sysadmin/ipxe
1
0
Fork 0
mirror of https://github.com/ipxe/ipxe synced 2026-01-03 02:13:23 +03:00
Code Issues Packages Projects Releases Wiki Activity
Files
f3f568e382a5f19824b3bfc6081cde39eee661e8
ipxe/src/arch/x86/include/bits/bigint.h

330 lines
9.2 KiB
C
Raw Normal View History

[crypto] Add big-integer library for RSA calculations RSA requires modular exponentiation using arbitrarily large integers. Given the sizes of the modulus and exponent, all required calculations can be done without any further dynamic storage allocation. The x86 architecture allows for efficient large integer support via inline assembly using the instructions that take advantage of the carry flag (e.g. "adcl", "rcrl"). This implemention is approximately 80% smaller than the (more generic) AXTLS implementation. Signed-off-by: Michael Brown <mcb30@ipxe.org>
2012-03-13 16:35:21 +00:00
#ifndef _BITS_BIGINT_H
#define _BITS_BIGINT_H
/** @file
*
* Big integer support
*/
[legal] Relicense files under GPL2_OR_LATER_OR_UBDL Relicense files for which I am the sole author (as identified by util/relicense.pl). Signed-off-by: Michael Brown <mcb30@ipxe.org>
2015-03-02 11:54:40 +00:00
FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL );
[crypto] Add big-integer library for RSA calculations RSA requires modular exponentiation using arbitrarily large integers. Given the sizes of the modulus and exponent, all required calculations can be done without any further dynamic storage allocation. The x86 architecture allows for efficient large integer support via inline assembly using the instructions that take advantage of the carry flag (e.g. "adcl", "rcrl"). This implemention is approximately 80% smaller than the (more generic) AXTLS implementation. Signed-off-by: Michael Brown <mcb30@ipxe.org>
2012-03-13 16:35:21 +00:00
#include <stdint.h>
#include <string.h>
/** Element of a big integer */
typedef uint32_t bigint_element_t;
/**
* Initialise big integer
*
* @v value0 Element 0 of big integer to initialise
* @v size Number of elements
* @v data Raw data
* @v len Length of raw data
*/
static inline __attribute__ (( always_inline )) void
bigint_init_raw ( uint32_t *value0, unsigned int size,
const void *data, size_t len ) {
[crypto] Add memory output constraints for big-integer inline assembly The ARM versions of the big-integer inline assembly functions include constraints to indicate that the output value is modified by the assembly code. These constraints are not present in the equivalent code for the x86 versions. As of GCC 11, this results in the compiler reporting that the output values may be uninitialized. Fix by including the relevant memory output constraints. Reported-by: Christian Hesse <mail@eworm.de> Signed-off-by: Michael Brown <mcb30@ipxe.org>
2021-06-03 13:34:14 +01:00
bigint_t ( size ) __attribute__ (( may_alias )) *value =
( ( void * ) value0 );
long pad_len = ( sizeof ( *value ) - len );
[crypto] Add big-integer library for RSA calculations RSA requires modular exponentiation using arbitrarily large integers. Given the sizes of the modulus and exponent, all required calculations can be done without any further dynamic storage allocation. The x86 architecture allows for efficient large integer support via inline assembly using the instructions that take advantage of the carry flag (e.g. "adcl", "rcrl"). This implemention is approximately 80% smaller than the (more generic) AXTLS implementation. Signed-off-by: Michael Brown <mcb30@ipxe.org>
2012-03-13 16:35:21 +00:00
void *discard_D;
long discard_c;
/* Copy raw data in reverse order, padding with zeros */
__asm__ __volatile__ ( "\n1:\n\t"
[crypto] Add memory output constraints for big-integer inline assembly The ARM versions of the big-integer inline assembly functions include constraints to indicate that the output value is modified by the assembly code. These constraints are not present in the equivalent code for the x86 versions. As of GCC 11, this results in the compiler reporting that the output values may be uninitialized. Fix by including the relevant memory output constraints. Reported-by: Christian Hesse <mail@eworm.de> Signed-off-by: Michael Brown <mcb30@ipxe.org>
2021-06-03 13:34:14 +01:00
"movb -1(%3,%1), %%al\n\t"
[crypto] Add big-integer library for RSA calculations RSA requires modular exponentiation using arbitrarily large integers. Given the sizes of the modulus and exponent, all required calculations can be done without any further dynamic storage allocation. The x86 architecture allows for efficient large integer support via inline assembly using the instructions that take advantage of the carry flag (e.g. "adcl", "rcrl"). This implemention is approximately 80% smaller than the (more generic) AXTLS implementation. Signed-off-by: Michael Brown <mcb30@ipxe.org>
2012-03-13 16:35:21 +00:00
"stosb\n\t"
"loop 1b\n\t"
"xorl %%eax, %%eax\n\t"
[crypto] Add memory output constraints for big-integer inline assembly The ARM versions of the big-integer inline assembly functions include constraints to indicate that the output value is modified by the assembly code. These constraints are not present in the equivalent code for the x86 versions. As of GCC 11, this results in the compiler reporting that the output values may be uninitialized. Fix by including the relevant memory output constraints. Reported-by: Christian Hesse <mail@eworm.de> Signed-off-by: Michael Brown <mcb30@ipxe.org>
2021-06-03 13:34:14 +01:00
"mov %4, %1\n\t"
[crypto] Add big-integer library for RSA calculations RSA requires modular exponentiation using arbitrarily large integers. Given the sizes of the modulus and exponent, all required calculations can be done without any further dynamic storage allocation. The x86 architecture allows for efficient large integer support via inline assembly using the instructions that take advantage of the carry flag (e.g. "adcl", "rcrl"). This implemention is approximately 80% smaller than the (more generic) AXTLS implementation. Signed-off-by: Michael Brown <mcb30@ipxe.org>
2012-03-13 16:35:21 +00:00
"rep stosb\n\t"
[crypto] Add memory output constraints for big-integer inline assembly The ARM versions of the big-integer inline assembly functions include constraints to indicate that the output value is modified by the assembly code. These constraints are not present in the equivalent code for the x86 versions. As of GCC 11, this results in the compiler reporting that the output values may be uninitialized. Fix by including the relevant memory output constraints. Reported-by: Christian Hesse <mail@eworm.de> Signed-off-by: Michael Brown <mcb30@ipxe.org>
2021-06-03 13:34:14 +01:00
: "=&D" ( discard_D ), "=&c" ( discard_c ),
"+m" ( *value )
[crypto] Add big-integer library for RSA calculations RSA requires modular exponentiation using arbitrarily large integers. Given the sizes of the modulus and exponent, all required calculations can be done without any further dynamic storage allocation. The x86 architecture allows for efficient large integer support via inline assembly using the instructions that take advantage of the carry flag (e.g. "adcl", "rcrl"). This implemention is approximately 80% smaller than the (more generic) AXTLS implementation. Signed-off-by: Michael Brown <mcb30@ipxe.org>
2012-03-13 16:35:21 +00:00
: "r" ( data ), "g" ( pad_len ), "0" ( value0 ),
"1" ( len )
: "eax" );
}
/**
* Add big integers
*
* @v addend0 Element 0 of big integer to add
* @v value0 Element 0 of big integer to be added to
* @v size Number of elements
*/
static inline __attribute__ (( always_inline )) void
bigint_add_raw ( const uint32_t *addend0, uint32_t *value0,
unsigned int size ) {
[crypto] Add memory output constraints for big-integer inline assembly The ARM versions of the big-integer inline assembly functions include constraints to indicate that the output value is modified by the assembly code. These constraints are not present in the equivalent code for the x86 versions. As of GCC 11, this results in the compiler reporting that the output values may be uninitialized. Fix by including the relevant memory output constraints. Reported-by: Christian Hesse <mail@eworm.de> Signed-off-by: Michael Brown <mcb30@ipxe.org>
2021-06-03 13:34:14 +01:00
bigint_t ( size ) __attribute__ (( may_alias )) *value =
( ( void * ) value0 );
[crypto] Add big-integer library for RSA calculations RSA requires modular exponentiation using arbitrarily large integers. Given the sizes of the modulus and exponent, all required calculations can be done without any further dynamic storage allocation. The x86 architecture allows for efficient large integer support via inline assembly using the instructions that take advantage of the carry flag (e.g. "adcl", "rcrl"). This implemention is approximately 80% smaller than the (more generic) AXTLS implementation. Signed-off-by: Michael Brown <mcb30@ipxe.org>
2012-03-13 16:35:21 +00:00
long index;
void *discard_S;
long discard_c;
__asm__ __volatile__ ( "xor %0, %0\n\t" /* Zero %0 and clear CF */
"\n1:\n\t"
"lodsl\n\t"
[crypto] Add memory output constraints for big-integer inline assembly The ARM versions of the big-integer inline assembly functions include constraints to indicate that the output value is modified by the assembly code. These constraints are not present in the equivalent code for the x86 versions. As of GCC 11, this results in the compiler reporting that the output values may be uninitialized. Fix by including the relevant memory output constraints. Reported-by: Christian Hesse <mail@eworm.de> Signed-off-by: Michael Brown <mcb30@ipxe.org>
2021-06-03 13:34:14 +01:00
"adcl %%eax, (%4,%0,4)\n\t"
[crypto] Add big-integer library for RSA calculations RSA requires modular exponentiation using arbitrarily large integers. Given the sizes of the modulus and exponent, all required calculations can be done without any further dynamic storage allocation. The x86 architecture allows for efficient large integer support via inline assembly using the instructions that take advantage of the carry flag (e.g. "adcl", "rcrl"). This implemention is approximately 80% smaller than the (more generic) AXTLS implementation. Signed-off-by: Michael Brown <mcb30@ipxe.org>
2012-03-13 16:35:21 +00:00
"inc %0\n\t" /* Does not affect CF */
"loop 1b\n\t"
: "=&r" ( index ), "=&S" ( discard_S ),
[crypto] Add memory output constraints for big-integer inline assembly The ARM versions of the big-integer inline assembly functions include constraints to indicate that the output value is modified by the assembly code. These constraints are not present in the equivalent code for the x86 versions. As of GCC 11, this results in the compiler reporting that the output values may be uninitialized. Fix by including the relevant memory output constraints. Reported-by: Christian Hesse <mail@eworm.de> Signed-off-by: Michael Brown <mcb30@ipxe.org>
2021-06-03 13:34:14 +01:00
"=&c" ( discard_c ), "+m" ( *value )
[crypto] Add big-integer library for RSA calculations RSA requires modular exponentiation using arbitrarily large integers. Given the sizes of the modulus and exponent, all required calculations can be done without any further dynamic storage allocation. The x86 architecture allows for efficient large integer support via inline assembly using the instructions that take advantage of the carry flag (e.g. "adcl", "rcrl"). This implemention is approximately 80% smaller than the (more generic) AXTLS implementation. Signed-off-by: Michael Brown <mcb30@ipxe.org>
2012-03-13 16:35:21 +00:00
: "r" ( value0 ), "1" ( addend0 ), "2" ( size )
: "eax" );
}
/**
* Subtract big integers
*
* @v subtrahend0 Element 0 of big integer to subtract
* @v value0 Element 0 of big integer to be subtracted from
* @v size Number of elements
*/
static inline __attribute__ (( always_inline )) void
bigint_subtract_raw ( const uint32_t *subtrahend0, uint32_t *value0,
unsigned int size ) {
[crypto] Add memory output constraints for big-integer inline assembly The ARM versions of the big-integer inline assembly functions include constraints to indicate that the output value is modified by the assembly code. These constraints are not present in the equivalent code for the x86 versions. As of GCC 11, this results in the compiler reporting that the output values may be uninitialized. Fix by including the relevant memory output constraints. Reported-by: Christian Hesse <mail@eworm.de> Signed-off-by: Michael Brown <mcb30@ipxe.org>
2021-06-03 13:34:14 +01:00
bigint_t ( size ) __attribute__ (( may_alias )) *value =
( ( void * ) value0 );
[crypto] Add big-integer library for RSA calculations RSA requires modular exponentiation using arbitrarily large integers. Given the sizes of the modulus and exponent, all required calculations can be done without any further dynamic storage allocation. The x86 architecture allows for efficient large integer support via inline assembly using the instructions that take advantage of the carry flag (e.g. "adcl", "rcrl"). This implemention is approximately 80% smaller than the (more generic) AXTLS implementation. Signed-off-by: Michael Brown <mcb30@ipxe.org>
2012-03-13 16:35:21 +00:00
long index;
void *discard_S;
long discard_c;
__asm__ __volatile__ ( "xor %0, %0\n\t" /* Zero %0 and clear CF */
"\n1:\n\t"
"lodsl\n\t"
[crypto] Add memory output constraints for big-integer inline assembly The ARM versions of the big-integer inline assembly functions include constraints to indicate that the output value is modified by the assembly code. These constraints are not present in the equivalent code for the x86 versions. As of GCC 11, this results in the compiler reporting that the output values may be uninitialized. Fix by including the relevant memory output constraints. Reported-by: Christian Hesse <mail@eworm.de> Signed-off-by: Michael Brown <mcb30@ipxe.org>
2021-06-03 13:34:14 +01:00
"sbbl %%eax, (%4,%0,4)\n\t"
[crypto] Add big-integer library for RSA calculations RSA requires modular exponentiation using arbitrarily large integers. Given the sizes of the modulus and exponent, all required calculations can be done without any further dynamic storage allocation. The x86 architecture allows for efficient large integer support via inline assembly using the instructions that take advantage of the carry flag (e.g. "adcl", "rcrl"). This implemention is approximately 80% smaller than the (more generic) AXTLS implementation. Signed-off-by: Michael Brown <mcb30@ipxe.org>
2012-03-13 16:35:21 +00:00
"inc %0\n\t" /* Does not affect CF */
"loop 1b\n\t"
: "=&r" ( index ), "=&S" ( discard_S ),
[crypto] Add memory output constraints for big-integer inline assembly The ARM versions of the big-integer inline assembly functions include constraints to indicate that the output value is modified by the assembly code. These constraints are not present in the equivalent code for the x86 versions. As of GCC 11, this results in the compiler reporting that the output values may be uninitialized. Fix by including the relevant memory output constraints. Reported-by: Christian Hesse <mail@eworm.de> Signed-off-by: Michael Brown <mcb30@ipxe.org>
2021-06-03 13:34:14 +01:00
"=&c" ( discard_c ), "+m" ( *value )
[crypto] Add big-integer library for RSA calculations RSA requires modular exponentiation using arbitrarily large integers. Given the sizes of the modulus and exponent, all required calculations can be done without any further dynamic storage allocation. The x86 architecture allows for efficient large integer support via inline assembly using the instructions that take advantage of the carry flag (e.g. "adcl", "rcrl"). This implemention is approximately 80% smaller than the (more generic) AXTLS implementation. Signed-off-by: Michael Brown <mcb30@ipxe.org>
2012-03-13 16:35:21 +00:00
: "r" ( value0 ), "1" ( subtrahend0 ),
"2" ( size )
: "eax" );
}
/**
* Rotate big integer left
*
* @v value0 Element 0 of big integer
* @v size Number of elements
*/
static inline __attribute__ (( always_inline )) void
bigint_rol_raw ( uint32_t *value0, unsigned int size ) {
[crypto] Add memory output constraints for big-integer inline assembly The ARM versions of the big-integer inline assembly functions include constraints to indicate that the output value is modified by the assembly code. These constraints are not present in the equivalent code for the x86 versions. As of GCC 11, this results in the compiler reporting that the output values may be uninitialized. Fix by including the relevant memory output constraints. Reported-by: Christian Hesse <mail@eworm.de> Signed-off-by: Michael Brown <mcb30@ipxe.org>
2021-06-03 13:34:14 +01:00
bigint_t ( size ) __attribute__ (( may_alias )) *value =
( ( void * ) value0 );
[crypto] Add big-integer library for RSA calculations RSA requires modular exponentiation using arbitrarily large integers. Given the sizes of the modulus and exponent, all required calculations can be done without any further dynamic storage allocation. The x86 architecture allows for efficient large integer support via inline assembly using the instructions that take advantage of the carry flag (e.g. "adcl", "rcrl"). This implemention is approximately 80% smaller than the (more generic) AXTLS implementation. Signed-off-by: Michael Brown <mcb30@ipxe.org>
2012-03-13 16:35:21 +00:00
long index;
long discard_c;
__asm__ __volatile__ ( "xor %0, %0\n\t" /* Zero %0 and clear CF */
"\n1:\n\t"
[crypto] Add memory output constraints for big-integer inline assembly The ARM versions of the big-integer inline assembly functions include constraints to indicate that the output value is modified by the assembly code. These constraints are not present in the equivalent code for the x86 versions. As of GCC 11, this results in the compiler reporting that the output values may be uninitialized. Fix by including the relevant memory output constraints. Reported-by: Christian Hesse <mail@eworm.de> Signed-off-by: Michael Brown <mcb30@ipxe.org>
2021-06-03 13:34:14 +01:00
"rcll $1, (%3,%0,4)\n\t"
[crypto] Add big-integer library for RSA calculations RSA requires modular exponentiation using arbitrarily large integers. Given the sizes of the modulus and exponent, all required calculations can be done without any further dynamic storage allocation. The x86 architecture allows for efficient large integer support via inline assembly using the instructions that take advantage of the carry flag (e.g. "adcl", "rcrl"). This implemention is approximately 80% smaller than the (more generic) AXTLS implementation. Signed-off-by: Michael Brown <mcb30@ipxe.org>
2012-03-13 16:35:21 +00:00
"inc %0\n\t" /* Does not affect CF */
"loop 1b\n\t"
[crypto] Add memory output constraints for big-integer inline assembly The ARM versions of the big-integer inline assembly functions include constraints to indicate that the output value is modified by the assembly code. These constraints are not present in the equivalent code for the x86 versions. As of GCC 11, this results in the compiler reporting that the output values may be uninitialized. Fix by including the relevant memory output constraints. Reported-by: Christian Hesse <mail@eworm.de> Signed-off-by: Michael Brown <mcb30@ipxe.org>
2021-06-03 13:34:14 +01:00
: "=&r" ( index ), "=&c" ( discard_c ),
"+m" ( *value )
[crypto] Add big-integer library for RSA calculations RSA requires modular exponentiation using arbitrarily large integers. Given the sizes of the modulus and exponent, all required calculations can be done without any further dynamic storage allocation. The x86 architecture allows for efficient large integer support via inline assembly using the instructions that take advantage of the carry flag (e.g. "adcl", "rcrl"). This implemention is approximately 80% smaller than the (more generic) AXTLS implementation. Signed-off-by: Michael Brown <mcb30@ipxe.org>
2012-03-13 16:35:21 +00:00
: "r" ( value0 ), "1" ( size ) );
}
/**
* Rotate big integer right
*
* @v value0 Element 0 of big integer
* @v size Number of elements
*/
static inline __attribute__ (( always_inline )) void
bigint_ror_raw ( uint32_t *value0, unsigned int size ) {
[crypto] Add memory output constraints for big-integer inline assembly The ARM versions of the big-integer inline assembly functions include constraints to indicate that the output value is modified by the assembly code. These constraints are not present in the equivalent code for the x86 versions. As of GCC 11, this results in the compiler reporting that the output values may be uninitialized. Fix by including the relevant memory output constraints. Reported-by: Christian Hesse <mail@eworm.de> Signed-off-by: Michael Brown <mcb30@ipxe.org>
2021-06-03 13:34:14 +01:00
bigint_t ( size ) __attribute__ (( may_alias )) *value =
( ( void * ) value0 );
[crypto] Add big-integer library for RSA calculations RSA requires modular exponentiation using arbitrarily large integers. Given the sizes of the modulus and exponent, all required calculations can be done without any further dynamic storage allocation. The x86 architecture allows for efficient large integer support via inline assembly using the instructions that take advantage of the carry flag (e.g. "adcl", "rcrl"). This implemention is approximately 80% smaller than the (more generic) AXTLS implementation. Signed-off-by: Michael Brown <mcb30@ipxe.org>
2012-03-13 16:35:21 +00:00
long discard_c;
__asm__ __volatile__ ( "clc\n\t"
"\n1:\n\t"
[crypto] Add memory output constraints for big-integer inline assembly The ARM versions of the big-integer inline assembly functions include constraints to indicate that the output value is modified by the assembly code. These constraints are not present in the equivalent code for the x86 versions. As of GCC 11, this results in the compiler reporting that the output values may be uninitialized. Fix by including the relevant memory output constraints. Reported-by: Christian Hesse <mail@eworm.de> Signed-off-by: Michael Brown <mcb30@ipxe.org>
2021-06-03 13:34:14 +01:00
"rcrl $1, -4(%2,%0,4)\n\t"
[crypto] Add big-integer library for RSA calculations RSA requires modular exponentiation using arbitrarily large integers. Given the sizes of the modulus and exponent, all required calculations can be done without any further dynamic storage allocation. The x86 architecture allows for efficient large integer support via inline assembly using the instructions that take advantage of the carry flag (e.g. "adcl", "rcrl"). This implemention is approximately 80% smaller than the (more generic) AXTLS implementation. Signed-off-by: Michael Brown <mcb30@ipxe.org>
2012-03-13 16:35:21 +00:00
"loop 1b\n\t"
[crypto] Add memory output constraints for big-integer inline assembly The ARM versions of the big-integer inline assembly functions include constraints to indicate that the output value is modified by the assembly code. These constraints are not present in the equivalent code for the x86 versions. As of GCC 11, this results in the compiler reporting that the output values may be uninitialized. Fix by including the relevant memory output constraints. Reported-by: Christian Hesse <mail@eworm.de> Signed-off-by: Michael Brown <mcb30@ipxe.org>
2021-06-03 13:34:14 +01:00
: "=&c" ( discard_c ), "+m" ( *value )
[crypto] Add big-integer library for RSA calculations RSA requires modular exponentiation using arbitrarily large integers. Given the sizes of the modulus and exponent, all required calculations can be done without any further dynamic storage allocation. The x86 architecture allows for efficient large integer support via inline assembly using the instructions that take advantage of the carry flag (e.g. "adcl", "rcrl"). This implemention is approximately 80% smaller than the (more generic) AXTLS implementation. Signed-off-by: Michael Brown <mcb30@ipxe.org>
2012-03-13 16:35:21 +00:00
: "r" ( value0 ), "0" ( size ) );
}
/**
* Test if big integer is equal to zero
*
* @v value0 Element 0 of big integer
* @v size Number of elements
* @ret is_zero Big integer is equal to zero
*/
static inline __attribute__ (( always_inline, pure )) int
bigint_is_zero_raw ( const uint32_t *value0, unsigned int size ) {
void *discard_D;
long discard_c;
int result;
__asm__ __volatile__ ( "xor %0, %0\n\t" /* Set ZF */
"repe scasl\n\t"
"sete %b0\n\t"
: "=&a" ( result ), "=&D" ( discard_D ),
"=&c" ( discard_c )
: "1" ( value0 ), "2" ( size ) );
return result;
}
/**
* Compare big integers
*
* @v value0 Element 0 of big integer
* @v reference0 Element 0 of reference big integer
* @v size Number of elements
* @ret geq Big integer is greater than or equal to the reference
*/
static inline __attribute__ (( always_inline, pure )) int
bigint_is_geq_raw ( const uint32_t *value0, const uint32_t *reference0,
unsigned int size ) {
long discard_c;
[crypto] Avoid temporarily setting direction flag in bigint_is_geq() The UEFI specification states that the calling convention for IA-32 and x64 includes "Direction flag in EFLAGS is clear". This specification covers only the calling convention used at the point of calling functions annotated with EFIAPI. The specification explicitly states that other functions (such as private functions or static library calls) are not required to follow the UEFI calling conventions. The reference EDK2 implementation follows this specification. In particular, the EDK2 interrupt handlers will clear the direction flag before calling any EFIAPI functions, and will restore the direction flag when returning from the interrupt handler. Some EDK2 private library functions (most notably InternalMemCopyMem) may set the direction flag temporarily in order to make efficient use of CPU string operations. The current implementation of iPXE's bigint_is_geq() for i386 and x86_64 will similarly set the direction flag temporarily in order to make efficient use of CPU string operations. On some UEFI implementations (observed with a Getac RX10 tablet), a timer interrupt that happens to occur while the direction flag is set will reboot the machine. This very strongly indicates that the UEFI timer interrupt handler is failing to clear the direction flag before performing an affected operation (such as copying a block of memory). Work around such buggy UEFI implementations by rewriting bigint_is_geq() to avoid the use of string operations and so obviate the requirement to temporarily set the direction flag. Signed-off-by: Michael Brown <mcb30@ipxe.org>
2020-07-07 00:09:40 +01:00
long discard_tmp;
[crypto] Add big-integer library for RSA calculations RSA requires modular exponentiation using arbitrarily large integers. Given the sizes of the modulus and exponent, all required calculations can be done without any further dynamic storage allocation. The x86 architecture allows for efficient large integer support via inline assembly using the instructions that take advantage of the carry flag (e.g. "adcl", "rcrl"). This implemention is approximately 80% smaller than the (more generic) AXTLS implementation. Signed-off-by: Michael Brown <mcb30@ipxe.org>
2012-03-13 16:35:21 +00:00
int result;
[crypto] Avoid temporarily setting direction flag in bigint_is_geq() The UEFI specification states that the calling convention for IA-32 and x64 includes "Direction flag in EFLAGS is clear". This specification covers only the calling convention used at the point of calling functions annotated with EFIAPI. The specification explicitly states that other functions (such as private functions or static library calls) are not required to follow the UEFI calling conventions. The reference EDK2 implementation follows this specification. In particular, the EDK2 interrupt handlers will clear the direction flag before calling any EFIAPI functions, and will restore the direction flag when returning from the interrupt handler. Some EDK2 private library functions (most notably InternalMemCopyMem) may set the direction flag temporarily in order to make efficient use of CPU string operations. The current implementation of iPXE's bigint_is_geq() for i386 and x86_64 will similarly set the direction flag temporarily in order to make efficient use of CPU string operations. On some UEFI implementations (observed with a Getac RX10 tablet), a timer interrupt that happens to occur while the direction flag is set will reboot the machine. This very strongly indicates that the UEFI timer interrupt handler is failing to clear the direction flag before performing an affected operation (such as copying a block of memory). Work around such buggy UEFI implementations by rewriting bigint_is_geq() to avoid the use of string operations and so obviate the requirement to temporarily set the direction flag. Signed-off-by: Michael Brown <mcb30@ipxe.org>
2020-07-07 00:09:40 +01:00
__asm__ __volatile__ ( "\n1:\n\t"
"movl -4(%3, %1, 4), %k2\n\t"
"cmpl -4(%4, %1, 4), %k2\n\t"
[crypto] Add big-integer library for RSA calculations RSA requires modular exponentiation using arbitrarily large integers. Given the sizes of the modulus and exponent, all required calculations can be done without any further dynamic storage allocation. The x86 architecture allows for efficient large integer support via inline assembly using the instructions that take advantage of the carry flag (e.g. "adcl", "rcrl"). This implemention is approximately 80% smaller than the (more generic) AXTLS implementation. Signed-off-by: Michael Brown <mcb30@ipxe.org>
2012-03-13 16:35:21 +00:00
"loope 1b\n\t"
"setae %b0\n\t"
[crypto] Avoid temporarily setting direction flag in bigint_is_geq() The UEFI specification states that the calling convention for IA-32 and x64 includes "Direction flag in EFLAGS is clear". This specification covers only the calling convention used at the point of calling functions annotated with EFIAPI. The specification explicitly states that other functions (such as private functions or static library calls) are not required to follow the UEFI calling conventions. The reference EDK2 implementation follows this specification. In particular, the EDK2 interrupt handlers will clear the direction flag before calling any EFIAPI functions, and will restore the direction flag when returning from the interrupt handler. Some EDK2 private library functions (most notably InternalMemCopyMem) may set the direction flag temporarily in order to make efficient use of CPU string operations. The current implementation of iPXE's bigint_is_geq() for i386 and x86_64 will similarly set the direction flag temporarily in order to make efficient use of CPU string operations. On some UEFI implementations (observed with a Getac RX10 tablet), a timer interrupt that happens to occur while the direction flag is set will reboot the machine. This very strongly indicates that the UEFI timer interrupt handler is failing to clear the direction flag before performing an affected operation (such as copying a block of memory). Work around such buggy UEFI implementations by rewriting bigint_is_geq() to avoid the use of string operations and so obviate the requirement to temporarily set the direction flag. Signed-off-by: Michael Brown <mcb30@ipxe.org>
2020-07-07 00:09:40 +01:00
: "=q" ( result ), "=&c" ( discard_c ),
"=&r" ( discard_tmp )
: "r" ( value0 ), "r" ( reference0 ),
"0" ( 0 ), "1" ( size ) );
[crypto] Add big-integer library for RSA calculations RSA requires modular exponentiation using arbitrarily large integers. Given the sizes of the modulus and exponent, all required calculations can be done without any further dynamic storage allocation. The x86 architecture allows for efficient large integer support via inline assembly using the instructions that take advantage of the carry flag (e.g. "adcl", "rcrl"). This implemention is approximately 80% smaller than the (more generic) AXTLS implementation. Signed-off-by: Michael Brown <mcb30@ipxe.org>
2012-03-13 16:35:21 +00:00
return result;
}
/**
* Test if bit is set in big integer
*
* @v value0 Element 0 of big integer
* @v size Number of elements
* @v bit Bit to test
* @ret is_set Bit is set
*/
static inline __attribute__ (( always_inline )) int
bigint_bit_is_set_raw ( const uint32_t *value0, unsigned int size,
unsigned int bit ) {
const bigint_t ( size ) __attribute__ (( may_alias )) *value =
( ( const void * ) value0 );
unsigned int index = ( bit / ( 8 * sizeof ( value->element[0] ) ) );
unsigned int subindex = ( bit % ( 8 * sizeof ( value->element[0] ) ) );
return ( value->element[index] & ( 1 << subindex ) );
}
/**
* Find highest bit set in big integer
*
* @v value0 Element 0 of big integer
* @v size Number of elements
* @ret max_bit Highest bit set + 1 (or 0 if no bits set)
*/
static inline __attribute__ (( always_inline )) int
bigint_max_set_bit_raw ( const uint32_t *value0, unsigned int size ) {
long discard_c;
int result;
__asm__ __volatile__ ( "\n1:\n\t"
"bsrl -4(%2,%1,4), %0\n\t"
"loopz 1b\n\t"
"rol %1\n\t" /* Does not affect ZF */
"rol %1\n\t"
"leal 1(%k0,%k1,8), %k0\n\t"
"jnz 2f\n\t"
"xor %0, %0\n\t"
"\n2:\n\t"
: "=&r" ( result ), "=&c" ( discard_c )
: "r" ( value0 ), "1" ( size ) );
return result;
}
/**
* Grow big integer
*
* @v source0 Element 0 of source big integer
* @v source_size Number of elements in source big integer
* @v dest0 Element 0 of destination big integer
* @v dest_size Number of elements in destination big integer
*/
static inline __attribute__ (( always_inline )) void
bigint_grow_raw ( const uint32_t *source0, unsigned int source_size,
uint32_t *dest0, unsigned int dest_size ) {
[crypto] Add memory output constraints for big-integer inline assembly The ARM versions of the big-integer inline assembly functions include constraints to indicate that the output value is modified by the assembly code. These constraints are not present in the equivalent code for the x86 versions. As of GCC 11, this results in the compiler reporting that the output values may be uninitialized. Fix by including the relevant memory output constraints. Reported-by: Christian Hesse <mail@eworm.de> Signed-off-by: Michael Brown <mcb30@ipxe.org>
2021-06-03 13:34:14 +01:00
bigint_t ( dest_size ) __attribute__ (( may_alias )) *dest =
( ( void * ) dest0 );
[crypto] Add big-integer library for RSA calculations RSA requires modular exponentiation using arbitrarily large integers. Given the sizes of the modulus and exponent, all required calculations can be done without any further dynamic storage allocation. The x86 architecture allows for efficient large integer support via inline assembly using the instructions that take advantage of the carry flag (e.g. "adcl", "rcrl"). This implemention is approximately 80% smaller than the (more generic) AXTLS implementation. Signed-off-by: Michael Brown <mcb30@ipxe.org>
2012-03-13 16:35:21 +00:00
long pad_size = ( dest_size - source_size );
void *discard_D;
void *discard_S;
long discard_c;
__asm__ __volatile__ ( "rep movsl\n\t"
"xorl %%eax, %%eax\n\t"
[crypto] Add memory output constraints for big-integer inline assembly The ARM versions of the big-integer inline assembly functions include constraints to indicate that the output value is modified by the assembly code. These constraints are not present in the equivalent code for the x86 versions. As of GCC 11, this results in the compiler reporting that the output values may be uninitialized. Fix by including the relevant memory output constraints. Reported-by: Christian Hesse <mail@eworm.de> Signed-off-by: Michael Brown <mcb30@ipxe.org>
2021-06-03 13:34:14 +01:00
"mov %4, %2\n\t"
[crypto] Add big-integer library for RSA calculations RSA requires modular exponentiation using arbitrarily large integers. Given the sizes of the modulus and exponent, all required calculations can be done without any further dynamic storage allocation. The x86 architecture allows for efficient large integer support via inline assembly using the instructions that take advantage of the carry flag (e.g. "adcl", "rcrl"). This implemention is approximately 80% smaller than the (more generic) AXTLS implementation. Signed-off-by: Michael Brown <mcb30@ipxe.org>
2012-03-13 16:35:21 +00:00
"rep stosl\n\t"
: "=&D" ( discard_D ), "=&S" ( discard_S ),
[crypto] Add memory output constraints for big-integer inline assembly The ARM versions of the big-integer inline assembly functions include constraints to indicate that the output value is modified by the assembly code. These constraints are not present in the equivalent code for the x86 versions. As of GCC 11, this results in the compiler reporting that the output values may be uninitialized. Fix by including the relevant memory output constraints. Reported-by: Christian Hesse <mail@eworm.de> Signed-off-by: Michael Brown <mcb30@ipxe.org>
2021-06-03 13:34:14 +01:00
"=&c" ( discard_c ), "+m" ( *dest )
[crypto] Add big-integer library for RSA calculations RSA requires modular exponentiation using arbitrarily large integers. Given the sizes of the modulus and exponent, all required calculations can be done without any further dynamic storage allocation. The x86 architecture allows for efficient large integer support via inline assembly using the instructions that take advantage of the carry flag (e.g. "adcl", "rcrl"). This implemention is approximately 80% smaller than the (more generic) AXTLS implementation. Signed-off-by: Michael Brown <mcb30@ipxe.org>
2012-03-13 16:35:21 +00:00
: "g" ( pad_size ), "0" ( dest0 ),
"1" ( source0 ), "2" ( source_size )
: "eax" );
}
/**
* Shrink big integer
*
* @v source0 Element 0 of source big integer
* @v source_size Number of elements in source big integer
* @v dest0 Element 0 of destination big integer
* @v dest_size Number of elements in destination big integer
*/
static inline __attribute__ (( always_inline )) void
bigint_shrink_raw ( const uint32_t *source0, unsigned int source_size __unused,
uint32_t *dest0, unsigned int dest_size ) {
[crypto] Add memory output constraints for big-integer inline assembly The ARM versions of the big-integer inline assembly functions include constraints to indicate that the output value is modified by the assembly code. These constraints are not present in the equivalent code for the x86 versions. As of GCC 11, this results in the compiler reporting that the output values may be uninitialized. Fix by including the relevant memory output constraints. Reported-by: Christian Hesse <mail@eworm.de> Signed-off-by: Michael Brown <mcb30@ipxe.org>
2021-06-03 13:34:14 +01:00
bigint_t ( dest_size ) __attribute__ (( may_alias )) *dest =
( ( void * ) dest0 );
[crypto] Add big-integer library for RSA calculations RSA requires modular exponentiation using arbitrarily large integers. Given the sizes of the modulus and exponent, all required calculations can be done without any further dynamic storage allocation. The x86 architecture allows for efficient large integer support via inline assembly using the instructions that take advantage of the carry flag (e.g. "adcl", "rcrl"). This implemention is approximately 80% smaller than the (more generic) AXTLS implementation. Signed-off-by: Michael Brown <mcb30@ipxe.org>
2012-03-13 16:35:21 +00:00
void *discard_D;
void *discard_S;
long discard_c;
__asm__ __volatile__ ( "rep movsl\n\t"
: "=&D" ( discard_D ), "=&S" ( discard_S ),
[crypto] Add memory output constraints for big-integer inline assembly The ARM versions of the big-integer inline assembly functions include constraints to indicate that the output value is modified by the assembly code. These constraints are not present in the equivalent code for the x86 versions. As of GCC 11, this results in the compiler reporting that the output values may be uninitialized. Fix by including the relevant memory output constraints. Reported-by: Christian Hesse <mail@eworm.de> Signed-off-by: Michael Brown <mcb30@ipxe.org>
2021-06-03 13:34:14 +01:00
"=&c" ( discard_c ), "+m" ( *dest )
[crypto] Add big-integer library for RSA calculations RSA requires modular exponentiation using arbitrarily large integers. Given the sizes of the modulus and exponent, all required calculations can be done without any further dynamic storage allocation. The x86 architecture allows for efficient large integer support via inline assembly using the instructions that take advantage of the carry flag (e.g. "adcl", "rcrl"). This implemention is approximately 80% smaller than the (more generic) AXTLS implementation. Signed-off-by: Michael Brown <mcb30@ipxe.org>
2012-03-13 16:35:21 +00:00
: "0" ( dest0 ), "1" ( source0 ),
"2" ( dest_size )
: "eax" );
}
/**
* Finalise big integer
*
* @v value0 Element 0 of big integer to finalise
* @v size Number of elements
* @v out Output buffer
* @v len Length of output buffer
*/
static inline __attribute__ (( always_inline )) void
bigint_done_raw ( const uint32_t *value0, unsigned int size __unused,
void *out, size_t len ) {
[crypto] Add memory output constraints for big-integer inline assembly The ARM versions of the big-integer inline assembly functions include constraints to indicate that the output value is modified by the assembly code. These constraints are not present in the equivalent code for the x86 versions. As of GCC 11, this results in the compiler reporting that the output values may be uninitialized. Fix by including the relevant memory output constraints. Reported-by: Christian Hesse <mail@eworm.de> Signed-off-by: Michael Brown <mcb30@ipxe.org>
2021-06-03 13:34:14 +01:00
struct {
uint8_t bytes[len];
} __attribute__ (( may_alias )) *out_bytes = out;
[crypto] Add big-integer library for RSA calculations RSA requires modular exponentiation using arbitrarily large integers. Given the sizes of the modulus and exponent, all required calculations can be done without any further dynamic storage allocation. The x86 architecture allows for efficient large integer support via inline assembly using the instructions that take advantage of the carry flag (e.g. "adcl", "rcrl"). This implemention is approximately 80% smaller than the (more generic) AXTLS implementation. Signed-off-by: Michael Brown <mcb30@ipxe.org>
2012-03-13 16:35:21 +00:00
void *discard_D;
long discard_c;
/* Copy raw data in reverse order */
__asm__ __volatile__ ( "\n1:\n\t"
[crypto] Add memory output constraints for big-integer inline assembly The ARM versions of the big-integer inline assembly functions include constraints to indicate that the output value is modified by the assembly code. These constraints are not present in the equivalent code for the x86 versions. As of GCC 11, this results in the compiler reporting that the output values may be uninitialized. Fix by including the relevant memory output constraints. Reported-by: Christian Hesse <mail@eworm.de> Signed-off-by: Michael Brown <mcb30@ipxe.org>
2021-06-03 13:34:14 +01:00
"movb -1(%3,%1), %%al\n\t"
[crypto] Add big-integer library for RSA calculations RSA requires modular exponentiation using arbitrarily large integers. Given the sizes of the modulus and exponent, all required calculations can be done without any further dynamic storage allocation. The x86 architecture allows for efficient large integer support via inline assembly using the instructions that take advantage of the carry flag (e.g. "adcl", "rcrl"). This implemention is approximately 80% smaller than the (more generic) AXTLS implementation. Signed-off-by: Michael Brown <mcb30@ipxe.org>
2012-03-13 16:35:21 +00:00
"stosb\n\t"
"loop 1b\n\t"
[crypto] Add memory output constraints for big-integer inline assembly The ARM versions of the big-integer inline assembly functions include constraints to indicate that the output value is modified by the assembly code. These constraints are not present in the equivalent code for the x86 versions. As of GCC 11, this results in the compiler reporting that the output values may be uninitialized. Fix by including the relevant memory output constraints. Reported-by: Christian Hesse <mail@eworm.de> Signed-off-by: Michael Brown <mcb30@ipxe.org>
2021-06-03 13:34:14 +01:00
: "=&D" ( discard_D ), "=&c" ( discard_c ),
"+m" ( *out_bytes )
[crypto] Add big-integer library for RSA calculations RSA requires modular exponentiation using arbitrarily large integers. Given the sizes of the modulus and exponent, all required calculations can be done without any further dynamic storage allocation. The x86 architecture allows for efficient large integer support via inline assembly using the instructions that take advantage of the carry flag (e.g. "adcl", "rcrl"). This implemention is approximately 80% smaller than the (more generic) AXTLS implementation. Signed-off-by: Michael Brown <mcb30@ipxe.org>
2012-03-13 16:35:21 +00:00
: "r" ( value0 ), "0" ( out ), "1" ( len )
: "eax" );
}
extern void bigint_multiply_raw ( const uint32_t *multiplicand0,
const uint32_t *multiplier0,
uint32_t *value0, unsigned int size );
#endif /* _BITS_BIGINT_H */
Reference in New Issue Copy Permalink