libtom
diff --git a/‎TODO‎ b/‎TODO‎
diff --git a/‎changes.txt‎
Lines changed: 9 additions & 0 deletions b/‎changes.txt‎
Lines changed: 9 additions & 0 deletions
diff --git a/‎comba_mont_gen.c‎
Lines changed: 3 additions & 3 deletions b/‎comba_mont_gen.c‎
Lines changed: 3 additions & 3 deletions
diff --git a/‎comba_mult_gen.c‎
Lines changed: 2 additions & 2 deletions b/‎comba_mult_gen.c‎
Lines changed: 2 additions & 2 deletions
diff --git a/‎comba_sqr_gen.c‎
Lines changed: 3 additions & 8 deletions b/‎comba_sqr_gen.c‎
Lines changed: 3 additions & 8 deletions
diff --git a/‎demo/test.c‎
Lines changed: 202 additions & 9 deletions b/‎demo/test.c‎
Lines changed: 202 additions & 9 deletions
diff --git a/‎doc/tfm.pdf‎
3.84 KB b/‎doc/tfm.pdf‎
3.84 KB
diff --git a/‎fp_ident.c‎
Lines changed: 19 additions & 0 deletions b/‎fp_ident.c‎
Lines changed: 19 additions & 0 deletions
@@ -1,3 +1,12 @@
+November 1st, 2006
+0.10 -- Unrolled Montgomery for 1..16 digits with TFM_SMALL_MONT_SET between 10% and 25% speedup depending on size.
+     -- fixed fp_sqr_comba.c so it builds in ISO C mode [Andreas Lange]
+     -- [email protected] pointed out fp_radix_size() had a few typos that affected correctness.  Fixed.
+     -- Added support for ECC performance, e.g. define "-DTFM_ALREADY_SET -DTFM_ECC192" and it will disable
+        all of the unrolled code EXCEPT what is required for ECC P-192.  It autodetects 32/64-bit platforms too.  It's super neato.
+        Support for 192, 224, 256, 384 and 521 bit curves through the defines [see tfm.h]
+     -- AVR32 support added, define TFM_AVR32 to enable
+
 April 4th, 2006
 0.09 -- Bruce Guenter suggested I use --tag=CC for libtool builds where the compiler may think it's C++.
      -- Added support for k=1 in exptmod for RSA exponents.  Makes it more competitive with other libraries
 
@@ -5,7 +5,7 @@ int main(void)
    int x, y, z;
 
 printf(
-#if 0
+#if 1
 "#ifdef TFM_SMALL_SET\n"
 "/* computes x/R == x (mod N) via Montgomery Reduction */\n"
 "void fp_montgomery_reduce_small(fp_int *a, fp_int *m, fp_digit mp)\n"
@@ -34,7 +34,7 @@ printf(
 "\n"
 "   switch (pa) {\n");
 
-for (x = 1; x <= 64; x++) {
+for (x = 1; x <= 16; x++) {
 if (x > 16 && (x != 32 && x != 48 && x != 64)) continue;
 if (x > 16) printf("#ifdef TFM_HUGE\n");
 
@@ -99,7 +99,7 @@ if (x > 16) printf("#endif /* TFM_HUGE */\n");
 
 }
 
-#if 0
+#if 1
 
 printf(
 "  }\n"
 
@@ -26,7 +26,7 @@ printf(
 "   memcpy(at+%d, B->dp, %d * sizeof(fp_digit));\n"
 "   COMBA_START;\n"
 "\n"
-"   COMBA_CLEAR;\n", N, N+N, N, N, N, N);
+"   COMBA_CLEAR;\n", N, N+N, N, N, N);
 
    /* now do the rows */
    for (x = 0; x < (N+N-1); x++) {
@@ -53,7 +53,7 @@ printf(
 "   C->sign = A->sign ^ B->sign;\n"
 "   fp_clamp(C);\n"
 "   COMBA_FINI;\n"
-"}\n\n\n", N+N-1, N+N, N+N);
+"}\n\n\n", N+N-1, N+N);
 
   return 0;
 }
 
@@ -8,18 +8,15 @@
  * Tom St Denis, [email protected]
  */
 
-/* Generates squaring comba code... it learns it knows our secrets! */
 #include <stdio.h>
 
 int main(int argc, char **argv)
 {
    int x, y, z, N, f;
    N = atoi(argv[1]);
 
-if (N >= 16 && N < 32) printf("#ifdef TFM_LARGE\n");
-if (N >= 32) printf("#ifdef TFM_HUGE\n");
-
 printf(
+"#ifdef TFM_SQR%d\n"
 "void fp_sqr_comba%d(fp_int *A, fp_int *B)\n"
 "{\n"
 "   fp_digit *a, b[%d], c0, c1, c2, sc0, sc1, sc2;\n"
@@ -32,7 +29,7 @@ printf(
 "\n"
 "   /* output 0 */\n"
 "   SQRADD(a[0],a[0]);\n"
-"   COMBA_STORE(b[0]);\n", N, N+N);
+"   COMBA_STORE(b[0]);\n", N, N, N+N);
 
    for (x = 1; x < N+N-1; x++) {
 printf(
@@ -94,9 +91,7 @@ printf(
 "   B->sign = FP_ZPOS;\n"
 "   memcpy(B->dp, b, %d * sizeof(fp_digit));\n"
 "   fp_clamp(B);\n"
-"}\n\n\n", N+N, N+N);
-
-if (N >= 16) printf("#endif\n");
+"}\n#endif\n\n\n", N+N, N+N);
 
   return 0;
 }
 
@@ -34,6 +34,13 @@ static ulong64 TIMFUNC (void)
          unsigned long a, b;
          __asm__ __volatile__ ("mftbu %1 \nmftb %0\n":"=r"(a), "=r"(b));
          return (((ulong64)b) << 32ULL) | ((ulong64)a);
+      #elif defined(TFM_AVR32) 
+	 FILE *in;
+         char buf[20];
+	 in = fopen("/sys/devices/system/cpu/cpu0/pccycles", "r");
+	 fgets(buf, 20, in);
+	 fclose(in);
+	 return strtoul(buf, NULL, 10);
       #else /* gcc-IA64 version */
          unsigned long result;
          __asm__ __volatile__("mov %0=ar.itc" : "=r"(result) :: "memory");
@@ -213,7 +220,7 @@ t1 = TIMFUNC();
 sleep(1);
 printf("Ticks per second: %llu\n", TIMFUNC() - t1);
 
-goto monttime;
+goto multtime;
  /* do some timings... */
   printf("Addition:\n");
   for (t = 2; t <= FP_SIZE/2; t += 2) {
@@ -240,7 +247,7 @@ goto monttime;
   }
 multtime:
   printf("Multiplication:\n");
-  for (t = 2; t <= FP_SIZE/2; t += 2) {
+  for (t = 2; t < FP_SIZE/2; t += 2) {
       fp_zero(&a);
       fp_zero(&b);
       fp_zero(&c);
@@ -251,31 +258,155 @@ goto monttime;
       a.used = t;
       b.used = t;
       t2 = -1;
-      for (ix = 0; ix < 10000; ++ix) {
+      for (ix = 0; ix < 100; ++ix) {
           t1 = TIMFUNC();
           fp_mul(&a, &b, &c); fp_mul(&a, &b, &c);
           fp_mul(&a, &b, &c); fp_mul(&a, &b, &c);
-          t2 = (TIMFUNC() - t1)>>2;
+          fp_mul(&a, &b, &c); fp_mul(&a, &b, &c);
+          fp_mul(&a, &b, &c); fp_mul(&a, &b, &c);
+          fp_mul(&a, &b, &c); fp_mul(&a, &b, &c);
+          fp_mul(&a, &b, &c); fp_mul(&a, &b, &c);
+          fp_mul(&a, &b, &c); fp_mul(&a, &b, &c);
+          fp_mul(&a, &b, &c); fp_mul(&a, &b, &c);
+          fp_mul(&a, &b, &c); fp_mul(&a, &b, &c);
+          fp_mul(&a, &b, &c); fp_mul(&a, &b, &c);
+          fp_mul(&a, &b, &c); fp_mul(&a, &b, &c);
+          fp_mul(&a, &b, &c); fp_mul(&a, &b, &c);
+          fp_mul(&a, &b, &c); fp_mul(&a, &b, &c);
+          fp_mul(&a, &b, &c); fp_mul(&a, &b, &c);
+          fp_mul(&a, &b, &c); fp_mul(&a, &b, &c);
+          fp_mul(&a, &b, &c); fp_mul(&a, &b, &c);
+          fp_mul(&a, &b, &c); fp_mul(&a, &b, &c);
+          fp_mul(&a, &b, &c); fp_mul(&a, &b, &c);
+          fp_mul(&a, &b, &c); fp_mul(&a, &b, &c);
+          fp_mul(&a, &b, &c); fp_mul(&a, &b, &c);
+          fp_mul(&a, &b, &c); fp_mul(&a, &b, &c);
+          fp_mul(&a, &b, &c); fp_mul(&a, &b, &c);
+          fp_mul(&a, &b, &c); fp_mul(&a, &b, &c);
+          fp_mul(&a, &b, &c); fp_mul(&a, &b, &c);
+          fp_mul(&a, &b, &c); fp_mul(&a, &b, &c);
+          fp_mul(&a, &b, &c); fp_mul(&a, &b, &c);
+          fp_mul(&a, &b, &c); fp_mul(&a, &b, &c);
+          fp_mul(&a, &b, &c); fp_mul(&a, &b, &c);
+          fp_mul(&a, &b, &c); fp_mul(&a, &b, &c);
+          fp_mul(&a, &b, &c); fp_mul(&a, &b, &c);
+          fp_mul(&a, &b, &c); fp_mul(&a, &b, &c);
+          fp_mul(&a, &b, &c); fp_mul(&a, &b, &c);
+          fp_mul(&a, &b, &c); fp_mul(&a, &b, &c);
+          fp_mul(&a, &b, &c); fp_mul(&a, &b, &c);
+          fp_mul(&a, &b, &c); fp_mul(&a, &b, &c);
+          fp_mul(&a, &b, &c); fp_mul(&a, &b, &c);
+          fp_mul(&a, &b, &c); fp_mul(&a, &b, &c);
+          fp_mul(&a, &b, &c); fp_mul(&a, &b, &c);
+          fp_mul(&a, &b, &c); fp_mul(&a, &b, &c);
+          fp_mul(&a, &b, &c); fp_mul(&a, &b, &c);
+          fp_mul(&a, &b, &c); fp_mul(&a, &b, &c);
+          fp_mul(&a, &b, &c); fp_mul(&a, &b, &c);
+          fp_mul(&a, &b, &c); fp_mul(&a, &b, &c);
+          fp_mul(&a, &b, &c); fp_mul(&a, &b, &c);
+          fp_mul(&a, &b, &c); fp_mul(&a, &b, &c);
+          fp_mul(&a, &b, &c); fp_mul(&a, &b, &c);
+          fp_mul(&a, &b, &c); fp_mul(&a, &b, &c);
+          fp_mul(&a, &b, &c); fp_mul(&a, &b, &c);
+          fp_mul(&a, &b, &c); fp_mul(&a, &b, &c);
+          fp_mul(&a, &b, &c); fp_mul(&a, &b, &c);
+          fp_mul(&a, &b, &c); fp_mul(&a, &b, &c);
+          fp_mul(&a, &b, &c); fp_mul(&a, &b, &c);
+          fp_mul(&a, &b, &c); fp_mul(&a, &b, &c);
+          fp_mul(&a, &b, &c); fp_mul(&a, &b, &c);
+          fp_mul(&a, &b, &c); fp_mul(&a, &b, &c);
+          fp_mul(&a, &b, &c); fp_mul(&a, &b, &c);
+          fp_mul(&a, &b, &c); fp_mul(&a, &b, &c);
+          fp_mul(&a, &b, &c); fp_mul(&a, &b, &c);
+          fp_mul(&a, &b, &c); fp_mul(&a, &b, &c);
+          fp_mul(&a, &b, &c); fp_mul(&a, &b, &c);
+          fp_mul(&a, &b, &c); fp_mul(&a, &b, &c);
+          fp_mul(&a, &b, &c); fp_mul(&a, &b, &c);
+          fp_mul(&a, &b, &c); fp_mul(&a, &b, &c);
+          fp_mul(&a, &b, &c); fp_mul(&a, &b, &c);
+          t2 = (TIMFUNC() - t1)>>7;
           if (t1<t2) { --ix; t2 = t1; }
       }
       printf("%5lu-bit: %9llu\n", t * DIGIT_BIT, t2);
   }
 //#else
 sqrtime:
   printf("Squaring:\n");
-  for (t = 2; t <= FP_SIZE/2; t += 2) {
+  for (t = 2; t < FP_SIZE/2; t += 2) {
       fp_zero(&a);
       fp_zero(&b);
       for (ix = 0; ix < t; ix++) {
           a.dp[ix] = ix;
       }
       a.used = t;
       t2 = -1;
-      for (ix = 0; ix < 10000; ++ix) {
+      for (ix = 0; ix < 100; ++ix) {
           t1 = TIMFUNC();
           fp_sqr(&a, &b); fp_sqr(&a, &b);
           fp_sqr(&a, &b); fp_sqr(&a, &b);
-          t2 = (TIMFUNC() - t1)>>2;
+          fp_sqr(&a, &b); fp_sqr(&a, &b);
+          fp_sqr(&a, &b); fp_sqr(&a, &b);
+          fp_sqr(&a, &b); fp_sqr(&a, &b);
+          fp_sqr(&a, &b); fp_sqr(&a, &b);
+          fp_sqr(&a, &b); fp_sqr(&a, &b);
+          fp_sqr(&a, &b); fp_sqr(&a, &b);
+          fp_sqr(&a, &b); fp_sqr(&a, &b);
+          fp_sqr(&a, &b); fp_sqr(&a, &b);
+          fp_sqr(&a, &b); fp_sqr(&a, &b);
+          fp_sqr(&a, &b); fp_sqr(&a, &b);
+          fp_sqr(&a, &b); fp_sqr(&a, &b);
+          fp_sqr(&a, &b); fp_sqr(&a, &b);
+          fp_sqr(&a, &b); fp_sqr(&a, &b);
+          fp_sqr(&a, &b); fp_sqr(&a, &b);
+          fp_sqr(&a, &b); fp_sqr(&a, &b);
+          fp_sqr(&a, &b); fp_sqr(&a, &b);
+          fp_sqr(&a, &b); fp_sqr(&a, &b);
+          fp_sqr(&a, &b); fp_sqr(&a, &b);
+          fp_sqr(&a, &b); fp_sqr(&a, &b);
+          fp_sqr(&a, &b); fp_sqr(&a, &b);
+          fp_sqr(&a, &b); fp_sqr(&a, &b);
+          fp_sqr(&a, &b); fp_sqr(&a, &b);
+          fp_sqr(&a, &b); fp_sqr(&a, &b);
+          fp_sqr(&a, &b); fp_sqr(&a, &b);
+          fp_sqr(&a, &b); fp_sqr(&a, &b);
+          fp_sqr(&a, &b); fp_sqr(&a, &b);
+          fp_sqr(&a, &b); fp_sqr(&a, &b);
+          fp_sqr(&a, &b); fp_sqr(&a, &b);
+          fp_sqr(&a, &b); fp_sqr(&a, &b);
+          fp_sqr(&a, &b); fp_sqr(&a, &b);
+          fp_sqr(&a, &b); fp_sqr(&a, &b);
+          fp_sqr(&a, &b); fp_sqr(&a, &b);
+          fp_sqr(&a, &b); fp_sqr(&a, &b);
+          fp_sqr(&a, &b); fp_sqr(&a, &b);
+          fp_sqr(&a, &b); fp_sqr(&a, &b);
+          fp_sqr(&a, &b); fp_sqr(&a, &b);
+          fp_sqr(&a, &b); fp_sqr(&a, &b);
+          fp_sqr(&a, &b); fp_sqr(&a, &b);
+          fp_sqr(&a, &b); fp_sqr(&a, &b);
+          fp_sqr(&a, &b); fp_sqr(&a, &b);
+          fp_sqr(&a, &b); fp_sqr(&a, &b);
+          fp_sqr(&a, &b); fp_sqr(&a, &b);
+          fp_sqr(&a, &b); fp_sqr(&a, &b);
+          fp_sqr(&a, &b); fp_sqr(&a, &b);
+          fp_sqr(&a, &b); fp_sqr(&a, &b);
+          fp_sqr(&a, &b); fp_sqr(&a, &b);
+          fp_sqr(&a, &b); fp_sqr(&a, &b);
+          fp_sqr(&a, &b); fp_sqr(&a, &b);
+          fp_sqr(&a, &b); fp_sqr(&a, &b);
+          fp_sqr(&a, &b); fp_sqr(&a, &b);
+          fp_sqr(&a, &b); fp_sqr(&a, &b);
+          fp_sqr(&a, &b); fp_sqr(&a, &b);
+          fp_sqr(&a, &b); fp_sqr(&a, &b);
+          fp_sqr(&a, &b); fp_sqr(&a, &b);
+          fp_sqr(&a, &b); fp_sqr(&a, &b);
+          fp_sqr(&a, &b); fp_sqr(&a, &b);
+          fp_sqr(&a, &b); fp_sqr(&a, &b);
+          fp_sqr(&a, &b); fp_sqr(&a, &b);
+          fp_sqr(&a, &b); fp_sqr(&a, &b);
+          fp_sqr(&a, &b); fp_sqr(&a, &b);
+          fp_sqr(&a, &b); fp_sqr(&a, &b);
+          fp_sqr(&a, &b); fp_sqr(&a, &b);
+          t2 = (TIMFUNC() - t1)>>7;
           if (t1<t2) { --ix; t2 = t1; }
       }
       printf("%5lu-bit: %9llu\n", t * DIGIT_BIT, t2);
@@ -298,11 +429,73 @@ goto monttime;
      fp_copy(&b, &d);      
 
      t2 = -1;
-     for (ix = 0; ix < 10000; ++ix) {
+     for (ix = 0; ix < 100; ++ix) {
           t1 = TIMFUNC();
           fp_montgomery_reduce(&c, &a, &fp);
           fp_montgomery_reduce(&d, &a, &fp);
-          t2 = (TIMFUNC() - t1)>>1;
+          fp_montgomery_reduce(&c, &a, &fp);
+          fp_montgomery_reduce(&d, &a, &fp);
+          fp_montgomery_reduce(&c, &a, &fp);
+          fp_montgomery_reduce(&d, &a, &fp);
+          fp_montgomery_reduce(&c, &a, &fp);
+          fp_montgomery_reduce(&d, &a, &fp);
+          fp_montgomery_reduce(&c, &a, &fp);
+          fp_montgomery_reduce(&d, &a, &fp);
+          fp_montgomery_reduce(&c, &a, &fp);
+          fp_montgomery_reduce(&d, &a, &fp);
+          fp_montgomery_reduce(&c, &a, &fp);
+          fp_montgomery_reduce(&d, &a, &fp);
+          fp_montgomery_reduce(&c, &a, &fp);
+          fp_montgomery_reduce(&d, &a, &fp);
+          fp_montgomery_reduce(&c, &a, &fp);
+          fp_montgomery_reduce(&d, &a, &fp);
+          fp_montgomery_reduce(&c, &a, &fp);
+          fp_montgomery_reduce(&d, &a, &fp);
+          fp_montgomery_reduce(&c, &a, &fp);
+          fp_montgomery_reduce(&d, &a, &fp);
+          fp_montgomery_reduce(&c, &a, &fp);
+          fp_montgomery_reduce(&d, &a, &fp);
+          fp_montgomery_reduce(&c, &a, &fp);
+          fp_montgomery_reduce(&d, &a, &fp);
+          fp_montgomery_reduce(&c, &a, &fp);
+          fp_montgomery_reduce(&d, &a, &fp);
+          fp_montgomery_reduce(&c, &a, &fp);
+          fp_montgomery_reduce(&d, &a, &fp);
+          fp_montgomery_reduce(&c, &a, &fp);
+          fp_montgomery_reduce(&d, &a, &fp);
+          fp_montgomery_reduce(&c, &a, &fp);
+          fp_montgomery_reduce(&d, &a, &fp);
+          fp_montgomery_reduce(&c, &a, &fp);
+          fp_montgomery_reduce(&d, &a, &fp);
+          fp_montgomery_reduce(&c, &a, &fp);
+          fp_montgomery_reduce(&d, &a, &fp);
+          fp_montgomery_reduce(&c, &a, &fp);
+          fp_montgomery_reduce(&d, &a, &fp);
+          fp_montgomery_reduce(&c, &a, &fp);
+          fp_montgomery_reduce(&d, &a, &fp);
+          fp_montgomery_reduce(&c, &a, &fp);
+          fp_montgomery_reduce(&d, &a, &fp);
+          fp_montgomery_reduce(&c, &a, &fp);
+          fp_montgomery_reduce(&d, &a, &fp);
+          fp_montgomery_reduce(&c, &a, &fp);
+          fp_montgomery_reduce(&d, &a, &fp);
+          fp_montgomery_reduce(&c, &a, &fp);
+          fp_montgomery_reduce(&d, &a, &fp);
+          fp_montgomery_reduce(&c, &a, &fp);
+          fp_montgomery_reduce(&d, &a, &fp);
+          fp_montgomery_reduce(&c, &a, &fp);
+          fp_montgomery_reduce(&d, &a, &fp);
+          fp_montgomery_reduce(&c, &a, &fp);
+          fp_montgomery_reduce(&d, &a, &fp);
+          fp_montgomery_reduce(&c, &a, &fp);
+          fp_montgomery_reduce(&d, &a, &fp);
+          fp_montgomery_reduce(&c, &a, &fp);
+          fp_montgomery_reduce(&d, &a, &fp);
+          fp_montgomery_reduce(&c, &a, &fp);
+          fp_montgomery_reduce(&d, &a, &fp);
+          fp_montgomery_reduce(&c, &a, &fp);
+          fp_montgomery_reduce(&d, &a, &fp);
+          t2 = (TIMFUNC() - t1)>>6;
           fp_copy(&b, &c);      
           fp_copy(&b, &d);      
           if (t1<t2) { --ix; t2 = t1; }
 
@@ -42,6 +42,25 @@ const char *fp_ident(void)
 #ifdef TFM_ARM
 " TFM_ARM "
 #endif
+#ifdef TFM_PPC32
+" TFM_PPC32 "
+#endif
+#ifdef TFM_AVR32
+" TFM_AVR32 "
+#endif
+#ifdef TFM_ECC192
+" TFM_ECC192 "
+#endif
+#ifdef TFM_ECC224
+" TFM_ECC224 "
+#endif
+#ifdef TFM_ECC384
+" TFM_ECC384 "
+#endif
+#ifdef TFM_ECC521
+" TFM_ECC521 "
+#endif
+
 #ifdef TFM_NO_ASM
 " TFM_NO_ASM "
 #endif