diff --git a/crypto/ec/ecp_nistz256-x86_64.s b/crypto/ec/ecp_nistz256-x86_64.s index 9bfbcba0..3a5eb65e 100644 --- a/crypto/ec/ecp_nistz256-x86_64.s +++ b/crypto/ec/ecp_nistz256-x86_64.s @@ -332,8 +332,6 @@ _ecp_nistz256_neg: .p2align 5 _ecp_nistz256_to_mont: - movl $524544,%ecx - andl _OPENSSL_ia32cap_P+8(%rip),%ecx leaq L$RR(%rip),%rdx jmp L$mul_mont @@ -348,8 +346,6 @@ _ecp_nistz256_to_mont: .p2align 5 _ecp_nistz256_mul_mont: - movl $524544,%ecx - andl _OPENSSL_ia32cap_P+8(%rip),%ecx L$mul_mont: pushq %rbp pushq %rbx @@ -357,8 +353,6 @@ L$mul_mont: pushq %r13 pushq %r14 pushq %r15 - cmpl $524544,%ecx - je L$mul_montx movq %rdx,%rbx movq 0(%rdx),%rax movq 0(%rsi),%r9 @@ -367,19 +361,6 @@ L$mul_mont: movq 24(%rsi),%r12 call __ecp_nistz256_mul_montq - jmp L$mul_mont_done - -.p2align 5 -L$mul_montx: - movq %rdx,%rbx - movq 0(%rdx),%rdx - movq 0(%rsi),%r9 - movq 8(%rsi),%r10 - movq 16(%rsi),%r11 - movq 24(%rsi),%r12 - leaq -128(%rsi),%rsi - - call __ecp_nistz256_mul_montx L$mul_mont_done: popq %r15 popq %r14 @@ -617,33 +598,18 @@ __ecp_nistz256_mul_montq: .p2align 5 _ecp_nistz256_sqr_mont: - movl $524544,%ecx - andl _OPENSSL_ia32cap_P+8(%rip),%ecx pushq %rbp pushq %rbx pushq %r12 pushq %r13 pushq %r14 pushq %r15 - cmpl $524544,%ecx - je L$sqr_montx movq 0(%rsi),%rax movq 8(%rsi),%r14 movq 16(%rsi),%r15 movq 24(%rsi),%r8 call __ecp_nistz256_sqr_montq - jmp L$sqr_mont_done - -.p2align 5 -L$sqr_montx: - movq 0(%rsi),%rdx - movq 8(%rsi),%r14 - movq 16(%rsi),%r15 - movq 24(%rsi),%r8 - leaq -128(%rsi),%rsi - - call __ecp_nistz256_sqr_montx L$sqr_mont_done: popq %r15 popq %r14 @@ -816,304 +782,6 @@ __ecp_nistz256_sqr_montq: .byte 0xf3,0xc3 -.p2align 5 -__ecp_nistz256_mul_montx: - - - mulxq %r9,%r8,%r9 - mulxq %r10,%rcx,%r10 - movq $32,%r14 - xorq %r13,%r13 - mulxq %r11,%rbp,%r11 - movq L$poly+24(%rip),%r15 - adcq %rcx,%r9 - mulxq %r12,%rcx,%r12 - movq %r8,%rdx - adcq %rbp,%r10 - shlxq %r14,%r8,%rbp - adcq %rcx,%r11 - shrxq %r14,%r8,%rcx - adcq $0,%r12 - - - - addq %rbp,%r9 - adcq %rcx,%r10 - - mulxq %r15,%rcx,%rbp - movq 8(%rbx),%rdx - adcq %rcx,%r11 - adcq %rbp,%r12 - adcq $0,%r13 - xorq %r8,%r8 - - - - mulxq 0+128(%rsi),%rcx,%rbp - adcxq %rcx,%r9 - adoxq %rbp,%r10 - - mulxq 8+128(%rsi),%rcx,%rbp - adcxq %rcx,%r10 - adoxq %rbp,%r11 - - mulxq 16+128(%rsi),%rcx,%rbp - adcxq %rcx,%r11 - adoxq %rbp,%r12 - - mulxq 24+128(%rsi),%rcx,%rbp - movq %r9,%rdx - adcxq %rcx,%r12 - shlxq %r14,%r9,%rcx - adoxq %rbp,%r13 - shrxq %r14,%r9,%rbp - - adcxq %r8,%r13 - adoxq %r8,%r8 - adcq $0,%r8 - - - - addq %rcx,%r10 - adcq %rbp,%r11 - - mulxq %r15,%rcx,%rbp - movq 16(%rbx),%rdx - adcq %rcx,%r12 - adcq %rbp,%r13 - adcq $0,%r8 - xorq %r9,%r9 - - - - mulxq 0+128(%rsi),%rcx,%rbp - adcxq %rcx,%r10 - adoxq %rbp,%r11 - - mulxq 8+128(%rsi),%rcx,%rbp - adcxq %rcx,%r11 - adoxq %rbp,%r12 - - mulxq 16+128(%rsi),%rcx,%rbp - adcxq %rcx,%r12 - adoxq %rbp,%r13 - - mulxq 24+128(%rsi),%rcx,%rbp - movq %r10,%rdx - adcxq %rcx,%r13 - shlxq %r14,%r10,%rcx - adoxq %rbp,%r8 - shrxq %r14,%r10,%rbp - - adcxq %r9,%r8 - adoxq %r9,%r9 - adcq $0,%r9 - - - - addq %rcx,%r11 - adcq %rbp,%r12 - - mulxq %r15,%rcx,%rbp - movq 24(%rbx),%rdx - adcq %rcx,%r13 - adcq %rbp,%r8 - adcq $0,%r9 - xorq %r10,%r10 - - - - mulxq 0+128(%rsi),%rcx,%rbp - adcxq %rcx,%r11 - adoxq %rbp,%r12 - - mulxq 8+128(%rsi),%rcx,%rbp - adcxq %rcx,%r12 - adoxq %rbp,%r13 - - mulxq 16+128(%rsi),%rcx,%rbp - adcxq %rcx,%r13 - adoxq %rbp,%r8 - - mulxq 24+128(%rsi),%rcx,%rbp - movq %r11,%rdx - adcxq %rcx,%r8 - shlxq %r14,%r11,%rcx - adoxq %rbp,%r9 - shrxq %r14,%r11,%rbp - - adcxq %r10,%r9 - adoxq %r10,%r10 - adcq $0,%r10 - - - - addq %rcx,%r12 - adcq %rbp,%r13 - - mulxq %r15,%rcx,%rbp - movq %r12,%rbx - movq L$poly+8(%rip),%r14 - adcq %rcx,%r8 - movq %r13,%rdx - adcq %rbp,%r9 - adcq $0,%r10 - - - - xorl %eax,%eax - movq %r8,%rcx - sbbq $-1,%r12 - sbbq %r14,%r13 - sbbq $0,%r8 - movq %r9,%rbp - sbbq %r15,%r9 - sbbq $0,%r10 - - cmovcq %rbx,%r12 - cmovcq %rdx,%r13 - movq %r12,0(%rdi) - cmovcq %rcx,%r8 - movq %r13,8(%rdi) - cmovcq %rbp,%r9 - movq %r8,16(%rdi) - movq %r9,24(%rdi) - - .byte 0xf3,0xc3 - - - -.p2align 5 -__ecp_nistz256_sqr_montx: - mulxq %r14,%r9,%r10 - mulxq %r15,%rcx,%r11 - xorl %eax,%eax - adcq %rcx,%r10 - mulxq %r8,%rbp,%r12 - movq %r14,%rdx - adcq %rbp,%r11 - adcq $0,%r12 - xorq %r13,%r13 - - - mulxq %r15,%rcx,%rbp - adcxq %rcx,%r11 - adoxq %rbp,%r12 - - mulxq %r8,%rcx,%rbp - movq %r15,%rdx - adcxq %rcx,%r12 - adoxq %rbp,%r13 - adcq $0,%r13 - - - mulxq %r8,%rcx,%r14 - movq 0+128(%rsi),%rdx - xorq %r15,%r15 - adcxq %r9,%r9 - adoxq %rcx,%r13 - adcxq %r10,%r10 - adoxq %r15,%r14 - - mulxq %rdx,%r8,%rbp - movq 8+128(%rsi),%rdx - adcxq %r11,%r11 - adoxq %rbp,%r9 - adcxq %r12,%r12 - mulxq %rdx,%rcx,%rax - movq 16+128(%rsi),%rdx - adcxq %r13,%r13 - adoxq %rcx,%r10 - adcxq %r14,%r14 -.byte 0x67 - mulxq %rdx,%rcx,%rbp - movq 24+128(%rsi),%rdx - adoxq %rax,%r11 - adcxq %r15,%r15 - adoxq %rcx,%r12 - movq $32,%rsi - adoxq %rbp,%r13 -.byte 0x67,0x67 - mulxq %rdx,%rcx,%rax - movq %r8,%rdx - adoxq %rcx,%r14 - shlxq %rsi,%r8,%rcx - adoxq %rax,%r15 - shrxq %rsi,%r8,%rax - movq L$poly+24(%rip),%rbp - - - addq %rcx,%r9 - adcq %rax,%r10 - - mulxq %rbp,%rcx,%r8 - movq %r9,%rdx - adcq %rcx,%r11 - shlxq %rsi,%r9,%rcx - adcq $0,%r8 - shrxq %rsi,%r9,%rax - - - addq %rcx,%r10 - adcq %rax,%r11 - - mulxq %rbp,%rcx,%r9 - movq %r10,%rdx - adcq %rcx,%r8 - shlxq %rsi,%r10,%rcx - adcq $0,%r9 - shrxq %rsi,%r10,%rax - - - addq %rcx,%r11 - adcq %rax,%r8 - - mulxq %rbp,%rcx,%r10 - movq %r11,%rdx - adcq %rcx,%r9 - shlxq %rsi,%r11,%rcx - adcq $0,%r10 - shrxq %rsi,%r11,%rax - - - addq %rcx,%r8 - adcq %rax,%r9 - - mulxq %rbp,%rcx,%r11 - adcq %rcx,%r10 - adcq $0,%r11 - - xorq %rdx,%rdx - adcq %r8,%r12 - movq L$poly+8(%rip),%rsi - adcq %r9,%r13 - movq %r12,%r8 - adcq %r10,%r14 - adcq %r11,%r15 - movq %r13,%r9 - adcq $0,%rdx - - xorl %eax,%eax - sbbq $-1,%r12 - movq %r14,%r10 - sbbq %rsi,%r13 - sbbq $0,%r14 - movq %r15,%r11 - sbbq %rbp,%r15 - sbbq $0,%rdx - - cmovcq %r8,%r12 - cmovcq %r9,%r13 - movq %r12,0(%rdi) - cmovcq %r10,%r14 - movq %r13,8(%rdi) - cmovcq %r11,%r15 - movq %r14,16(%rdi) - movq %r15,24(%rdi) - - .byte 0xf3,0xc3 - - @@ -1215,9 +883,6 @@ _ecp_nistz256_from_mont: .p2align 5 _ecp_nistz256_select_w5: - movl _OPENSSL_ia32cap_P+8(%rip),%eax - testl $32,%eax - jnz L$avx2_select_w5 movdqa L$One(%rip),%xmm0 movd %edx,%xmm1 @@ -1277,9 +942,6 @@ L$select_loop_sse_w5: .p2align 5 _ecp_nistz256_select_w7: - movl _OPENSSL_ia32cap_P+8(%rip),%eax - testl $32,%eax - jnz L$avx2_select_w7 movdqa L$One(%rip),%xmm8 movd %edx,%xmm1 @@ -1321,141 +983,11 @@ L$select_loop_sse_w7: movdqu %xmm5,48(%rdi) .byte 0xf3,0xc3 - - - -.p2align 5 -ecp_nistz256_avx2_select_w5: -L$avx2_select_w5: - vzeroupper - vmovdqa L$Two(%rip),%ymm0 - - vpxor %ymm2,%ymm2,%ymm2 - vpxor %ymm3,%ymm3,%ymm3 - vpxor %ymm4,%ymm4,%ymm4 - - vmovdqa L$One(%rip),%ymm5 - vmovdqa L$Two(%rip),%ymm10 - - vmovd %edx,%xmm1 - vpermd %ymm1,%ymm2,%ymm1 - - movq $8,%rax -L$select_loop_avx2_w5: - - vmovdqa 0(%rsi),%ymm6 - vmovdqa 32(%rsi),%ymm7 - vmovdqa 64(%rsi),%ymm8 - - vmovdqa 96(%rsi),%ymm11 - vmovdqa 128(%rsi),%ymm12 - vmovdqa 160(%rsi),%ymm13 - - vpcmpeqd %ymm1,%ymm5,%ymm9 - vpcmpeqd %ymm1,%ymm10,%ymm14 - - vpaddd %ymm0,%ymm5,%ymm5 - vpaddd %ymm0,%ymm10,%ymm10 - leaq 192(%rsi),%rsi - - vpand %ymm9,%ymm6,%ymm6 - vpand %ymm9,%ymm7,%ymm7 - vpand %ymm9,%ymm8,%ymm8 - vpand %ymm14,%ymm11,%ymm11 - vpand %ymm14,%ymm12,%ymm12 - vpand %ymm14,%ymm13,%ymm13 - - vpxor %ymm6,%ymm2,%ymm2 - vpxor %ymm7,%ymm3,%ymm3 - vpxor %ymm8,%ymm4,%ymm4 - vpxor %ymm11,%ymm2,%ymm2 - vpxor %ymm12,%ymm3,%ymm3 - vpxor %ymm13,%ymm4,%ymm4 - - decq %rax - jnz L$select_loop_avx2_w5 - - vmovdqu %ymm2,0(%rdi) - vmovdqu %ymm3,32(%rdi) - vmovdqu %ymm4,64(%rdi) - vzeroupper - .byte 0xf3,0xc3 - - - - .globl _ecp_nistz256_avx2_select_w7 .p2align 5 _ecp_nistz256_avx2_select_w7: -L$avx2_select_w7: - vzeroupper - vmovdqa L$Three(%rip),%ymm0 - - vpxor %ymm2,%ymm2,%ymm2 - vpxor %ymm3,%ymm3,%ymm3 - - vmovdqa L$One(%rip),%ymm4 - vmovdqa L$Two(%rip),%ymm8 - vmovdqa L$Three(%rip),%ymm12 - - vmovd %edx,%xmm1 - vpermd %ymm1,%ymm2,%ymm1 - - - movq $21,%rax -L$select_loop_avx2_w7: - - vmovdqa 0(%rsi),%ymm5 - vmovdqa 32(%rsi),%ymm6 - - vmovdqa 64(%rsi),%ymm9 - vmovdqa 96(%rsi),%ymm10 - - vmovdqa 128(%rsi),%ymm13 - vmovdqa 160(%rsi),%ymm14 - - vpcmpeqd %ymm1,%ymm4,%ymm7 - vpcmpeqd %ymm1,%ymm8,%ymm11 - vpcmpeqd %ymm1,%ymm12,%ymm15 - - vpaddd %ymm0,%ymm4,%ymm4 - vpaddd %ymm0,%ymm8,%ymm8 - vpaddd %ymm0,%ymm12,%ymm12 - leaq 192(%rsi),%rsi - - vpand %ymm7,%ymm5,%ymm5 - vpand %ymm7,%ymm6,%ymm6 - vpand %ymm11,%ymm9,%ymm9 - vpand %ymm11,%ymm10,%ymm10 - vpand %ymm15,%ymm13,%ymm13 - vpand %ymm15,%ymm14,%ymm14 - - vpxor %ymm5,%ymm2,%ymm2 - vpxor %ymm6,%ymm3,%ymm3 - vpxor %ymm9,%ymm2,%ymm2 - vpxor %ymm10,%ymm3,%ymm3 - vpxor %ymm13,%ymm2,%ymm2 - vpxor %ymm14,%ymm3,%ymm3 - - decq %rax - jnz L$select_loop_avx2_w7 - - - vmovdqa 0(%rsi),%ymm5 - vmovdqa 32(%rsi),%ymm6 - - vpcmpeqd %ymm1,%ymm4,%ymm7 - - vpand %ymm7,%ymm5,%ymm5 - vpand %ymm7,%ymm6,%ymm6 - - vpxor %ymm5,%ymm2,%ymm2 - vpxor %ymm6,%ymm3,%ymm3 - - vmovdqu %ymm2,0(%rdi) - vmovdqu %ymm3,32(%rdi) - vzeroupper +.byte 0x0f,0x0b .byte 0xf3,0xc3 @@ -1581,10 +1113,6 @@ __ecp_nistz256_mul_by_2q: .p2align 5 _ecp_nistz256_point_double: - movl $524544,%ecx - andl _OPENSSL_ia32cap_P+8(%rip),%ecx - cmpl $524544,%ecx - je L$point_doublex pushq %rbp pushq %rbx pushq %r12 @@ -1786,10 +1314,6 @@ _ecp_nistz256_point_double: .p2align 5 _ecp_nistz256_point_add: - movl $524544,%ecx - andl _OPENSSL_ia32cap_P+8(%rip),%ecx - cmpl $524544,%ecx - je L$point_addx pushq %rbp pushq %rbx pushq %r12 @@ -2179,10 +1703,6 @@ L$add_doneq: .p2align 5 _ecp_nistz256_point_add_affine: - movl $524544,%ecx - andl _OPENSSL_ia32cap_P+8(%rip),%ecx - cmpl $524544,%ecx - je L$point_add_affinex pushq %rbp pushq %rbx pushq %r12 @@ -2482,1023 +2002,3 @@ _ecp_nistz256_point_add_affine: popq %rbp .byte 0xf3,0xc3 - -.p2align 5 -__ecp_nistz256_add_tox: - xorq %r11,%r11 - adcq 0(%rbx),%r12 - adcq 8(%rbx),%r13 - movq %r12,%rax - adcq 16(%rbx),%r8 - adcq 24(%rbx),%r9 - movq %r13,%rbp - adcq $0,%r11 - - xorq %r10,%r10 - sbbq $-1,%r12 - movq %r8,%rcx - sbbq %r14,%r13 - sbbq $0,%r8 - movq %r9,%r10 - sbbq %r15,%r9 - - btq $0,%r11 - cmovncq %rax,%r12 - cmovncq %rbp,%r13 - movq %r12,0(%rdi) - cmovncq %rcx,%r8 - movq %r13,8(%rdi) - cmovncq %r10,%r9 - movq %r8,16(%rdi) - movq %r9,24(%rdi) - - .byte 0xf3,0xc3 - - - -.p2align 5 -__ecp_nistz256_sub_fromx: - xorq %r11,%r11 - sbbq 0(%rbx),%r12 - sbbq 8(%rbx),%r13 - movq %r12,%rax - sbbq 16(%rbx),%r8 - sbbq 24(%rbx),%r9 - movq %r13,%rbp - sbbq $0,%r11 - - xorq %r10,%r10 - adcq $-1,%r12 - movq %r8,%rcx - adcq %r14,%r13 - adcq $0,%r8 - movq %r9,%r10 - adcq %r15,%r9 - - btq $0,%r11 - cmovncq %rax,%r12 - cmovncq %rbp,%r13 - movq %r12,0(%rdi) - cmovncq %rcx,%r8 - movq %r13,8(%rdi) - cmovncq %r10,%r9 - movq %r8,16(%rdi) - movq %r9,24(%rdi) - - .byte 0xf3,0xc3 - - - -.p2align 5 -__ecp_nistz256_subx: - xorq %r11,%r11 - sbbq %r12,%rax - sbbq %r13,%rbp - movq %rax,%r12 - sbbq %r8,%rcx - sbbq %r9,%r10 - movq %rbp,%r13 - sbbq $0,%r11 - - xorq %r9,%r9 - adcq $-1,%rax - movq %rcx,%r8 - adcq %r14,%rbp - adcq $0,%rcx - movq %r10,%r9 - adcq %r15,%r10 - - btq $0,%r11 - cmovcq %rax,%r12 - cmovcq %rbp,%r13 - cmovcq %rcx,%r8 - cmovcq %r10,%r9 - - .byte 0xf3,0xc3 - - - -.p2align 5 -__ecp_nistz256_mul_by_2x: - xorq %r11,%r11 - adcq %r12,%r12 - adcq %r13,%r13 - movq %r12,%rax - adcq %r8,%r8 - adcq %r9,%r9 - movq %r13,%rbp - adcq $0,%r11 - - xorq %r10,%r10 - sbbq $-1,%r12 - movq %r8,%rcx - sbbq %r14,%r13 - sbbq $0,%r8 - movq %r9,%r10 - sbbq %r15,%r9 - - btq $0,%r11 - cmovncq %rax,%r12 - cmovncq %rbp,%r13 - movq %r12,0(%rdi) - cmovncq %rcx,%r8 - movq %r13,8(%rdi) - cmovncq %r10,%r9 - movq %r8,16(%rdi) - movq %r9,24(%rdi) - - .byte 0xf3,0xc3 - - -.p2align 5 -ecp_nistz256_point_doublex: -L$point_doublex: - pushq %rbp - pushq %rbx - pushq %r12 - pushq %r13 - pushq %r14 - pushq %r15 - subq $160+8,%rsp - - movdqu 0(%rsi),%xmm0 - movq %rsi,%rbx - movdqu 16(%rsi),%xmm1 - movq 32+0(%rsi),%r12 - movq 32+8(%rsi),%r13 - movq 32+16(%rsi),%r8 - movq 32+24(%rsi),%r9 - movq L$poly+8(%rip),%r14 - movq L$poly+24(%rip),%r15 - movdqa %xmm0,96(%rsp) - movdqa %xmm1,96+16(%rsp) - leaq 32(%rdi),%r10 - leaq 64(%rdi),%r11 -.byte 102,72,15,110,199 -.byte 102,73,15,110,202 -.byte 102,73,15,110,211 - - leaq 0(%rsp),%rdi - call __ecp_nistz256_mul_by_2x - - movq 64+0(%rsi),%rdx - movq 64+8(%rsi),%r14 - movq 64+16(%rsi),%r15 - movq 64+24(%rsi),%r8 - leaq 64-128(%rsi),%rsi - leaq 64(%rsp),%rdi - call __ecp_nistz256_sqr_montx - - movq 0+0(%rsp),%rdx - movq 8+0(%rsp),%r14 - leaq -128+0(%rsp),%rsi - movq 16+0(%rsp),%r15 - movq 24+0(%rsp),%r8 - leaq 0(%rsp),%rdi - call __ecp_nistz256_sqr_montx - - movq 32(%rbx),%rdx - movq 64+0(%rbx),%r9 - movq 64+8(%rbx),%r10 - movq 64+16(%rbx),%r11 - movq 64+24(%rbx),%r12 - leaq 64-128(%rbx),%rsi - leaq 32(%rbx),%rbx -.byte 102,72,15,126,215 - call __ecp_nistz256_mul_montx - call __ecp_nistz256_mul_by_2x - - movq 96+0(%rsp),%r12 - movq 96+8(%rsp),%r13 - leaq 64(%rsp),%rbx - movq 96+16(%rsp),%r8 - movq 96+24(%rsp),%r9 - leaq 32(%rsp),%rdi - call __ecp_nistz256_add_tox - - movq 96+0(%rsp),%r12 - movq 96+8(%rsp),%r13 - leaq 64(%rsp),%rbx - movq 96+16(%rsp),%r8 - movq 96+24(%rsp),%r9 - leaq 64(%rsp),%rdi - call __ecp_nistz256_sub_fromx - - movq 0+0(%rsp),%rdx - movq 8+0(%rsp),%r14 - leaq -128+0(%rsp),%rsi - movq 16+0(%rsp),%r15 - movq 24+0(%rsp),%r8 -.byte 102,72,15,126,207 - call __ecp_nistz256_sqr_montx - xorq %r9,%r9 - movq %r12,%rax - addq $-1,%r12 - movq %r13,%r10 - adcq %rsi,%r13 - movq %r14,%rcx - adcq $0,%r14 - movq %r15,%r8 - adcq %rbp,%r15 - adcq $0,%r9 - xorq %rsi,%rsi - testq $1,%rax - - cmovzq %rax,%r12 - cmovzq %r10,%r13 - cmovzq %rcx,%r14 - cmovzq %r8,%r15 - cmovzq %rsi,%r9 - - movq %r13,%rax - shrq $1,%r12 - shlq $63,%rax - movq %r14,%r10 - shrq $1,%r13 - orq %rax,%r12 - shlq $63,%r10 - movq %r15,%rcx - shrq $1,%r14 - orq %r10,%r13 - shlq $63,%rcx - movq %r12,0(%rdi) - shrq $1,%r15 - movq %r13,8(%rdi) - shlq $63,%r9 - orq %rcx,%r14 - orq %r9,%r15 - movq %r14,16(%rdi) - movq %r15,24(%rdi) - movq 64(%rsp),%rdx - leaq 64(%rsp),%rbx - movq 0+32(%rsp),%r9 - movq 8+32(%rsp),%r10 - leaq -128+32(%rsp),%rsi - movq 16+32(%rsp),%r11 - movq 24+32(%rsp),%r12 - leaq 32(%rsp),%rdi - call __ecp_nistz256_mul_montx - - leaq 128(%rsp),%rdi - call __ecp_nistz256_mul_by_2x - - leaq 32(%rsp),%rbx - leaq 32(%rsp),%rdi - call __ecp_nistz256_add_tox - - movq 96(%rsp),%rdx - leaq 96(%rsp),%rbx - movq 0+0(%rsp),%r9 - movq 8+0(%rsp),%r10 - leaq -128+0(%rsp),%rsi - movq 16+0(%rsp),%r11 - movq 24+0(%rsp),%r12 - leaq 0(%rsp),%rdi - call __ecp_nistz256_mul_montx - - leaq 128(%rsp),%rdi - call __ecp_nistz256_mul_by_2x - - movq 0+32(%rsp),%rdx - movq 8+32(%rsp),%r14 - leaq -128+32(%rsp),%rsi - movq 16+32(%rsp),%r15 - movq 24+32(%rsp),%r8 -.byte 102,72,15,126,199 - call __ecp_nistz256_sqr_montx - - leaq 128(%rsp),%rbx - movq %r14,%r8 - movq %r15,%r9 - movq %rsi,%r14 - movq %rbp,%r15 - call __ecp_nistz256_sub_fromx - - movq 0+0(%rsp),%rax - movq 0+8(%rsp),%rbp - movq 0+16(%rsp),%rcx - movq 0+24(%rsp),%r10 - leaq 0(%rsp),%rdi - call __ecp_nistz256_subx - - movq 32(%rsp),%rdx - leaq 32(%rsp),%rbx - movq %r12,%r14 - xorl %ecx,%ecx - movq %r12,0+0(%rsp) - movq %r13,%r10 - movq %r13,0+8(%rsp) - cmovzq %r8,%r11 - movq %r8,0+16(%rsp) - leaq 0-128(%rsp),%rsi - cmovzq %r9,%r12 - movq %r9,0+24(%rsp) - movq %r14,%r9 - leaq 0(%rsp),%rdi - call __ecp_nistz256_mul_montx - -.byte 102,72,15,126,203 -.byte 102,72,15,126,207 - call __ecp_nistz256_sub_fromx - - addq $160+8,%rsp - popq %r15 - popq %r14 - popq %r13 - popq %r12 - popq %rbx - popq %rbp - .byte 0xf3,0xc3 - - -.p2align 5 -ecp_nistz256_point_addx: -L$point_addx: - pushq %rbp - pushq %rbx - pushq %r12 - pushq %r13 - pushq %r14 - pushq %r15 - subq $576+8,%rsp - - movdqu 0(%rsi),%xmm0 - movdqu 16(%rsi),%xmm1 - movdqu 32(%rsi),%xmm2 - movdqu 48(%rsi),%xmm3 - movdqu 64(%rsi),%xmm4 - movdqu 80(%rsi),%xmm5 - movq %rsi,%rbx - movq %rdx,%rsi - movdqa %xmm0,384(%rsp) - movdqa %xmm1,384+16(%rsp) - por %xmm0,%xmm1 - movdqa %xmm2,416(%rsp) - movdqa %xmm3,416+16(%rsp) - por %xmm2,%xmm3 - movdqa %xmm4,448(%rsp) - movdqa %xmm5,448+16(%rsp) - por %xmm1,%xmm3 - - movdqu 0(%rsi),%xmm0 - pshufd $177,%xmm3,%xmm5 - movdqu 16(%rsi),%xmm1 - movdqu 32(%rsi),%xmm2 - por %xmm3,%xmm5 - movdqu 48(%rsi),%xmm3 - movq 64+0(%rsi),%rdx - movq 64+8(%rsi),%r14 - movq 64+16(%rsi),%r15 - movq 64+24(%rsi),%r8 - movdqa %xmm0,480(%rsp) - pshufd $30,%xmm5,%xmm4 - movdqa %xmm1,480+16(%rsp) - por %xmm0,%xmm1 -.byte 102,72,15,110,199 - movdqa %xmm2,512(%rsp) - movdqa %xmm3,512+16(%rsp) - por %xmm2,%xmm3 - por %xmm4,%xmm5 - pxor %xmm4,%xmm4 - por %xmm1,%xmm3 - - leaq 64-128(%rsi),%rsi - movq %rdx,544+0(%rsp) - movq %r14,544+8(%rsp) - movq %r15,544+16(%rsp) - movq %r8,544+24(%rsp) - leaq 96(%rsp),%rdi - call __ecp_nistz256_sqr_montx - - pcmpeqd %xmm4,%xmm5 - pshufd $177,%xmm3,%xmm4 - por %xmm3,%xmm4 - pshufd $0,%xmm5,%xmm5 - pshufd $30,%xmm4,%xmm3 - por %xmm3,%xmm4 - pxor %xmm3,%xmm3 - pcmpeqd %xmm3,%xmm4 - pshufd $0,%xmm4,%xmm4 - movq 64+0(%rbx),%rdx - movq 64+8(%rbx),%r14 - movq 64+16(%rbx),%r15 - movq 64+24(%rbx),%r8 - - leaq 64-128(%rbx),%rsi - leaq 32(%rsp),%rdi - call __ecp_nistz256_sqr_montx - - movq 544(%rsp),%rdx - leaq 544(%rsp),%rbx - movq 0+96(%rsp),%r9 - movq 8+96(%rsp),%r10 - leaq -128+96(%rsp),%rsi - movq 16+96(%rsp),%r11 - movq 24+96(%rsp),%r12 - leaq 224(%rsp),%rdi - call __ecp_nistz256_mul_montx - - movq 448(%rsp),%rdx - leaq 448(%rsp),%rbx - movq 0+32(%rsp),%r9 - movq 8+32(%rsp),%r10 - leaq -128+32(%rsp),%rsi - movq 16+32(%rsp),%r11 - movq 24+32(%rsp),%r12 - leaq 256(%rsp),%rdi - call __ecp_nistz256_mul_montx - - movq 416(%rsp),%rdx - leaq 416(%rsp),%rbx - movq 0+224(%rsp),%r9 - movq 8+224(%rsp),%r10 - leaq -128+224(%rsp),%rsi - movq 16+224(%rsp),%r11 - movq 24+224(%rsp),%r12 - leaq 224(%rsp),%rdi - call __ecp_nistz256_mul_montx - - movq 512(%rsp),%rdx - leaq 512(%rsp),%rbx - movq 0+256(%rsp),%r9 - movq 8+256(%rsp),%r10 - leaq -128+256(%rsp),%rsi - movq 16+256(%rsp),%r11 - movq 24+256(%rsp),%r12 - leaq 256(%rsp),%rdi - call __ecp_nistz256_mul_montx - - leaq 224(%rsp),%rbx - leaq 64(%rsp),%rdi - call __ecp_nistz256_sub_fromx - - orq %r13,%r12 - movdqa %xmm4,%xmm2 - orq %r8,%r12 - orq %r9,%r12 - por %xmm5,%xmm2 -.byte 102,73,15,110,220 - - movq 384(%rsp),%rdx - leaq 384(%rsp),%rbx - movq 0+96(%rsp),%r9 - movq 8+96(%rsp),%r10 - leaq -128+96(%rsp),%rsi - movq 16+96(%rsp),%r11 - movq 24+96(%rsp),%r12 - leaq 160(%rsp),%rdi - call __ecp_nistz256_mul_montx - - movq 480(%rsp),%rdx - leaq 480(%rsp),%rbx - movq 0+32(%rsp),%r9 - movq 8+32(%rsp),%r10 - leaq -128+32(%rsp),%rsi - movq 16+32(%rsp),%r11 - movq 24+32(%rsp),%r12 - leaq 192(%rsp),%rdi - call __ecp_nistz256_mul_montx - - leaq 160(%rsp),%rbx - leaq 0(%rsp),%rdi - call __ecp_nistz256_sub_fromx - - orq %r13,%r12 - orq %r8,%r12 - orq %r9,%r12 - -.byte 0x3e - jnz L$add_proceedx -.byte 102,73,15,126,208 -.byte 102,73,15,126,217 - testq %r8,%r8 - jnz L$add_proceedx - testq %r9,%r9 - jz L$add_proceedx - -.byte 102,72,15,126,199 - pxor %xmm0,%xmm0 - movdqu %xmm0,0(%rdi) - movdqu %xmm0,16(%rdi) - movdqu %xmm0,32(%rdi) - movdqu %xmm0,48(%rdi) - movdqu %xmm0,64(%rdi) - movdqu %xmm0,80(%rdi) - jmp L$add_donex - -.p2align 5 -L$add_proceedx: - movq 0+64(%rsp),%rdx - movq 8+64(%rsp),%r14 - leaq -128+64(%rsp),%rsi - movq 16+64(%rsp),%r15 - movq 24+64(%rsp),%r8 - leaq 96(%rsp),%rdi - call __ecp_nistz256_sqr_montx - - movq 448(%rsp),%rdx - leaq 448(%rsp),%rbx - movq 0+0(%rsp),%r9 - movq 8+0(%rsp),%r10 - leaq -128+0(%rsp),%rsi - movq 16+0(%rsp),%r11 - movq 24+0(%rsp),%r12 - leaq 352(%rsp),%rdi - call __ecp_nistz256_mul_montx - - movq 0+0(%rsp),%rdx - movq 8+0(%rsp),%r14 - leaq -128+0(%rsp),%rsi - movq 16+0(%rsp),%r15 - movq 24+0(%rsp),%r8 - leaq 32(%rsp),%rdi - call __ecp_nistz256_sqr_montx - - movq 544(%rsp),%rdx - leaq 544(%rsp),%rbx - movq 0+352(%rsp),%r9 - movq 8+352(%rsp),%r10 - leaq -128+352(%rsp),%rsi - movq 16+352(%rsp),%r11 - movq 24+352(%rsp),%r12 - leaq 352(%rsp),%rdi - call __ecp_nistz256_mul_montx - - movq 0(%rsp),%rdx - leaq 0(%rsp),%rbx - movq 0+32(%rsp),%r9 - movq 8+32(%rsp),%r10 - leaq -128+32(%rsp),%rsi - movq 16+32(%rsp),%r11 - movq 24+32(%rsp),%r12 - leaq 128(%rsp),%rdi - call __ecp_nistz256_mul_montx - - movq 160(%rsp),%rdx - leaq 160(%rsp),%rbx - movq 0+32(%rsp),%r9 - movq 8+32(%rsp),%r10 - leaq -128+32(%rsp),%rsi - movq 16+32(%rsp),%r11 - movq 24+32(%rsp),%r12 - leaq 192(%rsp),%rdi - call __ecp_nistz256_mul_montx - - - - - addq %r12,%r12 - leaq 96(%rsp),%rsi - adcq %r13,%r13 - movq %r12,%rax - adcq %r8,%r8 - adcq %r9,%r9 - movq %r13,%rbp - sbbq %r11,%r11 - - subq $-1,%r12 - movq %r8,%rcx - sbbq %r14,%r13 - sbbq $0,%r8 - movq %r9,%r10 - sbbq %r15,%r9 - testq %r11,%r11 - - cmovzq %rax,%r12 - movq 0(%rsi),%rax - cmovzq %rbp,%r13 - movq 8(%rsi),%rbp - cmovzq %rcx,%r8 - movq 16(%rsi),%rcx - cmovzq %r10,%r9 - movq 24(%rsi),%r10 - - call __ecp_nistz256_subx - - leaq 128(%rsp),%rbx - leaq 288(%rsp),%rdi - call __ecp_nistz256_sub_fromx - - movq 192+0(%rsp),%rax - movq 192+8(%rsp),%rbp - movq 192+16(%rsp),%rcx - movq 192+24(%rsp),%r10 - leaq 320(%rsp),%rdi - - call __ecp_nistz256_subx - - movq %r12,0(%rdi) - movq %r13,8(%rdi) - movq %r8,16(%rdi) - movq %r9,24(%rdi) - movq 128(%rsp),%rdx - leaq 128(%rsp),%rbx - movq 0+224(%rsp),%r9 - movq 8+224(%rsp),%r10 - leaq -128+224(%rsp),%rsi - movq 16+224(%rsp),%r11 - movq 24+224(%rsp),%r12 - leaq 256(%rsp),%rdi - call __ecp_nistz256_mul_montx - - movq 320(%rsp),%rdx - leaq 320(%rsp),%rbx - movq 0+64(%rsp),%r9 - movq 8+64(%rsp),%r10 - leaq -128+64(%rsp),%rsi - movq 16+64(%rsp),%r11 - movq 24+64(%rsp),%r12 - leaq 320(%rsp),%rdi - call __ecp_nistz256_mul_montx - - leaq 256(%rsp),%rbx - leaq 320(%rsp),%rdi - call __ecp_nistz256_sub_fromx - -.byte 102,72,15,126,199 - - movdqa %xmm5,%xmm0 - movdqa %xmm5,%xmm1 - pandn 352(%rsp),%xmm0 - movdqa %xmm5,%xmm2 - pandn 352+16(%rsp),%xmm1 - movdqa %xmm5,%xmm3 - pand 544(%rsp),%xmm2 - pand 544+16(%rsp),%xmm3 - por %xmm0,%xmm2 - por %xmm1,%xmm3 - - movdqa %xmm4,%xmm0 - movdqa %xmm4,%xmm1 - pandn %xmm2,%xmm0 - movdqa %xmm4,%xmm2 - pandn %xmm3,%xmm1 - movdqa %xmm4,%xmm3 - pand 448(%rsp),%xmm2 - pand 448+16(%rsp),%xmm3 - por %xmm0,%xmm2 - por %xmm1,%xmm3 - movdqu %xmm2,64(%rdi) - movdqu %xmm3,80(%rdi) - - movdqa %xmm5,%xmm0 - movdqa %xmm5,%xmm1 - pandn 288(%rsp),%xmm0 - movdqa %xmm5,%xmm2 - pandn 288+16(%rsp),%xmm1 - movdqa %xmm5,%xmm3 - pand 480(%rsp),%xmm2 - pand 480+16(%rsp),%xmm3 - por %xmm0,%xmm2 - por %xmm1,%xmm3 - - movdqa %xmm4,%xmm0 - movdqa %xmm4,%xmm1 - pandn %xmm2,%xmm0 - movdqa %xmm4,%xmm2 - pandn %xmm3,%xmm1 - movdqa %xmm4,%xmm3 - pand 384(%rsp),%xmm2 - pand 384+16(%rsp),%xmm3 - por %xmm0,%xmm2 - por %xmm1,%xmm3 - movdqu %xmm2,0(%rdi) - movdqu %xmm3,16(%rdi) - - movdqa %xmm5,%xmm0 - movdqa %xmm5,%xmm1 - pandn 320(%rsp),%xmm0 - movdqa %xmm5,%xmm2 - pandn 320+16(%rsp),%xmm1 - movdqa %xmm5,%xmm3 - pand 512(%rsp),%xmm2 - pand 512+16(%rsp),%xmm3 - por %xmm0,%xmm2 - por %xmm1,%xmm3 - - movdqa %xmm4,%xmm0 - movdqa %xmm4,%xmm1 - pandn %xmm2,%xmm0 - movdqa %xmm4,%xmm2 - pandn %xmm3,%xmm1 - movdqa %xmm4,%xmm3 - pand 416(%rsp),%xmm2 - pand 416+16(%rsp),%xmm3 - por %xmm0,%xmm2 - por %xmm1,%xmm3 - movdqu %xmm2,32(%rdi) - movdqu %xmm3,48(%rdi) - -L$add_donex: - addq $576+8,%rsp - popq %r15 - popq %r14 - popq %r13 - popq %r12 - popq %rbx - popq %rbp - .byte 0xf3,0xc3 - - -.p2align 5 -ecp_nistz256_point_add_affinex: -L$point_add_affinex: - pushq %rbp - pushq %rbx - pushq %r12 - pushq %r13 - pushq %r14 - pushq %r15 - subq $480+8,%rsp - - movdqu 0(%rsi),%xmm0 - movq %rdx,%rbx - movdqu 16(%rsi),%xmm1 - movdqu 32(%rsi),%xmm2 - movdqu 48(%rsi),%xmm3 - movdqu 64(%rsi),%xmm4 - movdqu 80(%rsi),%xmm5 - movq 64+0(%rsi),%rdx - movq 64+8(%rsi),%r14 - movq 64+16(%rsi),%r15 - movq 64+24(%rsi),%r8 - movdqa %xmm0,320(%rsp) - movdqa %xmm1,320+16(%rsp) - por %xmm0,%xmm1 - movdqa %xmm2,352(%rsp) - movdqa %xmm3,352+16(%rsp) - por %xmm2,%xmm3 - movdqa %xmm4,384(%rsp) - movdqa %xmm5,384+16(%rsp) - por %xmm1,%xmm3 - - movdqu 0(%rbx),%xmm0 - pshufd $177,%xmm3,%xmm5 - movdqu 16(%rbx),%xmm1 - movdqu 32(%rbx),%xmm2 - por %xmm3,%xmm5 - movdqu 48(%rbx),%xmm3 - movdqa %xmm0,416(%rsp) - pshufd $30,%xmm5,%xmm4 - movdqa %xmm1,416+16(%rsp) - por %xmm0,%xmm1 -.byte 102,72,15,110,199 - movdqa %xmm2,448(%rsp) - movdqa %xmm3,448+16(%rsp) - por %xmm2,%xmm3 - por %xmm4,%xmm5 - pxor %xmm4,%xmm4 - por %xmm1,%xmm3 - - leaq 64-128(%rsi),%rsi - leaq 32(%rsp),%rdi - call __ecp_nistz256_sqr_montx - - pcmpeqd %xmm4,%xmm5 - pshufd $177,%xmm3,%xmm4 - movq 0(%rbx),%rdx - - movq %r12,%r9 - por %xmm3,%xmm4 - pshufd $0,%xmm5,%xmm5 - pshufd $30,%xmm4,%xmm3 - movq %r13,%r10 - por %xmm3,%xmm4 - pxor %xmm3,%xmm3 - movq %r14,%r11 - pcmpeqd %xmm3,%xmm4 - pshufd $0,%xmm4,%xmm4 - - leaq 32-128(%rsp),%rsi - movq %r15,%r12 - leaq 0(%rsp),%rdi - call __ecp_nistz256_mul_montx - - leaq 320(%rsp),%rbx - leaq 64(%rsp),%rdi - call __ecp_nistz256_sub_fromx - - movq 384(%rsp),%rdx - leaq 384(%rsp),%rbx - movq 0+32(%rsp),%r9 - movq 8+32(%rsp),%r10 - leaq -128+32(%rsp),%rsi - movq 16+32(%rsp),%r11 - movq 24+32(%rsp),%r12 - leaq 32(%rsp),%rdi - call __ecp_nistz256_mul_montx - - movq 384(%rsp),%rdx - leaq 384(%rsp),%rbx - movq 0+64(%rsp),%r9 - movq 8+64(%rsp),%r10 - leaq -128+64(%rsp),%rsi - movq 16+64(%rsp),%r11 - movq 24+64(%rsp),%r12 - leaq 288(%rsp),%rdi - call __ecp_nistz256_mul_montx - - movq 448(%rsp),%rdx - leaq 448(%rsp),%rbx - movq 0+32(%rsp),%r9 - movq 8+32(%rsp),%r10 - leaq -128+32(%rsp),%rsi - movq 16+32(%rsp),%r11 - movq 24+32(%rsp),%r12 - leaq 32(%rsp),%rdi - call __ecp_nistz256_mul_montx - - leaq 352(%rsp),%rbx - leaq 96(%rsp),%rdi - call __ecp_nistz256_sub_fromx - - movq 0+64(%rsp),%rdx - movq 8+64(%rsp),%r14 - leaq -128+64(%rsp),%rsi - movq 16+64(%rsp),%r15 - movq 24+64(%rsp),%r8 - leaq 128(%rsp),%rdi - call __ecp_nistz256_sqr_montx - - movq 0+96(%rsp),%rdx - movq 8+96(%rsp),%r14 - leaq -128+96(%rsp),%rsi - movq 16+96(%rsp),%r15 - movq 24+96(%rsp),%r8 - leaq 192(%rsp),%rdi - call __ecp_nistz256_sqr_montx - - movq 128(%rsp),%rdx - leaq 128(%rsp),%rbx - movq 0+64(%rsp),%r9 - movq 8+64(%rsp),%r10 - leaq -128+64(%rsp),%rsi - movq 16+64(%rsp),%r11 - movq 24+64(%rsp),%r12 - leaq 160(%rsp),%rdi - call __ecp_nistz256_mul_montx - - movq 320(%rsp),%rdx - leaq 320(%rsp),%rbx - movq 0+128(%rsp),%r9 - movq 8+128(%rsp),%r10 - leaq -128+128(%rsp),%rsi - movq 16+128(%rsp),%r11 - movq 24+128(%rsp),%r12 - leaq 0(%rsp),%rdi - call __ecp_nistz256_mul_montx - - - - - addq %r12,%r12 - leaq 192(%rsp),%rsi - adcq %r13,%r13 - movq %r12,%rax - adcq %r8,%r8 - adcq %r9,%r9 - movq %r13,%rbp - sbbq %r11,%r11 - - subq $-1,%r12 - movq %r8,%rcx - sbbq %r14,%r13 - sbbq $0,%r8 - movq %r9,%r10 - sbbq %r15,%r9 - testq %r11,%r11 - - cmovzq %rax,%r12 - movq 0(%rsi),%rax - cmovzq %rbp,%r13 - movq 8(%rsi),%rbp - cmovzq %rcx,%r8 - movq 16(%rsi),%rcx - cmovzq %r10,%r9 - movq 24(%rsi),%r10 - - call __ecp_nistz256_subx - - leaq 160(%rsp),%rbx - leaq 224(%rsp),%rdi - call __ecp_nistz256_sub_fromx - - movq 0+0(%rsp),%rax - movq 0+8(%rsp),%rbp - movq 0+16(%rsp),%rcx - movq 0+24(%rsp),%r10 - leaq 64(%rsp),%rdi - - call __ecp_nistz256_subx - - movq %r12,0(%rdi) - movq %r13,8(%rdi) - movq %r8,16(%rdi) - movq %r9,24(%rdi) - movq 352(%rsp),%rdx - leaq 352(%rsp),%rbx - movq 0+160(%rsp),%r9 - movq 8+160(%rsp),%r10 - leaq -128+160(%rsp),%rsi - movq 16+160(%rsp),%r11 - movq 24+160(%rsp),%r12 - leaq 32(%rsp),%rdi - call __ecp_nistz256_mul_montx - - movq 96(%rsp),%rdx - leaq 96(%rsp),%rbx - movq 0+64(%rsp),%r9 - movq 8+64(%rsp),%r10 - leaq -128+64(%rsp),%rsi - movq 16+64(%rsp),%r11 - movq 24+64(%rsp),%r12 - leaq 64(%rsp),%rdi - call __ecp_nistz256_mul_montx - - leaq 32(%rsp),%rbx - leaq 256(%rsp),%rdi - call __ecp_nistz256_sub_fromx - -.byte 102,72,15,126,199 - - movdqa %xmm5,%xmm0 - movdqa %xmm5,%xmm1 - pandn 288(%rsp),%xmm0 - movdqa %xmm5,%xmm2 - pandn 288+16(%rsp),%xmm1 - movdqa %xmm5,%xmm3 - pand L$ONE_mont(%rip),%xmm2 - pand L$ONE_mont+16(%rip),%xmm3 - por %xmm0,%xmm2 - por %xmm1,%xmm3 - - movdqa %xmm4,%xmm0 - movdqa %xmm4,%xmm1 - pandn %xmm2,%xmm0 - movdqa %xmm4,%xmm2 - pandn %xmm3,%xmm1 - movdqa %xmm4,%xmm3 - pand 384(%rsp),%xmm2 - pand 384+16(%rsp),%xmm3 - por %xmm0,%xmm2 - por %xmm1,%xmm3 - movdqu %xmm2,64(%rdi) - movdqu %xmm3,80(%rdi) - - movdqa %xmm5,%xmm0 - movdqa %xmm5,%xmm1 - pandn 224(%rsp),%xmm0 - movdqa %xmm5,%xmm2 - pandn 224+16(%rsp),%xmm1 - movdqa %xmm5,%xmm3 - pand 416(%rsp),%xmm2 - pand 416+16(%rsp),%xmm3 - por %xmm0,%xmm2 - por %xmm1,%xmm3 - - movdqa %xmm4,%xmm0 - movdqa %xmm4,%xmm1 - pandn %xmm2,%xmm0 - movdqa %xmm4,%xmm2 - pandn %xmm3,%xmm1 - movdqa %xmm4,%xmm3 - pand 320(%rsp),%xmm2 - pand 320+16(%rsp),%xmm3 - por %xmm0,%xmm2 - por %xmm1,%xmm3 - movdqu %xmm2,0(%rdi) - movdqu %xmm3,16(%rdi) - - movdqa %xmm5,%xmm0 - movdqa %xmm5,%xmm1 - pandn 256(%rsp),%xmm0 - movdqa %xmm5,%xmm2 - pandn 256+16(%rsp),%xmm1 - movdqa %xmm5,%xmm3 - pand 448(%rsp),%xmm2 - pand 448+16(%rsp),%xmm3 - por %xmm0,%xmm2 - por %xmm1,%xmm3 - - movdqa %xmm4,%xmm0 - movdqa %xmm4,%xmm1 - pandn %xmm2,%xmm0 - movdqa %xmm4,%xmm2 - pandn %xmm3,%xmm1 - movdqa %xmm4,%xmm3 - pand 352(%rsp),%xmm2 - pand 352+16(%rsp),%xmm3 - por %xmm0,%xmm2 - por %xmm1,%xmm3 - movdqu %xmm2,32(%rdi) - movdqu %xmm3,48(%rdi) - - addq $480+8,%rsp - popq %r15 - popq %r14 - popq %r13 - popq %r12 - popq %rbx - popq %rbp - .byte 0xf3,0xc3 - diff --git a/crypto/ecies/a.out b/crypto/ecies/a.out new file mode 100755 index 00000000..884167af Binary files /dev/null and b/crypto/ecies/a.out differ diff --git a/crypto/ecies/kdf_x9_63.c b/crypto/ecies/kdf_x9_63.c index 10c9f95a..505857a7 100644 --- a/crypto/ecies/kdf_x9_63.c +++ b/crypto/ecies/kdf_x9_63.c @@ -49,8 +49,9 @@ * */ - +#include #include +#include #include "kdf.h" @@ -62,85 +63,89 @@ #define cpu_to_be32(v) ((cpu_to_be16(v) << 16) | cpu_to_be16(v >> 16)) #endif -static void *x963_kdf(const EVP_MD *md, const void *share, size_t sharelen, - void *key, size_t keylen) +static void *x963_kdf(const EVP_MD *md, const void *in, size_t inlen, + void *out, size_t *outlen) { EVP_MD_CTX ctx; - unsigned int counter = 1; //FIXME: uint32_t - unsigned int counter_be; + uint32_t counter = 1; + uint32_t counter_be; unsigned char dgst[EVP_MAX_MD_SIZE]; unsigned int dgstlen; - int rlen = (int)keylen; - unsigned char *out = key; + size_t rlen = *outlen; + size_t len; EVP_MD_CTX_init(&ctx); + //FIXME: it might be wrong while (rlen > 0) { counter_be = cpu_to_be32(counter); counter++; EVP_DigestInit(&ctx, md); - EVP_DigestUpdate(&ctx, share, sharelen); - EVP_DigestUpdate(&ctx, (const void *)&counter_be, 4); + EVP_DigestUpdate(&ctx, in, inlen); + EVP_DigestUpdate(&ctx, &counter_be, sizeof(counter_be)); EVP_DigestFinal(&ctx, dgst, &dgstlen); - memcpy(out, dgst, (int)dgstlen > rlen ? rlen : dgstlen); - rlen -= dgstlen; - out += dgstlen; + len = dgstlen <= rlen ? dgstlen : rlen; + memcpy(out, dgst, len); + rlen -= len; + out += len; } EVP_MD_CTX_cleanup(&ctx); - return key; + return out; } -static void *x963_md5kdf(const void *share, size_t sharelen, - void *key, size_t *keylen) +static void *x963_md5kdf(const void *in, size_t inlen, + void *out, size_t *outlen) { - return x963_kdf(EVP_md5(), share, sharelen, key, *keylen); + return x963_kdf(EVP_md5(), in, inlen, out, outlen); } -static void *x963_rmd160kdf(const void *share, size_t sharelen, - void *key, size_t *keylen) +static void *x963_rmd160kdf(const void *in, size_t inlen, + void *out, size_t *outlen) { - return x963_kdf(EVP_ripemd160(), share, sharelen, key, *keylen); + return x963_kdf(EVP_ripemd160(), in, inlen, out, outlen); } -static void *x963_sha1kdf(const void *share, size_t sharelen, - void *key, size_t *keylen) +static void *x963_sha1kdf(const void *in, size_t inlen, + void *out, size_t *outlen) { - return x963_kdf(EVP_sha1(), share, sharelen, key, *keylen); + return x963_kdf(EVP_sha1(), in, inlen, out, outlen); } -static void *x963_sha224kdf(const void *share, size_t sharelen, - void *key, size_t *keylen) +static void *x963_sha224kdf(const void *in, size_t inlen, + void *out, size_t *outlen) { - return x963_kdf(EVP_sha224(), share, sharelen, key, *keylen); + return x963_kdf(EVP_sha224(), in, inlen, out, outlen); } -static void *x963_sha256kdf(const void *share, size_t sharelen, - void *key, size_t *keylen) +static void *x963_sha256kdf(const void *in, size_t inlen, + void *out, size_t *outlen) { - return x963_kdf(EVP_sha256(), share, sharelen, key, *keylen); + return x963_kdf(EVP_sha256(), in, inlen, out, *outlen); } -static void *x963_sha384kdf(const void *share, size_t sharelen, - void *key, size_t *keylen) +static void *x963_sha384kdf(const void *in, size_t inlen, + void *out, size_t *outlen) { - return x963_kdf(EVP_sha384(), share, sharelen, key, *keylen); + return x963_kdf(EVP_sha384(), in, inlen, out, outlen); } -static void *x963_sha512kdf(const void *share, size_t sharelen, - void *key, size_t *keylen) +static void *x963_sha512kdf(const void *in, size_t inlen, + void *out, size_t *outlen) { - return x963_kdf(EVP_sha512(), share, sharelen, key, *keylen); + return x963_kdf(EVP_sha512(), in, inlen, out, outlen); } -static void *x963_sm3kdf(const void *share, size_t sharelen, - void *key, size_t *keylen) +static void *x963_sm3kdf(const void *in, size_t inlen, + void *out, size_t *outlen) { - return x963_kdf(EVP_sm3(), share, sharelen, key, *keylen); + return x963_kdf(EVP_sm3(), in, inlen, out, outlen); } +//FIXME: whirlpool + KDF_FUNC KDF_get_x9_63(const EVP_MD *md) { if (md == EVP_md5()) diff --git a/crypto/ecies/kdftest.c b/crypto/ecies/kdftest.c new file mode 100644 index 00000000..040ccd1f --- /dev/null +++ b/crypto/ecies/kdftest.c @@ -0,0 +1,23 @@ +#include +#include +#include +#include + +int main(int argc, char **argv) +{ + KDF_FUNC kdf = KDF_get_x9_63(EVP_sm3()); + unsigned char buf[1024]; + unsigned char key[128]; + size_t keylen = 12; + int i; + + memset(buf, 0x32, sizeof(buf)); + kdf(buf, sizeof(buf), key, &keylen); + + for (i = 0; i < keylen; i++) { + printf("%02x", key[i]); + } + printf("\n"); + + return 0; +} diff --git a/crypto/err/err.h b/crypto/err/err.h index 913b33b1..10633926 100644 --- a/crypto/err/err.h +++ b/crypto/err/err.h @@ -198,6 +198,7 @@ typedef struct err_state_st { # define ERR_LIB_HMAC 48 # define ERR_LIB_JPAKE 49 # define ERR_LIB_ECIES 50 +# define ERR_LIB_SM2 51 # define ERR_LIB_USER 128 @@ -235,6 +236,7 @@ typedef struct err_state_st { # define HMACerr(f,r) ERR_PUT_error(ERR_LIB_HMAC,(f),(r),__FILE__,__LINE__) # define JPAKEerr(f,r) ERR_PUT_error(ERR_LIB_JPAKE,(f),(r),__FILE__,__LINE__) # define ECIESerr(f,r) ERR_PUT_error(ERR_LIB_ECIES,(f),(r),__FILE__,__LINE__) +# define SM2err(f, r) ERR_PUT_error(ERR_LIB_SM2,(f),(r),__FILE__,__LINE__) /* * Borland C seems too stupid to be able to shift and do longs in the @@ -291,7 +293,8 @@ typedef struct err_state_st { # define ERR_R_ECDH_LIB ERR_LIB_ECDH/* 43 */ # define ERR_R_STORE_LIB ERR_LIB_STORE/* 44 */ # define ERR_R_TS_LIB ERR_LIB_TS/* 45 */ -# define ERR_R_ECIES_LIB ERR_LIB_ECIES/* 50 */ +# define ERR_R_ECIES_LIB ERR_LIB_ECIES/* 50 */ +# define ERR_R_SM2_LIB ERR_LIB_SM2/* 51 */ # define ERR_R_NESTED_ASN1_ERROR 58 # define ERR_R_BAD_ASN1_OBJECT_HEADER 59 diff --git a/crypto/sm2/a.out b/crypto/sm2/a.out new file mode 100755 index 00000000..428ff258 Binary files /dev/null and b/crypto/sm2/a.out differ diff --git a/crypto/sm2/sm2.h b/crypto/sm2/sm2.h index 6fd562e6..d138c61c 100644 --- a/crypto/sm2/sm2.h +++ b/crypto/sm2/sm2.h @@ -80,83 +80,75 @@ typedef struct sm2_ciphertext_value_st { } SM2_CIPHERTEXT_VALUE; -typedef ECDSA_SIG SM2_SIG; - - char *SM2_get_id(EC_KEY *ec_key); int SM2_set_id(EC_KEY *ec_key, const char *id); - - int SM2_compute_id_digest(unsigned char *dgst, unsigned int *dgstlen, const EVP_MD *md, const void *id, size_t idlen, EC_KEY *ec_key); -int SM2_compute_za(unsigned char *za, const EVP_MD *md, - const void *id, size_t idlen, EC_KEY *ec_key); - -int SM2_compute_digest(unsigned char *dgst, unsigned int *dgstlen, - const EVP_MD *za_md, const void *id, size_t idlen, EC_KEY *ec_key, - const EVP_MD *msg_md, const void *msg, size_t msglen); - int SM2_CIPHERTEXT_VALUE_size(const EC_GROUP *ec_group, point_conversion_form_t point_form, size_t mlen, const EVP_MD *mac_md); - void SM2_CIPHERTEXT_VALUE_free(SM2_CIPHERTEXT_VALUE *cv); - int SM2_CIPHERTEXT_VALUE_encode(const SM2_CIPHERTEXT_VALUE *cv, const EC_GROUP *ec_group, point_conversion_form_t point_form, unsigned char *buf, size_t *buflen); - SM2_CIPHERTEXT_VALUE *SM2_CIPHERTEXT_VALUE_decode(const EC_GROUP *ec_group, point_conversion_form_t point_form, const EVP_MD *mac_md, const unsigned char *buf, size_t buflen); - -int SM2_CIPHERTEXT_VALUE_print(BIO *out, const SM2_CIPHERTEXT_VALUE *cv, - int indent, unsigned long flags); - +int SM2_CIPHERTEXT_VALUE_print(BIO *out, const EC_GROUP *ec_group, + const SM2_CIPHERTEXT_VALUE *cv, int indent, unsigned long flags); SM2_CIPHERTEXT_VALUE *SM2_do_encrypt(const EVP_MD *kdf_md, const EVP_MD *mac_md, const unsigned char *in, size_t inlen, EC_KEY *ec_key); - int SM2_do_decrypt(const EVP_MD *kdf_md, const EVP_MD *mac_md, const SM2_CIPHERTEXT_VALUE *cv, unsigned char *out, size_t *outlen, EC_KEY *ec_key); - int SM2_encrypt(const EVP_MD *kdf_md, const EVP_MD *mac_md, point_conversion_form_t point_form, unsigned char *out, size_t *outlen, const unsigned char *in, size_t inlen, EC_KEY *ec_key); - int SM2_decrypt(const EVP_MD *kdf_md, const EVP_MD *mac_md, point_conversion_form_t point_form, const unsigned char *in, size_t inlen, unsigned char *out, size_t *outlen, EC_KEY *ec_key); -ECDSA_SIG *SM2_do_sign(const unsigned char *dgst, int dgst_len, - EC_KEY *ec_key); - -ECDSA_SIG *SM2_do_sign_ex(const unsigned char *dgst, int dgstlen, - const BIGNUM *a, const BIGNUM *b, EC_KEY *ec_key); - -int SM2_do_verify(const unsigned char *dgst, int dgstlen, - const ECDSA_SIG *sig, EC_KEY *ec_key); - -int SM2_sign_setup(EC_KEY *ec_key, BN_CTX *ctx, BIGNUM **a, BIGNUM **b); - -int SM2_sign(int type, const unsigned char *dgst, int dgstlen, - unsigned char *sig, unsigned int *siglen, EC_KEY *eckey); #define SM2_signature_size(ec_key) ECDSA_size(ec_key) - +int SM2_sign_setup(EC_KEY *ec_key, BN_CTX *ctx, BIGNUM **a, BIGNUM **b); +ECDSA_SIG *SM2_do_sign_ex(const unsigned char *dgst, int dgstlen, + const BIGNUM *a, const BIGNUM *b, EC_KEY *ec_key); +ECDSA_SIG *SM2_do_sign(const unsigned char *dgst, int dgst_len, + EC_KEY *ec_key); +int SM2_do_verify(const unsigned char *dgst, int dgstlen, + const ECDSA_SIG *sig, EC_KEY *ec_key); +int SM2_sign_ex(int type, const unsigned char *dgst, int dgstlen, + unsigned char *sig, unsigned int *siglen, + const BIGNUM *k, const BIGNUM *x, EC_KEY *ec_key); +int SM2_sign(int type, const unsigned char *dgst, int dgstlen, + unsigned char *sig, unsigned int *siglen, EC_KEY *eckey); int SM2_verify(int type, const unsigned char *dgst, int dgstlen, const unsigned char *sig, int siglen, EC_KEY *ec_key); - void ERR_load_SM2_strings(void); -/* Error codes for the ECIES functions. */ - /* Function codes. */ -#define SM2_F_SM2_DO_ENCRYPT 100 -#define SM2_F_SM2_DO_DECRYPT 101 -#define SM2_F_SM2_CIPHERTEXT_VALUE_FREE 102 +#define SM2_F_SM2_SET_ID 100 +#define SM2_F_SM2_GET_ID 101 +#define SM2_F_SM2_COMPUTE_ID_DIGEST 102 +#define SM2_F_SM2_CIPHERTEXT_VALUE_SIZE 103 +#define SM2_F_SM2_CIPHERTEXT_VALUE_FREE 104 +#define SM2_F_SM2_CIPHERTEXT_VALUE_ENCODE 105 +#define SM2_F_SM2_CIPHERTEXT_VALUE_DECODE 106 +#define SM2_F_SM2_CIPHERTEXT_VALUE_PRINT 107 +#define SM2_F_SM2_DO_ENCRYPT 108 +#define SM2_F_SM2_DO_DECRYPT 109 +#define SM2_F_SM2_ENCRYPT 110 +#define SM2_F_SM2_DECRYPT 111 +#define SM2_SIGNATURE_SIZE 112 +#define SM2_SIGN_SETUP 113 +#define SM2_DO_SIGN_EX 114 +#define SM2_DO_SIGN 115 +#define SM2_DO_VERIFY 116 +#define SM2_SIGN_EX 117 +#define SM2_SIGN 118 +#define SM2_VERIFY 119 /* Reason codes. */ #define SM2_R_BAD_DATA 100 diff --git a/crypto/sm2/sm2_enc.c b/crypto/sm2/sm2_enc.c index 210c8618..b7b9913d 100644 --- a/crypto/sm2/sm2_enc.c +++ b/crypto/sm2/sm2_enc.c @@ -187,10 +187,40 @@ end: return ret; } -int SM2_CIPHERTEXT_VALUE_print(BIO *out, const SM2_CIPHERTEXT_VALUE *cv, - int indent, unsigned long flags) +int SM2_CIPHERTEXT_VALUE_print(BIO *out, const EC_GROUP *ec_group, + const SM2_CIPHERTEXT_VALUE *cv, int indent, unsigned long flags) { - OPENSSL_assert(0); + int ret = 0; + char *hex = NULL; + BN_CTX *ctx = BN_CTX_new(); + int i; + + if (!ctx) { + goto end; + } + + if (!(hex = EC_POINT_point2hex(ec_group, cv->ephem_point, + POINT_CONVERSION_UNCOMPRESSED, ctx))) { + goto end; + } + + BIO_printf(out, "SM2_CIPHERTEXT_VALUE.ephem_point: %s\n", hex); + BIO_printf(out, "SM2_CIPHERTEXT_VALUE.ciphertext : "); + for (i = 0; i < cv->ciphertext_size; i++) { + BIO_printf(out, "%02X", cv->ciphertext[i]); + } + BIO_printf(out, "\n"); + BIO_printf(out, "SM2_CIPHERTEXT_VALUE.mactag :"); + for (i = 0; i < cv->mactag_size; i++) { + BIO_printf(out, "%02X", cv->mactag[i]); + } + BIO_printf(out, "\n"); + + ret = 1; + +end: + OPENSSL_free(hex); + BN_CTX_free(ctx); return 0; } @@ -286,10 +316,12 @@ SM2_CIPHERTEXT_VALUE *SM2_do_encrypt(const EVP_MD *kdf_md, const EVP_MD *mac_md, nbytes = (EC_GROUP_get_degree(ec_group) + 7) / 8; OPENSSL_assert(nbytes == BN_num_bytes(n)); +#if 0 /* check sm2 curve and md is 256 bits */ OPENSSL_assert(nbytes == 32); OPENSSL_assert(EVP_MD_size(kdf_md) == 32); OPENSSL_assert(EVP_MD_size(mac_md) == 32); +#endif do { @@ -321,9 +353,10 @@ SM2_CIPHERTEXT_VALUE *SM2_do_encrypt(const EVP_MD *kdf_md, const EVP_MD *mac_md, } OPENSSL_assert(len == nbytes * 2 + 1); - /* A5: t = KDF(x2 || y2, klen) */ - kdf(buf - 1, len - 1, cv->ciphertext, &cv->ciphertext_size); - + /* A5: t = KDF(x2 || y2, klen) */ + kdf(buf + 1, len - 1, cv->ciphertext, &cv->ciphertext_size); + + for (i = 0; i < cv->ciphertext_size; i++) { if (cv->ciphertext[i]) { break; @@ -396,7 +429,7 @@ int SM2_decrypt(const EVP_MD *kdf_md, const EVP_MD *mac_md, if (!out) { *outlen = inlen - len; return 1; - } else if (outlen < inlen - len) { + } else if (*outlen < inlen - len) { return 0; } @@ -433,6 +466,9 @@ int SM2_do_decrypt(const EVP_MD *kdf_md, const EVP_MD *mac_md, size_t size; int i; + OPENSSL_assert(kdf_md && mac_md && cv && ec_key); + OPENSSL_assert(cv->ephem_point && cv->ciphertext); + if (!ec_group || !pri_key) { goto end; } @@ -468,10 +504,12 @@ int SM2_do_decrypt(const EVP_MD *kdf_md, const EVP_MD *mac_md, nbytes = (EC_GROUP_get_degree(ec_group) + 7) / 8; OPENSSL_assert(nbytes == BN_num_bytes(n)); +#if 0 /* check sm2 curve and md is 256 bits */ OPENSSL_assert(nbytes == 32); OPENSSL_assert(EVP_MD_size(kdf_md) == 32); OPENSSL_assert(EVP_MD_size(mac_md) == 32); +#endif /* B2: check [h]C1 != O */ if (!EC_POINT_mul(ec_group, point, NULL, cv->ephem_point, h, bn_ctx)) { @@ -489,15 +527,19 @@ int SM2_do_decrypt(const EVP_MD *kdf_md, const EVP_MD *mac_md, POINT_CONVERSION_UNCOMPRESSED, buf, sizeof(buf), bn_ctx))) { goto end; } + OPENSSL_assert(size == 1 + nbytes * 2); /* B4: compute t = KDF(x2 || y2, clen) */ - kdf(buf - 1, size - 1, out, outlen); + + *outlen = cv->ciphertext_size; //FIXME: duplicated code + kdf(buf + 1, size - 1, out, outlen); /* B5: compute M = C2 xor t */ for (i = 0; i < cv->ciphertext_size; i++) { out[i] ^= cv->ciphertext[i]; } + *outlen = cv->ciphertext_size; /* B6: check Hash(x2 || M || y2) == C3 */ if (!EVP_DigestInit_ex(md_ctx, mac_md, NULL)) { diff --git a/crypto/sm2/sm2_err.c b/crypto/sm2/sm2_err.c index 009d60a8..dccb2c01 100644 --- a/crypto/sm2/sm2_err.c +++ b/crypto/sm2/sm2_err.c @@ -59,26 +59,77 @@ #define ERR_FUNC(func) ERR_PACK(ERR_LIB_ECIES,func,0) #define ERR_REASON(reason) ERR_PACK(ERR_LIB_ECIES,0,reason) + +#define SM2_F_SM2_SET_ID 100 +#define SM2_F_SM2_GET_ID 101 +#define SM2_F_SM2_COMPUTE_ID_DIGEST 102 +#define SM2_F_SM2_CIPHERTEXT_VALUE_SIZE 103 +#define SM2_F_SM2_CIPHERTEXT_VALUE_FREE 104 +#define SM2_F_SM2_CIPHERTEXT_VALUE_ENCODE 105 +#define SM2_F_SM2_CIPHERTEXT_VALUE_DECODE 106 +#define SM2_F_SM2_CIPHERTEXT_VALUE_PRINT 107 +#define SM2_F_SM2_DO_ENCRYPT 108 +#define SM2_F_SM2_DO_DECRYPT 109 +#define SM2_F_SM2_ENCRYPT 110 +#define SM2_F_SM2_DECRYPT 111 +#define SM2_SIGNATURE_SIZE 112 +#define SM2_SIGN_SETUP 113 +#define SM2_DO_SIGN_EX 114 +#define SM2_DO_SIGN 115 +#define SM2_DO_VERIFY 116 +#define SM2_SIGN_EX 117 +#define SM2_SIGN 118 +#define SM2_VERIFY 119 + + + + + + + + + + + + + + + + static ERR_STRING_DATA SM2_str_functs[] = { -/* - {ERR_FUNC(ECIES_F_ECIES_DO_ENCRYPT), "ECIES_do_encrypt"}, - {ERR_FUNC(ECIES_F_ECIES_DO_DECRYPT), "ECIES_do_decrypt"}, -*/ + {ERR_FUNC(SM2_F_SM2_SET_ID), "SM2_SET_ID"}, + {ERR_FUNC(SM2_F_SM2_GET_ID), "SM2_F_SM2_GET_ID"}, + {ERR_FUNC(SM2_F_SM2_COMPUTE_ID_DIGEST), "SM2_compute_id_digest"}, + {ERR_FUNC(SM2_F_SM2_CIPHERTEXT_VALUE_SIZE), "SM2_CIPHERTEXT_VALUE_size"}, + {ERR_FUNC(SM2_F_SM2_CIPHERTEXT_VALUE_FREE), "SM2_CIPHERTEXT_VALUE_free"}, + {ERR_FUNC(SM2_F_SM2_CIPHERTEXT_VALUE_ENCODE), "SM2_CIPHERTEXT_VALUE_encode"}, + {ERR_FUNC(SM2_F_SM2_CIPHERTEXT_VALUE_DECODE), "SM2_CIPHERTEXT_VALUE_decode"}, + {ERR_FUNC(SM2_F_SM2_CIPHERTEXT_VALUE_PRINT), "SM2_CIPHERTEXT_VALUE_print"}, + {ERR_FUNC(SM2_F_SM2_DO_ENCRYPT), "SM2_do_encrypt"}, + {ERR_FUNC(SM2_F_SM2_DO_DECRYPT), "SM2_do_decrypt"}, + {ERR_FUNC(SM2_F_SM2_ENCRYPT), "SM2_encrypt"}, + {ERR_FUNC(SM2_F_SM2_DECRYPT), "SM2_decrypt"}, + {ERR_FUNC(SM2_SIGNATURE_SIZE), "SM2_signature_size"}, + {ERR_FUNC(SM2_SIGN_SETUP), "SM2_sign_setup"}, + {ERR_FUNC(SM2_DO_SIGN_EX), "SM2_do_sign_ex"}, + {ERR_FUNC(SM2_DO_SIGN), "SM2_do_sign"}, + {ERR_FUNC(SM2_DO_VERIFY), "SM2_do_verify"}, + {ERR_FUNC(SM2_SIGN_EX), "SM2_sign_ex"}, + {ERR_FUNC(SM2_SIGN), "SM2_sign"}, + {ERR_FUNC(SM2_VERIFY), "SM2_verify"}, {0,NULL} }; static ERR_STRING_DATA SM2_str_reasons[] = { -/* - {ERR_REASON(ECIES_R_BAD_DATA), "bad data"}, - {ERR_REASON(ECIES_R_UNKNOWN_CIPHER_TYPE),"unknown cipher type"}, - {ERR_REASON(ECIES_R_ENCRYPT_FAILED), "encrypt failed"}, - {ERR_REASON(ECIES_R_DECRYPT_FAILED), "decrypt failed"}, - {ERR_REASON(ECIES_R_UNKNOWN_MAC_TYPE), "unknown MAC type"}, - {ERR_REASON(ECIES_R_GEN_MAC_FAILED), "MAC generation failed"}, - {ERR_REASON(ECIES_R_VERIFY_MAC_FAILED), "MAC verification failed"}, - {ERR_REASON(ECIES_R_ECDH_FAILED), "ECDH failed"}, - {ERR_REASON(ECIES_R_BUFFER_TOO_SMALL), "buffer too small"}, -*/ + {ERR_REASON(SM2_R_BAD_DATA), "bad data"}, + {ERR_REASON(SM2_R_UNKNOWN_CIPHER_TYPE),"unknown cipher type"}, + {ERR_REASON(SM2_R_ENCRYPT_FAILED), "encrypt failed"}, + {ERR_REASON(SM2_R_DECRYPT_FAILED), "decrypt failed"}, + {ERR_REASON(SM2_R_UNKNOWN_MAC_TYPE), "unknown MAC type"}, + {ERR_REASON(SM2_R_GEN_MAC_FAILED), "MAC generation failed"}, + {ERR_REASON(SM2_R_VERIFY_MAC_FAILED), "MAC verification failed"}, + {ERR_REASON(SM2_R_ECDH_FAILED), "ECDH failed"}, + {ERR_REASON(SM2_R_BUFFER_TOO_SMALL), "buffer too small"}, {0,NULL} }; diff --git a/crypto/sm2/sm2test.c b/crypto/sm2/sm2test.c index 07cc6d85..e8fa4510 100644 --- a/crypto/sm2/sm2test.c +++ b/crypto/sm2/sm2test.c @@ -1,194 +1,78 @@ -/* crypto/sm2/sm2test.c */ -/* ==================================================================== - * Copyright (c) 2015 The GmSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the GmSSL Project. - * (http://gmssl.org/)" - * - * 4. The name "GmSSL Project" must not be used to endorse or promote - * products derived from this software without prior written - * permission. For written permission, please contact - * guanzhi1980@gmail.com. - * - * 5. Products derived from this software may not be called "GmSSL" - * nor may "GmSSL" appear in their names without prior written - * permission of the GmSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the GmSSL Project - * (http://gmssl.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE GmSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE GmSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - */ - #include #include -#include +#include +#include #include -#include -#include -#include "sm2.h" -#include "sm3.h" -void SM2PKE_test3() +static int test_sm2_sign(void) { - /* test3 params */ - const char *p = "8542D69E4C044F18E8B92435BF6FF7DE457283915C45517D722EDB8B08F1DFC3"; - const char *a = "787968B4FA32C3FD2417842E73BBFEFF2F3C848B6831D7E0EC65228B3937E498"; - const char *b = "63E4C6D3B23B0C849CF84241484BFE48F61D59A5B16BA06E6E12D1DA27C5249A"; - const char *xG = "421DEBD61B62EAB6746434EBC3CC315E32220B3BADD50BDC4C4E6C147FEDD43D"; - const char *yG = "0680512BCBB42C07D47349D2153B70C4E5D7FDFCBFA36EA1A85841B9E46E09A2"; - const char *n = "8542D69E4C044F18E8B92435BF6FF7DD297720630485628D5AE74EE7C32E79B7"; - const char *dB = "1649AB77A00637BD5E2EFE283FBF353534AA7F7CB89463F208DDBC2920BB0DA0"; - const char *xB = "435B39CCA8F3B508C1488AFC67BE491A0F7BA07E581A0E4849A5CF70628A7E0A"; - const char *yB = "75DDBA78F15FEECB4C7895E2C1CDF5FE01DEBB2CDBADF45399CCF77BBA076A42"; - - BIGNUM *bn_p = BN_new(); - BN_hex2bn(&bn_p, p); - BIGNUM *bn_a = BN_new(); - BN_hex2bn(&bn_a, a); - BIGNUM *bn_b = BN_new(); - BN_hex2bn(&bn_b, b); - BIGNUM *bn_xG = BN_new(); - BN_hex2bn(&bn_xG, xG); - BIGNUM *bn_yG = BN_new(); - BN_hex2bn(&bn_yG, yG); - BIGNUM *bn_n = BN_new(); - BN_hex2bn(&bn_n, n); - BIGNUM *bn_dB = BN_new(); - BN_hex2bn(&bn_dB, dB); - BIGNUM *bn_xB = BN_new(); - BN_hex2bn(&bn_xB, xB); - BIGNUM *bn_yB = BN_new(); - BN_hex2bn(&bn_yB, yB); - - BN_CTX *bn_ctx = BN_CTX_new(); - EC_GROUP *ec_group = EC_GROUP_new(EC_GFp_mont_method()); - EC_GROUP_set_curve_GFp(ec_group, bn_p, bn_a, bn_b, bn_ctx); - - EC_POINT *G = EC_POINT_new(ec_group); - EC_POINT_set_affine_coordinates_GFp(ec_group, G, bn_xG, bn_yG, bn_ctx); - BIGNUM *bn_h = BN_new(); /* cofactor h = #E(Fp) / n */ - BN_div(bn_h, NULL, bn_p, bn_n, bn_ctx); - EC_GROUP_set_generator(ec_group, G, bn_n, bn_h); - - EC_POINT *PB = EC_POINT_new(ec_group); - EC_POINT_set_affine_coordinates_GFp(ec_group, PB, bn_xB, bn_yB, bn_ctx); - EC_KEY *ec_key_B = EC_KEY_new(); - EC_KEY_set_group(ec_key_B, ec_group); - EC_KEY_set_private_key(ec_key_B, bn_dB); - EC_KEY_set_public_key(ec_key_B, PB); - - BN_free(bn_p); - BN_free(bn_a); - BN_free(bn_b); - BN_free(bn_n); - BN_free(bn_xG); - BN_free(bn_yG); - BN_free(bn_dB); - BN_free(bn_xB); - BN_free(bn_yB); - BN_free(bn_h); - BN_CTX_free(bn_ctx); - EC_POINT_free(G); - EC_POINT_free(PB); - EC_GROUP_free(ec_group); - - char *M = "encryption standard"; - char *ctest = "04245C26FB68B1DDDDB12C4B6BF9F2B6D5FE60A383B0D18D1C4144ABF17F6252" - "E776CB9264C2A7E88E52B19903FDC47378F605E36811F5C07423A24B84400F01" - "B8650053A89B41C418B0C3AAD00D886C002864679C3D7360C30156FAB7C80A02" - "76712DA9D8094A634B766D3A285E07480653426D"; - BIGNUM *ct = BN_new(); - BN_hex2bn(&ct, ctest); - unsigned char ct2bin[116]; - BN_bn2bin(ct, ct2bin); - BN_free(ct); - - int mlen = strlen(M); - int c1len = PRIME_SIZE / 8 * 2 + 1; - int clen = c1len + mlen + HASH_V / 8; - - unsigned char *C = malloc(sizeof(unsigned char) * clen); - sm2_pke_encrypt(C, M, mlen, ec_key_B); - if (memcmp(C, ct2bin, clen) == 0) - printf("sm2_pke_encrypt passed.\n"); - else - printf("sm2_pke_encrypt failed.\n"); - free(C); - - int m1len = clen - c1len - HASH_V / 8; - unsigned char *M1bin = malloc(sizeof(unsigned char) * m1len); - sm2_pke_decrypt((char *)ct2bin, M1bin, m1len, ec_key_B); - if (memcmp(M1bin, M, m1len) == 0) - printf("sm2_pke_decrypt passed.\n"); - else - printf("sm2_pke_decrypt failed.\n"); - free(M1bin); - - EC_KEY_free(ec_key_B); -} - -int main() -{ - SM2PKE_test3(); - return 0; -} - -#include -#include -#include -#include -#include -#include -#include - -int main(int argc, char **argv) -{ - int ok; - EC_KEY *ec_key; - ECDSA_SIG *sig; + int rv; + EC_KEY *ec_key = NULL; unsigned char dgst[32]; + ECDSA_SIG *sig = NULL; + unsigned char sigbuf[128]; + unsigned int siglen; ec_key = EC_KEY_new_by_curve_name(NID_sm2p256v1); OPENSSL_assert(ec_key); + rv = EC_KEY_generate_key(ec_key); + OPENSSL_assert(rv == 1); - ok = EC_KEY_generate_key(ec_key); - OPENSSL_assert(ok); + RAND_bytes(dgst, sizeof(dgst)); + + sig = SM2_do_sign(dgst, (int)sizeof(dgst), ec_key); + OPENSSL_assert(sig); + rv = SM2_do_verify(dgst, (int)sizeof(dgst), sig, ec_key); + OPENSSL_assert(rv == 1); - sig = ECDSA_do_sign(dgst, 32, ec_key); - ok = ECDSA_do_verify(dgst, 32, sig, ec_key); + rv = SM2_sign(0, dgst, sizeof(dgst), sigbuf, &siglen, ec_key); + OPENSSL_assert(rv == 1); + rv = SM2_verify(0, dgst, sizeof(dgst), sigbuf, siglen, ec_key); + OPENSSL_assert(rv == 1); - printf("ok = %d\n", ok); + EC_KEY_free(ec_key); + ECDSA_SIG_free(sig); + printf("%s() success\n", __FUNCTION__); + return 0; +} + +static int test_sm2_enc(void) +{ + int rv; + EC_KEY *ec_key = NULL; + char *msg = "Hello world!"; + SM2_CIPHERTEXT_VALUE *cv = NULL; + unsigned char ctbuf[512]; + unsigned char ptbuf[512]; + size_t len; + + + ec_key = EC_KEY_new_by_curve_name(NID_sm2p256v1); + OPENSSL_assert(ec_key); + rv = EC_KEY_generate_key(ec_key); + OPENSSL_assert(rv == 1); + + cv = SM2_do_encrypt(EVP_sm3(), EVP_sm3(), msg, (size_t)strlen(msg), ec_key); + OPENSSL_assert(cv); + + { + BIO *bio = BIO_new_fp(stdout, BIO_NOCLOSE); + SM2_CIPHERTEXT_VALUE_print(bio, EC_KEY_get0_group(ec_key), cv, 0, 0); + } + + len = sizeof(ptbuf); + rv = SM2_do_decrypt(EVP_sm3(), EVP_sm3(), cv, ptbuf, &len, ec_key); + OPENSSL_assert(rv == 1); + + printf("%s() success\n", __FUNCTION__); + return 0; +} + +int main(int argc, char **argv) +{ + test_sm2_sign(); + test_sm2_enc(); return 0; } diff --git a/crypto/sms4/sms4.c b/crypto/sms4/sms4.c index 8151c703..a68dd423 100644 --- a/crypto/sms4/sms4.c +++ b/crypto/sms4/sms4.c @@ -243,7 +243,6 @@ void sms4_encrypt(const unsigned char *in, unsigned char *out, sms4_key_t *key) { uint32_t *rk = key->rk; uint32_t X0, X1, X2, X3, X4; - int i; X0 = GETU32(in ); X1 = GETU32(in + 4); diff --git a/crypto/sms4/sms4.h b/crypto/sms4/sms4.h index a34d018a..fc9199ab 100644 --- a/crypto/sms4/sms4.h +++ b/crypto/sms4/sms4.h @@ -73,18 +73,18 @@ typedef struct { void sms4_set_encrypt_key(sms4_key_t *key, const unsigned char *user_key); void sms4_set_decrypt_key(sms4_key_t *key, const unsigned char *user_key); void sms4_encrypt(const unsigned char *in, unsigned char *out, sms4_key_t *key); -void sms4_ecb_encrypt(const unsigned char *in, unsigned char *out, const sms4_key_t *key, int encrypt); +void sms4_ecb_encrypt(const unsigned char *in, unsigned char *out, sms4_key_t *key, int enc); void sms4_cbc_encrypt(const unsigned char *in, unsigned char *out, size_t len, - const sms4_key_t *key, unsigned char *ivec, int encrypt); + sms4_key_t *key, unsigned char *ivec, int encrypt); void sms4_cfb128_encrypt(const unsigned char *in, unsigned char *out, - size_t length, const sms4_key_t *key, + size_t length, sms4_key_t *key, unsigned char *ivec, int *num, int encrypt); void sms4_ofb128_encrypt(const unsigned char *in, unsigned char *out, size_t length, const sms4_key_t *key, unsigned char ivec[SMS4_BLOCK_SIZE], - unsigned int *num); + int *num); #define sms4_decrypt(in,out,key) sms4_encrypt(in,out,key) diff --git a/crypto/sms4/sms4_cbc.c b/crypto/sms4/sms4_cbc.c index 14794304..4a050cc6 100644 --- a/crypto/sms4/sms4_cbc.c +++ b/crypto/sms4/sms4_cbc.c @@ -56,7 +56,7 @@ #include "sms4.h" void sms4_cbc_encrypt(const unsigned char *in, unsigned char *out, - size_t len, const sms4_key_t *key, + size_t len, sms4_key_t *key, unsigned char *ivec, int encrypt) { if(encrypt) diff --git a/crypto/sms4/sms4_cfb.c b/crypto/sms4/sms4_cfb.c index 8202951f..2b62fdd3 100644 --- a/crypto/sms4/sms4_cfb.c +++ b/crypto/sms4/sms4_cfb.c @@ -68,7 +68,7 @@ void sms4_cfb128_encrypt(const unsigned char *in, unsigned char *out, - size_t length, const sms4_key_t *key, + size_t length, sms4_key_t *key, unsigned char *ivec, int *num, int encrypt) { CRYPTO_cfb128_encrypt(in,out,length,key,ivec,num,encrypt,(block128_f)sms4_encrypt); } diff --git a/crypto/sms4/sms4_ecb.c b/crypto/sms4/sms4_ecb.c index 837d084d..83e23f51 100644 --- a/crypto/sms4/sms4_ecb.c +++ b/crypto/sms4/sms4_ecb.c @@ -56,7 +56,7 @@ #include "sms4.h" #include -void sms4_ecb_encrypt(const unsigned char *in, unsigned char *out, const sms4_key_t *key, int encrypt) { +void sms4_ecb_encrypt(const unsigned char *in, unsigned char *out, sms4_key_t *key, int encrypt) { assert(in && out && key); if(encrypt) sms4_encrypt(in, out, key); diff --git a/crypto/sms4/sms4_ofb.c b/crypto/sms4/sms4_ofb.c index a1a058e5..4fa7e7e2 100644 --- a/crypto/sms4/sms4_ofb.c +++ b/crypto/sms4/sms4_ofb.c @@ -62,11 +62,13 @@ #endif #include - void sms4_ofb128_encrypt(const unsigned char *in, unsigned char *out, size_t length, const sms4_key_t *key, unsigned char ivec[SMS4_BLOCK_SIZE], - unsigned int *num) { + int *num) +{ CRYPTO_ofb128_encrypt(in,out,length,key,ivec,num,(block128_f)sms4_encrypt); } //cprefix##_ofb##cbits##_encrypt + +