WolfSSL
/
wolfssl
mirror of https://github.com/wolfSSL/wolfssl.git
1
0
Fork 0
Code Issues Releases Wiki Activity

Fix SP RSA private op 

tmpa - tmpb can be less than -p.
Need to conditionally add p twice.
C and multiple platform fix.
pull/2846/head
Sean Parkinson 2020-03-12 09:33:52 +10:00
parent 87ff2fa47d
commit 6321eabf86
7 changed files with 2047 additions and 1036 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1037
wolfcrypt/src/sp_arm32.c
View File

File diff suppressed because it is too large Load Diff

1373
wolfcrypt/src/sp_arm64.c
View File

File diff suppressed because it is too large Load Diff

184
wolfcrypt/src/sp_armthumb.c
View File

@ -4358,6 +4358,46 @@ int sp_RsaPublic_2048(const byte* in, word32 inLen, mp_int* em, mp_int* mm,
return err;
}
#ifndef WOLFSSL_RSA_PUBLIC_ONLY
/* Conditionally add a and b using the mask m.
* m is -1 to add and 0 when not.
*
* r A single precision number representing conditional add result.
* a A single precision number to add with.
* b A single precision number to add.
* m Mask value to apply.
*/
SP_NOINLINE static sp_digit sp_2048_cond_add_32(sp_digit* r, const sp_digit* a, const sp_digit* b,
sp_digit m)
{
sp_digit c = 0;
__asm__ __volatile__ (
"mov r5, #128\n\t"
"mov r8, r5\n\t"
"mov r7, #0\n\t"
"1:\n\t"
"ldr r6, [%[b], r7]\n\t"
"and r6, %[m]\n\t"
"mov r5, #0\n\t"
"sub r5, #1\n\t"
"add r5, %[c]\n\t"
"ldr r5, [%[a], r7]\n\t"
"adc r5, r6\n\t"
"mov %[c], #0\n\t"
"adc %[c], %[c]\n\t"
"str r5, [%[r], r7]\n\t"
"add r7, #4\n\t"
"cmp r7, r8\n\t"
"blt 1b\n\t"
: [c] "+r" (c)
: [r] "r" (r), [a] "r" (a), [b] "r" (b), [m] "r" (m)
: "memory", "r5", "r6", "r7", "r8"
);
return c;
}
/* RSA private key operation.
*
* in Array of bytes representing the number to exponentiate, base.
@ -4392,7 +4432,6 @@ int sp_RsaPrivate_2048(const byte* in, word32 inLen, mp_int* dm,
sp_digit* dp;
sp_digit* dq;
sp_digit* qi;
sp_digit* tmp;
sp_digit* tmpa;
sp_digit* tmpb;
sp_digit* r;
@ -4422,8 +4461,7 @@ int sp_RsaPrivate_2048(const byte* in, word32 inLen, mp_int* dm,
tmpa = qi + 32;
tmpb = tmpa + 64;
tmp = t;
r = tmp + 64;
r = t + 64;
}
#else
r = a = ad;
@ -4432,7 +4470,6 @@ int sp_RsaPrivate_2048(const byte* in, word32 inLen, mp_int* dm,
qi = dq = dp = dpd;
tmpa = tmpad;
tmpb = tmpbd;
tmp = a + 64;
#endif
if (err == MP_OKAY) {
@ -4450,8 +4487,8 @@ int sp_RsaPrivate_2048(const byte* in, word32 inLen, mp_int* dm,
if (err == MP_OKAY) {
c = sp_2048_sub_in_place_32(tmpa, tmpb);
sp_2048_mask_32(tmp, p, c);
sp_2048_add_32(tmpa, tmpa, tmp);
c += sp_2048_cond_add_32(tmpa, tmpa, p, c);
sp_2048_cond_add_32(tmpa, tmpa, p, c);
sp_2048_from_mp(qi, 32, qim);
sp_2048_mul_32(tmpa, tmpa, qi);
@ -4482,6 +4519,7 @@ int sp_RsaPrivate_2048(const byte* in, word32 inLen, mp_int* dm,
return err;
}
#endif /* WOLFSSL_RSA_PUBLIC_ONLY */
#endif /* WOLFSSL_HAVE_SP_RSA */
#if defined(WOLFSSL_HAVE_SP_DH) || (defined(WOLFSSL_HAVE_SP_RSA) && \
!defined(WOLFSSL_RSA_PUBLIC_ONLY))
@ -10061,6 +10099,46 @@ int sp_RsaPublic_3072(const byte* in, word32 inLen, mp_int* em, mp_int* mm,
return err;
}
#ifndef WOLFSSL_RSA_PUBLIC_ONLY
/* Conditionally add a and b using the mask m.
* m is -1 to add and 0 when not.
*
* r A single precision number representing conditional add result.
* a A single precision number to add with.
* b A single precision number to add.
* m Mask value to apply.
*/
SP_NOINLINE static sp_digit sp_3072_cond_add_48(sp_digit* r, const sp_digit* a, const sp_digit* b,
sp_digit m)
{
sp_digit c = 0;
__asm__ __volatile__ (
"mov r5, #192\n\t"
"mov r8, r5\n\t"
"mov r7, #0\n\t"
"1:\n\t"
"ldr r6, [%[b], r7]\n\t"
"and r6, %[m]\n\t"
"mov r5, #0\n\t"
"sub r5, #1\n\t"
"add r5, %[c]\n\t"
"ldr r5, [%[a], r7]\n\t"
"adc r5, r6\n\t"
"mov %[c], #0\n\t"
"adc %[c], %[c]\n\t"
"str r5, [%[r], r7]\n\t"
"add r7, #4\n\t"
"cmp r7, r8\n\t"
"blt 1b\n\t"
: [c] "+r" (c)
: [r] "r" (r), [a] "r" (a), [b] "r" (b), [m] "r" (m)
: "memory", "r5", "r6", "r7", "r8"
);
return c;
}
/* RSA private key operation.
*
* in Array of bytes representing the number to exponentiate, base.
@ -10095,7 +10173,6 @@ int sp_RsaPrivate_3072(const byte* in, word32 inLen, mp_int* dm,
sp_digit* dp;
sp_digit* dq;
sp_digit* qi;
sp_digit* tmp;
sp_digit* tmpa;
sp_digit* tmpb;
sp_digit* r;
@ -10125,8 +10202,7 @@ int sp_RsaPrivate_3072(const byte* in, word32 inLen, mp_int* dm,
tmpa = qi + 48;
tmpb = tmpa + 96;
tmp = t;
r = tmp + 96;
r = t + 96;
}
#else
r = a = ad;
@ -10135,7 +10211,6 @@ int sp_RsaPrivate_3072(const byte* in, word32 inLen, mp_int* dm,
qi = dq = dp = dpd;
tmpa = tmpad;
tmpb = tmpbd;
tmp = a + 96;
#endif
if (err == MP_OKAY) {
@ -10153,8 +10228,8 @@ int sp_RsaPrivate_3072(const byte* in, word32 inLen, mp_int* dm,
if (err == MP_OKAY) {
c = sp_3072_sub_in_place_48(tmpa, tmpb);
sp_3072_mask_48(tmp, p, c);
sp_3072_add_48(tmpa, tmpa, tmp);
c += sp_3072_cond_add_48(tmpa, tmpa, p, c);
sp_3072_cond_add_48(tmpa, tmpa, p, c);
sp_3072_from_mp(qi, 48, qim);
sp_3072_mul_48(tmpa, tmpa, qi);
@ -10185,6 +10260,7 @@ int sp_RsaPrivate_3072(const byte* in, word32 inLen, mp_int* dm,
return err;
}
#endif /* WOLFSSL_RSA_PUBLIC_ONLY */
#endif /* WOLFSSL_HAVE_SP_RSA */
#if defined(WOLFSSL_HAVE_SP_DH) || (defined(WOLFSSL_HAVE_SP_RSA) && \
!defined(WOLFSSL_RSA_PUBLIC_ONLY))
@ -14423,6 +14499,47 @@ int sp_RsaPublic_4096(const byte* in, word32 inLen, mp_int* em, mp_int* mm,
return err;
}
#ifndef WOLFSSL_RSA_PUBLIC_ONLY
/* Conditionally add a and b using the mask m.
* m is -1 to add and 0 when not.
*
* r A single precision number representing conditional add result.
* a A single precision number to add with.
* b A single precision number to add.
* m Mask value to apply.
*/
SP_NOINLINE static sp_digit sp_4096_cond_add_64(sp_digit* r, const sp_digit* a, const sp_digit* b,
sp_digit m)
{
sp_digit c = 0;
__asm__ __volatile__ (
"mov r5, #1\n\t"
"lsl r5, r5, #8\n\t"
"mov r8, r5\n\t"
"mov r7, #0\n\t"
"1:\n\t"
"ldr r6, [%[b], r7]\n\t"
"and r6, %[m]\n\t"
"mov r5, #0\n\t"
"sub r5, #1\n\t"
"add r5, %[c]\n\t"
"ldr r5, [%[a], r7]\n\t"
"adc r5, r6\n\t"
"mov %[c], #0\n\t"
"adc %[c], %[c]\n\t"
"str r5, [%[r], r7]\n\t"
"add r7, #4\n\t"
"cmp r7, r8\n\t"
"blt 1b\n\t"
: [c] "+r" (c)
: [r] "r" (r), [a] "r" (a), [b] "r" (b), [m] "r" (m)
: "memory", "r5", "r6", "r7", "r8"
);
return c;
}
/* RSA private key operation.
*
* in Array of bytes representing the number to exponentiate, base.
@ -14457,7 +14574,6 @@ int sp_RsaPrivate_4096(const byte* in, word32 inLen, mp_int* dm,
sp_digit* dp;
sp_digit* dq;
sp_digit* qi;
sp_digit* tmp;
sp_digit* tmpa;
sp_digit* tmpb;
sp_digit* r;
@ -14487,8 +14603,7 @@ int sp_RsaPrivate_4096(const byte* in, word32 inLen, mp_int* dm,
tmpa = qi + 64;
tmpb = tmpa + 128;
tmp = t;
r = tmp + 128;
r = t + 128;
}
#else
r = a = ad;
@ -14497,7 +14612,6 @@ int sp_RsaPrivate_4096(const byte* in, word32 inLen, mp_int* dm,
qi = dq = dp = dpd;
tmpa = tmpad;
tmpb = tmpbd;
tmp = a + 128;
#endif
if (err == MP_OKAY) {
@ -14515,8 +14629,8 @@ int sp_RsaPrivate_4096(const byte* in, word32 inLen, mp_int* dm,
if (err == MP_OKAY) {
c = sp_4096_sub_in_place_64(tmpa, tmpb);
sp_4096_mask_64(tmp, p, c);
sp_4096_add_64(tmpa, tmpa, tmp);
c += sp_4096_cond_add_64(tmpa, tmpa, p, c);
sp_4096_cond_add_64(tmpa, tmpa, p, c);
sp_4096_from_mp(qi, 64, qim);
sp_4096_mul_64(tmpa, tmpa, qi);
@ -14547,6 +14661,7 @@ int sp_RsaPrivate_4096(const byte* in, word32 inLen, mp_int* dm,
return err;
}
#endif /* WOLFSSL_RSA_PUBLIC_ONLY */
#endif /* WOLFSSL_HAVE_SP_RSA */
#if defined(WOLFSSL_HAVE_SP_DH) || (defined(WOLFSSL_HAVE_SP_RSA) && \
!defined(WOLFSSL_RSA_PUBLIC_ONLY))
@ -23083,28 +23198,25 @@ SP_NOINLINE static sp_digit sp_384_cond_add_12(sp_digit* r, const sp_digit* a, c
sp_digit c = 0;
__asm__ __volatile__ (
"mov r5, #0\n\t"
"mov r7, %[a]\n\t"
"add r7, #48\n\t"
"sub r5, #1\n\t"
"mov r8, r7\n\t"
"mov r5, #48\n\t"
"mov r8, r5\n\t"
"mov r7, #0\n\t"
"1:\n\t"
"ldr r6, [%[a]]\n\t"
"ldr r7, [%[b]]\n\t"
"and r7, %[m]\n\t"
"add %[c], r5\n\t"
"adc r6, r7\n\t"
"str r6, [%[r]]\n\t"
"ldr r6, [%[b], r7]\n\t"
"and r6, %[m]\n\t"
"mov r5, #0\n\t"
"sub r5, #1\n\t"
"add r5, %[c]\n\t"
"ldr r5, [%[a], r7]\n\t"
"adc r5, r6\n\t"
"mov %[c], #0\n\t"
"adc %[c], %[c]\n\t"
"add %[a], $4\n\t"
"add %[b], $4\n\t"
"add %[r], $4\n\t"
"mov r7, r8\n\t"
"cmp %[a], r7\n\t"
"str r5, [%[r], r7]\n\t"
"add r7, #4\n\t"
"cmp r7, r8\n\t"
"blt 1b\n\t"
: [r] "+r" (r), [a] "+r" (a), [b] "+r" (b), [c] "+r" (c)
: [m] "r" (m)
: [c] "+r" (c)
: [r] "r" (r), [a] "r" (a), [b] "r" (b), [m] "r" (m)
: "memory", "r5", "r6", "r7", "r8"
);

157
wolfcrypt/src/sp_c32.c
View File

@ -3128,44 +3128,6 @@ static int sp_2048_mod_exp_90(sp_digit* r, const sp_digit* a, const sp_digit* e,
#endif /* (WOLFSSL_HAVE_SP_RSA && !WOLFSSL_RSA_PUBLIC_ONLY) || */
/* WOLFSSL_HAVE_SP_DH */
#if defined(WOLFSSL_HAVE_SP_RSA) && !defined(SP_RSA_PRIVATE_EXP_D) && \
!defined(RSA_LOW_MEM) && !defined(WOLFSSL_RSA_PUBLIC_ONLY)
/* AND m into each word of a and store in r.
*
* r A single precision integer.
* a A single precision integer.
* m Mask to AND against each digit.
*/
static void sp_2048_mask_45(sp_digit* r, const sp_digit* a, sp_digit m)
{
#ifdef WOLFSSL_SP_SMALL
int i;
for (i=0; i<45; i++) {
r[i] = a[i] & m;
}
#else
int i;
for (i = 0; i < 40; i += 8) {
r[i+0] = a[i+0] & m;
r[i+1] = a[i+1] & m;
r[i+2] = a[i+2] & m;
r[i+3] = a[i+3] & m;
r[i+4] = a[i+4] & m;
r[i+5] = a[i+5] & m;
r[i+6] = a[i+6] & m;
r[i+7] = a[i+7] & m;
}
r[40] = a[40] & m;
r[41] = a[41] & m;
r[42] = a[42] & m;
r[43] = a[43] & m;
r[44] = a[44] & m;
#endif
}
#endif
#ifdef WOLFSSL_HAVE_SP_RSA
/* RSA public key operation.
*
@ -3397,6 +3359,8 @@ int sp_RsaPublic_2048(const byte* in, word32 inLen, mp_int* em, mp_int* mm,
}
#ifndef WOLFSSL_RSA_PUBLIC_ONLY
#if !defined(SP_RSA_PRIVATE_EXP_D) && !defined(RSA_LOW_MEM)
#endif /* !SP_RSA_PRIVATE_EXP_D && !RSA_LOW_MEM */
/* RSA private key operation.
*
* in Array of bytes representing the number to exponentiate, base.
@ -3526,7 +3490,6 @@ int sp_RsaPrivate_2048(const byte* in, word32 inLen, mp_int* dm,
sp_digit* dp;
sp_digit* dq;
sp_digit* qi;
sp_digit* tmp;
sp_digit* tmpa;
sp_digit* tmpb;
sp_digit* r;
@ -3562,8 +3525,7 @@ int sp_RsaPrivate_2048(const byte* in, word32 inLen, mp_int* dm,
tmpa = qi + 45;
tmpb = tmpa + 90;
tmp = t;
r = tmp + 90;
r = t + 90;
sp_2048_from_bin(a, 90, in, inLen);
sp_2048_from_mp(p, 45, pm);
@ -3577,8 +3539,8 @@ int sp_RsaPrivate_2048(const byte* in, word32 inLen, mp_int* dm,
}
if (err == MP_OKAY) {
(void)sp_2048_sub_45(tmpa, tmpa, tmpb);
sp_2048_mask_45(tmp, p, 0 - ((sp_int_digit)tmpa[44] >> 31));
(void)sp_2048_add_45(tmpa, tmpa, tmp);
sp_2048_cond_add_45(tmpa, tmpa, p, 0 - ((sp_int_digit)tmpa[44] >> 31));
sp_2048_cond_add_45(tmpa, tmpa, p, 0 - ((sp_int_digit)tmpa[44] >> 31));
sp_2048_from_mp(qi, 45, qim);
sp_2048_mul_45(tmpa, tmpa, qi);
@ -3603,7 +3565,7 @@ int sp_RsaPrivate_2048(const byte* in, word32 inLen, mp_int* dm,
#else
sp_digit a[90 * 2];
sp_digit p[45], q[45], dp[45], dq[45], qi[45];
sp_digit tmp[90], tmpa[90], tmpb[90];
sp_digit tmpa[90], tmpb[90];
sp_digit* r = a;
int err = MP_OKAY;
@ -3638,8 +3600,8 @@ int sp_RsaPrivate_2048(const byte* in, word32 inLen, mp_int* dm,
if (err == MP_OKAY) {
(void)sp_2048_sub_45(tmpa, tmpa, tmpb);
sp_2048_mask_45(tmp, p, 0 - ((sp_int_digit)tmpa[44] >> 31));
(void)sp_2048_add_45(tmpa, tmpa, tmp);
sp_2048_cond_add_45(tmpa, tmpa, p, 0 - ((sp_int_digit)tmpa[44] >> 31));
sp_2048_cond_add_45(tmpa, tmpa, p, 0 - ((sp_int_digit)tmpa[44] >> 31));
sp_2048_mul_45(tmpa, tmpa, qi);
err = sp_2048_mod_45(tmpa, tmpa, p);
}
@ -7003,42 +6965,6 @@ static int sp_3072_mod_exp_134(sp_digit* r, const sp_digit* a, const sp_digit* e
#endif /* (WOLFSSL_HAVE_SP_RSA && !WOLFSSL_RSA_PUBLIC_ONLY) || */
/* WOLFSSL_HAVE_SP_DH */
#if defined(WOLFSSL_HAVE_SP_RSA) && !defined(SP_RSA_PRIVATE_EXP_D) && \
!defined(RSA_LOW_MEM) && !defined(WOLFSSL_RSA_PUBLIC_ONLY)
/* AND m into each word of a and store in r.
*
* r A single precision integer.
* a A single precision integer.
* m Mask to AND against each digit.
*/
static void sp_3072_mask_67(sp_digit* r, const sp_digit* a, sp_digit m)
{
#ifdef WOLFSSL_SP_SMALL
int i;
for (i=0; i<67; i++) {
r[i] = a[i] & m;
}
#else
int i;
for (i = 0; i < 64; i += 8) {
r[i+0] = a[i+0] & m;
r[i+1] = a[i+1] & m;
r[i+2] = a[i+2] & m;
r[i+3] = a[i+3] & m;
r[i+4] = a[i+4] & m;
r[i+5] = a[i+5] & m;
r[i+6] = a[i+6] & m;
r[i+7] = a[i+7] & m;
}
r[64] = a[64] & m;
r[65] = a[65] & m;
r[66] = a[66] & m;
#endif
}
#endif
#ifdef WOLFSSL_HAVE_SP_RSA
/* RSA public key operation.
*
@ -7270,6 +7196,8 @@ int sp_RsaPublic_3072(const byte* in, word32 inLen, mp_int* em, mp_int* mm,
}
#ifndef WOLFSSL_RSA_PUBLIC_ONLY
#if !defined(SP_RSA_PRIVATE_EXP_D) && !defined(RSA_LOW_MEM)
#endif /* !SP_RSA_PRIVATE_EXP_D && !RSA_LOW_MEM */
/* RSA private key operation.
*
* in Array of bytes representing the number to exponentiate, base.
@ -7399,7 +7327,6 @@ int sp_RsaPrivate_3072(const byte* in, word32 inLen, mp_int* dm,
sp_digit* dp;
sp_digit* dq;
sp_digit* qi;
sp_digit* tmp;
sp_digit* tmpa;
sp_digit* tmpb;
sp_digit* r;
@ -7435,8 +7362,7 @@ int sp_RsaPrivate_3072(const byte* in, word32 inLen, mp_int* dm,
tmpa = qi + 67;
tmpb = tmpa + 134;
tmp = t;
r = tmp + 134;
r = t + 134;
sp_3072_from_bin(a, 134, in, inLen);
sp_3072_from_mp(p, 67, pm);
@ -7450,8 +7376,8 @@ int sp_RsaPrivate_3072(const byte* in, word32 inLen, mp_int* dm,
}
if (err == MP_OKAY) {
(void)sp_3072_sub_67(tmpa, tmpa, tmpb);
sp_3072_mask_67(tmp, p, 0 - ((sp_int_digit)tmpa[66] >> 31));
(void)sp_3072_add_67(tmpa, tmpa, tmp);
sp_3072_cond_add_67(tmpa, tmpa, p, 0 - ((sp_int_digit)tmpa[66] >> 31));
sp_3072_cond_add_67(tmpa, tmpa, p, 0 - ((sp_int_digit)tmpa[66] >> 31));
sp_3072_from_mp(qi, 67, qim);
sp_3072_mul_67(tmpa, tmpa, qi);
@ -7476,7 +7402,7 @@ int sp_RsaPrivate_3072(const byte* in, word32 inLen, mp_int* dm,
#else
sp_digit a[134 * 2];
sp_digit p[67], q[67], dp[67], dq[67], qi[67];
sp_digit tmp[134], tmpa[134], tmpb[134];
sp_digit tmpa[134], tmpb[134];
sp_digit* r = a;
int err = MP_OKAY;
@ -7511,8 +7437,8 @@ int sp_RsaPrivate_3072(const byte* in, word32 inLen, mp_int* dm,
if (err == MP_OKAY) {
(void)sp_3072_sub_67(tmpa, tmpa, tmpb);
sp_3072_mask_67(tmp, p, 0 - ((sp_int_digit)tmpa[66] >> 31));
(void)sp_3072_add_67(tmpa, tmpa, tmp);
sp_3072_cond_add_67(tmpa, tmpa, p, 0 - ((sp_int_digit)tmpa[66] >> 31));
sp_3072_cond_add_67(tmpa, tmpa, p, 0 - ((sp_int_digit)tmpa[66] >> 31));
sp_3072_mul_67(tmpa, tmpa, qi);
err = sp_3072_mod_67(tmpa, tmpa, p);
}
@ -11040,41 +10966,6 @@ static int sp_4096_mod_exp_196(sp_digit* r, const sp_digit* a, const sp_digit* e
#endif /* (WOLFSSL_HAVE_SP_RSA && !WOLFSSL_RSA_PUBLIC_ONLY) || */
/* WOLFSSL_HAVE_SP_DH */
#if defined(WOLFSSL_HAVE_SP_RSA) && !defined(SP_RSA_PRIVATE_EXP_D) && \
!defined(RSA_LOW_MEM) && !defined(WOLFSSL_RSA_PUBLIC_ONLY)
/* AND m into each word of a and store in r.
*
* r A single precision integer.
* a A single precision integer.
* m Mask to AND against each digit.
*/
static void sp_4096_mask_98(sp_digit* r, const sp_digit* a, sp_digit m)
{
#ifdef WOLFSSL_SP_SMALL
int i;
for (i=0; i<98; i++) {
r[i] = a[i] & m;
}
#else
int i;
for (i = 0; i < 96; i += 8) {
r[i+0] = a[i+0] & m;
r[i+1] = a[i+1] & m;
r[i+2] = a[i+2] & m;
r[i+3] = a[i+3] & m;
r[i+4] = a[i+4] & m;
r[i+5] = a[i+5] & m;
r[i+6] = a[i+6] & m;
r[i+7] = a[i+7] & m;
}
r[96] = a[96] & m;
r[97] = a[97] & m;
#endif
}
#endif
#ifdef WOLFSSL_HAVE_SP_RSA
/* RSA public key operation.
*
@ -11306,6 +11197,8 @@ int sp_RsaPublic_4096(const byte* in, word32 inLen, mp_int* em, mp_int* mm,
}
#ifndef WOLFSSL_RSA_PUBLIC_ONLY
#if !defined(SP_RSA_PRIVATE_EXP_D) && !defined(RSA_LOW_MEM)
#endif /* !SP_RSA_PRIVATE_EXP_D && !RSA_LOW_MEM */
/* RSA private key operation.
*
* in Array of bytes representing the number to exponentiate, base.
@ -11435,7 +11328,6 @@ int sp_RsaPrivate_4096(const byte* in, word32 inLen, mp_int* dm,
sp_digit* dp;
sp_digit* dq;
sp_digit* qi;
sp_digit* tmp;
sp_digit* tmpa;
sp_digit* tmpb;
sp_digit* r;
@ -11471,8 +11363,7 @@ int sp_RsaPrivate_4096(const byte* in, word32 inLen, mp_int* dm,
tmpa = qi + 98;
tmpb = tmpa + 196;
tmp = t;
r = tmp + 196;
r = t + 196;
sp_4096_from_bin(a, 196, in, inLen);
sp_4096_from_mp(p, 98, pm);
@ -11486,8 +11377,8 @@ int sp_RsaPrivate_4096(const byte* in, word32 inLen, mp_int* dm,
}
if (err == MP_OKAY) {
(void)sp_4096_sub_98(tmpa, tmpa, tmpb);
sp_4096_mask_98(tmp, p, 0 - ((sp_int_digit)tmpa[97] >> 31));
(void)sp_4096_add_98(tmpa, tmpa, tmp);
sp_4096_cond_add_98(tmpa, tmpa, p, 0 - ((sp_int_digit)tmpa[97] >> 31));
sp_4096_cond_add_98(tmpa, tmpa, p, 0 - ((sp_int_digit)tmpa[97] >> 31));
sp_4096_from_mp(qi, 98, qim);
sp_4096_mul_98(tmpa, tmpa, qi);
@ -11512,7 +11403,7 @@ int sp_RsaPrivate_4096(const byte* in, word32 inLen, mp_int* dm,
#else
sp_digit a[196 * 2];
sp_digit p[98], q[98], dp[98], dq[98], qi[98];
sp_digit tmp[196], tmpa[196], tmpb[196];
sp_digit tmpa[196], tmpb[196];
sp_digit* r = a;
int err = MP_OKAY;
@ -11547,8 +11438,8 @@ int sp_RsaPrivate_4096(const byte* in, word32 inLen, mp_int* dm,
if (err == MP_OKAY) {
(void)sp_4096_sub_98(tmpa, tmpa, tmpb);
sp_4096_mask_98(tmp, p, 0 - ((sp_int_digit)tmpa[97] >> 31));
(void)sp_4096_add_98(tmpa, tmpa, tmp);
sp_4096_cond_add_98(tmpa, tmpa, p, 0 - ((sp_int_digit)tmpa[97] >> 31));
sp_4096_cond_add_98(tmpa, tmpa, p, 0 - ((sp_int_digit)tmpa[97] >> 31));
sp_4096_mul_98(tmpa, tmpa, qi);
err = sp_4096_mod_98(tmpa, tmpa, p);
}

159
wolfcrypt/src/sp_c64.c
View File

@ -2768,41 +2768,6 @@ static int sp_2048_mod_exp_36(sp_digit* r, const sp_digit* a, const sp_digit* e,
#endif /* (WOLFSSL_HAVE_SP_RSA && !WOLFSSL_RSA_PUBLIC_ONLY) || */
/* WOLFSSL_HAVE_SP_DH */
#if defined(WOLFSSL_HAVE_SP_RSA) && !defined(SP_RSA_PRIVATE_EXP_D) && \
!defined(RSA_LOW_MEM) && !defined(WOLFSSL_RSA_PUBLIC_ONLY)
/* AND m into each word of a and store in r.
*
* r A single precision integer.
* a A single precision integer.
* m Mask to AND against each digit.
*/
static void sp_2048_mask_18(sp_digit* r, const sp_digit* a, sp_digit m)
{
#ifdef WOLFSSL_SP_SMALL
int i;
for (i=0; i<18; i++) {
r[i] = a[i] & m;
}
#else
int i;
for (i = 0; i < 16; i += 8) {
r[i+0] = a[i+0] & m;
r[i+1] = a[i+1] & m;
r[i+2] = a[i+2] & m;
r[i+3] = a[i+3] & m;
r[i+4] = a[i+4] & m;
r[i+5] = a[i+5] & m;
r[i+6] = a[i+6] & m;
r[i+7] = a[i+7] & m;
}
r[16] = a[16] & m;
r[17] = a[17] & m;
#endif
}
#endif
#ifdef WOLFSSL_HAVE_SP_RSA
/* RSA public key operation.
*
@ -3034,6 +2999,8 @@ int sp_RsaPublic_2048(const byte* in, word32 inLen, mp_int* em, mp_int* mm,
}
#ifndef WOLFSSL_RSA_PUBLIC_ONLY
#if !defined(SP_RSA_PRIVATE_EXP_D) && !defined(RSA_LOW_MEM)
#endif /* !SP_RSA_PRIVATE_EXP_D && !RSA_LOW_MEM */
/* RSA private key operation.
*
* in Array of bytes representing the number to exponentiate, base.
@ -3163,7 +3130,6 @@ int sp_RsaPrivate_2048(const byte* in, word32 inLen, mp_int* dm,
sp_digit* dp;
sp_digit* dq;
sp_digit* qi;
sp_digit* tmp;
sp_digit* tmpa;
sp_digit* tmpb;
sp_digit* r;
@ -3199,8 +3165,7 @@ int sp_RsaPrivate_2048(const byte* in, word32 inLen, mp_int* dm,
tmpa = qi + 18;
tmpb = tmpa + 36;
tmp = t;
r = tmp + 36;
r = t + 36;
sp_2048_from_bin(a, 36, in, inLen);
sp_2048_from_mp(p, 18, pm);
@ -3214,8 +3179,8 @@ int sp_RsaPrivate_2048(const byte* in, word32 inLen, mp_int* dm,
}
if (err == MP_OKAY) {
(void)sp_2048_sub_18(tmpa, tmpa, tmpb);
sp_2048_mask_18(tmp, p, 0 - ((sp_int_digit)tmpa[17] >> 63));
(void)sp_2048_add_18(tmpa, tmpa, tmp);
sp_2048_cond_add_18(tmpa, tmpa, p, 0 - ((sp_int_digit)tmpa[17] >> 63));
sp_2048_cond_add_18(tmpa, tmpa, p, 0 - ((sp_int_digit)tmpa[17] >> 63));
sp_2048_from_mp(qi, 18, qim);
sp_2048_mul_18(tmpa, tmpa, qi);
@ -3240,7 +3205,7 @@ int sp_RsaPrivate_2048(const byte* in, word32 inLen, mp_int* dm,
#else
sp_digit a[36 * 2];
sp_digit p[18], q[18], dp[18], dq[18], qi[18];
sp_digit tmp[36], tmpa[36], tmpb[36];
sp_digit tmpa[36], tmpb[36];
sp_digit* r = a;
int err = MP_OKAY;
@ -3275,8 +3240,8 @@ int sp_RsaPrivate_2048(const byte* in, word32 inLen, mp_int* dm,
if (err == MP_OKAY) {
(void)sp_2048_sub_18(tmpa, tmpa, tmpb);
sp_2048_mask_18(tmp, p, 0 - ((sp_int_digit)tmpa[17] >> 63));
(void)sp_2048_add_18(tmpa, tmpa, tmp);
sp_2048_cond_add_18(tmpa, tmpa, p, 0 - ((sp_int_digit)tmpa[17] >> 63));
sp_2048_cond_add_18(tmpa, tmpa, p, 0 - ((sp_int_digit)tmpa[17] >> 63));
sp_2048_mul_18(tmpa, tmpa, qi);
err = sp_2048_mod_18(tmpa, tmpa, p);
}
@ -6914,42 +6879,6 @@ static int sp_3072_mod_exp_54(sp_digit* r, const sp_digit* a, const sp_digit* e,
#endif /* (WOLFSSL_HAVE_SP_RSA && !WOLFSSL_RSA_PUBLIC_ONLY) || */
/* WOLFSSL_HAVE_SP_DH */
#if defined(WOLFSSL_HAVE_SP_RSA) && !defined(SP_RSA_PRIVATE_EXP_D) && \
!defined(RSA_LOW_MEM) && !defined(WOLFSSL_RSA_PUBLIC_ONLY)
/* AND m into each word of a and store in r.
*
* r A single precision integer.
* a A single precision integer.
* m Mask to AND against each digit.
*/
static void sp_3072_mask_27(sp_digit* r, const sp_digit* a, sp_digit m)
{
#ifdef WOLFSSL_SP_SMALL
int i;
for (i=0; i<27; i++) {
r[i] = a[i] & m;
}
#else
int i;
for (i = 0; i < 24; i += 8) {
r[i+0] = a[i+0] & m;
r[i+1] = a[i+1] & m;
r[i+2] = a[i+2] & m;
r[i+3] = a[i+3] & m;
r[i+4] = a[i+4] & m;
r[i+5] = a[i+5] & m;
r[i+6] = a[i+6] & m;
r[i+7] = a[i+7] & m;
}
r[24] = a[24] & m;
r[25] = a[25] & m;
r[26] = a[26] & m;
#endif
}
#endif
#ifdef WOLFSSL_HAVE_SP_RSA
/* RSA public key operation.
*
@ -7181,6 +7110,8 @@ int sp_RsaPublic_3072(const byte* in, word32 inLen, mp_int* em, mp_int* mm,
}
#ifndef WOLFSSL_RSA_PUBLIC_ONLY
#if !defined(SP_RSA_PRIVATE_EXP_D) && !defined(RSA_LOW_MEM)
#endif /* !SP_RSA_PRIVATE_EXP_D && !RSA_LOW_MEM */
/* RSA private key operation.
*
* in Array of bytes representing the number to exponentiate, base.
@ -7310,7 +7241,6 @@ int sp_RsaPrivate_3072(const byte* in, word32 inLen, mp_int* dm,
sp_digit* dp;
sp_digit* dq;
sp_digit* qi;
sp_digit* tmp;
sp_digit* tmpa;
sp_digit* tmpb;
sp_digit* r;
@ -7346,8 +7276,7 @@ int sp_RsaPrivate_3072(const byte* in, word32 inLen, mp_int* dm,
tmpa = qi + 27;
tmpb = tmpa + 54;
tmp = t;
r = tmp + 54;
r = t + 54;
sp_3072_from_bin(a, 54, in, inLen);
sp_3072_from_mp(p, 27, pm);
@ -7361,8 +7290,8 @@ int sp_RsaPrivate_3072(const byte* in, word32 inLen, mp_int* dm,
}
if (err == MP_OKAY) {
(void)sp_3072_sub_27(tmpa, tmpa, tmpb);
sp_3072_mask_27(tmp, p, 0 - ((sp_int_digit)tmpa[26] >> 63));
(void)sp_3072_add_27(tmpa, tmpa, tmp);
sp_3072_cond_add_27(tmpa, tmpa, p, 0 - ((sp_int_digit)tmpa[26] >> 63));
sp_3072_cond_add_27(tmpa, tmpa, p, 0 - ((sp_int_digit)tmpa[26] >> 63));
sp_3072_from_mp(qi, 27, qim);
sp_3072_mul_27(tmpa, tmpa, qi);
@ -7387,7 +7316,7 @@ int sp_RsaPrivate_3072(const byte* in, word32 inLen, mp_int* dm,
#else
sp_digit a[54 * 2];
sp_digit p[27], q[27], dp[27], dq[27], qi[27];
sp_digit tmp[54], tmpa[54], tmpb[54];
sp_digit tmpa[54], tmpb[54];
sp_digit* r = a;
int err = MP_OKAY;
@ -7422,8 +7351,8 @@ int sp_RsaPrivate_3072(const byte* in, word32 inLen, mp_int* dm,
if (err == MP_OKAY) {
(void)sp_3072_sub_27(tmpa, tmpa, tmpb);
sp_3072_mask_27(tmp, p, 0 - ((sp_int_digit)tmpa[26] >> 63));
(void)sp_3072_add_27(tmpa, tmpa, tmp);
sp_3072_cond_add_27(tmpa, tmpa, p, 0 - ((sp_int_digit)tmpa[26] >> 63));
sp_3072_cond_add_27(tmpa, tmpa, p, 0 - ((sp_int_digit)tmpa[26] >> 63));
sp_3072_mul_27(tmpa, tmpa, qi);
err = sp_3072_mod_27(tmpa, tmpa, p);
}
@ -11306,46 +11235,6 @@ static int sp_4096_mod_exp_78(sp_digit* r, const sp_digit* a, const sp_digit* e,
#endif /* (WOLFSSL_HAVE_SP_RSA && !WOLFSSL_RSA_PUBLIC_ONLY) || */
/* WOLFSSL_HAVE_SP_DH */
#if defined(WOLFSSL_HAVE_SP_RSA) && !defined(SP_RSA_PRIVATE_EXP_D) && \
!defined(RSA_LOW_MEM) && !defined(WOLFSSL_RSA_PUBLIC_ONLY)
/* AND m into each word of a and store in r.
*
* r A single precision integer.
* a A single precision integer.
* m Mask to AND against each digit.
*/
static void sp_4096_mask_39(sp_digit* r, const sp_digit* a, sp_digit m)
{
#ifdef WOLFSSL_SP_SMALL
int i;
for (i=0; i<39; i++) {
r[i] = a[i] & m;
}
#else
int i;
for (i = 0; i < 32; i += 8) {
r[i+0] = a[i+0] & m;
r[i+1] = a[i+1] & m;
r[i+2] = a[i+2] & m;
r[i+3] = a[i+3] & m;
r[i+4] = a[i+4] & m;
r[i+5] = a[i+5] & m;
r[i+6] = a[i+6] & m;
r[i+7] = a[i+7] & m;
}
r[32] = a[32] & m;
r[33] = a[33] & m;
r[34] = a[34] & m;
r[35] = a[35] & m;
r[36] = a[36] & m;
r[37] = a[37] & m;
r[38] = a[38] & m;
#endif
}
#endif
#ifdef WOLFSSL_HAVE_SP_RSA
/* RSA public key operation.
*
@ -11577,6 +11466,8 @@ int sp_RsaPublic_4096(const byte* in, word32 inLen, mp_int* em, mp_int* mm,
}
#ifndef WOLFSSL_RSA_PUBLIC_ONLY
#if !defined(SP_RSA_PRIVATE_EXP_D) && !defined(RSA_LOW_MEM)
#endif /* !SP_RSA_PRIVATE_EXP_D && !RSA_LOW_MEM */
/* RSA private key operation.
*
* in Array of bytes representing the number to exponentiate, base.
@ -11706,7 +11597,6 @@ int sp_RsaPrivate_4096(const byte* in, word32 inLen, mp_int* dm,
sp_digit* dp;
sp_digit* dq;
sp_digit* qi;
sp_digit* tmp;
sp_digit* tmpa;
sp_digit* tmpb;
sp_digit* r;
@ -11742,8 +11632,7 @@ int sp_RsaPrivate_4096(const byte* in, word32 inLen, mp_int* dm,
tmpa = qi + 39;
tmpb = tmpa + 78;
tmp = t;
r = tmp + 78;
r = t + 78;
sp_4096_from_bin(a, 78, in, inLen);
sp_4096_from_mp(p, 39, pm);
@ -11757,8 +11646,8 @@ int sp_RsaPrivate_4096(const byte* in, word32 inLen, mp_int* dm,
}
if (err == MP_OKAY) {
(void)sp_4096_sub_39(tmpa, tmpa, tmpb);
sp_4096_mask_39(tmp, p, 0 - ((sp_int_digit)tmpa[38] >> 63));
(void)sp_4096_add_39(tmpa, tmpa, tmp);
sp_4096_cond_add_39(tmpa, tmpa, p, 0 - ((sp_int_digit)tmpa[38] >> 63));
sp_4096_cond_add_39(tmpa, tmpa, p, 0 - ((sp_int_digit)tmpa[38] >> 63));
sp_4096_from_mp(qi, 39, qim);
sp_4096_mul_39(tmpa, tmpa, qi);
@ -11783,7 +11672,7 @@ int sp_RsaPrivate_4096(const byte* in, word32 inLen, mp_int* dm,
#else
sp_digit a[78 * 2];
sp_digit p[39], q[39], dp[39], dq[39], qi[39];
sp_digit tmp[78], tmpa[78], tmpb[78];
sp_digit tmpa[78], tmpb[78];
sp_digit* r = a;
int err = MP_OKAY;
@ -11818,8 +11707,8 @@ int sp_RsaPrivate_4096(const byte* in, word32 inLen, mp_int* dm,
if (err == MP_OKAY) {
(void)sp_4096_sub_39(tmpa, tmpa, tmpb);
sp_4096_mask_39(tmp, p, 0 - ((sp_int_digit)tmpa[38] >> 63));
(void)sp_4096_add_39(tmpa, tmpa, tmp);
sp_4096_cond_add_39(tmpa, tmpa, p, 0 - ((sp_int_digit)tmpa[38] >> 63));
sp_4096_cond_add_39(tmpa, tmpa, p, 0 - ((sp_int_digit)tmpa[38] >> 63));
sp_4096_mul_39(tmpa, tmpa, qi);
err = sp_4096_mod_39(tmpa, tmpa, p);
}

161
wolfcrypt/src/sp_cortexm.c
View File

@ -4112,6 +4112,44 @@ int sp_RsaPublic_2048(const byte* in, word32 inLen, mp_int* em, mp_int* mm,
return err;
}
#ifndef WOLFSSL_RSA_PUBLIC_ONLY
/* Conditionally add a and b using the mask m.
* m is -1 to add and 0 when not.
*
* r A single precision number representing conditional add result.
* a A single precision number to add with.
* b A single precision number to add.
* m Mask value to apply.
*/
SP_NOINLINE static sp_digit sp_2048_cond_add_32(sp_digit* r, const sp_digit* a, const sp_digit* b,
sp_digit m)
{
sp_digit c = 0;
__asm__ __volatile__ (
"mov r5, #128\n\t"
"mov r9, r5\n\t"
"mov r8, #0\n\t"
"\n1:\n\t"
"ldr r6, [%[b], r8]\n\t"
"and r6, r6, %[m]\n\t"
"adds r5, %[c], #-1\n\t"
"ldr r5, [%[a], r8]\n\t"
"adcs r5, r5, r6\n\t"
"mov %[c], #0\n\t"
"adcs %[c], %[c], %[c]\n\t"
"str r5, [%[r], r8]\n\t"
"add r8, r8, #4\n\t"
"cmp r8, r9\n\t"
"blt 1b\n\t"
: [c] "+r" (c)
: [r] "r" (r), [a] "r" (a), [b] "r" (b), [m] "r" (m)
: "memory", "r5", "r6", "r8", "r9"
);
return c;
}
/* RSA private key operation.
*
* in Array of bytes representing the number to exponentiate, base.
@ -4146,7 +4184,6 @@ int sp_RsaPrivate_2048(const byte* in, word32 inLen, mp_int* dm,
sp_digit* dp;
sp_digit* dq;
sp_digit* qi;
sp_digit* tmp;
sp_digit* tmpa;
sp_digit* tmpb;
sp_digit* r;
@ -4176,8 +4213,7 @@ int sp_RsaPrivate_2048(const byte* in, word32 inLen, mp_int* dm,
tmpa = qi + 32;
tmpb = tmpa + 64;
tmp = t;
r = tmp + 64;
r = t + 64;
}
#else
r = a = ad;
@ -4186,7 +4222,6 @@ int sp_RsaPrivate_2048(const byte* in, word32 inLen, mp_int* dm,
qi = dq = dp = dpd;
tmpa = tmpad;
tmpb = tmpbd;
tmp = a + 64;
#endif
if (err == MP_OKAY) {
@ -4204,8 +4239,8 @@ int sp_RsaPrivate_2048(const byte* in, word32 inLen, mp_int* dm,
if (err == MP_OKAY) {
c = sp_2048_sub_in_place_32(tmpa, tmpb);
sp_2048_mask_32(tmp, p, c);
sp_2048_add_32(tmpa, tmpa, tmp);
c += sp_2048_cond_add_32(tmpa, tmpa, p, c);
sp_2048_cond_add_32(tmpa, tmpa, p, c);
sp_2048_from_mp(qi, 32, qim);
sp_2048_mul_32(tmpa, tmpa, qi);
@ -4236,6 +4271,7 @@ int sp_RsaPrivate_2048(const byte* in, word32 inLen, mp_int* dm,
return err;
}
#endif /* WOLFSSL_RSA_PUBLIC_ONLY */
#endif /* WOLFSSL_HAVE_SP_RSA */
#if defined(WOLFSSL_HAVE_SP_DH) || (defined(WOLFSSL_HAVE_SP_RSA) && \
!defined(WOLFSSL_RSA_PUBLIC_ONLY))
@ -8666,6 +8702,44 @@ int sp_RsaPublic_3072(const byte* in, word32 inLen, mp_int* em, mp_int* mm,
return err;
}
#ifndef WOLFSSL_RSA_PUBLIC_ONLY
/* Conditionally add a and b using the mask m.
* m is -1 to add and 0 when not.
*
* r A single precision number representing conditional add result.
* a A single precision number to add with.
* b A single precision number to add.
* m Mask value to apply.
*/
SP_NOINLINE static sp_digit sp_3072_cond_add_48(sp_digit* r, const sp_digit* a, const sp_digit* b,
sp_digit m)
{
sp_digit c = 0;
__asm__ __volatile__ (
"mov r5, #192\n\t"
"mov r9, r5\n\t"
"mov r8, #0\n\t"
"\n1:\n\t"
"ldr r6, [%[b], r8]\n\t"
"and r6, r6, %[m]\n\t"
"adds r5, %[c], #-1\n\t"
"ldr r5, [%[a], r8]\n\t"
"adcs r5, r5, r6\n\t"
"mov %[c], #0\n\t"
"adcs %[c], %[c], %[c]\n\t"
"str r5, [%[r], r8]\n\t"
"add r8, r8, #4\n\t"
"cmp r8, r9\n\t"
"blt 1b\n\t"
: [c] "+r" (c)
: [r] "r" (r), [a] "r" (a), [b] "r" (b), [m] "r" (m)
: "memory", "r5", "r6", "r8", "r9"
);
return c;
}
/* RSA private key operation.
*
* in Array of bytes representing the number to exponentiate, base.
@ -8700,7 +8774,6 @@ int sp_RsaPrivate_3072(const byte* in, word32 inLen, mp_int* dm,
sp_digit* dp;
sp_digit* dq;
sp_digit* qi;
sp_digit* tmp;
sp_digit* tmpa;
sp_digit* tmpb;
sp_digit* r;
@ -8730,8 +8803,7 @@ int sp_RsaPrivate_3072(const byte* in, word32 inLen, mp_int* dm,
tmpa = qi + 48;
tmpb = tmpa + 96;
tmp = t;
r = tmp + 96;
r = t + 96;
}
#else
r = a = ad;
@ -8740,7 +8812,6 @@ int sp_RsaPrivate_3072(const byte* in, word32 inLen, mp_int* dm,
qi = dq = dp = dpd;
tmpa = tmpad;
tmpb = tmpbd;
tmp = a + 96;
#endif
if (err == MP_OKAY) {
@ -8758,8 +8829,8 @@ int sp_RsaPrivate_3072(const byte* in, word32 inLen, mp_int* dm,
if (err == MP_OKAY) {
c = sp_3072_sub_in_place_48(tmpa, tmpb);
sp_3072_mask_48(tmp, p, c);
sp_3072_add_48(tmpa, tmpa, tmp);
c += sp_3072_cond_add_48(tmpa, tmpa, p, c);
sp_3072_cond_add_48(tmpa, tmpa, p, c);
sp_3072_from_mp(qi, 48, qim);
sp_3072_mul_48(tmpa, tmpa, qi);
@ -8790,6 +8861,7 @@ int sp_RsaPrivate_3072(const byte* in, word32 inLen, mp_int* dm,
return err;
}
#endif /* WOLFSSL_RSA_PUBLIC_ONLY */
#endif /* WOLFSSL_HAVE_SP_RSA */
#if defined(WOLFSSL_HAVE_SP_DH) || (defined(WOLFSSL_HAVE_SP_RSA) && \
!defined(WOLFSSL_RSA_PUBLIC_ONLY))
@ -12166,6 +12238,45 @@ int sp_RsaPublic_4096(const byte* in, word32 inLen, mp_int* em, mp_int* mm,
return err;
}
#ifndef WOLFSSL_RSA_PUBLIC_ONLY
/* Conditionally add a and b using the mask m.
* m is -1 to add and 0 when not.
*
* r A single precision number representing conditional add result.
* a A single precision number to add with.
* b A single precision number to add.
* m Mask value to apply.
*/
SP_NOINLINE static sp_digit sp_4096_cond_add_64(sp_digit* r, const sp_digit* a, const sp_digit* b,
sp_digit m)
{
sp_digit c = 0;
__asm__ __volatile__ (
"mov r5, #1\n\t"
"lsl r5, r5, #8\n\t"
"mov r9, r5\n\t"
"mov r8, #0\n\t"
"\n1:\n\t"
"ldr r6, [%[b], r8]\n\t"
"and r6, r6, %[m]\n\t"
"adds r5, %[c], #-1\n\t"
"ldr r5, [%[a], r8]\n\t"
"adcs r5, r5, r6\n\t"
"mov %[c], #0\n\t"
"adcs %[c], %[c], %[c]\n\t"
"str r5, [%[r], r8]\n\t"
"add r8, r8, #4\n\t"
"cmp r8, r9\n\t"
"blt 1b\n\t"
: [c] "+r" (c)
: [r] "r" (r), [a] "r" (a), [b] "r" (b), [m] "r" (m)
: "memory", "r5", "r6", "r8", "r9"
);
return c;
}
/* RSA private key operation.
*
* in Array of bytes representing the number to exponentiate, base.
@ -12200,7 +12311,6 @@ int sp_RsaPrivate_4096(const byte* in, word32 inLen, mp_int* dm,
sp_digit* dp;
sp_digit* dq;
sp_digit* qi;
sp_digit* tmp;
sp_digit* tmpa;
sp_digit* tmpb;
sp_digit* r;
@ -12230,8 +12340,7 @@ int sp_RsaPrivate_4096(const byte* in, word32 inLen, mp_int* dm,
tmpa = qi + 64;
tmpb = tmpa + 128;
tmp = t;
r = tmp + 128;
r = t + 128;
}
#else
r = a = ad;
@ -12240,7 +12349,6 @@ int sp_RsaPrivate_4096(const byte* in, word32 inLen, mp_int* dm,
qi = dq = dp = dpd;
tmpa = tmpad;
tmpb = tmpbd;
tmp = a + 128;
#endif
if (err == MP_OKAY) {
@ -12258,8 +12366,8 @@ int sp_RsaPrivate_4096(const byte* in, word32 inLen, mp_int* dm,
if (err == MP_OKAY) {
c = sp_4096_sub_in_place_64(tmpa, tmpb);
sp_4096_mask_64(tmp, p, c);
sp_4096_add_64(tmpa, tmpa, tmp);
c += sp_4096_cond_add_64(tmpa, tmpa, p, c);
sp_4096_cond_add_64(tmpa, tmpa, p, c);
sp_4096_from_mp(qi, 64, qim);
sp_4096_mul_64(tmpa, tmpa, qi);
@ -12290,6 +12398,7 @@ int sp_RsaPrivate_4096(const byte* in, word32 inLen, mp_int* dm,
return err;
}
#endif /* WOLFSSL_RSA_PUBLIC_ONLY */
#endif /* WOLFSSL_HAVE_SP_RSA */
#if defined(WOLFSSL_HAVE_SP_DH) || (defined(WOLFSSL_HAVE_SP_RSA) && \
!defined(WOLFSSL_RSA_PUBLIC_ONLY))
@ -21053,26 +21162,24 @@ SP_NOINLINE static sp_digit sp_384_cond_add_12(sp_digit* r, const sp_digit* a, c
sp_digit c = 0;
__asm__ __volatile__ (
"mov r10, #0\n\t"
"mov r6, #48\n\t"
"sub r10, #1\n\t"
"mov r9, r6\n\t"
"mov r5, #48\n\t"
"mov r9, r5\n\t"
"mov r8, #0\n\t"
"\n1:\n\t"
"ldr r5, [%[a], r8]\n\t"
"ldr r6, [%[b], r8]\n\t"
"and r6, r6, %[m]\n\t"
"adds %[c], %[c], r10\n\t"
"adds r5, %[c], #-1\n\t"
"ldr r5, [%[a], r8]\n\t"
"adcs r5, r5, r6\n\t"
"str r5, [%[r], r8]\n\t"
"mov %[c], #0\n\t"
"adc %[c], %[c], %[c]\n\t"
"adcs %[c], %[c], %[c]\n\t"
"str r5, [%[r], r8]\n\t"
"add r8, r8, #4\n\t"
"cmp r8, r9\n\t"
"blt 1b\n\t"
: [c] "+r" (c)
: [r] "r" (r), [a] "r" (a), [b] "r" (b), [m] "r" (m)
: "memory", "r5", "r6", "r8", "r9", "r10"
: "memory", "r5", "r6", "r8", "r9"
);
return c;

12
wolfcrypt/src/sp_x86_64.c
View File

@ -1573,13 +1573,13 @@ int sp_RsaPrivate_2048(const byte* in, word32 inLen, mp_int* dm,
#ifdef HAVE_INTEL_AVX2
if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags)) {
c += sp_2048_cond_add_avx2_16(tmpa, tmpa, p, c);
c += sp_2048_cond_add_avx2_16(tmpa, tmpa, p, c);
sp_2048_cond_add_avx2_16(tmpa, tmpa, p, c);
}
else
#endif
{
c += sp_2048_cond_add_16(tmpa, tmpa, p, c);
c += sp_2048_cond_add_16(tmpa, tmpa, p, c);
sp_2048_cond_add_16(tmpa, tmpa, p, c);
}
sp_2048_from_mp(qi, 16, qim);
@ -3627,13 +3627,13 @@ int sp_RsaPrivate_3072(const byte* in, word32 inLen, mp_int* dm,
#ifdef HAVE_INTEL_AVX2
if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags)) {
c += sp_3072_cond_add_avx2_24(tmpa, tmpa, p, c);
c += sp_3072_cond_add_avx2_24(tmpa, tmpa, p, c);
sp_3072_cond_add_avx2_24(tmpa, tmpa, p, c);
}
else
#endif
{
c += sp_3072_cond_add_24(tmpa, tmpa, p, c);
c += sp_3072_cond_add_24(tmpa, tmpa, p, c);
sp_3072_cond_add_24(tmpa, tmpa, p, c);
}
sp_3072_from_mp(qi, 24, qim);
@ -5135,13 +5135,13 @@ int sp_RsaPrivate_4096(const byte* in, word32 inLen, mp_int* dm,
#ifdef HAVE_INTEL_AVX2
if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags)) {
c += sp_4096_cond_add_avx2_32(tmpa, tmpa, p, c);
c += sp_4096_cond_add_avx2_32(tmpa, tmpa, p, c);
sp_4096_cond_add_avx2_32(tmpa, tmpa, p, c);
}
else
#endif
{
c += sp_4096_cond_add_32(tmpa, tmpa, p, c);
c += sp_4096_cond_add_32(tmpa, tmpa, p, c);
sp_4096_cond_add_32(tmpa, tmpa, p, c);
}
sp_2048_from_mp(qi, 32, qim);