From 8afb3ef97b98ab39eb1650eb2f78e73ee35c1190 Mon Sep 17 00:00:00 2001 From: Zhi Guan Date: Mon, 24 Aug 2015 14:39:45 +0800 Subject: [PATCH] ECIES --- Makefile | 44 +- Makefile.bak | 44 +- Makefile.org | 2 +- README.md | 4 + a.txt | 20 - b.txt | 12 - build-mac.sh | 11 +- certs/demo/.0 | 1 + crypto/ec/ecp_nistz256-x86_64.s | 3504 +++++++++++++++++++++++++++++++ crypto/ecies/Makefile | 142 ++ crypto/ecies/ecies.h | 72 + crypto/ecies/ecies_asn1.c | 316 +++ crypto/ecies/ecies_err.c | 41 + crypto/ecies/ecies_lcl.h | 0 crypto/ecies/ecies_lib.c | 314 +++ crypto/ecies/eciestest.c | 123 ++ crypto/ecies/kdf.h | 23 + crypto/ecies/kdf_x9_63.c | 113 + crypto/err/err.h | 3 + crypto/evp/c_allc.c | 4 +- crypto/objects/obj_dat.h | 108 +- crypto/objects/obj_mac.h | 70 + crypto/objects/obj_mac.num | 17 + crypto/objects/objects.txt | 23 + crypto/opensslconf.h | 14 +- include/openssl/ecies.h | 1 + include/openssl/kdf.h | 1 + test/eciestest.c | 1 + tools/c_rehash | 4 +- util/mkdef.pl | 4 +- util/mkfiles.pl | 1 + 31 files changed, 4942 insertions(+), 95 deletions(-) delete mode 100644 a.txt delete mode 100644 b.txt create mode 120000 certs/demo/.0 create mode 100644 crypto/ec/ecp_nistz256-x86_64.s create mode 100644 crypto/ecies/Makefile create mode 100644 crypto/ecies/ecies.h create mode 100644 crypto/ecies/ecies_asn1.c create mode 100644 crypto/ecies/ecies_err.c create mode 100644 crypto/ecies/ecies_lcl.h create mode 100644 crypto/ecies/ecies_lib.c create mode 100644 crypto/ecies/eciestest.c create mode 100644 crypto/ecies/kdf.h create mode 100644 crypto/ecies/kdf_x9_63.c create mode 120000 include/openssl/ecies.h create mode 120000 include/openssl/kdf.h create mode 120000 test/eciestest.c diff --git a/Makefile b/Makefile index 0cb2c701..6038307e 100644 --- a/Makefile +++ b/Makefile @@ -12,9 +12,9 @@ SHLIB_VERSION_HISTORY= SHLIB_MAJOR=1 SHLIB_MINOR=0.0 SHLIB_EXT=.$(SHLIB_MAJOR).$(SHLIB_MINOR).dylib -PLATFORM=darwin-i386-cc -OPTIONS= no-ec_nistp_64_gcc_128 no-gmp no-jpake no-krb5 no-libunbound no-md2 no-rc5 no-rfc3779 no-sctp no-shared no-ssl-trace no-store no-unit-test no-zlib no-zlib-dynamic static-engine -CONFIGURE_ARGS=darwin-i386-cc +PLATFORM=darwin64-x86_64-cc +OPTIONS=--prefix=/usr/local --openssldir=/usr/local/openssl no-ec_nistp_64_gcc_128 no-gmp no-jpake no-krb5 no-libunbound no-md2 no-rc5 no-rfc3779 no-sctp no-shared no-ssl-trace no-store no-unit-test no-zlib no-zlib-dynamic static-engine +CONFIGURE_ARGS=darwin64-x86_64-cc --prefix=/usr/local --openssldir=/usr/local/openssl SHLIB_TARGET=darwin-shared # HERE indicates where this Makefile lives. This can be used to indicate @@ -26,10 +26,10 @@ HERE=. # for, say, /usr/ and yet have everything installed to /tmp/somedir/usr/. # Normally it is left empty. INSTALL_PREFIX= -INSTALLTOP=/usr/local/ssl +INSTALLTOP=/usr/local # Do not edit this manually. Use Configure --openssldir=DIR do change this! -OPENSSLDIR=/usr/local/ssl +OPENSSLDIR=/usr/local/openssl # NO_IDEA - Define to build without the IDEA algorithm # NO_RC4 - Define to build without the RC4 algorithm @@ -60,7 +60,7 @@ OPENSSLDIR=/usr/local/ssl # PKCS1_CHECK - pkcs1 tests. CC= cc -CFLAG= -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -arch i386 -O3 -fomit-frame-pointer -DL_ENDIAN -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM +CFLAG= -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -arch x86_64 -O3 -DL_ENDIAN -Wall -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DECP_NISTZ256_ASM DEPFLAG= -DOPENSSL_NO_EC_NISTP_64_GCC_128 -DOPENSSL_NO_GMP -DOPENSSL_NO_JPAKE -DOPENSSL_NO_LIBUNBOUND -DOPENSSL_NO_MD2 -DOPENSSL_NO_RC5 -DOPENSSL_NO_RFC3779 -DOPENSSL_NO_SCTP -DOPENSSL_NO_SSL_TRACE -DOPENSSL_NO_STORE -DOPENSSL_NO_UNIT_TEST PEX_LIBS= -Wl,-search_paths_first EX_LIBS= @@ -88,21 +88,21 @@ ASFLAG=$(CFLAG) PROCESSOR= # CPUID module collects small commonly used assembler snippets -CPUID_OBJ= x86cpuid.o -BN_ASM= bn-586.o co-586.o x86-mont.o x86-gf2m.o -EC_ASM= -DES_ENC= des-586.o crypt586.o -AES_ENC= aes-586.o vpaes-x86.o aesni-x86.o -BF_ENC= bf-586.o +CPUID_OBJ= x86_64cpuid.o +BN_ASM= x86_64-gcc.o x86_64-mont.o x86_64-mont5.o x86_64-gf2m.o rsaz_exp.o rsaz-x86_64.o rsaz-avx2.o +EC_ASM= ecp_nistz256.o ecp_nistz256-x86_64.o +DES_ENC= des_enc.o fcrypt_b.o +AES_ENC= aes-x86_64.o vpaes-x86_64.o bsaes-x86_64.o aesni-x86_64.o aesni-sha1-x86_64.o aesni-sha256-x86_64.o aesni-mb-x86_64.o +BF_ENC= bf_enc.o CAST_ENC= c_enc.o -RC4_ENC= rc4-586.o -RC5_ENC= rc5-586.o -MD5_ASM_OBJ= md5-586.o -SHA1_ASM_OBJ= sha1-586.o sha256-586.o sha512-586.o -RMD160_ASM_OBJ= rmd-586.o -WP_ASM_OBJ= wp_block.o wp-mmx.o -CMLL_ENC= cmll-x86.o -MODES_ASM_OBJ= ghash-x86.o +RC4_ENC= rc4_enc.o rc4_skey.o +RC5_ENC= rc5_enc.o +MD5_ASM_OBJ= md5-x86_64.o +SHA1_ASM_OBJ= sha1-x86_64.o sha256-x86_64.o sha512-x86_64.o sha1-mb-x86_64.o sha256-mb-x86_64.o +RMD160_ASM_OBJ= +WP_ASM_OBJ= wp-x86_64.o +CMLL_ENC= cmll-x86_64.o cmll_misc.o +MODES_ASM_OBJ= ghash-x86_64.o aesni-gcm-x86_64.o ENGINES_ASM_OBJ= PERLASM_SCHEME= macosx @@ -147,7 +147,7 @@ SDIRS= \ objects \ md4 md5 sha mdc2 hmac sm3 sms4 ripemd whrlpool \ des aes rc2 rc4 idea bf cast camellia seed modes \ - bn ec rsa dsa ecdsa dh ecdh dso engine \ + bn ec rsa dsa ecdsa dh ecdh ecies dso engine \ buffer bio stack lhash rand err \ evp asn1 pem x509 x509v3 conf txt_db pkcs7 pkcs12 comp ocsp ui krb5 \ cms pqueue ts srp cmac @@ -177,7 +177,7 @@ SHARED_CRYPTO=libcrypto$(SHLIB_EXT) SHARED_SSL=libssl$(SHLIB_EXT) SHARED_LIBS= SHARED_LIBS_LINK_EXTS=.$(SHLIB_MAJOR).dylib .dylib -SHARED_LDFLAGS=-arch i386 -dynamiclib +SHARED_LDFLAGS=-arch x86_64 -dynamiclib GENERAL= Makefile BASENAME= openssl diff --git a/Makefile.bak b/Makefile.bak index 0cb2c701..6038307e 100644 --- a/Makefile.bak +++ b/Makefile.bak @@ -12,9 +12,9 @@ SHLIB_VERSION_HISTORY= SHLIB_MAJOR=1 SHLIB_MINOR=0.0 SHLIB_EXT=.$(SHLIB_MAJOR).$(SHLIB_MINOR).dylib -PLATFORM=darwin-i386-cc -OPTIONS= no-ec_nistp_64_gcc_128 no-gmp no-jpake no-krb5 no-libunbound no-md2 no-rc5 no-rfc3779 no-sctp no-shared no-ssl-trace no-store no-unit-test no-zlib no-zlib-dynamic static-engine -CONFIGURE_ARGS=darwin-i386-cc +PLATFORM=darwin64-x86_64-cc +OPTIONS=--prefix=/usr/local --openssldir=/usr/local/openssl no-ec_nistp_64_gcc_128 no-gmp no-jpake no-krb5 no-libunbound no-md2 no-rc5 no-rfc3779 no-sctp no-shared no-ssl-trace no-store no-unit-test no-zlib no-zlib-dynamic static-engine +CONFIGURE_ARGS=darwin64-x86_64-cc --prefix=/usr/local --openssldir=/usr/local/openssl SHLIB_TARGET=darwin-shared # HERE indicates where this Makefile lives. This can be used to indicate @@ -26,10 +26,10 @@ HERE=. # for, say, /usr/ and yet have everything installed to /tmp/somedir/usr/. # Normally it is left empty. INSTALL_PREFIX= -INSTALLTOP=/usr/local/ssl +INSTALLTOP=/usr/local # Do not edit this manually. Use Configure --openssldir=DIR do change this! -OPENSSLDIR=/usr/local/ssl +OPENSSLDIR=/usr/local/openssl # NO_IDEA - Define to build without the IDEA algorithm # NO_RC4 - Define to build without the RC4 algorithm @@ -60,7 +60,7 @@ OPENSSLDIR=/usr/local/ssl # PKCS1_CHECK - pkcs1 tests. CC= cc -CFLAG= -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -arch i386 -O3 -fomit-frame-pointer -DL_ENDIAN -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM +CFLAG= -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -arch x86_64 -O3 -DL_ENDIAN -Wall -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DECP_NISTZ256_ASM DEPFLAG= -DOPENSSL_NO_EC_NISTP_64_GCC_128 -DOPENSSL_NO_GMP -DOPENSSL_NO_JPAKE -DOPENSSL_NO_LIBUNBOUND -DOPENSSL_NO_MD2 -DOPENSSL_NO_RC5 -DOPENSSL_NO_RFC3779 -DOPENSSL_NO_SCTP -DOPENSSL_NO_SSL_TRACE -DOPENSSL_NO_STORE -DOPENSSL_NO_UNIT_TEST PEX_LIBS= -Wl,-search_paths_first EX_LIBS= @@ -88,21 +88,21 @@ ASFLAG=$(CFLAG) PROCESSOR= # CPUID module collects small commonly used assembler snippets -CPUID_OBJ= x86cpuid.o -BN_ASM= bn-586.o co-586.o x86-mont.o x86-gf2m.o -EC_ASM= -DES_ENC= des-586.o crypt586.o -AES_ENC= aes-586.o vpaes-x86.o aesni-x86.o -BF_ENC= bf-586.o +CPUID_OBJ= x86_64cpuid.o +BN_ASM= x86_64-gcc.o x86_64-mont.o x86_64-mont5.o x86_64-gf2m.o rsaz_exp.o rsaz-x86_64.o rsaz-avx2.o +EC_ASM= ecp_nistz256.o ecp_nistz256-x86_64.o +DES_ENC= des_enc.o fcrypt_b.o +AES_ENC= aes-x86_64.o vpaes-x86_64.o bsaes-x86_64.o aesni-x86_64.o aesni-sha1-x86_64.o aesni-sha256-x86_64.o aesni-mb-x86_64.o +BF_ENC= bf_enc.o CAST_ENC= c_enc.o -RC4_ENC= rc4-586.o -RC5_ENC= rc5-586.o -MD5_ASM_OBJ= md5-586.o -SHA1_ASM_OBJ= sha1-586.o sha256-586.o sha512-586.o -RMD160_ASM_OBJ= rmd-586.o -WP_ASM_OBJ= wp_block.o wp-mmx.o -CMLL_ENC= cmll-x86.o -MODES_ASM_OBJ= ghash-x86.o +RC4_ENC= rc4_enc.o rc4_skey.o +RC5_ENC= rc5_enc.o +MD5_ASM_OBJ= md5-x86_64.o +SHA1_ASM_OBJ= sha1-x86_64.o sha256-x86_64.o sha512-x86_64.o sha1-mb-x86_64.o sha256-mb-x86_64.o +RMD160_ASM_OBJ= +WP_ASM_OBJ= wp-x86_64.o +CMLL_ENC= cmll-x86_64.o cmll_misc.o +MODES_ASM_OBJ= ghash-x86_64.o aesni-gcm-x86_64.o ENGINES_ASM_OBJ= PERLASM_SCHEME= macosx @@ -147,7 +147,7 @@ SDIRS= \ objects \ md4 md5 sha mdc2 hmac sm3 sms4 ripemd whrlpool \ des aes rc2 rc4 idea bf cast camellia seed modes \ - bn ec rsa dsa ecdsa dh ecdh dso engine \ + bn ec rsa dsa ecdsa dh ecdh ecies dso engine \ buffer bio stack lhash rand err \ evp asn1 pem x509 x509v3 conf txt_db pkcs7 pkcs12 comp ocsp ui krb5 \ cms pqueue ts srp cmac @@ -177,7 +177,7 @@ SHARED_CRYPTO=libcrypto$(SHLIB_EXT) SHARED_SSL=libssl$(SHLIB_EXT) SHARED_LIBS= SHARED_LIBS_LINK_EXTS=.$(SHLIB_MAJOR).dylib .dylib -SHARED_LDFLAGS=-arch i386 -dynamiclib +SHARED_LDFLAGS=-arch x86_64 -dynamiclib GENERAL= Makefile BASENAME= openssl diff --git a/Makefile.org b/Makefile.org index f97a2ea1..33483667 100644 --- a/Makefile.org +++ b/Makefile.org @@ -145,7 +145,7 @@ SDIRS= \ objects \ md2 md4 md5 sha mdc2 hmac sm3 sms4 ripemd whrlpool \ des aes rc2 rc4 rc5 idea bf cast camellia seed modes \ - bn ec rsa dsa ecdsa dh ecdh dso engine \ + bn ec rsa dsa ecdsa dh ecdh ecies dso engine \ buffer bio stack lhash rand err \ evp asn1 pem x509 x509v3 conf txt_db pkcs7 pkcs12 comp ocsp ui krb5 \ cms pqueue ts jpake srp store cmac diff --git a/README.md b/README.md index 36e72274..bc89dedc 100644 --- a/README.md +++ b/README.md @@ -7,4 +7,8 @@ The OpenSSL integrated with Chinese national cryptography standard: * SM3: Hash algorithm with 256-bit digest length, use `EVP_sm3()` * SM4: or SMS4, a Feistel-style block cipher with 128-bit key length and 128-bit block size, use `EVP_sms4_ecb()`, `EVP_sms4_cbc()`, `EVP_sms4_cfb()`, `EVP_sms4_ofb()`. +Also SECG algoirthms: + + * ECIES: Elliptic Curve Integrated Encryption Scheme + diff --git a/a.txt b/a.txt deleted file mode 100644 index 384fcfe6..00000000 --- a/a.txt +++ /dev/null @@ -1,20 +0,0 @@ -libcrypto.a(md5_dgst.o): - U _md5_block_asm_data_order -libcrypto.a(md5_one.o): -libcrypto.a(md5-586.o): -00000000 T _md5_block_asm_data_order -libcrypto.a(m_md5.o): -00000000 T _EVP_md5 -00000080 s _md5_md - U _EVP_rc4_hmac_md5 - U _EVP_md5 -libcrypto.a(e_rc4_hmac_md5.o): -00000000 T _EVP_rc4_hmac_md5 -000004e0 d _r4_hmac_md5_cipher -00000080 t _rc4_hmac_md5_cipher -000002c0 t _rc4_hmac_md5_ctrl -00000010 t _rc4_hmac_md5_init_key - U _EVP_md5 - U _EVP_md5 - U _EVP_md5 - U _EVP_md5 diff --git a/b.txt b/b.txt deleted file mode 100644 index aa6634dd..00000000 --- a/b.txt +++ /dev/null @@ -1,12 +0,0 @@ -libcrypto.a(sm3.o): -000006a0 T _sm3 -00000160 T _sm3_compress -00000530 T _sm3_final -00000000 T _sm3_init -00000060 T _sm3_update -libcrypto.a(m_sm3.o): -00000000 T _EVP_sm3 - U _sm3_final - U _sm3_init -00000080 s _sm3_md - U _sm3_update diff --git a/build-mac.sh b/build-mac.sh index d0499452..24016b93 100755 --- a/build-mac.sh +++ b/build-mac.sh @@ -1,5 +1,14 @@ #!/bin/bash -./Configure darwin64-x86_64-cc no-asm --prefix=/usr/local --openssldir=/usr/local/openssl +./Configure darwin64-x86_64-cc --prefix=/usr/local --openssldir=/usr/local/openssl make sudo make install + + + +# build libp11 +# $ ./bootstrap +# $ LIBP11_CFLAGS='-I/usr/local/include'; export LIBP11_CFLAGS +# $ LIBP11_LIBS='-L/usr/local/lib -lp11'; export LIBP11_LIBS +# $ ./configure + diff --git a/certs/demo/.0 b/certs/demo/.0 new file mode 120000 index 00000000..188face1 --- /dev/null +++ b/certs/demo/.0 @@ -0,0 +1 @@ +ca-cert.pem \ No newline at end of file diff --git a/crypto/ec/ecp_nistz256-x86_64.s b/crypto/ec/ecp_nistz256-x86_64.s new file mode 100644 index 00000000..9bfbcba0 --- /dev/null +++ b/crypto/ec/ecp_nistz256-x86_64.s @@ -0,0 +1,3504 @@ +.text + + + +.p2align 6 +L$poly: +.quad 0xffffffffffffffff, 0x00000000ffffffff, 0x0000000000000000, 0xffffffff00000001 + + +L$RR: +.quad 0x0000000000000003, 0xfffffffbffffffff, 0xfffffffffffffffe, 0x00000004fffffffd + +L$One: +.long 1,1,1,1,1,1,1,1 +L$Two: +.long 2,2,2,2,2,2,2,2 +L$Three: +.long 3,3,3,3,3,3,3,3 +L$ONE_mont: +.quad 0x0000000000000001, 0xffffffff00000000, 0xffffffffffffffff, 0x00000000fffffffe + +.globl _ecp_nistz256_mul_by_2 + +.p2align 6 +_ecp_nistz256_mul_by_2: + pushq %r12 + pushq %r13 + + movq 0(%rsi),%r8 + movq 8(%rsi),%r9 + addq %r8,%r8 + movq 16(%rsi),%r10 + adcq %r9,%r9 + movq 24(%rsi),%r11 + leaq L$poly(%rip),%rsi + movq %r8,%rax + adcq %r10,%r10 + adcq %r11,%r11 + movq %r9,%rdx + sbbq %r13,%r13 + + subq 0(%rsi),%r8 + movq %r10,%rcx + sbbq 8(%rsi),%r9 + sbbq 16(%rsi),%r10 + movq %r11,%r12 + sbbq 24(%rsi),%r11 + testq %r13,%r13 + + cmovzq %rax,%r8 + cmovzq %rdx,%r9 + movq %r8,0(%rdi) + cmovzq %rcx,%r10 + movq %r9,8(%rdi) + cmovzq %r12,%r11 + movq %r10,16(%rdi) + movq %r11,24(%rdi) + + popq %r13 + popq %r12 + .byte 0xf3,0xc3 + + + + +.globl _ecp_nistz256_div_by_2 + +.p2align 5 +_ecp_nistz256_div_by_2: + pushq %r12 + pushq %r13 + + movq 0(%rsi),%r8 + movq 8(%rsi),%r9 + movq 16(%rsi),%r10 + movq %r8,%rax + movq 24(%rsi),%r11 + leaq L$poly(%rip),%rsi + + movq %r9,%rdx + xorq %r13,%r13 + addq 0(%rsi),%r8 + movq %r10,%rcx + adcq 8(%rsi),%r9 + adcq 16(%rsi),%r10 + movq %r11,%r12 + adcq 24(%rsi),%r11 + adcq $0,%r13 + xorq %rsi,%rsi + testq $1,%rax + + cmovzq %rax,%r8 + cmovzq %rdx,%r9 + cmovzq %rcx,%r10 + cmovzq %r12,%r11 + cmovzq %rsi,%r13 + + movq %r9,%rax + shrq $1,%r8 + shlq $63,%rax + movq %r10,%rdx + shrq $1,%r9 + orq %rax,%r8 + shlq $63,%rdx + movq %r11,%rcx + shrq $1,%r10 + orq %rdx,%r9 + shlq $63,%rcx + shrq $1,%r11 + shlq $63,%r13 + orq %rcx,%r10 + orq %r13,%r11 + + movq %r8,0(%rdi) + movq %r9,8(%rdi) + movq %r10,16(%rdi) + movq %r11,24(%rdi) + + popq %r13 + popq %r12 + .byte 0xf3,0xc3 + + + + +.globl _ecp_nistz256_mul_by_3 + +.p2align 5 +_ecp_nistz256_mul_by_3: + pushq %r12 + pushq %r13 + + movq 0(%rsi),%r8 + xorq %r13,%r13 + movq 8(%rsi),%r9 + addq %r8,%r8 + movq 16(%rsi),%r10 + adcq %r9,%r9 + movq 24(%rsi),%r11 + movq %r8,%rax + adcq %r10,%r10 + adcq %r11,%r11 + movq %r9,%rdx + adcq $0,%r13 + + subq $-1,%r8 + movq %r10,%rcx + sbbq L$poly+8(%rip),%r9 + sbbq $0,%r10 + movq %r11,%r12 + sbbq L$poly+24(%rip),%r11 + testq %r13,%r13 + + cmovzq %rax,%r8 + cmovzq %rdx,%r9 + cmovzq %rcx,%r10 + cmovzq %r12,%r11 + + xorq %r13,%r13 + addq 0(%rsi),%r8 + adcq 8(%rsi),%r9 + movq %r8,%rax + adcq 16(%rsi),%r10 + adcq 24(%rsi),%r11 + movq %r9,%rdx + adcq $0,%r13 + + subq $-1,%r8 + movq %r10,%rcx + sbbq L$poly+8(%rip),%r9 + sbbq $0,%r10 + movq %r11,%r12 + sbbq L$poly+24(%rip),%r11 + testq %r13,%r13 + + cmovzq %rax,%r8 + cmovzq %rdx,%r9 + movq %r8,0(%rdi) + cmovzq %rcx,%r10 + movq %r9,8(%rdi) + cmovzq %r12,%r11 + movq %r10,16(%rdi) + movq %r11,24(%rdi) + + popq %r13 + popq %r12 + .byte 0xf3,0xc3 + + + + +.globl _ecp_nistz256_add + +.p2align 5 +_ecp_nistz256_add: + pushq %r12 + pushq %r13 + + movq 0(%rsi),%r8 + xorq %r13,%r13 + movq 8(%rsi),%r9 + movq 16(%rsi),%r10 + movq 24(%rsi),%r11 + leaq L$poly(%rip),%rsi + + addq 0(%rdx),%r8 + adcq 8(%rdx),%r9 + movq %r8,%rax + adcq 16(%rdx),%r10 + adcq 24(%rdx),%r11 + movq %r9,%rdx + adcq $0,%r13 + + subq 0(%rsi),%r8 + movq %r10,%rcx + sbbq 8(%rsi),%r9 + sbbq 16(%rsi),%r10 + movq %r11,%r12 + sbbq 24(%rsi),%r11 + testq %r13,%r13 + + cmovzq %rax,%r8 + cmovzq %rdx,%r9 + movq %r8,0(%rdi) + cmovzq %rcx,%r10 + movq %r9,8(%rdi) + cmovzq %r12,%r11 + movq %r10,16(%rdi) + movq %r11,24(%rdi) + + popq %r13 + popq %r12 + .byte 0xf3,0xc3 + + + + +.globl _ecp_nistz256_sub + +.p2align 5 +_ecp_nistz256_sub: + pushq %r12 + pushq %r13 + + movq 0(%rsi),%r8 + xorq %r13,%r13 + movq 8(%rsi),%r9 + movq 16(%rsi),%r10 + movq 24(%rsi),%r11 + leaq L$poly(%rip),%rsi + + subq 0(%rdx),%r8 + sbbq 8(%rdx),%r9 + movq %r8,%rax + sbbq 16(%rdx),%r10 + sbbq 24(%rdx),%r11 + movq %r9,%rdx + sbbq $0,%r13 + + addq 0(%rsi),%r8 + movq %r10,%rcx + adcq 8(%rsi),%r9 + adcq 16(%rsi),%r10 + movq %r11,%r12 + adcq 24(%rsi),%r11 + testq %r13,%r13 + + cmovzq %rax,%r8 + cmovzq %rdx,%r9 + movq %r8,0(%rdi) + cmovzq %rcx,%r10 + movq %r9,8(%rdi) + cmovzq %r12,%r11 + movq %r10,16(%rdi) + movq %r11,24(%rdi) + + popq %r13 + popq %r12 + .byte 0xf3,0xc3 + + + + +.globl _ecp_nistz256_neg + +.p2align 5 +_ecp_nistz256_neg: + pushq %r12 + pushq %r13 + + xorq %r8,%r8 + xorq %r9,%r9 + xorq %r10,%r10 + xorq %r11,%r11 + xorq %r13,%r13 + + subq 0(%rsi),%r8 + sbbq 8(%rsi),%r9 + sbbq 16(%rsi),%r10 + movq %r8,%rax + sbbq 24(%rsi),%r11 + leaq L$poly(%rip),%rsi + movq %r9,%rdx + sbbq $0,%r13 + + addq 0(%rsi),%r8 + movq %r10,%rcx + adcq 8(%rsi),%r9 + adcq 16(%rsi),%r10 + movq %r11,%r12 + adcq 24(%rsi),%r11 + testq %r13,%r13 + + cmovzq %rax,%r8 + cmovzq %rdx,%r9 + movq %r8,0(%rdi) + cmovzq %rcx,%r10 + movq %r9,8(%rdi) + cmovzq %r12,%r11 + movq %r10,16(%rdi) + movq %r11,24(%rdi) + + popq %r13 + popq %r12 + .byte 0xf3,0xc3 + + + + + +.globl _ecp_nistz256_to_mont + +.p2align 5 +_ecp_nistz256_to_mont: + movl $524544,%ecx + andl _OPENSSL_ia32cap_P+8(%rip),%ecx + leaq L$RR(%rip),%rdx + jmp L$mul_mont + + + + + + + + +.globl _ecp_nistz256_mul_mont + +.p2align 5 +_ecp_nistz256_mul_mont: + movl $524544,%ecx + andl _OPENSSL_ia32cap_P+8(%rip),%ecx +L$mul_mont: + pushq %rbp + pushq %rbx + pushq %r12 + pushq %r13 + pushq %r14 + pushq %r15 + cmpl $524544,%ecx + je L$mul_montx + movq %rdx,%rbx + movq 0(%rdx),%rax + movq 0(%rsi),%r9 + movq 8(%rsi),%r10 + movq 16(%rsi),%r11 + movq 24(%rsi),%r12 + + call __ecp_nistz256_mul_montq + jmp L$mul_mont_done + +.p2align 5 +L$mul_montx: + movq %rdx,%rbx + movq 0(%rdx),%rdx + movq 0(%rsi),%r9 + movq 8(%rsi),%r10 + movq 16(%rsi),%r11 + movq 24(%rsi),%r12 + leaq -128(%rsi),%rsi + + call __ecp_nistz256_mul_montx +L$mul_mont_done: + popq %r15 + popq %r14 + popq %r13 + popq %r12 + popq %rbx + popq %rbp + .byte 0xf3,0xc3 + + + +.p2align 5 +__ecp_nistz256_mul_montq: + + + movq %rax,%rbp + mulq %r9 + movq L$poly+8(%rip),%r14 + movq %rax,%r8 + movq %rbp,%rax + movq %rdx,%r9 + + mulq %r10 + movq L$poly+24(%rip),%r15 + addq %rax,%r9 + movq %rbp,%rax + adcq $0,%rdx + movq %rdx,%r10 + + mulq %r11 + addq %rax,%r10 + movq %rbp,%rax + adcq $0,%rdx + movq %rdx,%r11 + + mulq %r12 + addq %rax,%r11 + movq %r8,%rax + adcq $0,%rdx + xorq %r13,%r13 + movq %rdx,%r12 + + + + + + + + + + + movq %r8,%rbp + shlq $32,%r8 + mulq %r15 + shrq $32,%rbp + addq %r8,%r9 + adcq %rbp,%r10 + adcq %rax,%r11 + movq 8(%rbx),%rax + adcq %rdx,%r12 + adcq $0,%r13 + xorq %r8,%r8 + + + + movq %rax,%rbp + mulq 0(%rsi) + addq %rax,%r9 + movq %rbp,%rax + adcq $0,%rdx + movq %rdx,%rcx + + mulq 8(%rsi) + addq %rcx,%r10 + adcq $0,%rdx + addq %rax,%r10 + movq %rbp,%rax + adcq $0,%rdx + movq %rdx,%rcx + + mulq 16(%rsi) + addq %rcx,%r11 + adcq $0,%rdx + addq %rax,%r11 + movq %rbp,%rax + adcq $0,%rdx + movq %rdx,%rcx + + mulq 24(%rsi) + addq %rcx,%r12 + adcq $0,%rdx + addq %rax,%r12 + movq %r9,%rax + adcq %rdx,%r13 + adcq $0,%r8 + + + + movq %r9,%rbp + shlq $32,%r9 + mulq %r15 + shrq $32,%rbp + addq %r9,%r10 + adcq %rbp,%r11 + adcq %rax,%r12 + movq 16(%rbx),%rax + adcq %rdx,%r13 + adcq $0,%r8 + xorq %r9,%r9 + + + + movq %rax,%rbp + mulq 0(%rsi) + addq %rax,%r10 + movq %rbp,%rax + adcq $0,%rdx + movq %rdx,%rcx + + mulq 8(%rsi) + addq %rcx,%r11 + adcq $0,%rdx + addq %rax,%r11 + movq %rbp,%rax + adcq $0,%rdx + movq %rdx,%rcx + + mulq 16(%rsi) + addq %rcx,%r12 + adcq $0,%rdx + addq %rax,%r12 + movq %rbp,%rax + adcq $0,%rdx + movq %rdx,%rcx + + mulq 24(%rsi) + addq %rcx,%r13 + adcq $0,%rdx + addq %rax,%r13 + movq %r10,%rax + adcq %rdx,%r8 + adcq $0,%r9 + + + + movq %r10,%rbp + shlq $32,%r10 + mulq %r15 + shrq $32,%rbp + addq %r10,%r11 + adcq %rbp,%r12 + adcq %rax,%r13 + movq 24(%rbx),%rax + adcq %rdx,%r8 + adcq $0,%r9 + xorq %r10,%r10 + + + + movq %rax,%rbp + mulq 0(%rsi) + addq %rax,%r11 + movq %rbp,%rax + adcq $0,%rdx + movq %rdx,%rcx + + mulq 8(%rsi) + addq %rcx,%r12 + adcq $0,%rdx + addq %rax,%r12 + movq %rbp,%rax + adcq $0,%rdx + movq %rdx,%rcx + + mulq 16(%rsi) + addq %rcx,%r13 + adcq $0,%rdx + addq %rax,%r13 + movq %rbp,%rax + adcq $0,%rdx + movq %rdx,%rcx + + mulq 24(%rsi) + addq %rcx,%r8 + adcq $0,%rdx + addq %rax,%r8 + movq %r11,%rax + adcq %rdx,%r9 + adcq $0,%r10 + + + + movq %r11,%rbp + shlq $32,%r11 + mulq %r15 + shrq $32,%rbp + addq %r11,%r12 + adcq %rbp,%r13 + movq %r12,%rcx + adcq %rax,%r8 + adcq %rdx,%r9 + movq %r13,%rbp + adcq $0,%r10 + + + + subq $-1,%r12 + movq %r8,%rbx + sbbq %r14,%r13 + sbbq $0,%r8 + movq %r9,%rdx + sbbq %r15,%r9 + sbbq $0,%r10 + + cmovcq %rcx,%r12 + cmovcq %rbp,%r13 + movq %r12,0(%rdi) + cmovcq %rbx,%r8 + movq %r13,8(%rdi) + cmovcq %rdx,%r9 + movq %r8,16(%rdi) + movq %r9,24(%rdi) + + .byte 0xf3,0xc3 + + + + + + + + + +.globl _ecp_nistz256_sqr_mont + +.p2align 5 +_ecp_nistz256_sqr_mont: + movl $524544,%ecx + andl _OPENSSL_ia32cap_P+8(%rip),%ecx + pushq %rbp + pushq %rbx + pushq %r12 + pushq %r13 + pushq %r14 + pushq %r15 + cmpl $524544,%ecx + je L$sqr_montx + movq 0(%rsi),%rax + movq 8(%rsi),%r14 + movq 16(%rsi),%r15 + movq 24(%rsi),%r8 + + call __ecp_nistz256_sqr_montq + jmp L$sqr_mont_done + +.p2align 5 +L$sqr_montx: + movq 0(%rsi),%rdx + movq 8(%rsi),%r14 + movq 16(%rsi),%r15 + movq 24(%rsi),%r8 + leaq -128(%rsi),%rsi + + call __ecp_nistz256_sqr_montx +L$sqr_mont_done: + popq %r15 + popq %r14 + popq %r13 + popq %r12 + popq %rbx + popq %rbp + .byte 0xf3,0xc3 + + + +.p2align 5 +__ecp_nistz256_sqr_montq: + movq %rax,%r13 + mulq %r14 + movq %rax,%r9 + movq %r15,%rax + movq %rdx,%r10 + + mulq %r13 + addq %rax,%r10 + movq %r8,%rax + adcq $0,%rdx + movq %rdx,%r11 + + mulq %r13 + addq %rax,%r11 + movq %r15,%rax + adcq $0,%rdx + movq %rdx,%r12 + + + mulq %r14 + addq %rax,%r11 + movq %r8,%rax + adcq $0,%rdx + movq %rdx,%rbp + + mulq %r14 + addq %rax,%r12 + movq %r8,%rax + adcq $0,%rdx + addq %rbp,%r12 + movq %rdx,%r13 + adcq $0,%r13 + + + mulq %r15 + xorq %r15,%r15 + addq %rax,%r13 + movq 0(%rsi),%rax + movq %rdx,%r14 + adcq $0,%r14 + + addq %r9,%r9 + adcq %r10,%r10 + adcq %r11,%r11 + adcq %r12,%r12 + adcq %r13,%r13 + adcq %r14,%r14 + adcq $0,%r15 + + mulq %rax + movq %rax,%r8 + movq 8(%rsi),%rax + movq %rdx,%rcx + + mulq %rax + addq %rcx,%r9 + adcq %rax,%r10 + movq 16(%rsi),%rax + adcq $0,%rdx + movq %rdx,%rcx + + mulq %rax + addq %rcx,%r11 + adcq %rax,%r12 + movq 24(%rsi),%rax + adcq $0,%rdx + movq %rdx,%rcx + + mulq %rax + addq %rcx,%r13 + adcq %rax,%r14 + movq %r8,%rax + adcq %rdx,%r15 + + movq L$poly+8(%rip),%rsi + movq L$poly+24(%rip),%rbp + + + + + movq %r8,%rcx + shlq $32,%r8 + mulq %rbp + shrq $32,%rcx + addq %r8,%r9 + adcq %rcx,%r10 + adcq %rax,%r11 + movq %r9,%rax + adcq $0,%rdx + + + + movq %r9,%rcx + shlq $32,%r9 + movq %rdx,%r8 + mulq %rbp + shrq $32,%rcx + addq %r9,%r10 + adcq %rcx,%r11 + adcq %rax,%r8 + movq %r10,%rax + adcq $0,%rdx + + + + movq %r10,%rcx + shlq $32,%r10 + movq %rdx,%r9 + mulq %rbp + shrq $32,%rcx + addq %r10,%r11 + adcq %rcx,%r8 + adcq %rax,%r9 + movq %r11,%rax + adcq $0,%rdx + + + + movq %r11,%rcx + shlq $32,%r11 + movq %rdx,%r10 + mulq %rbp + shrq $32,%rcx + addq %r11,%r8 + adcq %rcx,%r9 + adcq %rax,%r10 + adcq $0,%rdx + xorq %r11,%r11 + + + + addq %r8,%r12 + adcq %r9,%r13 + movq %r12,%r8 + adcq %r10,%r14 + adcq %rdx,%r15 + movq %r13,%r9 + adcq $0,%r11 + + subq $-1,%r12 + movq %r14,%r10 + sbbq %rsi,%r13 + sbbq $0,%r14 + movq %r15,%rcx + sbbq %rbp,%r15 + sbbq $0,%r11 + + cmovcq %r8,%r12 + cmovcq %r9,%r13 + movq %r12,0(%rdi) + cmovcq %r10,%r14 + movq %r13,8(%rdi) + cmovcq %rcx,%r15 + movq %r14,16(%rdi) + movq %r15,24(%rdi) + + .byte 0xf3,0xc3 + + +.p2align 5 +__ecp_nistz256_mul_montx: + + + mulxq %r9,%r8,%r9 + mulxq %r10,%rcx,%r10 + movq $32,%r14 + xorq %r13,%r13 + mulxq %r11,%rbp,%r11 + movq L$poly+24(%rip),%r15 + adcq %rcx,%r9 + mulxq %r12,%rcx,%r12 + movq %r8,%rdx + adcq %rbp,%r10 + shlxq %r14,%r8,%rbp + adcq %rcx,%r11 + shrxq %r14,%r8,%rcx + adcq $0,%r12 + + + + addq %rbp,%r9 + adcq %rcx,%r10 + + mulxq %r15,%rcx,%rbp + movq 8(%rbx),%rdx + adcq %rcx,%r11 + adcq %rbp,%r12 + adcq $0,%r13 + xorq %r8,%r8 + + + + mulxq 0+128(%rsi),%rcx,%rbp + adcxq %rcx,%r9 + adoxq %rbp,%r10 + + mulxq 8+128(%rsi),%rcx,%rbp + adcxq %rcx,%r10 + adoxq %rbp,%r11 + + mulxq 16+128(%rsi),%rcx,%rbp + adcxq %rcx,%r11 + adoxq %rbp,%r12 + + mulxq 24+128(%rsi),%rcx,%rbp + movq %r9,%rdx + adcxq %rcx,%r12 + shlxq %r14,%r9,%rcx + adoxq %rbp,%r13 + shrxq %r14,%r9,%rbp + + adcxq %r8,%r13 + adoxq %r8,%r8 + adcq $0,%r8 + + + + addq %rcx,%r10 + adcq %rbp,%r11 + + mulxq %r15,%rcx,%rbp + movq 16(%rbx),%rdx + adcq %rcx,%r12 + adcq %rbp,%r13 + adcq $0,%r8 + xorq %r9,%r9 + + + + mulxq 0+128(%rsi),%rcx,%rbp + adcxq %rcx,%r10 + adoxq %rbp,%r11 + + mulxq 8+128(%rsi),%rcx,%rbp + adcxq %rcx,%r11 + adoxq %rbp,%r12 + + mulxq 16+128(%rsi),%rcx,%rbp + adcxq %rcx,%r12 + adoxq %rbp,%r13 + + mulxq 24+128(%rsi),%rcx,%rbp + movq %r10,%rdx + adcxq %rcx,%r13 + shlxq %r14,%r10,%rcx + adoxq %rbp,%r8 + shrxq %r14,%r10,%rbp + + adcxq %r9,%r8 + adoxq %r9,%r9 + adcq $0,%r9 + + + + addq %rcx,%r11 + adcq %rbp,%r12 + + mulxq %r15,%rcx,%rbp + movq 24(%rbx),%rdx + adcq %rcx,%r13 + adcq %rbp,%r8 + adcq $0,%r9 + xorq %r10,%r10 + + + + mulxq 0+128(%rsi),%rcx,%rbp + adcxq %rcx,%r11 + adoxq %rbp,%r12 + + mulxq 8+128(%rsi),%rcx,%rbp + adcxq %rcx,%r12 + adoxq %rbp,%r13 + + mulxq 16+128(%rsi),%rcx,%rbp + adcxq %rcx,%r13 + adoxq %rbp,%r8 + + mulxq 24+128(%rsi),%rcx,%rbp + movq %r11,%rdx + adcxq %rcx,%r8 + shlxq %r14,%r11,%rcx + adoxq %rbp,%r9 + shrxq %r14,%r11,%rbp + + adcxq %r10,%r9 + adoxq %r10,%r10 + adcq $0,%r10 + + + + addq %rcx,%r12 + adcq %rbp,%r13 + + mulxq %r15,%rcx,%rbp + movq %r12,%rbx + movq L$poly+8(%rip),%r14 + adcq %rcx,%r8 + movq %r13,%rdx + adcq %rbp,%r9 + adcq $0,%r10 + + + + xorl %eax,%eax + movq %r8,%rcx + sbbq $-1,%r12 + sbbq %r14,%r13 + sbbq $0,%r8 + movq %r9,%rbp + sbbq %r15,%r9 + sbbq $0,%r10 + + cmovcq %rbx,%r12 + cmovcq %rdx,%r13 + movq %r12,0(%rdi) + cmovcq %rcx,%r8 + movq %r13,8(%rdi) + cmovcq %rbp,%r9 + movq %r8,16(%rdi) + movq %r9,24(%rdi) + + .byte 0xf3,0xc3 + + + +.p2align 5 +__ecp_nistz256_sqr_montx: + mulxq %r14,%r9,%r10 + mulxq %r15,%rcx,%r11 + xorl %eax,%eax + adcq %rcx,%r10 + mulxq %r8,%rbp,%r12 + movq %r14,%rdx + adcq %rbp,%r11 + adcq $0,%r12 + xorq %r13,%r13 + + + mulxq %r15,%rcx,%rbp + adcxq %rcx,%r11 + adoxq %rbp,%r12 + + mulxq %r8,%rcx,%rbp + movq %r15,%rdx + adcxq %rcx,%r12 + adoxq %rbp,%r13 + adcq $0,%r13 + + + mulxq %r8,%rcx,%r14 + movq 0+128(%rsi),%rdx + xorq %r15,%r15 + adcxq %r9,%r9 + adoxq %rcx,%r13 + adcxq %r10,%r10 + adoxq %r15,%r14 + + mulxq %rdx,%r8,%rbp + movq 8+128(%rsi),%rdx + adcxq %r11,%r11 + adoxq %rbp,%r9 + adcxq %r12,%r12 + mulxq %rdx,%rcx,%rax + movq 16+128(%rsi),%rdx + adcxq %r13,%r13 + adoxq %rcx,%r10 + adcxq %r14,%r14 +.byte 0x67 + mulxq %rdx,%rcx,%rbp + movq 24+128(%rsi),%rdx + adoxq %rax,%r11 + adcxq %r15,%r15 + adoxq %rcx,%r12 + movq $32,%rsi + adoxq %rbp,%r13 +.byte 0x67,0x67 + mulxq %rdx,%rcx,%rax + movq %r8,%rdx + adoxq %rcx,%r14 + shlxq %rsi,%r8,%rcx + adoxq %rax,%r15 + shrxq %rsi,%r8,%rax + movq L$poly+24(%rip),%rbp + + + addq %rcx,%r9 + adcq %rax,%r10 + + mulxq %rbp,%rcx,%r8 + movq %r9,%rdx + adcq %rcx,%r11 + shlxq %rsi,%r9,%rcx + adcq $0,%r8 + shrxq %rsi,%r9,%rax + + + addq %rcx,%r10 + adcq %rax,%r11 + + mulxq %rbp,%rcx,%r9 + movq %r10,%rdx + adcq %rcx,%r8 + shlxq %rsi,%r10,%rcx + adcq $0,%r9 + shrxq %rsi,%r10,%rax + + + addq %rcx,%r11 + adcq %rax,%r8 + + mulxq %rbp,%rcx,%r10 + movq %r11,%rdx + adcq %rcx,%r9 + shlxq %rsi,%r11,%rcx + adcq $0,%r10 + shrxq %rsi,%r11,%rax + + + addq %rcx,%r8 + adcq %rax,%r9 + + mulxq %rbp,%rcx,%r11 + adcq %rcx,%r10 + adcq $0,%r11 + + xorq %rdx,%rdx + adcq %r8,%r12 + movq L$poly+8(%rip),%rsi + adcq %r9,%r13 + movq %r12,%r8 + adcq %r10,%r14 + adcq %r11,%r15 + movq %r13,%r9 + adcq $0,%rdx + + xorl %eax,%eax + sbbq $-1,%r12 + movq %r14,%r10 + sbbq %rsi,%r13 + sbbq $0,%r14 + movq %r15,%r11 + sbbq %rbp,%r15 + sbbq $0,%rdx + + cmovcq %r8,%r12 + cmovcq %r9,%r13 + movq %r12,0(%rdi) + cmovcq %r10,%r14 + movq %r13,8(%rdi) + cmovcq %r11,%r15 + movq %r14,16(%rdi) + movq %r15,24(%rdi) + + .byte 0xf3,0xc3 + + + + + + + +.globl _ecp_nistz256_from_mont + +.p2align 5 +_ecp_nistz256_from_mont: + pushq %r12 + pushq %r13 + + movq 0(%rsi),%rax + movq L$poly+24(%rip),%r13 + movq 8(%rsi),%r9 + movq 16(%rsi),%r10 + movq 24(%rsi),%r11 + movq %rax,%r8 + movq L$poly+8(%rip),%r12 + + + + movq %rax,%rcx + shlq $32,%r8 + mulq %r13 + shrq $32,%rcx + addq %r8,%r9 + adcq %rcx,%r10 + adcq %rax,%r11 + movq %r9,%rax + adcq $0,%rdx + + + + movq %r9,%rcx + shlq $32,%r9 + movq %rdx,%r8 + mulq %r13 + shrq $32,%rcx + addq %r9,%r10 + adcq %rcx,%r11 + adcq %rax,%r8 + movq %r10,%rax + adcq $0,%rdx + + + + movq %r10,%rcx + shlq $32,%r10 + movq %rdx,%r9 + mulq %r13 + shrq $32,%rcx + addq %r10,%r11 + adcq %rcx,%r8 + adcq %rax,%r9 + movq %r11,%rax + adcq $0,%rdx + + + + movq %r11,%rcx + shlq $32,%r11 + movq %rdx,%r10 + mulq %r13 + shrq $32,%rcx + addq %r11,%r8 + adcq %rcx,%r9 + movq %r8,%rcx + adcq %rax,%r10 + movq %r9,%rsi + adcq $0,%rdx + + + + subq $-1,%r8 + movq %r10,%rax + sbbq %r12,%r9 + sbbq $0,%r10 + movq %rdx,%r11 + sbbq %r13,%rdx + sbbq %r13,%r13 + + cmovnzq %rcx,%r8 + cmovnzq %rsi,%r9 + movq %r8,0(%rdi) + cmovnzq %rax,%r10 + movq %r9,8(%rdi) + cmovzq %rdx,%r11 + movq %r10,16(%rdi) + movq %r11,24(%rdi) + + popq %r13 + popq %r12 + .byte 0xf3,0xc3 + + + +.globl _ecp_nistz256_select_w5 + +.p2align 5 +_ecp_nistz256_select_w5: + movl _OPENSSL_ia32cap_P+8(%rip),%eax + testl $32,%eax + jnz L$avx2_select_w5 + movdqa L$One(%rip),%xmm0 + movd %edx,%xmm1 + + pxor %xmm2,%xmm2 + pxor %xmm3,%xmm3 + pxor %xmm4,%xmm4 + pxor %xmm5,%xmm5 + pxor %xmm6,%xmm6 + pxor %xmm7,%xmm7 + + movdqa %xmm0,%xmm8 + pshufd $0,%xmm1,%xmm1 + + movq $16,%rax +L$select_loop_sse_w5: + + movdqa %xmm8,%xmm15 + paddd %xmm0,%xmm8 + pcmpeqd %xmm1,%xmm15 + + movdqa 0(%rsi),%xmm9 + movdqa 16(%rsi),%xmm10 + movdqa 32(%rsi),%xmm11 + movdqa 48(%rsi),%xmm12 + movdqa 64(%rsi),%xmm13 + movdqa 80(%rsi),%xmm14 + leaq 96(%rsi),%rsi + + pand %xmm15,%xmm9 + pand %xmm15,%xmm10 + por %xmm9,%xmm2 + pand %xmm15,%xmm11 + por %xmm10,%xmm3 + pand %xmm15,%xmm12 + por %xmm11,%xmm4 + pand %xmm15,%xmm13 + por %xmm12,%xmm5 + pand %xmm15,%xmm14 + por %xmm13,%xmm6 + por %xmm14,%xmm7 + + decq %rax + jnz L$select_loop_sse_w5 + + movdqu %xmm2,0(%rdi) + movdqu %xmm3,16(%rdi) + movdqu %xmm4,32(%rdi) + movdqu %xmm5,48(%rdi) + movdqu %xmm6,64(%rdi) + movdqu %xmm7,80(%rdi) + .byte 0xf3,0xc3 + + + + +.globl _ecp_nistz256_select_w7 + +.p2align 5 +_ecp_nistz256_select_w7: + movl _OPENSSL_ia32cap_P+8(%rip),%eax + testl $32,%eax + jnz L$avx2_select_w7 + movdqa L$One(%rip),%xmm8 + movd %edx,%xmm1 + + pxor %xmm2,%xmm2 + pxor %xmm3,%xmm3 + pxor %xmm4,%xmm4 + pxor %xmm5,%xmm5 + + movdqa %xmm8,%xmm0 + pshufd $0,%xmm1,%xmm1 + movq $64,%rax + +L$select_loop_sse_w7: + movdqa %xmm8,%xmm15 + paddd %xmm0,%xmm8 + movdqa 0(%rsi),%xmm9 + movdqa 16(%rsi),%xmm10 + pcmpeqd %xmm1,%xmm15 + movdqa 32(%rsi),%xmm11 + movdqa 48(%rsi),%xmm12 + leaq 64(%rsi),%rsi + + pand %xmm15,%xmm9 + pand %xmm15,%xmm10 + por %xmm9,%xmm2 + pand %xmm15,%xmm11 + por %xmm10,%xmm3 + pand %xmm15,%xmm12 + por %xmm11,%xmm4 + prefetcht0 255(%rsi) + por %xmm12,%xmm5 + + decq %rax + jnz L$select_loop_sse_w7 + + movdqu %xmm2,0(%rdi) + movdqu %xmm3,16(%rdi) + movdqu %xmm4,32(%rdi) + movdqu %xmm5,48(%rdi) + .byte 0xf3,0xc3 + + + + +.p2align 5 +ecp_nistz256_avx2_select_w5: +L$avx2_select_w5: + vzeroupper + vmovdqa L$Two(%rip),%ymm0 + + vpxor %ymm2,%ymm2,%ymm2 + vpxor %ymm3,%ymm3,%ymm3 + vpxor %ymm4,%ymm4,%ymm4 + + vmovdqa L$One(%rip),%ymm5 + vmovdqa L$Two(%rip),%ymm10 + + vmovd %edx,%xmm1 + vpermd %ymm1,%ymm2,%ymm1 + + movq $8,%rax +L$select_loop_avx2_w5: + + vmovdqa 0(%rsi),%ymm6 + vmovdqa 32(%rsi),%ymm7 + vmovdqa 64(%rsi),%ymm8 + + vmovdqa 96(%rsi),%ymm11 + vmovdqa 128(%rsi),%ymm12 + vmovdqa 160(%rsi),%ymm13 + + vpcmpeqd %ymm1,%ymm5,%ymm9 + vpcmpeqd %ymm1,%ymm10,%ymm14 + + vpaddd %ymm0,%ymm5,%ymm5 + vpaddd %ymm0,%ymm10,%ymm10 + leaq 192(%rsi),%rsi + + vpand %ymm9,%ymm6,%ymm6 + vpand %ymm9,%ymm7,%ymm7 + vpand %ymm9,%ymm8,%ymm8 + vpand %ymm14,%ymm11,%ymm11 + vpand %ymm14,%ymm12,%ymm12 + vpand %ymm14,%ymm13,%ymm13 + + vpxor %ymm6,%ymm2,%ymm2 + vpxor %ymm7,%ymm3,%ymm3 + vpxor %ymm8,%ymm4,%ymm4 + vpxor %ymm11,%ymm2,%ymm2 + vpxor %ymm12,%ymm3,%ymm3 + vpxor %ymm13,%ymm4,%ymm4 + + decq %rax + jnz L$select_loop_avx2_w5 + + vmovdqu %ymm2,0(%rdi) + vmovdqu %ymm3,32(%rdi) + vmovdqu %ymm4,64(%rdi) + vzeroupper + .byte 0xf3,0xc3 + + + + +.globl _ecp_nistz256_avx2_select_w7 + +.p2align 5 +_ecp_nistz256_avx2_select_w7: +L$avx2_select_w7: + vzeroupper + vmovdqa L$Three(%rip),%ymm0 + + vpxor %ymm2,%ymm2,%ymm2 + vpxor %ymm3,%ymm3,%ymm3 + + vmovdqa L$One(%rip),%ymm4 + vmovdqa L$Two(%rip),%ymm8 + vmovdqa L$Three(%rip),%ymm12 + + vmovd %edx,%xmm1 + vpermd %ymm1,%ymm2,%ymm1 + + + movq $21,%rax +L$select_loop_avx2_w7: + + vmovdqa 0(%rsi),%ymm5 + vmovdqa 32(%rsi),%ymm6 + + vmovdqa 64(%rsi),%ymm9 + vmovdqa 96(%rsi),%ymm10 + + vmovdqa 128(%rsi),%ymm13 + vmovdqa 160(%rsi),%ymm14 + + vpcmpeqd %ymm1,%ymm4,%ymm7 + vpcmpeqd %ymm1,%ymm8,%ymm11 + vpcmpeqd %ymm1,%ymm12,%ymm15 + + vpaddd %ymm0,%ymm4,%ymm4 + vpaddd %ymm0,%ymm8,%ymm8 + vpaddd %ymm0,%ymm12,%ymm12 + leaq 192(%rsi),%rsi + + vpand %ymm7,%ymm5,%ymm5 + vpand %ymm7,%ymm6,%ymm6 + vpand %ymm11,%ymm9,%ymm9 + vpand %ymm11,%ymm10,%ymm10 + vpand %ymm15,%ymm13,%ymm13 + vpand %ymm15,%ymm14,%ymm14 + + vpxor %ymm5,%ymm2,%ymm2 + vpxor %ymm6,%ymm3,%ymm3 + vpxor %ymm9,%ymm2,%ymm2 + vpxor %ymm10,%ymm3,%ymm3 + vpxor %ymm13,%ymm2,%ymm2 + vpxor %ymm14,%ymm3,%ymm3 + + decq %rax + jnz L$select_loop_avx2_w7 + + + vmovdqa 0(%rsi),%ymm5 + vmovdqa 32(%rsi),%ymm6 + + vpcmpeqd %ymm1,%ymm4,%ymm7 + + vpand %ymm7,%ymm5,%ymm5 + vpand %ymm7,%ymm6,%ymm6 + + vpxor %ymm5,%ymm2,%ymm2 + vpxor %ymm6,%ymm3,%ymm3 + + vmovdqu %ymm2,0(%rdi) + vmovdqu %ymm3,32(%rdi) + vzeroupper + .byte 0xf3,0xc3 + + +.p2align 5 +__ecp_nistz256_add_toq: + addq 0(%rbx),%r12 + adcq 8(%rbx),%r13 + movq %r12,%rax + adcq 16(%rbx),%r8 + adcq 24(%rbx),%r9 + movq %r13,%rbp + sbbq %r11,%r11 + + subq $-1,%r12 + movq %r8,%rcx + sbbq %r14,%r13 + sbbq $0,%r8 + movq %r9,%r10 + sbbq %r15,%r9 + testq %r11,%r11 + + cmovzq %rax,%r12 + cmovzq %rbp,%r13 + movq %r12,0(%rdi) + cmovzq %rcx,%r8 + movq %r13,8(%rdi) + cmovzq %r10,%r9 + movq %r8,16(%rdi) + movq %r9,24(%rdi) + + .byte 0xf3,0xc3 + + + +.p2align 5 +__ecp_nistz256_sub_fromq: + subq 0(%rbx),%r12 + sbbq 8(%rbx),%r13 + movq %r12,%rax + sbbq 16(%rbx),%r8 + sbbq 24(%rbx),%r9 + movq %r13,%rbp + sbbq %r11,%r11 + + addq $-1,%r12 + movq %r8,%rcx + adcq %r14,%r13 + adcq $0,%r8 + movq %r9,%r10 + adcq %r15,%r9 + testq %r11,%r11 + + cmovzq %rax,%r12 + cmovzq %rbp,%r13 + movq %r12,0(%rdi) + cmovzq %rcx,%r8 + movq %r13,8(%rdi) + cmovzq %r10,%r9 + movq %r8,16(%rdi) + movq %r9,24(%rdi) + + .byte 0xf3,0xc3 + + + +.p2align 5 +__ecp_nistz256_subq: + subq %r12,%rax + sbbq %r13,%rbp + movq %rax,%r12 + sbbq %r8,%rcx + sbbq %r9,%r10 + movq %rbp,%r13 + sbbq %r11,%r11 + + addq $-1,%rax + movq %rcx,%r8 + adcq %r14,%rbp + adcq $0,%rcx + movq %r10,%r9 + adcq %r15,%r10 + testq %r11,%r11 + + cmovnzq %rax,%r12 + cmovnzq %rbp,%r13 + cmovnzq %rcx,%r8 + cmovnzq %r10,%r9 + + .byte 0xf3,0xc3 + + + +.p2align 5 +__ecp_nistz256_mul_by_2q: + addq %r12,%r12 + adcq %r13,%r13 + movq %r12,%rax + adcq %r8,%r8 + adcq %r9,%r9 + movq %r13,%rbp + sbbq %r11,%r11 + + subq $-1,%r12 + movq %r8,%rcx + sbbq %r14,%r13 + sbbq $0,%r8 + movq %r9,%r10 + sbbq %r15,%r9 + testq %r11,%r11 + + cmovzq %rax,%r12 + cmovzq %rbp,%r13 + movq %r12,0(%rdi) + cmovzq %rcx,%r8 + movq %r13,8(%rdi) + cmovzq %r10,%r9 + movq %r8,16(%rdi) + movq %r9,24(%rdi) + + .byte 0xf3,0xc3 + +.globl _ecp_nistz256_point_double + +.p2align 5 +_ecp_nistz256_point_double: + movl $524544,%ecx + andl _OPENSSL_ia32cap_P+8(%rip),%ecx + cmpl $524544,%ecx + je L$point_doublex + pushq %rbp + pushq %rbx + pushq %r12 + pushq %r13 + pushq %r14 + pushq %r15 + subq $160+8,%rsp + + movdqu 0(%rsi),%xmm0 + movq %rsi,%rbx + movdqu 16(%rsi),%xmm1 + movq 32+0(%rsi),%r12 + movq 32+8(%rsi),%r13 + movq 32+16(%rsi),%r8 + movq 32+24(%rsi),%r9 + movq L$poly+8(%rip),%r14 + movq L$poly+24(%rip),%r15 + movdqa %xmm0,96(%rsp) + movdqa %xmm1,96+16(%rsp) + leaq 32(%rdi),%r10 + leaq 64(%rdi),%r11 +.byte 102,72,15,110,199 +.byte 102,73,15,110,202 +.byte 102,73,15,110,211 + + leaq 0(%rsp),%rdi + call __ecp_nistz256_mul_by_2q + + movq 64+0(%rsi),%rax + movq 64+8(%rsi),%r14 + movq 64+16(%rsi),%r15 + movq 64+24(%rsi),%r8 + leaq 64-0(%rsi),%rsi + leaq 64(%rsp),%rdi + call __ecp_nistz256_sqr_montq + + movq 0+0(%rsp),%rax + movq 8+0(%rsp),%r14 + leaq 0+0(%rsp),%rsi + movq 16+0(%rsp),%r15 + movq 24+0(%rsp),%r8 + leaq 0(%rsp),%rdi + call __ecp_nistz256_sqr_montq + + movq 32(%rbx),%rax + movq 64+0(%rbx),%r9 + movq 64+8(%rbx),%r10 + movq 64+16(%rbx),%r11 + movq 64+24(%rbx),%r12 + leaq 64-0(%rbx),%rsi + leaq 32(%rbx),%rbx +.byte 102,72,15,126,215 + call __ecp_nistz256_mul_montq + call __ecp_nistz256_mul_by_2q + + movq 96+0(%rsp),%r12 + movq 96+8(%rsp),%r13 + leaq 64(%rsp),%rbx + movq 96+16(%rsp),%r8 + movq 96+24(%rsp),%r9 + leaq 32(%rsp),%rdi + call __ecp_nistz256_add_toq + + movq 96+0(%rsp),%r12 + movq 96+8(%rsp),%r13 + leaq 64(%rsp),%rbx + movq 96+16(%rsp),%r8 + movq 96+24(%rsp),%r9 + leaq 64(%rsp),%rdi + call __ecp_nistz256_sub_fromq + + movq 0+0(%rsp),%rax + movq 8+0(%rsp),%r14 + leaq 0+0(%rsp),%rsi + movq 16+0(%rsp),%r15 + movq 24+0(%rsp),%r8 +.byte 102,72,15,126,207 + call __ecp_nistz256_sqr_montq + xorq %r9,%r9 + movq %r12,%rax + addq $-1,%r12 + movq %r13,%r10 + adcq %rsi,%r13 + movq %r14,%rcx + adcq $0,%r14 + movq %r15,%r8 + adcq %rbp,%r15 + adcq $0,%r9 + xorq %rsi,%rsi + testq $1,%rax + + cmovzq %rax,%r12 + cmovzq %r10,%r13 + cmovzq %rcx,%r14 + cmovzq %r8,%r15 + cmovzq %rsi,%r9 + + movq %r13,%rax + shrq $1,%r12 + shlq $63,%rax + movq %r14,%r10 + shrq $1,%r13 + orq %rax,%r12 + shlq $63,%r10 + movq %r15,%rcx + shrq $1,%r14 + orq %r10,%r13 + shlq $63,%rcx + movq %r12,0(%rdi) + shrq $1,%r15 + movq %r13,8(%rdi) + shlq $63,%r9 + orq %rcx,%r14 + orq %r9,%r15 + movq %r14,16(%rdi) + movq %r15,24(%rdi) + movq 64(%rsp),%rax + leaq 64(%rsp),%rbx + movq 0+32(%rsp),%r9 + movq 8+32(%rsp),%r10 + leaq 0+32(%rsp),%rsi + movq 16+32(%rsp),%r11 + movq 24+32(%rsp),%r12 + leaq 32(%rsp),%rdi + call __ecp_nistz256_mul_montq + + leaq 128(%rsp),%rdi + call __ecp_nistz256_mul_by_2q + + leaq 32(%rsp),%rbx + leaq 32(%rsp),%rdi + call __ecp_nistz256_add_toq + + movq 96(%rsp),%rax + leaq 96(%rsp),%rbx + movq 0+0(%rsp),%r9 + movq 8+0(%rsp),%r10 + leaq 0+0(%rsp),%rsi + movq 16+0(%rsp),%r11 + movq 24+0(%rsp),%r12 + leaq 0(%rsp),%rdi + call __ecp_nistz256_mul_montq + + leaq 128(%rsp),%rdi + call __ecp_nistz256_mul_by_2q + + movq 0+32(%rsp),%rax + movq 8+32(%rsp),%r14 + leaq 0+32(%rsp),%rsi + movq 16+32(%rsp),%r15 + movq 24+32(%rsp),%r8 +.byte 102,72,15,126,199 + call __ecp_nistz256_sqr_montq + + leaq 128(%rsp),%rbx + movq %r14,%r8 + movq %r15,%r9 + movq %rsi,%r14 + movq %rbp,%r15 + call __ecp_nistz256_sub_fromq + + movq 0+0(%rsp),%rax + movq 0+8(%rsp),%rbp + movq 0+16(%rsp),%rcx + movq 0+24(%rsp),%r10 + leaq 0(%rsp),%rdi + call __ecp_nistz256_subq + + movq 32(%rsp),%rax + leaq 32(%rsp),%rbx + movq %r12,%r14 + xorl %ecx,%ecx + movq %r12,0+0(%rsp) + movq %r13,%r10 + movq %r13,0+8(%rsp) + cmovzq %r8,%r11 + movq %r8,0+16(%rsp) + leaq 0-0(%rsp),%rsi + cmovzq %r9,%r12 + movq %r9,0+24(%rsp) + movq %r14,%r9 + leaq 0(%rsp),%rdi + call __ecp_nistz256_mul_montq + +.byte 102,72,15,126,203 +.byte 102,72,15,126,207 + call __ecp_nistz256_sub_fromq + + addq $160+8,%rsp + popq %r15 + popq %r14 + popq %r13 + popq %r12 + popq %rbx + popq %rbp + .byte 0xf3,0xc3 + +.globl _ecp_nistz256_point_add + +.p2align 5 +_ecp_nistz256_point_add: + movl $524544,%ecx + andl _OPENSSL_ia32cap_P+8(%rip),%ecx + cmpl $524544,%ecx + je L$point_addx + pushq %rbp + pushq %rbx + pushq %r12 + pushq %r13 + pushq %r14 + pushq %r15 + subq $576+8,%rsp + + movdqu 0(%rsi),%xmm0 + movdqu 16(%rsi),%xmm1 + movdqu 32(%rsi),%xmm2 + movdqu 48(%rsi),%xmm3 + movdqu 64(%rsi),%xmm4 + movdqu 80(%rsi),%xmm5 + movq %rsi,%rbx + movq %rdx,%rsi + movdqa %xmm0,384(%rsp) + movdqa %xmm1,384+16(%rsp) + por %xmm0,%xmm1 + movdqa %xmm2,416(%rsp) + movdqa %xmm3,416+16(%rsp) + por %xmm2,%xmm3 + movdqa %xmm4,448(%rsp) + movdqa %xmm5,448+16(%rsp) + por %xmm1,%xmm3 + + movdqu 0(%rsi),%xmm0 + pshufd $177,%xmm3,%xmm5 + movdqu 16(%rsi),%xmm1 + movdqu 32(%rsi),%xmm2 + por %xmm3,%xmm5 + movdqu 48(%rsi),%xmm3 + movq 64+0(%rsi),%rax + movq 64+8(%rsi),%r14 + movq 64+16(%rsi),%r15 + movq 64+24(%rsi),%r8 + movdqa %xmm0,480(%rsp) + pshufd $30,%xmm5,%xmm4 + movdqa %xmm1,480+16(%rsp) + por %xmm0,%xmm1 +.byte 102,72,15,110,199 + movdqa %xmm2,512(%rsp) + movdqa %xmm3,512+16(%rsp) + por %xmm2,%xmm3 + por %xmm4,%xmm5 + pxor %xmm4,%xmm4 + por %xmm1,%xmm3 + + leaq 64-0(%rsi),%rsi + movq %rax,544+0(%rsp) + movq %r14,544+8(%rsp) + movq %r15,544+16(%rsp) + movq %r8,544+24(%rsp) + leaq 96(%rsp),%rdi + call __ecp_nistz256_sqr_montq + + pcmpeqd %xmm4,%xmm5 + pshufd $177,%xmm3,%xmm4 + por %xmm3,%xmm4 + pshufd $0,%xmm5,%xmm5 + pshufd $30,%xmm4,%xmm3 + por %xmm3,%xmm4 + pxor %xmm3,%xmm3 + pcmpeqd %xmm3,%xmm4 + pshufd $0,%xmm4,%xmm4 + movq 64+0(%rbx),%rax + movq 64+8(%rbx),%r14 + movq 64+16(%rbx),%r15 + movq 64+24(%rbx),%r8 + + leaq 64-0(%rbx),%rsi + leaq 32(%rsp),%rdi + call __ecp_nistz256_sqr_montq + + movq 544(%rsp),%rax + leaq 544(%rsp),%rbx + movq 0+96(%rsp),%r9 + movq 8+96(%rsp),%r10 + leaq 0+96(%rsp),%rsi + movq 16+96(%rsp),%r11 + movq 24+96(%rsp),%r12 + leaq 224(%rsp),%rdi + call __ecp_nistz256_mul_montq + + movq 448(%rsp),%rax + leaq 448(%rsp),%rbx + movq 0+32(%rsp),%r9 + movq 8+32(%rsp),%r10 + leaq 0+32(%rsp),%rsi + movq 16+32(%rsp),%r11 + movq 24+32(%rsp),%r12 + leaq 256(%rsp),%rdi + call __ecp_nistz256_mul_montq + + movq 416(%rsp),%rax + leaq 416(%rsp),%rbx + movq 0+224(%rsp),%r9 + movq 8+224(%rsp),%r10 + leaq 0+224(%rsp),%rsi + movq 16+224(%rsp),%r11 + movq 24+224(%rsp),%r12 + leaq 224(%rsp),%rdi + call __ecp_nistz256_mul_montq + + movq 512(%rsp),%rax + leaq 512(%rsp),%rbx + movq 0+256(%rsp),%r9 + movq 8+256(%rsp),%r10 + leaq 0+256(%rsp),%rsi + movq 16+256(%rsp),%r11 + movq 24+256(%rsp),%r12 + leaq 256(%rsp),%rdi + call __ecp_nistz256_mul_montq + + leaq 224(%rsp),%rbx + leaq 64(%rsp),%rdi + call __ecp_nistz256_sub_fromq + + orq %r13,%r12 + movdqa %xmm4,%xmm2 + orq %r8,%r12 + orq %r9,%r12 + por %xmm5,%xmm2 +.byte 102,73,15,110,220 + + movq 384(%rsp),%rax + leaq 384(%rsp),%rbx + movq 0+96(%rsp),%r9 + movq 8+96(%rsp),%r10 + leaq 0+96(%rsp),%rsi + movq 16+96(%rsp),%r11 + movq 24+96(%rsp),%r12 + leaq 160(%rsp),%rdi + call __ecp_nistz256_mul_montq + + movq 480(%rsp),%rax + leaq 480(%rsp),%rbx + movq 0+32(%rsp),%r9 + movq 8+32(%rsp),%r10 + leaq 0+32(%rsp),%rsi + movq 16+32(%rsp),%r11 + movq 24+32(%rsp),%r12 + leaq 192(%rsp),%rdi + call __ecp_nistz256_mul_montq + + leaq 160(%rsp),%rbx + leaq 0(%rsp),%rdi + call __ecp_nistz256_sub_fromq + + orq %r13,%r12 + orq %r8,%r12 + orq %r9,%r12 + +.byte 0x3e + jnz L$add_proceedq +.byte 102,73,15,126,208 +.byte 102,73,15,126,217 + testq %r8,%r8 + jnz L$add_proceedq + testq %r9,%r9 + jz L$add_proceedq + +.byte 102,72,15,126,199 + pxor %xmm0,%xmm0 + movdqu %xmm0,0(%rdi) + movdqu %xmm0,16(%rdi) + movdqu %xmm0,32(%rdi) + movdqu %xmm0,48(%rdi) + movdqu %xmm0,64(%rdi) + movdqu %xmm0,80(%rdi) + jmp L$add_doneq + +.p2align 5 +L$add_proceedq: + movq 0+64(%rsp),%rax + movq 8+64(%rsp),%r14 + leaq 0+64(%rsp),%rsi + movq 16+64(%rsp),%r15 + movq 24+64(%rsp),%r8 + leaq 96(%rsp),%rdi + call __ecp_nistz256_sqr_montq + + movq 448(%rsp),%rax + leaq 448(%rsp),%rbx + movq 0+0(%rsp),%r9 + movq 8+0(%rsp),%r10 + leaq 0+0(%rsp),%rsi + movq 16+0(%rsp),%r11 + movq 24+0(%rsp),%r12 + leaq 352(%rsp),%rdi + call __ecp_nistz256_mul_montq + + movq 0+0(%rsp),%rax + movq 8+0(%rsp),%r14 + leaq 0+0(%rsp),%rsi + movq 16+0(%rsp),%r15 + movq 24+0(%rsp),%r8 + leaq 32(%rsp),%rdi + call __ecp_nistz256_sqr_montq + + movq 544(%rsp),%rax + leaq 544(%rsp),%rbx + movq 0+352(%rsp),%r9 + movq 8+352(%rsp),%r10 + leaq 0+352(%rsp),%rsi + movq 16+352(%rsp),%r11 + movq 24+352(%rsp),%r12 + leaq 352(%rsp),%rdi + call __ecp_nistz256_mul_montq + + movq 0(%rsp),%rax + leaq 0(%rsp),%rbx + movq 0+32(%rsp),%r9 + movq 8+32(%rsp),%r10 + leaq 0+32(%rsp),%rsi + movq 16+32(%rsp),%r11 + movq 24+32(%rsp),%r12 + leaq 128(%rsp),%rdi + call __ecp_nistz256_mul_montq + + movq 160(%rsp),%rax + leaq 160(%rsp),%rbx + movq 0+32(%rsp),%r9 + movq 8+32(%rsp),%r10 + leaq 0+32(%rsp),%rsi + movq 16+32(%rsp),%r11 + movq 24+32(%rsp),%r12 + leaq 192(%rsp),%rdi + call __ecp_nistz256_mul_montq + + + + + addq %r12,%r12 + leaq 96(%rsp),%rsi + adcq %r13,%r13 + movq %r12,%rax + adcq %r8,%r8 + adcq %r9,%r9 + movq %r13,%rbp + sbbq %r11,%r11 + + subq $-1,%r12 + movq %r8,%rcx + sbbq %r14,%r13 + sbbq $0,%r8 + movq %r9,%r10 + sbbq %r15,%r9 + testq %r11,%r11 + + cmovzq %rax,%r12 + movq 0(%rsi),%rax + cmovzq %rbp,%r13 + movq 8(%rsi),%rbp + cmovzq %rcx,%r8 + movq 16(%rsi),%rcx + cmovzq %r10,%r9 + movq 24(%rsi),%r10 + + call __ecp_nistz256_subq + + leaq 128(%rsp),%rbx + leaq 288(%rsp),%rdi + call __ecp_nistz256_sub_fromq + + movq 192+0(%rsp),%rax + movq 192+8(%rsp),%rbp + movq 192+16(%rsp),%rcx + movq 192+24(%rsp),%r10 + leaq 320(%rsp),%rdi + + call __ecp_nistz256_subq + + movq %r12,0(%rdi) + movq %r13,8(%rdi) + movq %r8,16(%rdi) + movq %r9,24(%rdi) + movq 128(%rsp),%rax + leaq 128(%rsp),%rbx + movq 0+224(%rsp),%r9 + movq 8+224(%rsp),%r10 + leaq 0+224(%rsp),%rsi + movq 16+224(%rsp),%r11 + movq 24+224(%rsp),%r12 + leaq 256(%rsp),%rdi + call __ecp_nistz256_mul_montq + + movq 320(%rsp),%rax + leaq 320(%rsp),%rbx + movq 0+64(%rsp),%r9 + movq 8+64(%rsp),%r10 + leaq 0+64(%rsp),%rsi + movq 16+64(%rsp),%r11 + movq 24+64(%rsp),%r12 + leaq 320(%rsp),%rdi + call __ecp_nistz256_mul_montq + + leaq 256(%rsp),%rbx + leaq 320(%rsp),%rdi + call __ecp_nistz256_sub_fromq + +.byte 102,72,15,126,199 + + movdqa %xmm5,%xmm0 + movdqa %xmm5,%xmm1 + pandn 352(%rsp),%xmm0 + movdqa %xmm5,%xmm2 + pandn 352+16(%rsp),%xmm1 + movdqa %xmm5,%xmm3 + pand 544(%rsp),%xmm2 + pand 544+16(%rsp),%xmm3 + por %xmm0,%xmm2 + por %xmm1,%xmm3 + + movdqa %xmm4,%xmm0 + movdqa %xmm4,%xmm1 + pandn %xmm2,%xmm0 + movdqa %xmm4,%xmm2 + pandn %xmm3,%xmm1 + movdqa %xmm4,%xmm3 + pand 448(%rsp),%xmm2 + pand 448+16(%rsp),%xmm3 + por %xmm0,%xmm2 + por %xmm1,%xmm3 + movdqu %xmm2,64(%rdi) + movdqu %xmm3,80(%rdi) + + movdqa %xmm5,%xmm0 + movdqa %xmm5,%xmm1 + pandn 288(%rsp),%xmm0 + movdqa %xmm5,%xmm2 + pandn 288+16(%rsp),%xmm1 + movdqa %xmm5,%xmm3 + pand 480(%rsp),%xmm2 + pand 480+16(%rsp),%xmm3 + por %xmm0,%xmm2 + por %xmm1,%xmm3 + + movdqa %xmm4,%xmm0 + movdqa %xmm4,%xmm1 + pandn %xmm2,%xmm0 + movdqa %xmm4,%xmm2 + pandn %xmm3,%xmm1 + movdqa %xmm4,%xmm3 + pand 384(%rsp),%xmm2 + pand 384+16(%rsp),%xmm3 + por %xmm0,%xmm2 + por %xmm1,%xmm3 + movdqu %xmm2,0(%rdi) + movdqu %xmm3,16(%rdi) + + movdqa %xmm5,%xmm0 + movdqa %xmm5,%xmm1 + pandn 320(%rsp),%xmm0 + movdqa %xmm5,%xmm2 + pandn 320+16(%rsp),%xmm1 + movdqa %xmm5,%xmm3 + pand 512(%rsp),%xmm2 + pand 512+16(%rsp),%xmm3 + por %xmm0,%xmm2 + por %xmm1,%xmm3 + + movdqa %xmm4,%xmm0 + movdqa %xmm4,%xmm1 + pandn %xmm2,%xmm0 + movdqa %xmm4,%xmm2 + pandn %xmm3,%xmm1 + movdqa %xmm4,%xmm3 + pand 416(%rsp),%xmm2 + pand 416+16(%rsp),%xmm3 + por %xmm0,%xmm2 + por %xmm1,%xmm3 + movdqu %xmm2,32(%rdi) + movdqu %xmm3,48(%rdi) + +L$add_doneq: + addq $576+8,%rsp + popq %r15 + popq %r14 + popq %r13 + popq %r12 + popq %rbx + popq %rbp + .byte 0xf3,0xc3 + +.globl _ecp_nistz256_point_add_affine + +.p2align 5 +_ecp_nistz256_point_add_affine: + movl $524544,%ecx + andl _OPENSSL_ia32cap_P+8(%rip),%ecx + cmpl $524544,%ecx + je L$point_add_affinex + pushq %rbp + pushq %rbx + pushq %r12 + pushq %r13 + pushq %r14 + pushq %r15 + subq $480+8,%rsp + + movdqu 0(%rsi),%xmm0 + movq %rdx,%rbx + movdqu 16(%rsi),%xmm1 + movdqu 32(%rsi),%xmm2 + movdqu 48(%rsi),%xmm3 + movdqu 64(%rsi),%xmm4 + movdqu 80(%rsi),%xmm5 + movq 64+0(%rsi),%rax + movq 64+8(%rsi),%r14 + movq 64+16(%rsi),%r15 + movq 64+24(%rsi),%r8 + movdqa %xmm0,320(%rsp) + movdqa %xmm1,320+16(%rsp) + por %xmm0,%xmm1 + movdqa %xmm2,352(%rsp) + movdqa %xmm3,352+16(%rsp) + por %xmm2,%xmm3 + movdqa %xmm4,384(%rsp) + movdqa %xmm5,384+16(%rsp) + por %xmm1,%xmm3 + + movdqu 0(%rbx),%xmm0 + pshufd $177,%xmm3,%xmm5 + movdqu 16(%rbx),%xmm1 + movdqu 32(%rbx),%xmm2 + por %xmm3,%xmm5 + movdqu 48(%rbx),%xmm3 + movdqa %xmm0,416(%rsp) + pshufd $30,%xmm5,%xmm4 + movdqa %xmm1,416+16(%rsp) + por %xmm0,%xmm1 +.byte 102,72,15,110,199 + movdqa %xmm2,448(%rsp) + movdqa %xmm3,448+16(%rsp) + por %xmm2,%xmm3 + por %xmm4,%xmm5 + pxor %xmm4,%xmm4 + por %xmm1,%xmm3 + + leaq 64-0(%rsi),%rsi + leaq 32(%rsp),%rdi + call __ecp_nistz256_sqr_montq + + pcmpeqd %xmm4,%xmm5 + pshufd $177,%xmm3,%xmm4 + movq 0(%rbx),%rax + + movq %r12,%r9 + por %xmm3,%xmm4 + pshufd $0,%xmm5,%xmm5 + pshufd $30,%xmm4,%xmm3 + movq %r13,%r10 + por %xmm3,%xmm4 + pxor %xmm3,%xmm3 + movq %r14,%r11 + pcmpeqd %xmm3,%xmm4 + pshufd $0,%xmm4,%xmm4 + + leaq 32-0(%rsp),%rsi + movq %r15,%r12 + leaq 0(%rsp),%rdi + call __ecp_nistz256_mul_montq + + leaq 320(%rsp),%rbx + leaq 64(%rsp),%rdi + call __ecp_nistz256_sub_fromq + + movq 384(%rsp),%rax + leaq 384(%rsp),%rbx + movq 0+32(%rsp),%r9 + movq 8+32(%rsp),%r10 + leaq 0+32(%rsp),%rsi + movq 16+32(%rsp),%r11 + movq 24+32(%rsp),%r12 + leaq 32(%rsp),%rdi + call __ecp_nistz256_mul_montq + + movq 384(%rsp),%rax + leaq 384(%rsp),%rbx + movq 0+64(%rsp),%r9 + movq 8+64(%rsp),%r10 + leaq 0+64(%rsp),%rsi + movq 16+64(%rsp),%r11 + movq 24+64(%rsp),%r12 + leaq 288(%rsp),%rdi + call __ecp_nistz256_mul_montq + + movq 448(%rsp),%rax + leaq 448(%rsp),%rbx + movq 0+32(%rsp),%r9 + movq 8+32(%rsp),%r10 + leaq 0+32(%rsp),%rsi + movq 16+32(%rsp),%r11 + movq 24+32(%rsp),%r12 + leaq 32(%rsp),%rdi + call __ecp_nistz256_mul_montq + + leaq 352(%rsp),%rbx + leaq 96(%rsp),%rdi + call __ecp_nistz256_sub_fromq + + movq 0+64(%rsp),%rax + movq 8+64(%rsp),%r14 + leaq 0+64(%rsp),%rsi + movq 16+64(%rsp),%r15 + movq 24+64(%rsp),%r8 + leaq 128(%rsp),%rdi + call __ecp_nistz256_sqr_montq + + movq 0+96(%rsp),%rax + movq 8+96(%rsp),%r14 + leaq 0+96(%rsp),%rsi + movq 16+96(%rsp),%r15 + movq 24+96(%rsp),%r8 + leaq 192(%rsp),%rdi + call __ecp_nistz256_sqr_montq + + movq 128(%rsp),%rax + leaq 128(%rsp),%rbx + movq 0+64(%rsp),%r9 + movq 8+64(%rsp),%r10 + leaq 0+64(%rsp),%rsi + movq 16+64(%rsp),%r11 + movq 24+64(%rsp),%r12 + leaq 160(%rsp),%rdi + call __ecp_nistz256_mul_montq + + movq 320(%rsp),%rax + leaq 320(%rsp),%rbx + movq 0+128(%rsp),%r9 + movq 8+128(%rsp),%r10 + leaq 0+128(%rsp),%rsi + movq 16+128(%rsp),%r11 + movq 24+128(%rsp),%r12 + leaq 0(%rsp),%rdi + call __ecp_nistz256_mul_montq + + + + + addq %r12,%r12 + leaq 192(%rsp),%rsi + adcq %r13,%r13 + movq %r12,%rax + adcq %r8,%r8 + adcq %r9,%r9 + movq %r13,%rbp + sbbq %r11,%r11 + + subq $-1,%r12 + movq %r8,%rcx + sbbq %r14,%r13 + sbbq $0,%r8 + movq %r9,%r10 + sbbq %r15,%r9 + testq %r11,%r11 + + cmovzq %rax,%r12 + movq 0(%rsi),%rax + cmovzq %rbp,%r13 + movq 8(%rsi),%rbp + cmovzq %rcx,%r8 + movq 16(%rsi),%rcx + cmovzq %r10,%r9 + movq 24(%rsi),%r10 + + call __ecp_nistz256_subq + + leaq 160(%rsp),%rbx + leaq 224(%rsp),%rdi + call __ecp_nistz256_sub_fromq + + movq 0+0(%rsp),%rax + movq 0+8(%rsp),%rbp + movq 0+16(%rsp),%rcx + movq 0+24(%rsp),%r10 + leaq 64(%rsp),%rdi + + call __ecp_nistz256_subq + + movq %r12,0(%rdi) + movq %r13,8(%rdi) + movq %r8,16(%rdi) + movq %r9,24(%rdi) + movq 352(%rsp),%rax + leaq 352(%rsp),%rbx + movq 0+160(%rsp),%r9 + movq 8+160(%rsp),%r10 + leaq 0+160(%rsp),%rsi + movq 16+160(%rsp),%r11 + movq 24+160(%rsp),%r12 + leaq 32(%rsp),%rdi + call __ecp_nistz256_mul_montq + + movq 96(%rsp),%rax + leaq 96(%rsp),%rbx + movq 0+64(%rsp),%r9 + movq 8+64(%rsp),%r10 + leaq 0+64(%rsp),%rsi + movq 16+64(%rsp),%r11 + movq 24+64(%rsp),%r12 + leaq 64(%rsp),%rdi + call __ecp_nistz256_mul_montq + + leaq 32(%rsp),%rbx + leaq 256(%rsp),%rdi + call __ecp_nistz256_sub_fromq + +.byte 102,72,15,126,199 + + movdqa %xmm5,%xmm0 + movdqa %xmm5,%xmm1 + pandn 288(%rsp),%xmm0 + movdqa %xmm5,%xmm2 + pandn 288+16(%rsp),%xmm1 + movdqa %xmm5,%xmm3 + pand L$ONE_mont(%rip),%xmm2 + pand L$ONE_mont+16(%rip),%xmm3 + por %xmm0,%xmm2 + por %xmm1,%xmm3 + + movdqa %xmm4,%xmm0 + movdqa %xmm4,%xmm1 + pandn %xmm2,%xmm0 + movdqa %xmm4,%xmm2 + pandn %xmm3,%xmm1 + movdqa %xmm4,%xmm3 + pand 384(%rsp),%xmm2 + pand 384+16(%rsp),%xmm3 + por %xmm0,%xmm2 + por %xmm1,%xmm3 + movdqu %xmm2,64(%rdi) + movdqu %xmm3,80(%rdi) + + movdqa %xmm5,%xmm0 + movdqa %xmm5,%xmm1 + pandn 224(%rsp),%xmm0 + movdqa %xmm5,%xmm2 + pandn 224+16(%rsp),%xmm1 + movdqa %xmm5,%xmm3 + pand 416(%rsp),%xmm2 + pand 416+16(%rsp),%xmm3 + por %xmm0,%xmm2 + por %xmm1,%xmm3 + + movdqa %xmm4,%xmm0 + movdqa %xmm4,%xmm1 + pandn %xmm2,%xmm0 + movdqa %xmm4,%xmm2 + pandn %xmm3,%xmm1 + movdqa %xmm4,%xmm3 + pand 320(%rsp),%xmm2 + pand 320+16(%rsp),%xmm3 + por %xmm0,%xmm2 + por %xmm1,%xmm3 + movdqu %xmm2,0(%rdi) + movdqu %xmm3,16(%rdi) + + movdqa %xmm5,%xmm0 + movdqa %xmm5,%xmm1 + pandn 256(%rsp),%xmm0 + movdqa %xmm5,%xmm2 + pandn 256+16(%rsp),%xmm1 + movdqa %xmm5,%xmm3 + pand 448(%rsp),%xmm2 + pand 448+16(%rsp),%xmm3 + por %xmm0,%xmm2 + por %xmm1,%xmm3 + + movdqa %xmm4,%xmm0 + movdqa %xmm4,%xmm1 + pandn %xmm2,%xmm0 + movdqa %xmm4,%xmm2 + pandn %xmm3,%xmm1 + movdqa %xmm4,%xmm3 + pand 352(%rsp),%xmm2 + pand 352+16(%rsp),%xmm3 + por %xmm0,%xmm2 + por %xmm1,%xmm3 + movdqu %xmm2,32(%rdi) + movdqu %xmm3,48(%rdi) + + addq $480+8,%rsp + popq %r15 + popq %r14 + popq %r13 + popq %r12 + popq %rbx + popq %rbp + .byte 0xf3,0xc3 + + +.p2align 5 +__ecp_nistz256_add_tox: + xorq %r11,%r11 + adcq 0(%rbx),%r12 + adcq 8(%rbx),%r13 + movq %r12,%rax + adcq 16(%rbx),%r8 + adcq 24(%rbx),%r9 + movq %r13,%rbp + adcq $0,%r11 + + xorq %r10,%r10 + sbbq $-1,%r12 + movq %r8,%rcx + sbbq %r14,%r13 + sbbq $0,%r8 + movq %r9,%r10 + sbbq %r15,%r9 + + btq $0,%r11 + cmovncq %rax,%r12 + cmovncq %rbp,%r13 + movq %r12,0(%rdi) + cmovncq %rcx,%r8 + movq %r13,8(%rdi) + cmovncq %r10,%r9 + movq %r8,16(%rdi) + movq %r9,24(%rdi) + + .byte 0xf3,0xc3 + + + +.p2align 5 +__ecp_nistz256_sub_fromx: + xorq %r11,%r11 + sbbq 0(%rbx),%r12 + sbbq 8(%rbx),%r13 + movq %r12,%rax + sbbq 16(%rbx),%r8 + sbbq 24(%rbx),%r9 + movq %r13,%rbp + sbbq $0,%r11 + + xorq %r10,%r10 + adcq $-1,%r12 + movq %r8,%rcx + adcq %r14,%r13 + adcq $0,%r8 + movq %r9,%r10 + adcq %r15,%r9 + + btq $0,%r11 + cmovncq %rax,%r12 + cmovncq %rbp,%r13 + movq %r12,0(%rdi) + cmovncq %rcx,%r8 + movq %r13,8(%rdi) + cmovncq %r10,%r9 + movq %r8,16(%rdi) + movq %r9,24(%rdi) + + .byte 0xf3,0xc3 + + + +.p2align 5 +__ecp_nistz256_subx: + xorq %r11,%r11 + sbbq %r12,%rax + sbbq %r13,%rbp + movq %rax,%r12 + sbbq %r8,%rcx + sbbq %r9,%r10 + movq %rbp,%r13 + sbbq $0,%r11 + + xorq %r9,%r9 + adcq $-1,%rax + movq %rcx,%r8 + adcq %r14,%rbp + adcq $0,%rcx + movq %r10,%r9 + adcq %r15,%r10 + + btq $0,%r11 + cmovcq %rax,%r12 + cmovcq %rbp,%r13 + cmovcq %rcx,%r8 + cmovcq %r10,%r9 + + .byte 0xf3,0xc3 + + + +.p2align 5 +__ecp_nistz256_mul_by_2x: + xorq %r11,%r11 + adcq %r12,%r12 + adcq %r13,%r13 + movq %r12,%rax + adcq %r8,%r8 + adcq %r9,%r9 + movq %r13,%rbp + adcq $0,%r11 + + xorq %r10,%r10 + sbbq $-1,%r12 + movq %r8,%rcx + sbbq %r14,%r13 + sbbq $0,%r8 + movq %r9,%r10 + sbbq %r15,%r9 + + btq $0,%r11 + cmovncq %rax,%r12 + cmovncq %rbp,%r13 + movq %r12,0(%rdi) + cmovncq %rcx,%r8 + movq %r13,8(%rdi) + cmovncq %r10,%r9 + movq %r8,16(%rdi) + movq %r9,24(%rdi) + + .byte 0xf3,0xc3 + + +.p2align 5 +ecp_nistz256_point_doublex: +L$point_doublex: + pushq %rbp + pushq %rbx + pushq %r12 + pushq %r13 + pushq %r14 + pushq %r15 + subq $160+8,%rsp + + movdqu 0(%rsi),%xmm0 + movq %rsi,%rbx + movdqu 16(%rsi),%xmm1 + movq 32+0(%rsi),%r12 + movq 32+8(%rsi),%r13 + movq 32+16(%rsi),%r8 + movq 32+24(%rsi),%r9 + movq L$poly+8(%rip),%r14 + movq L$poly+24(%rip),%r15 + movdqa %xmm0,96(%rsp) + movdqa %xmm1,96+16(%rsp) + leaq 32(%rdi),%r10 + leaq 64(%rdi),%r11 +.byte 102,72,15,110,199 +.byte 102,73,15,110,202 +.byte 102,73,15,110,211 + + leaq 0(%rsp),%rdi + call __ecp_nistz256_mul_by_2x + + movq 64+0(%rsi),%rdx + movq 64+8(%rsi),%r14 + movq 64+16(%rsi),%r15 + movq 64+24(%rsi),%r8 + leaq 64-128(%rsi),%rsi + leaq 64(%rsp),%rdi + call __ecp_nistz256_sqr_montx + + movq 0+0(%rsp),%rdx + movq 8+0(%rsp),%r14 + leaq -128+0(%rsp),%rsi + movq 16+0(%rsp),%r15 + movq 24+0(%rsp),%r8 + leaq 0(%rsp),%rdi + call __ecp_nistz256_sqr_montx + + movq 32(%rbx),%rdx + movq 64+0(%rbx),%r9 + movq 64+8(%rbx),%r10 + movq 64+16(%rbx),%r11 + movq 64+24(%rbx),%r12 + leaq 64-128(%rbx),%rsi + leaq 32(%rbx),%rbx +.byte 102,72,15,126,215 + call __ecp_nistz256_mul_montx + call __ecp_nistz256_mul_by_2x + + movq 96+0(%rsp),%r12 + movq 96+8(%rsp),%r13 + leaq 64(%rsp),%rbx + movq 96+16(%rsp),%r8 + movq 96+24(%rsp),%r9 + leaq 32(%rsp),%rdi + call __ecp_nistz256_add_tox + + movq 96+0(%rsp),%r12 + movq 96+8(%rsp),%r13 + leaq 64(%rsp),%rbx + movq 96+16(%rsp),%r8 + movq 96+24(%rsp),%r9 + leaq 64(%rsp),%rdi + call __ecp_nistz256_sub_fromx + + movq 0+0(%rsp),%rdx + movq 8+0(%rsp),%r14 + leaq -128+0(%rsp),%rsi + movq 16+0(%rsp),%r15 + movq 24+0(%rsp),%r8 +.byte 102,72,15,126,207 + call __ecp_nistz256_sqr_montx + xorq %r9,%r9 + movq %r12,%rax + addq $-1,%r12 + movq %r13,%r10 + adcq %rsi,%r13 + movq %r14,%rcx + adcq $0,%r14 + movq %r15,%r8 + adcq %rbp,%r15 + adcq $0,%r9 + xorq %rsi,%rsi + testq $1,%rax + + cmovzq %rax,%r12 + cmovzq %r10,%r13 + cmovzq %rcx,%r14 + cmovzq %r8,%r15 + cmovzq %rsi,%r9 + + movq %r13,%rax + shrq $1,%r12 + shlq $63,%rax + movq %r14,%r10 + shrq $1,%r13 + orq %rax,%r12 + shlq $63,%r10 + movq %r15,%rcx + shrq $1,%r14 + orq %r10,%r13 + shlq $63,%rcx + movq %r12,0(%rdi) + shrq $1,%r15 + movq %r13,8(%rdi) + shlq $63,%r9 + orq %rcx,%r14 + orq %r9,%r15 + movq %r14,16(%rdi) + movq %r15,24(%rdi) + movq 64(%rsp),%rdx + leaq 64(%rsp),%rbx + movq 0+32(%rsp),%r9 + movq 8+32(%rsp),%r10 + leaq -128+32(%rsp),%rsi + movq 16+32(%rsp),%r11 + movq 24+32(%rsp),%r12 + leaq 32(%rsp),%rdi + call __ecp_nistz256_mul_montx + + leaq 128(%rsp),%rdi + call __ecp_nistz256_mul_by_2x + + leaq 32(%rsp),%rbx + leaq 32(%rsp),%rdi + call __ecp_nistz256_add_tox + + movq 96(%rsp),%rdx + leaq 96(%rsp),%rbx + movq 0+0(%rsp),%r9 + movq 8+0(%rsp),%r10 + leaq -128+0(%rsp),%rsi + movq 16+0(%rsp),%r11 + movq 24+0(%rsp),%r12 + leaq 0(%rsp),%rdi + call __ecp_nistz256_mul_montx + + leaq 128(%rsp),%rdi + call __ecp_nistz256_mul_by_2x + + movq 0+32(%rsp),%rdx + movq 8+32(%rsp),%r14 + leaq -128+32(%rsp),%rsi + movq 16+32(%rsp),%r15 + movq 24+32(%rsp),%r8 +.byte 102,72,15,126,199 + call __ecp_nistz256_sqr_montx + + leaq 128(%rsp),%rbx + movq %r14,%r8 + movq %r15,%r9 + movq %rsi,%r14 + movq %rbp,%r15 + call __ecp_nistz256_sub_fromx + + movq 0+0(%rsp),%rax + movq 0+8(%rsp),%rbp + movq 0+16(%rsp),%rcx + movq 0+24(%rsp),%r10 + leaq 0(%rsp),%rdi + call __ecp_nistz256_subx + + movq 32(%rsp),%rdx + leaq 32(%rsp),%rbx + movq %r12,%r14 + xorl %ecx,%ecx + movq %r12,0+0(%rsp) + movq %r13,%r10 + movq %r13,0+8(%rsp) + cmovzq %r8,%r11 + movq %r8,0+16(%rsp) + leaq 0-128(%rsp),%rsi + cmovzq %r9,%r12 + movq %r9,0+24(%rsp) + movq %r14,%r9 + leaq 0(%rsp),%rdi + call __ecp_nistz256_mul_montx + +.byte 102,72,15,126,203 +.byte 102,72,15,126,207 + call __ecp_nistz256_sub_fromx + + addq $160+8,%rsp + popq %r15 + popq %r14 + popq %r13 + popq %r12 + popq %rbx + popq %rbp + .byte 0xf3,0xc3 + + +.p2align 5 +ecp_nistz256_point_addx: +L$point_addx: + pushq %rbp + pushq %rbx + pushq %r12 + pushq %r13 + pushq %r14 + pushq %r15 + subq $576+8,%rsp + + movdqu 0(%rsi),%xmm0 + movdqu 16(%rsi),%xmm1 + movdqu 32(%rsi),%xmm2 + movdqu 48(%rsi),%xmm3 + movdqu 64(%rsi),%xmm4 + movdqu 80(%rsi),%xmm5 + movq %rsi,%rbx + movq %rdx,%rsi + movdqa %xmm0,384(%rsp) + movdqa %xmm1,384+16(%rsp) + por %xmm0,%xmm1 + movdqa %xmm2,416(%rsp) + movdqa %xmm3,416+16(%rsp) + por %xmm2,%xmm3 + movdqa %xmm4,448(%rsp) + movdqa %xmm5,448+16(%rsp) + por %xmm1,%xmm3 + + movdqu 0(%rsi),%xmm0 + pshufd $177,%xmm3,%xmm5 + movdqu 16(%rsi),%xmm1 + movdqu 32(%rsi),%xmm2 + por %xmm3,%xmm5 + movdqu 48(%rsi),%xmm3 + movq 64+0(%rsi),%rdx + movq 64+8(%rsi),%r14 + movq 64+16(%rsi),%r15 + movq 64+24(%rsi),%r8 + movdqa %xmm0,480(%rsp) + pshufd $30,%xmm5,%xmm4 + movdqa %xmm1,480+16(%rsp) + por %xmm0,%xmm1 +.byte 102,72,15,110,199 + movdqa %xmm2,512(%rsp) + movdqa %xmm3,512+16(%rsp) + por %xmm2,%xmm3 + por %xmm4,%xmm5 + pxor %xmm4,%xmm4 + por %xmm1,%xmm3 + + leaq 64-128(%rsi),%rsi + movq %rdx,544+0(%rsp) + movq %r14,544+8(%rsp) + movq %r15,544+16(%rsp) + movq %r8,544+24(%rsp) + leaq 96(%rsp),%rdi + call __ecp_nistz256_sqr_montx + + pcmpeqd %xmm4,%xmm5 + pshufd $177,%xmm3,%xmm4 + por %xmm3,%xmm4 + pshufd $0,%xmm5,%xmm5 + pshufd $30,%xmm4,%xmm3 + por %xmm3,%xmm4 + pxor %xmm3,%xmm3 + pcmpeqd %xmm3,%xmm4 + pshufd $0,%xmm4,%xmm4 + movq 64+0(%rbx),%rdx + movq 64+8(%rbx),%r14 + movq 64+16(%rbx),%r15 + movq 64+24(%rbx),%r8 + + leaq 64-128(%rbx),%rsi + leaq 32(%rsp),%rdi + call __ecp_nistz256_sqr_montx + + movq 544(%rsp),%rdx + leaq 544(%rsp),%rbx + movq 0+96(%rsp),%r9 + movq 8+96(%rsp),%r10 + leaq -128+96(%rsp),%rsi + movq 16+96(%rsp),%r11 + movq 24+96(%rsp),%r12 + leaq 224(%rsp),%rdi + call __ecp_nistz256_mul_montx + + movq 448(%rsp),%rdx + leaq 448(%rsp),%rbx + movq 0+32(%rsp),%r9 + movq 8+32(%rsp),%r10 + leaq -128+32(%rsp),%rsi + movq 16+32(%rsp),%r11 + movq 24+32(%rsp),%r12 + leaq 256(%rsp),%rdi + call __ecp_nistz256_mul_montx + + movq 416(%rsp),%rdx + leaq 416(%rsp),%rbx + movq 0+224(%rsp),%r9 + movq 8+224(%rsp),%r10 + leaq -128+224(%rsp),%rsi + movq 16+224(%rsp),%r11 + movq 24+224(%rsp),%r12 + leaq 224(%rsp),%rdi + call __ecp_nistz256_mul_montx + + movq 512(%rsp),%rdx + leaq 512(%rsp),%rbx + movq 0+256(%rsp),%r9 + movq 8+256(%rsp),%r10 + leaq -128+256(%rsp),%rsi + movq 16+256(%rsp),%r11 + movq 24+256(%rsp),%r12 + leaq 256(%rsp),%rdi + call __ecp_nistz256_mul_montx + + leaq 224(%rsp),%rbx + leaq 64(%rsp),%rdi + call __ecp_nistz256_sub_fromx + + orq %r13,%r12 + movdqa %xmm4,%xmm2 + orq %r8,%r12 + orq %r9,%r12 + por %xmm5,%xmm2 +.byte 102,73,15,110,220 + + movq 384(%rsp),%rdx + leaq 384(%rsp),%rbx + movq 0+96(%rsp),%r9 + movq 8+96(%rsp),%r10 + leaq -128+96(%rsp),%rsi + movq 16+96(%rsp),%r11 + movq 24+96(%rsp),%r12 + leaq 160(%rsp),%rdi + call __ecp_nistz256_mul_montx + + movq 480(%rsp),%rdx + leaq 480(%rsp),%rbx + movq 0+32(%rsp),%r9 + movq 8+32(%rsp),%r10 + leaq -128+32(%rsp),%rsi + movq 16+32(%rsp),%r11 + movq 24+32(%rsp),%r12 + leaq 192(%rsp),%rdi + call __ecp_nistz256_mul_montx + + leaq 160(%rsp),%rbx + leaq 0(%rsp),%rdi + call __ecp_nistz256_sub_fromx + + orq %r13,%r12 + orq %r8,%r12 + orq %r9,%r12 + +.byte 0x3e + jnz L$add_proceedx +.byte 102,73,15,126,208 +.byte 102,73,15,126,217 + testq %r8,%r8 + jnz L$add_proceedx + testq %r9,%r9 + jz L$add_proceedx + +.byte 102,72,15,126,199 + pxor %xmm0,%xmm0 + movdqu %xmm0,0(%rdi) + movdqu %xmm0,16(%rdi) + movdqu %xmm0,32(%rdi) + movdqu %xmm0,48(%rdi) + movdqu %xmm0,64(%rdi) + movdqu %xmm0,80(%rdi) + jmp L$add_donex + +.p2align 5 +L$add_proceedx: + movq 0+64(%rsp),%rdx + movq 8+64(%rsp),%r14 + leaq -128+64(%rsp),%rsi + movq 16+64(%rsp),%r15 + movq 24+64(%rsp),%r8 + leaq 96(%rsp),%rdi + call __ecp_nistz256_sqr_montx + + movq 448(%rsp),%rdx + leaq 448(%rsp),%rbx + movq 0+0(%rsp),%r9 + movq 8+0(%rsp),%r10 + leaq -128+0(%rsp),%rsi + movq 16+0(%rsp),%r11 + movq 24+0(%rsp),%r12 + leaq 352(%rsp),%rdi + call __ecp_nistz256_mul_montx + + movq 0+0(%rsp),%rdx + movq 8+0(%rsp),%r14 + leaq -128+0(%rsp),%rsi + movq 16+0(%rsp),%r15 + movq 24+0(%rsp),%r8 + leaq 32(%rsp),%rdi + call __ecp_nistz256_sqr_montx + + movq 544(%rsp),%rdx + leaq 544(%rsp),%rbx + movq 0+352(%rsp),%r9 + movq 8+352(%rsp),%r10 + leaq -128+352(%rsp),%rsi + movq 16+352(%rsp),%r11 + movq 24+352(%rsp),%r12 + leaq 352(%rsp),%rdi + call __ecp_nistz256_mul_montx + + movq 0(%rsp),%rdx + leaq 0(%rsp),%rbx + movq 0+32(%rsp),%r9 + movq 8+32(%rsp),%r10 + leaq -128+32(%rsp),%rsi + movq 16+32(%rsp),%r11 + movq 24+32(%rsp),%r12 + leaq 128(%rsp),%rdi + call __ecp_nistz256_mul_montx + + movq 160(%rsp),%rdx + leaq 160(%rsp),%rbx + movq 0+32(%rsp),%r9 + movq 8+32(%rsp),%r10 + leaq -128+32(%rsp),%rsi + movq 16+32(%rsp),%r11 + movq 24+32(%rsp),%r12 + leaq 192(%rsp),%rdi + call __ecp_nistz256_mul_montx + + + + + addq %r12,%r12 + leaq 96(%rsp),%rsi + adcq %r13,%r13 + movq %r12,%rax + adcq %r8,%r8 + adcq %r9,%r9 + movq %r13,%rbp + sbbq %r11,%r11 + + subq $-1,%r12 + movq %r8,%rcx + sbbq %r14,%r13 + sbbq $0,%r8 + movq %r9,%r10 + sbbq %r15,%r9 + testq %r11,%r11 + + cmovzq %rax,%r12 + movq 0(%rsi),%rax + cmovzq %rbp,%r13 + movq 8(%rsi),%rbp + cmovzq %rcx,%r8 + movq 16(%rsi),%rcx + cmovzq %r10,%r9 + movq 24(%rsi),%r10 + + call __ecp_nistz256_subx + + leaq 128(%rsp),%rbx + leaq 288(%rsp),%rdi + call __ecp_nistz256_sub_fromx + + movq 192+0(%rsp),%rax + movq 192+8(%rsp),%rbp + movq 192+16(%rsp),%rcx + movq 192+24(%rsp),%r10 + leaq 320(%rsp),%rdi + + call __ecp_nistz256_subx + + movq %r12,0(%rdi) + movq %r13,8(%rdi) + movq %r8,16(%rdi) + movq %r9,24(%rdi) + movq 128(%rsp),%rdx + leaq 128(%rsp),%rbx + movq 0+224(%rsp),%r9 + movq 8+224(%rsp),%r10 + leaq -128+224(%rsp),%rsi + movq 16+224(%rsp),%r11 + movq 24+224(%rsp),%r12 + leaq 256(%rsp),%rdi + call __ecp_nistz256_mul_montx + + movq 320(%rsp),%rdx + leaq 320(%rsp),%rbx + movq 0+64(%rsp),%r9 + movq 8+64(%rsp),%r10 + leaq -128+64(%rsp),%rsi + movq 16+64(%rsp),%r11 + movq 24+64(%rsp),%r12 + leaq 320(%rsp),%rdi + call __ecp_nistz256_mul_montx + + leaq 256(%rsp),%rbx + leaq 320(%rsp),%rdi + call __ecp_nistz256_sub_fromx + +.byte 102,72,15,126,199 + + movdqa %xmm5,%xmm0 + movdqa %xmm5,%xmm1 + pandn 352(%rsp),%xmm0 + movdqa %xmm5,%xmm2 + pandn 352+16(%rsp),%xmm1 + movdqa %xmm5,%xmm3 + pand 544(%rsp),%xmm2 + pand 544+16(%rsp),%xmm3 + por %xmm0,%xmm2 + por %xmm1,%xmm3 + + movdqa %xmm4,%xmm0 + movdqa %xmm4,%xmm1 + pandn %xmm2,%xmm0 + movdqa %xmm4,%xmm2 + pandn %xmm3,%xmm1 + movdqa %xmm4,%xmm3 + pand 448(%rsp),%xmm2 + pand 448+16(%rsp),%xmm3 + por %xmm0,%xmm2 + por %xmm1,%xmm3 + movdqu %xmm2,64(%rdi) + movdqu %xmm3,80(%rdi) + + movdqa %xmm5,%xmm0 + movdqa %xmm5,%xmm1 + pandn 288(%rsp),%xmm0 + movdqa %xmm5,%xmm2 + pandn 288+16(%rsp),%xmm1 + movdqa %xmm5,%xmm3 + pand 480(%rsp),%xmm2 + pand 480+16(%rsp),%xmm3 + por %xmm0,%xmm2 + por %xmm1,%xmm3 + + movdqa %xmm4,%xmm0 + movdqa %xmm4,%xmm1 + pandn %xmm2,%xmm0 + movdqa %xmm4,%xmm2 + pandn %xmm3,%xmm1 + movdqa %xmm4,%xmm3 + pand 384(%rsp),%xmm2 + pand 384+16(%rsp),%xmm3 + por %xmm0,%xmm2 + por %xmm1,%xmm3 + movdqu %xmm2,0(%rdi) + movdqu %xmm3,16(%rdi) + + movdqa %xmm5,%xmm0 + movdqa %xmm5,%xmm1 + pandn 320(%rsp),%xmm0 + movdqa %xmm5,%xmm2 + pandn 320+16(%rsp),%xmm1 + movdqa %xmm5,%xmm3 + pand 512(%rsp),%xmm2 + pand 512+16(%rsp),%xmm3 + por %xmm0,%xmm2 + por %xmm1,%xmm3 + + movdqa %xmm4,%xmm0 + movdqa %xmm4,%xmm1 + pandn %xmm2,%xmm0 + movdqa %xmm4,%xmm2 + pandn %xmm3,%xmm1 + movdqa %xmm4,%xmm3 + pand 416(%rsp),%xmm2 + pand 416+16(%rsp),%xmm3 + por %xmm0,%xmm2 + por %xmm1,%xmm3 + movdqu %xmm2,32(%rdi) + movdqu %xmm3,48(%rdi) + +L$add_donex: + addq $576+8,%rsp + popq %r15 + popq %r14 + popq %r13 + popq %r12 + popq %rbx + popq %rbp + .byte 0xf3,0xc3 + + +.p2align 5 +ecp_nistz256_point_add_affinex: +L$point_add_affinex: + pushq %rbp + pushq %rbx + pushq %r12 + pushq %r13 + pushq %r14 + pushq %r15 + subq $480+8,%rsp + + movdqu 0(%rsi),%xmm0 + movq %rdx,%rbx + movdqu 16(%rsi),%xmm1 + movdqu 32(%rsi),%xmm2 + movdqu 48(%rsi),%xmm3 + movdqu 64(%rsi),%xmm4 + movdqu 80(%rsi),%xmm5 + movq 64+0(%rsi),%rdx + movq 64+8(%rsi),%r14 + movq 64+16(%rsi),%r15 + movq 64+24(%rsi),%r8 + movdqa %xmm0,320(%rsp) + movdqa %xmm1,320+16(%rsp) + por %xmm0,%xmm1 + movdqa %xmm2,352(%rsp) + movdqa %xmm3,352+16(%rsp) + por %xmm2,%xmm3 + movdqa %xmm4,384(%rsp) + movdqa %xmm5,384+16(%rsp) + por %xmm1,%xmm3 + + movdqu 0(%rbx),%xmm0 + pshufd $177,%xmm3,%xmm5 + movdqu 16(%rbx),%xmm1 + movdqu 32(%rbx),%xmm2 + por %xmm3,%xmm5 + movdqu 48(%rbx),%xmm3 + movdqa %xmm0,416(%rsp) + pshufd $30,%xmm5,%xmm4 + movdqa %xmm1,416+16(%rsp) + por %xmm0,%xmm1 +.byte 102,72,15,110,199 + movdqa %xmm2,448(%rsp) + movdqa %xmm3,448+16(%rsp) + por %xmm2,%xmm3 + por %xmm4,%xmm5 + pxor %xmm4,%xmm4 + por %xmm1,%xmm3 + + leaq 64-128(%rsi),%rsi + leaq 32(%rsp),%rdi + call __ecp_nistz256_sqr_montx + + pcmpeqd %xmm4,%xmm5 + pshufd $177,%xmm3,%xmm4 + movq 0(%rbx),%rdx + + movq %r12,%r9 + por %xmm3,%xmm4 + pshufd $0,%xmm5,%xmm5 + pshufd $30,%xmm4,%xmm3 + movq %r13,%r10 + por %xmm3,%xmm4 + pxor %xmm3,%xmm3 + movq %r14,%r11 + pcmpeqd %xmm3,%xmm4 + pshufd $0,%xmm4,%xmm4 + + leaq 32-128(%rsp),%rsi + movq %r15,%r12 + leaq 0(%rsp),%rdi + call __ecp_nistz256_mul_montx + + leaq 320(%rsp),%rbx + leaq 64(%rsp),%rdi + call __ecp_nistz256_sub_fromx + + movq 384(%rsp),%rdx + leaq 384(%rsp),%rbx + movq 0+32(%rsp),%r9 + movq 8+32(%rsp),%r10 + leaq -128+32(%rsp),%rsi + movq 16+32(%rsp),%r11 + movq 24+32(%rsp),%r12 + leaq 32(%rsp),%rdi + call __ecp_nistz256_mul_montx + + movq 384(%rsp),%rdx + leaq 384(%rsp),%rbx + movq 0+64(%rsp),%r9 + movq 8+64(%rsp),%r10 + leaq -128+64(%rsp),%rsi + movq 16+64(%rsp),%r11 + movq 24+64(%rsp),%r12 + leaq 288(%rsp),%rdi + call __ecp_nistz256_mul_montx + + movq 448(%rsp),%rdx + leaq 448(%rsp),%rbx + movq 0+32(%rsp),%r9 + movq 8+32(%rsp),%r10 + leaq -128+32(%rsp),%rsi + movq 16+32(%rsp),%r11 + movq 24+32(%rsp),%r12 + leaq 32(%rsp),%rdi + call __ecp_nistz256_mul_montx + + leaq 352(%rsp),%rbx + leaq 96(%rsp),%rdi + call __ecp_nistz256_sub_fromx + + movq 0+64(%rsp),%rdx + movq 8+64(%rsp),%r14 + leaq -128+64(%rsp),%rsi + movq 16+64(%rsp),%r15 + movq 24+64(%rsp),%r8 + leaq 128(%rsp),%rdi + call __ecp_nistz256_sqr_montx + + movq 0+96(%rsp),%rdx + movq 8+96(%rsp),%r14 + leaq -128+96(%rsp),%rsi + movq 16+96(%rsp),%r15 + movq 24+96(%rsp),%r8 + leaq 192(%rsp),%rdi + call __ecp_nistz256_sqr_montx + + movq 128(%rsp),%rdx + leaq 128(%rsp),%rbx + movq 0+64(%rsp),%r9 + movq 8+64(%rsp),%r10 + leaq -128+64(%rsp),%rsi + movq 16+64(%rsp),%r11 + movq 24+64(%rsp),%r12 + leaq 160(%rsp),%rdi + call __ecp_nistz256_mul_montx + + movq 320(%rsp),%rdx + leaq 320(%rsp),%rbx + movq 0+128(%rsp),%r9 + movq 8+128(%rsp),%r10 + leaq -128+128(%rsp),%rsi + movq 16+128(%rsp),%r11 + movq 24+128(%rsp),%r12 + leaq 0(%rsp),%rdi + call __ecp_nistz256_mul_montx + + + + + addq %r12,%r12 + leaq 192(%rsp),%rsi + adcq %r13,%r13 + movq %r12,%rax + adcq %r8,%r8 + adcq %r9,%r9 + movq %r13,%rbp + sbbq %r11,%r11 + + subq $-1,%r12 + movq %r8,%rcx + sbbq %r14,%r13 + sbbq $0,%r8 + movq %r9,%r10 + sbbq %r15,%r9 + testq %r11,%r11 + + cmovzq %rax,%r12 + movq 0(%rsi),%rax + cmovzq %rbp,%r13 + movq 8(%rsi),%rbp + cmovzq %rcx,%r8 + movq 16(%rsi),%rcx + cmovzq %r10,%r9 + movq 24(%rsi),%r10 + + call __ecp_nistz256_subx + + leaq 160(%rsp),%rbx + leaq 224(%rsp),%rdi + call __ecp_nistz256_sub_fromx + + movq 0+0(%rsp),%rax + movq 0+8(%rsp),%rbp + movq 0+16(%rsp),%rcx + movq 0+24(%rsp),%r10 + leaq 64(%rsp),%rdi + + call __ecp_nistz256_subx + + movq %r12,0(%rdi) + movq %r13,8(%rdi) + movq %r8,16(%rdi) + movq %r9,24(%rdi) + movq 352(%rsp),%rdx + leaq 352(%rsp),%rbx + movq 0+160(%rsp),%r9 + movq 8+160(%rsp),%r10 + leaq -128+160(%rsp),%rsi + movq 16+160(%rsp),%r11 + movq 24+160(%rsp),%r12 + leaq 32(%rsp),%rdi + call __ecp_nistz256_mul_montx + + movq 96(%rsp),%rdx + leaq 96(%rsp),%rbx + movq 0+64(%rsp),%r9 + movq 8+64(%rsp),%r10 + leaq -128+64(%rsp),%rsi + movq 16+64(%rsp),%r11 + movq 24+64(%rsp),%r12 + leaq 64(%rsp),%rdi + call __ecp_nistz256_mul_montx + + leaq 32(%rsp),%rbx + leaq 256(%rsp),%rdi + call __ecp_nistz256_sub_fromx + +.byte 102,72,15,126,199 + + movdqa %xmm5,%xmm0 + movdqa %xmm5,%xmm1 + pandn 288(%rsp),%xmm0 + movdqa %xmm5,%xmm2 + pandn 288+16(%rsp),%xmm1 + movdqa %xmm5,%xmm3 + pand L$ONE_mont(%rip),%xmm2 + pand L$ONE_mont+16(%rip),%xmm3 + por %xmm0,%xmm2 + por %xmm1,%xmm3 + + movdqa %xmm4,%xmm0 + movdqa %xmm4,%xmm1 + pandn %xmm2,%xmm0 + movdqa %xmm4,%xmm2 + pandn %xmm3,%xmm1 + movdqa %xmm4,%xmm3 + pand 384(%rsp),%xmm2 + pand 384+16(%rsp),%xmm3 + por %xmm0,%xmm2 + por %xmm1,%xmm3 + movdqu %xmm2,64(%rdi) + movdqu %xmm3,80(%rdi) + + movdqa %xmm5,%xmm0 + movdqa %xmm5,%xmm1 + pandn 224(%rsp),%xmm0 + movdqa %xmm5,%xmm2 + pandn 224+16(%rsp),%xmm1 + movdqa %xmm5,%xmm3 + pand 416(%rsp),%xmm2 + pand 416+16(%rsp),%xmm3 + por %xmm0,%xmm2 + por %xmm1,%xmm3 + + movdqa %xmm4,%xmm0 + movdqa %xmm4,%xmm1 + pandn %xmm2,%xmm0 + movdqa %xmm4,%xmm2 + pandn %xmm3,%xmm1 + movdqa %xmm4,%xmm3 + pand 320(%rsp),%xmm2 + pand 320+16(%rsp),%xmm3 + por %xmm0,%xmm2 + por %xmm1,%xmm3 + movdqu %xmm2,0(%rdi) + movdqu %xmm3,16(%rdi) + + movdqa %xmm5,%xmm0 + movdqa %xmm5,%xmm1 + pandn 256(%rsp),%xmm0 + movdqa %xmm5,%xmm2 + pandn 256+16(%rsp),%xmm1 + movdqa %xmm5,%xmm3 + pand 448(%rsp),%xmm2 + pand 448+16(%rsp),%xmm3 + por %xmm0,%xmm2 + por %xmm1,%xmm3 + + movdqa %xmm4,%xmm0 + movdqa %xmm4,%xmm1 + pandn %xmm2,%xmm0 + movdqa %xmm4,%xmm2 + pandn %xmm3,%xmm1 + movdqa %xmm4,%xmm3 + pand 352(%rsp),%xmm2 + pand 352+16(%rsp),%xmm3 + por %xmm0,%xmm2 + por %xmm1,%xmm3 + movdqu %xmm2,32(%rdi) + movdqu %xmm3,48(%rdi) + + addq $480+8,%rsp + popq %r15 + popq %r14 + popq %r13 + popq %r12 + popq %rbx + popq %rbp + .byte 0xf3,0xc3 + diff --git a/crypto/ecies/Makefile b/crypto/ecies/Makefile new file mode 100644 index 00000000..5c448c61 --- /dev/null +++ b/crypto/ecies/Makefile @@ -0,0 +1,142 @@ +# +# crypto/ecies/Makefile +# + +DIR= ecies +TOP= ../.. +CC= cc +INCLUDES= -I.. -I$(TOP) -I../../include +CFLAG=-g -Wall +MAKEFILE= Makefile +AR= ar r + +CFLAGS= $(INCLUDES) $(CFLAG) + +GENERAL=Makefile +TEST=eciestest.c +APPS= + +LIB=$(TOP)/libcrypto.a +LIBSRC= ecies_lib.c ecies_asn1.c ecies_err.c kdf_x9_63.c + +LIBOBJ= ecies_lib.o ecies_asn1.o ecies_err.o kdf_x9_63.o + +SRC= $(LIBSRC) + +EXHEADER= ecies.h kdf.h +HEADER= ecies_locl.h $(EXHEADER) + +ALL= $(GENERAL) $(SRC) $(HEADER) + +top: + (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all) + +all: lib + +lib: $(LIBOBJ) + $(AR) $(LIB) $(LIBOBJ) + $(RANLIB) $(LIB) || echo Never mind. + @touch lib + +files: + $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO + +links: + @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER) + @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST) + @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS) + +install: + @[ -n "$(INSTALLTOP)" ] # should be set by top Makefile... + @headerlist="$(EXHEADER)"; for i in $$headerlist; \ + do \ + (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \ + chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \ + done; + +tags: + ctags $(SRC) + +tests: + +lint: + lint -DLINT $(INCLUDES) $(SRC)>fluff + +update: depend + +depend: + @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile... + $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) + +dclean: + $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new + mv -f Makefile.new $(MAKEFILE) + +clean: + rm -f *.o */*.o *.obj lib tags core .pure .nfs* *.old *.bak fluff + +# DO NOT DELETE THIS LINE -- make depend depends on it. + +ecs_asn1.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h +ecs_asn1.o: ../../include/openssl/bio.h ../../include/openssl/crypto.h +ecs_asn1.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h +ecs_asn1.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h +ecs_asn1.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h +ecs_asn1.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +ecs_asn1.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h +ecs_asn1.o: ../../include/openssl/symhacks.h ecs_asn1.c ecs_locl.h +ecs_err.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h +ecs_err.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h +ecs_err.o: ../../include/openssl/ec.h ../../include/openssl/ecdsa.h +ecs_err.o: ../../include/openssl/err.h ../../include/openssl/lhash.h +ecs_err.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h +ecs_err.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h +ecs_err.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +ecs_err.o: ecs_err.c +ecs_lib.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h +ecs_lib.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h +ecs_lib.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h +ecs_lib.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h +ecs_lib.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h +ecs_lib.o: ../../include/openssl/err.h ../../include/openssl/evp.h +ecs_lib.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +ecs_lib.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +ecs_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +ecs_lib.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h +ecs_lib.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +ecs_lib.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h +ecs_lib.o: ../../include/openssl/x509_vfy.h ecs_lib.c ecs_locl.h +ecs_ossl.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h +ecs_ossl.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h +ecs_ossl.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h +ecs_ossl.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h +ecs_ossl.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +ecs_ossl.o: ../../include/openssl/opensslconf.h +ecs_ossl.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +ecs_ossl.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h +ecs_ossl.o: ../../include/openssl/symhacks.h ecs_locl.h ecs_ossl.c +ecs_sign.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h +ecs_sign.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h +ecs_sign.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h +ecs_sign.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h +ecs_sign.o: ../../include/openssl/engine.h ../../include/openssl/evp.h +ecs_sign.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +ecs_sign.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +ecs_sign.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +ecs_sign.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h +ecs_sign.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h +ecs_sign.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +ecs_sign.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h +ecs_sign.o: ecs_locl.h ecs_sign.c +ecs_vrf.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h +ecs_vrf.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h +ecs_vrf.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h +ecs_vrf.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h +ecs_vrf.o: ../../include/openssl/engine.h ../../include/openssl/evp.h +ecs_vrf.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +ecs_vrf.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +ecs_vrf.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +ecs_vrf.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h +ecs_vrf.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +ecs_vrf.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h +ecs_vrf.o: ../../include/openssl/x509_vfy.h ecs_locl.h ecs_vrf.c diff --git a/crypto/ecies/ecies.h b/crypto/ecies/ecies.h new file mode 100644 index 00000000..27e97590 --- /dev/null +++ b/crypto/ecies/ecies.h @@ -0,0 +1,72 @@ +#ifndef HEADER_ECIES_H +#define HEADER_ECIES_H + +#include +#include +#include +#include +#include + +#ifdef __cplusplus +extern "C" { +#endif + + +typedef struct ecies_params_st { + const EVP_MD *kdf_md; + const EVP_CIPHER *sym_cipher; + const EVP_MD *mac_md; +} ECIES_PARAMS; + +typedef struct ecies_ciphertext_value_st { + ASN1_OCTET_STRING *ephem_point; + ASN1_OCTET_STRING *ciphertext; + ASN1_OCTET_STRING *mactag; +} ECIES_CIPHERTEXT_VALUE; + +DECLARE_ASN1_FUNCTIONS(ECIES_CIPHERTEXT_VALUE) + +int i2d_ECIESParameters(const ECIES_PARAMS *param, unsigned char **out); +ECIES_PARAMS *d2i_ECIESParameters(ECIES_PARAMS **param, const unsigned char **in, long len); + +ECIES_CIPHERTEXT_VALUE *ECIES_do_encrypt(const ECIES_PARAMS *param, + const unsigned char *in, size_t inlen, const EC_KEY *pub_key); +int ECIES_do_decrypt(const ECIES_CIPHERTEXT_VALUE *cv, + const ECIES_PARAMS *param, unsigned char *out, size_t *outlen, + EC_KEY *pri_key); + + + +/* ERR function (should in openssl/err.h) begin */ +/* +#define ERR_LIB_ECIES 129 +#define ERR_R_ECIES_LIB ERR_LIB_ECIES +#define ECIESerr(f,r) ERR_PUT_error(ERR_LIB_ECIES,(f),(r),__FILE__,__LINE__) +*/ + +void ERR_load_ECIES_strings(void); + +/* Error codes for the ECIES functions. */ + +/* Function codes. */ +#define ECIES_F_I2D_ECIESPARAMETERS 100 +#define ECIES_F_D2I_ECIESPARAMETERS 101 +#define ECIES_F_ECIES_DO_ENCRYPT 102 +#define ECIES_F_ECIES_DO_DECRYPT 103 + +/* Reason codes. */ +#define ECIES_R_BAD_DATA 100 +#define ECIES_R_UNKNOWN_CIPHER_TYPE 101 +#define ECIES_R_ENCRYPT_FAILED 102 +#define ECIES_R_DECRYPT_FAILED 103 +#define ECIES_R_UNKNOWN_MAC_TYPE 104 +#define ECIES_R_GEN_MAC_FAILED 105 +#define ECIES_R_VERIFY_MAC_FAILED 106 +#define ECIES_R_ECDH_FAILED 107 +#define ECIES_R_BUFFER_TOO_SMALL 108 + +#ifdef __cplusplus +} +#endif +#endif + diff --git a/crypto/ecies/ecies_asn1.c b/crypto/ecies/ecies_asn1.c new file mode 100644 index 00000000..b416872f --- /dev/null +++ b/crypto/ecies/ecies_asn1.c @@ -0,0 +1,316 @@ +#include +#include +#include +#include +#include +#include +#include "ecies.h" + + +/* + * From SEC 1, Version 1.9 Draft, 2008 + * +secg-scheme OBJECT IDENTIFIER ::= { + iso(1) identified-organization(3) certicom(132) schemes(1) } + +ECIESAlgorithmSet ALGORITHM ::= { + { OID ecies-recommendedParameters} | + { OID ecies-specifiedParameters PARMS ECIESParameters} +} + +ECIESParameters ::= SEQUENCE { + kdf [0] KeyDerivationFunction OPTIONAL, + sym [1] SymmetricEncryption OPTIONAL, + mac [2] MessageAuthenticationCode OPTIONAL +} + +KeyDerivationFunction ::= AlgorithmIdentifier {{KDFSet}} +KDFSet ALGORITHM ::= { + { OID x9-63-kdf PARMS HashAlgorithm } | + { OID nist-concatenation-kdf PARMS HashAlgorithm } | + { OID tls-kdf PARMS HashAlgorithm } | + { OID ikev2-kdf PARMS HashAlgorithm } +} + +SymmetricEncryption ::= AlgorithmIdentifier {{SYMENCSet}} +SYMENCSet ALGORITHM ::= { + { OID xor-in-ecies } | + { OID tdes-cbc-in-ecies } | -- IV should all be set to ZEROs + { OID aes128-cbc-in-ecies } | + { OID aes192-cbc-in-ecies } | + { OID aes256-cbc-in-ecies } | + { OID aes128-ctr-in-ecies } | + { OID aes192-ctr-in-ecies } | + { OID aes256-ctr-in-ecies } , +} + +MessageAuthenticationCode ::= AlgorithmIdentifier {{MACSet}} +MACSet ALGORITHM ::= { + { OID hmac-full-ecies PARMS HashAlgorithm} | + { OID hmac-half-ecies PARMS HashAlgorithm} | + { OID cmac-aes128-ecies } | + { OID cmac-aes192-ecies } | + { OID cmac-aes256-ecies } , +} + +*/ + +/* + * Something about HMAC + * 1. Key Length: As SHA1 provides 160 bits digest and 80 bits security. + * Thus the key length of HMAC-SHA1 should be at least 80 bits. The key + * length should be [80, 160] bits. If the key length is larger than + * 512 bits, need to hash it. + * 2. Ouput Length: The HMAC-SHA1 can ouput at most 160 bits. Sometimes the + * output is truncated but should be at least 4 bytes. The turncated + * output should be the left most bytes (why?) and the length should be + * 80 bits to 160 bits. The standard hmac-full means use full output + * i.e. hmac-sha1-160 and hmac-half means use the left most 80 bits i.e. + * hmac-sha1-80 + * + * About CMAC + * In OpenSSL version 1.0.1c CMAC has been supported! For CMAC-AES the + * output is always 128 bits. It is obvious that the CMAC key length + * should be the same as the block cipher key length. + */ + +/* +# Add these to "objects.txt" and run `make' + +!Alias secg_scheme certicom-arc 1 +secg-scheme 7 : ecies-recommendedParameters +secg-scheme 8 : ecies-specifiedParameters +secg-scheme 17 0 : x9-63-kdf +secg-scheme 17 1 : nist-concatenation-kdf +secg-scheme 17 2 : tls-kdf +secg-scheme 17 3 : ikev2-kdf +secg-scheme 18 : xor-in-ecies +secg-scheme 20 0 : aes128-cbc-in-ecies +secg-scheme 20 1 : aes192-cbc-in-ecies +secg-scheme 20 2 : aes256-cbc-in-ecies +secg-scheme 21 0 : aes128-ctr-in-ecies +secg-scheme 21 1 : aes192-ctr-in-ecies +secg-scheme 21 2 : aes256-ctr-in-ecies +secg-scheme 22 : hmac-full-ecies +secg-scheme 23 : hmac-half-ecies +secg-scheme 24 0 : cmac-aes128-ecies +secg-scheme 24 1 : cmac-aes192-ecies +*/ + +typedef struct ecies_parameters_st { + X509_ALGOR *kdf; + X509_ALGOR *sym; + X509_ALGOR *mac; +} ECIES_PARAMETERS; + +ASN1_SEQUENCE(ECIES_PARAMETERS) = { + ASN1_EXP_OPT(ECIES_PARAMETERS, kdf, X509_ALGOR, 0), + ASN1_EXP_OPT(ECIES_PARAMETERS, sym, X509_ALGOR, 1), + ASN1_EXP_OPT(ECIES_PARAMETERS, mac, X509_ALGOR, 2) +} ASN1_SEQUENCE_END(ECIES_PARAMETERS) +IMPLEMENT_ASN1_FUNCTIONS(ECIES_PARAMETERS) +IMPLEMENT_ASN1_DUP_FUNCTION(ECIES_PARAMETERS) + +ASN1_SEQUENCE(ECIES_CIPHERTEXT_VALUE) = { + ASN1_SIMPLE(ECIES_CIPHERTEXT_VALUE, ephem_point, ASN1_OCTET_STRING), + ASN1_SIMPLE(ECIES_CIPHERTEXT_VALUE, ciphertext, ASN1_OCTET_STRING), + ASN1_SIMPLE(ECIES_CIPHERTEXT_VALUE, mactag, ASN1_OCTET_STRING) +} ASN1_SEQUENCE_END(ECIES_CIPHERTEXT_VALUE) +IMPLEMENT_ASN1_FUNCTIONS(ECIES_CIPHERTEXT_VALUE) +IMPLEMENT_ASN1_DUP_FUNCTION(ECIES_CIPHERTEXT_VALUE) + + +int i2d_ECIESParameters(const ECIES_PARAMS *param, unsigned char **out) + { + int ret = 0; + ECIES_PARAMETERS *tmp = NULL; + int sym_nid = NID_xor_in_ecies; + + OPENSSL_assert(param); + OPENSSL_assert(param->kdf_md); + OPENSSL_assert(param->mac_md); + OpenSSL_add_all_digests(); + + if (!(tmp = ECIES_PARAMETERS_new())) + { + ECIESerr(ECIES_F_I2D_ECIESPARAMETERS, ERR_R_MALLOC_FAILURE); + goto err; + } + + if (!(tmp->kdf = X509_ALGOR_new())) + { + ECIESerr(ECIES_F_I2D_ECIESPARAMETERS, ERR_R_MALLOC_FAILURE); + goto err; + } + if (!X509_ALGOR_set0(tmp->kdf, OBJ_nid2obj(NID_x9_63_kdf), V_ASN1_OBJECT, OBJ_nid2obj(EVP_MD_nid(param->kdf_md)))) + { + ECIESerr(ECIES_F_I2D_ECIESPARAMETERS, ERR_R_X509_LIB); + goto err; + } + + if (!(tmp->sym = X509_ALGOR_new())) + { + ECIESerr(ECIES_F_I2D_ECIESPARAMETERS, ERR_R_MALLOC_FAILURE); + goto err; + } + if (param->sym_cipher) + { + switch (EVP_CIPHER_nid(param->sym_cipher)) + { + case NID_aes_128_cbc: + sym_nid = NID_aes128_cbc_in_ecies; + break; + case NID_aes_192_cbc: + sym_nid = NID_aes192_cbc_in_ecies; + break; + case NID_aes_256_cbc: + sym_nid = NID_aes256_cbc_in_ecies; + break; + case NID_aes_128_ctr: + sym_nid = NID_aes128_ctr_in_ecies; + break; + case NID_aes_192_ctr: + sym_nid = NID_aes192_ctr_in_ecies; + break; + case NID_aes_256_ctr: + sym_nid = NID_aes256_ctr_in_ecies; + break; + default: + ECIESerr(ECIES_F_I2D_ECIESPARAMETERS, ERR_R_MALLOC_FAILURE); + goto err; + } + } + if (!X509_ALGOR_set0(tmp->sym, OBJ_nid2obj(sym_nid), V_ASN1_UNDEF, NULL)) + { + ECIESerr(ECIES_F_I2D_ECIESPARAMETERS, ERR_R_X509_LIB); + goto err; + } + + if (!(tmp->mac = X509_ALGOR_new())) + { + ECIESerr(ECIES_F_I2D_ECIESPARAMETERS, ERR_R_MALLOC_FAILURE); + goto err; + } + if (!X509_ALGOR_set0(tmp->mac, OBJ_nid2obj(NID_hmac_full_ecies), V_ASN1_OBJECT, OBJ_nid2obj(EVP_MD_nid(param->mac_md)))) + { + ECIESerr(ECIES_F_I2D_ECIESPARAMETERS, ERR_R_X509_LIB); + goto err; + } + + if ((ret = i2d_ECIES_PARAMETERS(tmp, out)) <= 0) + { + ECIESerr(ECIES_F_I2D_ECIESPARAMETERS, ERR_R_ASN1_LIB); + goto err; + } +err: + if (tmp) + ECIES_PARAMETERS_free(tmp); + return ret; + } + +ECIES_PARAMS *d2i_ECIESParameters(ECIES_PARAMS **param, const unsigned char **in, long len) + { + int e = 1; + ECIES_PARAMS *ret = NULL; + ECIES_PARAMETERS *tmp = NULL; + + if (!(ret = OPENSSL_malloc(sizeof(ECIES_PARAMS)))) + { + ECIESerr(ECIES_F_D2I_ECIESPARAMETERS, ERR_R_ASN1_LIB); + goto err; + } + + if (!(tmp = d2i_ECIES_PARAMETERS(NULL, in, len))) + { + ECIESerr(ECIES_F_D2I_ECIESPARAMETERS, ERR_R_ASN1_LIB); + goto err; + } + + /* get kdf, parameter is hash oid */ + if (OBJ_obj2nid(tmp->kdf->algorithm) != NID_x9_63_kdf) + { + ECIESerr(ECIES_F_D2I_ECIESPARAMETERS, ERR_R_ECIES_LIB); + goto err; + } + if (tmp->kdf->parameter->type != V_ASN1_OBJECT) + { + ECIESerr(ECIES_F_D2I_ECIESPARAMETERS, ERR_R_ECIES_LIB); + goto err; + } + + OpenSSL_add_all_digests(); + if (!(ret->kdf_md = EVP_get_digestbynid(OBJ_obj2nid(tmp->kdf->parameter->value.object)))) + { + ECIESerr(ECIES_F_D2I_ECIESPARAMETERS, ERR_R_ECIES_LIB); + goto err; + } + + /* get sym, no parameter for iv is zero */ + switch (OBJ_obj2nid(tmp->sym->algorithm)) { + case NID_xor_in_ecies: + ret->sym_cipher = NULL; + break; + case NID_aes128_cbc_in_ecies: + ret->sym_cipher = EVP_aes_128_cbc(); + break; + case NID_aes192_cbc_in_ecies: + ret->sym_cipher = EVP_aes_192_cbc(); + break; + case NID_aes256_cbc_in_ecies: + ret->sym_cipher = EVP_aes_256_cbc(); + break; + case NID_aes128_ctr_in_ecies: + ret->sym_cipher = EVP_aes_128_ctr(); + break; + case NID_aes192_ctr_in_ecies: + ret->sym_cipher = EVP_aes_192_ctr(); + break; + case NID_aes256_ctr_in_ecies: + ret->sym_cipher = EVP_aes_256_ctr(); + break; + default: + goto err; + } + + /* get mac, parameter is hash oid */ + switch (OBJ_obj2nid(tmp->mac->algorithm)) { + case NID_hmac_full_ecies: + break; + case NID_hmac_half_ecies: + case NID_cmac_aes128_ecies: + case NID_cmac_aes192_ecies: + goto err; + break; + default: + goto err; + break; + } + if (tmp->mac->parameter->type != V_ASN1_OBJECT) + { + ECIESerr(ECIES_F_D2I_ECIESPARAMETERS, ERR_R_ECIES_LIB); + goto err; + } + if (!(ret->mac_md = EVP_get_digestbynid(OBJ_obj2nid( + tmp->mac->parameter->value.object)))) + { + ECIESerr(ECIES_F_D2I_ECIESPARAMETERS, ERR_R_ECIES_LIB); + goto err; + } + + if (param && *param) + OPENSSL_free(*param); + if (param) + *param = ret; + + e = 0; +err: + if (e && ret) + { + OPENSSL_free(ret); + ret = NULL; + } + if (tmp) ECIES_PARAMETERS_free(tmp); + return ret; + } + + diff --git a/crypto/ecies/ecies_err.c b/crypto/ecies/ecies_err.c new file mode 100644 index 00000000..10f3d48c --- /dev/null +++ b/crypto/ecies/ecies_err.c @@ -0,0 +1,41 @@ +#include +#include +#include "ecies.h" + +#ifndef OPENSSL_NO_ERR + +#define ERR_FUNC(func) ERR_PACK(ERR_LIB_ECIES,func,0) +#define ERR_REASON(reason) ERR_PACK(ERR_LIB_ECIES,0,reason) + + +static ERR_STRING_DATA ECIES_str_functs[] = { + {ERR_FUNC(ECIES_F_ECIES_DO_ENCRYPT), "ECIES_do_encrypt"}, + {ERR_FUNC(ECIES_F_ECIES_DO_DECRYPT), "ECIES_do_decrypt"}, + {0,NULL} +}; + +static ERR_STRING_DATA ECIES_str_reasons[] = { + {ERR_REASON(ECIES_R_BAD_DATA), "bad data"}, + {ERR_REASON(ECIES_R_UNKNOWN_CIPHER_TYPE),"unknown cipher type"}, + {ERR_REASON(ECIES_R_ENCRYPT_FAILED), "encrypt failed"}, + {ERR_REASON(ECIES_R_DECRYPT_FAILED), "decrypt failed"}, + {ERR_REASON(ECIES_R_UNKNOWN_MAC_TYPE), "unknown MAC type"}, + {ERR_REASON(ECIES_R_GEN_MAC_FAILED), "MAC generation failed"}, + {ERR_REASON(ECIES_R_VERIFY_MAC_FAILED), "MAC verification failed"}, + {ERR_REASON(ECIES_R_ECDH_FAILED), "ECDH failed"}, + {ERR_REASON(ECIES_R_BUFFER_TOO_SMALL), "buffer too small"}, + {0,NULL} +}; + +#endif + +void ERR_load_ECIES_strings(void) +{ +#ifndef OPENSSL_NO_ERR + + if (ERR_func_error_string(ECIES_str_functs[0].error) == NULL) { + ERR_load_strings(0,ECIES_str_functs); + ERR_load_strings(0,ECIES_str_reasons); + } +#endif +} diff --git a/crypto/ecies/ecies_lcl.h b/crypto/ecies/ecies_lcl.h new file mode 100644 index 00000000..e69de29b diff --git a/crypto/ecies/ecies_lib.c b/crypto/ecies/ecies_lib.c new file mode 100644 index 00000000..300df420 --- /dev/null +++ b/crypto/ecies/ecies_lib.c @@ -0,0 +1,314 @@ +#include +#include +#include +#include +#include +#include +#include "ecies.h" +#include "kdf.h" + + +ECIES_CIPHERTEXT_VALUE *ECIES_do_encrypt(const ECIES_PARAMS *param, + const unsigned char *in, size_t inlen, const EC_KEY *pub_key) +{ + int e = 1; + ECIES_CIPHERTEXT_VALUE *cv = NULL; + EC_KEY *ephem_key = NULL; + unsigned char *share = NULL; + unsigned char *enckey, *mackey, *p; + int sharelen, enckeylen, mackeylen, len; + + EVP_CIPHER_CTX cipher_ctx; + EVP_CIPHER_CTX_init(&cipher_ctx); + + if (!(cv = ECIES_CIPHERTEXT_VALUE_new())) + { + ECIESerr(ECIES_F_ECIES_DO_ENCRYPT, ERR_R_MALLOC_FAILURE); + goto err; + } + /* + * generate and encode ephem_point + */ + if (!(ephem_key = EC_KEY_new())) + { + ECIESerr(ECIES_F_ECIES_DO_ENCRYPT, ERR_R_MALLOC_FAILURE); + goto err; + } + if (!EC_KEY_set_group(ephem_key, EC_KEY_get0_group(pub_key))) + { + ECIESerr(ECIES_F_ECIES_DO_ENCRYPT, ERR_R_EC_LIB); + goto err; + } + if (!EC_KEY_generate_key(ephem_key)) + { + ECIESerr(ECIES_F_ECIES_DO_ENCRYPT, ERR_R_EC_LIB); + goto err; + } + + len = (int)EC_POINT_point2oct(EC_KEY_get0_group(ephem_key), + EC_KEY_get0_public_key(ephem_key), POINT_CONVERSION_COMPRESSED, + NULL, 0, NULL); + if (!M_ASN1_OCTET_STRING_set(cv->ephem_point, NULL, len)) + { + ECIESerr(ECIES_F_ECIES_DO_ENCRYPT, ERR_R_ASN1_LIB); + goto err; + } + if (EC_POINT_point2oct(EC_KEY_get0_group(ephem_key), + EC_KEY_get0_public_key(ephem_key), POINT_CONVERSION_COMPRESSED, + cv->ephem_point->data, len, NULL) <= 0) + { + ECIESerr(ECIES_F_ECIES_DO_ENCRYPT, ERR_R_EC_LIB); + goto err; + } + + /* + * use ecdh to compute enckey and mackey + */ + if (param->sym_cipher) + enckeylen = EVP_CIPHER_key_length(param->sym_cipher); + else enckeylen = inlen; + mackeylen = EVP_MD_size(param->mac_md); //TODO: is this true for hmac-half-ecies? + sharelen = enckeylen + mackeylen; + + if (!(share = OPENSSL_malloc(sharelen))) + { + ECIESerr(ECIES_F_ECIES_DO_ENCRYPT, ERR_R_MALLOC_FAILURE); + goto err; + } + + if (!ECDH_compute_key(share, sharelen, + EC_KEY_get0_public_key(pub_key), ephem_key, + KDF_get_x9_63(param->kdf_md))) + { + ECIESerr(ECIES_F_ECIES_DO_ENCRYPT, ECIES_R_ECDH_FAILED); + goto err; + } + enckey = share; + mackey = share + enckeylen; + + /* + * encrypt data and encode result to ciphertext + */ + if (param->sym_cipher) + len = (int)(inlen + EVP_MAX_BLOCK_LENGTH * 2); + else len = inlen; + + if (!M_ASN1_OCTET_STRING_set(cv->ciphertext, NULL, len)) + { + ECIESerr(ECIES_F_ECIES_DO_ENCRYPT, ERR_R_MALLOC_FAILURE); + goto err; + } + + if (param->sym_cipher) + { + unsigned char iv[EVP_MAX_IV_LENGTH]; + memset(iv, 0, sizeof(iv)); + + if (!EVP_EncryptInit(&cipher_ctx, param->sym_cipher, enckey, iv)) + { + ECIESerr(ECIES_F_ECIES_DO_ENCRYPT, + ECIES_R_ENCRYPT_FAILED); + goto err; + } + p = cv->ciphertext->data; + if (!EVP_EncryptUpdate(&cipher_ctx, p, &len, in, (int)inlen)) + { + ECIESerr(ECIES_F_ECIES_DO_ENCRYPT, + ECIES_R_ENCRYPT_FAILED); + goto err; + } + p += len; + if (!EVP_EncryptFinal(&cipher_ctx, p, &len)) + { + ECIESerr(ECIES_F_ECIES_DO_ENCRYPT, + ECIES_R_ENCRYPT_FAILED); + goto err; + } + p += len; + cv->ciphertext->length = (int)(p - cv->ciphertext->data); + } + else + { + int i; + for (i = 0; i < len; i++) + cv->ciphertext->data[i] = in[i] ^ enckey[i]; + cv->ciphertext->length = len; + } + + /* + * calculate mactag of ciphertext and encode + */ + cv->mactag->length = EVP_MD_size(param->mac_md); + + if (!M_ASN1_OCTET_STRING_set(cv->mactag, NULL, EVP_MD_size(param->mac_md))) + { + ECIESerr(ECIES_F_ECIES_DO_ENCRYPT, ERR_R_MALLOC_FAILURE); + goto err; + } + if (!HMAC(param->mac_md, mackey, mackeylen, + cv->ciphertext->data, (size_t)cv->ciphertext->length, + cv->mactag->data, (unsigned int *)&len)) + { + ECIESerr(ECIES_F_ECIES_DO_ENCRYPT, ECIES_R_GEN_MAC_FAILED); + goto err; + } + + e = 0; +err: + EVP_CIPHER_CTX_cleanup(&cipher_ctx); + if (share) OPENSSL_free(share); + if (ephem_key) EC_KEY_free(ephem_key); + if (e && cv) + { + ECIES_CIPHERTEXT_VALUE_free(cv); + cv = NULL; + } + return cv; +} + +int ECIES_do_decrypt(const ECIES_CIPHERTEXT_VALUE *cv, + const ECIES_PARAMS *param, unsigned char *out, size_t *outlen, + EC_KEY *pri_key) +{ + int r = 0; + EC_POINT *ephem_point = NULL; + unsigned char *share = NULL; + unsigned char mac[EVP_MAX_MD_SIZE]; + unsigned char *enckey, *mackey; + int sharelen, enckeylen, mackeylen, len; + unsigned char *p; + + EVP_CIPHER_CTX ctx; + EVP_CIPHER_CTX_init(&ctx); + + // check output buffer size + if (!out) + { + *outlen = cv->ciphertext->length; + r = 1; + goto err; + } + if ((int)(*outlen) < cv->ciphertext->length) + { + *outlen = cv->ciphertext->length; + ECIESerr(ECIES_F_ECIES_DO_DECRYPT, ECIES_R_BUFFER_TOO_SMALL); + goto err; + } + + + /* + * decode ephem_point + */ + if (!cv->ephem_point || !cv->ephem_point->data) + { + ECIESerr(ECIES_F_ECIES_DO_DECRYPT, ECIES_R_BAD_DATA); + goto err; + } + if (!(ephem_point = EC_POINT_new(EC_KEY_get0_group(pri_key)))) + { + ECIESerr(ECIES_F_ECIES_DO_ENCRYPT, ERR_R_MALLOC_FAILURE); + goto err; + } + if (!EC_POINT_oct2point(EC_KEY_get0_group(pri_key), ephem_point, + cv->ephem_point->data, cv->ephem_point->length, NULL)) + { + ECIESerr(ECIES_F_ECIES_DO_DECRYPT, ECIES_R_BAD_DATA); + goto err; + } + + /* + * use ecdh to compute enckey and mackey + */ + if (param->sym_cipher) + enckeylen = EVP_CIPHER_key_length(param->sym_cipher); + else enckeylen = cv->ciphertext->length; + mackeylen = EVP_MD_size(param->mac_md); + sharelen = enckeylen + mackeylen; + + if (!(share = OPENSSL_malloc(sharelen))) + { + ECIESerr(ECIES_F_ECIES_DO_DECRYPT, ERR_R_MALLOC_FAILURE); + goto err; + } + + if (!ECDH_compute_key(share, enckeylen + mackeylen, + ephem_point, pri_key, + KDF_get_x9_63(param->kdf_md))) + { + ECIESerr(ECIES_F_ECIES_DO_DECRYPT, ECIES_R_ECDH_FAILED); + goto err; + } + enckey = share; + mackey = share + enckeylen; + + /* + * generate and verify mac + */ + if (!cv->mactag || !cv->mactag->data) + { + ECIESerr(ECIES_F_ECIES_DO_DECRYPT, ECIES_R_BAD_DATA); + goto err; + } + if (!HMAC(param->mac_md, mackey, mackeylen, + cv->ciphertext->data, (size_t)cv->ciphertext->length, + mac, (unsigned int *)&len)) + { + ECIESerr(ECIES_F_ECIES_DO_DECRYPT, ECIES_R_GEN_MAC_FAILED); + goto err; + } + if (len != cv->mactag->length) + { + ECIESerr(ECIES_F_ECIES_DO_DECRYPT, ECIES_R_VERIFY_MAC_FAILED); + goto err; + } + if (memcmp(cv->mactag->data, mac, len)) + { + ECIESerr(ECIES_F_ECIES_DO_DECRYPT, ECIES_R_VERIFY_MAC_FAILED); + goto err; + } + + /* + * decrypt ciphertext and output + */ + if (param->sym_cipher) + { + unsigned char iv[EVP_MAX_IV_LENGTH]; + memset(iv, 0, sizeof(iv)); + if (!EVP_DecryptInit(&ctx, param->sym_cipher, enckey, iv)) + { + ECIESerr(ECIES_F_ECIES_DO_DECRYPT, ECIES_R_DECRYPT_FAILED); + goto err; + } + p = out; + if (!EVP_DecryptUpdate(&ctx, p, &len, + cv->ciphertext->data, cv->ciphertext->length)) + { + ECIESerr(ECIES_F_ECIES_DO_DECRYPT, ECIES_R_DECRYPT_FAILED); + goto err; + } + p += len; + if (!EVP_DecryptFinal(&ctx, p, &len)) + { + ECIESerr(ECIES_F_ECIES_DO_DECRYPT, ECIES_R_DECRYPT_FAILED); + goto err; + } + p += len; + *outlen = (int)(p - out); + } + else + { + int i; + for (i = 0; i < cv->ciphertext->length; i++) + out[i] = cv->ciphertext->data[i] ^ enckey[i]; + *outlen = cv->ciphertext->length; + } + + r = 1; +err: + if (share) OPENSSL_free(share); + EVP_CIPHER_CTX_cleanup(&ctx); + if (ephem_point) EC_POINT_free(ephem_point); + + return r; +} + diff --git a/crypto/ecies/eciestest.c b/crypto/ecies/eciestest.c new file mode 100644 index 00000000..d93d2352 --- /dev/null +++ b/crypto/ecies/eciestest.c @@ -0,0 +1,123 @@ +#include +#include +#include +#include +#include +#include +#include "ecies.h" + +int ecies_test_ECIESParameters(void) +{ + int ret = 0; + + ECIES_PARAMS buffer; + ECIES_PARAMS *param = &buffer; + unsigned char *der = NULL; + int derlen; + unsigned char *p; + const unsigned char *cp; + + param->kdf_md = EVP_sha1(); + param->sym_cipher = NULL; + param->mac_md = EVP_sha1(); + + derlen = i2d_ECIESParameters(param, NULL); + if (derlen <= 0) { + fprintf(stderr, "test i2d_ECIESParameters failed test suite 1\n"); + goto end; + } + der = OPENSSL_malloc(derlen); + OPENSSL_assert(der); + p = der; + derlen = i2d_ECIESParameters(param, &p); + + param = NULL; + cp = der; + param = d2i_ECIESParameters(NULL, &cp, derlen); + if (!param) { + fprintf(stderr, "test d2i_ECIESParameters faild\n"); + goto end; + } + OPENSSL_free(param); + + param = NULL; + cp = der; + d2i_ECIESParameters(¶m, &cp, derlen); + if (!param) { + fprintf(stderr, "test failed\n"); + goto end; + } + + ret = 1; + +end: + return ret; +} + +void ecies_test(void) +{ + int r; + EC_GROUP *ec_group = NULL; + EC_KEY *ec_key = NULL; + ECIES_PARAMS params; + ECIES_PARAMS *param2 = NULL; + ECIES_CIPHERTEXT_VALUE *cv = NULL; + unsigned char buffer1[1024]; + unsigned char buffer2[1024]; + unsigned char buffer3[1024]; + unsigned char *der = NULL; + int derlen; + unsigned char *p; + const unsigned char *cp; + + ec_key = EC_KEY_new_by_curve_name(OBJ_sn2nid("secp192k1")); + OPENSSL_assert(ec_key); + r = EC_KEY_generate_key(ec_key); + assert(r); + + /* set ECIESParameters */ + params.kdf_md = EVP_sha1(); + params.sym_cipher = EVP_aes_128_cbc(); + params.mac_md = EVP_sha1(); + + derlen = i2d_ECIESParameters(¶ms, NULL); + printf("ECIESParameters DER length = %d\n", derlen); + + memset(buffer1, 0, sizeof(buffer1)); + strcpy((char *)buffer1, "hello"); + cv = ECIES_do_encrypt(¶ms, buffer1, strlen(buffer1) + 1, ec_key); + assert(cv); + + memset(buffer3, 0, sizeof(buffer3)); + if (!ECIES_do_decrypt(cv, ¶ms, buffer3, &derlen, ec_key)) { + ERR_print_errors_fp(stderr); + return; + } + + printf("decrypted plaintext length = %d\n", derlen); + printf("%s\n", buffer3); + + derlen = i2d_ECIES_CIPHERTEXT_VALUE(cv, NULL); + printf("ECIES Test: ECIES_CIPHERTEXT_VALUE DER encoding length = %d\n", derlen); + der = OPENSSL_malloc(derlen); + assert(der); + p = der; + i2d_ECIES_CIPHERTEXT_VALUE(cv, &p); + + ECIES_CIPHERTEXT_VALUE_free(cv); + cv = NULL; + + cp = der; + cv = d2i_ECIES_CIPHERTEXT_VALUE(NULL, &cp, derlen); + assert(cv); + + ecies_test_ECIESParameters(); + +} + +int main(int argc, char **argv) +{ + ecies_test(); + return 0; +} + diff --git a/crypto/ecies/kdf.h b/crypto/ecies/kdf.h new file mode 100644 index 00000000..67e019de --- /dev/null +++ b/crypto/ecies/kdf.h @@ -0,0 +1,23 @@ +#ifndef HEADER_KDF_H +#define HEADER_KDF_H + +#include + +#ifdef __cplusplus +extern "C" { +#endif + + +typedef void *(*KDF_FUNC)(const void *in, size_t inlen, void *out, size_t *outlen); + +KDF_FUNC KDF_get_x9_63(const EVP_MD *md); +KDF_FUNC KDF_get_nist_concatenation(void); +KDF_FUNC KDF_get_tls_kdf(void); +KDF_FUNC KDF_get_ikev2_kdf(void); + + +#ifdef __cplusplus +} +#endif +#endif + diff --git a/crypto/ecies/kdf_x9_63.c b/crypto/ecies/kdf_x9_63.c new file mode 100644 index 00000000..715cb228 --- /dev/null +++ b/crypto/ecies/kdf_x9_63.c @@ -0,0 +1,113 @@ +#include +#include "kdf.h" + + +#ifdef CPU_BIGENDIAN +#define cpu_to_be16(v) (v) +#define cpu_to_be32(v) (v) +#else +#define cpu_to_be16(v) ((v << 8) | (v >> 8)) +#define cpu_to_be32(v) ((cpu_to_be16(v) << 16) | cpu_to_be16(v >> 16)) +#endif + +static void *x963_kdf(const EVP_MD *md, const void *share, size_t sharelen, + void *key, size_t keylen) +{ + EVP_MD_CTX ctx; + unsigned int counter = 1; + unsigned int counter_be; + unsigned char dgst[EVP_MAX_MD_SIZE]; + unsigned int dgstlen; + int rlen = (int)keylen; + unsigned char *out = key; + + EVP_MD_CTX_init(&ctx); + + while (rlen > 0) { + counter_be = cpu_to_be32(counter); + counter++; + + EVP_DigestInit(&ctx, md); + EVP_DigestUpdate(&ctx, share, sharelen); + EVP_DigestUpdate(&ctx, (const void *)&counter_be, 4); + EVP_DigestFinal(&ctx, dgst, &dgstlen); + + memcpy(out, dgst, (int)dgstlen > rlen ? rlen : dgstlen); + rlen -= dgstlen; + out += dgstlen; + } + + EVP_MD_CTX_cleanup(&ctx); + return key; +} + +static void *x963_md5kdf(const void *share, size_t sharelen, + void *key, size_t *keylen) +{ + return x963_kdf(EVP_md5(), share, sharelen, key, *keylen); +} + +static void *x963_rmd160kdf(const void *share, size_t sharelen, + void *key, size_t *keylen) +{ + return x963_kdf(EVP_ripemd160(), share, sharelen, key, *keylen); +} + +static void *x963_sha1kdf(const void *share, size_t sharelen, + void *key, size_t *keylen) +{ + return x963_kdf(EVP_sha1(), share, sharelen, key, *keylen); +} + +static void *x963_sha224kdf(const void *share, size_t sharelen, + void *key, size_t *keylen) +{ + return x963_kdf(EVP_sha224(), share, sharelen, key, *keylen); +} + +static void *x963_sha256kdf(const void *share, size_t sharelen, + void *key, size_t *keylen) +{ + return x963_kdf(EVP_sha256(), share, sharelen, key, *keylen); +} + +static void *x963_sha384kdf(const void *share, size_t sharelen, + void *key, size_t *keylen) +{ + return x963_kdf(EVP_sha384(), share, sharelen, key, *keylen); +} + +static void *x963_sha512kdf(const void *share, size_t sharelen, + void *key, size_t *keylen) +{ + return x963_kdf(EVP_sha512(), share, sharelen, key, *keylen); +} + +static void *x963_sm3kdf(const void *share, size_t sharelen, + void *key, size_t *keylen) +{ + return x963_kdf(EVP_sm3(), share, sharelen, key, *keylen); +} + +KDF_FUNC KDF_get_x9_63(const EVP_MD *md) +{ + if (md == EVP_md5()) + return x963_md5kdf; + else if (md == EVP_ripemd160()) + return x963_rmd160kdf; + else if (md == EVP_sha1()) + return x963_sha1kdf; + else if (md == EVP_sha224()) + return x963_sha224kdf; + else if (md == EVP_sha256()) + return x963_sha256kdf; + else if (md == EVP_sha384()) + return x963_sha384kdf; + else if (md == EVP_sha512()) + return x963_sha512kdf; + else if (md == EVP_sm3()) + return x963_sm3kdf; + + return NULL; +} + diff --git a/crypto/err/err.h b/crypto/err/err.h index 585aa8ba..7e74703a 100644 --- a/crypto/err/err.h +++ b/crypto/err/err.h @@ -197,6 +197,7 @@ typedef struct err_state_st { # define ERR_LIB_TS 47 # define ERR_LIB_HMAC 48 # define ERR_LIB_JPAKE 49 +# define ERR_LIB_ECIES 50 # define ERR_LIB_USER 128 @@ -233,6 +234,7 @@ typedef struct err_state_st { # define TSerr(f,r) ERR_PUT_error(ERR_LIB_TS,(f),(r),__FILE__,__LINE__) # define HMACerr(f,r) ERR_PUT_error(ERR_LIB_HMAC,(f),(r),__FILE__,__LINE__) # define JPAKEerr(f,r) ERR_PUT_error(ERR_LIB_JPAKE,(f),(r),__FILE__,__LINE__) +# define ECIESerr(f,r) ERR_PUT_error(ERR_LIB_ECIES,(f),(r),__FILE__,__LINE__) /* * Borland C seems too stupid to be able to shift and do longs in the @@ -289,6 +291,7 @@ typedef struct err_state_st { # define ERR_R_ECDH_LIB ERR_LIB_ECDH/* 43 */ # define ERR_R_STORE_LIB ERR_LIB_STORE/* 44 */ # define ERR_R_TS_LIB ERR_LIB_TS/* 45 */ +# define ERR_R_EICES_LIB ERR_LIB_ECIES/* 50 */ # define ERR_R_NESTED_ASN1_ERROR 58 # define ERR_R_BAD_ASN1_OBJECT_HEADER 59 diff --git a/crypto/evp/c_allc.c b/crypto/evp/c_allc.c index 22430941..2de35085 100644 --- a/crypto/evp/c_allc.c +++ b/crypto/evp/c_allc.c @@ -165,8 +165,8 @@ void OpenSSL_add_all_ciphers(void) #ifndef OPENSSL_NO_SMS4 EVP_add_cipher(EVP_sms4_ecb()); - EVP_add_cipher(EVP_sms4_cfb128()); - EVP_add_cipher(EVP_sms4_ofb()); + //EVP_add_cipher(EVP_sms4_cfb128()); + //EVP_add_cipher(EVP_sms4_ofb()); EVP_add_cipher(EVP_sms4_cbc()); EVP_add_cipher_alias(SN_sms4_cbc,"SMS4"); EVP_add_cipher_alias(SN_sms4_cbc,"sms4"); diff --git a/crypto/objects/obj_dat.h b/crypto/objects/obj_dat.h index 491551d9..28b0d483 100644 --- a/crypto/objects/obj_dat.h +++ b/crypto/objects/obj_dat.h @@ -62,12 +62,12 @@ * [including the GNU Public Licence.] */ -#define NUM_NID 983 -#define NUM_SN 968 -#define NUM_LN 968 -#define NUM_OBJ 907 +#define NUM_NID 1000 +#define NUM_SN 985 +#define NUM_LN 985 +#define NUM_OBJ 924 -static const unsigned char lvalues[6386]={ +static const unsigned char lvalues[6483]={ 0x2A,0x86,0x48,0x86,0xF7,0x0D, /* [ 0] OBJ_rsadsi */ 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01, /* [ 6] OBJ_pkcs */ 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x02,0x02, /* [ 13] OBJ_md2 */ @@ -969,6 +969,23 @@ static const unsigned char lvalues[6386]={ 0x2A,0x81,0x1C,0xCF,0x55,0x01,0x68,0x02, /* [6361] OBJ_sms4_cbc */ 0x2A,0x81,0x1C,0xCF,0x55,0x01,0x68,0x04, /* [6369] OBJ_sms4_ofb128 */ 0x2A,0x81,0x1C,0xCF,0x55,0x01,0x68,0x03, /* [6377] OBJ_sms4_cfb128 */ +0x2B,0x81,0x04,0x01,0x07, /* [6385] OBJ_ecies_recommendedParameters */ +0x2B,0x81,0x04,0x01,0x08, /* [6390] OBJ_ecies_specifiedParameters */ +0x2B,0x81,0x04,0x01,0x11,0x00, /* [6395] OBJ_x9_63_kdf */ +0x2B,0x81,0x04,0x01,0x11,0x01, /* [6401] OBJ_nist_concatenation_kdf */ +0x2B,0x81,0x04,0x01,0x11,0x02, /* [6407] OBJ_tls_kdf */ +0x2B,0x81,0x04,0x01,0x11,0x03, /* [6413] OBJ_ikev2_kdf */ +0x2B,0x81,0x04,0x01,0x12, /* [6419] OBJ_xor_in_ecies */ +0x2B,0x81,0x04,0x01,0x14,0x00, /* [6424] OBJ_aes128_cbc_in_ecies */ +0x2B,0x81,0x04,0x01,0x14,0x01, /* [6430] OBJ_aes192_cbc_in_ecies */ +0x2B,0x81,0x04,0x01,0x14,0x02, /* [6436] OBJ_aes256_cbc_in_ecies */ +0x2B,0x81,0x04,0x01,0x15,0x00, /* [6442] OBJ_aes128_ctr_in_ecies */ +0x2B,0x81,0x04,0x01,0x15,0x01, /* [6448] OBJ_aes192_ctr_in_ecies */ +0x2B,0x81,0x04,0x01,0x15,0x02, /* [6454] OBJ_aes256_ctr_in_ecies */ +0x2B,0x81,0x04,0x01,0x16, /* [6460] OBJ_hmac_full_ecies */ +0x2B,0x81,0x04,0x01,0x17, /* [6465] OBJ_hmac_half_ecies */ +0x2B,0x81,0x04,0x01,0x18,0x00, /* [6470] OBJ_cmac_aes128_ecies */ +0x2B,0x81,0x04,0x01,0x18,0x01, /* [6476] OBJ_cmac_aes192_ecies */ }; static const ASN1_OBJECT nid_objs[NUM_NID]={ @@ -2560,6 +2577,36 @@ static const ASN1_OBJECT nid_objs[NUM_NID]={ {NULL,NULL,NID_undef,0,NULL,0}, {"SMS4-OFB","sms4-ofb",NID_sms4_ofb128,8,&(lvalues[6369]),0}, {"SMS4-CFB","sms4-cfb",NID_sms4_cfb128,8,&(lvalues[6377]),0}, +{"ecies-recommendedParameters","ecies-recommendedParameters", + NID_ecies_recommendedParameters,5,&(lvalues[6385]),0}, +{"ecies-specifiedParameters","ecies-specifiedParameters", + NID_ecies_specifiedParameters,5,&(lvalues[6390]),0}, +{"x9-63-kdf","x9-63-kdf",NID_x9_63_kdf,6,&(lvalues[6395]),0}, +{"nist-concatenation-kdf","nist-concatenation-kdf", + NID_nist_concatenation_kdf,6,&(lvalues[6401]),0}, +{"tls-kdf","tls-kdf",NID_tls_kdf,6,&(lvalues[6407]),0}, +{"ikev2-kdf","ikev2-kdf",NID_ikev2_kdf,6,&(lvalues[6413]),0}, +{"xor-in-ecies","xor-in-ecies",NID_xor_in_ecies,5,&(lvalues[6419]),0}, +{"aes128-cbc-in-ecies","aes128-cbc-in-ecies",NID_aes128_cbc_in_ecies, + 6,&(lvalues[6424]),0}, +{"aes192-cbc-in-ecies","aes192-cbc-in-ecies",NID_aes192_cbc_in_ecies, + 6,&(lvalues[6430]),0}, +{"aes256-cbc-in-ecies","aes256-cbc-in-ecies",NID_aes256_cbc_in_ecies, + 6,&(lvalues[6436]),0}, +{"aes128-ctr-in-ecies","aes128-ctr-in-ecies",NID_aes128_ctr_in_ecies, + 6,&(lvalues[6442]),0}, +{"aes192-ctr-in-ecies","aes192-ctr-in-ecies",NID_aes192_ctr_in_ecies, + 6,&(lvalues[6448]),0}, +{"aes256-ctr-in-ecies","aes256-ctr-in-ecies",NID_aes256_ctr_in_ecies, + 6,&(lvalues[6454]),0}, +{"hmac-full-ecies","hmac-full-ecies",NID_hmac_full_ecies,5, + &(lvalues[6460]),0}, +{"hmac-half-ecies","hmac-half-ecies",NID_hmac_half_ecies,5, + &(lvalues[6465]),0}, +{"cmac-aes128-ecies","cmac-aes128-ecies",NID_cmac_aes128_ecies,6, + &(lvalues[6470]),0}, +{"cmac-aes192-ecies","cmac-aes192-ecies",NID_cmac_aes192_ecies,6, + &(lvalues[6476]),0}, }; static const unsigned int sn_objs[NUM_SN]={ @@ -2774,6 +2821,12 @@ static const unsigned int sn_objs[NUM_SN]={ 368, /* "acceptableResponses" */ 446, /* "account" */ 363, /* "ad_timestamping" */ +990, /* "aes128-cbc-in-ecies" */ +993, /* "aes128-ctr-in-ecies" */ +991, /* "aes192-cbc-in-ecies" */ +994, /* "aes192-ctr-in-ecies" */ +992, /* "aes256-cbc-in-ecies" */ +995, /* "aes256-ctr-in-ecies" */ 376, /* "algorithm" */ 405, /* "ansi-X9-62" */ 910, /* "anyExtendedKeyUsage" */ @@ -2838,6 +2891,8 @@ static const unsigned int sn_objs[NUM_SN]={ 407, /* "characteristic-two-field" */ 395, /* "clearance" */ 130, /* "clientAuth" */ +998, /* "cmac-aes128-ecies" */ +999, /* "cmac-aes192-ecies" */ 131, /* "codeSigning" */ 50, /* "contentType" */ 53, /* "countersignature" */ @@ -2897,6 +2952,8 @@ static const unsigned int sn_objs[NUM_SN]={ 795, /* "ecdsa-with-SHA384" */ 796, /* "ecdsa-with-SHA512" */ 792, /* "ecdsa-with-Specified" */ +983, /* "ecies-recommendedParameters" */ +984, /* "ecies-specifiedParameters" */ 48, /* "emailAddress" */ 132, /* "emailProtection" */ 885, /* "enhancedSearchGuide" */ @@ -2920,6 +2977,8 @@ static const unsigned int sn_objs[NUM_SN]={ 814, /* "gost89-cnt" */ 812, /* "gost94" */ 850, /* "gost94cc" */ +996, /* "hmac-full-ecies" */ +997, /* "hmac-half-ecies" */ 797, /* "hmacWithMD5" */ 163, /* "hmacWithSHA1" */ 798, /* "hmacWithSHA224" */ @@ -3172,6 +3231,7 @@ static const unsigned int sn_objs[NUM_SN]={ 250, /* "id-smime-spq-ets-sqt-unotice" */ 249, /* "id-smime-spq-ets-sqt-uri" */ 676, /* "identified-organization" */ +988, /* "ikev2-kdf" */ 461, /* "info" */ 748, /* "inhibitAnyPolicy" */ 101, /* "initials" */ @@ -3216,6 +3276,7 @@ static const unsigned int sn_objs[NUM_SN]={ 481, /* "nSRecord" */ 173, /* "name" */ 666, /* "nameConstraints" */ +986, /* "nist-concatenation-kdf" */ 369, /* "noCheck" */ 403, /* "noRevAvail" */ 72, /* "nsBaseUrl" */ @@ -3503,6 +3564,7 @@ static const unsigned int sn_objs[NUM_SN]={ 293, /* "textNotice" */ 133, /* "timeStamping" */ 106, /* "title" */ +987, /* "tls-kdf" */ 682, /* "tpBasis" */ 375, /* "trustRoot" */ 436, /* "ucl" */ @@ -3531,6 +3593,8 @@ static const unsigned int sn_objs[NUM_SN]={ 503, /* "x500UniqueIdentifier" */ 158, /* "x509Certificate" */ 160, /* "x509Crl" */ +985, /* "x9-63-kdf" */ +989, /* "xor-in-ecies" */ }; static const unsigned int ln_objs[NUM_LN]={ @@ -3718,6 +3782,12 @@ static const unsigned int ln_objs[NUM_LN]={ 901, /* "aes-256-gcm" */ 428, /* "aes-256-ofb" */ 914, /* "aes-256-xts" */ +990, /* "aes128-cbc-in-ecies" */ +993, /* "aes128-ctr-in-ecies" */ +991, /* "aes192-cbc-in-ecies" */ +994, /* "aes192-ctr-in-ecies" */ +992, /* "aes256-cbc-in-ecies" */ +995, /* "aes256-ctr-in-ecies" */ 376, /* "algorithm" */ 484, /* "associatedDomain" */ 485, /* "associatedName" */ @@ -3797,6 +3867,8 @@ static const unsigned int ln_objs[NUM_LN]={ 395, /* "clearance" */ 633, /* "cleartext track 2" */ 894, /* "cmac" */ +998, /* "cmac-aes128-ecies" */ +999, /* "cmac-aes192-ecies" */ 13, /* "commonName" */ 513, /* "content types" */ 50, /* "contentType" */ @@ -3876,6 +3948,8 @@ static const unsigned int ln_objs[NUM_LN]={ 795, /* "ecdsa-with-SHA384" */ 796, /* "ecdsa-with-SHA512" */ 792, /* "ecdsa-with-Specified" */ +983, /* "ecies-recommendedParameters" */ +984, /* "ecies-specifiedParameters" */ 48, /* "emailAddress" */ 632, /* "encrypted track 2" */ 885, /* "enhancedSearchGuide" */ @@ -3891,6 +3965,8 @@ static const unsigned int ln_objs[NUM_LN]={ 99, /* "givenName" */ 814, /* "gost89-cnt" */ 855, /* "hmac" */ +996, /* "hmac-full-ecies" */ +997, /* "hmac-half-ecies" */ 780, /* "hmac-md5" */ 781, /* "hmac-sha1" */ 963, /* "hmac-sm3" */ @@ -4123,6 +4199,7 @@ static const unsigned int ln_objs[NUM_LN]={ 36, /* "idea-ecb" */ 46, /* "idea-ofb" */ 676, /* "identified-organization" */ +988, /* "ikev2-kdf" */ 461, /* "info" */ 101, /* "initials" */ 869, /* "internationaliSDNNumber" */ @@ -4165,6 +4242,7 @@ static const unsigned int ln_objs[NUM_LN]={ 488, /* "mobileTelephoneNumber" */ 481, /* "nSRecord" */ 173, /* "name" */ +986, /* "nist-concatenation-kdf" */ 681, /* "onBasis" */ 379, /* "org" */ 17, /* "organizationName" */ @@ -4472,6 +4550,7 @@ static const unsigned int ln_objs[NUM_LN]={ 459, /* "textEncodedORAddress" */ 293, /* "textNotice" */ 106, /* "title" */ +987, /* "tls-kdf" */ 682, /* "tpBasis" */ 436, /* "ucl" */ 0, /* "undefined" */ @@ -4501,6 +4580,8 @@ static const unsigned int ln_objs[NUM_LN]={ 503, /* "x500UniqueIdentifier" */ 158, /* "x509Certificate" */ 160, /* "x509Crl" */ +985, /* "x9-63-kdf" */ +989, /* "xor-in-ecies" */ 125, /* "zlib compression" */ }; @@ -4794,6 +4875,11 @@ static const unsigned int obj_objs[NUM_OBJ]={ 732, /* OBJ_sect409r1 1 3 132 0 37 */ 733, /* OBJ_sect571k1 1 3 132 0 38 */ 734, /* OBJ_sect571r1 1 3 132 0 39 */ +983, /* OBJ_ecies_recommendedParameters 1 3 132 1 7 */ +984, /* OBJ_ecies_specifiedParameters 1 3 132 1 8 */ +989, /* OBJ_xor_in_ecies 1 3 132 1 18 */ +996, /* OBJ_hmac_full_ecies 1 3 132 1 22 */ +997, /* OBJ_hmac_half_ecies 1 3 132 1 23 */ 624, /* OBJ_set_rootKeyThumb 2 23 42 3 0 0 */ 625, /* OBJ_set_addPolicy 2 23 42 3 0 1 */ 626, /* OBJ_setAttr_Token_EMV 2 23 42 3 2 1 */ @@ -4842,6 +4928,18 @@ static const unsigned int obj_objs[NUM_OBJ]={ 943, /* OBJ_dhSinglePass_cofactorDH_sha256kdf_scheme 1 3 132 1 14 1 */ 944, /* OBJ_dhSinglePass_cofactorDH_sha384kdf_scheme 1 3 132 1 14 2 */ 945, /* OBJ_dhSinglePass_cofactorDH_sha512kdf_scheme 1 3 132 1 14 3 */ +985, /* OBJ_x9_63_kdf 1 3 132 1 17 0 */ +986, /* OBJ_nist_concatenation_kdf 1 3 132 1 17 1 */ +987, /* OBJ_tls_kdf 1 3 132 1 17 2 */ +988, /* OBJ_ikev2_kdf 1 3 132 1 17 3 */ +990, /* OBJ_aes128_cbc_in_ecies 1 3 132 1 20 0 */ +991, /* OBJ_aes192_cbc_in_ecies 1 3 132 1 20 1 */ +992, /* OBJ_aes256_cbc_in_ecies 1 3 132 1 20 2 */ +993, /* OBJ_aes128_ctr_in_ecies 1 3 132 1 21 0 */ +994, /* OBJ_aes192_ctr_in_ecies 1 3 132 1 21 1 */ +995, /* OBJ_aes256_ctr_in_ecies 1 3 132 1 21 2 */ +998, /* OBJ_cmac_aes128_ecies 1 3 132 1 24 0 */ +999, /* OBJ_cmac_aes192_ecies 1 3 132 1 24 1 */ 631, /* OBJ_setAttr_GenCryptgrm 2 23 42 3 3 3 1 */ 632, /* OBJ_setAttr_T2Enc 2 23 42 3 3 4 1 */ 633, /* OBJ_setAttr_T2cleartxt 2 23 42 3 3 4 2 */ diff --git a/crypto/objects/obj_mac.h b/crypto/objects/obj_mac.h index 13dd473d..9e205f8f 100644 --- a/crypto/objects/obj_mac.h +++ b/crypto/objects/obj_mac.h @@ -4193,6 +4193,76 @@ #define NID_jurisdictionCountryName 957 #define OBJ_jurisdictionCountryName 1L,3L,6L,1L,4L,1L,311L,60L,2L,1L,3L +#define OBJ_secg_scheme OBJ_certicom_arc,1L + +#define SN_ecies_recommendedParameters "ecies-recommendedParameters" +#define NID_ecies_recommendedParameters 983 +#define OBJ_ecies_recommendedParameters OBJ_secg_scheme,7L + +#define SN_ecies_specifiedParameters "ecies-specifiedParameters" +#define NID_ecies_specifiedParameters 984 +#define OBJ_ecies_specifiedParameters OBJ_secg_scheme,8L + +#define SN_x9_63_kdf "x9-63-kdf" +#define NID_x9_63_kdf 985 +#define OBJ_x9_63_kdf OBJ_secg_scheme,17L,0L + +#define SN_nist_concatenation_kdf "nist-concatenation-kdf" +#define NID_nist_concatenation_kdf 986 +#define OBJ_nist_concatenation_kdf OBJ_secg_scheme,17L,1L + +#define SN_tls_kdf "tls-kdf" +#define NID_tls_kdf 987 +#define OBJ_tls_kdf OBJ_secg_scheme,17L,2L + +#define SN_ikev2_kdf "ikev2-kdf" +#define NID_ikev2_kdf 988 +#define OBJ_ikev2_kdf OBJ_secg_scheme,17L,3L + +#define SN_xor_in_ecies "xor-in-ecies" +#define NID_xor_in_ecies 989 +#define OBJ_xor_in_ecies OBJ_secg_scheme,18L + +#define SN_aes128_cbc_in_ecies "aes128-cbc-in-ecies" +#define NID_aes128_cbc_in_ecies 990 +#define OBJ_aes128_cbc_in_ecies OBJ_secg_scheme,20L,0L + +#define SN_aes192_cbc_in_ecies "aes192-cbc-in-ecies" +#define NID_aes192_cbc_in_ecies 991 +#define OBJ_aes192_cbc_in_ecies OBJ_secg_scheme,20L,1L + +#define SN_aes256_cbc_in_ecies "aes256-cbc-in-ecies" +#define NID_aes256_cbc_in_ecies 992 +#define OBJ_aes256_cbc_in_ecies OBJ_secg_scheme,20L,2L + +#define SN_aes128_ctr_in_ecies "aes128-ctr-in-ecies" +#define NID_aes128_ctr_in_ecies 993 +#define OBJ_aes128_ctr_in_ecies OBJ_secg_scheme,21L,0L + +#define SN_aes192_ctr_in_ecies "aes192-ctr-in-ecies" +#define NID_aes192_ctr_in_ecies 994 +#define OBJ_aes192_ctr_in_ecies OBJ_secg_scheme,21L,1L + +#define SN_aes256_ctr_in_ecies "aes256-ctr-in-ecies" +#define NID_aes256_ctr_in_ecies 995 +#define OBJ_aes256_ctr_in_ecies OBJ_secg_scheme,21L,2L + +#define SN_hmac_full_ecies "hmac-full-ecies" +#define NID_hmac_full_ecies 996 +#define OBJ_hmac_full_ecies OBJ_secg_scheme,22L + +#define SN_hmac_half_ecies "hmac-half-ecies" +#define NID_hmac_half_ecies 997 +#define OBJ_hmac_half_ecies OBJ_secg_scheme,23L + +#define SN_cmac_aes128_ecies "cmac-aes128-ecies" +#define NID_cmac_aes128_ecies 998 +#define OBJ_cmac_aes128_ecies OBJ_secg_scheme,24L,0L + +#define SN_cmac_aes192_ecies "cmac-aes192-ecies" +#define NID_cmac_aes192_ecies 999 +#define OBJ_cmac_aes192_ecies OBJ_secg_scheme,24L,1L + #define SN_ISO_CN "ISO-CN" #define LN_ISO_CN "ISO CN Member Body" #define NID_ISO_CN 960 diff --git a/crypto/objects/obj_mac.num b/crypto/objects/obj_mac.num index e2a66c73..f993f93e 100644 --- a/crypto/objects/obj_mac.num +++ b/crypto/objects/obj_mac.num @@ -980,3 +980,20 @@ sms4_cfb 979 sms4_ofb 980 sms4_ofb128 981 sms4_cfb128 982 +ecies_recommendedParameters 983 +ecies_specifiedParameters 984 +x9_63_kdf 985 +nist_concatenation_kdf 986 +tls_kdf 987 +ikev2_kdf 988 +xor_in_ecies 989 +aes128_cbc_in_ecies 990 +aes192_cbc_in_ecies 991 +aes256_cbc_in_ecies 992 +aes128_ctr_in_ecies 993 +aes192_ctr_in_ecies 994 +aes256_ctr_in_ecies 995 +hmac_full_ecies 996 +hmac_half_ecies 997 +cmac_aes128_ecies 998 +cmac_aes192_ecies 999 diff --git a/crypto/objects/objects.txt b/crypto/objects/objects.txt index 4e4b547e..5b44ef57 100644 --- a/crypto/objects/objects.txt +++ b/crypto/objects/objects.txt @@ -1349,6 +1349,29 @@ secg-scheme 14 3 : dhSinglePass-cofactorDH-sha512kdf-scheme 1 3 6 1 4 1 311 60 2 1 2 : jurisdictionST : jurisdictionStateOrProvinceName 1 3 6 1 4 1 311 60 2 1 3 : jurisdictionC : jurisdictionCountryName + +# ECIES OID +!Alias secg_scheme certicom-arc 1 +secg-scheme 7 : ecies-recommendedParameters +secg-scheme 8 : ecies-specifiedParameters +secg-scheme 17 0 : x9-63-kdf +secg-scheme 17 1 : nist-concatenation-kdf +secg-scheme 17 2 : tls-kdf +secg-scheme 17 3 : ikev2-kdf +secg-scheme 18 : xor-in-ecies +secg-scheme 20 0 : aes128-cbc-in-ecies +secg-scheme 20 1 : aes192-cbc-in-ecies +secg-scheme 20 2 : aes256-cbc-in-ecies +secg-scheme 21 0 : aes128-ctr-in-ecies +secg-scheme 21 1 : aes192-ctr-in-ecies +secg-scheme 21 2 : aes256-ctr-in-ecies +secg-scheme 22 : hmac-full-ecies +secg-scheme 23 : hmac-half-ecies +secg-scheme 24 0 : cmac-aes128-ecies +secg-scheme 24 1 : cmac-aes192-ecies + + + # SM: China National Cryptography Standards member-body 156 : ISO-CN : ISO CN Member Body ISO-CN 10197 : oscca diff --git a/crypto/opensslconf.h b/crypto/opensslconf.h index c8f498e8..937a2de5 100644 --- a/crypto/opensslconf.h +++ b/crypto/opensslconf.h @@ -109,8 +109,8 @@ extern "C" { #if !(defined(VMS) || defined(__VMS)) /* VMS uses logical names instead */ #if defined(HEADER_CRYPTLIB_H) && !defined(OPENSSLDIR) -#define ENGINESDIR "/usr/local/ssl/lib/engines" -#define OPENSSLDIR "/usr/local/ssl" +#define ENGINESDIR "/usr/local/lib/engines" +#define OPENSSLDIR "/usr/local/openssl" #endif #endif @@ -156,20 +156,20 @@ extern "C" { /* If this is set to 'unsigned int' on a DEC Alpha, this gives about a * %20 speed up (longs are 8 bytes, int's are 4). */ #ifndef DES_LONG -#define DES_LONG unsigned long +#define DES_LONG unsigned int #endif #endif #if defined(HEADER_BN_H) && !defined(CONFIG_HEADER_BN_H) #define CONFIG_HEADER_BN_H -#define BN_LLONG +#undef BN_LLONG /* Should we define BN_DIV2W here? */ /* Only one for the following should be defined */ -#undef SIXTY_FOUR_BIT_LONG +#define SIXTY_FOUR_BIT_LONG #undef SIXTY_FOUR_BIT -#define THIRTY_TWO_BIT +#undef THIRTY_TWO_BIT #endif #if defined(HEADER_RC4_LOCL_H) && !defined(CONFIG_HEADER_RC4_LOCL_H) @@ -181,7 +181,7 @@ extern "C" { #if defined(HEADER_BF_LOCL_H) && !defined(CONFIG_HEADER_BF_LOCL_H) #define CONFIG_HEADER_BF_LOCL_H -#define BF_PTR +#undef BF_PTR #endif /* HEADER_BF_LOCL_H */ #if defined(HEADER_DES_LOCL_H) && !defined(CONFIG_HEADER_DES_LOCL_H) diff --git a/include/openssl/ecies.h b/include/openssl/ecies.h new file mode 120000 index 00000000..9ad5f9e9 --- /dev/null +++ b/include/openssl/ecies.h @@ -0,0 +1 @@ +../../crypto/ecies/ecies.h \ No newline at end of file diff --git a/include/openssl/kdf.h b/include/openssl/kdf.h new file mode 120000 index 00000000..65eb0f45 --- /dev/null +++ b/include/openssl/kdf.h @@ -0,0 +1 @@ +../../crypto/ecies/kdf.h \ No newline at end of file diff --git a/test/eciestest.c b/test/eciestest.c new file mode 120000 index 00000000..7ec05e1f --- /dev/null +++ b/test/eciestest.c @@ -0,0 +1 @@ +../crypto/ecies/eciestest.c \ No newline at end of file diff --git a/tools/c_rehash b/tools/c_rehash index 1dceeb1d..89947c37 100644 --- a/tools/c_rehash +++ b/tools/c_rehash @@ -3,8 +3,8 @@ # Perl c_rehash script, scan all files in a directory # and add symbolic links to their hash values. -my $dir = "/usr/local/ssl"; -my $prefix = "/usr/local/ssl"; +my $dir = "/usr/local/openssl"; +my $prefix = "/usr/local"; my $openssl = $ENV{OPENSSL} || "openssl"; my $pwd; diff --git a/util/mkdef.pl b/util/mkdef.pl index b9b956e8..55e8d427 100755 --- a/util/mkdef.pl +++ b/util/mkdef.pl @@ -84,7 +84,7 @@ my @known_ossl_platforms = ( "VMS", "WIN16", "WIN32", "WINNT", "OS2" ); my @known_algorithms = ( "RC2", "RC4", "RC5", "IDEA", "DES", "BF", "CAST", "MD2", "MD4", "MD5", "SHA", "SHA0", "SHA1", "SHA256", "SHA512", "RIPEMD", "SM3", "SMS4", - "MDC2", "WHIRLPOOL", "RSA", "DSA", "DH", "EC", "ECDH", "ECDSA", "EC2M", + "MDC2", "WHIRLPOOL", "RSA", "DSA", "DH", "EC", "ECDH", "ECDSA", "EC2M", "ECIES", "HMAC", "AES", "CAMELLIA", "SEED", "GOST", # EC_NISTP_64_GCC_128 "EC_NISTP_64_GCC_128", @@ -318,6 +318,8 @@ $crypto.=" crypto/dsa/dsa.h" ; # unless $no_dsa; $crypto.=" crypto/dh/dh.h" ; # unless $no_dh; $crypto.=" crypto/ec/ec.h" ; # unless $no_ec; $crypto.=" crypto/ecdsa/ecdsa.h" ; # unless $no_ecdsa; +$crypto.=" crypto/ecies/ecies.h" ; +$crypto.=" crypto/ecies/kdf.h" ; $crypto.=" crypto/ecdh/ecdh.h" ; # unless $no_ecdh; $crypto.=" crypto/hmac/hmac.h" ; # unless $no_hmac; $crypto.=" crypto/cmac/cmac.h" ; # unless $no_hmac; diff --git a/util/mkfiles.pl b/util/mkfiles.pl index 324274e0..c94da577 100755 --- a/util/mkfiles.pl +++ b/util/mkfiles.pl @@ -38,6 +38,7 @@ my @dirs = ( "crypto/ec", "crypto/ecdh", "crypto/ecdsa", +"crypto/ecies", "crypto/buffer", "crypto/bio", "crypto/stack",