~ubuntu-branches/ubuntu/wily/nettle/wily-proposed

Committer: Package Import Robot
Author(s): Magnus Holmgren
Date: 2013-05-04 19:50:28 UTC
mfrom: (1.4.6) (3.1.11 experimental)
Revision ID: package-import@ubuntu.com-20130504195028-fp6c9fw1tsm5scwa

Tags: 2.7-1

http://bugs.debian.org/706081

* New upstream release (Closes: #706081).
* Include watch file improvements from Bart Martens <bartm@debian.org>
via the QA system.

files added:
arm

arm/aes-decrypt-internal.asm

arm/aes-encrypt-internal.asm

arm/aes.m4

arm/ecc-192-modp.asm

arm/ecc-224-modp.asm

arm/ecc-256-redc.asm

arm/ecc-384-modp.asm

arm/ecc-521-modp.asm

arm/machine.m4

arm/memxor.asm

arm/neon

arm/neon/salsa20-core-internal.asm

arm/neon/sha3-permute.asm

arm/neon/sha512-compress.asm

arm/neon/umac-nh-n.asm

arm/neon/umac-nh.asm

arm/sha1-compress.asm

arm/sha256-compress.asm

cnd-copy.c

ecc-192.c

ecc-224.c

ecc-256.c

ecc-384.c

ecc-521.c

ecc-a-to-j.c

ecc-add-jja.c

ecc-add-jjj.c

ecc-curve.h

ecc-dup-jj.c

ecc-ecdsa-sign.c

ecc-ecdsa-verify.c

ecc-generic-modp.c

ecc-generic-modq.c

ecc-generic-redc.c

ecc-hash.c

ecc-internal.h

ecc-j-to-a.c

ecc-mod.c

ecc-modp.c

ecc-modq.c

ecc-mul-a.c

ecc-mul-g.c

ecc-point-mul-g.c

ecc-point-mul.c

ecc-point.c

ecc-random.c

ecc-scalar.c

ecc-size.c

ecc.h

eccdata.c

ecdsa-keygen.c

ecdsa-sign.c

ecdsa-verify.c

ecdsa.h

examples/base16dec.c

examples/base16enc.c

examples/base64dec.c

examples/base64enc.c

examples/ecc-benchmark.c

examples/hogweed-benchmark.c

examples/timing.c

examples/timing.h

getopt.c

getopt.h

getopt1.c

gmp-glue.c

gmp-glue.h

gosthash94-meta.c

gosthash94.c

gosthash94.h

mini-gmp.c

mini-gmp.h

pbkdf2-hmac-sha1.c

pbkdf2-hmac-sha256.c

pbkdf2.c

pbkdf2.h

pkcs1-decrypt.c

pkcs1-encrypt.c

pkcs1-rsa-digest.c

rsa-blind.c

rsa-decrypt-tr.c

rsa-pkcs1-sign-tr.c

rsa-pkcs1-sign.c

rsa-pkcs1-verify.c

run-tests

salsa20-core-internal.c

salsa20-crypt.c

salsa20-set-key.c

salsa20.h

salsa20r12-crypt.c

sec-add-1.c

sec-modinv.c

sec-sub-1.c

sec-tabselect.c

sha1.h

sha2.h

sha3-224-meta.c

sha3-224.c

sha3-256-meta.c

sha3-256.c

sha3-384-meta.c

sha3-384.c

sha3-512-meta.c

sha3-512.c

sha3-permute.c

sha3.c

sha3.h

testsuite/ecc-mod-test.c

testsuite/ecc-modinv-test.c

testsuite/ecc-mul-a-test.c

testsuite/ecc-mul-g-test.c

testsuite/ecc-redc-test.c

testsuite/ecdsa-keygen-test.c

testsuite/ecdsa-sign-test.c

testsuite/ecdsa-verify-test.c

testsuite/gosthash94-test.c

testsuite/pbkdf2-test.c

testsuite/salsa20-test.c

testsuite/setup-env

testsuite/sha3-224-test.c

testsuite/sha3-256-test.c

testsuite/sha3-384-test.c

testsuite/sha3-512-test.c

testsuite/sha3-permute-test.c

testsuite/sha3.awk

testsuite/umac-test.c

twofishdata.c

umac-l2.c

umac-l3.c

umac-nh-n.c

umac-nh.c

umac-poly128.c

umac-poly64.c

umac-set-key.c

umac.h

umac128.c

umac32.c

umac64.c

umac96.c

write-le64.c

x86_64/ecc-192-modp.asm

x86_64/ecc-224-modp.asm

x86_64/ecc-256-redc.asm

x86_64/ecc-384-modp.asm

x86_64/ecc-521-modp.asm

x86_64/salsa20-core-internal.asm

x86_64/salsa20-crypt.asm

x86_64/salsa20.m4

x86_64/sha256-compress.asm

x86_64/sha3-permute.asm

x86_64/sha512-compress.asm

x86_64/umac-nh-n.asm

x86_64/umac-nh.asm

files removed:
debian/nettle-bin.postinst

examples/getopt.c

examples/getopt.h

examples/getopt1.c

examples/run-tests

testsuite/run-tests

tools/getopt.c

tools/getopt.h

tools/getopt1.c

x86_64/arcfour-crypt.asm

files modified:
ChangeLog

Makefile.in

NEWS

README

aclocal.m4

aes-decrypt-internal.c

aes-decrypt.c

aes-encrypt-internal.c

aes-encrypt-table.c

aes-encrypt.c

aes-internal.h

aes-meta.c

aes-set-decrypt-key.c

aes-set-encrypt-key.c

aes.h

aesdata.c

arcfour-crypt.c

arcfour-meta.c

arcfour.c

arcfour.h

arctwo-meta.c

arctwo.c

arctwo.h

asm.m4

asn1.h

base16-decode.c

base16-encode.c

base16-meta.c

base16.h

base64-decode.c

base64-encode.c

base64-meta.c

base64.h

bignum-next-prime.c

bignum-random-prime.c

bignum-random.c

bignum.c

bignum.h

blowfish.c

blowfish.h

buffer-init.c

buffer.c

buffer.h

camellia-crypt-internal.c

camellia-crypt.c

camellia-internal.h

camellia-meta.c

camellia-set-decrypt-key.c

camellia-set-encrypt-key.c

camellia-table.c

camellia.h

cast128-meta.c

cast128.c

cast128.h

cast128_sboxes.h

cbc.c

cbc.h

config.guess

config.h.in

config.m4.in

config.make.in

config.sub

configure

configure.ac

ctr.c

ctr.h

debian/changelog

debian/control

debian/libhogweed2.symbols

debian/libnettle4.symbols

debian/watch

der-iterator.c

der2dsa.c

der2rsa.c

des-compat.c

des-compat.h

des.c

des.h

des3.c

desCode.h

descore.README

desdata.c

desinfo.h

dsa-keygen.c

dsa-sha1-sign.c

dsa-sha1-verify.c

dsa-sha256-sign.c

dsa-sha256-verify.c

dsa-sign.c

dsa-verify.c

dsa.c

dsa.h

dsa2sexp.c

examples/Makefile.in

examples/eratosthenes.c

examples/io.c

examples/io.h

examples/nettle-benchmark.c

examples/nettle-openssl.c

examples/next-prime.c

examples/random-prime.c

examples/read_rsa_key.c

examples/rsa-decrypt.c

examples/rsa-encrypt-test

examples/rsa-encrypt.c

examples/rsa-keygen.c

examples/rsa-sign-test

examples/rsa-sign.c

examples/rsa-verify-test

examples/rsa-verify.c

examples/setup-env

examples/teardown-env

gcm-aes.c

gcm.c

gcm.h

gcmdata.c

hmac-md5.c

hmac-ripemd160.c

hmac-sha1.c

hmac-sha224.c

hmac-sha256.c

hmac-sha384.c

hmac-sha512.c

hmac.c

hmac.h

knuth-lfib.c

knuth-lfib.h

macros.h

md2-meta.c

md2.c

md2.h

md4-meta.c

md4.c

md4.h

md5-compat.c

md5-compat.h

md5-compress.c

md5-meta.c

md5.c

md5.h

memxor.c

nettle-internal.c

nettle-internal.h

nettle-meta-armors.c

nettle-meta-ciphers.c

nettle-meta-hashes.c

nettle-meta.h

nettle-types.h

nettle-write.h

nettle.html

nettle.info

nettle.pdf

nettle.texinfo

pgp-encode.c

pgp.h

pkcs1-rsa-md5.c

pkcs1-rsa-sha1.c

pkcs1-rsa-sha256.c

pkcs1-rsa-sha512.c

pkcs1.c

pkcs1.h

realloc.c

realloc.h

ripemd160-compress.c

ripemd160-meta.c

ripemd160.c

ripemd160.h

rsa-compat.c

rsa-compat.h

rsa-decrypt.c

rsa-encrypt.c

rsa-keygen.c

rsa-md5-sign.c

rsa-md5-verify.c

rsa-sha1-sign.c

rsa-sha1-verify.c

rsa-sha256-sign.c

rsa-sha256-verify.c

rsa-sha512-sign.c

rsa-sha512-verify.c

rsa-sign.c

rsa-verify.c

rsa.c

rsa.h

rsa2openpgp.c

rsa2sexp.c

serpent-decrypt.c

serpent-encrypt.c

serpent-internal.h

serpent-meta.c

serpent-set-key.c

serpent.h

sexp-format.c

sexp-transport-format.c

sexp-transport.c

sexp.c

sexp.h

sexp2bignum.c

sexp2dsa.c

sexp2rsa.c

sha-example.c

sha.h

sha1-compress.c

sha1-meta.c

sha1.c

sha224-meta.c

sha256-compress.c

sha256-meta.c

sha256.c

sha384-meta.c

sha512-compress.c

sha512-meta.c

sha512.c

shadata.c

sparc32/aes-decrypt-internal.asm

sparc32/aes-encrypt-internal.asm

sparc32/arcfour-crypt.asm

sparc64/aes-decrypt-internal.asm

sparc64/aes-encrypt-internal.asm

sparc64/arcfour-crypt.asm

testsuite/.test-rules.make

testsuite/Makefile.in

testsuite/aes-test.c

testsuite/arcfour-test.c

testsuite/arctwo-test.c

testsuite/base16-test.c

testsuite/base64-test.c

testsuite/bignum-test.c

testsuite/blowfish-test.c

testsuite/buffer-test.c

testsuite/camellia-test.c

testsuite/cast128-test.c

testsuite/cbc-test.c

testsuite/ctr-test.c

testsuite/cxx-test.cxx

testsuite/des-compat-test.c

testsuite/des-test.c

testsuite/des3-test.c

testsuite/dsa-keygen-test.c

testsuite/dsa-test.c

testsuite/gcm-test.c

testsuite/hmac-test.c

testsuite/knuth-lfib-test.c

testsuite/md2-test.c

testsuite/md4-test.c

testsuite/md5-compat-test.c

testsuite/md5-test.c

testsuite/memxor-test.c

testsuite/meta-armor-test.c

testsuite/meta-cipher-test.c

testsuite/meta-hash-test.c

testsuite/pkcs1-conv-test

testsuite/pkcs1-test.c

testsuite/random-prime-test.c

testsuite/ripemd160-test.c

testsuite/rsa-encrypt-test.c

testsuite/rsa-keygen-test.c

testsuite/rsa-test.c

testsuite/rsa2sexp-test.c

testsuite/serpent-test.c

testsuite/sexp-conv-test

testsuite/sexp-format-test.c

testsuite/sexp-test.c

testsuite/sexp2rsa-test.c

testsuite/sha1-huge-test.c

testsuite/sha1-test.c

testsuite/sha224-test.c

testsuite/sha256-test.c

testsuite/sha384-test.c

testsuite/sha512-test.c

testsuite/symbols-test

testsuite/teardown-env

testsuite/testutils.c

testsuite/testutils.h

testsuite/twofish-test.c

testsuite/yarrow-test.c

tools/Makefile.in

tools/input.c

tools/input.h

tools/misc.c

tools/misc.h

tools/nettle-hash.c

tools/nettle-lfib-stream.c

tools/output.c

tools/output.h

tools/parse.c

tools/parse.h

tools/pkcs1-conv.c

tools/sexp-conv.c

twofish-meta.c

twofish.c

twofish.h

write-be32.c

write-le32.c

x86/aes-decrypt-internal.asm

x86/aes-encrypt-internal.asm

x86/arcfour-crypt.asm

x86/camellia-crypt-internal.asm

x86/md5-compress.asm

x86/sha1-compress.asm

x86_64/aes-decrypt-internal.asm

x86_64/aes-encrypt-internal.asm

x86_64/camellia-crypt-internal.asm

x86_64/machine.m4

x86_64/memxor.asm

x86_64/serpent-decrypt.asm

x86_64/serpent-encrypt.asm

x86_64/serpent.m4

x86_64/sha1-compress.asm

yarrow.h

yarrow256.c

yarrow_key_event.c

Show diffs side-by-side

added added

removed removed

arm/ecc-384-modp.asm

C nettle, low-level cryptographics library

C The nettle library is free software; you can redistribute it and/or modify

C it under the terms of the GNU Lesser General Public License as published by

C the Free Software Foundation; either version 2.1 of the License, or (at your

C option) any later version.

C The nettle library is distributed in the hope that it will be useful, but

C WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY

C or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public

C License for more details.

C You should have received a copy of the GNU Lesser General Public License

C along with the nettle library; see the file COPYING.LIB. If not, write to

C the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,

C MA 02111-1301, USA.

.file "ecc-384-modp.asm"

.arm

define(<RP>, <r1>)

define(<T0>, <r0>)

define(<T1>, <r2>)

define(<T2>, <r3>)

define(<T3>, <r4>)

define(<F0>, <r5>)

define(<F1>, <r6>)

define(<F2>, <r7>)

define(<F3>, <r8>)

define(<F4>, <r10>)

define(<N>, <r12>)

define(<H>, <lr>)

C ecc_384_modp (const struct ecc_curve *ecc, mp_limb_t *rp)

.text

.align 2

PROLOGUE(nettle_ecc_384_modp)

push {r4,r5,r6,r7,r8,r10,lr}

add RP, RP, #80

ldm RP, {T0, T1, T2, T3} C 20-23

C First get top 4 limbs, which need folding twice, as

C T3 T2 T1 T0

C T3 T2 T1

C -T3

C ----------------

C F4 F3 F2 F1 F0

C Start with

C T3 T1 T0

C T1

C -T3

C -----------

C F2 F1 F0 Always fits

adds F0, T0, T1

adcs F1, T1, #0

adcs F2, T3, #0

subs F0, F0, T3

sbcs F1, F1, #0

sbcs F2, F2, #0

C T3 T2 T2 0

C F2 F1 F0

C ----------------

C F4 F3 F2 F1 F0

mov F4, #0

adds F1, F1, T2

adcs F2, F2, T2

adcs F3, T3, #0

adcs F4, F4, #0

C Add in to high part

sub RP, RP, #32

ldm RP, {T0, T1, T2, T3} C 12-15

mov H, #0

adds F0, T0, F0

adcs F1, T1, F1

adcs F2, T2, F2

adcs F3, T3, F3

adcs F4, F4, #0 C Do F4 later

C Add to low part, keeping carry (positive or negative) in H

sub RP, RP, #48

ldm RP, {T0, T1, T2, T3} C 0-3

mov H, #0

adds T0, T0, F0

adcs T1, T1, F1

adcs T2, T2, F2

adcs T3, T3, F3

adc H, H, #0

subs T1, T1, F0

100

sbcs T2, T2, F1

101

sbcs T3, T3, F2

102

sbc H, H, #0

103

adds T3, T3, F0

104

adc H, H, #0

105

106

stm RP!, {T0,T1,T2,T3} C 0-3

107

mov N, #2

108

.Loop:

109

ldm RP, {T0,T1,T2,T3} C 4-7

110

111

C First, propagate carry

112

adds T0, T0, H

113

asr H, #31 C Sign extend

114

adcs T1, T1, H

115

adcs T2, T2, H

116

adcs T3, T3, H

117

adc H, H, #0

118

119

C +B^4 term

120

adds T0, T0, F0

121

adcs T1, T1, F1

122

adcs T2, T2, F2

123

adcs T3, T3, F3

124

adc H, H, #0

125

126

C +B^3 terms

127

ldr F0, [RP, #+48] C 16

128

adds T0, T0, F1

129

adcs T1, T1, F2

130

adcs T2, T2, F3

131

adcs T3, T3, F0

132

adc H, H, #0

133

134

C -B

135

ldr F1, [RP, #+52] C 17-18

136

ldr F2, [RP, #+56]

137

subs T0, T0, F3

138

sbcs T1, T1, F0

139

sbcs T2, T2, F1

140

sbcs T3, T3, F2

141

sbcs H, H, #0

142

143

C +1

144

ldr F3, [RP, #+60] C 19

145

adds T0, T0, F0

146

adcs T1, T1, F1

147

adcs T2, T2, F2

148

adcs T3, T3, F3

149

adc H, H, #0

150

subs N, N, #1

151

stm RP!, {T0,T1,T2,T3}

152

bne .Loop

153

154

C Fold high limbs, we need to add in

155

156

C F4 F4 0 -F4 F4 H H 0 -H H

157

158

C We always have F4 >= 0, but we can have H < 0.

159

C Sign extension gets tricky when F4 = 0 and H < 0.

160

sub RP, RP, #48

161

162

ldm RP, {T0,T1,T2,T3} C 0-3

163

164

C H H 0 -H H

165

C ----------------

166

C S H F3 F2 F1 F0

167

168

C Define S = H >> 31 (asr), we then have

169

170

C F0 = H

171

C F1 = S - H

172

C F2 = - [H > 0]

173

C F3 = H - [H > 0]

174

C H = H + S

175

176

C And we get underflow in S - H iff H > 0

177

178

C H = 0 H > 0 H = -1

179

mov F0, H C 0 H -1

180

asr H, #31

181

subs F1, H, F0 C 0,C=1 -H,C=0 0,C=1

182

sbc F2, F2, F2 C 0 -1 0

183

sbc F3, F0, #0 C 0 H-1 -1

184

185

adds T0, T0, F0

186

adcs T1, T1, F1

187

adcs T2, T2, F2

188

adcs T3, T3, F3

189

adc H, H, F0 C 0+cy H+cy -2+cy

190

191

stm RP!, {T0,T1,T2,T3} C 0-3

192

ldm RP, {T0,T1,T2,T3} C 4-7

193

194

C F4 0 -F4

195

C ---------

196

C F3 F2 F1

197

198

rsbs F1, F4, #0

199

sbc F2, F2, F2

200

sbc F3, F4, #0

201

202

C Sign extend H

203

adds F0, F4, H

204

asr H, H, #31

205

adcs F1, F1, H

206

adcs F2, F2, H

207

adcs F3, F3, H

208

adcs F4, F4, H

209

adc H, H, #0

210

211

adds T0, T0, F0

212

adcs T1, T1, F1

213

adcs T2, T2, F2

214

adcs T3, T3, F3

215

216

stm RP!, {T0,T1,T2,T3} C 4-7

217

ldm RP, {T0,T1,T2,T3} C 8-11

218

219

adcs T0, T0, F4

220

adcs T1, T1, H

221

adcs T2, T2, H

222

adcs T3, T3, H

223

adc H, H, #0

224

225

stm RP, {T0,T1,T2,T3} C 8-11

226

227

C Final (unlikely) carry

228

sub RP, RP, #32

229

ldm RP, {T0,T1,T2,T3} C 0-3

230

C Fold H into F0-F4

231

mov F0, H

232

asr H, #31

233

subs F1, H, F0

234

sbc F2, F2, F2

235

sbc F3, F0, #0

236

add F4, F0, H

237

238

adds T0, T0, F0

239

adcs T1, T1, F1

240

adcs T2, T2, F2

241

adcs T3, T3, F3

242

243

stm RP!, {T0,T1,T2,T3} C 0-3

244

ldm RP, {T0,T1,T2,T3} C 4-7

245

adcs T0, T0, F4

246

adcs T1, T1, H

247

adcs T2, T2, H

248

adcs T3, T3, H

249

stm RP!, {T0,T1,T2,T3} C 4-7

250

ldm RP, {T0,T1,T2,T3} C 8-11

251

adcs T0, T0, H

252

adcs T1, T1, H

253

adcs T2, T2, H

254

adcs T3, T3, H

255

stm RP!, {T0,T1,T2,T3} C 8-11

256

pop {r4,r5,r6,r7,r8,r10,pc}

257

EPILOGUE(nettle_ecc_384_modp)

Older »