The Tor Browser: comparison security/nss/lib/freebl/ecl/ec2

--1:000000000000
+:7e0a7b28c5cf
+/* This Source Code Form is subject to the terms of the Mozilla Public
+* License, v. 2.0. If a copy of the MPL was not distributed with this
+* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+#include "ec2.h"
+#include "mp_gf2m.h"
+#include "mp_gf2m-priv.h"
+#include "mpi.h"
+#include "mpi-priv.h"
+#include <stdlib.h>
+/* Fast reduction for polynomials over a 163-bit curve. Assumes reduction
+* polynomial with terms {163, 7, 6, 3, 0}. */
+mp_err
+ec_GF2m_163_mod(const mp_int *a, mp_int *r, const GFMethod *meth)
+{
+	mp_err res = MP_OKAY;
+	mp_digit *u, z;
+	if (a != r) {
+		MP_CHECKOK(mp_copy(a, r));
+	}
+#ifdef ECL_SIXTY_FOUR_BIT
+	if (MP_USED(r) < 6) {
+		MP_CHECKOK(s_mp_pad(r, 6));
+	}
+	u = MP_DIGITS(r);
+	MP_USED(r) = 6;
+	/* u[5] only has 6 significant bits */
+	z = u[5];
+	u[2] ^= (z << 36) ^ (z << 35) ^ (z << 32) ^ (z << 29);
+	z = u[4];
+	u[2] ^= (z >> 28) ^ (z >> 29) ^ (z >> 32) ^ (z >> 35);
+	u[1] ^= (z << 36) ^ (z << 35) ^ (z << 32) ^ (z << 29);
+	z = u[3];
+	u[1] ^= (z >> 28) ^ (z >> 29) ^ (z >> 32) ^ (z >> 35);
+	u[0] ^= (z << 36) ^ (z << 35) ^ (z << 32) ^ (z << 29);
+	z = u[2] >> 35;				/* z only has 29 significant bits */
+	u[0] ^= (z << 7) ^ (z << 6) ^ (z << 3) ^ z;
+	/* clear bits above 163 */
+	u[5] = u[4] = u[3] = 0;
+	u[2] ^= z << 35;
+#else
+	if (MP_USED(r) < 11) {
+		MP_CHECKOK(s_mp_pad(r, 11));
+	}
+	u = MP_DIGITS(r);
+	MP_USED(r) = 11;
+	/* u[11] only has 6 significant bits */
+	z = u[10];
+	u[5] ^= (z << 4) ^ (z << 3) ^ z ^ (z >> 3);
+	u[4] ^= (z << 29);
+	z = u[9];
+	u[5] ^= (z >> 28) ^ (z >> 29);
+	u[4] ^= (z << 4) ^ (z << 3) ^ z ^ (z >> 3);
+	u[3] ^= (z << 29);
+	z = u[8];
+	u[4] ^= (z >> 28) ^ (z >> 29);
+	u[3] ^= (z << 4) ^ (z << 3) ^ z ^ (z >> 3);
+	u[2] ^= (z << 29);
+	z = u[7];
+	u[3] ^= (z >> 28) ^ (z >> 29);
+	u[2] ^= (z << 4) ^ (z << 3) ^ z ^ (z >> 3);
+	u[1] ^= (z << 29);
+	z = u[6];
+	u[2] ^= (z >> 28) ^ (z >> 29);
+	u[1] ^= (z << 4) ^ (z << 3) ^ z ^ (z >> 3);
+	u[0] ^= (z << 29);
+	z = u[5] >> 3;				/* z only has 29 significant bits */
+	u[1] ^= (z >> 25) ^ (z >> 26);
+	u[0] ^= (z << 7) ^ (z << 6) ^ (z << 3) ^ z;
+	/* clear bits above 163 */
+	u[11] = u[10] = u[9] = u[8] = u[7] = u[6] = 0;
+	u[5] ^= z << 3;
+#endif
+	s_mp_clamp(r);
+CLEANUP:
+	return res;
+}
+/* Fast squaring for polynomials over a 163-bit curve. Assumes reduction
+* polynomial with terms {163, 7, 6, 3, 0}. */
+mp_err
+ec_GF2m_163_sqr(const mp_int *a, mp_int *r, const GFMethod *meth)
+{
+	mp_err res = MP_OKAY;
+	mp_digit *u, *v;
+	v = MP_DIGITS(a);
+#ifdef ECL_SIXTY_FOUR_BIT
+	if (MP_USED(a) < 3) {
+		return mp_bsqrmod(a, meth->irr_arr, r);
+	}
+	if (MP_USED(r) < 6) {
+		MP_CHECKOK(s_mp_pad(r, 6));
+	}
+	MP_USED(r) = 6;
+#else
+	if (MP_USED(a) < 6) {
+		return mp_bsqrmod(a, meth->irr_arr, r);
+	}
+	if (MP_USED(r) < 12) {
+		MP_CHECKOK(s_mp_pad(r, 12));
+	}
+	MP_USED(r) = 12;
+#endif
+	u = MP_DIGITS(r);
+#ifdef ECL_THIRTY_TWO_BIT
+	u[11] = gf2m_SQR1(v[5]);
+	u[10] = gf2m_SQR0(v[5]);
+	u[9] = gf2m_SQR1(v[4]);
+	u[8] = gf2m_SQR0(v[4]);
+	u[7] = gf2m_SQR1(v[3]);
+	u[6] = gf2m_SQR0(v[3]);
+#endif
+	u[5] = gf2m_SQR1(v[2]);
+	u[4] = gf2m_SQR0(v[2]);
+	u[3] = gf2m_SQR1(v[1]);
+	u[2] = gf2m_SQR0(v[1]);
+	u[1] = gf2m_SQR1(v[0]);
+	u[0] = gf2m_SQR0(v[0]);
+	return ec_GF2m_163_mod(r, r, meth);
+CLEANUP:
+	return res;
+}
+/* Fast multiplication for polynomials over a 163-bit curve. Assumes
+* reduction polynomial with terms {163, 7, 6, 3, 0}. */
+mp_err
+ec_GF2m_163_mul(const mp_int *a, const mp_int *b, mp_int *r,
+				const GFMethod *meth)
+{
+	mp_err res = MP_OKAY;
+	mp_digit a2 = 0, a1 = 0, a0, b2 = 0, b1 = 0, b0;
+#ifdef ECL_THIRTY_TWO_BIT
+	mp_digit a5 = 0, a4 = 0, a3 = 0, b5 = 0, b4 = 0, b3 = 0;
+	mp_digit rm[6];
+#endif
+	if (a == b) {
+		return ec_GF2m_163_sqr(a, r, meth);
+	} else {
+		switch (MP_USED(a)) {
+#ifdef ECL_THIRTY_TWO_BIT
+		case 6:
+			a5 = MP_DIGIT(a, 5);
+		case 5:
+			a4 = MP_DIGIT(a, 4);
+		case 4:
+			a3 = MP_DIGIT(a, 3);
+#endif
+		case 3:
+			a2 = MP_DIGIT(a, 2);
+		case 2:
+			a1 = MP_DIGIT(a, 1);
+		default:
+			a0 = MP_DIGIT(a, 0);
+		}
+		switch (MP_USED(b)) {
+#ifdef ECL_THIRTY_TWO_BIT
+		case 6:
+			b5 = MP_DIGIT(b, 5);
+		case 5:
+			b4 = MP_DIGIT(b, 4);
+		case 4:
+			b3 = MP_DIGIT(b, 3);
+#endif
+		case 3:
+			b2 = MP_DIGIT(b, 2);
+		case 2:
+			b1 = MP_DIGIT(b, 1);
+		default:
+			b0 = MP_DIGIT(b, 0);
+		}
+#ifdef ECL_SIXTY_FOUR_BIT
+		MP_CHECKOK(s_mp_pad(r, 6));
+		s_bmul_3x3(MP_DIGITS(r), a2, a1, a0, b2, b1, b0);
+		MP_USED(r) = 6;
+		s_mp_clamp(r);
+#else
+		MP_CHECKOK(s_mp_pad(r, 12));
+		s_bmul_3x3(MP_DIGITS(r) + 6, a5, a4, a3, b5, b4, b3);
+		s_bmul_3x3(MP_DIGITS(r), a2, a1, a0, b2, b1, b0);
+		s_bmul_3x3(rm, a5 ^ a2, a4 ^ a1, a3 ^ a0, b5 ^ b2, b4 ^ b1,
+				   b3 ^ b0);
+		rm[5] ^= MP_DIGIT(r, 5) ^ MP_DIGIT(r, 11);
+		rm[4] ^= MP_DIGIT(r, 4) ^ MP_DIGIT(r, 10);
+		rm[3] ^= MP_DIGIT(r, 3) ^ MP_DIGIT(r, 9);
+		rm[2] ^= MP_DIGIT(r, 2) ^ MP_DIGIT(r, 8);
+		rm[1] ^= MP_DIGIT(r, 1) ^ MP_DIGIT(r, 7);
+		rm[0] ^= MP_DIGIT(r, 0) ^ MP_DIGIT(r, 6);
+		MP_DIGIT(r, 8) ^= rm[5];
+		MP_DIGIT(r, 7) ^= rm[4];
+		MP_DIGIT(r, 6) ^= rm[3];
+		MP_DIGIT(r, 5) ^= rm[2];
+		MP_DIGIT(r, 4) ^= rm[1];
+		MP_DIGIT(r, 3) ^= rm[0];
+		MP_USED(r) = 12;
+		s_mp_clamp(r);
+#endif
+		return ec_GF2m_163_mod(r, r, meth);
+	}
+CLEANUP:
+	return res;
+}
+/* Wire in fast field arithmetic for 163-bit curves. */
+mp_err
+ec_group_set_gf2m163(ECGroup *group, ECCurveName name)
+{
+	group->meth->field_mod = &ec_GF2m_163_mod;
+	group->meth->field_mul = &ec_GF2m_163_mul;
+	group->meth->field_sqr = &ec_GF2m_163_sqr;
+	return MP_OKAY;
+}

The Tor Browser / file comparison

comparison: security/nss/lib/freebl/ecl/ec2_163.c

security/nss/lib/freebl/ecl/ec2_163.c