/src/BearSSL/src/int/i31_modpow.c
Line | Count | Source |
1 | | /* |
2 | | * Copyright (c) 2016 Thomas Pornin <pornin@bolet.org> |
3 | | * |
4 | | * Permission is hereby granted, free of charge, to any person obtaining |
5 | | * a copy of this software and associated documentation files (the |
6 | | * "Software"), to deal in the Software without restriction, including |
7 | | * without limitation the rights to use, copy, modify, merge, publish, |
8 | | * distribute, sublicense, and/or sell copies of the Software, and to |
9 | | * permit persons to whom the Software is furnished to do so, subject to |
10 | | * the following conditions: |
11 | | * |
12 | | * The above copyright notice and this permission notice shall be |
13 | | * included in all copies or substantial portions of the Software. |
14 | | * |
15 | | * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, |
16 | | * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF |
17 | | * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND |
18 | | * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS |
19 | | * BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN |
20 | | * ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN |
21 | | * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE |
22 | | * SOFTWARE. |
23 | | */ |
24 | | |
25 | | #include "inner.h" |
26 | | |
27 | | /* see inner.h */ |
28 | | void |
29 | | br_i31_modpow(uint32_t *x, |
30 | | const unsigned char *e, size_t elen, |
31 | | const uint32_t *m, uint32_t m0i, uint32_t *t1, uint32_t *t2) |
32 | 2.77k | { |
33 | 2.77k | size_t mlen; |
34 | 2.77k | uint32_t k; |
35 | | |
36 | | /* |
37 | | * 'mlen' is the length of m[] expressed in bytes (including |
38 | | * the "bit length" first field). |
39 | | */ |
40 | 2.77k | mlen = ((m[0] + 63) >> 5) * sizeof m[0]; |
41 | | |
42 | | /* |
43 | | * Throughout the algorithm: |
44 | | * -- t1[] is in Montgomery representation; it contains x, x^2, |
45 | | * x^4, x^8... |
46 | | * -- The result is accumulated, in normal representation, in |
47 | | * the x[] array. |
48 | | * -- t2[] is used as destination buffer for each multiplication. |
49 | | * |
50 | | * Note that there is no need to call br_i32_from_monty(). |
51 | | */ |
52 | 2.77k | memcpy(t1, x, mlen); |
53 | 2.77k | br_i31_to_monty(t1, m); |
54 | 2.77k | br_i31_zero(x, m[0]); |
55 | 2.77k | x[1] = 1; |
56 | 1.14M | for (k = 0; k < ((uint32_t)elen << 3); k ++) { |
57 | 1.14M | uint32_t ctl; |
58 | | |
59 | 1.14M | ctl = (e[elen - 1 - (k >> 3)] >> (k & 7)) & 1; |
60 | 1.14M | br_i31_montymul(t2, x, t1, m, m0i); |
61 | 1.14M | CCOPY(ctl, x, t2, mlen); |
62 | 1.14M | br_i31_montymul(t2, t1, t1, m, m0i); |
63 | 1.14M | memcpy(t1, t2, mlen); |
64 | 1.14M | } |
65 | 2.77k | } |