, r2, %[n]\n\t"
"lsl r5, r3, r6\n\t"
"lsr r3, r3, %[n]\n\t"
"orr r2, r2, r5\n\t"
"ldr r4, [%[a], #8]\n\t"
"str r2, [%[r], #0]\n\t"
"lsl r5, r4, r6\n\t"
"lsr r4, r4, %[n]\n\t"
"orr r3, r3, r5\n\t"
"ldr r2, [%[a], #12]\n\t"
"str r3, [%[r], #4]\n\t"
"lsl r5, r2, r6\n\t"
"lsr r2, r2, %[n]\n\t"
"orr r4, r4, r5\n\t"
"ldr r3, [%[a], #16]\n\t"
"str r4, [%[r], #8]\n\t"
"lsl r5, r3, r6\n\t"
"lsr r3, r3, %[n]\n\t"
"orr r2, r2, r5\n\t"
"ldr r4, [%[a], #20]\n\t"
"str r2, [%[r], #12]\n\t"
"lsl r5, r4, r6\n\t"
"lsr r4, r4, %[n]\n\t"
"orr r3, r3, r5\n\t"
"ldr r2, [%[a], #24]\n\t"
"str r3, [%[r], #16]\n\t"
"lsl r5, r2, r6\n\t"
"lsr r2, r2, %[n]\n\t"
"orr r4, r4, r5\n\t"
"ldr r3, [%[a], #28]\n\t"
"str r4, [%[r], #20]\n\t"
"lsl r5, r3, r6\n\t"
"lsr r3, r3, %[n]\n\t"
"orr r2, r2, r5\n\t"
"ldr r4, [%[a], #32]\n\t"
"str r2, [%[r], #24]\n\t"
"lsl r5, r4, r6\n\t"
"lsr r4, r4, %[n]\n\t"
"orr r3, r3, r5\n\t"
"ldr r2, [%[a], #36]\n\t"
"str r3, [%[r], #28]\n\t"
"lsl r5, r2, r6\n\t"
"lsr r2, r2, %[n]\n\t"
"orr r4, r4, r5\n\t"
"ldr r3, [%[a], #40]\n\t"
"str r4, [%[r], #32]\n\t"
"lsl r5, r3, r6\n\t"
"lsr r3, r3, %[n]\n\t"
"orr r2, r2, r5\n\t"
"ldr r4, [%[a], #44]\n\t"
"str r2, [%[r], #36]\n\t"
"lsl r5, r4, r6\n\t"
"lsr r4, r4, %[n]\n\t"
"orr r3, r3, r5\n\t"
"ldr r2, [%[a], #48]\n\t"
"str r3, [%[r], #40]\n\t"
"lsl r5, r2, r6\n\t"
"lsr r2, r2, %[n]\n\t"
"orr r4, r4, r5\n\t"
"ldr r3, [%[a], #52]\n\t"
"str r4, [%[r], #44]\n\t"
"lsl r5, r3, r6\n\t"
"lsr r3, r3, %[n]\n\t"
"orr r2, r2, r5\n\t"
"ldr r4, [%[a], #56]\n\t"
"str r2, [%[r], #48]\n\t"
"lsl r5, r4, r6\n\t"
"lsr r4, r4, %[n]\n\t"
"orr r3, r3, r5\n\t"
"ldr r2, [%[a], #60]\n\t"
"str r3, [%[r], #52]\n\t"
"lsl r5, r2, r6\n\t"
"lsr r2, r2, %[n]\n\t"
"orr r4, r4, r5\n\t"
"ldr r3, [%[a], #64]\n\t"
"str r4, [%[r], #56]\n\t"
"lsl r5, r3, r6\n\t"
"lsr r3, r3, %[n]\n\t"
"orr r2, r2, r5\n\t"
"strd r2, r3, [%[r], #60]\n\t"
:
: [r] "r" (r), [a] "r" (a), [n] "r" (n)
: "memory", "r2", "r3", "r4", "r5", "r6"
);
}
#endif
#if defined(HAVE_ECC_SIGN) || defined(HAVE_ECC_VERIFY)
#endif
#if defined(HAVE_ECC_SIGN) || defined(HAVE_ECC_VERIFY)
@ -56008,97 +56105,6 @@ static void sp_521_lshift_34(sp_digit* r, const sp_digit* a, byte n)
);
}
static void sp_521_rshift_17(sp_digit* r, const sp_digit* a, byte n)
{
__asm__ __volatile__ (
"rsb r6, %[n], #32\n\t"
"ldrd r2, r3, [%[a]]\n\t"
"lsr r2, r2, %[n]\n\t"
"lsl r5, r3, r6\n\t"
"lsr r3, r3, %[n]\n\t"
"orr r2, r2, r5\n\t"
"ldr r4, [%[a], #8]\n\t"
"str r2, [%[r], #0]\n\t"
"lsl r5, r4, r6\n\t"
"lsr r4, r4, %[n]\n\t"
"orr r3, r3, r5\n\t"
"ldr r2, [%[a], #12]\n\t"
"str r3, [%[r], #4]\n\t"
"lsl r5, r2, r6\n\t"
"lsr r2, r2, %[n]\n\t"
"orr r4, r4, r5\n\t"
"ldr r3, [%[a], #16]\n\t"
"str r4, [%[r], #8]\n\t"
"lsl r5, r3, r6\n\t"
"lsr r3, r3, %[n]\n\t"
"orr r2, r2, r5\n\t"
"ldr r4, [%[a], #20]\n\t"
"str r2, [%[r], #12]\n\t"
"lsl r5, r4, r6\n\t"
"lsr r4, r4, %[n]\n\t"
"orr r3, r3, r5\n\t"
"ldr r2, [%[a], #24]\n\t"
"str r3, [%[r], #16]\n\t"
"lsl r5, r2, r6\n\t"
"lsr r2, r2, %[n]\n\t"
"orr r4, r4, r5\n\t"
"ldr r3, [%[a], #28]\n\t"
"str r4, [%[r], #20]\n\t"
"lsl r5, r3, r6\n\t"
"lsr r3, r3, %[n]\n\t"
"orr r2, r2, r5\n\t"
"ldr r4, [%[a], #32]\n\t"
"str r2, [%[r], #24]\n\t"
"lsl r5, r4, r6\n\t"
"lsr r4, r4, %[n]\n\t"
"orr r3, r3, r5\n\t"
"ldr r2, [%[a], #36]\n\t"
"str r3, [%[r], #28]\n\t"
"lsl r5, r2, r6\n\t"
"lsr r2, r2, %[n]\n\t"
"orr r4, r4, r5\n\t"
"ldr r3, [%[a], #40]\n\t"
"str r4, [%[r], #32]\n\t"
"lsl r5, r3, r6\n\t"
"lsr r3, r3, %[n]\n\t"
"orr r2, r2, r5\n\t"
"ldr r4, [%[a], #44]\n\t"
"str r2, [%[r], #36]\n\t"
"lsl r5, r4, r6\n\t"
"lsr r4, r4, %[n]\n\t"
"orr r3, r3, r5\n\t"
"ldr r2, [%[a], #48]\n\t"
"str r3, [%[r], #40]\n\t"
"lsl r5, r2, r6\n\t"
"lsr r2, r2, %[n]\n\t"
"orr r4, r4, r5\n\t"
"ldr r3, [%[a], #52]\n\t"
"str r4, [%[r], #44]\n\t"
"lsl r5, r3, r6\n\t"
"lsr r3, r3, %[n]\n\t"
"orr r2, r2, r5\n\t"
"ldr r4, [%[a], #56]\n\t"
"str r2, [%[r], #48]\n\t"
"lsl r5, r4, r6\n\t"
"lsr r4, r4, %[n]\n\t"
"orr r3, r3, r5\n\t"
"ldr r2, [%[a], #60]\n\t"
"str r3, [%[r], #52]\n\t"
"lsl r5, r2, r6\n\t"
"lsr r2, r2, %[n]\n\t"
"orr r4, r4, r5\n\t"
"ldr r3, [%[a], #64]\n\t"
"str r4, [%[r], #56]\n\t"
"lsl r5, r3, r6\n\t"
"lsr r3, r3, %[n]\n\t"
"orr r2, r2, r5\n\t"
"strd r2, r3, [%[r], #60]\n\t"
:
: [r] "r" (r), [a] "r" (a), [n] "r" (n)
: "memory", "r2", "r3", "r4", "r5", "r6"
);
}
#ifdef WOLFSSL_SP_SMALL
/* Sub b from a into a. (a -= b)
*
@ -56816,8 +56822,8 @@ int sp_ecc_sign_521_nb(sp_ecc_ctx_t* sp_ctx, const byte* hash, word32 hashLen, W
case 0: /* INIT */
ctx->s = ctx->e;
ctx->kInv = ctx->k;
if (hashLen > 65U) {
hashLen = 65U;
if (hashLen > 66U) {
hashLen = 66U;
}
ctx->i = SP_ECC_MAX_SIG_GEN;
@ -56855,6 +56861,9 @@ int sp_ecc_sign_521_nb(sp_ecc_ctx_t* sp_ctx, const byte* hash, word32 hashLen, W
sp_521_from_mp(ctx->x, 17, priv);
sp_521_from_bin(ctx->e, 17, hash, (int)hashLen);
if (hashLen == 66U) {
sp_521_rshift_17(ctx->e, ctx->e, 7);
}
ctx->state = 4;
break;
}
@ -56991,8 +57000,8 @@ int sp_ecc_sign_521(const byte* hash, word32 hashLen, WC_RNG* rng,
tmp = e + 8 * 17;
s = e;
if (hashLen > 65U) {
hashLen = 65U;
if (hashLen > 66U) {
hashLen = 66U;
}
}
@ -57021,6 +57030,10 @@ int sp_ecc_sign_521(const byte* hash, word32 hashLen, WC_RNG* rng,
sp_521_from_mp(x, 17, priv);
sp_521_from_bin(e, 17, hash, (int)hashLen);
if (hashLen == 66U) {
sp_521_rshift_17(e, e, 7);
}
err = sp_521_calc_s_17(s, r, k, x, e, tmp);
}
@ -57634,8 +57647,8 @@ int sp_ecc_verify_521_nb(sp_ecc_ctx_t* sp_ctx, const byte* hash,
switch (ctx->state) {
case 0: /* INIT */
if (hashLen > 65U) {
hashLen = 65U;
if (hashLen > 66U) {
hashLen = 66U;
}
sp_521_from_bin(ctx->u1, 17, hash, (int)hashLen);
@ -57644,6 +57657,9 @@ int sp_ecc_verify_521_nb(sp_ecc_ctx_t* sp_ctx, const byte* hash,
sp_521_from_mp(ctx->p2.x, 17, pX);
sp_521_from_mp(ctx->p2.y, 17, pY);
sp_521_from_mp(ctx->p2.z, 17, pZ);
if (hashLen == 66U) {
sp_521_rshift_17(ctx->u1, ctx->u1, 7);
}
ctx->state = 1;
break;
case 1: /* NORMS0 */
@ -57795,8 +57811,8 @@ int sp_ecc_verify_521(const byte* hash, word32 hashLen, const mp_int* pX,
tmp = u1 + 6 * 17;
p2 = p1 + 1;
if (hashLen > 65U) {
hashLen = 65U;
if (hashLen > 66U) {
hashLen = 66U;
}
sp_521_from_bin(u1, 17, hash, (int)hashLen);
@ -57806,6 +57822,10 @@ int sp_ecc_verify_521(const byte* hash, word32 hashLen, const mp_int* pX,
sp_521_from_mp(p2->y, 17, pY);
sp_521_from_mp(p2->z, 17, pZ);
if (hashLen == 66U) {
sp_521_rshift_17(u1, u1, 7);
}
err = sp_521_calc_vfy_point_17(p1, p2, s, u1, u2, tmp, heap);
}
if (err == MP_OKAY) {

42
wolfcrypt/src/sp_arm64.c
View File

@ -37174,7 +37174,7 @@ static int sp_256_ecc_mulmod_add_only_4(sp_point_256* r, const sp_point_256* g,
XFREE(rt, heap, DYNAMIC_TYPE_ECC);
#endif
return MP_OKAY;
return err;
}
/* Multiply the base point of P256 by the scalar and return the result.
@ -37609,6 +37609,8 @@ int sp_ecc_secret_gen_256(const mp_int* priv, const ecc_point* pub, byte* out,
}
#endif /* HAVE_ECC_DHE */
#if defined(HAVE_ECC_SIGN) || defined(HAVE_ECC_VERIFY)
#endif
#if defined(HAVE_ECC_SIGN) || defined(HAVE_ECC_VERIFY)
#endif
#if defined(HAVE_ECC_SIGN) || defined(HAVE_ECC_VERIFY)
@ -63031,7 +63033,7 @@ static int sp_384_ecc_mulmod_add_only_6(sp_point_384* r, const sp_point_384* g,
XFREE(rt, heap, DYNAMIC_TYPE_ECC);
#endif
return MP_OKAY;
return err;
}
/* Multiply the base point of P384 by the scalar and return the result.
@ -63470,6 +63472,8 @@ int sp_ecc_secret_gen_384(const mp_int* priv, const ecc_point* pub, byte* out,
}
#endif /* HAVE_ECC_DHE */
#if defined(HAVE_ECC_SIGN) || defined(HAVE_ECC_VERIFY)
#endif
#if defined(HAVE_ECC_SIGN) || defined(HAVE_ECC_VERIFY)
#endif
#if defined(HAVE_ECC_SIGN) || defined(HAVE_ECC_VERIFY)
@ -107875,7 +107879,7 @@ static int sp_521_ecc_mulmod_add_only_9(sp_point_521* r, const sp_point_521* g,
XFREE(rt, heap, DYNAMIC_TYPE_ECC);
#endif
return MP_OKAY;
return err;
}
/* Multiply the base point of P521 by the scalar and return the result.
@ -108326,6 +108330,8 @@ int sp_ecc_secret_gen_521(const mp_int* priv, const ecc_point* pub, byte* out,
}
#endif /* HAVE_ECC_DHE */
#if defined(HAVE_ECC_SIGN) || defined(HAVE_ECC_VERIFY)
#endif
#if defined(HAVE_ECC_SIGN) || defined(HAVE_ECC_VERIFY)
#endif
#if defined(HAVE_ECC_SIGN) || defined(HAVE_ECC_VERIFY)
@ -108619,8 +108625,8 @@ int sp_ecc_sign_521_nb(sp_ecc_ctx_t* sp_ctx, const byte* hash, word32 hashLen, W
case 0: /* INIT */
ctx->s = ctx->e;
ctx->kInv = ctx->k;
if (hashLen > 65U) {
hashLen = 65U;
if (hashLen > 66U) {
hashLen = 66U;
}
ctx->i = SP_ECC_MAX_SIG_GEN;
@ -108658,6 +108664,9 @@ int sp_ecc_sign_521_nb(sp_ecc_ctx_t* sp_ctx, const byte* hash, word32 hashLen, W
sp_521_from_mp(ctx->x, 9, priv);
sp_521_from_bin(ctx->e, 9, hash, (int)hashLen);
if (hashLen == 66U) {
sp_521_rshift_9(ctx->e, ctx->e, 7);
}
ctx->state = 4;
break;
}
@ -108794,8 +108803,8 @@ int sp_ecc_sign_521(const byte* hash, word32 hashLen, WC_RNG* rng,
tmp = e + 8 * 9;
s = e;
if (hashLen > 65U) {
hashLen = 65U;
if (hashLen > 66U) {
hashLen = 66U;
}
}
@ -108824,6 +108833,10 @@ int sp_ecc_sign_521(const byte* hash, word32 hashLen, WC_RNG* rng,
sp_521_from_mp(x, 9, priv);
sp_521_from_bin(e, 9, hash, (int)hashLen);
if (hashLen == 66U) {
sp_521_rshift_9(e, e, 7);
}
err = sp_521_calc_s_9(s, r, k, x, e, tmp);
}
@ -109199,8 +109212,8 @@ int sp_ecc_verify_521_nb(sp_ecc_ctx_t* sp_ctx, const byte* hash,
switch (ctx->state) {
case 0: /* INIT */
if (hashLen > 65U) {
hashLen = 65U;
if (hashLen > 66U) {
hashLen = 66U;
}
sp_521_from_bin(ctx->u1, 9, hash, (int)hashLen);
@ -109209,6 +109222,9 @@ int sp_ecc_verify_521_nb(sp_ecc_ctx_t* sp_ctx, const byte* hash,
sp_521_from_mp(ctx->p2.x, 9, pX);
sp_521_from_mp(ctx->p2.y, 9, pY);
sp_521_from_mp(ctx->p2.z, 9, pZ);
if (hashLen == 66U) {
sp_521_rshift_9(ctx->u1, ctx->u1, 7);
}
ctx->state = 1;
break;
case 1: /* NORMS0 */
@ -109360,8 +109376,8 @@ int sp_ecc_verify_521(const byte* hash, word32 hashLen, const mp_int* pX,
tmp = u1 + 6 * 9;
p2 = p1 + 1;
if (hashLen > 65U) {
hashLen = 65U;
if (hashLen > 66U) {
hashLen = 66U;
}
sp_521_from_bin(u1, 9, hash, (int)hashLen);
@ -109371,6 +109387,10 @@ int sp_ecc_verify_521(const byte* hash, word32 hashLen, const mp_int* pX,
sp_521_from_mp(p2->y, 9, pY);
sp_521_from_mp(p2->z, 9, pZ);
if (hashLen == 66U) {
sp_521_rshift_9(u1, u1, 7);
}
err = sp_521_calc_vfy_point_9(p1, p2, s, u1, u2, tmp, heap);
}
if (err == MP_OKAY) {

740
wolfcrypt/src/sp_armthumb.c
View File

@ -103265,6 +103265,8 @@ int sp_ecc_secret_gen_256(const mp_int* priv, const ecc_point* pub, byte* out,
}
#endif /* HAVE_ECC_DHE */
#if defined(HAVE_ECC_SIGN) || defined(HAVE_ECC_VERIFY)
#endif
#if defined(HAVE_ECC_SIGN) || defined(HAVE_ECC_VERIFY)
#endif
#if defined(HAVE_ECC_SIGN) || defined(HAVE_ECC_VERIFY)
@ -113731,6 +113733,8 @@ int sp_ecc_secret_gen_384(const mp_int* priv, const ecc_point* pub, byte* out,
}
#endif /* HAVE_ECC_DHE */
#if defined(HAVE_ECC_SIGN) || defined(HAVE_ECC_VERIFY)
#endif
#if defined(HAVE_ECC_SIGN) || defined(HAVE_ECC_VERIFY)
#endif
#if defined(HAVE_ECC_SIGN) || defined(HAVE_ECC_VERIFY)
@ -127934,6 +127938,360 @@ int sp_ecc_secret_gen_521(const mp_int* priv, const ecc_point* pub, byte* out,
}
#endif /* HAVE_ECC_DHE */
#if defined(HAVE_ECC_SIGN) || defined(HAVE_ECC_VERIFY)
/* Right shift a by n bits into r. (r = a >> n)
*
* r A single precision integer.
* a A single precision integer.
* n Integer representing number of bits to shift.
*/
static void sp_521_rshift_17(sp_digit* r, const sp_digit* a, byte n)
{
__asm__ __volatile__ (
"movs r7, #32\n\t"
#ifdef WOLFSSL_KEIL
"subs r7, r7, %[n]\n\t"
#else
#ifdef __clang__
"subs r7, r7, %[n]\n\t"
#else
"sub r7, r7, %[n]\n\t"
#endif
#endif
"ldr r3, [%[a]]\n\t"
"ldr r4, [%[a], #4]\n\t"
#if defined(__clang__) || defined(WOLFSSL_KEIL)
"lsrs r3, r3, %[n]\n\t"
#else
"lsr r3, r3, %[n]\n\t"
#endif
"movs r6, r4\n\t"
#if defined(__clang__) || defined(WOLFSSL_KEIL)
"lsrs r4, r4, %[n]\n\t"
#else
"lsr r4, r4, %[n]\n\t"
#endif
#if defined(__clang__) || defined(WOLFSSL_KEIL)
"lsls r6, r6, r7\n\t"
#else
"lsl r6, r6, r7\n\t"
#endif
#ifdef WOLFSSL_KEIL
"orrs r3, r3, r6\n\t"
#elif defined(__clang__)
"orrs r3, r6\n\t"
#else
"orr r3, r6\n\t"
#endif
"ldr r5, [%[a], #8]\n\t"
"str r3, [%[r]]\n\t"
"movs r6, r5\n\t"
#if defined(__clang__) || defined(WOLFSSL_KEIL)
"lsrs r5, r5, %[n]\n\t"
#else
"lsr r5, r5, %[n]\n\t"
#endif
#if defined(__clang__) || defined(WOLFSSL_KEIL)
"lsls r6, r6, r7\n\t"
#else
"lsl r6, r6, r7\n\t"
#endif
#ifdef WOLFSSL_KEIL
"orrs r4, r4, r6\n\t"
#elif defined(__clang__)
"orrs r4, r6\n\t"
#else
"orr r4, r6\n\t"
#endif
"ldr r3, [%[a], #12]\n\t"
"str r4, [%[r], #4]\n\t"
"movs r6, r3\n\t"
#if defined(__clang__) || defined(WOLFSSL_KEIL)
"lsrs r3, r3, %[n]\n\t"
#else
"lsr r3, r3, %[n]\n\t"
#endif
#if defined(__clang__) || defined(WOLFSSL_KEIL)
"lsls r6, r6, r7\n\t"
#else
"lsl r6, r6, r7\n\t"
#endif
#ifdef WOLFSSL_KEIL
"orrs r5, r5, r6\n\t"
#elif defined(__clang__)
"orrs r5, r6\n\t"
#else
"orr r5, r6\n\t"
#endif
"ldr r4, [%[a], #16]\n\t"
"str r5, [%[r], #8]\n\t"
"movs r6, r4\n\t"
#if defined(__clang__) || defined(WOLFSSL_KEIL)
"lsrs r4, r4, %[n]\n\t"
#else
"lsr r4, r4, %[n]\n\t"
#endif
#if defined(__clang__) || defined(WOLFSSL_KEIL)
"lsls r6, r6, r7\n\t"
#else
"lsl r6, r6, r7\n\t"
#endif
#ifdef WOLFSSL_KEIL
"orrs r3, r3, r6\n\t"
#elif defined(__clang__)
"orrs r3, r6\n\t"
#else
"orr r3, r6\n\t"
#endif
"ldr r5, [%[a], #20]\n\t"
"str r3, [%[r], #12]\n\t"
"movs r6, r5\n\t"
#if defined(__clang__) || defined(WOLFSSL_KEIL)
"lsrs r5, r5, %[n]\n\t"
#else
"lsr r5, r5, %[n]\n\t"
#endif
#if defined(__clang__) || defined(WOLFSSL_KEIL)
"lsls r6, r6, r7\n\t"
#else
"lsl r6, r6, r7\n\t"
#endif
#ifdef WOLFSSL_KEIL
"orrs r4, r4, r6\n\t"
#elif defined(__clang__)
"orrs r4, r6\n\t"
#else
"orr r4, r6\n\t"
#endif
"ldr r3, [%[a], #24]\n\t"
"str r4, [%[r], #16]\n\t"
"movs r6, r3\n\t"
#if defined(__clang__) || defined(WOLFSSL_KEIL)
"lsrs r3, r3, %[n]\n\t"
#else
"lsr r3, r3, %[n]\n\t"
#endif
#if defined(__clang__) || defined(WOLFSSL_KEIL)
"lsls r6, r6, r7\n\t"
#else
"lsl r6, r6, r7\n\t"
#endif
#ifdef WOLFSSL_KEIL
"orrs r5, r5, r6\n\t"
#elif defined(__clang__)
"orrs r5, r6\n\t"
#else
"orr r5, r6\n\t"
#endif
"ldr r4, [%[a], #28]\n\t"
"str r5, [%[r], #20]\n\t"
"movs r6, r4\n\t"
#if defined(__clang__) || defined(WOLFSSL_KEIL)
"lsrs r4, r4, %[n]\n\t"
#else
"lsr r4, r4, %[n]\n\t"
#endif
#if defined(__clang__) || defined(WOLFSSL_KEIL)
"lsls r6, r6, r7\n\t"
#else
"lsl r6, r6, r7\n\t"
#endif
#ifdef WOLFSSL_KEIL
"orrs r3, r3, r6\n\t"
#elif defined(__clang__)
"orrs r3, r6\n\t"
#else
"orr r3, r6\n\t"
#endif
"ldr r5, [%[a], #32]\n\t"
"str r3, [%[r], #24]\n\t"
"movs r6, r5\n\t"
#if defined(__clang__) || defined(WOLFSSL_KEIL)
"lsrs r5, r5, %[n]\n\t"
#else
"lsr r5, r5, %[n]\n\t"
#endif
#if defined(__clang__) || defined(WOLFSSL_KEIL)
"lsls r6, r6, r7\n\t"
#else
"lsl r6, r6, r7\n\t"
#endif
#ifdef WOLFSSL_KEIL
"orrs r4, r4, r6\n\t"
#elif defined(__clang__)
"orrs r4, r6\n\t"
#else
"orr r4, r6\n\t"
#endif
"ldr r3, [%[a], #36]\n\t"
"str r4, [%[r], #28]\n\t"
"movs r6, r3\n\t"
#if defined(__clang__) || defined(WOLFSSL_KEIL)
"lsrs r3, r3, %[n]\n\t"
#else
"lsr r3, r3, %[n]\n\t"
#endif
#if defined(__clang__) || defined(WOLFSSL_KEIL)
"lsls r6, r6, r7\n\t"
#else
"lsl r6, r6, r7\n\t"
#endif
#ifdef WOLFSSL_KEIL
"orrs r5, r5, r6\n\t"
#elif defined(__clang__)
"orrs r5, r6\n\t"
#else
"orr r5, r6\n\t"
#endif
"ldr r4, [%[a], #40]\n\t"
"str r5, [%[r], #32]\n\t"
"movs r6, r4\n\t"
#if defined(__clang__) || defined(WOLFSSL_KEIL)
"lsrs r4, r4, %[n]\n\t"
#else
"lsr r4, r4, %[n]\n\t"
#endif
#if defined(__clang__) || defined(WOLFSSL_KEIL)
"lsls r6, r6, r7\n\t"
#else
"lsl r6, r6, r7\n\t"
#endif
#ifdef WOLFSSL_KEIL
"orrs r3, r3, r6\n\t"
#elif defined(__clang__)
"orrs r3, r6\n\t"
#else
"orr r3, r6\n\t"
#endif
"ldr r5, [%[a], #44]\n\t"
"str r3, [%[r], #36]\n\t"
"movs r6, r5\n\t"
#if defined(__clang__) || defined(WOLFSSL_KEIL)
"lsrs r5, r5, %[n]\n\t"
#else
"lsr r5, r5, %[n]\n\t"
#endif
#if defined(__clang__) || defined(WOLFSSL_KEIL)
"lsls r6, r6, r7\n\t"
#else
"lsl r6, r6, r7\n\t"
#endif
#ifdef WOLFSSL_KEIL
"orrs r4, r4, r6\n\t"
#elif defined(__clang__)
"orrs r4, r6\n\t"
#else
"orr r4, r6\n\t"
#endif
"ldr r3, [%[a], #48]\n\t"
"str r4, [%[r], #40]\n\t"
"movs r6, r3\n\t"
#if defined(__clang__) || defined(WOLFSSL_KEIL)
"lsrs r3, r3, %[n]\n\t"
#else
"lsr r3, r3, %[n]\n\t"
#endif
#if defined(__clang__) || defined(WOLFSSL_KEIL)
"lsls r6, r6, r7\n\t"
#else
"lsl r6, r6, r7\n\t"
#endif
#ifdef WOLFSSL_KEIL
"orrs r5, r5, r6\n\t"
#elif defined(__clang__)
"orrs r5, r6\n\t"
#else
"orr r5, r6\n\t"
#endif
"ldr r4, [%[a], #52]\n\t"
"str r5, [%[r], #44]\n\t"
"movs r6, r4\n\t"
#if defined(__clang__) || defined(WOLFSSL_KEIL)
"lsrs r4, r4, %[n]\n\t"
#else
"lsr r4, r4, %[n]\n\t"
#endif
#if defined(__clang__) || defined(WOLFSSL_KEIL)
"lsls r6, r6, r7\n\t"
#else
"lsl r6, r6, r7\n\t"
#endif
#ifdef WOLFSSL_KEIL
"orrs r3, r3, r6\n\t"
#elif defined(__clang__)
"orrs r3, r6\n\t"
#else
"orr r3, r6\n\t"
#endif
"ldr r5, [%[a], #56]\n\t"
"str r3, [%[r], #48]\n\t"
"movs r6, r5\n\t"
#if defined(__clang__) || defined(WOLFSSL_KEIL)
"lsrs r5, r5, %[n]\n\t"
#else
"lsr r5, r5, %[n]\n\t"
#endif
#if defined(__clang__) || defined(WOLFSSL_KEIL)
"lsls r6, r6, r7\n\t"
#else
"lsl r6, r6, r7\n\t"
#endif
#ifdef WOLFSSL_KEIL
"orrs r4, r4, r6\n\t"
#elif defined(__clang__)
"orrs r4, r6\n\t"
#else
"orr r4, r6\n\t"
#endif
"ldr r3, [%[a], #60]\n\t"
"str r4, [%[r], #52]\n\t"
"movs r6, r3\n\t"
#if defined(__clang__) || defined(WOLFSSL_KEIL)
"lsrs r3, r3, %[n]\n\t"
#else
"lsr r3, r3, %[n]\n\t"
#endif
#if defined(__clang__) || defined(WOLFSSL_KEIL)
"lsls r6, r6, r7\n\t"
#else
"lsl r6, r6, r7\n\t"
#endif
#ifdef WOLFSSL_KEIL
"orrs r5, r5, r6\n\t"
#elif defined(__clang__)
"orrs r5, r6\n\t"
#else
"orr r5, r6\n\t"
#endif
"ldr r4, [%[a], #64]\n\t"
"str r5, [%[r], #56]\n\t"
"movs r6, r4\n\t"
#if defined(__clang__) || defined(WOLFSSL_KEIL)
"lsrs r4, r4, %[n]\n\t"
#else
"lsr r4, r4, %[n]\n\t"
#endif
#if defined(__clang__) || defined(WOLFSSL_KEIL)
"lsls r6, r6, r7\n\t"
#else
"lsl r6, r6, r7\n\t"
#endif
#ifdef WOLFSSL_KEIL
"orrs r3, r3, r6\n\t"
#elif defined(__clang__)
"orrs r3, r6\n\t"
#else
"orr r3, r6\n\t"
#endif
"str r3, [%[r], #60]\n\t"
"str r4, [%[r], #64]\n\t"
: [r] "+l" (r), [a] "+l" (a), [n] "+l" (n)
:
: "memory", "r3", "r4", "r5", "r6", "r7"
);
}
#endif
#if defined(HAVE_ECC_SIGN) || defined(HAVE_ECC_VERIFY)
#endif
#if defined(HAVE_ECC_SIGN) || defined(HAVE_ECC_VERIFY)
@ -129221,358 +129579,6 @@ static void sp_521_lshift_34(sp_digit* r, const sp_digit* a, byte n)
);
}
/* Right shift a by n bits into r. (r = a >> n)
*
* r A single precision integer.
* a A single precision integer.
* n Integer representing number of bits to shift.
*/
static void sp_521_rshift_17(sp_digit* r, const sp_digit* a, byte n)
{
__asm__ __volatile__ (
"movs r7, #32\n\t"
#ifdef WOLFSSL_KEIL
"subs r7, r7, %[n]\n\t"
#else
#ifdef __clang__
"subs r7, r7, %[n]\n\t"
#else
"sub r7, r7, %[n]\n\t"
#endif
#endif
"ldr r3, [%[a]]\n\t"
"ldr r4, [%[a], #4]\n\t"
#if defined(__clang__) || defined(WOLFSSL_KEIL)
"lsrs r3, r3, %[n]\n\t"
#else
"lsr r3, r3, %[n]\n\t"
#endif
"movs r6, r4\n\t"
#if defined(__clang__) || defined(WOLFSSL_KEIL)
"lsrs r4, r4, %[n]\n\t"
#else
"lsr r4, r4, %[n]\n\t"
#endif
#if defined(__clang__) || defined(WOLFSSL_KEIL)
"lsls r6, r6, r7\n\t"
#else
"lsl r6, r6, r7\n\t"
#endif
#ifdef WOLFSSL_KEIL
"orrs r3, r3, r6\n\t"
#elif defined(__clang__)
"orrs r3, r6\n\t"
#else
"orr r3, r6\n\t"
#endif
"ldr r5, [%[a], #8]\n\t"
"str r3, [%[r]]\n\t"
"movs r6, r5\n\t"
#if defined(__clang__) || defined(WOLFSSL_KEIL)
"lsrs r5, r5, %[n]\n\t"
#else
"lsr r5, r5, %[n]\n\t"
#endif
#if defined(__clang__) || defined(WOLFSSL_KEIL)
"lsls r6, r6, r7\n\t"
#else
"lsl r6, r6, r7\n\t"
#endif
#ifdef WOLFSSL_KEIL
"orrs r4, r4, r6\n\t"
#elif defined(__clang__)
"orrs r4, r6\n\t"
#else
"orr r4, r6\n\t"
#endif
"ldr r3, [%[a], #12]\n\t"
"str r4, [%[r], #4]\n\t"
"movs r6, r3\n\t"
#if defined(__clang__) || defined(WOLFSSL_KEIL)
"lsrs r3, r3, %[n]\n\t"
#else
"lsr r3, r3, %[n]\n\t"
#endif
#if defined(__clang__) || defined(WOLFSSL_KEIL)
"lsls r6, r6, r7\n\t"
#else
"lsl r6, r6, r7\n\t"
#endif
#ifdef WOLFSSL_KEIL
"orrs r5, r5, r6\n\t"
#elif defined(__clang__)
"orrs r5, r6\n\t"
#else
"orr r5, r6\n\t"
#endif
"ldr r4, [%[a], #16]\n\t"
"str r5, [%[r], #8]\n\t"
"movs r6, r4\n\t"
#if defined(__clang__) || defined(WOLFSSL_KEIL)
"lsrs r4, r4, %[n]\n\t"
#else
"lsr r4, r4, %[n]\n\t"
#endif
#if defined(__clang__) || defined(WOLFSSL_KEIL)
"lsls r6, r6, r7\n\t"
#else
"lsl r6, r6, r7\n\t"
#endif
#ifdef WOLFSSL_KEIL
"orrs r3, r3, r6\n\t"
#elif defined(__clang__)
"orrs r3, r6\n\t"
#else
"orr r3, r6\n\t"
#endif
"ldr r5, [%[a], #20]\n\t"
"str r3, [%[r], #12]\n\t"
"movs r6, r5\n\t"
#if defined(__clang__) || defined(WOLFSSL_KEIL)
"lsrs r5, r5, %[n]\n\t"
#else
"lsr r5, r5, %[n]\n\t"
#endif
#if defined(__clang__) || defined(WOLFSSL_KEIL)
"lsls r6, r6, r7\n\t"
#else
"lsl r6, r6, r7\n\t"
#endif
#ifdef WOLFSSL_KEIL
"orrs r4, r4, r6\n\t"
#elif defined(__clang__)
"orrs r4, r6\n\t"
#else
"orr r4, r6\n\t"
#endif
"ldr r3, [%[a], #24]\n\t"
"str r4, [%[r], #16]\n\t"
"movs r6, r3\n\t"
#if defined(__clang__) || defined(WOLFSSL_KEIL)
"lsrs r3, r3, %[n]\n\t"
#else
"lsr r3, r3, %[n]\n\t"
#endif
#if defined(__clang__) || defined(WOLFSSL_KEIL)
"lsls r6, r6, r7\n\t"
#else
"lsl r6, r6, r7\n\t"
#endif
#ifdef WOLFSSL_KEIL
"orrs r5, r5, r6\n\t"
#elif defined(__clang__)
"orrs r5, r6\n\t"
#else
"orr r5, r6\n\t"
#endif
"ldr r4, [%[a], #28]\n\t"
"str r5, [%[r], #20]\n\t"
"movs r6, r4\n\t"
#if defined(__clang__) || defined(WOLFSSL_KEIL)
"lsrs r4, r4, %[n]\n\t"
#else
"lsr r4, r4, %[n]\n\t"
#endif
#if defined(__clang__) || defined(WOLFSSL_KEIL)
"lsls r6, r6, r7\n\t"
#else
"lsl r6, r6, r7\n\t"
#endif
#ifdef WOLFSSL_KEIL
"orrs r3, r3, r6\n\t"
#elif defined(__clang__)
"orrs r3, r6\n\t"
#else
"orr r3, r6\n\t"
#endif
"ldr r5, [%[a], #32]\n\t"
"str r3, [%[r], #24]\n\t"
"movs r6, r5\n\t"
#if defined(__clang__) || defined(WOLFSSL_KEIL)
"lsrs r5, r5, %[n]\n\t"
#else
"lsr r5, r5, %[n]\n\t"
#endif
#if defined(__clang__) || defined(WOLFSSL_KEIL)
"lsls r6, r6, r7\n\t"
#else
"lsl r6, r6, r7\n\t"
#endif
#ifdef WOLFSSL_KEIL
"orrs r4, r4, r6\n\t"
#elif defined(__clang__)
"orrs r4, r6\n\t"
#else
"orr r4, r6\n\t"
#endif
"ldr r3, [%[a], #36]\n\t"
"str r4, [%[r], #28]\n\t"
"movs r6, r3\n\t"
#if defined(__clang__) || defined(WOLFSSL_KEIL)
"lsrs r3, r3, %[n]\n\t"
#else
"lsr r3, r3, %[n]\n\t"
#endif
#if defined(__clang__) || defined(WOLFSSL_KEIL)
"lsls r6, r6, r7\n\t"
#else
"lsl r6, r6, r7\n\t"
#endif
#ifdef WOLFSSL_KEIL
"orrs r5, r5, r6\n\t"
#elif defined(__clang__)
"orrs r5, r6\n\t"
#else
"orr r5, r6\n\t"
#endif
"ldr r4, [%[a], #40]\n\t"
"str r5, [%[r], #32]\n\t"
"movs r6, r4\n\t"
#if defined(__clang__) || defined(WOLFSSL_KEIL)
"lsrs r4, r4, %[n]\n\t"
#else
"lsr r4, r4, %[n]\n\t"
#endif
#if defined(__clang__) || defined(WOLFSSL_KEIL)
"lsls r6, r6, r7\n\t"
#else
"lsl r6, r6, r7\n\t"
#endif
#ifdef WOLFSSL_KEIL
"orrs r3, r3, r6\n\t"
#elif defined(__clang__)
"orrs r3, r6\n\t"
#else
"orr r3, r6\n\t"
#endif
"ldr r5, [%[a], #44]\n\t"
"str r3, [%[r], #36]\n\t"
"movs r6, r5\n\t"
#if defined(__clang__) || defined(WOLFSSL_KEIL)
"lsrs r5, r5, %[n]\n\t"
#else
"lsr r5, r5, %[n]\n\t"
#endif
#if defined(__clang__) || defined(WOLFSSL_KEIL)
"lsls r6, r6, r7\n\t"
#else
"lsl r6, r6, r7\n\t"
#endif
#ifdef WOLFSSL_KEIL
"orrs r4, r4, r6\n\t"
#elif defined(__clang__)
"orrs r4, r6\n\t"
#else
"orr r4, r6\n\t"
#endif
"ldr r3, [%[a], #48]\n\t"
"str r4, [%[r], #40]\n\t"
"movs r6, r3\n\t"
#if defined(__clang__) || defined(WOLFSSL_KEIL)
"lsrs r3, r3, %[n]\n\t"
#else
"lsr r3, r3, %[n]\n\t"
#endif
#if defined(__clang__) || defined(WOLFSSL_KEIL)
"lsls r6, r6, r7\n\t"
#else
"lsl r6, r6, r7\n\t"
#endif
#ifdef WOLFSSL_KEIL
"orrs r5, r5, r6\n\t"
#elif defined(__clang__)
"orrs r5, r6\n\t"
#else
"orr r5, r6\n\t"
#endif
"ldr r4, [%[a], #52]\n\t"
"str r5, [%[r], #44]\n\t"
"movs r6, r4\n\t"
#if defined(__clang__) || defined(WOLFSSL_KEIL)
"lsrs r4, r4, %[n]\n\t"
#else
"lsr r4, r4, %[n]\n\t"
#endif
#if defined(__clang__) || defined(WOLFSSL_KEIL)
"lsls r6, r6, r7\n\t"
#else
"lsl r6, r6, r7\n\t"
#endif
#ifdef WOLFSSL_KEIL
"orrs r3, r3, r6\n\t"
#elif defined(__clang__)
"orrs r3, r6\n\t"
#else
"orr r3, r6\n\t"
#endif
"ldr r5, [%[a], #56]\n\t"
"str r3, [%[r], #48]\n\t"
"movs r6, r5\n\t"
#if defined(__clang__) || defined(WOLFSSL_KEIL)
"lsrs r5, r5, %[n]\n\t"
#else
"lsr r5, r5, %[n]\n\t"
#endif
#if defined(__clang__) || defined(WOLFSSL_KEIL)
"lsls r6, r6, r7\n\t"
#else
"lsl r6, r6, r7\n\t"
#endif
#ifdef WOLFSSL_KEIL
"orrs r4, r4, r6\n\t"
#elif defined(__clang__)
"orrs r4, r6\n\t"
#else
"orr r4, r6\n\t"
#endif
"ldr r3, [%[a], #60]\n\t"
"str r4, [%[r], #52]\n\t"
"movs r6, r3\n\t"
#if defined(__clang__) || defined(WOLFSSL_KEIL)
"lsrs r3, r3, %[n]\n\t"
#else
"lsr r3, r3, %[n]\n\t"
#endif
#if defined(__clang__) || defined(WOLFSSL_KEIL)
"lsls r6, r6, r7\n\t"
#else
"lsl r6, r6, r7\n\t"
#endif
#ifdef WOLFSSL_KEIL
"orrs r5, r5, r6\n\t"
#elif defined(__clang__)
"orrs r5, r6\n\t"
#else
"orr r5, r6\n\t"
#endif
"ldr r4, [%[a], #64]\n\t"
"str r5, [%[r], #56]\n\t"
"movs r6, r4\n\t"
#if defined(__clang__) || defined(WOLFSSL_KEIL)
"lsrs r4, r4, %[n]\n\t"
#else
"lsr r4, r4, %[n]\n\t"
#endif
#if defined(__clang__) || defined(WOLFSSL_KEIL)
"lsls r6, r6, r7\n\t"
#else
"lsl r6, r6, r7\n\t"
#endif
#ifdef WOLFSSL_KEIL
"orrs r3, r3, r6\n\t"
#elif defined(__clang__)
"orrs r3, r6\n\t"
#else
"orr r3, r6\n\t"
#endif
"str r3, [%[r], #60]\n\t"
"str r4, [%[r], #64]\n\t"
: [r] "+l" (r), [a] "+l" (a), [n] "+l" (n)
:
: "memory", "r3", "r4", "r5", "r6", "r7"
);
}
#ifdef WOLFSSL_SP_SMALL
/* Sub b from a into a. (a -= b)
*
@ -130892,8 +130898,8 @@ int sp_ecc_sign_521_nb(sp_ecc_ctx_t* sp_ctx, const byte* hash, word32 hashLen, W
case 0: /* INIT */
ctx->s = ctx->e;
ctx->kInv = ctx->k;
if (hashLen > 65U) {
hashLen = 65U;
if (hashLen > 66U) {
hashLen = 66U;
}
ctx->i = SP_ECC_MAX_SIG_GEN;
@ -130931,6 +130937,9 @@ int sp_ecc_sign_521_nb(sp_ecc_ctx_t* sp_ctx, const byte* hash, word32 hashLen, W
sp_521_from_mp(ctx->x, 17, priv);
sp_521_from_bin(ctx->e, 17, hash, (int)hashLen);
if (hashLen == 66U) {
sp_521_rshift_17(ctx->e, ctx->e, 7);
}
ctx->state = 4;
break;
}
@ -131067,8 +131076,8 @@ int sp_ecc_sign_521(const byte* hash, word32 hashLen, WC_RNG* rng,
tmp = e + 8 * 17;
s = e;
if (hashLen > 65U) {
hashLen = 65U;
if (hashLen > 66U) {
hashLen = 66U;
}
}
@ -131097,6 +131106,10 @@ int sp_ecc_sign_521(const byte* hash, word32 hashLen, WC_RNG* rng,
sp_521_from_mp(x, 17, priv);
sp_521_from_bin(e, 17, hash, (int)hashLen);
if (hashLen == 66U) {
sp_521_rshift_17(e, e, 7);
}
err = sp_521_calc_s_17(s, r, k, x, e, tmp);
}
@ -133705,8 +133718,8 @@ int sp_ecc_verify_521_nb(sp_ecc_ctx_t* sp_ctx, const byte* hash,
switch (ctx->state) {
case 0: /* INIT */
if (hashLen > 65U) {
hashLen = 65U;
if (hashLen > 66U) {
hashLen = 66U;
}
sp_521_from_bin(ctx->u1, 17, hash, (int)hashLen);
@ -133715,6 +133728,9 @@ int sp_ecc_verify_521_nb(sp_ecc_ctx_t* sp_ctx, const byte* hash,
sp_521_from_mp(ctx->p2.x, 17, pX);
sp_521_from_mp(ctx->p2.y, 17, pY);
sp_521_from_mp(ctx->p2.z, 17, pZ);
if (hashLen == 66U) {
sp_521_rshift_17(ctx->u1, ctx->u1, 7);
}
ctx->state = 1;
break;
case 1: /* NORMS0 */
@ -133866,8 +133882,8 @@ int sp_ecc_verify_521(const byte* hash, word32 hashLen, const mp_int* pX,
tmp = u1 + 6 * 17;
p2 = p1 + 1;
if (hashLen > 65U) {
hashLen = 65U;
if (hashLen > 66U) {
hashLen = 66U;
}
sp_521_from_bin(u1, 17, hash, (int)hashLen);
@ -133877,6 +133893,10 @@ int sp_ecc_verify_521(const byte* hash, word32 hashLen, const mp_int* pX,
sp_521_from_mp(p2->y, 17, pY);
sp_521_from_mp(p2->z, 17, pZ);
if (hashLen == 66U) {
sp_521_rshift_17(u1, u1, 7);
}
err = sp_521_calc_vfy_point_17(p1, p2, s, u1, u2, tmp, heap);
}
if (err == MP_OKAY) {

82
wolfcrypt/src/sp_c32.c
View File

@ -17517,7 +17517,7 @@ SP_NOINLINE static void sp_4096_rshift_81(sp_digit* r, const sp_digit* a,
{
int i;
for (i=0; i<72; i += 8) {
for (i=0; i<80; i += 8) {
r[i+0] = (a[i+0] >> n) | ((a[i+1] << (26 - n)) & 0x3ffffff);
r[i+1] = (a[i+1] >> n) | ((a[i+2] << (26 - n)) & 0x3ffffff);
r[i+2] = (a[i+2] >> n) | ((a[i+3] << (26 - n)) & 0x3ffffff);
@ -17527,14 +17527,6 @@ SP_NOINLINE static void sp_4096_rshift_81(sp_digit* r, const sp_digit* a,
r[i+6] = (a[i+6] >> n) | ((a[i+7] << (26 - n)) & 0x3ffffff);
r[i+7] = (a[i+7] >> n) | ((a[i+8] << (26 - n)) & 0x3ffffff);
}
r[72] = (a[72] >> n) | ((a[73] << (26 - n)) & 0x3ffffff);
r[73] = (a[73] >> n) | ((a[74] << (26 - n)) & 0x3ffffff);
r[74] = (a[74] >> n) | ((a[75] << (26 - n)) & 0x3ffffff);
r[75] = (a[75] >> n) | ((a[76] << (26 - n)) & 0x3ffffff);
r[76] = (a[76] >> n) | ((a[77] << (26 - n)) & 0x3ffffff);
r[77] = (a[77] >> n) | ((a[78] << (26 - n)) & 0x3ffffff);
r[78] = (a[78] >> n) | ((a[79] << (26 - n)) & 0x3ffffff);
r[79] = (a[79] >> n) | ((a[80] << (26 - n)) & 0x3ffffff);
r[80] = a[80] >> n;
}
@ -25420,7 +25412,7 @@ SP_NOINLINE static void sp_256_rshift_9(sp_digit* r, const sp_digit* a,
r[i] = ((a[i] >> n) | (a[i + 1] << (29 - n))) & 0x1fffffff;
}
#else
for (i=0; i<0; i += 8) {
for (i=0; i<8; i += 8) {
r[i+0] = (a[i+0] >> n) | ((a[i+1] << (29 - n)) & 0x1fffffff);
r[i+1] = (a[i+1] >> n) | ((a[i+2] << (29 - n)) & 0x1fffffff);
r[i+2] = (a[i+2] >> n) | ((a[i+3] << (29 - n)) & 0x1fffffff);
@ -25430,14 +25422,6 @@ SP_NOINLINE static void sp_256_rshift_9(sp_digit* r, const sp_digit* a,
r[i+6] = (a[i+6] >> n) | ((a[i+7] << (29 - n)) & 0x1fffffff);
r[i+7] = (a[i+7] >> n) | ((a[i+8] << (29 - n)) & 0x1fffffff);
}
r[0] = (a[0] >> n) | ((a[1] << (29 - n)) & 0x1fffffff);
r[1] = (a[1] >> n) | ((a[2] << (29 - n)) & 0x1fffffff);
r[2] = (a[2] >> n) | ((a[3] << (29 - n)) & 0x1fffffff);
r[3] = (a[3] >> n) | ((a[4] << (29 - n)) & 0x1fffffff);
r[4] = (a[4] >> n) | ((a[5] << (29 - n)) & 0x1fffffff);
r[5] = (a[5] >> n) | ((a[6] << (29 - n)) & 0x1fffffff);
r[6] = (a[6] >> n) | ((a[7] << (29 - n)) & 0x1fffffff);
r[7] = (a[7] >> n) | ((a[8] << (29 - n)) & 0x1fffffff);
#endif /* WOLFSSL_SP_SMALL */
r[8] = a[8] >> n;
}
@ -41230,6 +41214,34 @@ int sp_ecc_secret_gen_521(const mp_int* priv, const ecc_point* pub, byte* out,
#endif /* HAVE_ECC_DHE */
#if defined(HAVE_ECC_SIGN) || defined(HAVE_ECC_VERIFY)
SP_NOINLINE static void sp_521_rshift_21(sp_digit* r, const sp_digit* a,
byte n)
{
int i;
#ifdef WOLFSSL_SP_SMALL
for (i=0; i<20; i++) {
r[i] = ((a[i] >> n) | (a[i + 1] << (25 - n))) & 0x1ffffff;
}
#else
for (i=0; i<16; i += 8) {
r[i+0] = (a[i+0] >> n) | ((a[i+1] << (25 - n)) & 0x1ffffff);
r[i+1] = (a[i+1] >> n) | ((a[i+2] << (25 - n)) & 0x1ffffff);
r[i+2] = (a[i+2] >> n) | ((a[i+3] << (25 - n)) & 0x1ffffff);
r[i+3] = (a[i+3] >> n) | ((a[i+4] << (25 - n)) & 0x1ffffff);
r[i+4] = (a[i+4] >> n) | ((a[i+5] << (25 - n)) & 0x1ffffff);
r[i+5] = (a[i+5] >> n) | ((a[i+6] << (25 - n)) & 0x1ffffff);
r[i+6] = (a[i+6] >> n) | ((a[i+7] << (25 - n)) & 0x1ffffff);
r[i+7] = (a[i+7] >> n) | ((a[i+8] << (25 - n)) & 0x1ffffff);
}
r[16] = (a[16] >> n) | ((a[17] << (25 - n)) & 0x1ffffff);
r[17] = (a[17] >> n) | ((a[18] << (25 - n)) & 0x1ffffff);
r[18] = (a[18] >> n) | ((a[19] << (25 - n)) & 0x1ffffff);
r[19] = (a[19] >> n) | ((a[20] << (25 - n)) & 0x1ffffff);
#endif /* WOLFSSL_SP_SMALL */
r[20] = a[20] >> n;
}
#endif
#if defined(HAVE_ECC_SIGN) || defined(HAVE_ECC_VERIFY)
/* Multiply a by scalar b into r. (r = a * b)
@ -41738,8 +41750,8 @@ int sp_ecc_sign_521_nb(sp_ecc_ctx_t* sp_ctx, const byte* hash, word32 hashLen, W
case 0: /* INIT */
ctx->s = ctx->e;
ctx->kInv = ctx->k;
if (hashLen > 65U) {
hashLen = 65U;
if (hashLen > 66U) {
hashLen = 66U;
}
ctx->i = SP_ECC_MAX_SIG_GEN;
@ -41777,6 +41789,10 @@ int sp_ecc_sign_521_nb(sp_ecc_ctx_t* sp_ctx, const byte* hash, word32 hashLen, W
sp_521_from_mp(ctx->x, 21, priv);
sp_521_from_bin(ctx->e, 21, hash, (int)hashLen);
if (hashLen == 66U) {
sp_521_rshift_21(ctx->e, ctx->e, 7);
ctx->e[20] |= ((sp_digit)hash[0]) << 13;
}
ctx->state = 4;
break;
}
@ -41913,8 +41929,8 @@ int sp_ecc_sign_521(const byte* hash, word32 hashLen, WC_RNG* rng,
tmp = e + 8 * 21;
s = e;
if (hashLen > 65U) {
hashLen = 65U;
if (hashLen > 66U) {
hashLen = 66U;
}
}
@ -41943,6 +41959,11 @@ int sp_ecc_sign_521(const byte* hash, word32 hashLen, WC_RNG* rng,
sp_521_from_mp(x, 21, priv);
sp_521_from_bin(e, 21, hash, (int)hashLen);
if (hashLen == 66U) {
sp_521_rshift_21(e, e, 7);
e[20] |= ((sp_digit)hash[0]) << 13;
}
err = sp_521_calc_s_21(s, r, k, x, e, tmp);
}
@ -42292,8 +42313,8 @@ int sp_ecc_verify_521_nb(sp_ecc_ctx_t* sp_ctx, const byte* hash,
switch (ctx->state) {
case 0: /* INIT */
if (hashLen > 65U) {
hashLen = 65U;
if (hashLen > 66U) {
hashLen = 66U;
}
sp_521_from_bin(ctx->u1, 21, hash, (int)hashLen);
@ -42302,6 +42323,10 @@ int sp_ecc_verify_521_nb(sp_ecc_ctx_t* sp_ctx, const byte* hash,
sp_521_from_mp(ctx->p2.x, 21, pX);
sp_521_from_mp(ctx->p2.y, 21, pY);
sp_521_from_mp(ctx->p2.z, 21, pZ);
if (hashLen == 66U) {
sp_521_rshift_21(ctx->u1, ctx->u1, 7);
ctx->u1[20] |= ((sp_digit)hash[0]) << 13;
}
ctx->state = 1;
break;
case 1: /* NORMS0 */
@ -42453,8 +42478,8 @@ int sp_ecc_verify_521(const byte* hash, word32 hashLen, const mp_int* pX,
tmp = u1 + 6 * 21;
p2 = p1 + 1;
if (hashLen > 65U) {
hashLen = 65U;
if (hashLen > 66U) {
hashLen = 66U;
}
sp_521_from_bin(u1, 21, hash, (int)hashLen);
@ -42464,6 +42489,11 @@ int sp_ecc_verify_521(const byte* hash, word32 hashLen, const mp_int* pX,
sp_521_from_mp(p2->y, 21, pY);
sp_521_from_mp(p2->z, 21, pZ);
if (hashLen == 66U) {
sp_521_rshift_21(u1, u1, 7);
u1[20] |= ((sp_digit)hash[0]) << 13;
}
err = sp_521_calc_vfy_point_21(p1, p2, s, u1, u2, tmp, heap);
}
if (err == MP_OKAY) {

58
wolfcrypt/src/sp_c64.c
View File

@ -41249,6 +41249,30 @@ int sp_ecc_secret_gen_521(const mp_int* priv, const ecc_point* pub, byte* out,
#endif /* HAVE_ECC_DHE */
#if defined(HAVE_ECC_SIGN) || defined(HAVE_ECC_VERIFY)
SP_NOINLINE static void sp_521_rshift_9(sp_digit* r, const sp_digit* a,
byte n)
{
int i;
#ifdef WOLFSSL_SP_SMALL
for (i=0; i<8; i++) {
r[i] = ((a[i] >> n) | (a[i + 1] << (58 - n))) & 0x3ffffffffffffffL;
}
#else
for (i=0; i<8; i += 8) {
r[i+0] = (a[i+0] >> n) | ((a[i+1] << (58 - n)) & 0x3ffffffffffffffL);
r[i+1] = (a[i+1] >> n) | ((a[i+2] << (58 - n)) & 0x3ffffffffffffffL);
r[i+2] = (a[i+2] >> n) | ((a[i+3] << (58 - n)) & 0x3ffffffffffffffL);
r[i+3] = (a[i+3] >> n) | ((a[i+4] << (58 - n)) & 0x3ffffffffffffffL);
r[i+4] = (a[i+4] >> n) | ((a[i+5] << (58 - n)) & 0x3ffffffffffffffL);
r[i+5] = (a[i+5] >> n) | ((a[i+6] << (58 - n)) & 0x3ffffffffffffffL);
r[i+6] = (a[i+6] >> n) | ((a[i+7] << (58 - n)) & 0x3ffffffffffffffL);
r[i+7] = (a[i+7] >> n) | ((a[i+8] << (58 - n)) & 0x3ffffffffffffffL);
}
#endif /* WOLFSSL_SP_SMALL */
r[8] = a[8] >> n;
}
#endif
#if defined(HAVE_ECC_SIGN) || defined(HAVE_ECC_VERIFY)
/* Multiply a by scalar b into r. (r = a * b)
@ -41803,8 +41827,8 @@ int sp_ecc_sign_521_nb(sp_ecc_ctx_t* sp_ctx, const byte* hash, word32 hashLen, W
case 0: /* INIT */
ctx->s = ctx->e;
ctx->kInv = ctx->k;
if (hashLen > 65U) {
hashLen = 65U;
if (hashLen > 66U) {
hashLen = 66U;
}
ctx->i = SP_ECC_MAX_SIG_GEN;
@ -41842,6 +41866,10 @@ int sp_ecc_sign_521_nb(sp_ecc_ctx_t* sp_ctx, const byte* hash, word32 hashLen, W
sp_521_from_mp(ctx->x, 9, priv);
sp_521_from_bin(ctx->e, 9, hash, (int)hashLen);
if (hashLen == 66U) {
sp_521_rshift_9(ctx->e, ctx->e, 7);
ctx->e[8] |= ((sp_digit)hash[0]) << 49;
}
ctx->state = 4;
break;
}
@ -41978,8 +42006,8 @@ int sp_ecc_sign_521(const byte* hash, word32 hashLen, WC_RNG* rng,
tmp = e + 8 * 9;
s = e;
if (hashLen > 65U) {
hashLen = 65U;
if (hashLen > 66U) {
hashLen = 66U;
}
}
@ -42008,6 +42036,11 @@ int sp_ecc_sign_521(const byte* hash, word32 hashLen, WC_RNG* rng,
sp_521_from_mp(x, 9, priv);
sp_521_from_bin(e, 9, hash, (int)hashLen);
if (hashLen == 66U) {
sp_521_rshift_9(e, e, 7);
e[8] |= ((sp_digit)hash[0]) << 49;
}
err = sp_521_calc_s_9(s, r, k, x, e, tmp);
}
@ -42350,8 +42383,8 @@ int sp_ecc_verify_521_nb(sp_ecc_ctx_t* sp_ctx, const byte* hash,
switch (ctx->state) {
case 0: /* INIT */
if (hashLen > 65U) {
hashLen = 65U;
if (hashLen > 66U) {
hashLen = 66U;
}
sp_521_from_bin(ctx->u1, 9, hash, (int)hashLen);
@ -42360,6 +42393,10 @@ int sp_ecc_verify_521_nb(sp_ecc_ctx_t* sp_ctx, const byte* hash,
sp_521_from_mp(ctx->p2.x, 9, pX);
sp_521_from_mp(ctx->p2.y, 9, pY);
sp_521_from_mp(ctx->p2.z, 9, pZ);
if (hashLen == 66U) {
sp_521_rshift_9(ctx->u1, ctx->u1, 7);
ctx->u1[8] |= ((sp_digit)hash[0]) << 49;
}
ctx->state = 1;
break;
case 1: /* NORMS0 */
@ -42511,8 +42548,8 @@ int sp_ecc_verify_521(const byte* hash, word32 hashLen, const mp_int* pX,
tmp = u1 + 6 * 9;
p2 = p1 + 1;
if (hashLen > 65U) {
hashLen = 65U;
if (hashLen > 66U) {
hashLen = 66U;
}
sp_521_from_bin(u1, 9, hash, (int)hashLen);
@ -42522,6 +42559,11 @@ int sp_ecc_verify_521(const byte* hash, word32 hashLen, const mp_int* pX,
sp_521_from_mp(p2->y, 9, pY);
sp_521_from_mp(p2->z, 9, pZ);
if (hashLen == 66U) {
sp_521_rshift_9(u1, u1, 7);
u1[8] |= ((sp_digit)hash[0]) << 49;
}
err = sp_521_calc_vfy_point_9(p1, p2, s, u1, u2, tmp, heap);
}
if (err == MP_OKAY) {

220
wolfcrypt/src/sp_cortexm.c
View File

@ -22198,6 +22198,8 @@ int sp_ecc_secret_gen_256(const mp_int* priv, const ecc_point* pub, byte* out,
}
#endif /* HAVE_ECC_DHE */
#if defined(HAVE_ECC_SIGN) || defined(HAVE_ECC_VERIFY)
#endif
#if defined(HAVE_ECC_SIGN) || defined(HAVE_ECC_VERIFY)
#endif
#if defined(HAVE_ECC_SIGN) || defined(HAVE_ECC_VERIFY)
@ -29364,6 +29366,8 @@ int sp_ecc_secret_gen_384(const mp_int* priv, const ecc_point* pub, byte* out,
}
#endif /* HAVE_ECC_DHE */
#if defined(HAVE_ECC_SIGN) || defined(HAVE_ECC_VERIFY)
#endif
#if defined(HAVE_ECC_SIGN) || defined(HAVE_ECC_VERIFY)
#endif
#if defined(HAVE_ECC_SIGN) || defined(HAVE_ECC_VERIFY)
@ -37686,6 +37690,100 @@ int sp_ecc_secret_gen_521(const mp_int* priv, const ecc_point* pub, byte* out,
}
#endif /* HAVE_ECC_DHE */
#if defined(HAVE_ECC_SIGN) || defined(HAVE_ECC_VERIFY)
SP_NOINLINE static void sp_521_rshift_17(sp_digit* r, const sp_digit* a, byte n)
{
__asm__ __volatile__ (
"mov r6, #32\n\t"
"sub r6, r6, %[n]\n\t"
"ldrd r2, r3, [%[a]]\n\t"
"lsr r2, r2, %[n]\n\t"
"lsl r5, r3, r6\n\t"
"lsr r3, r3, %[n]\n\t"
"orr r2, r2, r5\n\t"
"ldr r4, [%[a], #8]\n\t"
"str r2, [%[r], #0]\n\t"
"lsl r5, r4, r6\n\t"
"lsr r4, r4, %[n]\n\t"
"orr r3, r3, r5\n\t"
"ldr r2, [%[a], #12]\n\t"
"str r3, [%[r], #4]\n\t"
"lsl r5, r2, r6\n\t"
"lsr r2, r2, %[n]\n\t"
"orr r4, r4, r5\n\t"
"ldr r3, [%[a], #16]\n\t"
"str r4, [%[r], #8]\n\t"
"lsl r5, r3, r6\n\t"
"lsr r3, r3, %[n]\n\t"
"orr r2, r2, r5\n\t"
"ldr r4, [%[a], #20]\n\t"
"str r2, [%[r], #12]\n\t"
"lsl r5, r4, r6\n\t"
"lsr r4, r4, %[n]\n\t"
"orr r3, r3, r5\n\t"
"ldr r2, [%[a], #24]\n\t"
"str r3, [%[r], #16]\n\t"
"lsl r5, r2, r6\n\t"
"lsr r2, r2, %[n]\n\t"
"orr r4, r4, r5\n\t"
"ldr r3, [%[a], #28]\n\t"
"str r4, [%[r], #20]\n\t"
"lsl r5, r3, r6\n\t"
"lsr r3, r3, %[n]\n\t"
"orr r2, r2, r5\n\t"
"ldr r4, [%[a], #32]\n\t"
"str r2, [%[r], #24]\n\t"
"lsl r5, r4, r6\n\t"
"lsr r4, r4, %[n]\n\t"
"orr r3, r3, r5\n\t"
"ldr r2, [%[a], #36]\n\t"
"str r3, [%[r], #28]\n\t"
"lsl r5, r2, r6\n\t"
"lsr r2, r2, %[n]\n\t"
"orr r4, r4, r5\n\t"
"ldr r3, [%[a], #40]\n\t"
"str r4, [%[r], #32]\n\t"
"lsl r5, r3, r6\n\t"
"lsr r3, r3, %[n]\n\t"
"orr r2, r2, r5\n\t"
"ldr r4, [%[a], #44]\n\t"
"str r2, [%[r], #36]\n\t"
"lsl r5, r4, r6\n\t"
"lsr r4, r4, %[n]\n\t"
"orr r3, r3, r5\n\t"
"ldr r2, [%[a], #48]\n\t"
"str r3, [%[r], #40]\n\t"
"lsl r5, r2, r6\n\t"
"lsr r2, r2, %[n]\n\t"
"orr r4, r4, r5\n\t"
"ldr r3, [%[a], #52]\n\t"
"str r4, [%[r], #44]\n\t"
"lsl r5, r3, r6\n\t"
"lsr r3, r3, %[n]\n\t"
"orr r2, r2, r5\n\t"
"ldr r4, [%[a], #56]\n\t"
"str r2, [%[r], #48]\n\t"
"lsl r5, r4, r6\n\t"
"lsr r4, r4, %[n]\n\t"
"orr r3, r3, r5\n\t"
"ldr r2, [%[a], #60]\n\t"
"str r3, [%[r], #52]\n\t"
"lsl r5, r2, r6\n\t"
"lsr r2, r2, %[n]\n\t"
"orr r4, r4, r5\n\t"
"ldr r3, [%[a], #64]\n\t"
"str r4, [%[r], #56]\n\t"
"lsl r5, r3, r6\n\t"
"lsr r3, r3, %[n]\n\t"
"orr r2, r2, r5\n\t"
"strd r2, r3, [%[r], #60]\n\t"
:
: [r] "r" (r), [a] "r" (a), [n] "r" (n)
: "memory", "r2", "r3", "r4", "r5", "r6"
);
}
#endif
#if defined(HAVE_ECC_SIGN) || defined(HAVE_ECC_VERIFY)
#endif
#if defined(HAVE_ECC_SIGN) || defined(HAVE_ECC_VERIFY)
@ -38017,98 +38115,6 @@ static void sp_521_lshift_34(sp_digit* r, const sp_digit* a, byte n)
);
}
SP_NOINLINE static void sp_521_rshift_17(sp_digit* r, const sp_digit* a, byte n)
{
__asm__ __volatile__ (
"mov r6, #32\n\t"
"sub r6, r6, %[n]\n\t"
"ldrd r2, r3, [%[a]]\n\t"
"lsr r2, r2, %[n]\n\t"
"lsl r5, r3, r6\n\t"
"lsr r3, r3, %[n]\n\t"
"orr r2, r2, r5\n\t"
"ldr r4, [%[a], #8]\n\t"
"str r2, [%[r], #0]\n\t"
"lsl r5, r4, r6\n\t"
"lsr r4, r4, %[n]\n\t"
"orr r3, r3, r5\n\t"
"ldr r2, [%[a], #12]\n\t"
"str r3, [%[r], #4]\n\t"
"lsl r5, r2, r6\n\t"
"lsr r2, r2, %[n]\n\t"
"orr r4, r4, r5\n\t"
"ldr r3, [%[a], #16]\n\t"
"str r4, [%[r], #8]\n\t"
"lsl r5, r3, r6\n\t"
"lsr r3, r3, %[n]\n\t"
"orr r2, r2, r5\n\t"
"ldr r4, [%[a], #20]\n\t"
"str r2, [%[r], #12]\n\t"
"lsl r5, r4, r6\n\t"
"lsr r4, r4, %[n]\n\t"
"orr r3, r3, r5\n\t"
"ldr r2, [%[a], #24]\n\t"
"str r3, [%[r], #16]\n\t"
"lsl r5, r2, r6\n\t"
"lsr r2, r2, %[n]\n\t"
"orr r4, r4, r5\n\t"
"ldr r3, [%[a], #28]\n\t"
"str r4, [%[r], #20]\n\t"
"lsl r5, r3, r6\n\t"
"lsr r3, r3, %[n]\n\t"
"orr r2, r2, r5\n\t"
"ldr r4, [%[a], #32]\n\t"
"str r2, [%[r], #24]\n\t"
"lsl r5, r4, r6\n\t"
"lsr r4, r4, %[n]\n\t"
"orr r3, r3, r5\n\t"
"ldr r2, [%[a], #36]\n\t"
"str r3, [%[r], #28]\n\t"
"lsl r5, r2, r6\n\t"
"lsr r2, r2, %[n]\n\t"
"orr r4, r4, r5\n\t"
"ldr r3, [%[a], #40]\n\t"
"str r4, [%[r], #32]\n\t"
"lsl r5, r3, r6\n\t"
"lsr r3, r3, %[n]\n\t"
"orr r2, r2, r5\n\t"
"ldr r4, [%[a], #44]\n\t"
"str r2, [%[r], #36]\n\t"
"lsl r5, r4, r6\n\t"
"lsr r4, r4, %[n]\n\t"
"orr r3, r3, r5\n\t"
"ldr r2, [%[a], #48]\n\t"
"str r3, [%[r], #40]\n\t"
"lsl r5, r2, r6\n\t"
"lsr r2, r2, %[n]\n\t"
"orr r4, r4, r5\n\t"
"ldr r3, [%[a], #52]\n\t"
"str r4, [%[r], #44]\n\t"
"lsl r5, r3, r6\n\t"
"lsr r3, r3, %[n]\n\t"
"orr r2, r2, r5\n\t"
"ldr r4, [%[a], #56]\n\t"
"str r2, [%[r], #48]\n\t"
"lsl r5, r4, r6\n\t"
"lsr r4, r4, %[n]\n\t"
"orr r3, r3, r5\n\t"
"ldr r2, [%[a], #60]\n\t"
"str r3, [%[r], #52]\n\t"
"lsl r5, r2, r6\n\t"
"lsr r2, r2, %[n]\n\t"
"orr r4, r4, r5\n\t"
"ldr r3, [%[a], #64]\n\t"
"str r4, [%[r], #56]\n\t"
"lsl r5, r3, r6\n\t"
"lsr r3, r3, %[n]\n\t"
"orr r2, r2, r5\n\t"
"strd r2, r3, [%[r], #60]\n\t"
:
: [r] "r" (r), [a] "r" (a), [n] "r" (n)
: "memory", "r2", "r3", "r4", "r5", "r6"
);
}
#ifdef WOLFSSL_SP_SMALL
/* Sub b from a into a. (a -= b)
*
@ -38695,8 +38701,8 @@ int sp_ecc_sign_521_nb(sp_ecc_ctx_t* sp_ctx, const byte* hash, word32 hashLen, W
case 0: /* INIT */
ctx->s = ctx->e;
ctx->kInv = ctx->k;
if (hashLen > 65U) {
hashLen = 65U;
if (hashLen > 66U) {
hashLen = 66U;
}
ctx->i = SP_ECC_MAX_SIG_GEN;
@ -38734,6 +38740,9 @@ int sp_ecc_sign_521_nb(sp_ecc_ctx_t* sp_ctx, const byte* hash, word32 hashLen, W
sp_521_from_mp(ctx->x, 17, priv);
sp_521_from_bin(ctx->e, 17, hash, (int)hashLen);
if (hashLen == 66U) {
sp_521_rshift_17(ctx->e, ctx->e, 7);
}
ctx->state = 4;
break;
}
@ -38870,8 +38879,8 @@ int sp_ecc_sign_521(const byte* hash, word32 hashLen, WC_RNG* rng,
tmp = e + 8 * 17;
s = e;
if (hashLen > 65U) {
hashLen = 65U;
if (hashLen > 66U) {
hashLen = 66U;
}
}
@ -38900,6 +38909,10 @@ int sp_ecc_sign_521(const byte* hash, word32 hashLen, WC_RNG* rng,
sp_521_from_mp(x, 17, priv);
sp_521_from_bin(e, 17, hash, (int)hashLen);
if (hashLen == 66U) {
sp_521_rshift_17(e, e, 7);
}
err = sp_521_calc_s_17(s, r, k, x, e, tmp);
}
@ -39512,8 +39525,8 @@ int sp_ecc_verify_521_nb(sp_ecc_ctx_t* sp_ctx, const byte* hash,
switch (ctx->state) {
case 0: /* INIT */
if (hashLen > 65U) {
hashLen = 65U;
if (hashLen > 66U) {
hashLen = 66U;
}
sp_521_from_bin(ctx->u1, 17, hash, (int)hashLen);
@ -39522,6 +39535,9 @@ int sp_ecc_verify_521_nb(sp_ecc_ctx_t* sp_ctx, const byte* hash,
sp_521_from_mp(ctx->p2.x, 17, pX);
sp_521_from_mp(ctx->p2.y, 17, pY);
sp_521_from_mp(ctx->p2.z, 17, pZ);
if (hashLen == 66U) {
sp_521_rshift_17(ctx->u1, ctx->u1, 7);
}
ctx->state = 1;
break;
case 1: /* NORMS0 */
@ -39673,8 +39689,8 @@ int sp_ecc_verify_521(const byte* hash, word32 hashLen, const mp_int* pX,
tmp = u1 + 6 * 17;
p2 = p1 + 1;
if (hashLen > 65U) {
hashLen = 65U;
if (hashLen > 66U) {
hashLen = 66U;
}
sp_521_from_bin(u1, 17, hash, (int)hashLen);
@ -39684,6 +39700,10 @@ int sp_ecc_verify_521(const byte* hash, word32 hashLen, const mp_int* pX,
sp_521_from_mp(p2->y, 17, pY);
sp_521_from_mp(p2->z, 17, pZ);
if (hashLen == 66U) {
sp_521_rshift_17(u1, u1, 7);
}
err = sp_521_calc_vfy_point_17(p1, p2, s, u1, u2, tmp, heap);
}
if (err == MP_OKAY) {

73
wolfcrypt/src/sp_x86_64.c
View File

@ -7057,7 +7057,13 @@ static const sp_digit p256_b[4] = {
#endif
extern void sp_256_mul_4(sp_digit* r, const sp_digit* a, const sp_digit* b);
#ifdef HAVE_INTEL_AVX2
extern void sp_256_mul_avx2_4(sp_digit* r, const sp_digit* a, const sp_digit* b);
#endif /* HAVE_INTEL_AVX2 */
extern void sp_256_sqr_4(sp_digit* r, const sp_digit* a);
#ifdef HAVE_INTEL_AVX2
extern void sp_256_sqr_avx2_4(sp_digit* r, const sp_digit* a);
#endif /* HAVE_INTEL_AVX2 */
extern sp_digit sp_256_add_4(sp_digit* r, const sp_digit* a, const sp_digit* b);
extern sp_digit sp_256_sub_4(sp_digit* r, const sp_digit* a, const sp_digit* b);
/* Multiply a number by Montgomery normalizer mod modulus (prime).
@ -22980,7 +22986,7 @@ static int sp_256_ecc_mulmod_add_only_4(sp_point_256* r, const sp_point_256* g,
XFREE(rt, heap, DYNAMIC_TYPE_ECC);
#endif
return MP_OKAY;
return err;
}
/* Multiply the base point of P256 by the scalar and return the result.
@ -23114,7 +23120,7 @@ static int sp_256_ecc_mulmod_add_only_avx2_4(sp_point_256* r, const sp_point_256
XFREE(rt, heap, DYNAMIC_TYPE_ECC);
#endif
return MP_OKAY;
return err;
}
/* Multiply the base point of P256 by the scalar and return the result.
@ -23557,9 +23563,6 @@ int sp_ecc_secret_gen_256(const mp_int* priv, const ecc_point* pub, byte* out,
#endif /* HAVE_ECC_DHE */
#if defined(HAVE_ECC_SIGN) || defined(HAVE_ECC_VERIFY)
#ifdef HAVE_INTEL_AVX2
extern void sp_256_mul_avx2_4(sp_digit* r, const sp_digit* a, const sp_digit* b);
#endif /* HAVE_INTEL_AVX2 */
#endif
#if defined(HAVE_ECC_SIGN) || defined(HAVE_ECC_VERIFY)
extern sp_digit sp_256_sub_in_place_4(sp_digit* a, const sp_digit* b);
@ -25656,7 +25659,13 @@ static const sp_digit p384_b[6] = {
#endif
extern void sp_384_mul_6(sp_digit* r, const sp_digit* a, const sp_digit* b);
#ifdef HAVE_INTEL_AVX2
extern void sp_384_mul_avx2_6(sp_digit* r, const sp_digit* a, const sp_digit* b);
#endif /* HAVE_INTEL_AVX2 */
extern void sp_384_sqr_6(sp_digit* r, const sp_digit* a);
#ifdef HAVE_INTEL_AVX2
extern void sp_384_sqr_avx2_6(sp_digit* r, const sp_digit* a);
#endif /* HAVE_INTEL_AVX2 */
extern sp_digit sp_384_add_6(sp_digit* r, const sp_digit* a, const sp_digit* b);
extern sp_digit sp_384_sub_6(sp_digit* r, const sp_digit* a, const sp_digit* b);
/* Multiply a number by Montgomery normalizer mod modulus (prime).
@ -27198,7 +27207,6 @@ static int sp_384_ecc_mulmod_win_add_sub_6(sp_point_384* r, const sp_point_384*
#ifdef HAVE_INTEL_AVX2
#define sp_384_mod_mul_norm_avx2_6 sp_384_mod_mul_norm_6
#ifdef HAVE_INTEL_AVX2
extern void sp_384_mul_avx2_6(sp_digit* r, const sp_digit* a, const sp_digit* b);
#define sp_384_mont_reduce_avx2_6 sp_384_mont_reduce_6
extern void sp_384_mont_reduce_order_avx2_6(sp_digit* a, const sp_digit* m, sp_digit mp);
/* Multiply two Montgomery form numbers mod the modulus (prime).
@ -27219,7 +27227,6 @@ static void sp_384_mont_mul_avx2_6(sp_digit* r, const sp_digit* a,
#endif /* HAVE_INTEL_AVX2 */
#ifdef HAVE_INTEL_AVX2
extern void sp_384_sqr_avx2_6(sp_digit* r, const sp_digit* a);
/* Square the Montgomery form number. (r = a * a mod m)
*
* r Result of squaring.
@ -47595,7 +47602,7 @@ static int sp_384_ecc_mulmod_add_only_6(sp_point_384* r, const sp_point_384* g,
XFREE(rt, heap, DYNAMIC_TYPE_ECC);
#endif
return MP_OKAY;
return err;
}
/* Multiply the base point of P384 by the scalar and return the result.
@ -47729,7 +47736,7 @@ static int sp_384_ecc_mulmod_add_only_avx2_6(sp_point_384* r, const sp_point_384
XFREE(rt, heap, DYNAMIC_TYPE_ECC);
#endif
return MP_OKAY;
return err;
}
/* Multiply the base point of P384 by the scalar and return the result.
@ -48172,8 +48179,6 @@ int sp_ecc_secret_gen_384(const mp_int* priv, const ecc_point* pub, byte* out,
#endif /* HAVE_ECC_DHE */
#if defined(HAVE_ECC_SIGN) || defined(HAVE_ECC_VERIFY)
#ifdef HAVE_INTEL_AVX2
#endif /* HAVE_INTEL_AVX2 */
#endif
#if defined(HAVE_ECC_SIGN) || defined(HAVE_ECC_VERIFY)
extern sp_digit sp_384_sub_in_place_6(sp_digit* a, const sp_digit* b);
@ -50344,7 +50349,13 @@ static const sp_digit p521_b[9] = {
#endif
extern void sp_521_mul_9(sp_digit* r, const sp_digit* a, const sp_digit* b);
#ifdef HAVE_INTEL_AVX2
extern void sp_521_mul_avx2_9(sp_digit* r, const sp_digit* a, const sp_digit* b);
#endif /* HAVE_INTEL_AVX2 */
extern void sp_521_sqr_9(sp_digit* r, const sp_digit* a);
#ifdef HAVE_INTEL_AVX2
extern void sp_521_sqr_avx2_9(sp_digit* r, const sp_digit* a);
#endif /* HAVE_INTEL_AVX2 */
extern sp_digit sp_521_add_9(sp_digit* r, const sp_digit* a, const sp_digit* b);
extern sp_digit sp_521_sub_9(sp_digit* r, const sp_digit* a, const sp_digit* b);
/* Multiply a number by Montgomery normalizer mod modulus (prime).
@ -88242,7 +88253,7 @@ static int sp_521_ecc_mulmod_add_only_9(sp_point_521* r, const sp_point_521* g,
XFREE(rt, heap, DYNAMIC_TYPE_ECC);
#endif
return MP_OKAY;
return err;
}
/* Multiply the base point of P521 by the scalar and return the result.
@ -88376,7 +88387,7 @@ static int sp_521_ecc_mulmod_add_only_avx2_9(sp_point_521* r, const sp_point_521
XFREE(rt, heap, DYNAMIC_TYPE_ECC);
#endif
return MP_OKAY;
return err;
}
/* Multiply the base point of P521 by the scalar and return the result.
@ -88821,14 +88832,11 @@ int sp_ecc_secret_gen_521(const mp_int* priv, const ecc_point* pub, byte* out,
#endif /* HAVE_ECC_DHE */
#if defined(HAVE_ECC_SIGN) || defined(HAVE_ECC_VERIFY)
#ifdef HAVE_INTEL_AVX2
extern void sp_521_mul_avx2_9(sp_digit* r, const sp_digit* a, const sp_digit* b);
#endif /* HAVE_INTEL_AVX2 */
extern void sp_521_rshift_9(sp_digit* r, const sp_digit* a, int n);
#endif
#if defined(HAVE_ECC_SIGN) || defined(HAVE_ECC_VERIFY)
extern void sp_521_lshift_9(sp_digit* r, const sp_digit* a, int n);
extern void sp_521_lshift_18(sp_digit* r, const sp_digit* a, int n);
extern void sp_521_rshift_9(sp_digit* r, const sp_digit* a, int n);
extern sp_digit sp_521_sub_in_place_9(sp_digit* a, const sp_digit* b);
extern void sp_521_mul_d_9(sp_digit* r, const sp_digit* a, sp_digit b);
extern void sp_521_mul_d_avx2_9(sp_digit* r, const sp_digit* a, const sp_digit b);
@ -89169,7 +89177,6 @@ static void sp_521_mont_inv_order_9(sp_digit* r, const sp_digit* a,
#endif /* HAVE_ECC_SIGN || (HAVE_ECC_VERIFY && WOLFSSL_SP_SMALL) */
#ifdef HAVE_INTEL_AVX2
extern void sp_521_sqr_avx2_9(sp_digit* r, const sp_digit* a);
/* Multiply two number mod the order of P521 curve. (r = a * b mod order)
*
* r Result of the multiplication.
@ -89469,8 +89476,8 @@ int sp_ecc_sign_521_nb(sp_ecc_ctx_t* sp_ctx, const byte* hash, word32 hashLen, W
case 0: /* INIT */
ctx->s = ctx->e;
ctx->kInv = ctx->k;
if (hashLen > 65U) {
hashLen = 65U;
if (hashLen > 66U) {
hashLen = 66U;
}
ctx->i = SP_ECC_MAX_SIG_GEN;
@ -89508,6 +89515,9 @@ int sp_ecc_sign_521_nb(sp_ecc_ctx_t* sp_ctx, const byte* hash, word32 hashLen, W
sp_521_from_mp(ctx->x, 9, priv);
sp_521_from_bin(ctx->e, 9, hash, (int)hashLen);
if (hashLen == 66U) {
sp_521_rshift_9(ctx->e, ctx->e, 7);
}
ctx->state = 4;
break;
}
@ -89647,8 +89657,8 @@ int sp_ecc_sign_521(const byte* hash, word32 hashLen, WC_RNG* rng,
tmp = e + 8 * 9;
s = e;
if (hashLen > 65U) {
hashLen = 65U;
if (hashLen > 66U) {
hashLen = 66U;
}
}
@ -89682,6 +89692,10 @@ int sp_ecc_sign_521(const byte* hash, word32 hashLen, WC_RNG* rng,
sp_521_from_mp(x, 9, priv);
sp_521_from_bin(e, 9, hash, (int)hashLen);
if (hashLen == 66U) {
sp_521_rshift_9(e, e, 7);
}
err = sp_521_calc_s_9(s, r, k, x, e, tmp);
}
@ -90006,8 +90020,8 @@ int sp_ecc_verify_521_nb(sp_ecc_ctx_t* sp_ctx, const byte* hash,
switch (ctx->state) {
case 0: /* INIT */
if (hashLen > 65U) {
hashLen = 65U;
if (hashLen > 66U) {
hashLen = 66U;
}
sp_521_from_bin(ctx->u1, 9, hash, (int)hashLen);
@ -90016,6 +90030,9 @@ int sp_ecc_verify_521_nb(sp_ecc_ctx_t* sp_ctx, const byte* hash,
sp_521_from_mp(ctx->p2.x, 9, pX);
sp_521_from_mp(ctx->p2.y, 9, pY);
sp_521_from_mp(ctx->p2.z, 9, pZ);
if (hashLen == 66U) {
sp_521_rshift_9(ctx->u1, ctx->u1, 7);
}
ctx->state = 1;
break;
case 1: /* NORMS0 */
@ -90170,8 +90187,8 @@ int sp_ecc_verify_521(const byte* hash, word32 hashLen, const mp_int* pX,
tmp = u1 + 6 * 9;
p2 = p1 + 1;
if (hashLen > 65U) {
hashLen = 65U;
if (hashLen > 66U) {
hashLen = 66U;
}
sp_521_from_bin(u1, 9, hash, (int)hashLen);
@ -90181,6 +90198,10 @@ int sp_ecc_verify_521(const byte* hash, word32 hashLen, const mp_int* pX,
sp_521_from_mp(p2->y, 9, pY);
sp_521_from_mp(p2->z, 9, pZ);
if (hashLen == 66U) {
sp_521_rshift_9(u1, u1, 7);
}
err = sp_521_calc_vfy_point_9(p1, p2, s, u1, u2, tmp, heap);
}
if (err == MP_OKAY) {

3159
wolfcrypt/src/sp_x86_64_asm.S
View File

File diff suppressed because it is too large Load Diff

3093
wolfcrypt/src/sp_x86_64_asm.asm
View File

File diff suppressed because it is too large Load Diff