Bring in bignum_mod{add,sub}() from s2n-bignum.

These provide modular addition and subtraction.
author: jsing <> 2025-08-12 10:17:36 +0000
committer: jsing <> 2025-08-12 10:17:36 +0000
commit: b74717972baf1ae0a97085e299f2824eb9362a99 (patch)
tree: b6dc93ac6394b937c003d7ade2986392490819dd /src/lib/libc
parent: 9a1a39a85b5242df4ffd7c3a20eb012acdc716d7 (diff)
download: openbsd-b74717972baf1ae0a97085e299f2824eb9362a99.tar.gz
openbsd-b74717972baf1ae0a97085e299f2824eb9362a99.tar.bz2
openbsd-b74717972baf1ae0a97085e299f2824eb9362a99.zip
2 files changed, 185 insertions, 0 deletions
diff --git a/src/lib/libcrypto/bn/arch/amd64/bignum_modadd.S b/src/lib/libcrypto/bn/arch/amd64/bignum_modadd.S
new file mode 100644
index 0000000000..5d668f54ed
--- /dev/null
+++ b/src/lib/libcrypto/bn/arch/amd64/bignum_modadd.S
@@ -0,0 +1,99 @@
+// Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+// SPDX-License-Identifier: Apache-2.0 OR ISC OR MIT-0
+// ----------------------------------------------------------------------------
+// Add modulo m, z := (x + y) mod m, assuming x and y reduced
+// Inputs x[k], y[k], m[k]; output z[k]
+//
+//    extern void bignum_modadd(uint64_t k, uint64_t *z, const uint64_t *x,
+//                              const uint64_t *y, const uint64_t *m);
+//
+// Standard x86-64 ABI: RDI = k, RSI = z, RDX = x, RCX = y, R8 = m
+// Microsoft x64 ABI:   RCX = k, RDX = z, R8 = x, R9 = y, [RSP+40] = m
+// ----------------------------------------------------------------------------
+#include "_internal_s2n_bignum.h"
+        .intel_syntax noprefix
+        S2N_BN_SYM_VISIBILITY_DIRECTIVE(bignum_modadd)
+        S2N_BN_SYM_PRIVACY_DIRECTIVE(bignum_modadd)
+        .text
+#define k rdi
+#define z rsi
+#define x rdx
+#define y rcx
+#define m r8
+#define i r9
+#define j r10
+#define a rax
+#define c r11
+S2N_BN_SYMBOL(bignum_modadd):
+        _CET_ENDBR
+#if WINDOWS_ABI
+        push    rdi
+        push    rsi
+        mov     rdi, rcx
+        mov     rsi, rdx
+        mov     rdx, r8
+        mov     rcx, r9
+        mov     r8, [rsp+56]
+#endif
+// If k = 0 do nothing
+        test    k, k
+        jz      bignum_modadd_end
+// First just add (c::z) := x + y
+        xor     c, c
+        mov     j, k
+        xor     i, i
+bignum_modadd_addloop:
+        mov     a, [x+8*i]
+        adc     a, [y+8*i]
+        mov     [z+8*i], a
+        inc     i
+        dec     j
+        jnz     bignum_modadd_addloop
+        adc     c, 0
+// Now do a comparison subtraction (c::z) - m, recording mask for (c::z) >= m
+        mov     j, k
+        xor     i, i
+bignum_modadd_cmploop:
+        mov     a, [z+8*i]
+        sbb     a, [m+8*i]
+        inc     i
+        dec     j
+        jnz     bignum_modadd_cmploop
+        sbb     c, 0
+        not     c
+// Now do a masked subtraction z := z - [c] * m
+        xor     i, i
+bignum_modadd_subloop:
+        mov     a, [m+8*i]
+        and     a, c
+        neg     j
+        sbb     [z+8*i], a
+        sbb     j, j
+        inc     i
+        cmp     i, k
+        jc      bignum_modadd_subloop
+bignum_modadd_end:
+#if WINDOWS_ABI
+        pop    rsi
+        pop    rdi
+#endif
+        ret
+#if defined(__linux__) && defined(__ELF__)
+.section .note.GNU-stack,"",%progbits
+#endif
diff --git a/src/lib/libcrypto/bn/arch/amd64/bignum_modsub.S b/src/lib/libcrypto/bn/arch/amd64/bignum_modsub.S
new file mode 100644
index 0000000000..319aa2a3db
--- /dev/null
+++ b/src/lib/libcrypto/bn/arch/amd64/bignum_modsub.S
@@ -0,0 +1,86 @@
+// Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+// SPDX-License-Identifier: Apache-2.0 OR ISC OR MIT-0
+// ----------------------------------------------------------------------------
+// Subtract modulo m, z := (x - y) mod m, assuming x and y reduced
+// Inputs x[k], y[k], m[k]; output z[k]
+//
+//    extern void bignum_modsub(uint64_t k, uint64_t *z, const uint64_t *x,
+//                              const uint64_t *y, const uint64_t *m);
+//
+// Standard x86-64 ABI: RDI = k, RSI = z, RDX = x, RCX = y, R8 = m
+// Microsoft x64 ABI:   RCX = k, RDX = z, R8 = x, R9 = y, [RSP+40] = m
+// ----------------------------------------------------------------------------
+#include "_internal_s2n_bignum.h"
+        .intel_syntax noprefix
+        S2N_BN_SYM_VISIBILITY_DIRECTIVE(bignum_modsub)
+        S2N_BN_SYM_PRIVACY_DIRECTIVE(bignum_modsub)
+        .text
+#define k rdi
+#define z rsi
+#define x rdx
+#define y rcx
+#define m r8
+#define i r9
+#define j r10
+#define a rax
+#define c r11
+S2N_BN_SYMBOL(bignum_modsub):
+        _CET_ENDBR
+#if WINDOWS_ABI
+        push    rdi
+        push    rsi
+        mov     rdi, rcx
+        mov     rsi, rdx
+        mov     rdx, r8
+        mov     rcx, r9
+        mov     r8, [rsp+56]
+#endif
+// If k = 0 do nothing
+        test    k, k
+        jz      bignum_modsub_end
+// Subtract z := x - y and record a mask for the carry x - y < 0
+        xor     c, c
+        mov     j, k
+        xor     i, i
+bignum_modsub_subloop:
+        mov     a, [x+8*i]
+        sbb     a, [y+8*i]
+        mov     [z+8*i], a
+        inc     i
+        dec     j
+        jnz     bignum_modsub_subloop
+        sbb     c, c
+// Now do a masked addition z := z + [c] * m
+        xor     i, i
+bignum_modsub_addloop:
+        mov     a, [m+8*i]
+        and     a, c
+        neg     j
+        adc     [z+8*i], a
+        sbb     j, j
+        inc     i
+        cmp     i, k
+        jc      bignum_modsub_addloop
+bignum_modsub_end:
+#if WINDOWS_ABI
+        pop    rsi
+        pop    rdi
+#endif
+        ret
+#if defined(__linux__) && defined(__ELF__)
+.section .note.GNU-stack,"",%progbits
+#endif
author	jsing <>	2025-08-12 10:17:36 +0000
committer	jsing <>	2025-08-12 10:17:36 +0000
commit	b74717972baf1ae0a97085e299f2824eb9362a99 (patch)
tree	b6dc93ac6394b937c003d7ade2986392490819dd /src/lib/libc
parent	9a1a39a85b5242df4ffd7c3a20eb012acdc716d7 (diff)
download	openbsd-b74717972baf1ae0a97085e299f2824eb9362a99.tar.gz openbsd-b74717972baf1ae0a97085e299f2824eb9362a99.tar.bz2 openbsd-b74717972baf1ae0a97085e299f2824eb9362a99.zip

diff --git a/src/lib/libcrypto/bn/arch/amd64/bignum_modadd.S b/src/lib/libcrypto/bn/arch/amd64/bignum_modadd.S new file mode 100644 index 0000000000..5d668f54ed --- /dev/null +++ b/src/lib/libcrypto/bn/arch/amd64/bignum_modadd.S
@@ -0,0 +1,99 @@
	1	// Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
	2	// SPDX-License-Identifier: Apache-2.0 OR ISC OR MIT-0
	3
	4	// ----------------------------------------------------------------------------
	5	// Add modulo m, z := (x + y) mod m, assuming x and y reduced
	6	// Inputs x[k], y[k], m[k]; output z[k]
	7	//
	8	// extern void bignum_modadd(uint64_t k, uint64_t z, const uint64_t x,
	9	// const uint64_t y, const uint64_t m);
	10	//
	11	// Standard x86-64 ABI: RDI = k, RSI = z, RDX = x, RCX = y, R8 = m
	12	// Microsoft x64 ABI: RCX = k, RDX = z, R8 = x, R9 = y, [RSP+40] = m
	13	// ----------------------------------------------------------------------------
	14
	15	#include "_internal_s2n_bignum.h"
	16
	17	.intel_syntax noprefix
	18	S2N_BN_SYM_VISIBILITY_DIRECTIVE(bignum_modadd)
	19	S2N_BN_SYM_PRIVACY_DIRECTIVE(bignum_modadd)
	20	.text
	21
	22	#define k rdi
	23	#define z rsi
	24	#define x rdx
	25	#define y rcx
	26	#define m r8
	27	#define i r9
	28	#define j r10
	29	#define a rax
	30	#define c r11
	31
	32	S2N_BN_SYMBOL(bignum_modadd):
	33	_CET_ENDBR
	34
	35	#if WINDOWS_ABI
	36	push rdi
	37	push rsi
	38	mov rdi, rcx
	39	mov rsi, rdx
	40	mov rdx, r8
	41	mov rcx, r9
	42	mov r8, [rsp+56]
	43	#endif
	44
	45	// If k = 0 do nothing
	46
	47	test k, k
	48	jz bignum_modadd_end
	49
	50	// First just add (c::z) := x + y
	51
	52	xor c, c
	53	mov j, k
	54	xor i, i
	55	bignum_modadd_addloop:
	56	mov a, [x+8*i]
	57	adc a, [y+8*i]
	58	mov [z+8*i], a
	59	inc i
	60	dec j
	61	jnz bignum_modadd_addloop
	62	adc c, 0
	63
	64	// Now do a comparison subtraction (c::z) - m, recording mask for (c::z) >= m
	65
	66	mov j, k
	67	xor i, i
	68	bignum_modadd_cmploop:
	69	mov a, [z+8*i]
	70	sbb a, [m+8*i]
	71	inc i
	72	dec j
	73	jnz bignum_modadd_cmploop
	74	sbb c, 0
	75	not c
	76
	77	// Now do a masked subtraction z := z - [c] * m
	78
	79	xor i, i
	80	bignum_modadd_subloop:
	81	mov a, [m+8*i]
	82	and a, c
	83	neg j
	84	sbb [z+8*i], a
	85	sbb j, j
	86	inc i
	87	cmp i, k
	88	jc bignum_modadd_subloop
	89
	90	bignum_modadd_end:
	91	#if WINDOWS_ABI
	92	pop rsi
	93	pop rdi
	94	#endif
	95	ret
	96
	97	#if defined(__linux__) && defined(__ELF__)
	98	.section .note.GNU-stack,"",%progbits
	99	#endif


diff --git a/src/lib/libcrypto/bn/arch/amd64/bignum_modsub.S b/src/lib/libcrypto/bn/arch/amd64/bignum_modsub.S new file mode 100644 index 0000000000..319aa2a3db --- /dev/null +++ b/src/lib/libcrypto/bn/arch/amd64/bignum_modsub.S
@@ -0,0 +1,86 @@
	1	// Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
	2	// SPDX-License-Identifier: Apache-2.0 OR ISC OR MIT-0
	3
	4	// ----------------------------------------------------------------------------
	5	// Subtract modulo m, z := (x - y) mod m, assuming x and y reduced
	6	// Inputs x[k], y[k], m[k]; output z[k]
	7	//
	8	// extern void bignum_modsub(uint64_t k, uint64_t z, const uint64_t x,
	9	// const uint64_t y, const uint64_t m);
	10	//
	11	// Standard x86-64 ABI: RDI = k, RSI = z, RDX = x, RCX = y, R8 = m
	12	// Microsoft x64 ABI: RCX = k, RDX = z, R8 = x, R9 = y, [RSP+40] = m
	13	// ----------------------------------------------------------------------------
	14
	15	#include "_internal_s2n_bignum.h"
	16
	17	.intel_syntax noprefix
	18	S2N_BN_SYM_VISIBILITY_DIRECTIVE(bignum_modsub)
	19	S2N_BN_SYM_PRIVACY_DIRECTIVE(bignum_modsub)
	20	.text
	21
	22	#define k rdi
	23	#define z rsi
	24	#define x rdx
	25	#define y rcx
	26	#define m r8
	27	#define i r9
	28	#define j r10
	29	#define a rax
	30	#define c r11
	31
	32	S2N_BN_SYMBOL(bignum_modsub):
	33	_CET_ENDBR
	34
	35	#if WINDOWS_ABI
	36	push rdi
	37	push rsi
	38	mov rdi, rcx
	39	mov rsi, rdx
	40	mov rdx, r8
	41	mov rcx, r9
	42	mov r8, [rsp+56]
	43	#endif
	44
	45	// If k = 0 do nothing
	46
	47	test k, k
	48	jz bignum_modsub_end
	49
	50	// Subtract z := x - y and record a mask for the carry x - y < 0
	51
	52	xor c, c
	53	mov j, k
	54	xor i, i
	55	bignum_modsub_subloop:
	56	mov a, [x+8*i]
	57	sbb a, [y+8*i]
	58	mov [z+8*i], a
	59	inc i
	60	dec j
	61	jnz bignum_modsub_subloop
	62	sbb c, c
	63
	64	// Now do a masked addition z := z + [c] * m
	65
	66	xor i, i
	67	bignum_modsub_addloop:
	68	mov a, [m+8*i]
	69	and a, c
	70	neg j
	71	adc [z+8*i], a
	72	sbb j, j
	73	inc i
	74	cmp i, k
	75	jc bignum_modsub_addloop
	76
	77	bignum_modsub_end:
	78	#if WINDOWS_ABI
	79	pop rsi
	80	pop rdi
	81	#endif
	82	ret
	83
	84	#if defined(__linux__) && defined(__ELF__)
	85	.section .note.GNU-stack,"",%progbits
	86	#endif