diff options
| author | lloyd <[email protected]> | 2011-12-18 01:19:25 +0000 |
|---|---|---|
| committer | lloyd <[email protected]> | 2011-12-18 01:19:25 +0000 |
| commit | 8809043895d1d4cf37ff476cb69c9277b33cc957 (patch) | |
| tree | 72ca6a117cce901c9a36631422b1a7e5d88e1aac | |
| parent | 5a76eb4c07f0caedde1a3d1d2824f2764a46a582 (diff) | |
| parent | a3d81efbd2c56749d4abf9e6a27cb36cbbb10702 (diff) | |
propagate from branch 'net.randombit.botan' (head 39f53266912f33dc48e942b1b865ddcd6af66d8d)
to branch 'net.randombit.botan.cxx11' (head 0bf26cec09f71e75c547b4ec53365748c6d80d86)
| -rwxr-xr-x | configure.py | 21 | ||||
| -rw-r--r-- | doc/building.txt | 22 | ||||
| -rw-r--r-- | doc/faq.txt | 7 | ||||
| -rw-r--r-- | doc/log.txt | 17 | ||||
| -rw-r--r-- | doc/users.txt | 3 | ||||
| -rw-r--r-- | readme.txt | 8 | ||||
| -rw-r--r-- | src/build-data/arch/x86_64.txt | 7 | ||||
| -rw-r--r-- | src/build-data/cc/clang.txt | 3 | ||||
| -rw-r--r-- | src/build-data/cc/gcc.txt | 18 | ||||
| -rw-r--r-- | src/build-data/os/mingw.txt | 1 | ||||
| -rw-r--r-- | src/build-data/os/nacl.txt | 4 | ||||
| -rw-r--r-- | src/constructs/srp6/info.txt | 7 | ||||
| -rw-r--r-- | src/constructs/srp6/srp6.cpp | 177 | ||||
| -rw-r--r-- | src/constructs/srp6/srp6.h | 94 | ||||
| -rw-r--r-- | src/engine/core_engine/core_modes.cpp | 14 | ||||
| -rw-r--r-- | src/entropy/hres_timer/hres_timer.cpp | 37 | ||||
| -rw-r--r-- | src/entropy/hres_timer/hres_timer.h | 3 | ||||
| -rw-r--r-- | src/filters/buf_filt.cpp | 2 | ||||
| -rw-r--r-- | src/libstate/policy.cpp | 25 | ||||
| -rw-r--r-- | src/math/mp/mp_comba.cpp | 1276 | ||||
| -rw-r--r-- | src/math/mp/mp_core.h | 3 | ||||
| -rw-r--r-- | src/ssl/hello.cpp | 8 | ||||
| -rw-r--r-- | src/ssl/tls_magic.h | 2 | ||||
| -rw-r--r-- | src/ssl/tls_messages.h | 3 | ||||
| -rw-r--r-- | src/utils/cpuid.cpp | 34 | ||||
| -rw-r--r-- | src/utils/dyn_load/dyn_load.cpp | 5 |
26 files changed, 1115 insertions, 686 deletions
diff --git a/configure.py b/configure.py index bb0dbc192..4d0905340 100755 --- a/configure.py +++ b/configure.py @@ -1654,15 +1654,6 @@ def main(argv = None): (modules, archinfo, ccinfo, osinfo) = load_info_files(options) - if options.os is None: - options.os = platform.system().lower() - - if re.match('^cygwin_.*', options.os): - logging.debug("Converting '%s' to 'cygwin'", options.os) - options.os = 'cygwin' - - logging.info('Guessing target OS is %s (use --os to set)' % (options.os)) - if options.compiler is None: if options.os == 'windows': if have_program('g++') and not have_program('cl'): @@ -1674,6 +1665,18 @@ def main(argv = None): logging.info('Guessing to use compiler %s (use --cc to set)' % ( options.compiler)) + if options.os is None: + options.os = platform.system().lower() + + if re.match('^cygwin_.*', options.os): + logging.debug("Converting '%s' to 'cygwin'", options.os) + options.os = 'cygwin' + + if options.os == 'windows' and options.compiler == 'gcc': + logging.warning('Detected GCC on Windows; use --os=cygwin or --os=mingw?') + + logging.info('Guessing target OS is %s (use --os to set)' % (options.os)) + if options.compiler not in ccinfo: raise Exception('Unknown compiler "%s"; available options: %s' % ( options.compiler, ' '.join(sorted(ccinfo.keys())))) diff --git a/doc/building.txt b/doc/building.txt index 044e46c3d..e16531de4 100644 --- a/doc/building.txt +++ b/doc/building.txt @@ -60,10 +60,11 @@ we might see lines like:: INFO: Skipping, incompatible OS - beos_stats cryptoapi_rng win32_crit_section win32_stats INFO: Skipping, incompatible compiler - mp_msvc64 mp_x86_32_msvc -The ones that are 'loaded on request only' have to be explicitly asked -for, because they rely on third party libraries which your system -might not have. For instance to enable zlib support, add -``--with-zlib`` to your invocation of ``configure.py``. +The ones that are skipped because they are 'by request only' have to +be explicitly asked for, because they rely on third party libraries +which your system might not have or that you might not want the +resulting binary to depend on. For instance to enable zlib support, +add ``--with-zlib`` to your invocation of ``configure.py``. You can control which algorithms and modules are built using the options ``--enable-modules=MODS`` and ``--disable-modules=MODS``, for @@ -191,6 +192,18 @@ your documentation and/or local expert for details). Other Build-Related Tasks ---------------------------------------- +.. _building_docs: + +Building The Documentation +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +There are two documentation options available, Sphinx and Doxygen. +Sphinx will be used if ``sphinx-build`` is detected in the PATH, or if +``--with-sphinx`` is used at configure time. Doxygen is only enabled +if ``--with-doxygen`` is used. Both are generated by the makefile +target ``docs``. + + .. _amalgamation: The Amalgamation Build @@ -250,7 +263,6 @@ It may be useful to run multiple builds with different configurations. Specify ``--build-dir=<dir>`` to set up a build environment in a different directory. - .. _configure_with_python3: Configuring the Build With Python 3.1 diff --git a/doc/faq.txt b/doc/faq.txt index 4ff5457bb..9658621fe 100644 --- a/doc/faq.txt +++ b/doc/faq.txt @@ -159,7 +159,7 @@ You can do any combination of: * Contact the current lead maintainer personally; currently `Jack Lloyd <http://www.randombit.net>`_ - (`personal PGP key` <http://www.randombit.net/pgpgkey.html`_) + (`personal PGP key <http://www.randombit.net/pgpgkey.html>`_) * Email the `development list <http://lists.randombit.net/mailman/listinfo/botan-devel>`_ @@ -185,9 +185,8 @@ Will it work on my platform XYZ?? ---------------------------------------- The most common stumbling block is a compiler that is buggy or can't -handle modern C++ (specifically, C++98). Check out the `build list -<http://botan.randombit.net/builds.html>`_ for a sense of which -platforms are actively being tested. +handle modern C++ (specifically, C++98). Check out the :doc:`build log +<build_log>` for a sense of which platforms are actively being tested. I'm not feeling this, what can I use instead? ------------------------------------------------------------ diff --git a/doc/log.txt b/doc/log.txt index 696fa4ac9..94c760a8a 100644 --- a/doc/log.txt +++ b/doc/log.txt @@ -10,14 +10,31 @@ Series 1.10 Version 1.10.2, Not Yet Released ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ +* An implementation of SRP-6a compatible with the specification in + RFC 5054 is now available in srp6.h + * The exception catching syntax of configure.py has been changed to the Python 3.x syntax. This syntax also works with Python 2.6 and 2.7, but not with any earlier Python 2 release. A simple search and replace will allow running it under Python 2.5:: perl -pi -e 's/except (.*) as (.*):/except $1, $2:/g' configure.py +* If clock_gettime is available on the system, poll all available + clock types in the hres_timer poll. + * Add AltiVec detection for IBM POWER7 processors. +* Add AltiVec detection for OpenBSD, contributed by Brad Smith (PR 162) + +* Add Google's Native Client as an compile target + +* If targetting GCC on a Windows system, configure.py will warn that + likely you wanted to configure for either MinGW or Cygwin, not the + generic Windows target which is oriented to Win32 plus the Visual + C++ runtime. + +* Fixed a compilation problem of the dynamic loader hooks under MinGW GCC + * Don't set a soname on OpenBSD, as it doesn't support it (PR 158) * Fix a configure.py incompatability with the subprocess module diff --git a/doc/users.txt b/doc/users.txt index 4c743b137..a48d9e60b 100644 --- a/doc/users.txt +++ b/doc/users.txt @@ -28,6 +28,9 @@ Open Source Software crypto provider <http://websvn.kde.org/trunk/kdesupport/qca/src/botantools/botan/>`_. +* `TCHead <http://16s.us/TCHead/>`_ is a utility for analyzing + TrueCrypt volume headers. + * `Octopod <http://code.google.com/p/octopod/>`_ is a file sharing system. diff --git a/readme.txt b/readme.txt index eea551afe..f7bc55f61 100644 --- a/readme.txt +++ b/readme.txt @@ -1,4 +1,4 @@ -Botan 1.10.1, 2011-07-11 +Botan 1.10.2, ????-??-?? http://botan.randombit.net/ Botan is a C++ class library for performing a wide variety of @@ -8,8 +8,8 @@ Bugzilla (http://bugs.randombit.net/) or by sending a report to the botan-devel mailing list. More information about the mailing list is at http://lists.randombit.net/mailman/listinfo/botan-devel/ -You can find documentation online at http://botan.randombit.net/docs -and http://botan.randombit.net/doxygen. A set of example programs can -be found in the directory doc/examples. +You can find documentation online at http://botan.randombit.net/ as +well as in the doc directory in the distribution. Several examples can +be found in doc/examples as well. Jack Lloyd ([email protected]) diff --git a/src/build-data/arch/x86_64.txt b/src/build-data/arch/x86_64.txt index 97b84fbde..922daa104 100644 --- a/src/build-data/arch/x86_64.txt +++ b/src/build-data/arch/x86_64.txt @@ -13,11 +13,12 @@ x64 <submodels> k8 k10 +atom nocona core2 nehalem westmere -atom +sandybridge </submodels> <submodel_aliases> @@ -37,6 +38,6 @@ corei7cpu860 -> nehalem <isa_extn> sse2:all -ssse3:core2,nehalem,westmere,atom -aes-ni:westmere +ssse3:core2,nehalem,westmere,atom,sandybridge +aes-ni:westmere,sandybridge </isa_extn> diff --git a/src/build-data/cc/clang.txt b/src/build-data/cc/clang.txt index c8867ba93..8860a30ba 100644 --- a/src/build-data/cc/clang.txt +++ b/src/build-data/cc/clang.txt @@ -31,7 +31,8 @@ default -> "$(CXX) -shared -fPIC -Wl,-soname,$(SONAME)" <mach_opt> x86_64 -> "-march=SUBMODEL" -nehalem -> "-march=core2 -mssse3 -msse4.1" +nehalem -> "-march=corei7" +westmere -> "-march=corei7 -maes" </mach_opt> <mach_abi_linking> diff --git a/src/build-data/cc/gcc.txt b/src/build-data/cc/gcc.txt index dbf892dcf..be1830bb8 100644 --- a/src/build-data/cc/gcc.txt +++ b/src/build-data/cc/gcc.txt @@ -45,25 +45,27 @@ i386 -> "-mtune=generic -momit-leaf-frame-pointer" i486 -> "-mtune=generic -momit-leaf-frame-pointer" i586 -> "-mtune=generic -momit-leaf-frame-pointer" +# Translate to GCC-speak +nehalem -> "-march=corei7 -momit-leaf-frame-pointer" +westmere -> "-march=corei7 -maes -momit-leaf-frame-pointer" +sandybridge -> "-march=corei7-avx -momit-leaf-frame-pointer" +atom32 -> "-march=atom -momit-leaf-frame-pointer" + ppc601 -> "-mpowerpc -mcpu=601" cellppu -> "-mcpu=cell" e500v2 -> "-mcpu=8548" -atom32 -> "-march=atom -momit-leaf-frame-pointer" +# No scheduler in GCC for anything after EV67 alpha-ev68 -> "-mcpu=ev67" alpha-ev7 -> "-mcpu=ev67" # The patch from Debian bug 594159 has this, don't know why though... sh4 -> "-m4 -mieee" +# Default family options (SUBMODEL is substitued with the actual +# submodel name). Anything after the quotes is what should be +# *removed* from the submodel name before it's put into SUBMODEL. -# Until GCC gets -march support for these models -nehalem -> "-march=core2 -msse4.1 -msse4.2 -momit-leaf-frame-pointer" -westmere -> "-march=core2 -maes -msse4.1 -msse4.2 -momit-leaf-frame-pointer" - -# Default family options (SUBMODEL is substitued with the real submodel) -# Anything after the quotes is what should be *removed* from the submodel name -# before it's put into SUBMODEL. alpha -> "-mcpu=SUBMODEL" alpha- arm -> "-march=SUBMODEL" superh -> "-mSUBMODEL" sh diff --git a/src/build-data/os/mingw.txt b/src/build-data/os/mingw.txt index 5daabac90..1268298cb 100644 --- a/src/build-data/os/mingw.txt +++ b/src/build-data/os/mingw.txt @@ -20,6 +20,7 @@ mingw32 </aliases> <target_features> +loadlibrary win32_virtual_lock win32_get_systemtime </target_features> diff --git a/src/build-data/os/nacl.txt b/src/build-data/os/nacl.txt new file mode 100644 index 000000000..3df798ed8 --- /dev/null +++ b/src/build-data/os/nacl.txt @@ -0,0 +1,4 @@ + +<target_features> +gettimeofday +</target_features> diff --git a/src/constructs/srp6/info.txt b/src/constructs/srp6/info.txt new file mode 100644 index 000000000..7962bd383 --- /dev/null +++ b/src/constructs/srp6/info.txt @@ -0,0 +1,7 @@ +define SRP6 + +<requires> +bigint +hash +dl_group +</requires> diff --git a/src/constructs/srp6/srp6.cpp b/src/constructs/srp6/srp6.cpp new file mode 100644 index 000000000..995244688 --- /dev/null +++ b/src/constructs/srp6/srp6.cpp @@ -0,0 +1,177 @@ +/* +* SRP-6a +* (C) 2011 Jack Lloyd +* +* Distributed under the terms of the Botan license +*/ + +#include <botan/srp6.h> +#include <botan/dl_group.h> +#include <botan/libstate.h> +#include <botan/numthry.h> +#include <memory> + +namespace Botan { + +namespace { + +BigInt hash_seq(const std::string& hash_id, + size_t pad_to, + const BigInt& in1, + const BigInt& in2) + { + std::auto_ptr<HashFunction> hash_fn( + global_state().algorithm_factory().make_hash_function(hash_id)); + + hash_fn->update(BigInt::encode_1363(in1, pad_to)); + hash_fn->update(BigInt::encode_1363(in2, pad_to)); + + return BigInt::decode(hash_fn->final()); + } + +BigInt hash_seq(const std::string& hash_id, + size_t pad_to, + const BigInt& in1, + const BigInt& in2, + const BigInt& in3) + { + std::auto_ptr<HashFunction> hash_fn( + global_state().algorithm_factory().make_hash_function(hash_id)); + + hash_fn->update(BigInt::encode_1363(in1, pad_to)); + hash_fn->update(BigInt::encode_1363(in2, pad_to)); + hash_fn->update(BigInt::encode_1363(in3, pad_to)); + + return BigInt::decode(hash_fn->final()); + } + +BigInt compute_x(const std::string& hash_id, + const std::string& identifier, + const std::string& password, + const MemoryRegion<byte>& salt) + { + std::auto_ptr<HashFunction> hash_fn( + global_state().algorithm_factory().make_hash_function(hash_id)); + + hash_fn->update(identifier); + hash_fn->update(":"); + hash_fn->update(password); + + SecureVector<byte> inner_h = hash_fn->final(); + + hash_fn->update(salt); + hash_fn->update(inner_h); + + SecureVector<byte> outer_h = hash_fn->final(); + + return BigInt::decode(outer_h); + } + +} + +std::pair<BigInt, BigInt> +SRP6_Client_Session:: step1(const std::string& identifier, + const std::string& password, + const std::string& group_id, + const std::string& hash_id, + const MemoryRegion<byte>& salt, + const BigInt& B, + RandomNumberGenerator& rng) + { + DL_Group group(group_id); + const BigInt& g = group.get_g(); + const BigInt& p = group.get_p(); + + p_bytes = group.get_p().bytes(); + + if(B % p == 0) + throw std::runtime_error("Invalid SRP parameter from server"); + + BigInt k = hash_seq(hash_id, p_bytes, p, g); + + BigInt a(rng, p.bits() - 1); + + A = power_mod(g, a, p); + + BigInt u = hash_seq(hash_id, p_bytes, A, B); + + const BigInt x = compute_x(hash_id, identifier, password, salt); + + S = power_mod((B - (k * power_mod(g, x, p))) % p, (a + (u * x)), p); + + this->hash_id = hash_id; + + M1 = hash_seq(hash_id, p_bytes, A, B, S); + + return std::make_pair<BigInt, BigInt>(A, M1); + } + +SymmetricKey SRP6_Client_Session::step2(const BigInt& M2) + { + BigInt M2x = hash_seq(hash_id, p_bytes, A, M1, S); + + if(M2 != M2x) + throw std::runtime_error("Bad verification value from server"); + + return SymmetricKey(BigInt::encode_1363(S, p_bytes)); + } + +BigInt SRP6_Client_Session::generate_verifier(const std::string& identifier, + const std::string& password, + const MemoryRegion<byte>& salt, + const std::string& group_id, + const std::string& hash_id) + { + const BigInt x = compute_x(hash_id, identifier, password, salt); + + DL_Group group(group_id); + return power_mod(group.get_g(), x, group.get_p()); + } + +BigInt SRP6_Server_Session::step1(const BigInt& v, + const std::string& group_id, + const std::string& hash_id, + RandomNumberGenerator& rng) + { + DL_Group group(group_id); + const BigInt& g = group.get_g(); + const BigInt& p = group.get_p(); + + p_bytes = p.bytes(); + + BigInt k = hash_seq(hash_id, p_bytes, p, g); + + BigInt b(rng, p.bits() - 1); + + B = (v*k + power_mod(g, b, p)) % p; + + this->v = v; + this->b = b; + this->p = p; + this->hash_id = hash_id; + + return B; + } + +std::pair<SymmetricKey, BigInt> SRP6_Server_Session::step2(const BigInt& A, const BigInt& M1) + { + if(A % p == 0) + throw std::runtime_error("Invalid SRP parameter from client"); + + BigInt u = hash_seq(hash_id, p_bytes, A, B); + + BigInt S = power_mod(A * power_mod(v, u, p), b, p); + + BigInt M1x = hash_seq(hash_id, p_bytes, A, B, S); + + if(M1 != M1x) + throw std::runtime_error("Bad verification value from client"); + + BigInt M2 = hash_seq(hash_id, p_bytes, A, M1, S); + + SymmetricKey Sk = BigInt::encode_1363(S, p_bytes); + + return std::make_pair<SymmetricKey, BigInt>(Sk, M2); + } + +} diff --git a/src/constructs/srp6/srp6.h b/src/constructs/srp6/srp6.h new file mode 100644 index 000000000..fbb4a686d --- /dev/null +++ b/src/constructs/srp6/srp6.h @@ -0,0 +1,94 @@ +/* +* SRP-6a (RFC 5054 compatatible) +* (C) 2011 Jack Lloyd +* +* Distributed under the terms of the Botan license +*/ + +#ifndef BOTAN_RFC5054_SRP6_H__ +#define BOTAN_RFC5054_SRP6_H__ + +#include <botan/bigint.h> +#include <botan/hash.h> +#include <botan/rng.h> +#include <botan/symkey.h> +#include <string> + +namespace Botan { + +/** + +*/ +class BOTAN_DLL SRP6_Client_Session + { + public: + + /** + * Client side step 1 + * @param username the username we are attempting login for + * @param password the password we are attempting to use + * @param group_id specifies the shared SRP group + * @param hash_id specifies a secure hash function + * @param salt is the salt value sent by the server + * @param B is the server's public value + * @param rng is a random number generator + * + * @return (A,M1) the client public key and verification values, + which are sent to the server + */ + std::pair<BigInt, BigInt> step1(const std::string& username, + const std::string& password, + const std::string& group_id, + const std::string& hash_id, + const MemoryRegion<byte>& salt, + const BigInt& B, + RandomNumberGenerator& rng); + + /** + * Client side step 2 + * @param M2 the server verification value + * @return shared secret key + */ + SymmetricKey step2(const BigInt& M2); + + /** + * Generate a new SRP-6 verifier + * @param identifier a username or other client identifier + * @param password the secret used to authenticate user + * @param salt a randomly chosen value, at least 128 bits long + */ + static BigInt generate_verifier(const std::string& identifier, + const std::string& password, + const MemoryRegion<byte>& salt, + const std::string& group_id, + const std::string& hash_id); + + private: + std::string hash_id; + BigInt A, M1, S; + size_t p_bytes; + }; + +class BOTAN_DLL SRP6_Server_Session + { + public: + /** + * Server side step 1 + * @param v the verification value saved from client registration + */ + BigInt step1(const BigInt& v, + const std::string& group_id, + const std::string& hash_id, + RandomNumberGenerator& rng); + + std::pair<SymmetricKey, BigInt> step2(const BigInt& A, const BigInt& M1); + + private: + std::string hash_id; + BigInt B, b, v, S, p; + size_t p_bytes; + }; + +} + +#endif diff --git a/src/engine/core_engine/core_modes.cpp b/src/engine/core_engine/core_modes.cpp index 035cd41c7..8a929e880 100644 --- a/src/engine/core_engine/core_modes.cpp +++ b/src/engine/core_engine/core_modes.cpp @@ -1,6 +1,6 @@ /* * Core Engine -* (C) 1999-2007 Jack Lloyd +* (C) 1999-2007,2011 Jack Lloyd * * Distributed under the terms of the Botan license */ @@ -179,8 +179,8 @@ Keyed_Filter* get_cipher_mode(const BlockCipher* block_cipher, * Get a cipher object */ Keyed_Filter* Core_Engine::get_cipher(const std::string& algo_spec, - Cipher_Dir direction, - Algorithm_Factory& af) + Cipher_Dir direction, + Algorithm_Factory& af) { std::vector<std::string> algo_parts = split_on(algo_spec, '/'); if(algo_parts.empty()) @@ -197,8 +197,12 @@ Keyed_Filter* Core_Engine::get_cipher(const std::string& algo_spec, if(!block_cipher) return 0; - if(algo_parts.size() != 2 && algo_parts.size() != 3) - return 0; + if(algo_parts.size() >= 4) + return 0; // 4 part mode, not something we know about + + if(algo_parts.size() < 2) + throw Lookup_Error("Cipher specification '" + algo_spec + + "' is missing mode identifier"); std::string mode = algo_parts[1]; diff --git a/src/entropy/hres_timer/hres_timer.cpp b/src/entropy/hres_timer/hres_timer.cpp index a10cdaf46..c6b31d996 100644 --- a/src/entropy/hres_timer/hres_timer.cpp +++ b/src/entropy/hres_timer/hres_timer.cpp @@ -1,6 +1,6 @@ /* * High Resolution Timestamp Entropy Source -* (C) 1999-2009 Jack Lloyd +* (C) 1999-2009,2011 Jack Lloyd * * Distributed under the terms of the Botan license */ @@ -20,9 +20,44 @@ namespace Botan { void High_Resolution_Timestamp::poll(Entropy_Accumulator& accum) { #if defined(BOTAN_TARGET_OS_HAS_QUERY_PERF_COUNTER) + { LARGE_INTEGER tv; ::QueryPerformanceCounter(&tv); accum.add(tv.QuadPart, 0); + } +#endif + +#if defined(BOTAN_TARGET_OS_HAS_CLOCK_GETTIME) + +#define CLOCK_POLL(src) \ + do { \ + struct timespec ts; \ + clock_gettime(src, &ts); \ + accum.add(&ts, sizeof(ts), 0); \ + } while(0) + +#if defined(CLOCK_REALTIME) + CLOCK_POLL(CLOCK_REALTIME); +#endif + +#if defined(CLOCK_MONOTONIC) + CLOCK_POLL(CLOCK_MONOTONIC); +#endif + +#if defined(CLOCK_MONOTONIC_RAW) + CLOCK_POLL(CLOCK_MONOTONIC_RAW); +#endif + +#if defined(CLOCK_PROCESS_CPUTIME_ID) + CLOCK_POLL(CLOCK_PROCESS_CPUTIME_ID); +#endif + +#if defined(CLOCK_THREAD_CPUTIME_ID) + CLOCK_POLL(CLOCK_THREAD_CPUTIME_ID); +#endif + +#undef CLOCK_POLL + #endif #if BOTAN_USE_GCC_INLINE_ASM diff --git a/src/entropy/hres_timer/hres_timer.h b/src/entropy/hres_timer/hres_timer.h index c693b8d4e..8b95c8308 100644 --- a/src/entropy/hres_timer/hres_timer.h +++ b/src/entropy/hres_timer/hres_timer.h @@ -14,6 +14,9 @@ namespace Botan { /** * Entropy source using high resolution timers +* +* @note Any results from timers are marked as not contributing entropy +* to the poll, as a local attacker could observe them directly. */ class High_Resolution_Timestamp : public EntropySource { diff --git a/src/filters/buf_filt.cpp b/src/filters/buf_filt.cpp index b332d74b8..ca3fa9a3c 100644 --- a/src/filters/buf_filt.cpp +++ b/src/filters/buf_filt.cpp @@ -82,7 +82,7 @@ void Buffered_Filter::write(const byte input[], size_t input_size) void Buffered_Filter::end_msg() { if(buffer_pos < final_minimum) - throw std::runtime_error("Buffered_Operation::final - not enough input"); + throw std::runtime_error("Buffered filter end_msg without enough input"); size_t spare_blocks = (buffer_pos - final_minimum) / main_block_mod; diff --git a/src/libstate/policy.cpp b/src/libstate/policy.cpp index 05ca6f807..f91eed1d8 100644 --- a/src/libstate/policy.cpp +++ b/src/libstate/policy.cpp @@ -302,6 +302,16 @@ void set_default_dl_groups(Library_State& config) "Nf2tRM/S10+SCL4lj/MklDMo9nMpwP//////////" "-----END X942 DH PARAMETERS-----"); + config.set("dl", "modp/srp/1024", + "-----BEGIN X942 DH PARAMETERS-----" + "MIIBCgKBgQDurwq5rbON1pwz+Ar6j8XoYHJhh3X/PAueojFMnCVldtZ033SW6oHT" + "ODtIE9aSxuDg1djiULmL5I5JXB1gidrRXcfXtGFU1rbOjvStabFdSYJVmyl7zxiF" + "xSn1ZmYOV+xo7bw8BXJswC/Uy/SXbqqa/VE4/oN2Q1ufxh0vwOsG4wIBAgKBgHdX" + "hVzW2cbrThn8BX1H4vQwOTDDuv+eBc9RGKZOErK7azpvukt1QOmcHaQJ60ljcHBq" + "7HEoXMXyRySuDrBE7Wiu4+vaMKprW2dHela02K6kwSrNlL3njELilPqzMwcr9jR2" + "3h4CuTZgF+pl+ku3VU1+qJx/Qbshrc/jDpfgdYNx" + "-----END X942 DH PARAMETERS-----"); + config.set("dl", "modp/ietf/1536", "-----BEGIN X942 DH PARAMETERS-----" "MIIBigKBwQD//////////8kP2qIhaMI0xMZii4DcHNEpAk4IimfMdAILvqY7E5si" @@ -330,6 +340,21 @@ void set_default_dl_groups(Library_State& config) "2uKu+DemKWTvFeX7SqwLjBzKpL51SrVyiukTDEx9AogKuUctRVZVNH//////////" "-----END X942 DH PARAMETERS-----"); + config.set("dl", "modp/srp/2048", + "-----BEGIN X942 DH PARAMETERS-----" + "MIICDAKCAQEArGvbQTJKmpvxZt5eE4lYL69ytmUZh+4H/DGSlD21YFCjcynLtKCZ" + "7YGT4HV3Z6E91SMSq0sDMQ3Nf0ip2gT9UOgIOWntt2ewz2CVF5oWOrNmGgX71fqq" + "6CkYqZYvC5O4Vfl5k+yXXuqoDXQK2/T/dHNZ0EHVwz6nHSgeRGsUdzvKl7Q6I/uA" + "Fna9IHpDbGSB8dK5B4cXRhpbnTLmiPh3SFRFI7UksNV9Xqd6J3XS7PoDLPvb9S+z" + "eGFgJ5AE5Xrmr4dOcwPOUymczAQce8MI2CpWmPOo0MOCca41+Onb+7aUtcgD2J96" + "5DXeI21SX1R1m2XjcvzWjvIPpxEfnkr/cwIBAgKCAQBWNe2gmSVNTfizby8JxKwX" + "17lbMozD9wP+GMlKHtqwKFG5lOXaUEz2wMnwOruz0J7qkYlVpYGYhua/pFTtAn6o" + "dAQctPbbs9hnsEqLzQsdWbMNAv3q/VV0FIxUyxeFydwq/LzJ9kuvdVQGugVt+n+6" + "OazoIOrhn1OOlA8iNYo7neVL2h0R/cALO16QPSG2MkD46VyDw4ujDS3OmXNEfDuk" + "KiKR2pJYar6vU70Tuul2fQGWfe36l9m8MLATyAJyvXNXw6c5gecplM5mAg494YRs" + "FStMedRoYcE41xr8dO3920pa5AHsT71yGu8RtqkvqjrNsvG5fmtHeQfTiI/PJX+5" + "-----END X942 DH PARAMETERS-----"); + config.set("dl", "modp/ietf/3072", "-----BEGIN X942 DH PARAMETERS-----" "MIIDDAKCAYEA///////////JD9qiIWjCNMTGYouA3BzRKQJOCIpnzHQCC76mOxOb" diff --git a/src/math/mp/mp_comba.cpp b/src/math/mp/mp_comba.cpp index 2770d3f0a..99dcda176 100644 --- a/src/math/mp/mp_comba.cpp +++ b/src/math/mp/mp_comba.cpp @@ -1,6 +1,6 @@ /* * Comba Multiplication and Squaring -* (C) 1999-2007 Jack Lloyd +* (C) 1999-2007,2011 Jack Lloyd * * Distributed under the terms of the Botan license */ @@ -19,30 +19,30 @@ void bigint_comba_sqr4(word z[8], const word x[4]) { word w2 = 0, w1 = 0, w0 = 0; - word3_muladd(&w2, &w1, &w0, x[0], x[0]); - z[0] = w0; w0 = w1; w1 = w2; w2 = 0; + word3_muladd(&w2, &w1, &w0, x[ 0], x[ 0]); + z[ 0] = w0; w0 = 0; - word3_muladd_2(&w2, &w1, &w0, x[0], x[1]); - z[1] = w0; w0 = w1; w1 = w2; w2 = 0; + word3_muladd_2(&w0, &w2, &w1, x[ 0], x[ 1]); + z[ 1] = w1; w1 = 0; - word3_muladd_2(&w2, &w1, &w0, x[0], x[2]); - word3_muladd(&w2, &w1, &w0, x[1], x[1]); - z[2] = w0; w0 = w1; w1 = w2; w2 = 0; + word3_muladd_2(&w1, &w0, &w2, x[ 0], x[ 2]); + word3_muladd(&w1, &w0, &w2, x[ 1], x[ 1]); + z[ 2] = w2; w2 = 0; - word3_muladd_2(&w2, &w1, &w0, x[0], x[3]); - word3_muladd_2(&w2, &w1, &w0, x[1], x[2]); - z[3] = w0; w0 = w1; w1 = w2; w2 = 0; + word3_muladd_2(&w2, &w1, &w0, x[ 0], x[ 3]); + word3_muladd_2(&w2, &w1, &w0, x[ 1], x[ 2]); + z[ 3] = w0; w0 = 0; - word3_muladd_2(&w2, &w1, &w0, x[1], x[3]); - word3_muladd(&w2, &w1, &w0, x[2], x[2]); - z[4] = w0; w0 = w1; w1 = w2; w2 = 0; + word3_muladd_2(&w0, &w2, &w1, x[ 1], x[ 3]); + word3_muladd(&w0, &w2, &w1, x[ 2], x[ 2]); + z[ 4] = w1; w1 = 0; - word3_muladd_2(&w2, &w1, &w0, x[2], x[3]); - z[5] = w0; w0 = w1; w1 = w2; w2 = 0; + word3_muladd_2(&w1, &w0, &w2, x[ 2], x[ 3]); + z[ 5] = w2; w2 = 0; - word3_muladd(&w2, &w1, &w0, x[3], x[3]); - z[6] = w0; - z[7] = w1; + word3_muladd(&w2, &w1, &w0, x[ 3], x[ 3]); + z[ 6] = w0; + z[ 7] = w1; } /* @@ -52,36 +52,36 @@ void bigint_comba_mul4(word z[8], const word x[4], const word y[4]) { word w2 = 0, w1 = 0, w0 = 0; - word3_muladd(&w2, &w1, &w0, x[0], y[0]); - z[0] = w0; w0 = w1; w1 = w2; w2 = 0; + word3_muladd(&w2, &w1, &w0, x[ 0], y[ 0]); + z[ 0] = w0; w0 = 0; - word3_muladd(&w2, &w1, &w0, x[0], y[1]); - word3_muladd(&w2, &w1, &w0, x[1], y[0]); - z[1] = w0; w0 = w1; w1 = w2; w2 = 0; + word3_muladd(&w0, &w2, &w1, x[ 0], y[ 1]); + word3_muladd(&w0, &w2, &w1, x[ 1], y[ 0]); + z[ 1] = w1; w1 = 0; - word3_muladd(&w2, &w1, &w0, x[0], y[2]); - word3_muladd(&w2, &w1, &w0, x[1], y[1]); - word3_muladd(&w2, &w1, &w0, x[2], y[0]); - z[2] = w0; w0 = w1; w1 = w2; w2 = 0; + word3_muladd(&w1, &w0, &w2, x[ 0], y[ 2]); + word3_muladd(&w1, &w0, &w2, x[ 1], y[ 1]); + word3_muladd(&w1, &w0, &w2, x[ 2], y[ 0]); + z[ 2] = w2; w2 = 0; - word3_muladd(&w2, &w1, &w0, x[0], y[3]); - word3_muladd(&w2, &w1, &w0, x[1], y[2]); - word3_muladd(&w2, &w1, &w0, x[2], y[1]); - word3_muladd(&w2, &w1, &w0, x[3], y[0]); - z[3] = w0; w0 = w1; w1 = w2; w2 = 0; + word3_muladd(&w2, &w1, &w0, x[ 0], y[ 3]); + word3_muladd(&w2, &w1, &w0, x[ 1], y[ 2]); + word3_muladd(&w2, &w1, &w0, x[ 2], y[ 1]); + word3_muladd(&w2, &w1, &w0, x[ 3], y[ 0]); + z[ 3] = w0; w0 = 0; - word3_muladd(&w2, &w1, &w0, x[1], y[3]); - word3_muladd(&w2, &w1, &w0, x[2], y[2]); - word3_muladd(&w2, &w1, &w0, x[3], y[1]); - z[4] = w0; w0 = w1; w1 = w2; w2 = 0; + word3_muladd(&w0, &w2, &w1, x[ 1], y[ 3]); + word3_muladd(&w0, &w2, &w1, x[ 2], y[ 2]); + word3_muladd(&w0, &w2, &w1, x[ 3], y[ 1]); + z[ 4] = w1; w1 = 0; - word3_muladd(&w2, &w1, &w0, x[2], y[3]); - word3_muladd(&w2, &w1, &w0, x[3], y[2]); - z[5] = w0; w0 = w1; w1 = w2; w2 = 0; + word3_muladd(&w1, &w0, &w2, x[ 2], y[ 3]); + word3_muladd(&w1, &w0, &w2, x[ 3], y[ 2]); + z[ 5] = w2; w2 = 0; - word3_muladd(&w2, &w1, &w0, x[3], y[3]); - z[6] = w0; - z[7] = w1; + word3_muladd(&w2, &w1, &w0, x[ 3], y[ 3]); + z[ 6] = w0; + z[ 7] = w1; } /* @@ -91,49 +91,49 @@ void bigint_comba_sqr6(word z[12], const word x[6]) { word w2 = 0, w1 = 0, w0 = 0; - word3_muladd(&w2, &w1, &w0, x[0], x[0]); - z[0] = w0; w0 = w1; w1 = w2; w2 = 0; + word3_muladd(&w2, &w1, &w0, x[ 0], x[ 0]); + z[ 0] = w0; w0 = 0; - word3_muladd_2(&w2, &w1, &w0, x[0], x[1]); - z[1] = w0; w0 = w1; w1 = w2; w2 = 0; + word3_muladd_2(&w0, &w2, &w1, x[ 0], x[ 1]); + z[ 1] = w1; w1 = 0; - word3_muladd_2(&w2, &w1, &w0, x[0], x[2]); - word3_muladd(&w2, &w1, &w0, x[1], x[1]); - z[2] = w0; w0 = w1; w1 = w2; w2 = 0; + word3_muladd_2(&w1, &w0, &w2, x[ 0], x[ 2]); + word3_muladd(&w1, &w0, &w2, x[ 1], x[ 1]); + z[ 2] = w2; w2 = 0; - word3_muladd_2(&w2, &w1, &w0, x[0], x[3]); - word3_muladd_2(&w2, &w1, &w0, x[1], x[2]); - z[3] = w0; w0 = w1; w1 = w2; w2 = 0; + word3_muladd_2(&w2, &w1, &w0, x[ 0], x[ 3]); + word3_muladd_2(&w2, &w1, &w0, x[ 1], x[ 2]); + z[ 3] = w0; w0 = 0; - word3_muladd_2(&w2, &w1, &w0, x[0], x[4]); - word3_muladd_2(&w2, &w1, &w0, x[1], x[3]); - word3_muladd(&w2, &w1, &w0, x[2], x[2]); - z[4] = w0; w0 = w1; w1 = w2; w2 = 0; + word3_muladd_2(&w0, &w2, &w1, x[ 0], x[ 4]); + word3_muladd_2(&w0, &w2, &w1, x[ 1], x[ 3]); + word3_muladd(&w0, &w2, &w1, x[ 2], x[ 2]); + z[ 4] = w1; w1 = 0; - word3_muladd_2(&w2, &w1, &w0, x[0], x[5]); - word3_muladd_2(&w2, &w1, &w0, x[1], x[4]); - word3_muladd_2(&w2, &w1, &w0, x[2], x[3]); - z[5] = w0; w0 = w1; w1 = w2; w2 = 0; + word3_muladd_2(&w1, &w0, &w2, x[ 0], x[ 5]); + word3_muladd_2(&w1, &w0, &w2, x[ 1], x[ 4]); + word3_muladd_2(&w1, &w0, &w2, x[ 2], x[ 3]); + z[ 5] = w2; w2 = 0; - word3_muladd_2(&w2, &w1, &w0, x[1], x[5]); - word3_muladd_2(&w2, &w1, &w0, x[2], x[4]); - word3_muladd(&w2, &w1, &w0, x[3], x[3]); - z[6] = w0; w0 = w1; w1 = w2; w2 = 0; + word3_muladd_2(&w2, &w1, &w0, x[ 1], x[ 5]); + word3_muladd_2(&w2, &w1, &w0, x[ 2], x[ 4]); + word3_muladd(&w2, &w1, &w0, x[ 3], x[ 3]); + z[ 6] = w0; w0 = 0; - word3_muladd_2(&w2, &w1, &w0, x[2], x[5]); - word3_muladd_2(&w2, &w1, &w0, x[3], x[4]); - z[7] = w0; w0 = w1; w1 = w2; w2 = 0; + word3_muladd_2(&w0, &w2, &w1, x[ 2], x[ 5]); + word3_muladd_2(&w0, &w2, &w1, x[ 3], x[ 4]); + z[ 7] = w1; w1 = 0; - word3_muladd_2(&w2, &w1, &w0, x[3], x[5]); - word3_muladd(&w2, &w1, &w0, x[4], x[4]); - z[8] = w0; w0 = w1; w1 = w2; w2 = 0; + word3_muladd_2(&w1, &w0, &w2, x[ 3], x[ 5]); + word3_muladd(&w1, &w0, &w2, x[ 4], x[ 4]); + z[ 8] = w2; w2 = 0; - word3_muladd_2(&w2, &w1, &w0, x[4], x[5]); - z[9] = w0; w0 = w1; w1 = w2; w2 = 0; + word3_muladd_2(&w2, &w1, &w0, x[ 4], x[ 5]); + z[ 9] = w0; w0 = 0; - word3_muladd(&w2, &w1, &w0, x[5], x[5]); - z[10] = w0; - z[11] = w1; + word3_muladd(&w0, &w2, &w1, x[ 5], x[ 5]); + z[10] = w1; + z[11] = w2; } /* @@ -143,64 +143,64 @@ void bigint_comba_mul6(word z[12], const word x[6], const word y[6]) { word w2 = 0, w1 = 0, w0 = 0; - word3_muladd(&w2, &w1, &w0, x[0], y[0]); - z[0] = w0; w0 = w1; w1 = w2; w2 = 0; - - word3_muladd(&w2, &w1, &w0, x[0], y[1]); - word3_muladd(&w2, &w1, &w0, x[1], y[0]); - z[1] = w0; w0 = w1; w1 = w2; w2 = 0; - - word3_muladd(&w2, &w1, &w0, x[0], y[2]); - word3_muladd(&w2, &w1, &w0, x[1], y[1]); - word3_muladd(&w2, &w1, &w0, x[2], y[0]); - z[2] = w0; w0 = w1; w1 = w2; w2 = 0; - - word3_muladd(&w2, &w1, &w0, x[0], y[3]); - word3_muladd(&w2, &w1, &w0, x[1], y[2]); - word3_muladd(&w2, &w1, &w0, x[2], y[1]); - word3_muladd(&w2, &w1, &w0, x[3], y[0]); - z[3] = w0; w0 = w1; w1 = w2; w2 = 0; - - word3_muladd(&w2, &w1, &w0, x[0], y[4]); - word3_muladd(&w2, &w1, &w0, x[1], y[3]); - word3_muladd(&w2, &w1, &w0, x[2], y[2]); - word3_muladd(&w2, &w1, &w0, x[3], y[1]); - word3_muladd(&w2, &w1, &w0, x[4], y[0]); - z[4] = w0; w0 = w1; w1 = w2; w2 = 0; - - word3_muladd(&w2, &w1, &w0, x[0], y[5]); - word3_muladd(&w2, &w1, &w0, x[1], y[4]); - word3_muladd(&w2, &w1, &w0, x[2], y[3]); - word3_muladd(&w2, &w1, &w0, x[3], y[2]); - word3_muladd(&w2, &w1, &w0, x[4], y[1]); - word3_muladd(&w2, &w1, &w0, x[5], y[0]); - z[5] = w0; w0 = w1; w1 = w2; w2 = 0; - - word3_muladd(&w2, &w1, &w0, x[1], y[5]); - word3_muladd(&w2, &w1, &w0, x[2], y[4]); - word3_muladd(&w2, &w1, &w0, x[3], y[3]); - word3_muladd(&w2, &w1, &w0, x[4], y[2]); - word3_muladd(&w2, &w1, &w0, x[5], y[1]); - z[6] = w0; w0 = w1; w1 = w2; w2 = 0; - - word3_muladd(&w2, &w1, &w0, x[2], y[5]); - word3_muladd(&w2, &w1, &w0, x[3], y[4]); - word3_muladd(&w2, &w1, &w0, x[4], y[3]); - word3_muladd(&w2, &w1, &w0, x[5], y[2]); - z[7] = w0; w0 = w1; w1 = w2; w2 = 0; - - word3_muladd(&w2, &w1, &w0, x[3], y[5]); - word3_muladd(&w2, &w1, &w0, x[4], y[4]); - word3_muladd(&w2, &w1, &w0, x[5], y[3]); - z[8] = w0; w0 = w1; w1 = w2; w2 = 0; - - word3_muladd(&w2, &w1, &w0, x[4], y[5]); - word3_muladd(&w2, &w1, &w0, x[5], y[4]); - z[9] = w0; w0 = w1; w1 = w2; w2 = 0; - - word3_muladd(&w2, &w1, &w0, x[5], y[5]); - z[10] = w0; - z[11] = w1; + word3_muladd(&w2, &w1, &w0, x[ 0], y[ 0]); + z[ 0] = w0; w0 = 0; + + word3_muladd(&w0, &w2, &w1, x[ 0], y[ 1]); + word3_muladd(&w0, &w2, &w1, x[ 1], y[ 0]); + z[ 1] = w1; w1 = 0; + + word3_muladd(&w1, &w0, &w2, x[ 0], y[ 2]); + word3_muladd(&w1, &w0, &w2, x[ 1], y[ 1]); + word3_muladd(&w1, &w0, &w2, x[ 2], y[ 0]); + z[ 2] = w2; w2 = 0; + + word3_muladd(&w2, &w1, &w0, x[ 0], y[ 3]); + word3_muladd(&w2, &w1, &w0, x[ 1], y[ 2]); + word3_muladd(&w2, &w1, &w0, x[ 2], y[ 1]); + word3_muladd(&w2, &w1, &w0, x[ 3], y[ 0]); + z[ 3] = w0; w0 = 0; + + word3_muladd(&w0, &w2, &w1, x[ 0], y[ 4]); + word3_muladd(&w0, &w2, &w1, x[ 1], y[ 3]); + word3_muladd(&w0, &w2, &w1, x[ 2], y[ 2]); + word3_muladd(&w0, &w2, &w1, x[ 3], y[ 1]); + word3_muladd(&w0, &w2, &w1, x[ 4], y[ 0]); + z[ 4] = w1; w1 = 0; + + word3_muladd(&w1, &w0, &w2, x[ 0], y[ 5]); + word3_muladd(&w1, &w0, &w2, x[ 1], y[ 4]); + word3_muladd(&w1, &w0, &w2, x[ 2], y[ 3]); + word3_muladd(&w1, &w0, &w2, x[ 3], y[ 2]); + word3_muladd(&w1, &w0, &w2, x[ 4], y[ 1]); + word3_muladd(&w1, &w0, &w2, x[ 5], y[ 0]); + z[ 5] = w2; w2 = 0; + + word3_muladd(&w2, &w1, &w0, x[ 1], y[ 5]); + word3_muladd(&w2, &w1, &w0, x[ 2], y[ 4]); + word3_muladd(&w2, &w1, &w0, x[ 3], y[ 3]); + word3_muladd(&w2, &w1, &w0, x[ 4], y[ 2]); + word3_muladd(&w2, &w1, &w0, x[ 5], y[ 1]); + z[ 6] = w0; w0 = 0; + + word3_muladd(&w0, &w2, &w1, x[ 2], y[ 5]); + word3_muladd(&w0, &w2, &w1, x[ 3], y[ 4]); + word3_muladd(&w0, &w2, &w1, x[ 4], y[ 3]); + word3_muladd(&w0, &w2, &w1, x[ 5], y[ 2]); + z[ 7] = w1; w1 = 0; + + word3_muladd(&w1, &w0, &w2, x[ 3], y[ 5]); + word3_muladd(&w1, &w0, &w2, x[ 4], y[ 4]); + word3_muladd(&w1, &w0, &w2, x[ 5], y[ 3]); + z[ 8] = w2; w2 = 0; + + word3_muladd(&w2, &w1, &w0, x[ 4], y[ 5]); + word3_muladd(&w2, &w1, &w0, x[ 5], y[ 4]); + z[ 9] = w0; w0 = 0; + + word3_muladd(&w0, &w2, &w1, x[ 5], y[ 5]); + z[10] = w1; + z[11] = w2; } /* @@ -210,72 +210,72 @@ void bigint_comba_sqr8(word z[16], const word x[8]) { word w2 = 0, w1 = 0, w0 = 0; - word3_muladd(&w2, &w1, &w0, x[0], x[0]); - z[0] = w0; w0 = w1; w1 = w2; w2 = 0; - - word3_muladd_2(&w2, &w1, &w0, x[0], x[1]); - z[1] = w0; w0 = w1; w1 = w2; w2 = 0; - - word3_muladd_2(&w2, &w1, &w0, x[0], x[2]); - word3_muladd(&w2, &w1, &w0, x[1], x[1]); - z[2] = w0; w0 = w1; w1 = w2; w2 = 0; - - word3_muladd_2(&w2, &w1, &w0, x[0], x[3]); - word3_muladd_2(&w2, &w1, &w0, x[1], x[2]); - z[3] = w0; w0 = w1; w1 = w2; w2 = 0; - - word3_muladd_2(&w2, &w1, &w0, x[0], x[4]); - word3_muladd_2(&w2, &w1, &w0, x[1], x[3]); - word3_muladd(&w2, &w1, &w0, x[2], x[2]); - z[4] = w0; w0 = w1; w1 = w2; w2 = 0; - - word3_muladd_2(&w2, &w1, &w0, x[0], x[5]); - word3_muladd_2(&w2, &w1, &w0, x[1], x[4]); - word3_muladd_2(&w2, &w1, &w0, x[2], x[3]); - z[5] = w0; w0 = w1; w1 = w2; w2 = 0; - - word3_muladd_2(&w2, &w1, &w0, x[0], x[6]); - word3_muladd_2(&w2, &w1, &w0, x[1], x[5]); - word3_muladd_2(&w2, &w1, &w0, x[2], x[4]); - word3_muladd(&w2, &w1, &w0, x[3], x[3]); - z[6] = w0; w0 = w1; w1 = w2; w2 = 0; - - word3_muladd_2(&w2, &w1, &w0, x[0], x[7]); - word3_muladd_2(&w2, &w1, &w0, x[1], x[6]); - word3_muladd_2(&w2, &w1, &w0, x[2], x[5]); - word3_muladd_2(&w2, &w1, &w0, x[3], x[4]); - z[7] = w0; w0 = w1; w1 = w2; w2 = 0; - - word3_muladd_2(&w2, &w1, &w0, x[1], x[7]); - word3_muladd_2(&w2, &w1, &w0, x[2], x[6]); - word3_muladd_2(&w2, &w1, &w0, x[3], x[5]); - word3_muladd(&w2, &w1, &w0, x[4], x[4]); - z[8] = w0; w0 = w1; w1 = w2; w2 = 0; - - word3_muladd_2(&w2, &w1, &w0, x[2], x[7]); - word3_muladd_2(&w2, &w1, &w0, x[3], x[6]); - word3_muladd_2(&w2, &w1, &w0, x[4], x[5]); - z[9] = w0; w0 = w1; w1 = w2; w2 = 0; - - word3_muladd_2(&w2, &w1, &w0, x[3], x[7]); - word3_muladd_2(&w2, &w1, &w0, x[4], x[6]); - word3_muladd(&w2, &w1, &w0, x[5], x[5]); - z[10] = w0; w0 = w1; w1 = w2; w2 = 0; - - word3_muladd_2(&w2, &w1, &w0, x[4], x[7]); - word3_muladd_2(&w2, &w1, &w0, x[5], x[6]); - z[11] = w0; w0 = w1; w1 = w2; w2 = 0; - - word3_muladd_2(&w2, &w1, &w0, x[5], x[7]); - word3_muladd(&w2, &w1, &w0, x[6], x[6]); - z[12] = w0; w0 = w1; w1 = w2; w2 = 0; - - word3_muladd_2(&w2, &w1, &w0, x[6], x[7]); - z[13] = w0; w0 = w1; w1 = w2; w2 = 0; - - word3_muladd(&w2, &w1, &w0, x[7], x[7]); - z[14] = w0; - z[15] = w1; + word3_muladd(&w2, &w1, &w0, x[ 0], x[ 0]); + z[ 0] = w0; w0 = 0; + + word3_muladd_2(&w0, &w2, &w1, x[ 0], x[ 1]); + z[ 1] = w1; w1 = 0; + + word3_muladd_2(&w1, &w0, &w2, x[ 0], x[ 2]); + word3_muladd(&w1, &w0, &w2, x[ 1], x[ 1]); + z[ 2] = w2; w2 = 0; + + word3_muladd_2(&w2, &w1, &w0, x[ 0], x[ 3]); + word3_muladd_2(&w2, &w1, &w0, x[ 1], x[ 2]); + z[ 3] = w0; w0 = 0; + + word3_muladd_2(&w0, &w2, &w1, x[ 0], x[ 4]); + word3_muladd_2(&w0, &w2, &w1, x[ 1], x[ 3]); + word3_muladd(&w0, &w2, &w1, x[ 2], x[ 2]); + z[ 4] = w1; w1 = 0; + + word3_muladd_2(&w1, &w0, &w2, x[ 0], x[ 5]); + word3_muladd_2(&w1, &w0, &w2, x[ 1], x[ 4]); + word3_muladd_2(&w1, &w0, &w2, x[ 2], x[ 3]); + z[ 5] = w2; w2 = 0; + + word3_muladd_2(&w2, &w1, &w0, x[ 0], x[ 6]); + word3_muladd_2(&w2, &w1, &w0, x[ 1], x[ 5]); + word3_muladd_2(&w2, &w1, &w0, x[ 2], x[ 4]); + word3_muladd(&w2, &w1, &w0, x[ 3], x[ 3]); + z[ 6] = w0; w0 = 0; + + word3_muladd_2(&w0, &w2, &w1, x[ 0], x[ 7]); + word3_muladd_2(&w0, &w2, &w1, x[ 1], x[ 6]); + word3_muladd_2(&w0, &w2, &w1, x[ 2], x[ 5]); + word3_muladd_2(&w0, &w2, &w1, x[ 3], x[ 4]); + z[ 7] = w1; w1 = 0; + + word3_muladd_2(&w1, &w0, &w2, x[ 1], x[ 7]); + word3_muladd_2(&w1, &w0, &w2, x[ 2], x[ 6]); + word3_muladd_2(&w1, &w0, &w2, x[ 3], x[ 5]); + word3_muladd(&w1, &w0, &w2, x[ 4], x[ 4]); + z[ 8] = w2; w2 = 0; + + word3_muladd_2(&w2, &w1, &w0, x[ 2], x[ 7]); + word3_muladd_2(&w2, &w1, &w0, x[ 3], x[ 6]); + word3_muladd_2(&w2, &w1, &w0, x[ 4], x[ 5]); + z[ 9] = w0; w0 = 0; + + word3_muladd_2(&w0, &w2, &w1, x[ 3], x[ 7]); + word3_muladd_2(&w0, &w2, &w1, x[ 4], x[ 6]); + word3_muladd(&w0, &w2, &w1, x[ 5], x[ 5]); + z[10] = w1; w1 = 0; + + word3_muladd_2(&w1, &w0, &w2, x[ 4], x[ 7]); + word3_muladd_2(&w1, &w0, &w2, x[ 5], x[ 6]); + z[11] = w2; w2 = 0; + + word3_muladd_2(&w2, &w1, &w0, x[ 5], x[ 7]); + word3_muladd(&w2, &w1, &w0, x[ 6], x[ 6]); + z[12] = w0; w0 = 0; + + word3_muladd_2(&w0, &w2, &w1, x[ 6], x[ 7]); + z[13] = w1; w1 = 0; + + word3_muladd(&w1, &w0, &w2, x[ 7], x[ 7]); + z[14] = w2; + z[15] = w0; } /* @@ -285,100 +285,100 @@ void bigint_comba_mul8(word z[16], const word x[8], const word y[8]) { word w2 = 0, w1 = 0, w0 = 0; - word3_muladd(&w2, &w1, &w0, x[0], y[0]); - z[0] = w0; w0 = w1; w1 = w2; w2 = 0; - - word3_muladd(&w2, &w1, &w0, x[0], y[1]); - word3_muladd(&w2, &w1, &w0, x[1], y[0]); - z[1] = w0; w0 = w1; w1 = w2; w2 = 0; - - word3_muladd(&w2, &w1, &w0, x[0], y[2]); - word3_muladd(&w2, &w1, &w0, x[1], y[1]); - word3_muladd(&w2, &w1, &w0, x[2], y[0]); - z[2] = w0; w0 = w1; w1 = w2; w2 = 0; - - word3_muladd(&w2, &w1, &w0, x[0], y[3]); - word3_muladd(&w2, &w1, &w0, x[1], y[2]); - word3_muladd(&w2, &w1, &w0, x[2], y[1]); - word3_muladd(&w2, &w1, &w0, x[3], y[0]); - z[3] = w0; w0 = w1; w1 = w2; w2 = 0; - - word3_muladd(&w2, &w1, &w0, x[0], y[4]); - word3_muladd(&w2, &w1, &w0, x[1], y[3]); - word3_muladd(&w2, &w1, &w0, x[2], y[2]); - word3_muladd(&w2, &w1, &w0, x[3], y[1]); - word3_muladd(&w2, &w1, &w0, x[4], y[0]); - z[4] = w0; w0 = w1; w1 = w2; w2 = 0; - - word3_muladd(&w2, &w1, &w0, x[0], y[5]); - word3_muladd(&w2, &w1, &w0, x[1], y[4]); - word3_muladd(&w2, &w1, &w0, x[2], y[3]); - word3_muladd(&w2, &w1, &w0, x[3], y[2]); - word3_muladd(&w2, &w1, &w0, x[4], y[1]); - word3_muladd(&w2, &w1, &w0, x[5], y[0]); - z[5] = w0; w0 = w1; w1 = w2; w2 = 0; - - word3_muladd(&w2, &w1, &w0, x[0], y[6]); - word3_muladd(&w2, &w1, &w0, x[1], y[5]); - word3_muladd(&w2, &w1, &w0, x[2], y[4]); - word3_muladd(&w2, &w1, &w0, x[3], y[3]); - word3_muladd(&w2, &w1, &w0, x[4], y[2]); - word3_muladd(&w2, &w1, &w0, x[5], y[1]); - word3_muladd(&w2, &w1, &w0, x[6], y[0]); - z[6] = w0; w0 = w1; w1 = w2; w2 = 0; - - word3_muladd(&w2, &w1, &w0, x[0], y[7]); - word3_muladd(&w2, &w1, &w0, x[1], y[6]); - word3_muladd(&w2, &w1, &w0, x[2], y[5]); - word3_muladd(&w2, &w1, &w0, x[3], y[4]); - word3_muladd(&w2, &w1, &w0, x[4], y[3]); - word3_muladd(&w2, &w1, &w0, x[5], y[2]); - word3_muladd(&w2, &w1, &w0, x[6], y[1]); - word3_muladd(&w2, &w1, &w0, x[7], y[0]); - z[7] = w0; w0 = w1; w1 = w2; w2 = 0; - - word3_muladd(&w2, &w1, &w0, x[1], y[7]); - word3_muladd(&w2, &w1, &w0, x[2], y[6]); - word3_muladd(&w2, &w1, &w0, x[3], y[5]); - word3_muladd(&w2, &w1, &w0, x[4], y[4]); - word3_muladd(&w2, &w1, &w0, x[5], y[3]); - word3_muladd(&w2, &w1, &w0, x[6], y[2]); - word3_muladd(&w2, &w1, &w0, x[7], y[1]); - z[8] = w0; w0 = w1; w1 = w2; w2 = 0; - - word3_muladd(&w2, &w1, &w0, x[2], y[7]); - word3_muladd(&w2, &w1, &w0, x[3], y[6]); - word3_muladd(&w2, &w1, &w0, x[4], y[5]); - word3_muladd(&w2, &w1, &w0, x[5], y[4]); - word3_muladd(&w2, &w1, &w0, x[6], y[3]); - word3_muladd(&w2, &w1, &w0, x[7], y[2]); - z[9] = w0; w0 = w1; w1 = w2; w2 = 0; - - word3_muladd(&w2, &w1, &w0, x[3], y[7]); - word3_muladd(&w2, &w1, &w0, x[4], y[6]); - word3_muladd(&w2, &w1, &w0, x[5], y[5]); - word3_muladd(&w2, &w1, &w0, x[6], y[4]); - word3_muladd(&w2, &w1, &w0, x[7], y[3]); - z[10] = w0; w0 = w1; w1 = w2; w2 = 0; - - word3_muladd(&w2, &w1, &w0, x[4], y[7]); - word3_muladd(&w2, &w1, &w0, x[5], y[6]); - word3_muladd(&w2, &w1, &w0, x[6], y[5]); - word3_muladd(&w2, &w1, &w0, x[7], y[4]); - z[11] = w0; w0 = w1; w1 = w2; w2 = 0; - - word3_muladd(&w2, &w1, &w0, x[5], y[7]); - word3_muladd(&w2, &w1, &w0, x[6], y[6]); - word3_muladd(&w2, &w1, &w0, x[7], y[5]); - z[12] = w0; w0 = w1; w1 = w2; w2 = 0; - - word3_muladd(&w2, &w1, &w0, x[6], y[7]); - word3_muladd(&w2, &w1, &w0, x[7], y[6]); - z[13] = w0; w0 = w1; w1 = w2; w2 = 0; - - word3_muladd(&w2, &w1, &w0, x[7], y[7]); - z[14] = w0; - z[15] = w1; + word3_muladd(&w2, &w1, &w0, x[ 0], y[ 0]); + z[ 0] = w0; w0 = 0; + + word3_muladd(&w0, &w2, &w1, x[ 0], y[ 1]); + word3_muladd(&w0, &w2, &w1, x[ 1], y[ 0]); + z[ 1] = w1; w1 = 0; + + word3_muladd(&w1, &w0, &w2, x[ 0], y[ 2]); + word3_muladd(&w1, &w0, &w2, x[ 1], y[ 1]); + word3_muladd(&w1, &w0, &w2, x[ 2], y[ 0]); + z[ 2] = w2; w2 = 0; + + word3_muladd(&w2, &w1, &w0, x[ 0], y[ 3]); + word3_muladd(&w2, &w1, &w0, x[ 1], y[ 2]); + word3_muladd(&w2, &w1, &w0, x[ 2], y[ 1]); + word3_muladd(&w2, &w1, &w0, x[ 3], y[ 0]); + z[ 3] = w0; w0 = 0; + + word3_muladd(&w0, &w2, &w1, x[ 0], y[ 4]); + word3_muladd(&w0, &w2, &w1, x[ 1], y[ 3]); + word3_muladd(&w0, &w2, &w1, x[ 2], y[ 2]); + word3_muladd(&w0, &w2, &w1, x[ 3], y[ 1]); + word3_muladd(&w0, &w2, &w1, x[ 4], y[ 0]); + z[ 4] = w1; w1 = 0; + + word3_muladd(&w1, &w0, &w2, x[ 0], y[ 5]); + word3_muladd(&w1, &w0, &w2, x[ 1], y[ 4]); + word3_muladd(&w1, &w0, &w2, x[ 2], y[ 3]); + word3_muladd(&w1, &w0, &w2, x[ 3], y[ 2]); + word3_muladd(&w1, &w0, &w2, x[ 4], y[ 1]); + word3_muladd(&w1, &w0, &w2, x[ 5], y[ 0]); + z[ 5] = w2; w2 = 0; + + word3_muladd(&w2, &w1, &w0, x[ 0], y[ 6]); + word3_muladd(&w2, &w1, &w0, x[ 1], y[ 5]); + word3_muladd(&w2, &w1, &w0, x[ 2], y[ 4]); + word3_muladd(&w2, &w1, &w0, x[ 3], y[ 3]); + word3_muladd(&w2, &w1, &w0, x[ 4], y[ 2]); + word3_muladd(&w2, &w1, &w0, x[ 5], y[ 1]); + word3_muladd(&w2, &w1, &w0, x[ 6], y[ 0]); + z[ 6] = w0; w0 = 0; + + word3_muladd(&w0, &w2, &w1, x[ 0], y[ 7]); + word3_muladd(&w0, &w2, &w1, x[ 1], y[ 6]); + word3_muladd(&w0, &w2, &w1, x[ 2], y[ 5]); + word3_muladd(&w0, &w2, &w1, x[ 3], y[ 4]); + word3_muladd(&w0, &w2, &w1, x[ 4], y[ 3]); + word3_muladd(&w0, &w2, &w1, x[ 5], y[ 2]); + word3_muladd(&w0, &w2, &w1, x[ 6], y[ 1]); + word3_muladd(&w0, &w2, &w1, x[ 7], y[ 0]); + z[ 7] = w1; w1 = 0; + + word3_muladd(&w1, &w0, &w2, x[ 1], y[ 7]); + word3_muladd(&w1, &w0, &w2, x[ 2], y[ 6]); + word3_muladd(&w1, &w0, &w2, x[ 3], y[ 5]); + word3_muladd(&w1, &w0, &w2, x[ 4], y[ 4]); + word3_muladd(&w1, &w0, &w2, x[ 5], y[ 3]); + word3_muladd(&w1, &w0, &w2, x[ 6], y[ 2]); + word3_muladd(&w1, &w0, &w2, x[ 7], y[ 1]); + z[ 8] = w2; w2 = 0; + + word3_muladd(&w2, &w1, &w0, x[ 2], y[ 7]); + word3_muladd(&w2, &w1, &w0, x[ 3], y[ 6]); + word3_muladd(&w2, &w1, &w0, x[ 4], y[ 5]); + word3_muladd(&w2, &w1, &w0, x[ 5], y[ 4]); + word3_muladd(&w2, &w1, &w0, x[ 6], y[ 3]); + word3_muladd(&w2, &w1, &w0, x[ 7], y[ 2]); + z[ 9] = w0; w0 = 0; + + word3_muladd(&w0, &w2, &w1, x[ 3], y[ 7]); + word3_muladd(&w0, &w2, &w1, x[ 4], y[ 6]); + word3_muladd(&w0, &w2, &w1, x[ 5], y[ 5]); + word3_muladd(&w0, &w2, &w1, x[ 6], y[ 4]); + word3_muladd(&w0, &w2, &w1, x[ 7], y[ 3]); + z[10] = w1; w1 = 0; + + word3_muladd(&w1, &w0, &w2, x[ 4], y[ 7]); + word3_muladd(&w1, &w0, &w2, x[ 5], y[ 6]); + word3_muladd(&w1, &w0, &w2, x[ 6], y[ 5]); + word3_muladd(&w1, &w0, &w2, x[ 7], y[ 4]); + z[11] = w2; w2 = 0; + + word3_muladd(&w2, &w1, &w0, x[ 5], y[ 7]); + word3_muladd(&w2, &w1, &w0, x[ 6], y[ 6]); + word3_muladd(&w2, &w1, &w0, x[ 7], y[ 5]); + z[12] = w0; w0 = 0; + + word3_muladd(&w0, &w2, &w1, x[ 6], y[ 7]); + word3_muladd(&w0, &w2, &w1, x[ 7], y[ 6]); + z[13] = w1; w1 = 0; + + word3_muladd(&w1, &w0, &w2, x[ 7], y[ 7]); + z[14] = w2; + z[15] = w0; } /* @@ -389,70 +389,70 @@ void bigint_comba_sqr16(word z[32], const word x[16]) word w2 = 0, w1 = 0, w0 = 0; word3_muladd(&w2, &w1, &w0, x[ 0], x[ 0]); - z[ 0] = w0; w0 = w1; w1 = w2; w2 = 0; + z[ 0] = w0; w0 = 0; - word3_muladd_2(&w2, &w1, &w0, x[ 0], x[ 1]); - z[ 1] = w0; w0 = w1; w1 = w2; w2 = 0; + word3_muladd_2(&w0, &w2, &w1, x[ 0], x[ 1]); + z[ 1] = w1; w1 = 0; - word3_muladd_2(&w2, &w1, &w0, x[ 0], x[ 2]); - word3_muladd(&w2, &w1, &w0, x[ 1], x[ 1]); - z[ 2] = w0; w0 = w1; w1 = w2; w2 = 0; + word3_muladd_2(&w1, &w0, &w2, x[ 0], x[ 2]); + word3_muladd(&w1, &w0, &w2, x[ 1], x[ 1]); + z[ 2] = w2; w2 = 0; word3_muladd_2(&w2, &w1, &w0, x[ 0], x[ 3]); word3_muladd_2(&w2, &w1, &w0, x[ 1], x[ 2]); - z[ 3] = w0; w0 = w1; w1 = w2; w2 = 0; + z[ 3] = w0; w0 = 0; - word3_muladd_2(&w2, &w1, &w0, x[ 0], x[ 4]); - word3_muladd_2(&w2, &w1, &w0, x[ 1], x[ 3]); - word3_muladd(&w2, &w1, &w0, x[ 2], x[ 2]); - z[ 4] = w0; w0 = w1; w1 = w2; w2 = 0; + word3_muladd_2(&w0, &w2, &w1, x[ 0], x[ 4]); + word3_muladd_2(&w0, &w2, &w1, x[ 1], x[ 3]); + word3_muladd(&w0, &w2, &w1, x[ 2], x[ 2]); + z[ 4] = w1; w1 = 0; - word3_muladd_2(&w2, &w1, &w0, x[ 0], x[ 5]); - word3_muladd_2(&w2, &w1, &w0, x[ 1], x[ 4]); - word3_muladd_2(&w2, &w1, &w0, x[ 2], x[ 3]); - z[ 5] = w0; w0 = w1; w1 = w2; w2 = 0; + word3_muladd_2(&w1, &w0, &w2, x[ 0], x[ 5]); + word3_muladd_2(&w1, &w0, &w2, x[ 1], x[ 4]); + word3_muladd_2(&w1, &w0, &w2, x[ 2], x[ 3]); + z[ 5] = w2; w2 = 0; word3_muladd_2(&w2, &w1, &w0, x[ 0], x[ 6]); word3_muladd_2(&w2, &w1, &w0, x[ 1], x[ 5]); word3_muladd_2(&w2, &w1, &w0, x[ 2], x[ 4]); word3_muladd(&w2, &w1, &w0, x[ 3], x[ 3]); - z[ 6] = w0; w0 = w1; w1 = w2; w2 = 0; + z[ 6] = w0; w0 = 0; - word3_muladd_2(&w2, &w1, &w0, x[ 0], x[ 7]); - word3_muladd_2(&w2, &w1, &w0, x[ 1], x[ 6]); - word3_muladd_2(&w2, &w1, &w0, x[ 2], x[ 5]); - word3_muladd_2(&w2, &w1, &w0, x[ 3], x[ 4]); - z[ 7] = w0; w0 = w1; w1 = w2; w2 = 0; + word3_muladd_2(&w0, &w2, &w1, x[ 0], x[ 7]); + word3_muladd_2(&w0, &w2, &w1, x[ 1], x[ 6]); + word3_muladd_2(&w0, &w2, &w1, x[ 2], x[ 5]); + word3_muladd_2(&w0, &w2, &w1, x[ 3], x[ 4]); + z[ 7] = w1; w1 = 0; - word3_muladd_2(&w2, &w1, &w0, x[ 0], x[ 8]); - word3_muladd_2(&w2, &w1, &w0, x[ 1], x[ 7]); - word3_muladd_2(&w2, &w1, &w0, x[ 2], x[ 6]); - word3_muladd_2(&w2, &w1, &w0, x[ 3], x[ 5]); - word3_muladd(&w2, &w1, &w0, x[ 4], x[ 4]); - z[ 8] = w0; w0 = w1; w1 = w2; w2 = 0; + word3_muladd_2(&w1, &w0, &w2, x[ 0], x[ 8]); + word3_muladd_2(&w1, &w0, &w2, x[ 1], x[ 7]); + word3_muladd_2(&w1, &w0, &w2, x[ 2], x[ 6]); + word3_muladd_2(&w1, &w0, &w2, x[ 3], x[ 5]); + word3_muladd(&w1, &w0, &w2, x[ 4], x[ 4]); + z[ 8] = w2; w2 = 0; word3_muladd_2(&w2, &w1, &w0, x[ 0], x[ 9]); word3_muladd_2(&w2, &w1, &w0, x[ 1], x[ 8]); word3_muladd_2(&w2, &w1, &w0, x[ 2], x[ 7]); word3_muladd_2(&w2, &w1, &w0, x[ 3], x[ 6]); word3_muladd_2(&w2, &w1, &w0, x[ 4], x[ 5]); - z[ 9] = w0; w0 = w1; w1 = w2; w2 = 0; - - word3_muladd_2(&w2, &w1, &w0, x[ 0], x[10]); - word3_muladd_2(&w2, &w1, &w0, x[ 1], x[ 9]); - word3_muladd_2(&w2, &w1, &w0, x[ 2], x[ 8]); - word3_muladd_2(&w2, &w1, &w0, x[ 3], x[ 7]); - word3_muladd_2(&w2, &w1, &w0, x[ 4], x[ 6]); - word3_muladd(&w2, &w1, &w0, x[ 5], x[ 5]); - z[10] = w0; w0 = w1; w1 = w2; w2 = 0; - - word3_muladd_2(&w2, &w1, &w0, x[ 0], x[11]); - word3_muladd_2(&w2, &w1, &w0, x[ 1], x[10]); - word3_muladd_2(&w2, &w1, &w0, x[ 2], x[ 9]); - word3_muladd_2(&w2, &w1, &w0, x[ 3], x[ 8]); - word3_muladd_2(&w2, &w1, &w0, x[ 4], x[ 7]); - word3_muladd_2(&w2, &w1, &w0, x[ 5], x[ 6]); - z[11] = w0; w0 = w1; w1 = w2; w2 = 0; + z[ 9] = w0; w0 = 0; + + word3_muladd_2(&w0, &w2, &w1, x[ 0], x[10]); + word3_muladd_2(&w0, &w2, &w1, x[ 1], x[ 9]); + word3_muladd_2(&w0, &w2, &w1, x[ 2], x[ 8]); + word3_muladd_2(&w0, &w2, &w1, x[ 3], x[ 7]); + word3_muladd_2(&w0, &w2, &w1, x[ 4], x[ 6]); + word3_muladd(&w0, &w2, &w1, x[ 5], x[ 5]); + z[10] = w1; w1 = 0; + + word3_muladd_2(&w1, &w0, &w2, x[ 0], x[11]); + word3_muladd_2(&w1, &w0, &w2, x[ 1], x[10]); + word3_muladd_2(&w1, &w0, &w2, x[ 2], x[ 9]); + word3_muladd_2(&w1, &w0, &w2, x[ 3], x[ 8]); + word3_muladd_2(&w1, &w0, &w2, x[ 4], x[ 7]); + word3_muladd_2(&w1, &w0, &w2, x[ 5], x[ 6]); + z[11] = w2; w2 = 0; word3_muladd_2(&w2, &w1, &w0, x[ 0], x[12]); word3_muladd_2(&w2, &w1, &w0, x[ 1], x[11]); @@ -461,26 +461,26 @@ void bigint_comba_sqr16(word z[32], const word x[16]) word3_muladd_2(&w2, &w1, &w0, x[ 4], x[ 8]); word3_muladd_2(&w2, &w1, &w0, x[ 5], x[ 7]); word3_muladd(&w2, &w1, &w0, x[ 6], x[ 6]); - z[12] = w0; w0 = w1; w1 = w2; w2 = 0; - - word3_muladd_2(&w2, &w1, &w0, x[ 0], x[13]); - word3_muladd_2(&w2, &w1, &w0, x[ 1], x[12]); - word3_muladd_2(&w2, &w1, &w0, x[ 2], x[11]); - word3_muladd_2(&w2, &w1, &w0, x[ 3], x[10]); - word3_muladd_2(&w2, &w1, &w0, x[ 4], x[ 9]); - word3_muladd_2(&w2, &w1, &w0, x[ 5], x[ 8]); - word3_muladd_2(&w2, &w1, &w0, x[ 6], x[ 7]); - z[13] = w0; w0 = w1; w1 = w2; w2 = 0; - - word3_muladd_2(&w2, &w1, &w0, x[ 0], x[14]); - word3_muladd_2(&w2, &w1, &w0, x[ 1], x[13]); - word3_muladd_2(&w2, &w1, &w0, x[ 2], x[12]); - word3_muladd_2(&w2, &w1, &w0, x[ 3], x[11]); - word3_muladd_2(&w2, &w1, &w0, x[ 4], x[10]); - word3_muladd_2(&w2, &w1, &w0, x[ 5], x[ 9]); - word3_muladd_2(&w2, &w1, &w0, x[ 6], x[ 8]); - word3_muladd(&w2, &w1, &w0, x[ 7], x[ 7]); - z[14] = w0; w0 = w1; w1 = w2; w2 = 0; + z[12] = w0; w0 = 0; + + word3_muladd_2(&w0, &w2, &w1, x[ 0], x[13]); + word3_muladd_2(&w0, &w2, &w1, x[ 1], x[12]); + word3_muladd_2(&w0, &w2, &w1, x[ 2], x[11]); + word3_muladd_2(&w0, &w2, &w1, x[ 3], x[10]); + word3_muladd_2(&w0, &w2, &w1, x[ 4], x[ 9]); + word3_muladd_2(&w0, &w2, &w1, x[ 5], x[ 8]); + word3_muladd_2(&w0, &w2, &w1, x[ 6], x[ 7]); + z[13] = w1; w1 = 0; + + word3_muladd_2(&w1, &w0, &w2, x[ 0], x[14]); + word3_muladd_2(&w1, &w0, &w2, x[ 1], x[13]); + word3_muladd_2(&w1, &w0, &w2, x[ 2], x[12]); + word3_muladd_2(&w1, &w0, &w2, x[ 3], x[11]); + word3_muladd_2(&w1, &w0, &w2, x[ 4], x[10]); + word3_muladd_2(&w1, &w0, &w2, x[ 5], x[ 9]); + word3_muladd_2(&w1, &w0, &w2, x[ 6], x[ 8]); + word3_muladd(&w1, &w0, &w2, x[ 7], x[ 7]); + z[14] = w2; w2 = 0; word3_muladd_2(&w2, &w1, &w0, x[ 0], x[15]); word3_muladd_2(&w2, &w1, &w0, x[ 1], x[14]); @@ -490,26 +490,26 @@ void bigint_comba_sqr16(word z[32], const word x[16]) word3_muladd_2(&w2, &w1, &w0, x[ 5], x[10]); word3_muladd_2(&w2, &w1, &w0, x[ 6], x[ 9]); word3_muladd_2(&w2, &w1, &w0, x[ 7], x[ 8]); - z[15] = w0; w0 = w1; w1 = w2; w2 = 0; - - word3_muladd_2(&w2, &w1, &w0, x[ 1], x[15]); - word3_muladd_2(&w2, &w1, &w0, x[ 2], x[14]); - word3_muladd_2(&w2, &w1, &w0, x[ 3], x[13]); - word3_muladd_2(&w2, &w1, &w0, x[ 4], x[12]); - word3_muladd_2(&w2, &w1, &w0, x[ 5], x[11]); - word3_muladd_2(&w2, &w1, &w0, x[ 6], x[10]); - word3_muladd_2(&w2, &w1, &w0, x[ 7], x[ 9]); - word3_muladd(&w2, &w1, &w0, x[ 8], x[ 8]); - z[16] = w0; w0 = w1; w1 = w2; w2 = 0; - - word3_muladd_2(&w2, &w1, &w0, x[ 2], x[15]); - word3_muladd_2(&w2, &w1, &w0, x[ 3], x[14]); - word3_muladd_2(&w2, &w1, &w0, x[ 4], x[13]); - word3_muladd_2(&w2, &w1, &w0, x[ 5], x[12]); - word3_muladd_2(&w2, &w1, &w0, x[ 6], x[11]); - word3_muladd_2(&w2, &w1, &w0, x[ 7], x[10]); - word3_muladd_2(&w2, &w1, &w0, x[ 8], x[ 9]); - z[17] = w0; w0 = w1; w1 = w2; w2 = 0; + z[15] = w0; w0 = 0; + + word3_muladd_2(&w0, &w2, &w1, x[ 1], x[15]); + word3_muladd_2(&w0, &w2, &w1, x[ 2], x[14]); + word3_muladd_2(&w0, &w2, &w1, x[ 3], x[13]); + word3_muladd_2(&w0, &w2, &w1, x[ 4], x[12]); + word3_muladd_2(&w0, &w2, &w1, x[ 5], x[11]); + word3_muladd_2(&w0, &w2, &w1, x[ 6], x[10]); + word3_muladd_2(&w0, &w2, &w1, x[ 7], x[ 9]); + word3_muladd(&w0, &w2, &w1, x[ 8], x[ 8]); + z[16] = w1; w1 = 0; + + word3_muladd_2(&w1, &w0, &w2, x[ 2], x[15]); + word3_muladd_2(&w1, &w0, &w2, x[ 3], x[14]); + word3_muladd_2(&w1, &w0, &w2, x[ 4], x[13]); + word3_muladd_2(&w1, &w0, &w2, x[ 5], x[12]); + word3_muladd_2(&w1, &w0, &w2, x[ 6], x[11]); + word3_muladd_2(&w1, &w0, &w2, x[ 7], x[10]); + word3_muladd_2(&w1, &w0, &w2, x[ 8], x[ 9]); + z[17] = w2; w2 = 0; word3_muladd_2(&w2, &w1, &w0, x[ 3], x[15]); word3_muladd_2(&w2, &w1, &w0, x[ 4], x[14]); @@ -518,70 +518,70 @@ void bigint_comba_sqr16(word z[32], const word x[16]) word3_muladd_2(&w2, &w1, &w0, x[ 7], x[11]); word3_muladd_2(&w2, &w1, &w0, x[ 8], x[10]); word3_muladd(&w2, &w1, &w0, x[ 9], x[ 9]); - z[18] = w0; w0 = w1; w1 = w2; w2 = 0; - - word3_muladd_2(&w2, &w1, &w0, x[ 4], x[15]); - word3_muladd_2(&w2, &w1, &w0, x[ 5], x[14]); - word3_muladd_2(&w2, &w1, &w0, x[ 6], x[13]); - word3_muladd_2(&w2, &w1, &w0, x[ 7], x[12]); - word3_muladd_2(&w2, &w1, &w0, x[ 8], x[11]); - word3_muladd_2(&w2, &w1, &w0, x[ 9], x[10]); - z[19] = w0; w0 = w1; w1 = w2; w2 = 0; - - word3_muladd_2(&w2, &w1, &w0, x[ 5], x[15]); - word3_muladd_2(&w2, &w1, &w0, x[ 6], x[14]); - word3_muladd_2(&w2, &w1, &w0, x[ 7], x[13]); - word3_muladd_2(&w2, &w1, &w0, x[ 8], x[12]); - word3_muladd_2(&w2, &w1, &w0, x[ 9], x[11]); - word3_muladd(&w2, &w1, &w0, x[10], x[10]); - z[20] = w0; w0 = w1; w1 = w2; w2 = 0; + z[18] = w0; w0 = 0; + + word3_muladd_2(&w0, &w2, &w1, x[ 4], x[15]); + word3_muladd_2(&w0, &w2, &w1, x[ 5], x[14]); + word3_muladd_2(&w0, &w2, &w1, x[ 6], x[13]); + word3_muladd_2(&w0, &w2, &w1, x[ 7], x[12]); + word3_muladd_2(&w0, &w2, &w1, x[ 8], x[11]); + word3_muladd_2(&w0, &w2, &w1, x[ 9], x[10]); + z[19] = w1; w1 = 0; + + word3_muladd_2(&w1, &w0, &w2, x[ 5], x[15]); + word3_muladd_2(&w1, &w0, &w2, x[ 6], x[14]); + word3_muladd_2(&w1, &w0, &w2, x[ 7], x[13]); + word3_muladd_2(&w1, &w0, &w2, x[ 8], x[12]); + word3_muladd_2(&w1, &w0, &w2, x[ 9], x[11]); + word3_muladd(&w1, &w0, &w2, x[10], x[10]); + z[20] = w2; w2 = 0; word3_muladd_2(&w2, &w1, &w0, x[ 6], x[15]); word3_muladd_2(&w2, &w1, &w0, x[ 7], x[14]); word3_muladd_2(&w2, &w1, &w0, x[ 8], x[13]); word3_muladd_2(&w2, &w1, &w0, x[ 9], x[12]); word3_muladd_2(&w2, &w1, &w0, x[10], x[11]); - z[21] = w0; w0 = w1; w1 = w2; w2 = 0; + z[21] = w0; w0 = 0; - word3_muladd_2(&w2, &w1, &w0, x[ 7], x[15]); - word3_muladd_2(&w2, &w1, &w0, x[ 8], x[14]); - word3_muladd_2(&w2, &w1, &w0, x[ 9], x[13]); - word3_muladd_2(&w2, &w1, &w0, x[10], x[12]); - word3_muladd(&w2, &w1, &w0, x[11], x[11]); - z[22] = w0; w0 = w1; w1 = w2; w2 = 0; + word3_muladd_2(&w0, &w2, &w1, x[ 7], x[15]); + word3_muladd_2(&w0, &w2, &w1, x[ 8], x[14]); + word3_muladd_2(&w0, &w2, &w1, x[ 9], x[13]); + word3_muladd_2(&w0, &w2, &w1, x[10], x[12]); + word3_muladd(&w0, &w2, &w1, x[11], x[11]); + z[22] = w1; w1 = 0; - word3_muladd_2(&w2, &w1, &w0, x[ 8], x[15]); - word3_muladd_2(&w2, &w1, &w0, x[ 9], x[14]); - word3_muladd_2(&w2, &w1, &w0, x[10], x[13]); - word3_muladd_2(&w2, &w1, &w0, x[11], x[12]); - z[23] = w0; w0 = w1; w1 = w2; w2 = 0; + word3_muladd_2(&w1, &w0, &w2, x[ 8], x[15]); + word3_muladd_2(&w1, &w0, &w2, x[ 9], x[14]); + word3_muladd_2(&w1, &w0, &w2, x[10], x[13]); + word3_muladd_2(&w1, &w0, &w2, x[11], x[12]); + z[23] = w2; w2 = 0; word3_muladd_2(&w2, &w1, &w0, x[ 9], x[15]); word3_muladd_2(&w2, &w1, &w0, x[10], x[14]); word3_muladd_2(&w2, &w1, &w0, x[11], x[13]); word3_muladd(&w2, &w1, &w0, x[12], x[12]); - z[24] = w0; w0 = w1; w1 = w2; w2 = 0; + z[24] = w0; w0 = 0; - word3_muladd_2(&w2, &w1, &w0, x[10], x[15]); - word3_muladd_2(&w2, &w1, &w0, x[11], x[14]); - word3_muladd_2(&w2, &w1, &w0, x[12], x[13]); - z[25] = w0; w0 = w1; w1 = w2; w2 = 0; + word3_muladd_2(&w0, &w2, &w1, x[10], x[15]); + word3_muladd_2(&w0, &w2, &w1, x[11], x[14]); + word3_muladd_2(&w0, &w2, &w1, x[12], x[13]); + z[25] = w1; w1 = 0; - word3_muladd_2(&w2, &w1, &w0, x[11], x[15]); - word3_muladd_2(&w2, &w1, &w0, x[12], x[14]); - word3_muladd(&w2, &w1, &w0, x[13], x[13]); - z[26] = w0; w0 = w1; w1 = w2; w2 = 0; + word3_muladd_2(&w1, &w0, &w2, x[11], x[15]); + word3_muladd_2(&w1, &w0, &w2, x[12], x[14]); + word3_muladd(&w1, &w0, &w2, x[13], x[13]); + z[26] = w2; w2 = 0; word3_muladd_2(&w2, &w1, &w0, x[12], x[15]); word3_muladd_2(&w2, &w1, &w0, x[13], x[14]); - z[27] = w0; w0 = w1; w1 = w2; w2 = 0; + z[27] = w0; w0 = 0; - word3_muladd_2(&w2, &w1, &w0, x[13], x[15]); - word3_muladd(&w2, &w1, &w0, x[14], x[14]); - z[28] = w0; w0 = w1; w1 = w2; w2 = 0; + word3_muladd_2(&w0, &w2, &w1, x[13], x[15]); + word3_muladd(&w0, &w2, &w1, x[14], x[14]); + z[28] = w1; w1 = 0; - word3_muladd_2(&w2, &w1, &w0, x[14], x[15]); - z[29] = w0; w0 = w1; w1 = w2; w2 = 0; + word3_muladd_2(&w1, &w0, &w2, x[14], x[15]); + z[29] = w2; w2 = 0; word3_muladd(&w2, &w1, &w0, x[15], x[15]); z[30] = w0; @@ -596,37 +596,37 @@ void bigint_comba_mul16(word z[32], const word x[16], const word y[16]) word w2 = 0, w1 = 0, w0 = 0; word3_muladd(&w2, &w1, &w0, x[ 0], y[ 0]); - z[0] = w0; w0 = w1; w1 = w2; w2 = 0; + z[ 0] = w0; w0 = 0; - word3_muladd(&w2, &w1, &w0, x[ 0], y[ 1]); - word3_muladd(&w2, &w1, &w0, x[ 1], y[ 0]); - z[1] = w0; w0 = w1; w1 = w2; w2 = 0; + word3_muladd(&w0, &w2, &w1, x[ 0], y[ 1]); + word3_muladd(&w0, &w2, &w1, x[ 1], y[ 0]); + z[ 1] = w1; w1 = 0; - word3_muladd(&w2, &w1, &w0, x[ 0], y[ 2]); - word3_muladd(&w2, &w1, &w0, x[ 1], y[ 1]); - word3_muladd(&w2, &w1, &w0, x[ 2], y[ 0]); - z[2] = w0; w0 = w1; w1 = w2; w2 = 0; + word3_muladd(&w1, &w0, &w2, x[ 0], y[ 2]); + word3_muladd(&w1, &w0, &w2, x[ 1], y[ 1]); + word3_muladd(&w1, &w0, &w2, x[ 2], y[ 0]); + z[ 2] = w2; w2 = 0; word3_muladd(&w2, &w1, &w0, x[ 0], y[ 3]); word3_muladd(&w2, &w1, &w0, x[ 1], y[ 2]); word3_muladd(&w2, &w1, &w0, x[ 2], y[ 1]); word3_muladd(&w2, &w1, &w0, x[ 3], y[ 0]); - z[3] = w0; w0 = w1; w1 = w2; w2 = 0; - - word3_muladd(&w2, &w1, &w0, x[ 0], y[ 4]); - word3_muladd(&w2, &w1, &w0, x[ 1], y[ 3]); - word3_muladd(&w2, &w1, &w0, x[ 2], y[ 2]); - word3_muladd(&w2, &w1, &w0, x[ 3], y[ 1]); - word3_muladd(&w2, &w1, &w0, x[ 4], y[ 0]); - z[4] = w0; w0 = w1; w1 = w2; w2 = 0; - - word3_muladd(&w2, &w1, &w0, x[ 0], y[ 5]); - word3_muladd(&w2, &w1, &w0, x[ 1], y[ 4]); - word3_muladd(&w2, &w1, &w0, x[ 2], y[ 3]); - word3_muladd(&w2, &w1, &w0, x[ 3], y[ 2]); - word3_muladd(&w2, &w1, &w0, x[ 4], y[ 1]); - word3_muladd(&w2, &w1, &w0, x[ 5], y[ 0]); - z[5] = w0; w0 = w1; w1 = w2; w2 = 0; + z[ 3] = w0; w0 = 0; + + word3_muladd(&w0, &w2, &w1, x[ 0], y[ 4]); + word3_muladd(&w0, &w2, &w1, x[ 1], y[ 3]); + word3_muladd(&w0, &w2, &w1, x[ 2], y[ 2]); + word3_muladd(&w0, &w2, &w1, x[ 3], y[ 1]); + word3_muladd(&w0, &w2, &w1, x[ 4], y[ 0]); + z[ 4] = w1; w1 = 0; + + word3_muladd(&w1, &w0, &w2, x[ 0], y[ 5]); + word3_muladd(&w1, &w0, &w2, x[ 1], y[ 4]); + word3_muladd(&w1, &w0, &w2, x[ 2], y[ 3]); + word3_muladd(&w1, &w0, &w2, x[ 3], y[ 2]); + word3_muladd(&w1, &w0, &w2, x[ 4], y[ 1]); + word3_muladd(&w1, &w0, &w2, x[ 5], y[ 0]); + z[ 5] = w2; w2 = 0; word3_muladd(&w2, &w1, &w0, x[ 0], y[ 6]); word3_muladd(&w2, &w1, &w0, x[ 1], y[ 5]); @@ -635,28 +635,28 @@ void bigint_comba_mul16(word z[32], const word x[16], const word y[16]) word3_muladd(&w2, &w1, &w0, x[ 4], y[ 2]); word3_muladd(&w2, &w1, &w0, x[ 5], y[ 1]); word3_muladd(&w2, &w1, &w0, x[ 6], y[ 0]); - z[6] = w0; w0 = w1; w1 = w2; w2 = 0; - - word3_muladd(&w2, &w1, &w0, x[ 0], y[ 7]); - word3_muladd(&w2, &w1, &w0, x[ 1], y[ 6]); - word3_muladd(&w2, &w1, &w0, x[ 2], y[ 5]); - word3_muladd(&w2, &w1, &w0, x[ 3], y[ 4]); - word3_muladd(&w2, &w1, &w0, x[ 4], y[ 3]); - word3_muladd(&w2, &w1, &w0, x[ 5], y[ 2]); - word3_muladd(&w2, &w1, &w0, x[ 6], y[ 1]); - word3_muladd(&w2, &w1, &w0, x[ 7], y[ 0]); - z[7] = w0; w0 = w1; w1 = w2; w2 = 0; - - word3_muladd(&w2, &w1, &w0, x[ 0], y[ 8]); - word3_muladd(&w2, &w1, &w0, x[ 1], y[ 7]); - word3_muladd(&w2, &w1, &w0, x[ 2], y[ 6]); - word3_muladd(&w2, &w1, &w0, x[ 3], y[ 5]); - word3_muladd(&w2, &w1, &w0, x[ 4], y[ 4]); - word3_muladd(&w2, &w1, &w0, x[ 5], y[ 3]); - word3_muladd(&w2, &w1, &w0, x[ 6], y[ 2]); - word3_muladd(&w2, &w1, &w0, x[ 7], y[ 1]); - word3_muladd(&w2, &w1, &w0, x[ 8], y[ 0]); - z[8] = w0; w0 = w1; w1 = w2; w2 = 0; + z[ 6] = w0; w0 = 0; + + word3_muladd(&w0, &w2, &w1, x[ 0], y[ 7]); + word3_muladd(&w0, &w2, &w1, x[ 1], y[ 6]); + word3_muladd(&w0, &w2, &w1, x[ 2], y[ 5]); + word3_muladd(&w0, &w2, &w1, x[ 3], y[ 4]); + word3_muladd(&w0, &w2, &w1, x[ 4], y[ 3]); + word3_muladd(&w0, &w2, &w1, x[ 5], y[ 2]); + word3_muladd(&w0, &w2, &w1, x[ 6], y[ 1]); + word3_muladd(&w0, &w2, &w1, x[ 7], y[ 0]); + z[ 7] = w1; w1 = 0; + + word3_muladd(&w1, &w0, &w2, x[ 0], y[ 8]); + word3_muladd(&w1, &w0, &w2, x[ 1], y[ 7]); + word3_muladd(&w1, &w0, &w2, x[ 2], y[ 6]); + word3_muladd(&w1, &w0, &w2, x[ 3], y[ 5]); + word3_muladd(&w1, &w0, &w2, x[ 4], y[ 4]); + word3_muladd(&w1, &w0, &w2, x[ 5], y[ 3]); + word3_muladd(&w1, &w0, &w2, x[ 6], y[ 2]); + word3_muladd(&w1, &w0, &w2, x[ 7], y[ 1]); + word3_muladd(&w1, &w0, &w2, x[ 8], y[ 0]); + z[ 8] = w2; w2 = 0; word3_muladd(&w2, &w1, &w0, x[ 0], y[ 9]); word3_muladd(&w2, &w1, &w0, x[ 1], y[ 8]); @@ -668,34 +668,34 @@ void bigint_comba_mul16(word z[32], const word x[16], const word y[16]) word3_muladd(&w2, &w1, &w0, x[ 7], y[ 2]); word3_muladd(&w2, &w1, &w0, x[ 8], y[ 1]); word3_muladd(&w2, &w1, &w0, x[ 9], y[ 0]); - z[9] = w0; w0 = w1; w1 = w2; w2 = 0; - - word3_muladd(&w2, &w1, &w0, x[ 0], y[10]); - word3_muladd(&w2, &w1, &w0, x[ 1], y[ 9]); - word3_muladd(&w2, &w1, &w0, x[ 2], y[ 8]); - word3_muladd(&w2, &w1, &w0, x[ 3], y[ 7]); - word3_muladd(&w2, &w1, &w0, x[ 4], y[ 6]); - word3_muladd(&w2, &w1, &w0, x[ 5], y[ 5]); - word3_muladd(&w2, &w1, &w0, x[ 6], y[ 4]); - word3_muladd(&w2, &w1, &w0, x[ 7], y[ 3]); - word3_muladd(&w2, &w1, &w0, x[ 8], y[ 2]); - word3_muladd(&w2, &w1, &w0, x[ 9], y[ 1]); - word3_muladd(&w2, &w1, &w0, x[10], y[ 0]); - z[10] = w0; w0 = w1; w1 = w2; w2 = 0; - - word3_muladd(&w2, &w1, &w0, x[ 0], y[11]); - word3_muladd(&w2, &w1, &w0, x[ 1], y[10]); - word3_muladd(&w2, &w1, &w0, x[ 2], y[ 9]); - word3_muladd(&w2, &w1, &w0, x[ 3], y[ 8]); - word3_muladd(&w2, &w1, &w0, x[ 4], y[ 7]); - word3_muladd(&w2, &w1, &w0, x[ 5], y[ 6]); - word3_muladd(&w2, &w1, &w0, x[ 6], y[ 5]); - word3_muladd(&w2, &w1, &w0, x[ 7], y[ 4]); - word3_muladd(&w2, &w1, &w0, x[ 8], y[ 3]); - word3_muladd(&w2, &w1, &w0, x[ 9], y[ 2]); - word3_muladd(&w2, &w1, &w0, x[10], y[ 1]); - word3_muladd(&w2, &w1, &w0, x[11], y[ 0]); - z[11] = w0; w0 = w1; w1 = w2; w2 = 0; + z[ 9] = w0; w0 = 0; + + word3_muladd(&w0, &w2, &w1, x[ 0], y[10]); + word3_muladd(&w0, &w2, &w1, x[ 1], y[ 9]); + word3_muladd(&w0, &w2, &w1, x[ 2], y[ 8]); + word3_muladd(&w0, &w2, &w1, x[ 3], y[ 7]); + word3_muladd(&w0, &w2, &w1, x[ 4], y[ 6]); + word3_muladd(&w0, &w2, &w1, x[ 5], y[ 5]); + word3_muladd(&w0, &w2, &w1, x[ 6], y[ 4]); + word3_muladd(&w0, &w2, &w1, x[ 7], y[ 3]); + word3_muladd(&w0, &w2, &w1, x[ 8], y[ 2]); + word3_muladd(&w0, &w2, &w1, x[ 9], y[ 1]); + word3_muladd(&w0, &w2, &w1, x[10], y[ 0]); + z[10] = w1; w1 = 0; + + word3_muladd(&w1, &w0, &w2, x[ 0], y[11]); + word3_muladd(&w1, &w0, &w2, x[ 1], y[10]); + word3_muladd(&w1, &w0, &w2, x[ 2], y[ 9]); + word3_muladd(&w1, &w0, &w2, x[ 3], y[ 8]); + word3_muladd(&w1, &w0, &w2, x[ 4], y[ 7]); + word3_muladd(&w1, &w0, &w2, x[ 5], y[ 6]); + word3_muladd(&w1, &w0, &w2, x[ 6], y[ 5]); + word3_muladd(&w1, &w0, &w2, x[ 7], y[ 4]); + word3_muladd(&w1, &w0, &w2, x[ 8], y[ 3]); + word3_muladd(&w1, &w0, &w2, x[ 9], y[ 2]); + word3_muladd(&w1, &w0, &w2, x[10], y[ 1]); + word3_muladd(&w1, &w0, &w2, x[11], y[ 0]); + z[11] = w2; w2 = 0; word3_muladd(&w2, &w1, &w0, x[ 0], y[12]); word3_muladd(&w2, &w1, &w0, x[ 1], y[11]); @@ -710,40 +710,40 @@ void bigint_comba_mul16(word z[32], const word x[16], const word y[16]) word3_muladd(&w2, &w1, &w0, x[10], y[ 2]); word3_muladd(&w2, &w1, &w0, x[11], y[ 1]); word3_muladd(&w2, &w1, &w0, x[12], y[ 0]); - z[12] = w0; w0 = w1; w1 = w2; w2 = 0; - - word3_muladd(&w2, &w1, &w0, x[ 0], y[13]); - word3_muladd(&w2, &w1, &w0, x[ 1], y[12]); - word3_muladd(&w2, &w1, &w0, x[ 2], y[11]); - word3_muladd(&w2, &w1, &w0, x[ 3], y[10]); - word3_muladd(&w2, &w1, &w0, x[ 4], y[ 9]); - word3_muladd(&w2, &w1, &w0, x[ 5], y[ 8]); - word3_muladd(&w2, &w1, &w0, x[ 6], y[ 7]); - word3_muladd(&w2, &w1, &w0, x[ 7], y[ 6]); - word3_muladd(&w2, &w1, &w0, x[ 8], y[ 5]); - word3_muladd(&w2, &w1, &w0, x[ 9], y[ 4]); - word3_muladd(&w2, &w1, &w0, x[10], y[ 3]); - word3_muladd(&w2, &w1, &w0, x[11], y[ 2]); - word3_muladd(&w2, &w1, &w0, x[12], y[ 1]); - word3_muladd(&w2, &w1, &w0, x[13], y[ 0]); - z[13] = w0; w0 = w1; w1 = w2; w2 = 0; - - word3_muladd(&w2, &w1, &w0, x[ 0], y[14]); - word3_muladd(&w2, &w1, &w0, x[ 1], y[13]); - word3_muladd(&w2, &w1, &w0, x[ 2], y[12]); - word3_muladd(&w2, &w1, &w0, x[ 3], y[11]); - word3_muladd(&w2, &w1, &w0, x[ 4], y[10]); - word3_muladd(&w2, &w1, &w0, x[ 5], y[ 9]); - word3_muladd(&w2, &w1, &w0, x[ 6], y[ 8]); - word3_muladd(&w2, &w1, &w0, x[ 7], y[ 7]); - word3_muladd(&w2, &w1, &w0, x[ 8], y[ 6]); - word3_muladd(&w2, &w1, &w0, x[ 9], y[ 5]); - word3_muladd(&w2, &w1, &w0, x[10], y[ 4]); - word3_muladd(&w2, &w1, &w0, x[11], y[ 3]); - word3_muladd(&w2, &w1, &w0, x[12], y[ 2]); - word3_muladd(&w2, &w1, &w0, x[13], y[ 1]); - word3_muladd(&w2, &w1, &w0, x[14], y[ 0]); - z[14] = w0; w0 = w1; w1 = w2; w2 = 0; + z[12] = w0; w0 = 0; + + word3_muladd(&w0, &w2, &w1, x[ 0], y[13]); + word3_muladd(&w0, &w2, &w1, x[ 1], y[12]); + word3_muladd(&w0, &w2, &w1, x[ 2], y[11]); + word3_muladd(&w0, &w2, &w1, x[ 3], y[10]); + word3_muladd(&w0, &w2, &w1, x[ 4], y[ 9]); + word3_muladd(&w0, &w2, &w1, x[ 5], y[ 8]); + word3_muladd(&w0, &w2, &w1, x[ 6], y[ 7]); + word3_muladd(&w0, &w2, &w1, x[ 7], y[ 6]); + word3_muladd(&w0, &w2, &w1, x[ 8], y[ 5]); + word3_muladd(&w0, &w2, &w1, x[ 9], y[ 4]); + word3_muladd(&w0, &w2, &w1, x[10], y[ 3]); + word3_muladd(&w0, &w2, &w1, x[11], y[ 2]); + word3_muladd(&w0, &w2, &w1, x[12], y[ 1]); + word3_muladd(&w0, &w2, &w1, x[13], y[ 0]); + z[13] = w1; w1 = 0; + + word3_muladd(&w1, &w0, &w2, x[ 0], y[14]); + word3_muladd(&w1, &w0, &w2, x[ 1], y[13]); + word3_muladd(&w1, &w0, &w2, x[ 2], y[12]); + word3_muladd(&w1, &w0, &w2, x[ 3], y[11]); + word3_muladd(&w1, &w0, &w2, x[ 4], y[10]); + word3_muladd(&w1, &w0, &w2, x[ 5], y[ 9]); + word3_muladd(&w1, &w0, &w2, x[ 6], y[ 8]); + word3_muladd(&w1, &w0, &w2, x[ 7], y[ 7]); + word3_muladd(&w1, &w0, &w2, x[ 8], y[ 6]); + word3_muladd(&w1, &w0, &w2, x[ 9], y[ 5]); + word3_muladd(&w1, &w0, &w2, x[10], y[ 4]); + word3_muladd(&w1, &w0, &w2, x[11], y[ 3]); + word3_muladd(&w1, &w0, &w2, x[12], y[ 2]); + word3_muladd(&w1, &w0, &w2, x[13], y[ 1]); + word3_muladd(&w1, &w0, &w2, x[14], y[ 0]); + z[14] = w2; w2 = 0; word3_muladd(&w2, &w1, &w0, x[ 0], y[15]); word3_muladd(&w2, &w1, &w0, x[ 1], y[14]); @@ -761,40 +761,40 @@ void bigint_comba_mul16(word z[32], const word x[16], const word y[16]) word3_muladd(&w2, &w1, &w0, x[13], y[ 2]); word3_muladd(&w2, &w1, &w0, x[14], y[ 1]); word3_muladd(&w2, &w1, &w0, x[15], y[ 0]); - z[15] = w0; w0 = w1; w1 = w2; w2 = 0; - - word3_muladd(&w2, &w1, &w0, x[ 1], y[15]); - word3_muladd(&w2, &w1, &w0, x[ 2], y[14]); - word3_muladd(&w2, &w1, &w0, x[ 3], y[13]); - word3_muladd(&w2, &w1, &w0, x[ 4], y[12]); - word3_muladd(&w2, &w1, &w0, x[ 5], y[11]); - word3_muladd(&w2, &w1, &w0, x[ 6], y[10]); - word3_muladd(&w2, &w1, &w0, x[ 7], y[ 9]); - word3_muladd(&w2, &w1, &w0, x[ 8], y[ 8]); - word3_muladd(&w2, &w1, &w0, x[ 9], y[ 7]); - word3_muladd(&w2, &w1, &w0, x[10], y[ 6]); - word3_muladd(&w2, &w1, &w0, x[11], y[ 5]); - word3_muladd(&w2, &w1, &w0, x[12], y[ 4]); - word3_muladd(&w2, &w1, &w0, x[13], y[ 3]); - word3_muladd(&w2, &w1, &w0, x[14], y[ 2]); - word3_muladd(&w2, &w1, &w0, x[15], y[ 1]); - z[16] = w0; w0 = w1; w1 = w2; w2 = 0; - - word3_muladd(&w2, &w1, &w0, x[ 2], y[15]); - word3_muladd(&w2, &w1, &w0, x[ 3], y[14]); - word3_muladd(&w2, &w1, &w0, x[ 4], y[13]); - word3_muladd(&w2, &w1, &w0, x[ 5], y[12]); - word3_muladd(&w2, &w1, &w0, x[ 6], y[11]); - word3_muladd(&w2, &w1, &w0, x[ 7], y[10]); - word3_muladd(&w2, &w1, &w0, x[ 8], y[ 9]); - word3_muladd(&w2, &w1, &w0, x[ 9], y[ 8]); - word3_muladd(&w2, &w1, &w0, x[10], y[ 7]); - word3_muladd(&w2, &w1, &w0, x[11], y[ 6]); - word3_muladd(&w2, &w1, &w0, x[12], y[ 5]); - word3_muladd(&w2, &w1, &w0, x[13], y[ 4]); - word3_muladd(&w2, &w1, &w0, x[14], y[ 3]); - word3_muladd(&w2, &w1, &w0, x[15], y[ 2]); - z[17] = w0; w0 = w1; w1 = w2; w2 = 0; + z[15] = w0; w0 = 0; + + word3_muladd(&w0, &w2, &w1, x[ 1], y[15]); + word3_muladd(&w0, &w2, &w1, x[ 2], y[14]); + word3_muladd(&w0, &w2, &w1, x[ 3], y[13]); + word3_muladd(&w0, &w2, &w1, x[ 4], y[12]); + word3_muladd(&w0, &w2, &w1, x[ 5], y[11]); + word3_muladd(&w0, &w2, &w1, x[ 6], y[10]); + word3_muladd(&w0, &w2, &w1, x[ 7], y[ 9]); + word3_muladd(&w0, &w2, &w1, x[ 8], y[ 8]); + word3_muladd(&w0, &w2, &w1, x[ 9], y[ 7]); + word3_muladd(&w0, &w2, &w1, x[10], y[ 6]); + word3_muladd(&w0, &w2, &w1, x[11], y[ 5]); + word3_muladd(&w0, &w2, &w1, x[12], y[ 4]); + word3_muladd(&w0, &w2, &w1, x[13], y[ 3]); + word3_muladd(&w0, &w2, &w1, x[14], y[ 2]); + word3_muladd(&w0, &w2, &w1, x[15], y[ 1]); + z[16] = w1; w1 = 0; + + word3_muladd(&w1, &w0, &w2, x[ 2], y[15]); + word3_muladd(&w1, &w0, &w2, x[ 3], y[14]); + word3_muladd(&w1, &w0, &w2, x[ 4], y[13]); + word3_muladd(&w1, &w0, &w2, x[ 5], y[12]); + word3_muladd(&w1, &w0, &w2, x[ 6], y[11]); + word3_muladd(&w1, &w0, &w2, x[ 7], y[10]); + word3_muladd(&w1, &w0, &w2, x[ 8], y[ 9]); + word3_muladd(&w1, &w0, &w2, x[ 9], y[ 8]); + word3_muladd(&w1, &w0, &w2, x[10], y[ 7]); + word3_muladd(&w1, &w0, &w2, x[11], y[ 6]); + word3_muladd(&w1, &w0, &w2, x[12], y[ 5]); + word3_muladd(&w1, &w0, &w2, x[13], y[ 4]); + word3_muladd(&w1, &w0, &w2, x[14], y[ 3]); + word3_muladd(&w1, &w0, &w2, x[15], y[ 2]); + z[17] = w2; w2 = 0; word3_muladd(&w2, &w1, &w0, x[ 3], y[15]); word3_muladd(&w2, &w1, &w0, x[ 4], y[14]); @@ -809,34 +809,34 @@ void bigint_comba_mul16(word z[32], const word x[16], const word y[16]) word3_muladd(&w2, &w1, &w0, x[13], y[ 5]); word3_muladd(&w2, &w1, &w0, x[14], y[ 4]); word3_muladd(&w2, &w1, &w0, x[15], y[ 3]); - z[18] = w0; w0 = w1; w1 = w2; w2 = 0; - - word3_muladd(&w2, &w1, &w0, x[ 4], y[15]); - word3_muladd(&w2, &w1, &w0, x[ 5], y[14]); - word3_muladd(&w2, &w1, &w0, x[ 6], y[13]); - word3_muladd(&w2, &w1, &w0, x[ 7], y[12]); - word3_muladd(&w2, &w1, &w0, x[ 8], y[11]); - word3_muladd(&w2, &w1, &w0, x[ 9], y[10]); - word3_muladd(&w2, &w1, &w0, x[10], y[ 9]); - word3_muladd(&w2, &w1, &w0, x[11], y[ 8]); - word3_muladd(&w2, &w1, &w0, x[12], y[ 7]); - word3_muladd(&w2, &w1, &w0, x[13], y[ 6]); - word3_muladd(&w2, &w1, &w0, x[14], y[ 5]); - word3_muladd(&w2, &w1, &w0, x[15], y[ 4]); - z[19] = w0; w0 = w1; w1 = w2; w2 = 0; - - word3_muladd(&w2, &w1, &w0, x[ 5], y[15]); - word3_muladd(&w2, &w1, &w0, x[ 6], y[14]); - word3_muladd(&w2, &w1, &w0, x[ 7], y[13]); - word3_muladd(&w2, &w1, &w0, x[ 8], y[12]); - word3_muladd(&w2, &w1, &w0, x[ 9], y[11]); - word3_muladd(&w2, &w1, &w0, x[10], y[10]); - word3_muladd(&w2, &w1, &w0, x[11], y[ 9]); - word3_muladd(&w2, &w1, &w0, x[12], y[ 8]); - word3_muladd(&w2, &w1, &w0, x[13], y[ 7]); - word3_muladd(&w2, &w1, &w0, x[14], y[ 6]); - word3_muladd(&w2, &w1, &w0, x[15], y[ 5]); - z[20] = w0; w0 = w1; w1 = w2; w2 = 0; + z[18] = w0; w0 = 0; + + word3_muladd(&w0, &w2, &w1, x[ 4], y[15]); + word3_muladd(&w0, &w2, &w1, x[ 5], y[14]); + word3_muladd(&w0, &w2, &w1, x[ 6], y[13]); + word3_muladd(&w0, &w2, &w1, x[ 7], y[12]); + word3_muladd(&w0, &w2, &w1, x[ 8], y[11]); + word3_muladd(&w0, &w2, &w1, x[ 9], y[10]); + word3_muladd(&w0, &w2, &w1, x[10], y[ 9]); + word3_muladd(&w0, &w2, &w1, x[11], y[ 8]); + word3_muladd(&w0, &w2, &w1, x[12], y[ 7]); + word3_muladd(&w0, &w2, &w1, x[13], y[ 6]); + word3_muladd(&w0, &w2, &w1, x[14], y[ 5]); + word3_muladd(&w0, &w2, &w1, x[15], y[ 4]); + z[19] = w1; w1 = 0; + + word3_muladd(&w1, &w0, &w2, x[ 5], y[15]); + word3_muladd(&w1, &w0, &w2, x[ 6], y[14]); + word3_muladd(&w1, &w0, &w2, x[ 7], y[13]); + word3_muladd(&w1, &w0, &w2, x[ 8], y[12]); + word3_muladd(&w1, &w0, &w2, x[ 9], y[11]); + word3_muladd(&w1, &w0, &w2, x[10], y[10]); + word3_muladd(&w1, &w0, &w2, x[11], y[ 9]); + word3_muladd(&w1, &w0, &w2, x[12], y[ 8]); + word3_muladd(&w1, &w0, &w2, x[13], y[ 7]); + word3_muladd(&w1, &w0, &w2, x[14], y[ 6]); + word3_muladd(&w1, &w0, &w2, x[15], y[ 5]); + z[20] = w2; w2 = 0; word3_muladd(&w2, &w1, &w0, x[ 6], y[15]); word3_muladd(&w2, &w1, &w0, x[ 7], y[14]); @@ -848,28 +848,28 @@ void bigint_comba_mul16(word z[32], const word x[16], const word y[16]) word3_muladd(&w2, &w1, &w0, x[13], y[ 8]); word3_muladd(&w2, &w1, &w0, x[14], y[ 7]); word3_muladd(&w2, &w1, &w0, x[15], y[ 6]); - z[21] = w0; w0 = w1; w1 = w2; w2 = 0; - - word3_muladd(&w2, &w1, &w0, x[ 7], y[15]); - word3_muladd(&w2, &w1, &w0, x[ 8], y[14]); - word3_muladd(&w2, &w1, &w0, x[ 9], y[13]); - word3_muladd(&w2, &w1, &w0, x[10], y[12]); - word3_muladd(&w2, &w1, &w0, x[11], y[11]); - word3_muladd(&w2, &w1, &w0, x[12], y[10]); - word3_muladd(&w2, &w1, &w0, x[13], y[ 9]); - word3_muladd(&w2, &w1, &w0, x[14], y[ 8]); - word3_muladd(&w2, &w1, &w0, x[15], y[ 7]); - z[22] = w0; w0 = w1; w1 = w2; w2 = 0; - - word3_muladd(&w2, &w1, &w0, x[ 8], y[15]); - word3_muladd(&w2, &w1, &w0, x[ 9], y[14]); - word3_muladd(&w2, &w1, &w0, x[10], y[13]); - word3_muladd(&w2, &w1, &w0, x[11], y[12]); - word3_muladd(&w2, &w1, &w0, x[12], y[11]); - word3_muladd(&w2, &w1, &w0, x[13], y[10]); - word3_muladd(&w2, &w1, &w0, x[14], y[ 9]); - word3_muladd(&w2, &w1, &w0, x[15], y[ 8]); - z[23] = w0; w0 = w1; w1 = w2; w2 = 0; + z[21] = w0; w0 = 0; + + word3_muladd(&w0, &w2, &w1, x[ 7], y[15]); + word3_muladd(&w0, &w2, &w1, x[ 8], y[14]); + word3_muladd(&w0, &w2, &w1, x[ 9], y[13]); + word3_muladd(&w0, &w2, &w1, x[10], y[12]); + word3_muladd(&w0, &w2, &w1, x[11], y[11]); + word3_muladd(&w0, &w2, &w1, x[12], y[10]); + word3_muladd(&w0, &w2, &w1, x[13], y[ 9]); + word3_muladd(&w0, &w2, &w1, x[14], y[ 8]); + word3_muladd(&w0, &w2, &w1, x[15], y[ 7]); + z[22] = w1; w1 = 0; + + word3_muladd(&w1, &w0, &w2, x[ 8], y[15]); + word3_muladd(&w1, &w0, &w2, x[ 9], y[14]); + word3_muladd(&w1, &w0, &w2, x[10], y[13]); + word3_muladd(&w1, &w0, &w2, x[11], y[12]); + word3_muladd(&w1, &w0, &w2, x[12], y[11]); + word3_muladd(&w1, &w0, &w2, x[13], y[10]); + word3_muladd(&w1, &w0, &w2, x[14], y[ 9]); + word3_muladd(&w1, &w0, &w2, x[15], y[ 8]); + z[23] = w2; w2 = 0; word3_muladd(&w2, &w1, &w0, x[ 9], y[15]); word3_muladd(&w2, &w1, &w0, x[10], y[14]); @@ -878,37 +878,37 @@ void bigint_comba_mul16(word z[32], const word x[16], const word y[16]) word3_muladd(&w2, &w1, &w0, x[13], y[11]); word3_muladd(&w2, &w1, &w0, x[14], y[10]); word3_muladd(&w2, &w1, &w0, x[15], y[ 9]); - z[24] = w0; w0 = w1; w1 = w2; w2 = 0; - - word3_muladd(&w2, &w1, &w0, x[10], y[15]); - word3_muladd(&w2, &w1, &w0, x[11], y[14]); - word3_muladd(&w2, &w1, &w0, x[12], y[13]); - word3_muladd(&w2, &w1, &w0, x[13], y[12]); - word3_muladd(&w2, &w1, &w0, x[14], y[11]); - word3_muladd(&w2, &w1, &w0, x[15], y[10]); - z[25] = w0; w0 = w1; w1 = w2; w2 = 0; - - word3_muladd(&w2, &w1, &w0, x[11], y[15]); - word3_muladd(&w2, &w1, &w0, x[12], y[14]); - word3_muladd(&w2, &w1, &w0, x[13], y[13]); - word3_muladd(&w2, &w1, &w0, x[14], y[12]); - word3_muladd(&w2, &w1, &w0, x[15], y[11]); - z[26] = w0; w0 = w1; w1 = w2; w2 = 0; + z[24] = w0; w0 = 0; + + word3_muladd(&w0, &w2, &w1, x[10], y[15]); + word3_muladd(&w0, &w2, &w1, x[11], y[14]); + word3_muladd(&w0, &w2, &w1, x[12], y[13]); + word3_muladd(&w0, &w2, &w1, x[13], y[12]); + word3_muladd(&w0, &w2, &w1, x[14], y[11]); + word3_muladd(&w0, &w2, &w1, x[15], y[10]); + z[25] = w1; w1 = 0; + + word3_muladd(&w1, &w0, &w2, x[11], y[15]); + word3_muladd(&w1, &w0, &w2, x[12], y[14]); + word3_muladd(&w1, &w0, &w2, x[13], y[13]); + word3_muladd(&w1, &w0, &w2, x[14], y[12]); + word3_muladd(&w1, &w0, &w2, x[15], y[11]); + z[26] = w2; w2 = 0; word3_muladd(&w2, &w1, &w0, x[12], y[15]); word3_muladd(&w2, &w1, &w0, x[13], y[14]); word3_muladd(&w2, &w1, &w0, x[14], y[13]); word3_muladd(&w2, &w1, &w0, x[15], y[12]); - z[27] = w0; w0 = w1; w1 = w2; w2 = 0; + z[27] = w0; w0 = 0; - word3_muladd(&w2, &w1, &w0, x[13], y[15]); - word3_muladd(&w2, &w1, &w0, x[14], y[14]); - word3_muladd(&w2, &w1, &w0, x[15], y[13]); - z[28] = w0; w0 = w1; w1 = w2; w2 = 0; + word3_muladd(&w0, &w2, &w1, x[13], y[15]); + word3_muladd(&w0, &w2, &w1, x[14], y[14]); + word3_muladd(&w0, &w2, &w1, x[15], y[13]); + z[28] = w1; w1 = 0; - word3_muladd(&w2, &w1, &w0, x[14], y[15]); - word3_muladd(&w2, &w1, &w0, x[15], y[14]); - z[29] = w0; w0 = w1; w1 = w2; w2 = 0; + word3_muladd(&w1, &w0, &w2, x[14], y[15]); + word3_muladd(&w1, &w0, &w2, x[15], y[14]); + z[29] = w2; w2 = 0; word3_muladd(&w2, &w1, &w0, x[15], y[15]); z[30] = w0; diff --git a/src/math/mp/mp_core.h b/src/math/mp/mp_core.h index 40327b02b..82bdbad53 100644 --- a/src/math/mp/mp_core.h +++ b/src/math/mp/mp_core.h @@ -140,8 +140,7 @@ void bigint_comba_mul16(word z[32], const word x[16], const word y[16]); void bigint_comba_sqr4(word out[8], const word in[4]); void bigint_comba_sqr6(word out[12], const word in[6]); void bigint_comba_sqr8(word out[16], const word in[8]); -void bigint_comba_sqr8(word out[32], const word in[16]); -void bigint_comba_sqr16(word out[64], const word in[32]); +void bigint_comba_sqr16(word out[32], const word in[16]); } diff --git a/src/ssl/hello.cpp b/src/ssl/hello.cpp index 2c5a9d2ea..ae0d9607b 100644 --- a/src/ssl/hello.cpp +++ b/src/ssl/hello.cpp @@ -190,6 +190,14 @@ void Client_Hello::deserialize(const MemoryRegion<byte>& buf) } } } + else if(extension_code == TLSEXT_SRP_IDENTIFIER) + { + std::vector<byte> name = reader.get_range_vector<byte>(1, 1, 255); + + requested_srp_id.assign( + reinterpret_cast<char*>(&name[0]), + name.size()); + } else { reader.discard_next(extension_size); diff --git a/src/ssl/tls_magic.h b/src/ssl/tls_magic.h index 0c2a610b1..00898738e 100644 --- a/src/ssl/tls_magic.h +++ b/src/ssl/tls_magic.h @@ -181,6 +181,8 @@ enum TLS_Handshake_Extension_Type { TLSEXT_USABLE_ELLIPTIC_CURVES = 10, TLSEXT_EC_POINT_FORMATS = 11, + TLSEXT_SRP_IDENTIFIER = 12, + TLSEXT_CERTIFICATE_TYPES = 9, TLSEXT_SESSION_TICKET = 35 }; diff --git a/src/ssl/tls_messages.h b/src/ssl/tls_messages.h index 0b3553ac0..e7eaa56e1 100644 --- a/src/ssl/tls_messages.h +++ b/src/ssl/tls_messages.h @@ -51,6 +51,8 @@ class Client_Hello : public HandshakeMessage std::string hostname() const { return requested_hostname; } + std::string srp_identifier() const { return requested_srp_id; } + bool offered_suite(u16bit) const; Client_Hello(RandomNumberGenerator& rng, @@ -75,6 +77,7 @@ class Client_Hello : public HandshakeMessage std::vector<u16bit> suites; std::vector<byte> comp_algos; std::string requested_hostname; + std::string requested_srp_id; }; /** diff --git a/src/utils/cpuid.cpp b/src/utils/cpuid.cpp index 917789f65..f6581f09c 100644 --- a/src/utils/cpuid.cpp +++ b/src/utils/cpuid.cpp @@ -10,10 +10,20 @@ #include <botan/get_byte.h> #include <botan/mem_ops.h> +#if defined(BOTAN_TARGET_CPU_IS_PPC_FAMILY) + #if defined(BOTAN_TARGET_OS_IS_DARWIN) #include <sys/sysctl.h> #endif +#if defined(BOTAN_TARGET_OS_IS_OPENBSD) + #include <sys/param.h> + #include <sys/sysctl.h> + #include <machine/cpu.h> +#endif + +#endif + #if defined(BOTAN_TARGET_CPU_IS_X86_FAMILY) #if defined(BOTAN_BUILD_COMPILER_IS_MSVC) @@ -24,9 +34,9 @@ #elif defined(BOTAN_BUILD_COMPILER_IS_INTEL) #include <ia32intrin.h> - #define CALL_CPUID(type, out) do { __cpuid(out, type); } while(0); + #define CALL_CPUID(type, out) do { __cpuid(out, type); } while(0) -#elif (BOTAN_GCC_VERSION >= 430) +#elif defined(BOTAN_BUILD_COMPILER_IS_GCC) && (BOTAN_GCC_VERSION >= 430) // Only available starting in GCC 4.3 #include <cpuid.h> @@ -46,6 +56,20 @@ namespace { } +#elif defined(BOTAN_TARGET_ARCH_IS_X86_64) && \ + (defined(BOTAN_BUILD_COMPILER_IS_CLANG) || defined(BOTAN_BUILD_COMPILER_IS_GCC)) + + /* + * We can't safely use this on x86-32 as some 32-bit ABIs use ebx as + * a PIC register, and in theory there are some x86-32s still out + * there that don't support cpuid at all; it requires strange + * contortions to detect them. + */ + + #define CALL_CPUID(type, out) \ + asm("cpuid\n\t" : "=a" (out[0]), "=b" (out[1]), "=c" (out[2]), "=d" (out[3]) \ + : "0" (type)) + #else #warning "No method of calling CPUID for this compiler" #endif @@ -92,10 +116,14 @@ u32bit get_x86_cache_line_size() bool altivec_check_sysctl() { -#if defined(BOTAN_TARGET_OS_IS_DARWIN) +#if defined(BOTAN_TARGET_OS_IS_DARWIN) || defined(BOTAN_TARGET_OS_IS_OPENBSD) +#if defined(BOTAN_TARGET_OS_IS_OPENBSD) + int sels[2] = { CTL_MACHDEP, CPU_ALTIVEC }; +#else // From Apple's docs int sels[2] = { CTL_HW, HW_VECTORUNIT }; +#endif int vector_type = 0; size_t length = sizeof(vector_type); int error = sysctl(sels, 2, &vector_type, &length, NULL, 0); diff --git a/src/utils/dyn_load/dyn_load.cpp b/src/utils/dyn_load/dyn_load.cpp index 4a8cb16fa..06b8c5df3 100644 --- a/src/utils/dyn_load/dyn_load.cpp +++ b/src/utils/dyn_load/dyn_load.cpp @@ -39,7 +39,7 @@ Dynamically_Loaded_Library::Dynamically_Loaded_Library( raise_runtime_loader_exception(lib_name, dlerror()); #elif defined(BOTAN_TARGET_OS_HAS_LOADLIBRARY) - lib = ::LoadLibrary(lib_name.c_str()); + lib = ::LoadLibraryA(lib_name.c_str()); if(!lib) raise_runtime_loader_exception(lib_name, "LoadLibrary failed"); @@ -65,7 +65,8 @@ void* Dynamically_Loaded_Library::resolve_symbol(const std::string& symbol) #if defined(BOTAN_TARGET_OS_HAS_DLOPEN) addr = ::dlsym(lib, symbol.c_str()); #elif defined(BOTAN_TARGET_OS_HAS_LOADLIBRARY) - addr = ::GetProcAddress((HMODULE)lib, symbol.c_str()); + addr = reinterpret_cast<void*>(::GetProcAddress((HMODULE)lib, + symbol.c_str())); #endif if(!addr) |