1 /* mpn_sec_div_qr, mpn_sec_div_r -- Compute Q = floor(U / V), U = U mod V. 2 Side-channel silent under the assumption that the used instructions are 3 side-channel silent. 4 5 Contributed to the GNU project by Torbjörn Granlund. 6 7 Copyright 2011-2015 Free Software Foundation, Inc. 8 9 This file is part of the GNU MP Library. 10 11 The GNU MP Library is free software; you can redistribute it and/or modify 12 it under the terms of either: 13 14 * the GNU Lesser General Public License as published by the Free 15 Software Foundation; either version 3 of the License, or (at your 16 option) any later version. 17 18 or 19 20 * the GNU General Public License as published by the Free Software 21 Foundation; either version 2 of the License, or (at your option) any 22 later version. 23 24 or both in parallel, as here. 25 26 The GNU MP Library is distributed in the hope that it will be useful, but 27 WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY 28 or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License 29 for more details. 30 31 You should have received copies of the GNU General Public License and the 32 GNU Lesser General Public License along with the GNU MP Library. If not, 33 see https://www.gnu.org/licenses/. */ 34 35 #include "gmp-impl.h" 36 #include "longlong.h" 37 38 #if OPERATION_sec_div_qr 39 #define FNAME mpn_sec_div_qr 40 #define FNAME_itch mpn_sec_div_qr_itch 41 #define Q(q) q, 42 #define RETTYPE mp_limb_t 43 #endif 44 #if OPERATION_sec_div_r 45 #define FNAME mpn_sec_div_r 46 #define FNAME_itch mpn_sec_div_r_itch 47 #define Q(q) 48 #define RETTYPE void 49 #endif 50 51 mp_size_t 52 FNAME_itch (mp_size_t nn, mp_size_t dn) 53 { 54 #if OPERATION_sec_div_qr 55 /* Needs (nn + dn + 1) + mpn_sec_pi1_div_qr's needs of (2nn' - dn + 1) for a 56 total of 3nn + 4 limbs at tp. Note that mpn_sec_pi1_div_qr's nn is one 57 greater than ours, therefore +4 and not just +2. */ 58 return 3 * nn + 4; 59 #endif 60 #if OPERATION_sec_div_r 61 /* Needs (nn + dn + 1) + mpn_sec_pi1_div_r's needs of (dn + 1) for a total of 62 nn + 2dn + 2 limbs at tp. */ 63 return nn + 2 * dn + 2; 64 #endif 65 } 66 67 RETTYPE 68 FNAME (Q(mp_ptr qp) 69 mp_ptr np, mp_size_t nn, 70 mp_srcptr dp, mp_size_t dn, 71 mp_ptr tp) 72 { 73 mp_limb_t d1, d0; 74 unsigned int cnt; 75 mp_limb_t inv32; 76 77 ASSERT (dn >= 1); 78 ASSERT (nn >= dn); 79 ASSERT (dp[dn - 1] != 0); 80 81 d1 = dp[dn - 1]; 82 count_leading_zeros (cnt, d1); 83 84 if (cnt != 0) 85 { 86 mp_limb_t qh, cy; 87 mp_ptr np2, dp2; 88 dp2 = tp; /* dn limbs */ 89 mpn_lshift (dp2, dp, dn, cnt); 90 91 np2 = tp + dn; /* (nn + 1) limbs */ 92 cy = mpn_lshift (np2, np, nn, cnt); 93 np2[nn++] = cy; 94 95 d0 = dp2[dn - 1]; 96 d0 += (~d0 != 0); 97 invert_limb (inv32, d0); 98 99 /* We add nn + dn to tp here, not nn + 1 + dn, as expected. This is 100 since nn here will have been incremented. */ 101 #if OPERATION_sec_div_qr 102 qh = mpn_sec_pi1_div_qr (np2 + dn, np2, nn, dp2, dn, inv32, tp + nn + dn); 103 ASSERT (qh == 0); /* FIXME: this indicates inefficiency! */ 104 MPN_COPY (qp, np2 + dn, nn - dn - 1); 105 qh = np2[nn - 1]; 106 #else 107 mpn_sec_pi1_div_r (np2, nn, dp2, dn, inv32, tp + nn + dn); 108 #endif 109 110 mpn_rshift (np, np2, dn, cnt); 111 112 #if OPERATION_sec_div_qr 113 return qh; 114 #endif 115 } 116 else 117 { 118 /* FIXME: Consider copying np => np2 here, adding a 0-limb at the top. 119 That would simplify the underlying pi1 function, since then it could 120 assume nn > dn. */ 121 d0 = dp[dn - 1]; 122 d0 += (~d0 != 0); 123 invert_limb (inv32, d0); 124 125 #if OPERATION_sec_div_qr 126 return mpn_sec_pi1_div_qr (qp, np, nn, dp, dn, inv32, tp); 127 #else 128 mpn_sec_pi1_div_r (np, nn, dp, dn, inv32, tp); 129 #endif 130 } 131 } 132