tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
fork atom

Revert "lib/mpi: Extend the MPI library"

This partially reverts commit a8ea8bdd9df92a0e5db5b43900abb7a288b8a53e.

Most of it is no longer needed since sm2 has been removed. However,
the following functions have been kept as they have developed other
uses:

mpi_copy

mpi_mod

mpi_test_bit
mpi_set_bit
mpi_rshift

mpi_add
mpi_sub
mpi_addm
mpi_subm

mpi_mul
mpi_mulm

mpi_tdiv_r
mpi_fdiv_r

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>

Herbert Xu fca5cb4d f235bc11

+10 -1165
-65
include/linux/mpi.h
··· 40 40 typedef struct gcry_mpi *MPI; 41 41 42 42 #define mpi_get_nlimbs(a) ((a)->nlimbs) 43 - #define mpi_has_sign(a) ((a)->sign) 44 43 45 44 /*-- mpiutil.c --*/ 46 45 MPI mpi_alloc(unsigned nlimbs); 47 - void mpi_clear(MPI a); 48 46 void mpi_free(MPI a); 49 47 int mpi_resize(MPI a, unsigned nlimbs); 50 48 51 - static inline MPI mpi_new(unsigned int nbits) 52 - { 53 - return mpi_alloc((nbits + BITS_PER_MPI_LIMB - 1) / BITS_PER_MPI_LIMB); 54 - } 55 - 56 49 MPI mpi_copy(MPI a); 57 - MPI mpi_alloc_like(MPI a); 58 - void mpi_snatch(MPI w, MPI u); 59 - MPI mpi_set(MPI w, MPI u); 60 - MPI mpi_set_ui(MPI w, unsigned long u); 61 - MPI mpi_alloc_set_ui(unsigned long u); 62 - void mpi_swap_cond(MPI a, MPI b, unsigned long swap); 63 - 64 - /* Constants used to return constant MPIs. See mpi_init if you 65 - * want to add more constants. 66 - */ 67 - #define MPI_NUMBER_OF_CONSTANTS 6 68 - enum gcry_mpi_constants { 69 - MPI_C_ZERO, 70 - MPI_C_ONE, 71 - MPI_C_TWO, 72 - MPI_C_THREE, 73 - MPI_C_FOUR, 74 - MPI_C_EIGHT 75 - }; 76 - 77 - MPI mpi_const(enum gcry_mpi_constants no); 78 50 79 51 /*-- mpicoder.c --*/ 80 - 81 - /* Different formats of external big integer representation. */ 82 - enum gcry_mpi_format { 83 - GCRYMPI_FMT_NONE = 0, 84 - GCRYMPI_FMT_STD = 1, /* Twos complement stored without length. */ 85 - GCRYMPI_FMT_PGP = 2, /* As used by OpenPGP (unsigned only). */ 86 - GCRYMPI_FMT_SSH = 3, /* As used by SSH (like STD but with length). */ 87 - GCRYMPI_FMT_HEX = 4, /* Hex format. */ 88 - GCRYMPI_FMT_USG = 5, /* Like STD but unsigned. */ 89 - GCRYMPI_FMT_OPAQUE = 8 /* Opaque format (some functions only). */ 90 - }; 91 - 92 52 MPI mpi_read_raw_data(const void *xbuffer, size_t nbytes); 93 53 MPI mpi_read_from_buffer(const void *buffer, unsigned *ret_nread); 94 - int mpi_fromstr(MPI val, const char *str); 95 - MPI mpi_scanval(const char *string); 96 54 MPI mpi_read_raw_from_sgl(struct scatterlist *sgl, unsigned int len); 97 55 void *mpi_get_buffer(MPI a, unsigned *nbytes, int *sign); 98 56 int mpi_read_buffer(MPI a, uint8_t *buf, unsigned buf_len, unsigned *nbytes, 99 57 int *sign); 100 58 int mpi_write_to_sgl(MPI a, struct scatterlist *sg, unsigned nbytes, 101 59 int *sign); 102 - int mpi_print(enum gcry_mpi_format format, unsigned char *buffer, 103 - size_t buflen, size_t *nwritten, MPI a); 104 60 105 61 /*-- mpi-mod.c --*/ 106 62 void mpi_mod(MPI rem, MPI dividend, MPI divisor); 107 - 108 - /* Context used with Barrett reduction. */ 109 - struct barrett_ctx_s; 110 - typedef struct barrett_ctx_s *mpi_barrett_t; 111 - 112 - mpi_barrett_t mpi_barrett_init(MPI m, int copy); 113 - void mpi_barrett_free(mpi_barrett_t ctx); 114 - void mpi_mod_barrett(MPI r, MPI x, mpi_barrett_t ctx); 115 - void mpi_mul_barrett(MPI w, MPI u, MPI v, mpi_barrett_t ctx); 116 63 117 64 /*-- mpi-pow.c --*/ 118 65 int mpi_powm(MPI res, MPI base, MPI exp, MPI mod); ··· 67 120 /*-- mpi-cmp.c --*/ 68 121 int mpi_cmp_ui(MPI u, ulong v); 69 122 int mpi_cmp(MPI u, MPI v); 70 - int mpi_cmpabs(MPI u, MPI v); 71 123 72 124 /*-- mpi-sub-ui.c --*/ 73 125 int mpi_sub_ui(MPI w, MPI u, unsigned long vval); ··· 76 130 unsigned mpi_get_nbits(MPI a); 77 131 int mpi_test_bit(MPI a, unsigned int n); 78 132 void mpi_set_bit(MPI a, unsigned int n); 79 - void mpi_set_highbit(MPI a, unsigned int n); 80 - void mpi_clear_highbit(MPI a, unsigned int n); 81 - void mpi_clear_bit(MPI a, unsigned int n); 82 - void mpi_rshift_limbs(MPI a, unsigned int count); 83 133 void mpi_rshift(MPI x, MPI a, unsigned int n); 84 - void mpi_lshift_limbs(MPI a, unsigned int count); 85 - void mpi_lshift(MPI x, MPI a, unsigned int n); 86 134 87 135 /*-- mpi-add.c --*/ 88 - void mpi_add_ui(MPI w, MPI u, unsigned long v); 89 136 void mpi_add(MPI w, MPI u, MPI v); 90 137 void mpi_sub(MPI w, MPI u, MPI v); 91 138 void mpi_addm(MPI w, MPI u, MPI v, MPI m); ··· 91 152 /*-- mpi-div.c --*/ 92 153 void mpi_tdiv_r(MPI rem, MPI num, MPI den); 93 154 void mpi_fdiv_r(MPI rem, MPI dividend, MPI divisor); 94 - void mpi_fdiv_q(MPI quot, MPI dividend, MPI divisor); 95 - 96 - /*-- mpi-inv.c --*/ 97 - int mpi_invm(MPI x, MPI a, MPI n); 98 155 99 156 /* inline functions */ 100 157
-1
lib/crypto/mpi/Makefile
··· 19 19 mpi-cmp.o \ 20 20 mpi-sub-ui.o \ 21 21 mpi-div.o \ 22 - mpi-inv.o \ 23 22 mpi-mod.o \ 24 23 mpi-mul.o \ 25 24 mpih-cmp.o \
-51
lib/crypto/mpi/mpi-add.c
··· 13 13 14 14 #include "mpi-internal.h" 15 15 16 - /**************** 17 - * Add the unsigned integer V to the mpi-integer U and store the 18 - * result in W. U and V may be the same. 19 - */ 20 - void mpi_add_ui(MPI w, MPI u, unsigned long v) 21 - { 22 - mpi_ptr_t wp, up; 23 - mpi_size_t usize, wsize; 24 - int usign, wsign; 25 - 26 - usize = u->nlimbs; 27 - usign = u->sign; 28 - wsign = 0; 29 - 30 - /* If not space for W (and possible carry), increase space. */ 31 - wsize = usize + 1; 32 - if (w->alloced < wsize) 33 - mpi_resize(w, wsize); 34 - 35 - /* These must be after realloc (U may be the same as W). */ 36 - up = u->d; 37 - wp = w->d; 38 - 39 - if (!usize) { /* simple */ 40 - wp[0] = v; 41 - wsize = v ? 1:0; 42 - } else if (!usign) { /* mpi is not negative */ 43 - mpi_limb_t cy; 44 - cy = mpihelp_add_1(wp, up, usize, v); 45 - wp[usize] = cy; 46 - wsize = usize + cy; 47 - } else { 48 - /* The signs are different. Need exact comparison to determine 49 - * which operand to subtract from which. 50 - */ 51 - if (usize == 1 && up[0] < v) { 52 - wp[0] = v - up[0]; 53 - wsize = 1; 54 - } else { 55 - mpihelp_sub_1(wp, up, usize, v); 56 - /* Size can decrease with at most one limb. */ 57 - wsize = usize - (wp[usize-1] == 0); 58 - wsign = 1; 59 - } 60 - } 61 - 62 - w->nlimbs = wsize; 63 - w->sign = wsign; 64 - } 65 - 66 - 67 16 void mpi_add(MPI w, MPI u, MPI v) 68 17 { 69 18 mpi_ptr_t wp, up, vp;
-143
lib/crypto/mpi/mpi-bit.c
··· 32 32 for (; a->nlimbs && !a->d[a->nlimbs - 1]; a->nlimbs--) 33 33 ; 34 34 } 35 - EXPORT_SYMBOL_GPL(mpi_normalize); 36 35 37 36 /**************** 38 37 * Return the number of bits in A. ··· 90 91 a->nlimbs = limbno+1; 91 92 } 92 93 a->d[limbno] |= (A_LIMB_1<<bitno); 93 - } 94 - 95 - /**************** 96 - * Set bit N of A. and clear all bits above 97 - */ 98 - void mpi_set_highbit(MPI a, unsigned int n) 99 - { 100 - unsigned int i, limbno, bitno; 101 - 102 - limbno = n / BITS_PER_MPI_LIMB; 103 - bitno = n % BITS_PER_MPI_LIMB; 104 - 105 - if (limbno >= a->nlimbs) { 106 - for (i = a->nlimbs; i < a->alloced; i++) 107 - a->d[i] = 0; 108 - mpi_resize(a, limbno+1); 109 - a->nlimbs = limbno+1; 110 - } 111 - a->d[limbno] |= (A_LIMB_1<<bitno); 112 - for (bitno++; bitno < BITS_PER_MPI_LIMB; bitno++) 113 - a->d[limbno] &= ~(A_LIMB_1 << bitno); 114 - a->nlimbs = limbno+1; 115 - } 116 - EXPORT_SYMBOL_GPL(mpi_set_highbit); 117 - 118 - /**************** 119 - * clear bit N of A and all bits above 120 - */ 121 - void mpi_clear_highbit(MPI a, unsigned int n) 122 - { 123 - unsigned int limbno, bitno; 124 - 125 - limbno = n / BITS_PER_MPI_LIMB; 126 - bitno = n % BITS_PER_MPI_LIMB; 127 - 128 - if (limbno >= a->nlimbs) 129 - return; /* not allocated, therefore no need to clear bits :-) */ 130 - 131 - for ( ; bitno < BITS_PER_MPI_LIMB; bitno++) 132 - a->d[limbno] &= ~(A_LIMB_1 << bitno); 133 - a->nlimbs = limbno+1; 134 - } 135 - 136 - /**************** 137 - * Clear bit N of A. 138 - */ 139 - void mpi_clear_bit(MPI a, unsigned int n) 140 - { 141 - unsigned int limbno, bitno; 142 - 143 - limbno = n / BITS_PER_MPI_LIMB; 144 - bitno = n % BITS_PER_MPI_LIMB; 145 - 146 - if (limbno >= a->nlimbs) 147 - return; /* Don't need to clear this bit, it's far too left. */ 148 - a->d[limbno] &= ~(A_LIMB_1 << bitno); 149 - } 150 - EXPORT_SYMBOL_GPL(mpi_clear_bit); 151 - 152 - 153 - /**************** 154 - * Shift A by COUNT limbs to the right 155 - * This is used only within the MPI library 156 - */ 157 - void mpi_rshift_limbs(MPI a, unsigned int count) 158 - { 159 - mpi_ptr_t ap = a->d; 160 - mpi_size_t n = a->nlimbs; 161 - unsigned int i; 162 - 163 - if (count >= n) { 164 - a->nlimbs = 0; 165 - return; 166 - } 167 - 168 - for (i = 0; i < n - count; i++) 169 - ap[i] = ap[i+count]; 170 - ap[i] = 0; 171 - a->nlimbs -= count; 172 94 } 173 95 174 96 /* ··· 161 241 MPN_NORMALIZE(x->d, x->nlimbs); 162 242 } 163 243 EXPORT_SYMBOL_GPL(mpi_rshift); 164 - 165 - /**************** 166 - * Shift A by COUNT limbs to the left 167 - * This is used only within the MPI library 168 - */ 169 - void mpi_lshift_limbs(MPI a, unsigned int count) 170 - { 171 - mpi_ptr_t ap; 172 - int n = a->nlimbs; 173 - int i; 174 - 175 - if (!count || !n) 176 - return; 177 - 178 - RESIZE_IF_NEEDED(a, n+count); 179 - 180 - ap = a->d; 181 - for (i = n-1; i >= 0; i--) 182 - ap[i+count] = ap[i]; 183 - for (i = 0; i < count; i++) 184 - ap[i] = 0; 185 - a->nlimbs += count; 186 - } 187 - 188 - /* 189 - * Shift A by N bits to the left. 190 - */ 191 - void mpi_lshift(MPI x, MPI a, unsigned int n) 192 - { 193 - unsigned int nlimbs = (n/BITS_PER_MPI_LIMB); 194 - unsigned int nbits = (n%BITS_PER_MPI_LIMB); 195 - 196 - if (x == a && !n) 197 - return; /* In-place shift with an amount of zero. */ 198 - 199 - if (x != a) { 200 - /* Copy A to X. */ 201 - unsigned int alimbs = a->nlimbs; 202 - int asign = a->sign; 203 - mpi_ptr_t xp, ap; 204 - 205 - RESIZE_IF_NEEDED(x, alimbs+nlimbs+1); 206 - xp = x->d; 207 - ap = a->d; 208 - MPN_COPY(xp, ap, alimbs); 209 - x->nlimbs = alimbs; 210 - x->flags = a->flags; 211 - x->sign = asign; 212 - } 213 - 214 - if (nlimbs && !nbits) { 215 - /* Shift a full number of limbs. */ 216 - mpi_lshift_limbs(x, nlimbs); 217 - } else if (n) { 218 - /* We use a very dump approach: Shift left by the number of 219 - * limbs plus one and than fix it up by an rshift. 220 - */ 221 - mpi_lshift_limbs(x, nlimbs+1); 222 - mpi_rshift(x, x, BITS_PER_MPI_LIMB - nbits); 223 - } 224 - 225 - MPN_NORMALIZE(x->d, x->nlimbs); 226 - }
+10 -36
lib/crypto/mpi/mpi-cmp.c
··· 45 45 } 46 46 EXPORT_SYMBOL_GPL(mpi_cmp_ui); 47 47 48 - static int do_mpi_cmp(MPI u, MPI v, int absmode) 48 + int mpi_cmp(MPI u, MPI v) 49 49 { 50 - mpi_size_t usize; 51 - mpi_size_t vsize; 52 - int usign; 53 - int vsign; 50 + mpi_size_t usize, vsize; 54 51 int cmp; 55 52 56 53 mpi_normalize(u); 57 54 mpi_normalize(v); 58 - 59 55 usize = u->nlimbs; 60 56 vsize = v->nlimbs; 61 - usign = absmode ? 0 : u->sign; 62 - vsign = absmode ? 0 : v->sign; 63 - 64 - /* Compare sign bits. */ 65 - 66 - if (!usign && vsign) 57 + if (!u->sign && v->sign) 67 58 return 1; 68 - if (usign && !vsign) 59 + if (u->sign && !v->sign) 69 60 return -1; 70 - 71 - /* U and V are either both positive or both negative. */ 72 - 73 - if (usize != vsize && !usign && !vsign) 61 + if (usize != vsize && !u->sign && !v->sign) 74 62 return usize - vsize; 75 - if (usize != vsize && usign && vsign) 76 - return vsize + usize; 63 + if (usize != vsize && u->sign && v->sign) 64 + return vsize - usize; 77 65 if (!usize) 78 66 return 0; 79 67 cmp = mpihelp_cmp(u->d, v->d, usize); 80 - if (!cmp) 81 - return 0; 82 - if ((cmp < 0?1:0) == (usign?1:0)) 83 - return 1; 84 - 85 - return -1; 86 - } 87 - 88 - int mpi_cmp(MPI u, MPI v) 89 - { 90 - return do_mpi_cmp(u, v, 0); 68 + if (u->sign) 69 + return -cmp; 70 + return cmp; 91 71 } 92 72 EXPORT_SYMBOL_GPL(mpi_cmp); 93 - 94 - int mpi_cmpabs(MPI u, MPI v) 95 - { 96 - return do_mpi_cmp(u, v, 1); 97 - } 98 - EXPORT_SYMBOL_GPL(mpi_cmpabs);
-29
lib/crypto/mpi/mpi-div.c
··· 15 15 #include "longlong.h" 16 16 17 17 void mpi_tdiv_qr(MPI quot, MPI rem, MPI num, MPI den); 18 - void mpi_fdiv_qr(MPI quot, MPI rem, MPI dividend, MPI divisor); 19 18 20 19 void mpi_fdiv_r(MPI rem, MPI dividend, MPI divisor) 21 20 { ··· 34 35 35 36 if (((divisor_sign?1:0) ^ (dividend->sign?1:0)) && rem->nlimbs) 36 37 mpi_add(rem, rem, divisor); 37 - 38 - if (temp_divisor) 39 - mpi_free(temp_divisor); 40 - } 41 - 42 - void mpi_fdiv_q(MPI quot, MPI dividend, MPI divisor) 43 - { 44 - MPI tmp = mpi_alloc(mpi_get_nlimbs(quot)); 45 - mpi_fdiv_qr(quot, tmp, dividend, divisor); 46 - mpi_free(tmp); 47 - } 48 - 49 - void mpi_fdiv_qr(MPI quot, MPI rem, MPI dividend, MPI divisor) 50 - { 51 - int divisor_sign = divisor->sign; 52 - MPI temp_divisor = NULL; 53 - 54 - if (quot == divisor || rem == divisor) { 55 - temp_divisor = mpi_copy(divisor); 56 - divisor = temp_divisor; 57 - } 58 - 59 - mpi_tdiv_qr(quot, rem, dividend, divisor); 60 - 61 - if ((divisor_sign ^ dividend->sign) && rem->nlimbs) { 62 - mpi_sub_ui(quot, quot, 1); 63 - mpi_add(rem, rem, divisor); 64 - } 65 38 66 39 if (temp_divisor) 67 40 mpi_free(temp_divisor);
-10
lib/crypto/mpi/mpi-internal.h
··· 66 66 (d)[_i] = (s)[_i]; \ 67 67 } while (0) 68 68 69 - #define MPN_COPY_INCR(d, s, n) \ 70 - do { \ 71 - mpi_size_t _i; \ 72 - for (_i = 0; _i < (n); _i++) \ 73 - (d)[_i] = (s)[_i]; \ 74 - } while (0) 75 - 76 - 77 69 #define MPN_COPY_DECR(d, s, n) \ 78 70 do { \ 79 71 mpi_size_t _i; \ ··· 173 181 void mpih_sqr_n_basecase(mpi_ptr_t prodp, mpi_ptr_t up, mpi_size_t size); 174 182 void mpih_sqr_n(mpi_ptr_t prodp, mpi_ptr_t up, mpi_size_t size, 175 183 mpi_ptr_t tspace); 176 - void mpihelp_mul_n(mpi_ptr_t prodp, 177 - mpi_ptr_t up, mpi_ptr_t vp, mpi_size_t size); 178 184 179 185 int mpihelp_mul_karatsuba_case(mpi_ptr_t prodp, 180 186 mpi_ptr_t up, mpi_size_t usize,
-143
lib/crypto/mpi/mpi-inv.c
··· 1 - /* mpi-inv.c - MPI functions 2 - * Copyright (C) 1998, 2001, 2002, 2003 Free Software Foundation, Inc. 3 - * 4 - * This file is part of Libgcrypt. 5 - * 6 - * Libgcrypt is free software; you can redistribute it and/or modify 7 - * it under the terms of the GNU Lesser General Public License as 8 - * published by the Free Software Foundation; either version 2.1 of 9 - * the License, or (at your option) any later version. 10 - * 11 - * Libgcrypt is distributed in the hope that it will be useful, 12 - * but WITHOUT ANY WARRANTY; without even the implied warranty of 13 - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 14 - * GNU Lesser General Public License for more details. 15 - * 16 - * You should have received a copy of the GNU Lesser General Public 17 - * License along with this program; if not, see <http://www.gnu.org/licenses/>. 18 - */ 19 - 20 - #include "mpi-internal.h" 21 - 22 - /**************** 23 - * Calculate the multiplicative inverse X of A mod N 24 - * That is: Find the solution x for 25 - * 1 = (a*x) mod n 26 - */ 27 - int mpi_invm(MPI x, MPI a, MPI n) 28 - { 29 - /* Extended Euclid's algorithm (See TAOCP Vol II, 4.5.2, Alg X) 30 - * modified according to Michael Penk's solution for Exercise 35 31 - * with further enhancement 32 - */ 33 - MPI u, v, u1, u2 = NULL, u3, v1, v2 = NULL, v3, t1, t2 = NULL, t3; 34 - unsigned int k; 35 - int sign; 36 - int odd; 37 - 38 - if (!mpi_cmp_ui(a, 0)) 39 - return 0; /* Inverse does not exists. */ 40 - if (!mpi_cmp_ui(n, 1)) 41 - return 0; /* Inverse does not exists. */ 42 - 43 - u = mpi_copy(a); 44 - v = mpi_copy(n); 45 - 46 - for (k = 0; !mpi_test_bit(u, 0) && !mpi_test_bit(v, 0); k++) { 47 - mpi_rshift(u, u, 1); 48 - mpi_rshift(v, v, 1); 49 - } 50 - odd = mpi_test_bit(v, 0); 51 - 52 - u1 = mpi_alloc_set_ui(1); 53 - if (!odd) 54 - u2 = mpi_alloc_set_ui(0); 55 - u3 = mpi_copy(u); 56 - v1 = mpi_copy(v); 57 - if (!odd) { 58 - v2 = mpi_alloc(mpi_get_nlimbs(u)); 59 - mpi_sub(v2, u1, u); /* U is used as const 1 */ 60 - } 61 - v3 = mpi_copy(v); 62 - if (mpi_test_bit(u, 0)) { /* u is odd */ 63 - t1 = mpi_alloc_set_ui(0); 64 - if (!odd) { 65 - t2 = mpi_alloc_set_ui(1); 66 - t2->sign = 1; 67 - } 68 - t3 = mpi_copy(v); 69 - t3->sign = !t3->sign; 70 - goto Y4; 71 - } else { 72 - t1 = mpi_alloc_set_ui(1); 73 - if (!odd) 74 - t2 = mpi_alloc_set_ui(0); 75 - t3 = mpi_copy(u); 76 - } 77 - 78 - do { 79 - do { 80 - if (!odd) { 81 - if (mpi_test_bit(t1, 0) || mpi_test_bit(t2, 0)) { 82 - /* one is odd */ 83 - mpi_add(t1, t1, v); 84 - mpi_sub(t2, t2, u); 85 - } 86 - mpi_rshift(t1, t1, 1); 87 - mpi_rshift(t2, t2, 1); 88 - mpi_rshift(t3, t3, 1); 89 - } else { 90 - if (mpi_test_bit(t1, 0)) 91 - mpi_add(t1, t1, v); 92 - mpi_rshift(t1, t1, 1); 93 - mpi_rshift(t3, t3, 1); 94 - } 95 - Y4: 96 - ; 97 - } while (!mpi_test_bit(t3, 0)); /* while t3 is even */ 98 - 99 - if (!t3->sign) { 100 - mpi_set(u1, t1); 101 - if (!odd) 102 - mpi_set(u2, t2); 103 - mpi_set(u3, t3); 104 - } else { 105 - mpi_sub(v1, v, t1); 106 - sign = u->sign; u->sign = !u->sign; 107 - if (!odd) 108 - mpi_sub(v2, u, t2); 109 - u->sign = sign; 110 - sign = t3->sign; t3->sign = !t3->sign; 111 - mpi_set(v3, t3); 112 - t3->sign = sign; 113 - } 114 - mpi_sub(t1, u1, v1); 115 - if (!odd) 116 - mpi_sub(t2, u2, v2); 117 - mpi_sub(t3, u3, v3); 118 - if (t1->sign) { 119 - mpi_add(t1, t1, v); 120 - if (!odd) 121 - mpi_sub(t2, t2, u); 122 - } 123 - } while (mpi_cmp_ui(t3, 0)); /* while t3 != 0 */ 124 - /* mpi_lshift( u3, k ); */ 125 - mpi_set(x, u1); 126 - 127 - mpi_free(u1); 128 - mpi_free(v1); 129 - mpi_free(t1); 130 - if (!odd) { 131 - mpi_free(u2); 132 - mpi_free(v2); 133 - mpi_free(t2); 134 - } 135 - mpi_free(u3); 136 - mpi_free(v3); 137 - mpi_free(t3); 138 - 139 - mpi_free(u); 140 - mpi_free(v); 141 - return 1; 142 - } 143 - EXPORT_SYMBOL_GPL(mpi_invm);
-144
lib/crypto/mpi/mpi-mod.c
··· 5 5 * This file is part of Libgcrypt. 6 6 */ 7 7 8 - 9 8 #include "mpi-internal.h" 10 - #include "longlong.h" 11 - 12 - /* Context used with Barrett reduction. */ 13 - struct barrett_ctx_s { 14 - MPI m; /* The modulus - may not be modified. */ 15 - int m_copied; /* If true, M needs to be released. */ 16 - int k; 17 - MPI y; 18 - MPI r1; /* Helper MPI. */ 19 - MPI r2; /* Helper MPI. */ 20 - MPI r3; /* Helper MPI allocated on demand. */ 21 - }; 22 - 23 - 24 9 25 10 void mpi_mod(MPI rem, MPI dividend, MPI divisor) 26 11 { 27 12 mpi_fdiv_r(rem, dividend, divisor); 28 - } 29 - 30 - /* This function returns a new context for Barrett based operations on 31 - * the modulus M. This context needs to be released using 32 - * _gcry_mpi_barrett_free. If COPY is true M will be transferred to 33 - * the context and the user may change M. If COPY is false, M may not 34 - * be changed until gcry_mpi_barrett_free has been called. 35 - */ 36 - mpi_barrett_t mpi_barrett_init(MPI m, int copy) 37 - { 38 - mpi_barrett_t ctx; 39 - MPI tmp; 40 - 41 - mpi_normalize(m); 42 - ctx = kcalloc(1, sizeof(*ctx), GFP_KERNEL); 43 - if (!ctx) 44 - return NULL; 45 - 46 - if (copy) { 47 - ctx->m = mpi_copy(m); 48 - ctx->m_copied = 1; 49 - } else 50 - ctx->m = m; 51 - 52 - ctx->k = mpi_get_nlimbs(m); 53 - tmp = mpi_alloc(ctx->k + 1); 54 - 55 - /* Barrett precalculation: y = floor(b^(2k) / m). */ 56 - mpi_set_ui(tmp, 1); 57 - mpi_lshift_limbs(tmp, 2 * ctx->k); 58 - mpi_fdiv_q(tmp, tmp, m); 59 - 60 - ctx->y = tmp; 61 - ctx->r1 = mpi_alloc(2 * ctx->k + 1); 62 - ctx->r2 = mpi_alloc(2 * ctx->k + 1); 63 - 64 - return ctx; 65 - } 66 - 67 - void mpi_barrett_free(mpi_barrett_t ctx) 68 - { 69 - if (ctx) { 70 - mpi_free(ctx->y); 71 - mpi_free(ctx->r1); 72 - mpi_free(ctx->r2); 73 - if (ctx->r3) 74 - mpi_free(ctx->r3); 75 - if (ctx->m_copied) 76 - mpi_free(ctx->m); 77 - kfree(ctx); 78 - } 79 - } 80 - 81 - 82 - /* R = X mod M 83 - * 84 - * Using Barrett reduction. Before using this function 85 - * _gcry_mpi_barrett_init must have been called to do the 86 - * precalculations. CTX is the context created by this precalculation 87 - * and also conveys M. If the Barret reduction could no be done a 88 - * straightforward reduction method is used. 89 - * 90 - * We assume that these conditions are met: 91 - * Input: x =(x_2k-1 ...x_0)_b 92 - * m =(m_k-1 ....m_0)_b with m_k-1 != 0 93 - * Output: r = x mod m 94 - */ 95 - void mpi_mod_barrett(MPI r, MPI x, mpi_barrett_t ctx) 96 - { 97 - MPI m = ctx->m; 98 - int k = ctx->k; 99 - MPI y = ctx->y; 100 - MPI r1 = ctx->r1; 101 - MPI r2 = ctx->r2; 102 - int sign; 103 - 104 - mpi_normalize(x); 105 - if (mpi_get_nlimbs(x) > 2*k) { 106 - mpi_mod(r, x, m); 107 - return; 108 - } 109 - 110 - sign = x->sign; 111 - x->sign = 0; 112 - 113 - /* 1. q1 = floor( x / b^k-1) 114 - * q2 = q1 * y 115 - * q3 = floor( q2 / b^k+1 ) 116 - * Actually, we don't need qx, we can work direct on r2 117 - */ 118 - mpi_set(r2, x); 119 - mpi_rshift_limbs(r2, k-1); 120 - mpi_mul(r2, r2, y); 121 - mpi_rshift_limbs(r2, k+1); 122 - 123 - /* 2. r1 = x mod b^k+1 124 - * r2 = q3 * m mod b^k+1 125 - * r = r1 - r2 126 - * 3. if r < 0 then r = r + b^k+1 127 - */ 128 - mpi_set(r1, x); 129 - if (r1->nlimbs > k+1) /* Quick modulo operation. */ 130 - r1->nlimbs = k+1; 131 - mpi_mul(r2, r2, m); 132 - if (r2->nlimbs > k+1) /* Quick modulo operation. */ 133 - r2->nlimbs = k+1; 134 - mpi_sub(r, r1, r2); 135 - 136 - if (mpi_has_sign(r)) { 137 - if (!ctx->r3) { 138 - ctx->r3 = mpi_alloc(k + 2); 139 - mpi_set_ui(ctx->r3, 1); 140 - mpi_lshift_limbs(ctx->r3, k + 1); 141 - } 142 - mpi_add(r, r, ctx->r3); 143 - } 144 - 145 - /* 4. while r >= m do r = r - m */ 146 - while (mpi_cmp(r, m) >= 0) 147 - mpi_sub(r, r, m); 148 - 149 - x->sign = sign; 150 - } 151 - 152 - 153 - void mpi_mul_barrett(MPI w, MPI u, MPI v, mpi_barrett_t ctx) 154 - { 155 - mpi_mul(w, u, v); 156 - mpi_mod_barrett(w, w, ctx); 157 13 }
-336
lib/crypto/mpi/mpicoder.c
··· 25 25 #include <linux/string.h> 26 26 #include "mpi-internal.h" 27 27 28 - #define MAX_EXTERN_SCAN_BYTES (16*1024*1024) 29 28 #define MAX_EXTERN_MPI_BITS 16384 30 29 31 30 /** ··· 108 109 return val; 109 110 } 110 111 EXPORT_SYMBOL_GPL(mpi_read_from_buffer); 111 - 112 - /**************** 113 - * Fill the mpi VAL from the hex string in STR. 114 - */ 115 - int mpi_fromstr(MPI val, const char *str) 116 - { 117 - int sign = 0; 118 - int prepend_zero = 0; 119 - int i, j, c, c1, c2; 120 - unsigned int nbits, nbytes, nlimbs; 121 - mpi_limb_t a; 122 - 123 - if (*str == '-') { 124 - sign = 1; 125 - str++; 126 - } 127 - 128 - /* Skip optional hex prefix. */ 129 - if (*str == '0' && str[1] == 'x') 130 - str += 2; 131 - 132 - nbits = strlen(str); 133 - if (nbits > MAX_EXTERN_SCAN_BYTES) { 134 - mpi_clear(val); 135 - return -EINVAL; 136 - } 137 - nbits *= 4; 138 - if ((nbits % 8)) 139 - prepend_zero = 1; 140 - 141 - nbytes = (nbits+7) / 8; 142 - nlimbs = (nbytes+BYTES_PER_MPI_LIMB-1) / BYTES_PER_MPI_LIMB; 143 - 144 - if (val->alloced < nlimbs) 145 - mpi_resize(val, nlimbs); 146 - 147 - i = BYTES_PER_MPI_LIMB - (nbytes % BYTES_PER_MPI_LIMB); 148 - i %= BYTES_PER_MPI_LIMB; 149 - j = val->nlimbs = nlimbs; 150 - val->sign = sign; 151 - for (; j > 0; j--) { 152 - a = 0; 153 - for (; i < BYTES_PER_MPI_LIMB; i++) { 154 - if (prepend_zero) { 155 - c1 = '0'; 156 - prepend_zero = 0; 157 - } else 158 - c1 = *str++; 159 - 160 - if (!c1) { 161 - mpi_clear(val); 162 - return -EINVAL; 163 - } 164 - c2 = *str++; 165 - if (!c2) { 166 - mpi_clear(val); 167 - return -EINVAL; 168 - } 169 - if (c1 >= '0' && c1 <= '9') 170 - c = c1 - '0'; 171 - else if (c1 >= 'a' && c1 <= 'f') 172 - c = c1 - 'a' + 10; 173 - else if (c1 >= 'A' && c1 <= 'F') 174 - c = c1 - 'A' + 10; 175 - else { 176 - mpi_clear(val); 177 - return -EINVAL; 178 - } 179 - c <<= 4; 180 - if (c2 >= '0' && c2 <= '9') 181 - c |= c2 - '0'; 182 - else if (c2 >= 'a' && c2 <= 'f') 183 - c |= c2 - 'a' + 10; 184 - else if (c2 >= 'A' && c2 <= 'F') 185 - c |= c2 - 'A' + 10; 186 - else { 187 - mpi_clear(val); 188 - return -EINVAL; 189 - } 190 - a <<= 8; 191 - a |= c; 192 - } 193 - i = 0; 194 - val->d[j-1] = a; 195 - } 196 - 197 - return 0; 198 - } 199 - EXPORT_SYMBOL_GPL(mpi_fromstr); 200 - 201 - MPI mpi_scanval(const char *string) 202 - { 203 - MPI a; 204 - 205 - a = mpi_alloc(0); 206 - if (!a) 207 - return NULL; 208 - 209 - if (mpi_fromstr(a, string)) { 210 - mpi_free(a); 211 - return NULL; 212 - } 213 - mpi_normalize(a); 214 - return a; 215 - } 216 - EXPORT_SYMBOL_GPL(mpi_scanval); 217 112 218 113 static int count_lzeros(MPI a) 219 114 { ··· 414 521 return val; 415 522 } 416 523 EXPORT_SYMBOL_GPL(mpi_read_raw_from_sgl); 417 - 418 - /* Perform a two's complement operation on buffer P of size N bytes. */ 419 - static void twocompl(unsigned char *p, unsigned int n) 420 - { 421 - int i; 422 - 423 - for (i = n-1; i >= 0 && !p[i]; i--) 424 - ; 425 - if (i >= 0) { 426 - if ((p[i] & 0x01)) 427 - p[i] = (((p[i] ^ 0xfe) | 0x01) & 0xff); 428 - else if ((p[i] & 0x02)) 429 - p[i] = (((p[i] ^ 0xfc) | 0x02) & 0xfe); 430 - else if ((p[i] & 0x04)) 431 - p[i] = (((p[i] ^ 0xf8) | 0x04) & 0xfc); 432 - else if ((p[i] & 0x08)) 433 - p[i] = (((p[i] ^ 0xf0) | 0x08) & 0xf8); 434 - else if ((p[i] & 0x10)) 435 - p[i] = (((p[i] ^ 0xe0) | 0x10) & 0xf0); 436 - else if ((p[i] & 0x20)) 437 - p[i] = (((p[i] ^ 0xc0) | 0x20) & 0xe0); 438 - else if ((p[i] & 0x40)) 439 - p[i] = (((p[i] ^ 0x80) | 0x40) & 0xc0); 440 - else 441 - p[i] = 0x80; 442 - 443 - for (i--; i >= 0; i--) 444 - p[i] ^= 0xff; 445 - } 446 - } 447 - 448 - int mpi_print(enum gcry_mpi_format format, unsigned char *buffer, 449 - size_t buflen, size_t *nwritten, MPI a) 450 - { 451 - unsigned int nbits = mpi_get_nbits(a); 452 - size_t len; 453 - size_t dummy_nwritten; 454 - int negative; 455 - 456 - if (!nwritten) 457 - nwritten = &dummy_nwritten; 458 - 459 - /* Libgcrypt does no always care to set clear the sign if the value 460 - * is 0. For printing this is a bit of a surprise, in particular 461 - * because if some of the formats don't support negative numbers but 462 - * should be able to print a zero. Thus we need this extra test 463 - * for a negative number. 464 - */ 465 - if (a->sign && mpi_cmp_ui(a, 0)) 466 - negative = 1; 467 - else 468 - negative = 0; 469 - 470 - len = buflen; 471 - *nwritten = 0; 472 - if (format == GCRYMPI_FMT_STD) { 473 - unsigned char *tmp; 474 - int extra = 0; 475 - unsigned int n; 476 - 477 - tmp = mpi_get_buffer(a, &n, NULL); 478 - if (!tmp) 479 - return -EINVAL; 480 - 481 - if (negative) { 482 - twocompl(tmp, n); 483 - if (!(*tmp & 0x80)) { 484 - /* Need to extend the sign. */ 485 - n++; 486 - extra = 2; 487 - } 488 - } else if (n && (*tmp & 0x80)) { 489 - /* Positive but the high bit of the returned buffer is set. 490 - * Thus we need to print an extra leading 0x00 so that the 491 - * output is interpreted as a positive number. 492 - */ 493 - n++; 494 - extra = 1; 495 - } 496 - 497 - if (buffer && n > len) { 498 - /* The provided buffer is too short. */ 499 - kfree(tmp); 500 - return -E2BIG; 501 - } 502 - if (buffer) { 503 - unsigned char *s = buffer; 504 - 505 - if (extra == 1) 506 - *s++ = 0; 507 - else if (extra) 508 - *s++ = 0xff; 509 - memcpy(s, tmp, n-!!extra); 510 - } 511 - kfree(tmp); 512 - *nwritten = n; 513 - return 0; 514 - } else if (format == GCRYMPI_FMT_USG) { 515 - unsigned int n = (nbits + 7)/8; 516 - 517 - /* Note: We ignore the sign for this format. */ 518 - /* FIXME: for performance reasons we should put this into 519 - * mpi_aprint because we can then use the buffer directly. 520 - */ 521 - 522 - if (buffer && n > len) 523 - return -E2BIG; 524 - if (buffer) { 525 - unsigned char *tmp; 526 - 527 - tmp = mpi_get_buffer(a, &n, NULL); 528 - if (!tmp) 529 - return -EINVAL; 530 - memcpy(buffer, tmp, n); 531 - kfree(tmp); 532 - } 533 - *nwritten = n; 534 - return 0; 535 - } else if (format == GCRYMPI_FMT_PGP) { 536 - unsigned int n = (nbits + 7)/8; 537 - 538 - /* The PGP format can only handle unsigned integers. */ 539 - if (negative) 540 - return -EINVAL; 541 - 542 - if (buffer && n+2 > len) 543 - return -E2BIG; 544 - 545 - if (buffer) { 546 - unsigned char *tmp; 547 - unsigned char *s = buffer; 548 - 549 - s[0] = nbits >> 8; 550 - s[1] = nbits; 551 - 552 - tmp = mpi_get_buffer(a, &n, NULL); 553 - if (!tmp) 554 - return -EINVAL; 555 - memcpy(s+2, tmp, n); 556 - kfree(tmp); 557 - } 558 - *nwritten = n+2; 559 - return 0; 560 - } else if (format == GCRYMPI_FMT_SSH) { 561 - unsigned char *tmp; 562 - int extra = 0; 563 - unsigned int n; 564 - 565 - tmp = mpi_get_buffer(a, &n, NULL); 566 - if (!tmp) 567 - return -EINVAL; 568 - 569 - if (negative) { 570 - twocompl(tmp, n); 571 - if (!(*tmp & 0x80)) { 572 - /* Need to extend the sign. */ 573 - n++; 574 - extra = 2; 575 - } 576 - } else if (n && (*tmp & 0x80)) { 577 - n++; 578 - extra = 1; 579 - } 580 - 581 - if (buffer && n+4 > len) { 582 - kfree(tmp); 583 - return -E2BIG; 584 - } 585 - 586 - if (buffer) { 587 - unsigned char *s = buffer; 588 - 589 - *s++ = n >> 24; 590 - *s++ = n >> 16; 591 - *s++ = n >> 8; 592 - *s++ = n; 593 - if (extra == 1) 594 - *s++ = 0; 595 - else if (extra) 596 - *s++ = 0xff; 597 - memcpy(s, tmp, n-!!extra); 598 - } 599 - kfree(tmp); 600 - *nwritten = 4+n; 601 - return 0; 602 - } else if (format == GCRYMPI_FMT_HEX) { 603 - unsigned char *tmp; 604 - int i; 605 - int extra = 0; 606 - unsigned int n = 0; 607 - 608 - tmp = mpi_get_buffer(a, &n, NULL); 609 - if (!tmp) 610 - return -EINVAL; 611 - if (!n || (*tmp & 0x80)) 612 - extra = 2; 613 - 614 - if (buffer && 2*n + extra + negative + 1 > len) { 615 - kfree(tmp); 616 - return -E2BIG; 617 - } 618 - if (buffer) { 619 - unsigned char *s = buffer; 620 - 621 - if (negative) 622 - *s++ = '-'; 623 - if (extra) { 624 - *s++ = '0'; 625 - *s++ = '0'; 626 - } 627 - 628 - for (i = 0; i < n; i++) { 629 - unsigned int c = tmp[i]; 630 - 631 - *s++ = (c >> 4) < 10 ? '0'+(c>>4) : 'A'+(c>>4)-10; 632 - c &= 15; 633 - *s++ = c < 10 ? '0'+c : 'A'+c-10; 634 - } 635 - *s++ = 0; 636 - *nwritten = s - buffer; 637 - } else { 638 - *nwritten = 2*n + extra + negative + 1; 639 - } 640 - kfree(tmp); 641 - return 0; 642 - } else 643 - return -EINVAL; 644 - } 645 - EXPORT_SYMBOL_GPL(mpi_print);
-25
lib/crypto/mpi/mpih-mul.c
··· 317 317 } 318 318 } 319 319 320 - 321 - void mpihelp_mul_n(mpi_ptr_t prodp, 322 - mpi_ptr_t up, mpi_ptr_t vp, mpi_size_t size) 323 - { 324 - if (up == vp) { 325 - if (size < KARATSUBA_THRESHOLD) 326 - mpih_sqr_n_basecase(prodp, up, size); 327 - else { 328 - mpi_ptr_t tspace; 329 - tspace = mpi_alloc_limb_space(2 * size); 330 - mpih_sqr_n(prodp, up, size, tspace); 331 - mpi_free_limb_space(tspace); 332 - } 333 - } else { 334 - if (size < KARATSUBA_THRESHOLD) 335 - mul_n_basecase(prodp, up, vp, size); 336 - else { 337 - mpi_ptr_t tspace; 338 - tspace = mpi_alloc_limb_space(2 * size); 339 - mul_n(prodp, up, vp, size, tspace); 340 - mpi_free_limb_space(tspace); 341 - } 342 - } 343 - } 344 - 345 320 int 346 321 mpihelp_mul_karatsuba_case(mpi_ptr_t prodp, 347 322 mpi_ptr_t up, mpi_size_t usize,
-182
lib/crypto/mpi/mpiutil.c
··· 20 20 21 21 #include "mpi-internal.h" 22 22 23 - /* Constants allocated right away at startup. */ 24 - static MPI constants[MPI_NUMBER_OF_CONSTANTS]; 25 - 26 - /* Initialize the MPI subsystem. This is called early and allows to 27 - * do some initialization without taking care of threading issues. 28 - */ 29 - static int __init mpi_init(void) 30 - { 31 - int idx; 32 - unsigned long value; 33 - 34 - for (idx = 0; idx < MPI_NUMBER_OF_CONSTANTS; idx++) { 35 - switch (idx) { 36 - case MPI_C_ZERO: 37 - value = 0; 38 - break; 39 - case MPI_C_ONE: 40 - value = 1; 41 - break; 42 - case MPI_C_TWO: 43 - value = 2; 44 - break; 45 - case MPI_C_THREE: 46 - value = 3; 47 - break; 48 - case MPI_C_FOUR: 49 - value = 4; 50 - break; 51 - case MPI_C_EIGHT: 52 - value = 8; 53 - break; 54 - default: 55 - pr_err("MPI: invalid mpi_const selector %d\n", idx); 56 - return -EFAULT; 57 - } 58 - constants[idx] = mpi_alloc_set_ui(value); 59 - constants[idx]->flags = (16|32); 60 - } 61 - 62 - return 0; 63 - } 64 - postcore_initcall(mpi_init); 65 - 66 - /* Return a constant MPI descripbed by NO which is one of the 67 - * MPI_C_xxx macros. There is no need to copy this returned value; it 68 - * may be used directly. 69 - */ 70 - MPI mpi_const(enum gcry_mpi_constants no) 71 - { 72 - if ((int)no < 0 || no > MPI_NUMBER_OF_CONSTANTS) 73 - pr_err("MPI: invalid mpi_const selector %d\n", no); 74 - if (!constants[no]) 75 - pr_err("MPI: MPI subsystem not initialized\n"); 76 - return constants[no]; 77 - } 78 - EXPORT_SYMBOL_GPL(mpi_const); 79 - 80 23 /**************** 81 24 * Note: It was a bad idea to use the number of limbs to allocate 82 25 * because on a alpha the limbs are large but we normally need ··· 106 163 return 0; 107 164 } 108 165 109 - void mpi_clear(MPI a) 110 - { 111 - if (!a) 112 - return; 113 - a->nlimbs = 0; 114 - a->flags = 0; 115 - } 116 - EXPORT_SYMBOL_GPL(mpi_clear); 117 - 118 166 void mpi_free(MPI a) 119 167 { 120 168 if (!a) ··· 142 208 } else 143 209 b = NULL; 144 210 return b; 145 - } 146 - 147 - /**************** 148 - * This function allocates an MPI which is optimized to hold 149 - * a value as large as the one given in the argument and allocates it 150 - * with the same flags as A. 151 - */ 152 - MPI mpi_alloc_like(MPI a) 153 - { 154 - MPI b; 155 - 156 - if (a) { 157 - b = mpi_alloc(a->nlimbs); 158 - b->nlimbs = 0; 159 - b->sign = 0; 160 - b->flags = a->flags; 161 - } else 162 - b = NULL; 163 - 164 - return b; 165 - } 166 - 167 - 168 - /* Set U into W and release U. If W is NULL only U will be released. */ 169 - void mpi_snatch(MPI w, MPI u) 170 - { 171 - if (w) { 172 - mpi_assign_limb_space(w, u->d, u->alloced); 173 - w->nlimbs = u->nlimbs; 174 - w->sign = u->sign; 175 - w->flags = u->flags; 176 - u->alloced = 0; 177 - u->nlimbs = 0; 178 - u->d = NULL; 179 - } 180 - mpi_free(u); 181 - } 182 - 183 - 184 - MPI mpi_set(MPI w, MPI u) 185 - { 186 - mpi_ptr_t wp, up; 187 - mpi_size_t usize = u->nlimbs; 188 - int usign = u->sign; 189 - 190 - if (!w) 191 - w = mpi_alloc(mpi_get_nlimbs(u)); 192 - RESIZE_IF_NEEDED(w, usize); 193 - wp = w->d; 194 - up = u->d; 195 - MPN_COPY(wp, up, usize); 196 - w->nlimbs = usize; 197 - w->flags = u->flags; 198 - w->flags &= ~(16|32); /* Reset the immutable and constant flags. */ 199 - w->sign = usign; 200 - return w; 201 - } 202 - EXPORT_SYMBOL_GPL(mpi_set); 203 - 204 - MPI mpi_set_ui(MPI w, unsigned long u) 205 - { 206 - if (!w) 207 - w = mpi_alloc(1); 208 - /* FIXME: If U is 0 we have no need to resize and thus possible 209 - * allocating the limbs. 210 - */ 211 - RESIZE_IF_NEEDED(w, 1); 212 - w->d[0] = u; 213 - w->nlimbs = u ? 1 : 0; 214 - w->sign = 0; 215 - w->flags = 0; 216 - return w; 217 - } 218 - EXPORT_SYMBOL_GPL(mpi_set_ui); 219 - 220 - MPI mpi_alloc_set_ui(unsigned long u) 221 - { 222 - MPI w = mpi_alloc(1); 223 - w->d[0] = u; 224 - w->nlimbs = u ? 1 : 0; 225 - w->sign = 0; 226 - return w; 227 - } 228 - 229 - /**************** 230 - * Swap the value of A and B, when SWAP is 1. 231 - * Leave the value when SWAP is 0. 232 - * This implementation should be constant-time regardless of SWAP. 233 - */ 234 - void mpi_swap_cond(MPI a, MPI b, unsigned long swap) 235 - { 236 - mpi_size_t i; 237 - mpi_size_t nlimbs; 238 - mpi_limb_t mask = ((mpi_limb_t)0) - swap; 239 - mpi_limb_t x; 240 - 241 - if (a->alloced > b->alloced) 242 - nlimbs = b->alloced; 243 - else 244 - nlimbs = a->alloced; 245 - if (a->nlimbs > nlimbs || b->nlimbs > nlimbs) 246 - return; 247 - 248 - for (i = 0; i < nlimbs; i++) { 249 - x = mask & (a->d[i] ^ b->d[i]); 250 - a->d[i] = a->d[i] ^ x; 251 - b->d[i] = b->d[i] ^ x; 252 - } 253 - 254 - x = mask & (a->nlimbs ^ b->nlimbs); 255 - a->nlimbs = a->nlimbs ^ x; 256 - b->nlimbs = b->nlimbs ^ x; 257 - 258 - x = mask & (a->sign ^ b->sign); 259 - a->sign = a->sign ^ x; 260 - b->sign = b->sign ^ x; 261 211 } 262 212 263 213 MODULE_DESCRIPTION("Multiprecision maths library");