nss/lib/freebl/ecl/ecp_384.c - Issue 2078763002: Delete bundled copy of NSS and replace with README.

Side by Side Diff: nss/lib/freebl/ecl/ecp_384.c

Issue 2078763002: Delete bundled copy of NSS and replace with README. (Closed) Base URL: https://chromium.googlesource.com/chromium/deps/nss@master

Patch Set: Delete bundled copy of NSS and replace with README. Created 4 years, 6 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch

OLD	NEW
	(Empty)
1 /* This Source Code Form is subject to the terms of the Mozilla Public

2 * License, v. 2.0. If a copy of the MPL was not distributed with this

3 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */

4

5 #include "ecp.h"

6 #include "mpi.h"

7 #include "mplogic.h"

8 #include "mpi-priv.h"

9

10 /* Fast modular reduction for p384 = 2^384 - 2^128 - 2^96 + 2^32 - 1. a can be r.

11 * Uses algorithm 2.30 from Hankerson, Menezes, Vanstone. Guide to

12 * Elliptic Curve Cryptography. */

13 static mp_err

14 ec_GFp_nistp384_mod(const mp_int a, mp_int r, const GFMethod *meth)

15 {

16 mp_err res = MP_OKAY;

17 int a_bits = mpl_significant_bits(a);

18 int i;

19

20 /* m1, m2 are statically-allocated mp_int of exactly the size we need */

21 mp_int m[10];

22

23 #ifdef ECL_THIRTY_TWO_BIT

24 mp_digit s[10][12];

25 for (i = 0; i < 10; i++) {

26 MP_SIGN(&m[i]) = MP_ZPOS;

27 MP_ALLOC(&m[i]) = 12;

28 MP_USED(&m[i]) = 12;

29 MP_DIGITS(&m[i]) = s[i];

30 }

31 #else

32 mp_digit s[10][6];

33 for (i = 0; i < 10; i++) {

34 MP_SIGN(&m[i]) = MP_ZPOS;

35 MP_ALLOC(&m[i]) = 6;

36 MP_USED(&m[i]) = 6;

37 MP_DIGITS(&m[i]) = s[i];

38 }

39 #endif

40

41 #ifdef ECL_THIRTY_TWO_BIT

42 /* for polynomials larger than twice the field size or polynomials

43 * not using all words, use regular reduction */

44 if ((a_bits > 768) \|\| (a_bits <= 736)) {

45 MP_CHECKOK(mp_mod(a, &meth->irr, r));

46 } else {

47 for (i = 0; i < 12; i++) {

48 s[0][i] = MP_DIGIT(a, i);

49 }

50 s[1][0] = 0;

51 s[1][1] = 0;

52 s[1][2] = 0;

53 s[1][3] = 0;

54 s[1][4] = MP_DIGIT(a, 21);

55 s[1][5] = MP_DIGIT(a, 22);

56 s[1][6] = MP_DIGIT(a, 23);

57 s[1][7] = 0;

58 s[1][8] = 0;

59 s[1][9] = 0;

60 s[1][10] = 0;

61 s[1][11] = 0;

62 for (i = 0; i < 12; i++) {

63 s[2][i] = MP_DIGIT(a, i+12);

64 }

65 s[3][0] = MP_DIGIT(a, 21);

66 s[3][1] = MP_DIGIT(a, 22);

67 s[3][2] = MP_DIGIT(a, 23);

68 for (i = 3; i < 12; i++) {

69 s[3][i] = MP_DIGIT(a, i+9);

70 }

71 s[4][0] = 0;

72 s[4][1] = MP_DIGIT(a, 23);

73 s[4][2] = 0;

74 s[4][3] = MP_DIGIT(a, 20);

75 for (i = 4; i < 12; i++) {

76 s[4][i] = MP_DIGIT(a, i+8);

77 }

78 s[5][0] = 0;

79 s[5][1] = 0;

80 s[5][2] = 0;

81 s[5][3] = 0;

82 s[5][4] = MP_DIGIT(a, 20);

83 s[5][5] = MP_DIGIT(a, 21);

84 s[5][6] = MP_DIGIT(a, 22);

85 s[5][7] = MP_DIGIT(a, 23);

86 s[5][8] = 0;

87 s[5][9] = 0;

88 s[5][10] = 0;

89 s[5][11] = 0;

90 s[6][0] = MP_DIGIT(a, 20);

91 s[6][1] = 0;

92 s[6][2] = 0;

93 s[6][3] = MP_DIGIT(a, 21);

94 s[6][4] = MP_DIGIT(a, 22);

95 s[6][5] = MP_DIGIT(a, 23);

96 s[6][6] = 0;

97 s[6][7] = 0;

98 s[6][8] = 0;

99 s[6][9] = 0;

100 s[6][10] = 0;

101 s[6][11] = 0;

102 s[7][0] = MP_DIGIT(a, 23);

103 for (i = 1; i < 12; i++) {

104 s[7][i] = MP_DIGIT(a, i+11);

105 }

106 s[8][0] = 0;

107 s[8][1] = MP_DIGIT(a, 20);

108 s[8][2] = MP_DIGIT(a, 21);

109 s[8][3] = MP_DIGIT(a, 22);

110 s[8][4] = MP_DIGIT(a, 23);

111 s[8][5] = 0;

112 s[8][6] = 0;

113 s[8][7] = 0;

114 s[8][8] = 0;

115 s[8][9] = 0;

116 s[8][10] = 0;

117 s[8][11] = 0;

118 s[9][0] = 0;

119 s[9][1] = 0;

120 s[9][2] = 0;

121 s[9][3] = MP_DIGIT(a, 23);

122 s[9][4] = MP_DIGIT(a, 23);

123 s[9][5] = 0;

124 s[9][6] = 0;

125 s[9][7] = 0;

126 s[9][8] = 0;

127 s[9][9] = 0;

128 s[9][10] = 0;

129 s[9][11] = 0;

130

131 MP_CHECKOK(mp_add(&m[0], &m[1], r));

132 MP_CHECKOK(mp_add(r, &m[1], r));

133 MP_CHECKOK(mp_add(r, &m[2], r));

134 MP_CHECKOK(mp_add(r, &m[3], r));

135 MP_CHECKOK(mp_add(r, &m[4], r));

136 MP_CHECKOK(mp_add(r, &m[5], r));

137 MP_CHECKOK(mp_add(r, &m[6], r));

138 MP_CHECKOK(mp_sub(r, &m[7], r));

139 MP_CHECKOK(mp_sub(r, &m[8], r));

140 MP_CHECKOK(mp_submod(r, &m[9], &meth->irr, r));

141 s_mp_clamp(r);

142 }

143 #else

144 /* for polynomials larger than twice the field size or polynomials

145 * not using all words, use regular reduction */

146 if ((a_bits > 768) \|\| (a_bits <= 736)) {

147 MP_CHECKOK(mp_mod(a, &meth->irr, r));

148 } else {

149 for (i = 0; i < 6; i++) {

150 s[0][i] = MP_DIGIT(a, i);

151 }

152 s[1][0] = 0;

153 s[1][1] = 0;

154 s[1][2] = (MP_DIGIT(a, 10) >> 32) \| (MP_DIGIT(a, 11) << 32);

155 s[1][3] = MP_DIGIT(a, 11) >> 32;

156 s[1][4] = 0;

157 s[1][5] = 0;

158 for (i = 0; i < 6; i++) {

159 s[2][i] = MP_DIGIT(a, i+6);

160 }

161 s[3][0] = (MP_DIGIT(a, 10) >> 32) \| (MP_DIGIT(a, 11) << 32);

162 s[3][1] = (MP_DIGIT(a, 11) >> 32) \| (MP_DIGIT(a, 6) << 32);

163 for (i = 2; i < 6; i++) {

164 s[3][i] = (MP_DIGIT(a, i+4) >> 32) \| (MP_DIGIT(a, i+5) < < 32);

165 }

166 s[4][0] = (MP_DIGIT(a, 11) >> 32) << 32;

167 s[4][1] = MP_DIGIT(a, 10) << 32;

168 for (i = 2; i < 6; i++) {

169 s[4][i] = MP_DIGIT(a, i+4);

170 }

171 s[5][0] = 0;

172 s[5][1] = 0;

173 s[5][2] = MP_DIGIT(a, 10);

174 s[5][3] = MP_DIGIT(a, 11);

175 s[5][4] = 0;

176 s[5][5] = 0;

177 s[6][0] = (MP_DIGIT(a, 10) << 32) >> 32;

178 s[6][1] = (MP_DIGIT(a, 10) >> 32) << 32;

179 s[6][2] = MP_DIGIT(a, 11);

180 s[6][3] = 0;

181 s[6][4] = 0;

182 s[6][5] = 0;

183 s[7][0] = (MP_DIGIT(a, 11) >> 32) \| (MP_DIGIT(a, 6) << 32);

184 for (i = 1; i < 6; i++) {

185 s[7][i] = (MP_DIGIT(a, i+5) >> 32) \| (MP_DIGIT(a, i+6) < < 32);

186 }

187 s[8][0] = MP_DIGIT(a, 10) << 32;

188 s[8][1] = (MP_DIGIT(a, 10) >> 32) \| (MP_DIGIT(a, 11) << 32);

189 s[8][2] = MP_DIGIT(a, 11) >> 32;

190 s[8][3] = 0;

191 s[8][4] = 0;

192 s[8][5] = 0;

193 s[9][0] = 0;

194 s[9][1] = (MP_DIGIT(a, 11) >> 32) << 32;

195 s[9][2] = MP_DIGIT(a, 11) >> 32;

196 s[9][3] = 0;

197 s[9][4] = 0;

198 s[9][5] = 0;

199

200 MP_CHECKOK(mp_add(&m[0], &m[1], r));

201 MP_CHECKOK(mp_add(r, &m[1], r));

202 MP_CHECKOK(mp_add(r, &m[2], r));

203 MP_CHECKOK(mp_add(r, &m[3], r));

204 MP_CHECKOK(mp_add(r, &m[4], r));

205 MP_CHECKOK(mp_add(r, &m[5], r));

206 MP_CHECKOK(mp_add(r, &m[6], r));

207 MP_CHECKOK(mp_sub(r, &m[7], r));

208 MP_CHECKOK(mp_sub(r, &m[8], r));

209 MP_CHECKOK(mp_submod(r, &m[9], &meth->irr, r));

210 s_mp_clamp(r);

211 }

212 #endif

213

214 CLEANUP:

215 return res;

216 }

217

218 /* Compute the square of polynomial a, reduce modulo p384. Store the

219 * result in r. r could be a. Uses optimized modular reduction for p384.

220 */

221 static mp_err

222 ec_GFp_nistp384_sqr(const mp_int a, mp_int r, const GFMethod *meth)

223 {

224 mp_err res = MP_OKAY;

225

226 MP_CHECKOK(mp_sqr(a, r));

227 MP_CHECKOK(ec_GFp_nistp384_mod(r, r, meth));

228 CLEANUP:

229 return res;

230 }

231

232 /* Compute the product of two polynomials a and b, reduce modulo p384.

233 * Store the result in r. r could be a or b; a could be b. Uses

234 * optimized modular reduction for p384. */

235 static mp_err

236 ec_GFp_nistp384_mul(const mp_int a, const mp_int b, mp_int *r,

237 const GFMethod *meth)

238 {

239 mp_err res = MP_OKAY;

240

241 MP_CHECKOK(mp_mul(a, b, r));

242 MP_CHECKOK(ec_GFp_nistp384_mod(r, r, meth));

243 CLEANUP:

244 return res;

245 }

246

247 /* Wire in fast field arithmetic and precomputation of base point for

248 * named curves. */

249 mp_err

250 ec_group_set_gfp384(ECGroup *group, ECCurveName name)

251 {

252 if (name == ECCurve_NIST_P384) {

253 group->meth->field_mod = &ec_GFp_nistp384_mod;

254 group->meth->field_mul = &ec_GFp_nistp384_mul;

255 group->meth->field_sqr = &ec_GFp_nistp384_sqr;

256 }

257 return MP_OKAY;

258 }

OLD	NEW

« no previous file with comments | « nss/lib/freebl/ecl/ecp_256_32.c ('k') | nss/lib/freebl/ecl/ecp_521.c » ('j') | no next file with comments »