Book a Demo!
CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutPoliciesSign UpSign In
wine-mirror
GitHub Repository: wine-mirror/wine
 Path: blob/master/libs/tomcrypt/src/math/tfm_desc.c
5971 views
1
/* LibTomCrypt, modular cryptographic library -- Tom St Denis

2
 *

3
 * LibTomCrypt is a library that provides various cryptographic

4
 * algorithms in a highly modular and flexible manner.

5
 *

6
 * The library is free for all purposes without any express

7
 * guarantee it works.

8
 */

9


10
#define DESC_DEF_ONLY

11
#include "tomcrypt.h"

12


13
#ifdef TFM_DESC

14


15
#include <tfm.h>

16


17
static const struct {

18
    int tfm_code, ltc_code;

19
} tfm_to_ltc_codes[] = {

20
   { FP_OKAY ,  CRYPT_OK},

21
   { FP_MEM  ,  CRYPT_MEM},

22
   { FP_VAL  ,  CRYPT_INVALID_ARG},

23
};

24


25
/**

26
   Convert a tfm error to a LTC error (Possibly the most powerful function ever!  Oh wait... no)

27
   @param err    The error to convert

28
   @return The equivalent LTC error code or CRYPT_ERROR if none found

29
*/

30
static int tfm_to_ltc_error(int err)

31
{

32
   int x;

33


34
   for (x = 0; x < (int)(sizeof(tfm_to_ltc_codes)/sizeof(tfm_to_ltc_codes[0])); x++) {

35
       if (err == tfm_to_ltc_codes[x].tfm_code) {

36
          return tfm_to_ltc_codes[x].ltc_code;

37
       }

38
   }

39
   return CRYPT_ERROR;

40
}

41


42
static int init(void **a)

43
{

44
   LTC_ARGCHK(a != NULL);

45


46
   *a = XCALLOC(1, sizeof(fp_int));

47
   if (*a == NULL) {

48
      return CRYPT_MEM;

49
   }

50
   fp_init(*a);

51
   return CRYPT_OK;

52
}

53


54
static void deinit(void *a)

55
{

56
   LTC_ARGCHKVD(a != NULL);

57
   XFREE(a);

58
}

59


60
static int neg(void *a, void *b)

61
{

62
   LTC_ARGCHK(a != NULL);

63
   LTC_ARGCHK(b != NULL);

64
   fp_neg(((fp_int*)a), ((fp_int*)b));

65
   return CRYPT_OK;

66
}

67


68
static int copy(void *a, void *b)

69
{

70
   LTC_ARGCHK(a != NULL);

71
   LTC_ARGCHK(b != NULL);

72
   fp_copy(a, b);

73
   return CRYPT_OK;

74
}

75


76
static int init_copy(void **a, void *b)

77
{

78
   if (init(a) != CRYPT_OK) {

79
      return CRYPT_MEM;

80
   }

81
   return copy(b, *a);

82
}

83


84
/* ---- trivial ---- */

85
static int set_int(void *a, ltc_mp_digit b)

86
{

87
   LTC_ARGCHK(a != NULL);

88
   fp_set(a, b);

89
   return CRYPT_OK;

90
}

91


92
static unsigned long get_int(void *a)

93
{

94
   fp_int *A;

95
   LTC_ARGCHK(a != NULL);

96
   A = a;

97
   return A->used > 0 ? A->dp[0] : 0;

98
}

99


100
static ltc_mp_digit get_digit(void *a, int n)

101
{

102
   fp_int *A;

103
   LTC_ARGCHK(a != NULL);

104
   A = a;

105
   return (n >= A->used || n < 0) ? 0 : A->dp[n];

106
}

107


108
static int get_digit_count(void *a)

109
{

110
   fp_int *A;

111
   LTC_ARGCHK(a != NULL);

112
   A = a;

113
   return A->used;

114
}

115


116
static int compare(void *a, void *b)

117
{

118
   int ret;

119
   LTC_ARGCHK(a != NULL);

120
   LTC_ARGCHK(b != NULL);

121
   ret = fp_cmp(a, b);

122
   switch (ret) {

123
      case FP_LT: return LTC_MP_LT;

124
      case FP_EQ: return LTC_MP_EQ;

125
      case FP_GT: return LTC_MP_GT;

126
   }

127
   return 0;

128
}

129


130
static int compare_d(void *a, ltc_mp_digit b)

131
{

132
   int ret;

133
   LTC_ARGCHK(a != NULL);

134
   ret = fp_cmp_d(a, b);

135
   switch (ret) {

136
      case FP_LT: return LTC_MP_LT;

137
      case FP_EQ: return LTC_MP_EQ;

138
      case FP_GT: return LTC_MP_GT;

139
   }

140
   return 0;

141
}

142


143
static int count_bits(void *a)

144
{

145
   LTC_ARGCHK(a != NULL);

146
   return fp_count_bits(a);

147
}

148


149
static int count_lsb_bits(void *a)

150
{

151
   LTC_ARGCHK(a != NULL);

152
   return fp_cnt_lsb(a);

153
}

154


155
static int twoexpt(void *a, int n)

156
{

157
   LTC_ARGCHK(a != NULL);

158
   fp_2expt(a, n);

159
   return CRYPT_OK;

160
}

161


162
/* ---- conversions ---- */

163


164
/* read ascii string */

165
static int read_radix(void *a, const char *b, int radix)

166
{

167
   LTC_ARGCHK(a != NULL);

168
   LTC_ARGCHK(b != NULL);

169
   return tfm_to_ltc_error(fp_read_radix(a, (char *)b, radix));

170
}

171


172
/* write one */

173
static int write_radix(void *a, char *b, int radix)

174
{

175
   LTC_ARGCHK(a != NULL);

176
   LTC_ARGCHK(b != NULL);

177
   return tfm_to_ltc_error(fp_toradix(a, b, radix));

178
}

179


180
/* get size as unsigned char string */

181
static unsigned long unsigned_size(void *a)

182
{

183
   LTC_ARGCHK(a != NULL);

184
   return fp_unsigned_bin_size(a);

185
}

186


187
/* store */

188
static int unsigned_write(void *a, unsigned char *b)

189
{

190
   LTC_ARGCHK(a != NULL);

191
   LTC_ARGCHK(b != NULL);

192
   fp_to_unsigned_bin(a, b);

193
   return CRYPT_OK;

194
}

195


196
/* read */

197
static int unsigned_read(void *a, unsigned char *b, unsigned long len)

198
{

199
   LTC_ARGCHK(a != NULL);

200
   LTC_ARGCHK(b != NULL);

201
   fp_read_unsigned_bin(a, b, len);

202
   return CRYPT_OK;

203
}

204


205
/* add */

206
static int add(void *a, void *b, void *c)

207
{

208
   LTC_ARGCHK(a != NULL);

209
   LTC_ARGCHK(b != NULL);

210
   LTC_ARGCHK(c != NULL);

211
   fp_add(a, b, c);

212
   return CRYPT_OK;

213
}

214


215
static int addi(void *a, ltc_mp_digit b, void *c)

216
{

217
   LTC_ARGCHK(a != NULL);

218
   LTC_ARGCHK(c != NULL);

219
   fp_add_d(a, b, c);

220
   return CRYPT_OK;

221
}

222


223
/* sub */

224
static int sub(void *a, void *b, void *c)

225
{

226
   LTC_ARGCHK(a != NULL);

227
   LTC_ARGCHK(b != NULL);

228
   LTC_ARGCHK(c != NULL);

229
   fp_sub(a, b, c);

230
   return CRYPT_OK;

231
}

232


233
static int subi(void *a, ltc_mp_digit b, void *c)

234
{

235
   LTC_ARGCHK(a != NULL);

236
   LTC_ARGCHK(c != NULL);

237
   fp_sub_d(a, b, c);

238
   return CRYPT_OK;

239
}

240


241
/* mul */

242
static int mul(void *a, void *b, void *c)

243
{

244
   LTC_ARGCHK(a != NULL);

245
   LTC_ARGCHK(b != NULL);

246
   LTC_ARGCHK(c != NULL);

247
   fp_mul(a, b, c);

248
   return CRYPT_OK;

249
}

250


251
static int muli(void *a, ltc_mp_digit b, void *c)

252
{

253
   LTC_ARGCHK(a != NULL);

254
   LTC_ARGCHK(c != NULL);

255
   fp_mul_d(a, b, c);

256
   return CRYPT_OK;

257
}

258


259
/* sqr */

260
static int sqr(void *a, void *b)

261
{

262
   LTC_ARGCHK(a != NULL);

263
   LTC_ARGCHK(b != NULL);

264
   fp_sqr(a, b);

265
   return CRYPT_OK;

266
}

267


268
/* div */

269
static int divide(void *a, void *b, void *c, void *d)

270
{

271
   LTC_ARGCHK(a != NULL);

272
   LTC_ARGCHK(b != NULL);

273
   return tfm_to_ltc_error(fp_div(a, b, c, d));

274
}

275


276
static int div_2(void *a, void *b)

277
{

278
   LTC_ARGCHK(a != NULL);

279
   LTC_ARGCHK(b != NULL);

280
   fp_div_2(a, b);

281
   return CRYPT_OK;

282
}

283


284
/* modi */

285
static int modi(void *a, ltc_mp_digit b, ltc_mp_digit *c)

286
{

287
   fp_digit tmp;

288
   int      err;

289


290
   LTC_ARGCHK(a != NULL);

291
   LTC_ARGCHK(c != NULL);

292


293
   if ((err = tfm_to_ltc_error(fp_mod_d(a, b, &tmp))) != CRYPT_OK) {

294
      return err;

295
   }

296
   *c = tmp;

297
   return CRYPT_OK;

298
}

299


300
/* gcd */

301
static int gcd(void *a, void *b, void *c)

302
{

303
   LTC_ARGCHK(a != NULL);

304
   LTC_ARGCHK(b != NULL);

305
   LTC_ARGCHK(c != NULL);

306
   fp_gcd(a, b, c);

307
   return CRYPT_OK;

308
}

309


310
/* lcm */

311
static int lcm(void *a, void *b, void *c)

312
{

313
   LTC_ARGCHK(a != NULL);

314
   LTC_ARGCHK(b != NULL);

315
   LTC_ARGCHK(c != NULL);

316
   fp_lcm(a, b, c);

317
   return CRYPT_OK;

318
}

319


320
static int addmod(void *a, void *b, void *c, void *d)

321
{

322
   LTC_ARGCHK(a != NULL);

323
   LTC_ARGCHK(b != NULL);

324
   LTC_ARGCHK(c != NULL);

325
   LTC_ARGCHK(d != NULL);

326
   return tfm_to_ltc_error(fp_addmod(a,b,c,d));

327
}

328


329
static int submod(void *a, void *b, void *c, void *d)

330
{

331
   LTC_ARGCHK(a != NULL);

332
   LTC_ARGCHK(b != NULL);

333
   LTC_ARGCHK(c != NULL);

334
   LTC_ARGCHK(d != NULL);

335
   return tfm_to_ltc_error(fp_submod(a,b,c,d));

336
}

337


338
static int mulmod(void *a, void *b, void *c, void *d)

339
{

340
   LTC_ARGCHK(a != NULL);

341
   LTC_ARGCHK(b != NULL);

342
   LTC_ARGCHK(c != NULL);

343
   LTC_ARGCHK(d != NULL);

344
   return tfm_to_ltc_error(fp_mulmod(a,b,c,d));

345
}

346


347
static int sqrmod(void *a, void *b, void *c)

348
{

349
   LTC_ARGCHK(a != NULL);

350
   LTC_ARGCHK(b != NULL);

351
   LTC_ARGCHK(c != NULL);

352
   return tfm_to_ltc_error(fp_sqrmod(a,b,c));

353
}

354


355
/* invmod */

356
static int invmod(void *a, void *b, void *c)

357
{

358
   LTC_ARGCHK(a != NULL);

359
   LTC_ARGCHK(b != NULL);

360
   LTC_ARGCHK(c != NULL);

361
   return tfm_to_ltc_error(fp_invmod(a, b, c));

362
}

363


364
/* setup */

365
static int montgomery_setup(void *a, void **b)

366
{

367
   int err;

368
   LTC_ARGCHK(a != NULL);

369
   LTC_ARGCHK(b != NULL);

370
   *b = XCALLOC(1, sizeof(fp_digit));

371
   if (*b == NULL) {

372
      return CRYPT_MEM;

373
   }

374
   if ((err = tfm_to_ltc_error(fp_montgomery_setup(a, (fp_digit *)*b))) != CRYPT_OK) {

375
      XFREE(*b);

376
   }

377
   return err;

378
}

379


380
/* get normalization value */

381
static int montgomery_normalization(void *a, void *b)

382
{

383
   LTC_ARGCHK(a != NULL);

384
   LTC_ARGCHK(b != NULL);

385
   fp_montgomery_calc_normalization(a, b);

386
   return CRYPT_OK;

387
}

388


389
/* reduce */

390
static int montgomery_reduce(void *a, void *b, void *c)

391
{

392
   LTC_ARGCHK(a != NULL);

393
   LTC_ARGCHK(b != NULL);

394
   LTC_ARGCHK(c != NULL);

395
   fp_montgomery_reduce(a, b, *((fp_digit *)c));

396
   return CRYPT_OK;

397
}

398


399
/* clean up */

400
static void montgomery_deinit(void *a)

401
{

402
   XFREE(a);

403
}

404


405
static int exptmod(void *a, void *b, void *c, void *d)

406
{

407
   LTC_ARGCHK(a != NULL);

408
   LTC_ARGCHK(b != NULL);

409
   LTC_ARGCHK(c != NULL);

410
   LTC_ARGCHK(d != NULL);

411
   return tfm_to_ltc_error(fp_exptmod(a,b,c,d));

412
}

413


414
static int isprime(void *a, int b, int *c)

415
{

416
   LTC_ARGCHK(a != NULL);

417
   LTC_ARGCHK(c != NULL);

418
   if (b == 0) {

419
       b = LTC_MILLER_RABIN_REPS;

420
   } /* if */

421
   *c = (fp_isprime_ex(a, b) == FP_YES) ? LTC_MP_YES : LTC_MP_NO;

422
   return CRYPT_OK;

423
}

424


425
#if defined(LTC_MECC) && defined(LTC_MECC_ACCEL)

426


427
static int tfm_ecc_projective_dbl_point(ecc_point *P, ecc_point *R, void *modulus, void *Mp)

428
{

429
   fp_int t1, t2;

430
   fp_digit mp;

431


432
   LTC_ARGCHK(P       != NULL);

433
   LTC_ARGCHK(R       != NULL);

434
   LTC_ARGCHK(modulus != NULL);

435
   LTC_ARGCHK(Mp      != NULL);

436


437
   mp = *((fp_digit*)Mp);

438


439
   fp_init(&t1);

440
   fp_init(&t2);

441


442
   if (P != R) {

443
      fp_copy(P->x, R->x);

444
      fp_copy(P->y, R->y);

445
      fp_copy(P->z, R->z);

446
   }

447


448
   /* t1 = Z * Z */

449
   fp_sqr(R->z, &t1);

450
   fp_montgomery_reduce(&t1, modulus, mp);

451
   /* Z = Y * Z */

452
   fp_mul(R->z, R->y, R->z);

453
   fp_montgomery_reduce(R->z, modulus, mp);

454
   /* Z = 2Z */

455
   fp_add(R->z, R->z, R->z);

456
   if (fp_cmp(R->z, modulus) != FP_LT) {

457
      fp_sub(R->z, modulus, R->z);

458
   }

459


460
   /* &t2 = X - T1 */

461
   fp_sub(R->x, &t1, &t2);

462
   if (fp_cmp_d(&t2, 0) == FP_LT) {

463
      fp_add(&t2, modulus, &t2);

464
   }

465
   /* T1 = X + T1 */

466
   fp_add(&t1, R->x, &t1);

467
   if (fp_cmp(&t1, modulus) != FP_LT) {

468
      fp_sub(&t1, modulus, &t1);

469
   }

470
   /* T2 = T1 * T2 */

471
   fp_mul(&t1, &t2, &t2);

472
   fp_montgomery_reduce(&t2, modulus, mp);

473
   /* T1 = 2T2 */

474
   fp_add(&t2, &t2, &t1);

475
   if (fp_cmp(&t1, modulus) != FP_LT) {

476
      fp_sub(&t1, modulus, &t1);

477
   }

478
   /* T1 = T1 + T2 */

479
   fp_add(&t1, &t2, &t1);

480
   if (fp_cmp(&t1, modulus) != FP_LT) {

481
      fp_sub(&t1, modulus, &t1);

482
   }

483


484
   /* Y = 2Y */

485
   fp_add(R->y, R->y, R->y);

486
   if (fp_cmp(R->y, modulus) != FP_LT) {

487
      fp_sub(R->y, modulus, R->y);

488
   }

489
   /* Y = Y * Y */

490
   fp_sqr(R->y, R->y);

491
   fp_montgomery_reduce(R->y, modulus, mp);

492
   /* T2 = Y * Y */

493
   fp_sqr(R->y, &t2);

494
   fp_montgomery_reduce(&t2, modulus, mp);

495
   /* T2 = T2/2 */

496
   if (fp_isodd(&t2)) {

497
      fp_add(&t2, modulus, &t2);

498
   }

499
   fp_div_2(&t2, &t2);

500
   /* Y = Y * X */

501
   fp_mul(R->y, R->x, R->y);

502
   fp_montgomery_reduce(R->y, modulus, mp);

503


504
   /* X  = T1 * T1 */

505
   fp_sqr(&t1, R->x);

506
   fp_montgomery_reduce(R->x, modulus, mp);

507
   /* X = X - Y */

508
   fp_sub(R->x, R->y, R->x);

509
   if (fp_cmp_d(R->x, 0) == FP_LT) {

510
      fp_add(R->x, modulus, R->x);

511
   }

512
   /* X = X - Y */

513
   fp_sub(R->x, R->y, R->x);

514
   if (fp_cmp_d(R->x, 0) == FP_LT) {

515
      fp_add(R->x, modulus, R->x);

516
   }

517


518
   /* Y = Y - X */

519
   fp_sub(R->y, R->x, R->y);

520
   if (fp_cmp_d(R->y, 0) == FP_LT) {

521
      fp_add(R->y, modulus, R->y);

522
   }

523
   /* Y = Y * T1 */

524
   fp_mul(R->y, &t1, R->y);

525
   fp_montgomery_reduce(R->y, modulus, mp);

526
   /* Y = Y - T2 */

527
   fp_sub(R->y, &t2, R->y);

528
   if (fp_cmp_d(R->y, 0) == FP_LT) {

529
      fp_add(R->y, modulus, R->y);

530
   }

531


532
   return CRYPT_OK;

533
}

534


535
/**

536
   Add two ECC points

537
   @param P        The point to add

538
   @param Q        The point to add

539
   @param R        [out] The destination of the double

540
   @param modulus  The modulus of the field the ECC curve is in

541
   @param Mp       The "b" value from montgomery_setup()

542
   @return CRYPT_OK on success

543
*/

544
static int tfm_ecc_projective_add_point(ecc_point *P, ecc_point *Q, ecc_point *R, void *modulus, void *Mp)

545
{

546
   fp_int  t1, t2, x, y, z;

547
   fp_digit mp;

548


549
   LTC_ARGCHK(P       != NULL);

550
   LTC_ARGCHK(Q       != NULL);

551
   LTC_ARGCHK(R       != NULL);

552
   LTC_ARGCHK(modulus != NULL);

553
   LTC_ARGCHK(Mp      != NULL);

554


555
   mp = *((fp_digit*)Mp);

556


557
   fp_init(&t1);

558
   fp_init(&t2);

559
   fp_init(&x);

560
   fp_init(&y);

561
   fp_init(&z);

562


563
   /* should we dbl instead? */

564
   fp_sub(modulus, Q->y, &t1);

565
   if ( (fp_cmp(P->x, Q->x) == FP_EQ) &&

566
        (Q->z != NULL && fp_cmp(P->z, Q->z) == FP_EQ) &&

567
        (fp_cmp(P->y, Q->y) == FP_EQ || fp_cmp(P->y, &t1) == FP_EQ)) {

568
        return tfm_ecc_projective_dbl_point(P, R, modulus, Mp);

569
   }

570


571
   fp_copy(P->x, &x);

572
   fp_copy(P->y, &y);

573
   fp_copy(P->z, &z);

574


575
   /* if Z is one then these are no-operations */

576
   if (Q->z != NULL) {

577
      /* T1 = Z' * Z' */

578
      fp_sqr(Q->z, &t1);

579
      fp_montgomery_reduce(&t1, modulus, mp);

580
      /* X = X * T1 */

581
      fp_mul(&t1, &x, &x);

582
      fp_montgomery_reduce(&x, modulus, mp);

583
      /* T1 = Z' * T1 */

584
      fp_mul(Q->z, &t1, &t1);

585
      fp_montgomery_reduce(&t1, modulus, mp);

586
      /* Y = Y * T1 */

587
      fp_mul(&t1, &y, &y);

588
      fp_montgomery_reduce(&y, modulus, mp);

589
   }

590


591
   /* T1 = Z*Z */

592
   fp_sqr(&z, &t1);

593
   fp_montgomery_reduce(&t1, modulus, mp);

594
   /* T2 = X' * T1 */

595
   fp_mul(Q->x, &t1, &t2);

596
   fp_montgomery_reduce(&t2, modulus, mp);

597
   /* T1 = Z * T1 */

598
   fp_mul(&z, &t1, &t1);

599
   fp_montgomery_reduce(&t1, modulus, mp);

600
   /* T1 = Y' * T1 */

601
   fp_mul(Q->y, &t1, &t1);

602
   fp_montgomery_reduce(&t1, modulus, mp);

603


604
   /* Y = Y - T1 */

605
   fp_sub(&y, &t1, &y);

606
   if (fp_cmp_d(&y, 0) == FP_LT) {

607
      fp_add(&y, modulus, &y);

608
   }

609
   /* T1 = 2T1 */

610
   fp_add(&t1, &t1, &t1);

611
   if (fp_cmp(&t1, modulus) != FP_LT) {

612
      fp_sub(&t1, modulus, &t1);

613
   }

614
   /* T1 = Y + T1 */

615
   fp_add(&t1, &y, &t1);

616
   if (fp_cmp(&t1, modulus) != FP_LT) {

617
      fp_sub(&t1, modulus, &t1);

618
   }

619
   /* X = X - T2 */

620
   fp_sub(&x, &t2, &x);

621
   if (fp_cmp_d(&x, 0) == FP_LT) {

622
      fp_add(&x, modulus, &x);

623
   }

624
   /* T2 = 2T2 */

625
   fp_add(&t2, &t2, &t2);

626
   if (fp_cmp(&t2, modulus) != FP_LT) {

627
      fp_sub(&t2, modulus, &t2);

628
   }

629
   /* T2 = X + T2 */

630
   fp_add(&t2, &x, &t2);

631
   if (fp_cmp(&t2, modulus) != FP_LT) {

632
      fp_sub(&t2, modulus, &t2);

633
   }

634


635
   /* if Z' != 1 */

636
   if (Q->z != NULL) {

637
      /* Z = Z * Z' */

638
      fp_mul(&z, Q->z, &z);

639
      fp_montgomery_reduce(&z, modulus, mp);

640
   }

641


642
   /* Z = Z * X */

643
   fp_mul(&z, &x, &z);

644
   fp_montgomery_reduce(&z, modulus, mp);

645


646
   /* T1 = T1 * X  */

647
   fp_mul(&t1, &x, &t1);

648
   fp_montgomery_reduce(&t1, modulus, mp);

649
   /* X = X * X */

650
   fp_sqr(&x, &x);

651
   fp_montgomery_reduce(&x, modulus, mp);

652
   /* T2 = T2 * x */

653
   fp_mul(&t2, &x, &t2);

654
   fp_montgomery_reduce(&t2, modulus, mp);

655
   /* T1 = T1 * X  */

656
   fp_mul(&t1, &x, &t1);

657
   fp_montgomery_reduce(&t1, modulus, mp);

658


659
   /* X = Y*Y */

660
   fp_sqr(&y, &x);

661
   fp_montgomery_reduce(&x, modulus, mp);

662
   /* X = X - T2 */

663
   fp_sub(&x, &t2, &x);

664
   if (fp_cmp_d(&x, 0) == FP_LT) {

665
      fp_add(&x, modulus, &x);

666
   }

667


668
   /* T2 = T2 - X */

669
   fp_sub(&t2, &x, &t2);

670
   if (fp_cmp_d(&t2, 0) == FP_LT) {

671
      fp_add(&t2, modulus, &t2);

672
   }

673
   /* T2 = T2 - X */

674
   fp_sub(&t2, &x, &t2);

675
   if (fp_cmp_d(&t2, 0) == FP_LT) {

676
      fp_add(&t2, modulus, &t2);

677
   }

678
   /* T2 = T2 * Y */

679
   fp_mul(&t2, &y, &t2);

680
   fp_montgomery_reduce(&t2, modulus, mp);

681
   /* Y = T2 - T1 */

682
   fp_sub(&t2, &t1, &y);

683
   if (fp_cmp_d(&y, 0) == FP_LT) {

684
      fp_add(&y, modulus, &y);

685
   }

686
   /* Y = Y/2 */

687
   if (fp_isodd(&y)) {

688
      fp_add(&y, modulus, &y);

689
   }

690
   fp_div_2(&y, &y);

691


692
   fp_copy(&x, R->x);

693
   fp_copy(&y, R->y);

694
   fp_copy(&z, R->z);

695


696
   return CRYPT_OK;

697
}

698


699


700
#endif

701


702
static int set_rand(void *a, int size)

703
{

704
   LTC_ARGCHK(a != NULL);

705
   fp_rand(a, size);

706
   return CRYPT_OK;

707
}

708


709
const ltc_math_descriptor tfm_desc = {

710


711
   "TomsFastMath",

712
   (int)DIGIT_BIT,

713


714
   &init,

715
   &init_copy,

716
   &deinit,

717


718
   &neg,

719
   &copy,

720


721
   &set_int,

722
   &get_int,

723
   &get_digit,

724
   &get_digit_count,

725
   &compare,

726
   &compare_d,

727
   &count_bits,

728
   &count_lsb_bits,

729
   &twoexpt,

730


731
   &read_radix,

732
   &write_radix,

733
   &unsigned_size,

734
   &unsigned_write,

735
   &unsigned_read,

736


737
   &add,

738
   &addi,

739
   &sub,

740
   &subi,

741
   &mul,

742
   &muli,

743
   &sqr,

744
   &divide,

745
   &div_2,

746
   &modi,

747
   &gcd,

748
   &lcm,

749


750
   &mulmod,

751
   &sqrmod,

752
   &invmod,

753


754
   &montgomery_setup,

755
   &montgomery_normalization,

756
   &montgomery_reduce,

757
   &montgomery_deinit,

758


759
   &exptmod,

760
   &isprime,

761


762
#ifdef LTC_MECC

763
#ifdef LTC_MECC_FP

764
   &ltc_ecc_fp_mulmod,

765
#else

766
   &ltc_ecc_mulmod,

767
#endif /* LTC_MECC_FP */

768
#ifdef LTC_MECC_ACCEL

769
   &tfm_ecc_projective_add_point,

770
   &tfm_ecc_projective_dbl_point,

771
#else

772
   &ltc_ecc_projective_add_point,

773
   &ltc_ecc_projective_dbl_point,

774
#endif /* LTC_MECC_ACCEL */

775
   &ltc_ecc_map,

776
#ifdef LTC_ECC_SHAMIR

777
#ifdef LTC_MECC_FP

778
   &ltc_ecc_fp_mul2add,

779
#else

780
   &ltc_ecc_mul2add,

781
#endif /* LTC_MECC_FP */

782
#else

783
   NULL,

784
#endif /* LTC_ECC_SHAMIR */

785
#else

786
   NULL, NULL, NULL, NULL, NULL,

787
#endif /* LTC_MECC */

788


789
#ifdef LTC_MRSA

790
   &rsa_make_key,

791
   &rsa_exptmod,

792
#else

793
   NULL, NULL,

794
#endif

795
   &addmod,

796
   &submod,

797


798
   set_rand,

799


800
};

801


802


803
#endif

804


805