in Simulation/RIoT/Core/RIoTCrypt/ecp.c [1691:1821]
static int ecp_precompute_comb( const mbedtls_ecp_group *grp,
mbedtls_ecp_point T[], const mbedtls_ecp_point *P,
unsigned char w, size_t d,
mbedtls_ecp_restart_ctx *rs_ctx )
{
int ret;
unsigned char i;
size_t j = 0;
const unsigned char T_size = 1U << ( w - 1 );
mbedtls_ecp_point *cur, *TT[COMB_MAX_PRE - 1];
#if defined(MBEDTLS_ECP_RESTARTABLE)
if( rs_ctx != NULL && rs_ctx->rsm != NULL )
{
if( rs_ctx->rsm->state == ecp_rsm_pre_dbl )
goto dbl;
if( rs_ctx->rsm->state == ecp_rsm_pre_norm_dbl )
goto norm_dbl;
if( rs_ctx->rsm->state == ecp_rsm_pre_add )
goto add;
if( rs_ctx->rsm->state == ecp_rsm_pre_norm_add )
goto norm_add;
}
#else
(void) rs_ctx;
#endif
#if defined(MBEDTLS_ECP_RESTARTABLE)
if( rs_ctx != NULL && rs_ctx->rsm != NULL )
{
rs_ctx->rsm->state = ecp_rsm_pre_dbl;
/* initial state for the loop */
rs_ctx->rsm->i = 0;
}
dbl:
#endif
/*
* Set T[0] = P and
* T[2^{l-1}] = 2^{dl} P for l = 1 .. w-1 (this is not the final value)
*/
MBEDTLS_MPI_CHK( mbedtls_ecp_copy( &T[0], P ) );
#if defined(MBEDTLS_ECP_RESTARTABLE)
if( rs_ctx != NULL && rs_ctx->rsm != NULL && rs_ctx->rsm->i != 0 )
j = rs_ctx->rsm->i;
else
#endif
j = 0;
for( ; j < d * ( w - 1 ); j++ )
{
MBEDTLS_ECP_BUDGET( MBEDTLS_ECP_OPS_DBL );
i = 1U << ( j / d );
cur = T + i;
if( j % d == 0 )
MBEDTLS_MPI_CHK( mbedtls_ecp_copy( cur, T + ( i >> 1 ) ) );
MBEDTLS_MPI_CHK( ecp_double_jac( grp, cur, cur ) );
}
#if defined(MBEDTLS_ECP_RESTARTABLE)
if( rs_ctx != NULL && rs_ctx->rsm != NULL )
rs_ctx->rsm->state = ecp_rsm_pre_norm_dbl;
norm_dbl:
#endif
/*
* Normalize current elements in T. As T has holes,
* use an auxiliary array of pointers to elements in T.
*/
j = 0;
for( i = 1; i < T_size; i <<= 1 )
TT[j++] = T + i;
MBEDTLS_ECP_BUDGET( MBEDTLS_ECP_OPS_INV + 6 * j - 2 );
MBEDTLS_MPI_CHK( ecp_normalize_jac_many( grp, TT, j ) );
#if defined(MBEDTLS_ECP_RESTARTABLE)
if( rs_ctx != NULL && rs_ctx->rsm != NULL )
rs_ctx->rsm->state = ecp_rsm_pre_add;
add:
#endif
/*
* Compute the remaining ones using the minimal number of additions
* Be careful to update T[2^l] only after using it!
*/
MBEDTLS_ECP_BUDGET( ( T_size - 1 ) * MBEDTLS_ECP_OPS_ADD );
for( i = 1; i < T_size; i <<= 1 )
{
j = i;
while( j-- )
MBEDTLS_MPI_CHK( ecp_add_mixed( grp, &T[i + j], &T[j], &T[i] ) );
}
#if defined(MBEDTLS_ECP_RESTARTABLE)
if( rs_ctx != NULL && rs_ctx->rsm != NULL )
rs_ctx->rsm->state = ecp_rsm_pre_norm_add;
norm_add:
#endif
/*
* Normalize final elements in T. Even though there are no holes now, we
* still need the auxiliary array for homogeneity with the previous
* call. Also, skip T[0] which is already normalised, being a copy of P.
*/
for( j = 0; j + 1 < T_size; j++ )
TT[j] = T + j + 1;
MBEDTLS_ECP_BUDGET( MBEDTLS_ECP_OPS_INV + 6 * j - 2 );
MBEDTLS_MPI_CHK( ecp_normalize_jac_many( grp, TT, j ) );
cleanup:
#if defined(MBEDTLS_ECP_RESTARTABLE)
if( rs_ctx != NULL && rs_ctx->rsm != NULL &&
ret == MBEDTLS_ERR_ECP_IN_PROGRESS )
{
if( rs_ctx->rsm->state == ecp_rsm_pre_dbl )
rs_ctx->rsm->i = j;
}
#endif
return( ret );
}