36 static void subtract_modulus(const struct rsa_public_key *key, uint32_t num[])  in subtract_modulus()  argument
41 	for (i = 0; i < key->len; i++) {  in subtract_modulus()
42 		acc += (uint64_t)num[i] - key->modulus[i];  in subtract_modulus()
55 static int greater_equal_modulus(const struct rsa_public_key *key,  in greater_equal_modulus()  argument
60 	for (i = (int)key->len - 1; i >= 0; i--) {  in greater_equal_modulus()
61 		if (num[i] < key->modulus[i])  in greater_equal_modulus()
63 		if (num[i] > key->modulus[i])  in greater_equal_modulus()
80 static void montgomery_mul_add_step(const struct rsa_public_key *key,  in montgomery_mul_add_step()  argument
88 	d0 = (uint32_t)acc_a * key->n0inv;  in montgomery_mul_add_step()
89 	acc_b = (uint64_t)d0 * key->modulus[0] + (uint32_t)acc_a;  in montgomery_mul_add_step()
90 	for (i = 1; i < key->len; i++) {  in montgomery_mul_add_step()
92 		acc_b = (acc_b >> 32) + (uint64_t)d0 * key->modulus[i] +  in montgomery_mul_add_step()
102 		subtract_modulus(key, result);  in montgomery_mul_add_step()
115 static void montgomery_mul(const struct rsa_public_key *key,  in montgomery_mul()  argument
120 	for (i = 0; i < key->len; ++i)  in montgomery_mul()
122 	for (i = 0; i < key->len; ++i)  in montgomery_mul()
123 		montgomery_mul_add_step(key, result, a[i], b);  in montgomery_mul()
132 static int num_public_exponent_bits(const struct rsa_public_key *key,  in num_public_exponent_bits()  argument
139 	exponent = key->exponent;  in num_public_exponent_bits()
162 static int is_public_exponent_bit_set(const struct rsa_public_key *key,  in is_public_exponent_bit_set()  argument
165 	return key->exponent & (1ULL << pos);  in is_public_exponent_bit_set()
174 static int pow_mod(const struct rsa_public_key *key, uint32_t *inout)  in pow_mod()  argument
181 	if (key->len > RSA_MAX_KEY_BITS / 32) {  in pow_mod()
182 		debug("RSA key words %u exceeds maximum %d\n", key->len,  in pow_mod()
187 	uint32_t val[key->len], acc[key->len], tmp[key->len];  in pow_mod()
188 	uint32_t a_scaled[key->len];  in pow_mod()
192 	for (i = 0, ptr = inout + key->len - 1; i < key->len; i++, ptr--)  in pow_mod()
195 	if (0 != num_public_exponent_bits(key, &k))  in pow_mod()
204 	if (!is_public_exponent_bit_set(key, 0)) {  in pow_mod()
210 	montgomery_mul(key, acc, val, key->rr); /* acc = a * RR / R mod n */  in pow_mod()
212 	memcpy(a_scaled, acc, key->len * sizeof(a_scaled[0]));  in pow_mod()
215 		montgomery_mul(key, tmp, acc, acc); /* tmp = acc^2 / R mod n */  in pow_mod()
217 		if (is_public_exponent_bit_set(key, j)) {  in pow_mod()
219 			montgomery_mul(key, acc, tmp, a_scaled);  in pow_mod()
222 			memcpy(acc, tmp, key->len * sizeof(acc[0]));  in pow_mod()
227 	montgomery_mul(key, tmp, acc, acc); /* tmp = acc^2 / R mod n */  in pow_mod()
228 	montgomery_mul(key, acc, tmp, val); /* acc = tmp * a / R mod M */  in pow_mod()
229 	memcpy(result, acc, key->len * sizeof(result[0]));  in pow_mod()
232 	if (greater_equal_modulus(key, result))  in pow_mod()
233 		subtract_modulus(key, result);  in pow_mod()
236 	for (i = key->len - 1, ptr = inout; (int)i >= 0; i--, ptr++)  in pow_mod()
252 	struct rsa_public_key key;  in rsa_mod_exp_sw()  local
259 	key.n0inv = prop->n0inv;  in rsa_mod_exp_sw()
260 	key.len = prop->num_bits;  in rsa_mod_exp_sw()
263 		key.exponent = RSA_DEFAULT_PUBEXP;  in rsa_mod_exp_sw()
265 		key.exponent =  in rsa_mod_exp_sw()
268 	if (!key.len || !prop->modulus || !prop->rr) {  in rsa_mod_exp_sw()
274 	if (key.len > RSA_MAX_KEY_BITS || key.len < RSA_MIN_KEY_BITS) {  in rsa_mod_exp_sw()
276 		      key.len, RSA_MIN_KEY_BITS, RSA_MAX_KEY_BITS);  in rsa_mod_exp_sw()
279 	key.len /= sizeof(uint32_t) * 8;  in rsa_mod_exp_sw()
280 	uint32_t key1[key.len], key2[key.len];  in rsa_mod_exp_sw()
282 	key.modulus = key1;  in rsa_mod_exp_sw()
283 	key.rr = key2;  in rsa_mod_exp_sw()
284 	rsa_convert_big_endian(key.modulus, (uint32_t *)prop->modulus, key.len);  in rsa_mod_exp_sw()
285 	rsa_convert_big_endian(key.rr, (uint32_t *)prop->rr, key.len);  in rsa_mod_exp_sw()
286 	if (!key.modulus || !key.rr) {  in rsa_mod_exp_sw()
295 	ret = pow_mod(&key, buf);  in rsa_mod_exp_sw()
320 	struct rsa_public_key *key;  in zynq_pow_mod()  local
323 	key = (struct rsa_public_key *)keyptr;  in zynq_pow_mod()
326 	if (key->len > RSA_MAX_KEY_BITS / 32) {  in zynq_pow_mod()
327 		debug("RSA key words %u exceeds maximum %d\n", key->len,  in zynq_pow_mod()
334 	for (i = 0, ptr = inout; i < key->len; i++, ptr++)  in zynq_pow_mod()
337 	montgomery_mul(key, acc, val, key->rr);  /* axx = a * RR / R mod M */  in zynq_pow_mod()
339 		montgomery_mul(key, tmp, acc, acc); /* tmp = acc^2 / R mod M */  in zynq_pow_mod()
340 		montgomery_mul(key, acc, tmp, tmp); /* acc = tmp^2 / R mod M */  in zynq_pow_mod()
342 	montgomery_mul(key, result, acc, val);  /* result = XX * a / R mod M */  in zynq_pow_mod()
345 	if (greater_equal_modulus(key, result))  in zynq_pow_mod()
346 		subtract_modulus(key, result);  in zynq_pow_mod()
348 	for (i = 0, ptr = inout; i < key->len; i++, ptr++)  in zynq_pow_mod()