TeaSpeak/tomcrypt
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

added libtomcrypt-0.81

Browse Source
This commit is contained in:
Tom St Denis 2003-03-03 01:03:50 +00:00 committed by Steffen Jaeckel
parent b8b6e1ad58
commit 0f999a4e9e
27 changed files with 8697 additions and 10488 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
authors
View File

@ -26,6 +26,9 @@ tomstdenis@yahoo.com.
6) Clay Culver
Submitted a fix for "rsa.c" which cleaned up some code. Submited some other fixes too. :-)
Clay has helped find bugs in various pieces of code including the registry functions, base64 routines
and the make process. He is also now the primary author of the libtomcrypt reference manual and has plan
at making a HTML version.
7) Jason Klapste
@ -39,10 +42,14 @@ yarrow code can now default to any cipher/hash that is left after you remove the
9) Wayne Scott (wscott@bitmover.com)
Submitted base64 that complies with the RFC standards.
Submitted base64 that complies with the RFC standards. Submitted some ideas to improve the RSA key generation
as well.
10) Sky Schulz (sky@ogn.com)
Has submitted a set of ideas to improve the library and make it more attractive for professional users.
11) Mike Frysinger
Together with Clay came up with a more "unix friendly" makefile. Mike Frysinger has been keeping copies of
the library for the Gentoo linux distribution.

13
changes
View File

@ -1,3 +1,16 @@
Jan 16th, 2003
v0.81 -- Merged in new makefile from Clay Culver and Mike Frysinger
-- Sped up the ECC mulmod() routine by making the word size adapt to the input. Saves a whopping 9 point
operations on 521-bit keys now (translates to about 8ms on my Athlon XP). I also now use barrett reduction
as much as possible. This sped the routine up quite a bit.
-- Fixed a huge flaw in ecc_verify_hash() where it would return CRYPT_OK on error... Now fixed.
-- Fixed up config.pl by fixing an invalid query and the file is saved in non-windows [e.g. not CR/LF] format
(fix due to Mika Boström)
-- Merged in LibTomMath for kicks
-- Changed the build process so that by default "mycrypt_custom.h" is included and provided
The makefile doesn't include any build options anymore
-- Removed the PS2 and VC makefiles.
Dec 16th, 2002
v0.80 -- Found a change I made to the MPI that is questionable. Not quite a bug but definately not desired. Had todo
with the digit shifting. In v0.79 I simply truncated without zeroing. It didn't cause problems during my

324
config.pl
View File

@ -1,162 +1,162 @@
#!/usr/bin/perl
#
# Generates a makefile based on user input
#
# Tom St Denis, tomstdenis@yahoo.com, http://tom.iahu.ca
@settings = (
"CC,Compiler,gcc",
"AR,Archiver,ar",
"LD,Linker,ld",
"CFLAGS,Optimizations,-Os",
"CFLAGS,Warnings,-Wall -Wsign-compare -W -Wno-unused -Werror",
"CFLAGS,Include Paths,-I./",
"CFLAGS,Other compiler options,",
"CFLAGS,XMALLOC,-DXMALLOC=malloc",
"CFLAGS,XREALLOC,-DXREALLOC=realloc",
"CFLAGS,XCALLOC,-DXCALLOC=calloc",
"CFLAGS,XFREE,-DXFREE=free",
"CFLAGS,XCLOCK,-DXCLOCK=clock",
"CFLAGS,XCLOCKS_PER_SEC,-DXCLOCKS_PER_SEC=CLOCKS_PER_SEC",
);
@opts = (
"SMALL_CODE,Use small code where possible (slower code),y",
"NO_FILE,Avoid file I/O calls,n",
"CLEAN_STACK,Clean the stack within functions,n",
"BLOWFISH,Include Blowfish block cipher,y",
"RC2,Include RC2 block cipher,y",
"RC5,Include RC5 block cipher,y",
"RC6,Include RC6 block cipher,y",
"SERPENT,Include Serpent block cipher,y",
"SAFERP,Include Safer+ block cipher,y",
"SAFER,Include Safer-64 block ciphers,y",
"RIJNDAEL,Include Rijndael (AES) block cipher,y",
"XTEA,Include XTEA block cipher,y",
"TWOFISH,Include Twofish block cipher,y",
"TWOFISH_SMALL,Include Use a low ram variant of Twofish,n",
"TWOFISH_TABLES,Include Use precomputed tables to speed up the low-ram variant,n",
"DES,Include DES and 3DES block ciphers,y",
"CAST5,Include CAST5 (aka CAST-128) block cipher,y",
"NOEKEON,Include Noekeon block cipher,y",
"CFB,Include CFB block mode of operation,y",
"OFB,Include OFB block mode of operation,y",
"ECB,Include ECB block mode of operation,y",
"CBC,Include CBC block mode of operation,y",
"CTR,Include CTR block mode of operation,y",
"SHA512,Include SHA512 one-way hash,y",
"SHA384,Include SHA384 one-way hash (requires SHA512),y",
"SHA256,Include SHA256 one-way hash,y",
"TIGER,Include TIGER one-way hash,y",
"SHA1,Include SHA1 one-way hash,y",
"MD5,Include MD5 one-way hash,y",
"MD4,Include MD4 one-way hash,y",
"MD2,Include MD2 one-way hash,y",
"HMAC,Include Hash based Message Authentication Support,y",
"BASE64,Include Base64 encoding support,y",
"YARROW,Include Yarrow PRNG,y",
"SPRNG,Include Secure PRNG base on RNG code,y",
"RC4,Include RC4 PRNG,y",
"DEVRANDOM,Use /dev/random or /dev/urandom if available?,y",
"TRY_URANDOM_FIRST,Try /dev/urandom before /dev/random?,n",
"MRSA,Include RSA public key support,y",
"MDH,Include Diffie-Hellman (over Z/pZ) public key support,y",
"MECC,Include Eliptic Curve public key crypto support,y",
"KR,Include Keyring support (groups all three PK systems),y",
"DH768,768-bit DH key support,y",
"DH1024,1024-bit DH key support,y",
"DH1280,1280-bit DH key support,y",
"DH1536,1280-bit DH key support,y",
"DH1792,1792-bit DH key support,y",
"DH2048,2048-bit DH key support,y",
"DH2560,2560-bit DH key support,y",
"DH3072,3072-bit DH key support,y",
"DH4096,4096-bit DH key support,y",
"ECC160,160-bit ECC key support,y",
"ECC192,192-bit ECC key support,y",
"ECC224,224-bit ECC key support,y",
"ECC256,256-bit ECC key support,y",
"ECC384,384-bit ECC key support,y",
"ECC521,521-bit ECC key support,y",
"GF,Include GF(2^w) math support (not used internally),n",
"MPI,Include MPI big integer math support (required by the public key code),y",
"MPI_FASTEXPT,Use the faster exponentiation code (uses some heap but is faster),y",
"MPI_FASTEXPT_LOWMEM,Use the low ram variant of the fast code\nRequires the fast code to enabled,n",
);
# scan for switches and make variables
for (@settings) {
@m = split(",", $_);
print "@m[1]: [@m[2]] ";
$r = <>; $r = @m[2] if ($r eq "\n");
chomp($r);
@vars{@m[0]} = @vars{@m[0]} . $r . " ";
}
# scan for build flags
for (@opts) {
@m = split(",", $_);
print "@m[1]: [@m[2]]";
$r = <>; @vars{'CFLAGS'} = @vars{'CFLAGS'} . "-D" . $m[0] . " " if (($r eq "y\n") || ($r eq "\n" && @m[2] eq "y"));
}
# write header
open(OUT,">mycrypt_custom.h");
print OUT "/* This header is meant to be included before mycrypt.h in projects where\n";
print OUT " * you don't want to throw all the defines in a makefile. \n";
print OUT " */\n\n#ifndef MYCRYPT_CUSTOM_H_\n#define MYCRYPT_CUSTOM_H_\n\n#ifdef CRYPT\n\t#error mycrypt_custom.h should be included before mycrypt.h\n#endif\n\n";
@m = split(" ", @vars{'CFLAGS'});
for (@m) {
if ($_ =~ /^-D/) {
$_ =~ s/-D//;
$_ =~ s/=/" "/ge;
print OUT "#define $_\n";
}
}
print OUT "\n\n#include <mycrypt.h>\n\n#endif\n\n";
close OUT;
print "\n\nmycrypt_custom.h generated.\n";
open(OUT,">makefile.out");
print OUT "#makefile generated with config.pl\n#\n#Tom St Denis (tomstdenis\@yahoo.com, http://tom.iahu.ca) \n\n";
# output unique vars first
for (@settings) {
@m = split(",", $_);
print OUT "@m[0] = @vars{@m[0]}\n" if (@vars{@m[0]} ne "" && @m[0] ne "CFLAGS");
print OUT "CFLAGS += @vars{@m[0]}\n" if (@vars{@m[0]} ne "" && @m[0] eq "CFLAGS");
@vars{@m[0]} = "";
}
# output objects
print OUT "\ndefault: library\n\n";
print OUT "OBJECTS = keyring.o gf.o mem.o sprng.o ecc.o base64.o dh.o rsa.o bits.o yarrow.o cfb.o ofb.o ecb.o ctr.o cbc.o hash.o tiger.o sha1.o md5.o md4.o md2.o sha256.o sha512.o xtea.o aes.o serpent.o des.o safer_tab.o safer.o safer+.o rc4.o rc2.o rc6.o rc5.o cast5.o noekeon.o blowfish.o crypt.o ampi.o mpi.o prime.o twofish.o packet.o hmac.o strings.o\n\n";
# some depends
print OUT "rsa.o: rsa_sys.c\ndh.o: dh_sys.c\necc.o: ecc_sys.c\n\n";
# targets
print OUT "library: \$(OBJECTS)\n\t \$(AR) r libtomcrypt.a \$(OBJECTS)\n\t ranlib libtomcrypt.a\n\n";
print OUT "clean:\n\trm -f \$(OBJECTS) libtomcrypt.a \n\n";
close OUT;
print "makefile.out generated.\n";
print "\nNow use makefile.out to build the library, e.g. `make -f makefile.out'\n";
print "In your project just include mycrypt_custom.h (you don't have to include mycrypt.h \n";
print "but if you do make sure mycrypt_custom.h appears first) your settings should be intact.\n";
#!/usr/bin/perl
#
# Generates a makefile based on user input
#
# Tom St Denis, tomstdenis@yahoo.com, http://tom.iahu.ca
@settings = (
"CC,Compiler,gcc",
"AR,Archiver,ar",
"LD,Linker,ld",
"CFLAGS,Optimizations,-Os",
"CFLAGS,Warnings,-Wall -Wsign-compare -W -Wno-unused -Werror",
"CFLAGS,Include Paths,-I./",
"CFLAGS,Other compiler options,",
"CFLAGS,XMALLOC,-DXMALLOC=malloc",
"CFLAGS,XREALLOC,-DXREALLOC=realloc",
"CFLAGS,XCALLOC,-DXCALLOC=calloc",
"CFLAGS,XFREE,-DXFREE=free",
"CFLAGS,XCLOCK,-DXCLOCK=clock",
"CFLAGS,XCLOCKS_PER_SEC,-DXCLOCKS_PER_SEC=CLOCKS_PER_SEC",
);
@opts = (
"SMALL_CODE,Use small code where possible (slower code),y",
"NO_FILE,Avoid file I/O calls,n",
"CLEAN_STACK,Clean the stack within functions,n",
"BLOWFISH,Include Blowfish block cipher,y",
"RC2,Include RC2 block cipher,y",
"RC5,Include RC5 block cipher,y",
"RC6,Include RC6 block cipher,y",
"SERPENT,Include Serpent block cipher,y",
"SAFERP,Include Safer+ block cipher,y",
"SAFER,Include Safer-64 block ciphers,y",
"RIJNDAEL,Include Rijndael (AES) block cipher,y",
"XTEA,Include XTEA block cipher,y",
"TWOFISH,Include Twofish block cipher,y",
"TWOFISH_SMALL,Include Use a low ram variant of Twofish,n",
"TWOFISH_TABLES,Include Use precomputed tables to speed up the low-ram variant,n",
"DES,Include DES and 3DES block ciphers,y",
"CAST5,Include CAST5 (aka CAST-128) block cipher,y",
"NOEKEON,Include Noekeon block cipher,y",
"CFB,Include CFB block mode of operation,y",
"OFB,Include OFB block mode of operation,y",
"ECB,Include ECB block mode of operation,y",
"CBC,Include CBC block mode of operation,y",
"CTR,Include CTR block mode of operation,y",
"SHA512,Include SHA512 one-way hash,y",
"SHA384,Include SHA384 one-way hash (requires SHA512),y",
"SHA256,Include SHA256 one-way hash,y",
"TIGER,Include TIGER one-way hash,y",
"SHA1,Include SHA1 one-way hash,y",
"MD5,Include MD5 one-way hash,y",
"MD4,Include MD4 one-way hash,y",
"MD2,Include MD2 one-way hash,y",
"HMAC,Include Hash based Message Authentication Support,y",
"BASE64,Include Base64 encoding support,y",
"YARROW,Include Yarrow PRNG,y",
"SPRNG,Include Secure PRNG base on RNG code,y",
"RC4,Include RC4 PRNG,y",
"DEVRANDOM,Use /dev/random or /dev/urandom if available?,y",
"TRY_URANDOM_FIRST,Try /dev/urandom before /dev/random?,n",
"MRSA,Include RSA public key support,y",
"MDH,Include Diffie-Hellman (over Z/pZ) public key support,y",
"MECC,Include Eliptic Curve public key crypto support,y",
"KR,Include Keyring support (groups all three PK systems),y",
"DH768,768-bit DH key support,y",
"DH1024,1024-bit DH key support,y",
"DH1280,1280-bit DH key support,y",
"DH1536,1536-bit DH key support,y",
"DH1792,1792-bit DH key support,y",
"DH2048,2048-bit DH key support,y",
"DH2560,2560-bit DH key support,y",
"DH3072,3072-bit DH key support,y",
"DH4096,4096-bit DH key support,y",
"ECC160,160-bit ECC key support,y",
"ECC192,192-bit ECC key support,y",
"ECC224,224-bit ECC key support,y",
"ECC256,256-bit ECC key support,y",
"ECC384,384-bit ECC key support,y",
"ECC521,521-bit ECC key support,y",
"GF,Include GF(2^w) math support (not used internally),n",
"MPI,Include MPI big integer math support (required by the public key code),y",
);
# scan for switches and make variables
for (@settings) {
@m = split(",", $_);
print "@m[1]: [@m[2]] ";
$r = <>; $r = @m[2] if ($r eq "\n");
chomp($r);
@vars{@m[0]} = @vars{@m[0]} . $r . " ";
}
# scan for build flags
for (@opts) {
@m = split(",", $_);
print "@m[1]: [@m[2]]";
$r = <>; @vars{'CFLAGS'} = @vars{'CFLAGS'} . "-D" . $m[0] . " " if (($r eq "y\n") || ($r eq "\n" && @m[2] eq "y"));
}
# write header
open(OUT,">mycrypt_custom.h");
print OUT "/* This header is meant to be included before mycrypt.h in projects where\n";
print OUT " * you don't want to throw all the defines in a makefile. \n";
print OUT " */\n\n#ifndef MYCRYPT_CUSTOM_H_\n#define MYCRYPT_CUSTOM_H_\n\n#ifdef CRYPT\n\t#error mycrypt_custom.h should be included before mycrypt.h\n#endif\n\n";
@m = split(" ", @vars{'CFLAGS'});
for (@m) {
if ($_ =~ /^-D/) {
$_ =~ s/-D//;
$_ =~ s/=/" "/ge;
print OUT "#define $_\n";
}
}
print OUT "\n\n#include <mycrypt.h>\n\n#endif\n\n";
close OUT;
print "\n\nmycrypt_custom.h generated.\n";
open(OUT,">makefile.out");
print OUT "#makefile generated with config.pl\n#\n#Tom St Denis (tomstdenis\@yahoo.com, http://tom.iahu.ca) \n\n";
# output unique vars first
@vars{'CFLAGS'} =~ s/-D.+ /""/ge;
for (@settings) {
@m = split(",", $_);
print OUT "@m[0] = @vars{@m[0]}\n" if (@vars{@m[0]} ne "" && @m[0] ne "CFLAGS");
print OUT "CFLAGS += @vars{@m[0]}\n" if (@vars{@m[0]} ne "" && @m[0] eq "CFLAGS");
@vars{@m[0]} = "";
}
# output objects
print OUT "\ndefault: library\n\n";
print OUT "OBJECTS = keyring.o gf.o mem.o sprng.o ecc.o base64.o dh.o rsa.o bits.o yarrow.o cfb.o ofb.o ecb.o ctr.o cbc.o hash.o tiger.o sha1.o md5.o md4.o md2.o sha256.o sha512.o xtea.o aes.o serpent.o des.o safer_tab.o safer.o safer+.o rc4.o rc2.o rc6.o rc5.o cast5.o noekeon.o blowfish.o crypt.o ampi.o mpi.o prime.o twofish.o packet.o hmac.o strings.o\n\n";
# some depends
print OUT "rsa.o: rsa_sys.c\ndh.o: dh_sys.c\necc.o: ecc_sys.c\n\n";
# targets
print OUT "library: \$(OBJECTS)\n\t \$(AR) r libtomcrypt.a \$(OBJECTS)\n\t ranlib libtomcrypt.a\n\n";
print OUT "clean:\n\trm -f \$(OBJECTS) libtomcrypt.a \n\n";
close OUT;
print "makefile.out generated.\n";
print "\nNow use makefile.out to build the library, e.g. `make -f makefile.out'\n";
print "In your project just include mycrypt_custom.h (you don't have to include mycrypt.h \n";
print "but if you do make sure mycrypt_custom.h appears first) your settings should be intact.\n";

BIN
crypt.pdf
View File

Binary file not shown.

2439
demos/test.c
View File

File diff suppressed because it is too large Load Diff

1427
demos/test.c~ Normal file
View File

File diff suppressed because it is too large Load Diff

117
ecc.c
View File

@ -239,13 +239,12 @@ static void del_point(ecc_point *p)
XFREE(p);
}
/* double a point R = 2P, R can be P*/
static int dbl_point(ecc_point *P, ecc_point *R, mp_int *modulus)
static int dbl_point(ecc_point *P, ecc_point *R, mp_int *modulus, mp_int *mu)
{
mp_int s, tmp, tmpx;
int res;
if (mp_init_multi(&s, &tmp, &tmpx, NULL) != MP_OKAY) {
return CRYPT_MEM;
}
@ -254,12 +253,18 @@ static int dbl_point(ecc_point *P, ecc_point *R, mp_int *modulus)
if (mp_mul_2(&P->y, &tmp) != MP_OKAY) { goto error; } /* tmp = 2*y */
if (mp_invmod(&tmp, modulus, &tmp) != MP_OKAY) { goto error; } /* tmp = 1/tmp mod modulus */
if (mp_sqr(&P->x, &s) != MP_OKAY) { goto error; } /* s = x^2 */
if (mp_reduce(&s, modulus, mu) != MP_OKAY) { goto error; }
if (mp_mul_d(&s,(mp_digit)3, &s) != MP_OKAY) { goto error; } /* s = 3*(x^2) */
if (mp_sub_d(&s,(mp_digit)3, &s) != MP_OKAY) { goto error; } /* s = 3*(x^2) - 3 */
if (mp_mulmod(&s, &tmp, modulus, &s) != MP_OKAY) { goto error; } /* s = tmp * s mod modulus */
if (mp_cmp_d(&s, 0) == MP_LT) { /* if s < 0 add modulus */
if (mp_add(&s, modulus, &s) != MP_OKAY) { goto error; }
}
if (mp_mul(&s, &tmp, &s) != MP_OKAY) { goto error; } /* s = tmp * s mod modulus */
if (mp_reduce(&s, modulus, mu) != MP_OKAY) { goto error; }
/* Xr = s^2 - 2Xp */
if (mp_sqr(&s, &tmpx) != MP_OKAY) { goto error; } /* tmpx = s^2 */
if (mp_reduce(&tmpx, modulus, mu) != MP_OKAY) { goto error; } /* tmpx = tmpx mod modulus */
if (mp_sub(&tmpx, &P->x, &tmpx) != MP_OKAY) { goto error; } /* tmpx = tmpx - x */
if (mp_submod(&tmpx, &P->x, modulus, &tmpx) != MP_OKAY) { goto error; } /* tmpx = tmpx - x mod modulus */
@ -279,11 +284,11 @@ done:
}
/* add two different points over Z/pZ, R = P + Q, note R can equal either P or Q */
static int add_point(ecc_point *P, ecc_point *Q, ecc_point *R, mp_int *modulus)
static int add_point(ecc_point *P, ecc_point *Q, ecc_point *R, mp_int *modulus, mp_int *mu)
{
mp_int s, tmp, tmpx;
int res;
if (mp_init(&tmp) != MP_OKAY) {
return CRYPT_MEM;
}
@ -297,7 +302,7 @@ static int add_point(ecc_point *P, ecc_point *Q, ecc_point *R, mp_int *modulus)
if (mp_cmp(&P->x, &Q->x) == MP_EQ)
if (mp_cmp(&P->y, &Q->y) == MP_EQ || mp_cmp(&P->y, &tmp) == MP_EQ) {
mp_clear(&tmp);
return dbl_point(P, R, modulus);
return dbl_point(P, R, modulus, mu);
}
if (mp_init_multi(&tmpx, &s, NULL) != MP_OKAY) {
@ -306,13 +311,21 @@ static int add_point(ecc_point *P, ecc_point *Q, ecc_point *R, mp_int *modulus)
}
/* get s = (Yp - Yq)/(Xp-Xq) mod p */
if (mp_submod(&P->x, &Q->x, modulus, &tmp) != MP_OKAY) { goto error; } /* tmp = Px - Qx mod modulus */
if (mp_sub(&P->x, &Q->x, &tmp) != MP_OKAY) { goto error; } /* tmp = Px - Qx mod modulus */
if (mp_cmp_d(&tmp, 0) == MP_LT) { /* if tmp<0 add modulus */
if (mp_add(&tmp, modulus, &tmp) != MP_OKAY) { goto error; }
}
if (mp_invmod(&tmp, modulus, &tmp) != MP_OKAY) { goto error; } /* tmp = 1/tmp mod modulus */
if (mp_sub(&P->y, &Q->y, &s) != MP_OKAY) { goto error; } /* s = Py - Qy mod modulus */
if (mp_mulmod(&s, &tmp, modulus, &s) != MP_OKAY) { goto error; } /* s = s * tmp mod modulus */
if (mp_cmp_d(&s, 0) == MP_LT) { /* if s<0 add modulus */
if (mp_add(&s, modulus, &s) != MP_OKAY) { goto error; }
}
if (mp_mul(&s, &tmp, &s) != MP_OKAY) { goto error; } /* s = s * tmp mod modulus */
if (mp_reduce(&s, modulus, mu) != MP_OKAY) { goto error; }
/* Xr = s^2 - Xp - Xq */
if (mp_sqrmod(&s, modulus, &tmp) != MP_OKAY) { goto error; } /* tmp = s^2 mod modulus */
if (mp_sqr(&s, &tmp) != MP_OKAY) { goto error; } /* tmp = s^2 mod modulus */
if (mp_reduce(&tmp, modulus, mu) != MP_OKAY) { goto error; }
if (mp_sub(&tmp, &P->x, &tmp) != MP_OKAY) { goto error; } /* tmp = tmp - Px */
if (mp_sub(&tmp, &Q->x, &tmpx) != MP_OKAY) { goto error; } /* tmpx = tmp - Qx */
@ -334,32 +347,74 @@ done:
/* perform R = kG where k == integer and G == ecc_point */
static int ecc_mulmod(mp_int *k, ecc_point *G, ecc_point *R, mp_int *modulus)
{
ecc_point *tG, *M[14];
int i, j, z, res;
ecc_point *tG, *M[30];
int i, j, z, res, Q;
mp_digit d;
unsigned char bits[150], m, first;
mp_int mu;
/* init M tab */
for (i = 0; i < 14; i++) {
if ((USED(k) * MP_DIGIT_BIT) > 256) {
Q = 5;
} else {
Q = 4;
}
if (mp_init(&mu) != MP_OKAY) {
return CRYPT_MEM;
}
/* init barrett reduction */
mp_set(&mu, 1);
mp_lshd(&mu, 2 * USED(modulus));
if (mp_div(&mu, modulus, &mu, NULL) != MP_OKAY) {
mp_clear(&mu);
return CRYPT_MEM;
}
/* init M tab (alloc here, calculate below)
This table holds the first 2^Q multiples of the input base point G, that is
M[x] = x * G
Where G is the point and x is a scalar. The implementation is optimized
since M[0] == 0 and M[1] == G so there is no need to waste space for those. In
effect M'[x] == M[x+2] where M'[] is the table we make. If M[0] or M[1] are needed
we handle them with if statements.
*/
for (i = 0; i < ((1<<Q)-2); i++) {
M[i] = new_point();
if (M[i] == NULL) {
for (j = 0; j < i; j++) {
del_point(M[j]);
}
mp_clear(&mu);
return CRYPT_MEM;
}
}
/* get bits of k */
/* get bits of k in groupings of Q
The multiplicand is read in groupings of four bits. This is because the multiplication
routine is a Q-ary left-to-write (see HAC chapter 14, algorithm 14.82).
*/
first = m = (unsigned char)0;
for (z = i = 0; z < (int)USED(k); z++) {
/* grab a digit from the mp_int, these have MP_DIGIT_BIT bits in them */
d = DIGIT(k, z);
for (j = 0; j < (int)MP_DIGIT_BIT; j++) {
/* OR the bits against an accumulator */
first |= (d&1)<<(unsigned)(m++);
if (m == (unsigned char)4) {
/* if the bit count is Q then we have a Q-bit word ready */
if (m == (unsigned char)Q) {
/* store the four bit word and reset counters */
bits[i++] = first;
first = m = (unsigned char)0;
}
/* shift the digit down to extract the next bit */
d >>= 1;
}
}
@ -371,34 +426,35 @@ static int ecc_mulmod(mp_int *k, ecc_point *G, ecc_point *R, mp_int *modulus)
/* make a copy of G incase R==G */
tG = new_point();
if (tG == NULL) { goto error; }
if (tG == NULL) { goto error; }
/* skip leading digits which are zero */
--i; while (i != 0 && bits[i] == (unsigned char)0) { --i; }
/* if the multiplicand has no non-zero 4-bit words its invalid. */
if (i == 0) {
res = CRYPT_INVALID_ARG;
goto done;
}
/* now calc the M tab, note that there are only 14 spots, the normal M[0] is a no-op, and M[1] is the input
/* now calc the M tab, note that there are only 2^Q - 2 spots, the normal M[0] is a no-op, and M[1] is the input
point (saves ram)
*/
/* M[0] now is 2*G */
if (dbl_point(G, M[0], modulus) != CRYPT_OK) { goto error; }
for (j = 1; j < 14; j++) {
if (add_point(M[j-1], G, M[j], modulus) != CRYPT_OK) { goto error; }
if (dbl_point(G, M[0], modulus, &mu) != CRYPT_OK) { goto error; }
for (j = 1; j < ((1<<Q)-2); j++) {
if (add_point(M[j-1], G, M[j], modulus, &mu) != CRYPT_OK) { goto error; }
}
/* tG = G */
if (mp_copy(&G->x, &tG->x) != MP_OKAY) { goto error; }
if (mp_copy(&G->y, &tG->y) != MP_OKAY) { goto error; }
if (mp_copy(&G->x, &tG->x) != MP_OKAY) { goto error; }
if (mp_copy(&G->y, &tG->y) != MP_OKAY) { goto error; }
/* set result M[bits[i]] */
if (bits[i] == (unsigned char)1) {
if (mp_copy(&G->x, &R->x) != MP_OKAY) { goto error; }
if (mp_copy(&G->y, &R->y) != MP_OKAY) { goto error; }
if (mp_copy(&G->x, &R->x) != MP_OKAY) { goto error; }
if (mp_copy(&G->y, &R->y) != MP_OKAY) { goto error; }
} else if (bits[i] >= (unsigned char)2) {
if (mp_copy(&M[(int)bits[i]-2]->x, &R->x) != MP_OKAY) { goto error; }
if (mp_copy(&M[(int)bits[i]-2]->y, &R->y) != MP_OKAY) { goto error; }
@ -406,8 +462,8 @@ static int ecc_mulmod(mp_int *k, ecc_point *G, ecc_point *R, mp_int *modulus)
while (--i >= 0) {
/* double */
for (j = 0; j < 4; j++) {
if (dbl_point(R, R, modulus) != CRYPT_OK) { goto error; }
for (j = 0; j < Q; j++) {
if (dbl_point(R, R, modulus, &mu) != CRYPT_OK) { goto error; }
}
/* now based on the value of bits[i] we do ops */
@ -415,10 +471,10 @@ static int ecc_mulmod(mp_int *k, ecc_point *G, ecc_point *R, mp_int *modulus)
/* nop */
} else if (bits[i] == (unsigned char)1) {
/* add base point */
if (add_point(R, tG, R, modulus) != CRYPT_OK) { goto error; }
if (add_point(R, tG, R, modulus, &mu) != CRYPT_OK) { goto error; }
} else {
/* other case */
if (add_point(R, M[(int)bits[i] - 2], R, modulus) != CRYPT_OK) { goto error; }
if (add_point(R, M[(int)bits[i] - 2], R, modulus, &mu) != CRYPT_OK) { goto error; }
}
}
@ -428,9 +484,10 @@ error:
res = CRYPT_MEM;
done:
del_point(tG);
for (i = 0; i < 14; i++) {
for (i = 0; i < ((1<<Q)-2); i++) {
del_point(M[i]);
}
mp_clear(&mu);
#ifdef CLEAN_STACK
zeromem(bits, sizeof(bits));
#endif

22
ecc_sys.c
View File

@ -306,7 +306,7 @@ int ecc_verify_hash(const unsigned char *sig, unsigned long siglen,
{
ecc_point *mG;
ecc_key pubkey;
mp_int b, p, m;
mp_int b, p, m, mu;
unsigned long x, y;
int res, err;
@ -357,14 +357,14 @@ int ecc_verify_hash(const unsigned char *sig, unsigned long siglen,
y += 4;
/* init values */
if (mp_init_multi(&b, &m, &p, NULL) != MP_OKAY) {
if (mp_init_multi(&b, &m, &p, &mu, NULL) != MP_OKAY) {
ecc_free(&pubkey);
return CRYPT_MEM;
}
mG = new_point();
if (mG == NULL) {
mp_clear_multi(&b, &m, &p, NULL);
mp_clear_multi(&b, &m, &p, &mu, NULL);
ecc_free(&pubkey);
return CRYPT_MEM;
}
@ -378,12 +378,20 @@ int ecc_verify_hash(const unsigned char *sig, unsigned long siglen,
/* load prime */
if (mp_read_radix(&p, (unsigned char *)sets[key->idx].prime, 64) != MP_OKAY) { goto error; }
/* calculate barrett stuff */
mp_set(&mu, 1);
mp_lshd(&mu, 2 * USED(&p));
if (mp_div(&mu, &p, &mu, NULL) != MP_OKAY) {
res = CRYPT_MEM;
goto done;
}
/* get bA */
if (ecc_mulmod(&b, &pubkey.pubkey, &pubkey.pubkey, &p) != CRYPT_OK) { goto error; }
if (ecc_mulmod(&b, &pubkey.pubkey, &pubkey.pubkey, &p) != CRYPT_OK) { goto error; }
/* get bA + Y */
if (add_point(&pubkey.pubkey, &key->pubkey, &pubkey.pubkey, &p) != CRYPT_OK) { goto error; }
if (add_point(&pubkey.pubkey, &key->pubkey, &pubkey.pubkey, &p, &mu) != CRYPT_OK) { goto error; }
/* get mG */
if (mp_read_radix(&mG->x, (unsigned char *)sets[key->idx].Gx, 64) != MP_OKAY) { goto error; }
@ -403,7 +411,7 @@ error:
done:
del_point(mG);
ecc_free(&pubkey);
mp_clear_multi(&p, &m, &b, NULL);
return CRYPT_OK;
mp_clear_multi(&p, &m, &b, &mu, NULL);
return res;
}

35
examples/ch2-01.c Normal file
View File

@ -0,0 +1,35 @@
/*
* Name : ch2-01.c
* Purpose : Demonstration of reading the RNG
* Author : Tom St Denis
*
* History : v0.81 Initial release
*/
/* ch2-02-2 */
#include <mycrypt.h>
int main(void)
{
unsigned char buf[16];
unsigned long len;
int ix;
/* read the RNG */
len = rng_get_bytes(buf, sizeof(buf), NULL);
/* verify return */
if (len != sizeof(buf)) {
printf("Error: Only read %lu bytes.\n", len);
} else {
printf("Read %lu bytes\n", len);
for (ix = 0; ix < sizeof(buf); ix++) {
printf("%02x ", buf[ix]);
}
printf("\n");
}
return EXIT_SUCCESS;
}
/* ch2-02-2 */

80
legal.txt Normal file
View File

@ -0,0 +1,80 @@
Legal Issues Regarding LibTomCrypt
Tom St Denis
The bulk of the code was written or donated under the TDCAL "Tom Doesn't Care About License" license. It entitles the developer to free-reign on
the use and distribution of derived works, commercial or otherwise. Certain files are taken from public domain packages.
AES.C
-----
Author: Dr Brian Gladman
Email : gladman@seven77.demon.co.uk
Disclaimer (verbatim)
----
/* Copyright in this implementation is held by Dr B R Gladman but I */
/* hereby give permission for its free direct or derivative use subject */
/* to acknowledgment of its origin and compliance with any conditions */
/* that the originators of the algorithm place on its exploitation. */
----
Status: Public Domain, modified [not original]
DES.C
-----
Author: Unknown, Submitted by Dobes Vandermeer
Email : dobes@smartt.com
Disclaimer: None
Status: TDCAL submission by Dobes, modified [not original]
MD4.C
-----
Author: Dobes Vandermeer
Email : dobes@smartt.com
Disclaimer: None
Status: TDCAL submission by Dobes, modified [not original]
HMAC.C
------
Author: Dobes Vandermeer
Email: dobes@smartt.com
Disclaimer: None
Status: TDCAL submission by Dobes, modified [not original]
MPI.C
-----
Author: Original [v0.80 and prior] Michael Fromberger, Current [v0.81 and later] Tom St Denis
Email: tomstdenis@iahu.ca
Disclaimer: None
Status: TDCAL submission by Tom
RC2.C
-----
Author: Unknown, found on public domain archive [www.wiretapped.net]
Email: none
Disclaimer: Possible legal issues [should remove RC2/RC5/RC6 to simplify legal issues]
Status: Public Domain, questionable legal status, modified [not original]
SAFER.C
-------
Author: [copied verbatim]
----
* AUTHOR: Richard De Moliner (demoliner@isi.ee.ethz.ch)
* Signal and Information Processing Laboratory
* Swiss Federal Institute of Technology
* CH-8092 Zuerich, Switzerland
----
Email: demoliner@isi.ee.ethz.ch
Disclaimer: Appears to be Public Domain [not quite sure]
Status: Public Domain, modified [not original]
SERPENT.C
---------
Author: Dr. Brian Gladman
Email : gladman@seven77.demon.co.uk
Disclaimer (verbatim)
----
/* Copyright in this implementation is held by Dr B R Gladman but I */
/* hereby give permission for its free direct or derivative use subject */
/* to acknowledgment of its origin and compliance with any conditions */
/* that the originators of the algorithm place on its exploitation. */
----
Status: Public Domain, modified [not original]

212
makefile
View File

@ -9,7 +9,7 @@
# a build. This is easy to remedy though, for those that have problems.
# The version
VERSION=0.80
VERSION=0.81
#ch1-01-1
# Compiler and Linker Names
@ -21,200 +21,22 @@ AR=ar
ARFLAGS=r
#ch1-01-1
#ch1-01-2
# here you can set the malloc/calloc/free functions you want
XMALLOC=malloc
XCALLOC=calloc
XREALLOC=realloc
XFREE=free
# you can redefine the clock
XCLOCK=clock
XCLOCKS_PER_SEC=CLOCKS_PER_SEC
#ch1-01-2
#ch1-01-3
# Compilation flags. Note the += does not write over the user's CFLAGS!
CFLAGS += -c -I./ -Wall -Wsign-compare -W -Wno-unused -Werror \
-DXMALLOC=$(XMALLOC) -DXCALLOC=$(XCALLOC) -DXFREE=$(XFREE) \
-DXREALLOC=$(XREALLOC) -DXCLOCK=$(XCLOCK) \
-DXCLOCKS_PER_SEC=$(XCLOCKS_PER_SEC)
CFLAGS += -c -I./ -Wall -Wsign-compare -W -Wno-unused -Werror
# optimize for SPEED
#CFLAGS += -O3 -funroll-loops
# optimize for SIZE
CFLAGS += -Os
# optimize for SIZE
CFLAGS += -Os
# compile for DEBUGGING
# compile for DEBUGGING
#CFLAGS += -g3
#ch1-01-3
#These flags control how the library gets built.
#ch1-01-4
# Use small code variants of functions when possible?
CFLAGS += -DSMALL_CODE
# no file support, when defined the library will not
# have any functions that can read/write files
# (comment out to have file support)
#CFLAGS += -DNO_FILE
# Support the UNIX /dev/random or /dev/urandom
CFLAGS += -DDEVRANDOM
# Use /dev/urandom first on devices where
# /dev/random is too slow
#CFLAGS += -DTRY_URANDOM_FIRST
# Clean the stack after sensitive functions. Not
# always required... With this defined most of
# the ciphers and hashes will clean their stack area
# after usage with a (sometimes) huge penalty in speed.
# Normally this is not required if you simply lock your
# stack and wipe it when your program is done.
#
#CFLAGS += -DCLEAN_STACK
#ch1-01-4
#ch1-01-5
# What algorithms to include? comment out and rebuild to remove them
CFLAGS += -DBLOWFISH
CFLAGS += -DRC2
CFLAGS += -DRC5
CFLAGS += -DRC6
CFLAGS += -DSERPENT
CFLAGS += -DSAFERP
CFLAGS += -DSAFER
CFLAGS += -DRIJNDAEL
CFLAGS += -DXTEA
CFLAGS += -DTWOFISH
CFLAGS += -DDES
CFLAGS += -DCAST5
CFLAGS += -DNOEKEON
#ch1-01-5
#You can also customize the Twofish code. All four combinations
#of the flags are possible but only three of them make sense.
#
#Both undefined: Very fast, requires ~4.2KB of ram per scheduled key
#Both defined : Slow, requires only ~100 bytes of ram per scheduled key
#
#If defined on their own
#_SMALL defined: Very Slow, small code only ~100 bytes of ram
#_TABLES defined: Very fast, not faster than if both were undefined. Code is ~1KB bigger
# faster keysetup though...
#ch1-01-6
# Small Ram Variant of Twofish. For this you must have TWOFISH
# defined. This variant requires about 4kb less memory but
# is considerably slower. It is ideal when high throughput is
# less important than conserving memory. By default it is not
# defined which means the larger ram (about 4.2Kb used) variant
# is built.
#CFLAGS += -DTWOFISH_SMALL
# Tell Twofish to use precomputed tables. If you want to use
# the small table variant of Twofish you may want to turn
# this on. Essentially it tells Twofish to use precomputed
# S-boxes (Q0 and Q1) as well as precomputed GF
# multiplications [in the MDS]. This speeds up the cipher
# somewhat.
#CFLAGS += -DTWOFISH_TABLES
#ch1-01-6
#Use fast PK routines. Basically this limits the size of the private key in the
#DH system to 256 bits. The group order remains unchanged so the best
#attacks are still GNFS (for DH upto 2560-bits)
#
#This will only speed up the key generation and encryption routines. It lowers the
#security so its by default not turned on. USE AT YOUR RISK!
#CFLAGS += -DFAST_PK
#ch1-01-7
# Chaining modes
CFLAGS += -DCFB
CFLAGS += -DOFB
CFLAGS += -DECB
CFLAGS += -DCBC
CFLAGS += -DCTR
#ch1-01-7
#ch1-01-8
#One-way hashes
CFLAGS += -DSHA512
CFLAGS += -DSHA384
CFLAGS += -DSHA256
CFLAGS += -DTIGER
CFLAGS += -DSHA1
CFLAGS += -DMD5
CFLAGS += -DMD4
CFLAGS += -DMD2
#ch1-01-8
#ch1-01-9
# prngs
CFLAGS += -DYARROW
CFLAGS += -DSPRNG
CFLAGS += -DRC4
#ch1-01-9
#ch1-01-10
# PK code
CFLAGS += -DMRSA
CFLAGS += -DMDH
CFLAGS += -DMECC
CFLAGS += -DKR
#ch1-01-10
#ch1-01-12
# Control which built in DH or ECC key paramaters
# are to be allowed
CFLAGS += -DDH768
CFLAGS += -DDH1024
CFLAGS += -DDH1280
CFLAGS += -DDH1536
CFLAGS += -DDH1792
CFLAGS += -DDH2048
CFLAGS += -DDH2560
CFLAGS += -DDH3072
CFLAGS += -DDH4096
CFLAGS += -DECC160
CFLAGS += -DECC192
CFLAGS += -DECC224
CFLAGS += -DECC256
CFLAGS += -DECC384
CFLAGS += -DECC521
#ch1-01-12
#ch1-01-11
# base64
CFLAGS += -DBASE64
# include GF math routines?
# (not currently used by anything internally)
#CFLAGS += -DGF
# include large integer math routines? (required by the PK code)
CFLAGS += -DMPI
# use the fast exptmod operation (used in dsa/rsa/dh and is_prime)
# This uses slightly more heap than the old code [only during the function call]
# this is also fairly faster than the previous code
CFLAGS += -DMPI_FASTEXPT
# use a "low" mem variant of the fast exptmod. It is still always
# faster then the old exptmod but its savings drops off after
# 1024 to 2048-bits
#CFLAGS += -DMPI_FASTEXPT_LOWMEM
# include HMAC support
CFLAGS += -DHMAC
#ch1-01-11
#Output filenames for various targets.
LIBNAME=libtomcrypt.a
TEST=test
@ -224,8 +46,11 @@ SMALL=small
#LIBPATH-The directory for libtomcrypt to be installed to.
#INCPATH-The directory to install the header files for libtomcrypt.
#DATAPATH-The directory to install the pdf docs.
DESTDIR=
LIBPATH=/usr/lib
INCPATH=/usr/include
DATAPATH=/usr/share/doc/libtomcrypt/pdf
#List of objects to compile.
OBJECTS=keyring.o gf.o mem.o sprng.o ecc.o base64.o dh.o rsa.o \
@ -246,10 +71,9 @@ LEFTOVERS=*.dvi *.log *.aux *.toc *.idx *.ilg *.ind
COMPRESSED=crypt.tar.bz2 crypt.zip crypt.tar.gz
#Header files used by libtomcrypt.
HEADERS=mpi-types.h mpi-config.h mpi.h \
mycrypt_cfg.h mycrypt_gf.h mycrypt_kr.h \
HEADERS=mpi.h mycrypt_cfg.h mycrypt_gf.h mycrypt_kr.h \
mycrypt_misc.h mycrypt_prng.h mycrypt_cipher.h mycrypt_hash.h \
mycrypt_macros.h mycrypt_pk.h mycrypt.h mycrypt_argchk.h
mycrypt_macros.h mycrypt_pk.h mycrypt.h mycrypt_argchk.h mycrypt_custom.h
#The default rule for make builds the libtomcrypt library.
default:library mycrypt.h mycrypt_cfg.h
@ -286,17 +110,19 @@ small: library $(SMALLOBJECTS)
#as root in order to have a high enough permission to write to the correct
#directories and to set the owner and group to root.
install: library docs
install -g root -o root $(LIBNAME) $(LIBPATH)
install -g root -o root $(HEADERS) $(INCPATH)
mkdir -p /usr/doc/libtomcrypt/pdf
cp crypt.pdf /usr/doc/libtomcrypt/pdf/
install -d -g root -o root $(DESTDIR)$(LIBPATH)
install -d -g root -o root $(DESTDIR)$(INCPATH)
install -d -g root -o root $(DESTDIR)$(DATAPATH)
install -g root -o root $(LIBNAME) $(DESTDIR)$(LIBPATH)
install -g root -o root $(HEADERS) $(DESTDIR)$(INCPATH)
install -g root -o root crypt.pdf $(DESTDIR)$(DATAPATH)
#This rule cleans the source tree of all compiled code, not including the pdf
#documentation.
clean:
rm -f $(OBJECTS) $(TESTOBJECTS) $(HASHOBJECTS) $(CRYPTOBJECTS) $(SMALLOBJECTS) $(LEFTOVERS) $(LIBNAME)
rm -f $(TEST) $(HASH) $(COMPRESSED)
rm -f *stackdump *.lib *.exe *.obj demos/*.obj *.bat makefile.out mycrypt_custom.h
rm -f *stackdump *.lib *.exe *.obj demos/*.obj *.bat
#This builds the crypt.pdf file. Note that the rm -f *.pdf has been removed
#from the clean command! This is because most people would like to keep the
@ -312,6 +138,6 @@ docs: crypt.tex
#zipup the project (take that!)
zipup: clean docs
chdir .. ; rm -rf crypt* libtomcrypt-$(VERSION) ; mkdir libtomcrypt-$(VERSION) ; \
cd .. ; rm -rf crypt* libtomcrypt-$(VERSION) ; mkdir libtomcrypt-$(VERSION) ; \
cp -R ./libtomcrypt/* ./libtomcrypt-$(VERSION)/ ; tar -c libtomcrypt-$(VERSION)/* > crypt-$(VERSION).tar ; \
bzip2 -9vv crypt-$(VERSION).tar ; zip -9 -r crypt-$(VERSION).zip libtomcrypt-$(VERSION)/*
bzip2 -9vv crypt-$(VERSION).tar ; zip -9 -r crypt-$(VERSION).zip libtomcrypt-$(VERSION)/*

24
makefile.out Normal file
View File

@ -0,0 +1,24 @@
#makefile generated with config.pl
#
#Tom St Denis (tomstdenis@yahoo.com, http://tom.iahu.ca)
CC = gcc
AR = ar
LD = ld
CFLAGS += -Os -Wall -Wsign-compare -W -Wno-unused -Werror -I./
default: library
OBJECTS = keyring.o gf.o mem.o sprng.o ecc.o base64.o dh.o rsa.o bits.o yarrow.o cfb.o ofb.o ecb.o ctr.o cbc.o hash.o tiger.o sha1.o md5.o md4.o md2.o sha256.o sha512.o xtea.o aes.o serpent.o des.o safer_tab.o safer.o safer+.o rc4.o rc2.o rc6.o rc5.o cast5.o noekeon.o blowfish.o crypt.o ampi.o mpi.o prime.o twofish.o packet.o hmac.o strings.o
rsa.o: rsa_sys.c
dh.o: dh_sys.c
ecc.o: ecc_sys.c
library: $(OBJECTS)
$(AR) r libtomcrypt.a $(OBJECTS)
ranlib libtomcrypt.a
clean:
rm -f $(OBJECTS) libtomcrypt.a

311
makefile.ps2
View File

@ -1,311 +0,0 @@
# MAKEFILE for linux GCC
#
# Tom St Denis
# Modified by Clay Culver
#
# NOTE: This should later be replaced by autoconf/automake scripts, but for
# the time being this is actually pretty clean. The only ugly part is
# handling CFLAGS so that the x86 specific optimizations don't break
# a build. This is easy to remedy though, for those that have problems.
#Compiler and Linker Names
CC=ee-gcc
LD=ee-ld
# PlayStation(tm) 2 specifics
TOP = /usr/local/sce/ee
LIBDIR = $(TOP)/lib
INCDIR = $(TOP)/include/
COMMONDIR = $(TOP)/../common/include/
LCFILE = $(LIBDIR)/app.cmd
LDFLAGS = -DSONY_PS2 -DSONY_PS2_EE -Wl,-Map,$(@).map -mno-crt0 -L$(LIBDIR) -lm
AS = ee-gcc
ASFLAGS = -DSONY_PS2 -DSONY_PS2_EE -c -xassembler-with-cpp -Wa,-al
EXT = .elf
CFLAGS += -DSONY_PS2 -DSONY_PS2_EE -Wa,-al -Wno-unused -Werror \
-fno-common -fno-strict-aliasing -I$(INCDIR) -I$(COMMONDIR)
#Archiver [makes .a files]
AR=ee-ar
ARFLAGS=rs
#here you can set the malloc/calloc/free functions you want
XMALLOC=malloc
XCALLOC=calloc
XREALLOC=realloc
XFREE=free
#you can redefine the clock
XCLOCK=TIMER_clock
XCLOCKS_PER_SEC=576000
#Compilation flags. Note the += does not write over the user's CFLAGS!
CFLAGS += -c -I./ -Wall -Wsign-compare -W -Wno-unused -Werror \
-DXMALLOC=$(XMALLOC) -DXCALLOC=$(XCALLOC) -DXFREE=$(XFREE) \
-DXREALLOC=$(XREALLOC) -DXCLOCK=$(XCLOCK) \
-DXCLOCKS_PER_SEC=$(XCLOCKS_PER_SEC)
#optimize for SPEED (comment out SIZE line as well)
#CFLAGS += -O3 -fomit-frame-pointer -funroll-loops
#optimize for SIZE (comment out SPEED line as well)
CFLAGS += -Os
#Use small code variants of functions when possible? (Slows it down!)
CFLAGS += -DSMALL_CODE
#no file support, when defined the library will not have any functions that can read/write files
#(comment out to have file support)
CFLAGS += -DNO_FILE
#These flags control how the library gets built.
# Clean the stack after sensitive functions. Not always required...
# With this defined most of the ciphers and hashes will clean their stack area
# after usage with a (sometimes) huge penalty in speed. Normally this is not
# required if you simply lock your stack and wipe it when your program is done.
#
#CFLAGS += -DCLEAN_STACK
# What algorithms to include? comment out and rebuild to remove em
CFLAGS += -DBLOWFISH
CFLAGS += -DRC2
#CFLAGS += -DRC5
#CFLAGS += -DRC6
CFLAGS += -DSERPENT
CFLAGS += -DSAFERP
CFLAGS += -DSAFER
CFLAGS += -DRIJNDAEL
CFLAGS += -DXTEA
CFLAGS += -DTWOFISH
CFLAGS += -DDES
CFLAGS += -DCAST5
CFLAGS += -DNOEKEON
#You can also customize the Twofish code. All four combinations
#of the flags are possible but only three of them make sense.
#
#Both undefined: Very fast, requires ~4.2KB of ram per scheduled key
#Both defined : Slow, requires only ~100 bytes of ram per scheduled key
#
#If defined on their own
#_SMALL defined: Very Slow, small code only ~100 bytes of ram
#_TABLES defined: Very fast, not faster than if both were undefined. Code is ~1KB bigger
# faster keysetup though...
# Small Ram Variant of Twofish. For this you must have TWOFISH defined. This
# variant requires about 4kb less memory but is considerably slower. It is ideal
# when high throughput is less important than conserving memory. By default it is
# not defined which means the larger ram (about 4.2Kb used) variant is built.
# CFLAGS += -DTWOFISH_SMALL
# Tell Twofish to use precomputed tables. If you want to use the small table
# variant of Twofish you may want to turn this on. Essentially it tells Twofish to use
# precomputed S-boxes (Q0 and Q1) as well as precomputed GF multiplications [in the MDS].
# This speeds up the cipher somewhat.
# CFLAGS += -DTWOFISH_TABLES
#Use fast PK routines. Basically this limits the size of the private key in the
#DH system to 256 bits. The group order remains unchanged so the best
#attacks are still GNFS (for DH upto 2560-bits)
#
#This will only speed up the key generation and encryption routines. It lowers the
#security so its by default not turned on. USE AT YOUR RISK!
#CFLAGS += -DFAST_PK
# Chaining modes
CFLAGS += -DCFB
CFLAGS += -DOFB
CFLAGS += -DECB
CFLAGS += -DCBC
CFLAGS += -DCTR
#One-way hashes
CFLAGS += -DSHA512
CFLAGS += -DSHA384
CFLAGS += -DSHA256
CFLAGS += -DTIGER
CFLAGS += -DSHA1
CFLAGS += -DMD5
CFLAGS += -DMD4
CFLAGS += -DMD2
# base64
CFLAGS += -DBASE64
# prngs
CFLAGS += -DYARROW
CFLAGS += -DSPRNG
CFLAGS += -DRC4
# PK code
CFLAGS += -DMRSA
CFLAGS += -DMDH
CFLAGS += -DMECC
CFLAGS += -DKR
# Control which built in DH or ECC key paramaters
# are to be allowed
CFLAGS += -DDH768
CFLAGS += -DDH1024
CFLAGS += -DDH1280
CFLAGS += -DDH1536
CFLAGS += -DDH1792
CFLAGS += -DDH2048
CFLAGS += -DDH2560
CFLAGS += -DDH3072
CFLAGS += -DDH4096
CFLAGS += -DECC160
CFLAGS += -DECC192
CFLAGS += -DECC224
CFLAGS += -DECC256
CFLAGS += -DECC384
CFLAGS += -DECC521
# include GF math routines? (not currently used by anything internally)
#CFLAGS += -DGF
# include large integer math routines? (required by the PK code)
CFLAGS += -DMPI
# use the fast exptmod operation (used in dsa/rsa/dh and is_prime)
# This uses slightly more heap than the old code [only during the function call]
# this is also fairly faster than the previous code
CFLAGS += -DMPI_FASTEXPT
# use a "low" mem variant of the fast exptmod. It is still always
# faster then the old exptmod but its savings drops off after
# 1024-bits
CFLAGS += -DMPI_FASTEXPT_LOWMEM
# include HMAC support
CFLAGS += -DHMAC
# Have /dev/random or /dev/urandom?
#CFLAGS += -DDEVRANDOM
#Output filenames for various targets.
LIBNAME=libtomcrypt.a
TEST=test$(EXT)
HASH=hashsum$(EXT)
CRYPT=encrypt$(EXT)
SMALL=small$(EXT)
#LIBPATH-The directory for libtomcrypt to be installed to.
#INCPATH-The directory to install the header files for libtomcrypt.
LIBPATH=/usr/lib
INCPATH=/usr/include
#List of objects to compile.
OBJECTS=keyring.o gf.o mem.o sprng.o ecc.o base64.o dh.o rsa.o \
bits.o yarrow.o cfb.o ofb.o ecb.o ctr.o cbc.o hash.o tiger.o sha1.o \
md5.o md4.o md2.o sha256.o sha512.o xtea.o aes.o serpent.o des.o \
safer_tab.o safer.o safer+.o rc4.o rc2.o rc6.o rc5.o cast5.o noekeon.o blowfish.o crypt.o \
ampi.o mpi.o prime.o twofish.o packet.o hmac.o strings.o
# PlayStation(tm) 2 C run-time startup module
PS2CRT0=crt0.o
TESTOBJECTS=$(PS2CRT0) demos/test.o demos/timer.o
HASHOBJECTS=$(PS2CRT0) demos/hashsum.o
CRYPTOBJECTS=$(PS2CRT0) demos/encrypt.o
SMALLOBJECTS=$(PS2CRT0) demos/small.o
#Files left over from making the crypt.pdf.
LEFTOVERS=*.dvi *.log *.aux *.toc *.idx *.ilg *.ind
#Compressed filenames
COMPRESSED=crypt.tar.bz2 crypt.zip crypt.tar.gz
#Header files used by libtomcrypt.
HEADERS=mpi-types.h mpi-config.h mpi.h \
mycrypt_cfg.h mycrypt_gf.h mycrypt_kr.h \
mycrypt_misc.h mycrypt_prng.h mycrypt_cipher.h mycrypt_hash.h \
mycrypt_macros.h mycrypt_pk.h mycrypt.h mycrypt_argchk.h
#The default rule for make builds the libtomcrypt library.
default:library mycrypt.h mycrypt_cfg.h
#These are the rules to make certain object files.
rsa.o: rsa.c rsa_sys.c
ecc.o: ecc.c ecc_sys.c
dh.o: dh.c dh_sys.c
aes.o: aes.c aes_tab.c
sha512.o: sha512.c sha384.c
#This rule makes the libtomcrypt library.
library: $(OBJECTS)
$(AR) $(ARFLAGS) $(LIBNAME) $(OBJECTS)
#This rule makes the test program included with libtomcrypt
test: library $(TESTOBJECTS)
$(CC) -o $(TEST) -T $(LCFILE) $(LDFLAGS) $(TESTOBJECTS) $(LIBNAME)
#This rule makes the hash program included with libtomcrypt
hashsum: library $(HASHOBJECTS)
$(CC) -o $(HASH) -T $(LCFILE) $(LDFLAGS) $(HASHOBJECTS) $(LIBNAME)
#makes the crypt program
crypt: library $(CRYPTOBJECTS)
$(CC) -o $(CRYPT) -T $(LCFILE) $(LDFLAGS) $(CRYPTOBJECTS) $(LIBNAME)
#makes the small program
small: library $(SMALLOBJECTS)
$(CC) -o $(SMALL) -T $(LCFILE) $(LDFLAGS) $(SMALLOBJECTS) $(LIBNAME)
# makes the PlayStation(tm) 2 CRT 0 module
$(PS2CRT0): $(LIBDIR)/crt0.s
$(AS) $(ASFLAGS) $(TMPFLAGS) -o $@ $< > $*.lst
#This rule installs the library and the header files. This must be run
#as root in order to have a high enough permission to write to the correct
#directories and to set the owner and group to root.
install: library
install -g root -o root $(LIBNAME) $(LIBPATH)
install -g root -o root $(HEADERS) $(INCPATH)
#This rule cleans the source tree of all compiled code, not including the pdf
#documentation.
clean:
rm -f $(OBJECTS) $(TESTOBJECTS) $(HASHOBJECTS) $(CRYPTOBJECTS) $(SMALLOBJECTS) $(LEFTOVERS) $(LIBNAME)
rm -f $(TEST) $(HASH) $(COMPRESSED)
rm -f *stackdump *.lib *.exe *.obj demos/*.obj zlib/*.obj
rm -f *.o *.lst demos/*.o demos/*.lst
#This builds the crypt.pdf file. Note that the rm -f *.pdf has been removed
#from the clean command! This is because most people would like to keep the
#nice pre-compiled crypt.pdf that comes with libtomcrypt! We only need to
#delete it if we are rebuilding it.
docs: crypt.tex
rm -f crypt.pdf
rm -f $(LEFTOVERS)
latex crypt > /dev/null
makeindex crypt > /dev/null
pdflatex crypt > /dev/null
rm -f $(LEFTOVERS)
#This used to be the zipup target. I have split it into two seperate targets:
#bz and zip. bz builds a crypt.tar.bz2 package, while zip builds a crypt.zip
#package. I have removed the dos2unix commands, as this is a Linux makefile,
#and these should not be needed. I also made it output the target to the
#current directory instead of the root (/) directory. (Bad Tom!) We are
#almost assured write permission in the current directory, but not in the root
#directory. This means any user can now build a BZ image or a zip.
#NOTE: This removes all pre-built compressed archives during clean.
bz: clean docs
chdir .. ; rm -f crypt.tar.bz2 ; tar -c libtomcrypt/* > crypt.tar ; bzip2 -9v crypt.tar
zip: clean docs
chdir .. ; rm -f crypt.zip ; zip -9 -r crypt.zip libtomcrypt/*
#Makes a tar/gz archive of the library.
gz: clean docs
chdir .. ; rm -f crypt.tar.gz ; tar -c libtomcrypt/* > crypt.tar ; gzip -9v crypt.tar
#makes a tar/SZIP archive [slightly better than bzip2]
szip: clean docs
chdir .. ; rm -f crypt.tar.szp ; tar -c libtomcrypt/* > crypt.tar ; szip -b41o64v255 crypt.tar crypt.tar.szp
.c.o:
$(CC) $(CFLAGS) $(TMPFLAGS) -c $< -o $*.o > $*.lst

274
makefile.vc
View File

@ -1,274 +0,0 @@
# MAKEFILE for MSVC 6.0 SP5
#
# Tom St Denis, tomstdenis@yahoo.com
#
CC=cl
AR=lib
#here you can set the malloc/calloc/free functions you want
XMALLOC=malloc
XCALLOC=calloc
XREALLOC=realloc
XFREE=free
#you can redefine the clock
XCLOCK=clock
XCLOCKS_PER_SEC=CLOCKS_PER_SEC
CFLAGS = /c /Ogisy1 /Gs /I. /W3 /DWIN32 /DXREALLOC=$(XREALLOC) /DXMALLOC=$(XMALLOC) /DXCALLOC=$(XCALLOC) /DXFREE=$(XFREE) /DXCLOCK=$(XCLOCK) /DXCLOCKS_PER_SEC=$(XCLOCKS_PER_SEC)
#Small code (smaller variants of some block ciphers)
CFLAGS += /DSMALL_CODE
#These flags control how the library gets built.
#no file support, when defined the library will not have any functions that can read/write files
#(comment out to have file support)
#CFLAGS += /DNO_FILE
#Support the UNIX /dev/random or /dev/urandom
#CFLAGS += /DDEVRANDOM
# Use /dev/urandom first on devices where /dev/random is too slow */
#CFLAGS += /DTRY_URANDOM_FIRST
# Clean the stack after sensitive functions. Not always required...
# With this defined most of the ciphers and hashes will clean their stack area
# after usage with a (sometimes) huge penalty in speed. Normally this is not
# required if you simply lock your stack and wipe it when your program is done.
#
#CFLAGS += /DCLEAN_STACK
# What algorithms to include? comment out and rebuild to remove em
CFLAGS += /DBLOWFISH
CFLAGS += /DRC2
CFLAGS += /DRC5
CFLAGS += /DRC6
CFLAGS += /DSERPENT
CFLAGS += /DSAFERP
CFLAGS += /DSAFER
CFLAGS += /DRIJNDAEL
CFLAGS += /DXTEA
CFLAGS += /DTWOFISH
CFLAGS += /DDES
CFLAGS += /DCAST5
CFLAGS += /DNOEKEON
#You can also customize the Twofish code. All four combinations
#of the flags are possible but only three of them make sense.
#
#Both undefined: Very fast, requires ~4.2KB of ram per scheduled key
#Both defined : Slow, requires only ~100 bytes of ram per scheduled key
#
#If defined on their own
#_SMALL defined: Very Slow, small code only ~100 bytes of ram
#_TABLES defined: Very fast, not faster than if both were undefined. Code is ~1KB bigger
# faster keysetup though...
# Small Ram Variant of Twofish. For this you must have TWOFISH defined. This
# variant requires about 4kb less memory but is considerably slower. It is ideal
# when high throughput is less important than conserving memory. By default it is
# not defined which means the larger ram (about 4.2Kb used) variant is built.
# CFLAGS += /DTWOFISH_SMALL
# Tell Twofish to use precomputed tables. If you want to use the small table
# variant of Twofish you may want to turn this on. Essentially it tells Twofish to use
# precomputed S-boxes (Q0 and Q1) as well as precomputed GF multiplications [in the MDS].
# This speeds up the cipher somewhat.
# CFLAGS += /DTWOFISH_TABLES
#Use fast PK routines. Basically this limits the size of the private key in the
#DH system to 256 bits. The group order remains unchanged so the best
#attacks are still GNFS (for DH upto 2560-bits)
#
#This will only speed up the key generation and encryption routines. It lowers the
#security so its by default not turned on. USE AT YOUR RISK!
#CFLAGS += /DFAST_PK
# Chaining modes
CFLAGS += /DCFB
CFLAGS += /DOFB
CFLAGS += /DECB
CFLAGS += /DCBC
CFLAGS += /DCTR
#One-way hashes
CFLAGS += /DSHA512
CFLAGS += /DSHA384
CFLAGS += /DSHA256
CFLAGS += /DTIGER
CFLAGS += /DSHA1
CFLAGS += /DMD5
CFLAGS += /DMD4
CFLAGS += /DMD2
# base64
CFLAGS += /DBASE64
# prngs
CFLAGS += /DYARROW
CFLAGS += /DSPRNG
CFLAGS += /DRC4
# PK code
CFLAGS += /DMRSA
CFLAGS += /DMDH
CFLAGS += /DMECC
CFLAGS += /DKR
# Control which built in DH or ECC key paramaters
# are to be allowed
CFLAGS += /DDH768
CFLAGS += /DDH1024
CFLAGS += /DDH1280
CFLAGS += /DDH1536
CFLAGS += /DDH1792
CFLAGS += /DDH2048
CFLAGS += /DDH2560
CFLAGS += /DDH3072
CFLAGS += /DDH4096
CFLAGS += /DECC160
CFLAGS += /DECC192
CFLAGS += /DECC224
CFLAGS += /DECC256
CFLAGS += /DECC384
CFLAGS += /DECC521
# include GF math routines? (not currently used by anything internally)
#CFLAGS += /DGF
# include large integer math routines? (required by the PK code)
CFLAGS += /DMPI
# use the fast exptmod operation (used in dsa/rsa/dh and is_prime)
# This uses slightly more heap than the old code [only during the function call]
# this is also fairly faster than the previous code
CFLAGS += /DMPI_FASTEXPT
# use a "low" mem variant of the fast exptmod. It is still always
# faster then the old exptmod but its savings drops off after
# 1024-bits
#CFLAGS += /DMPI_FASTEXPT_LOWMEM
# include HMAC support
CFLAGS += /DHMAC
default: tomcrypt.lib
keyring.obj: keyring.c
$(CC) $(CFLAGS) keyring.c
ampi.obj: ampi.c
$(CC) $(CFLAGS) ampi.c
mpi.obj: mpi.c
$(CC) $(CFLAGS) mpi.c
blowfish.obj: blowfish.c
$(CC) $(CFLAGS) blowfish.c
crypt.obj: crypt.c
$(CC) $(CFLAGS) crypt.c
sha512.obj: sha512.c sha384.c
$(CC) $(CFLAGS) sha512.c
sha256.obj: sha256.c
$(CC) $(CFLAGS) sha256.c
hash.obj: hash.c
$(CC) $(CFLAGS) hash.c
md5.obj: md5.c
$(CC) $(CFLAGS) md5.c
md4.obj: md4.c
$(CC) $(CFLAGS) md4.c
sha1.obj: sha1.c
$(CC) $(CFLAGS) sha1.c
cfb.obj: cfb.c
$(CC) $(CFLAGS) cfb.c
ofb.obj: ofb.c
$(CC) $(CFLAGS) ofb.c
ecb.obj: ecb.c
$(CC) $(CFLAGS) ecb.c
ctr.obj: ctr.c
$(CC) $(CFLAGS) ctr.c
prime.obj: prime.c
$(CC) $(CFLAGS) prime.c
base64.obj: base64.c
$(CC) $(CFLAGS) base64.c
sprng.obj: sprng.c
$(CC) $(CFLAGS) sprng.c
mem.obj: mem.c
$(CC) $(CFLAGS) mem.c
gf.obj: gf.c
$(CC) $(CFLAGS) gf.c
ecc.obj: ecc.c ecc_sys.c
$(CC) $(CFLAGS) ecc.c
yarrow.obj: yarrow.c
$(CC) $(CFLAGS) yarrow.c
bits.obj: bits.c
$(CC) $(CFLAGS) bits.c
rsa.obj: rsa.c
$(CC) $(CFLAGS) rsa.c
rc6.obj: rc6.c
$(CC) $(CFLAGS) rc6.c
des.obj: des.c
$(CC) $(CFLAGS) des.c
tiger.obj: tiger.c
$(CC) $(CFLAGS) tiger.c
dh.obj: dh.c dh_sys.c
$(CC) $(CFLAGS) dh.c
serpent.obj: serpent.c
$(CC) $(CFLAGS) serpent.c
aes.obj: aes.c aes_tab.c
$(CC) $(CFLAGS) aes.c
rc5.obj: rc5.c
$(CC) $(CFLAGS) rc5.c
rc2.obj: rc2.c
$(CC) $(CFLAGS) rc2.c
cbc.obj: cbc.c
$(CC) $(CFLAGS) cbc.c
safer+.obj: safer+.c
$(CC) $(CFLAGS) safer+.c
safer.obj: safer.c
$(CC) $(CFLAGS) safer.c
safer_tab.obj: safer_tab.c
$(CC) $(CFLAGS) safer_tab.c
xtea.obj: xtea.c
$(CC) $(CFLAGS) xtea.c
twofish.obj: twofish.c
$(CC) $(CFLAGS) twofish.c
packet.obj: packet.c
$(CC) $(CFLAGS) packet.c
pack.obj: pack.c
$(CC) $(CFLAGS) pack.c
hmac.obj: hmac.c
$(CC) $(CFLAGS) hmac.c
strings.obj: strings.c
$(CC) $(CFLAGS) strings.c
md2.obj: md2.c
$(CC) $(CFLAGS) md2.c
cast5.obj: cast5.c
$(CC) $(CFLAGS) cast5.c
noekeon.obj: noekeon.c
$(CC) $(CFLAGS) noekeon.c
demos/test.obj: demos/test.c
$(CC) $(CFLAGS) demos/test.c
demos/hashsum.obj: demos/hashsum.c
$(CC) $(CFLAGS) demos/hashsum.c
tomcrypt.lib: keyring.obj gf.obj mem.obj sprng.obj ecc.obj base64.obj dh.obj rsa.obj bits.obj hmac.obj \
yarrow.obj cfb.obj ofb.obj ecb.obj ctr.obj cbc.obj hash.obj tiger.obj sha1.obj md2.obj md5.obj md4.obj sha256.obj sha512.obj xtea.obj \
aes.obj serpent.obj safer_tab.obj safer.obj safer+.obj cast5.obj noekeon.obj rc2.obj rc6.obj rc5.obj des.obj blowfish.obj crypt.obj ampi.obj \
strings.obj mpi.obj prime.obj twofish.obj packet.obj
$(AR) /out:tomcrypt.lib keyring.obj gf.obj mem.obj sprng.obj ecc.obj base64.obj dh.obj rsa.obj hmac.obj \
bits.obj yarrow.obj cfb.obj ofb.obj ecb.obj ctr.obj cbc.obj hash.obj tiger.obj sha1.obj md2.obj md5.obj md4.obj sha256.obj \
strings.obj sha512.obj xtea.obj aes.obj serpent.obj safer_tab.obj safer.obj safer+.obj cast5.obj noekeon.obj rc2.obj rc6.obj rc5.obj des.obj \
blowfish.obj crypt.obj ampi.obj mpi.obj prime.obj twofish.obj packet.obj
test.exe: tomcrypt.lib demos/test.obj
link /OUT:test.exe test.obj tomcrypt.lib advapi32.lib
hashsum.exe: tomcrypt.lib demos/hashsum.obj
link /OUT:hashsum.exe hashsum.obj tomcrypt.lib advapi32.lib
clean:
rm -f demos/*.obj *.obj *.exe *.lib

87
mpi-config.h
View File

@ -1,87 +0,0 @@
/* Default configuration for MPI library */
/* $ID$ */
#ifndef MPI_CONFIG_H_
#define MPI_CONFIG_H_
/*
For boolean options,
0 = no
1 = yes
Other options are documented individually.
*/
#ifndef MP_IOFUNC
#define MP_IOFUNC 0 /* include mp_print() ? */
#endif
#ifndef MP_MODARITH
#define MP_MODARITH 1 /* include modular arithmetic ? */
#endif
#ifndef MP_NUMTH
#define MP_NUMTH 1 /* include number theoretic functions? */
#endif
#ifndef MP_LOGTAB
#define MP_LOGTAB 1 /* use table of logs instead of log()? */
#endif
#ifndef MP_MEMSET
#define MP_MEMSET 1 /* use memset() to zero buffers? */
#endif
#ifndef MP_MEMCPY
#define MP_MEMCPY 1 /* use memcpy() to copy buffers? */
#endif
#ifndef MP_CRYPTO
#define MP_CRYPTO 1 /* erase memory on free? */
#endif
#ifndef MP_ARGCHK
/*
0 = no parameter checks
1 = runtime checks, continue execution and return an error to caller
2 = assertions; dump core on parameter errors
*/
#define MP_ARGCHK 1 /* how to check input arguments */
#endif
#ifndef MP_DEBUG
#define MP_DEBUG 0 /* print diagnostic output? */
#endif
#ifndef MP_DEFPREC
#define MP_DEFPREC 64 /* default precision, in digits */
#endif
#ifndef MP_MACRO
#define MP_MACRO 0 /* use macros for frequent calls? */
#endif
#ifndef MP_SQUARE
#define MP_SQUARE 1 /* use separate squaring code? */
#endif
#ifndef MP_PTAB_SIZE
/*
When building mpprime.c, we build in a table of small prime
values to use for primality testing. The more you include,
the more space they take up. See primes.c for the possible
values (currently 16, 32, 64, 128, 256, and 6542)
*/
#define MP_PTAB_SIZE 128 /* how many built-in primes? */
#endif
#ifndef MP_COMPAT_MACROS
#define MP_COMPAT_MACROS 1 /* define compatibility macros? */
#endif
#endif /* ifndef MPI_CONFIG_H_ */

16
mpi-types.h
View File

@ -1,16 +0,0 @@
/* Type definitions generated by 'types.pl' */
typedef char mp_sign;
typedef unsigned short mp_digit; /* 2 byte type */
typedef unsigned int mp_word; /* 4 byte type */
typedef unsigned int mp_size;
typedef int mp_err;
#define MP_DIGIT_BIT (CHAR_BIT*sizeof(mp_digit))
#define MP_DIGIT_MAX USHRT_MAX
#define MP_WORD_BIT (CHAR_BIT*sizeof(mp_word))
#define MP_WORD_MAX UINT_MAX
#define MP_DIGIT_SIZE 2
#define DIGIT_FMT "%04X"
#define RADIX (MP_DIGIT_MAX+1)

8867
mpi.c
View File

File diff suppressed because it is too large Load Diff

227
mpi.h
View File

@ -1,227 +0,0 @@
/*
mpi.h
by Michael J. Fromberger <sting@linguist.dartmouth.edu>
Copyright (C) 1998 Michael J. Fromberger, All Rights Reserved
Arbitrary precision integer arithmetic library
$ID$
*/
#ifndef _H_MPI_
#define _H_MPI_
#include "mpi-config.h"
#define MP_LT -1
#define MP_EQ 0
#define MP_GT 1
#if MP_DEBUG
#undef MP_IOFUNC
#define MP_IOFUNC 1
#endif
#if MP_IOFUNC
#include <stdio.h>
#include <ctype.h>
#endif
#include <limits.h>
#define MP_NEG 1
#define MP_ZPOS 0
/* Included for compatibility... */
#define NEG MP_NEG
#define ZPOS MP_ZPOS
#define MP_OKAY 0 /* no error, all is well */
#define MP_YES 0 /* yes (boolean result) */
#define MP_NO -1 /* no (boolean result) */
#define MP_MEM -2 /* out of memory */
#define MP_RANGE -3 /* argument out of range */
#define MP_BADARG -4 /* invalid parameter */
#define MP_UNDEF -5 /* answer is undefined */
#define MP_LAST_CODE MP_UNDEF
#include "mpi-types.h"
/* Included for compatibility... */
#define DIGIT_BIT MP_DIGIT_BIT
#define DIGIT_MAX MP_DIGIT_MAX
/* Macros for accessing the mp_int internals */
#define SIGN(MP) ((MP)->sign)
#define USED(MP) ((MP)->used)
#define ALLOC(MP) ((MP)->alloc)
#define DIGITS(MP) ((MP)->dp)
#define DIGIT(MP,N) (MP)->dp[(N)]
#if MP_ARGCHK == 1
#define ARGCHK(X,Y) {if(!(X)){return (Y);}}
#elif MP_ARGCHK == 2
#include <assert.h>
#define ARGCHK(X,Y) assert(X)
#else
#define ARGCHK(X,Y) /* */
#endif
/* This defines the maximum I/O base (minimum is 2) */
#define MAX_RADIX 64
typedef struct {
mp_sign sign; /* sign of this quantity */
mp_size alloc; /* how many digits allocated */
mp_size used; /* how many digits used */
mp_digit *dp; /* the digits themselves */
} mp_int;
/*------------------------------------------------------------------------*/
/* Default precision */
unsigned int mp_get_prec(void);
void mp_set_prec(unsigned int prec);
/*------------------------------------------------------------------------*/
/* Memory management */
mp_err mp_init(mp_int *mp);
mp_err mp_init_array(mp_int mp[], int count);
mp_err mp_init_size(mp_int *mp, mp_size prec);
mp_err mp_init_copy(mp_int *mp, mp_int *from);
mp_err mp_copy(mp_int *from, mp_int *to);
void mp_exch(mp_int *mp1, mp_int *mp2);
void mp_clear(mp_int *mp);
void mp_clear_array(mp_int mp[], int count);
void mp_zero(mp_int *mp);
void mp_set(mp_int *mp, mp_digit d);
mp_err mp_set_int(mp_int *mp, long z);
mp_err mp_shrink(mp_int *a);
/*------------------------------------------------------------------------*/
/* Single digit arithmetic */
mp_err mp_add_d(mp_int *a, mp_digit d, mp_int *b);
mp_err mp_sub_d(mp_int *a, mp_digit d, mp_int *b);
mp_err mp_mul_d(mp_int *a, mp_digit d, mp_int *b);
mp_err mp_mul_2(mp_int *a, mp_int *c);
mp_err mp_div_d(mp_int *a, mp_digit d, mp_int *q, mp_digit *r);
mp_err mp_div_2(mp_int *a, mp_int *c);
mp_err mp_expt_d(mp_int *a, mp_digit d, mp_int *c);
/*------------------------------------------------------------------------*/
/* Sign manipulations */
mp_err mp_abs(mp_int *a, mp_int *b);
mp_err mp_neg(mp_int *a, mp_int *b);
/*------------------------------------------------------------------------*/
/* Full arithmetic */
mp_err mp_add(mp_int *a, mp_int *b, mp_int *c);
mp_err mp_sub(mp_int *a, mp_int *b, mp_int *c);
mp_err mp_mul(mp_int *a, mp_int *b, mp_int *c);
mp_err mp_mul_2d(mp_int *a, mp_digit d, mp_int *c);
#if MP_SQUARE
mp_err mp_sqr(mp_int *a, mp_int *b);
#else
#define mp_sqr(a, b) mp_mul(a, a, b)
#endif
mp_err mp_div(mp_int *a, mp_int *b, mp_int *q, mp_int *r);
mp_err mp_div_2d(mp_int *a, mp_digit d, mp_int *q, mp_int *r);
mp_err mp_expt(mp_int *a, mp_int *b, mp_int *c);
mp_err mp_2expt(mp_int *a, mp_digit k);
mp_err mp_sqrt(mp_int *a, mp_int *b);
/*------------------------------------------------------------------------*/
/* Modular arithmetic */
#if MP_MODARITH
mp_err mp_mod(mp_int *a, mp_int *m, mp_int *c);
mp_err mp_mod_d(mp_int *a, mp_digit d, mp_digit *c);
mp_err mp_addmod(mp_int *a, mp_int *b, mp_int *m, mp_int *c);
mp_err mp_submod(mp_int *a, mp_int *b, mp_int *m, mp_int *c);
mp_err mp_mulmod(mp_int *a, mp_int *b, mp_int *m, mp_int *c);
#if MP_SQUARE
mp_err mp_sqrmod(mp_int *a, mp_int *m, mp_int *c);
#else
#define mp_sqrmod(a, m, c) mp_mulmod(a, a, m, c)
#endif
mp_err mp_exptmod(mp_int *a, mp_int *b, mp_int *m, mp_int *c);
mp_err mp_exptmod_d(mp_int *a, mp_digit d, mp_int *m, mp_int *c);
#endif /* MP_MODARITH */
/*------------------------------------------------------------------------*/
/* Comparisons */
int mp_cmp_z(mp_int *a);
int mp_cmp_d(mp_int *a, mp_digit d);
int mp_cmp(mp_int *a, mp_int *b);
int mp_cmp_mag(mp_int *a, mp_int *b);
int mp_cmp_int(mp_int *a, long z);
int mp_isodd(mp_int *a);
int mp_iseven(mp_int *a);
/*------------------------------------------------------------------------*/
/* Number theoretic */
#if MP_NUMTH
mp_err mp_gcd(mp_int *a, mp_int *b, mp_int *c);
mp_err mp_lcm(mp_int *a, mp_int *b, mp_int *c);
mp_err mp_xgcd(mp_int *a, mp_int *b, mp_int *g, mp_int *x, mp_int *y);
mp_err mp_invmod(mp_int *a, mp_int *m, mp_int *c);
#endif /* end MP_NUMTH */
/*------------------------------------------------------------------------*/
/* Input and output */
#if MP_IOFUNC
void mp_print(mp_int *mp, FILE *ofp);
#endif /* end MP_IOFUNC */
/*------------------------------------------------------------------------*/
/* Base conversion */
#define BITS 1
#define BYTES CHAR_BIT
mp_err mp_read_signed_bin(mp_int *mp, unsigned char *str, int len);
int mp_signed_bin_size(mp_int *mp);
mp_err mp_to_signed_bin(mp_int *mp, unsigned char *str);
mp_err mp_read_unsigned_bin(mp_int *mp, unsigned char *str, int len);
int mp_unsigned_bin_size(mp_int *mp);
mp_err mp_to_unsigned_bin(mp_int *mp, unsigned char *str);
int mp_count_bits(mp_int *mp);
#if MP_COMPAT_MACROS
#define mp_read_raw(mp, str, len) mp_read_signed_bin((mp), (str), (len))
#define mp_raw_size(mp) mp_signed_bin_size(mp)
#define mp_toraw(mp, str) mp_to_signed_bin((mp), (str))
#define mp_read_mag(mp, str, len) mp_read_unsigned_bin((mp), (str), (len))
#define mp_mag_size(mp) mp_unsigned_bin_size(mp)
#define mp_tomag(mp, str) mp_to_unsigned_bin((mp), (str))
#endif
mp_err mp_read_radix(mp_int *mp, unsigned char *str, int radix);
int mp_radix_size(mp_int *mp, int radix);
int mp_value_radix_size(int num, int qty, int radix);
mp_err mp_toradix(mp_int *mp, unsigned char *str, int radix);
int mp_char2value(char ch, int r);
#define mp_tobinary(M, S) mp_toradix((M), (S), 2)
#define mp_tooctal(M, S) mp_toradix((M), (S), 8)
#define mp_todecimal(M, S) mp_toradix((M), (S), 10)
#define mp_tohex(M, S) mp_toradix((M), (S), 16)
/*------------------------------------------------------------------------*/
/* Error strings */
const char *mp_strerror(mp_err ec);
#endif /* end _H_MPI_ */

4216
mpi.old
View File

File diff suppressed because it is too large Load Diff

8
mycrypt.h
View File

@ -9,17 +9,15 @@
#include <limits.h>
/* if there is a custom definition header file use it */
#ifdef HAVE_CUSTOM
#include "mycrypt_custom.h"
#endif
#include <mycrypt_custom.h>
#ifdef __cplusplus
extern "C" {
#endif
/* version */
#define CRYPT 0x0080
#define SCRYPT "0.80"
#define CRYPT 0x0081
#define SCRYPT "0.81"
/* max size of either a cipher/hash block or symmetric key [largest of the two] */
#define MAXBLOCKSIZE 128

17
mycrypt_cfg.h
View File

@ -80,22 +80,5 @@ extern clock_t XCLOCK(void);
#define PACKET_SUB_ENC_KEY 3
#endif
#ifdef MPI
#include "mpi.h"
#else
#ifdef MRSA
#error RSA requires the big int library
#endif
#ifdef MECC
#error ECC requires the big int library
#endif
#ifdef MDH
#error DH requires the big int library
#endif
#ifdef MDSA
#error DSA requires the big int library
#endif
#endif /* MPI */
#endif /* MYCRYPT_CFG_H */

76
mycrypt_custom.h Normal file
View File

@ -0,0 +1,76 @@
/* This header is meant to be included before mycrypt.h in projects where
* you don't want to throw all the defines in a makefile.
*/
#ifndef MYCRYPT_CUSTOM_H_
#define MYCRYPT_CUSTOM_H_
#ifdef CRYPT
#error mycrypt_custom.h should be included before mycrypt.h
#endif
#define XMALLOC malloc
#define XREALLOC realloc
#define XCALLOC calloc
#define XFREE free
#define XCLOCK clock
#define XCLOCKS_PER_SEC CLOCKS_PER_SEC
#define SMALL_CODE
#define BLOWFISH
#define RC2
#define RC5
#define RC6
#define SERPENT
#define SAFERP
#define SAFER
#define RIJNDAEL
#define XTEA
#define TWOFISH
#define DES
#define CAST5
#define NOEKEON
#define CFB
#define OFB
#define ECB
#define CBC
#define CTR
#define SHA512
#define SHA384
#define SHA256
#define TIGER
#define SHA1
#define MD5
#define MD4
#define MD2
#define HMAC
#define BASE64
#define YARROW
#define SPRNG
#define RC4
#define DEVRANDOM
#define MRSA
#define MDH
#define MECC
#define KR
#define DH768
#define DH1024
#define DH1280
#define DH1536
#define DH1792
#define DH2048
#define DH2560
#define DH3072
#define DH4096
#define ECC160
#define ECC192
#define ECC224
#define ECC256
#define ECC384
#define ECC521
#define MPI
#include <mycrypt.h>
#endif

18
mycrypt_pk.h
View File

@ -1,12 +1,28 @@
/* ---- NUMBER THEORY ---- */
#ifdef MPI
#include "tommath.h"
extern int is_prime(mp_int *, int *);
extern int rand_prime(mp_int *N, long len, prng_state *prng, int wprng);
extern mp_err mp_init_multi(mp_int* mp, ...);
extern void mp_clear_multi(mp_int* mp, ...);
#endif
#else
#ifdef MRSA
#error RSA requires the big int library
#endif
#ifdef MECC
#error ECC requires the big int library
#endif
#ifdef MDH
#error DH requires the big int library
#endif
#ifdef MDSA
#error DSA requires the big int library
#endif
#endif /* MPI */
/* ---- PUBLIC KEY CRYPTO ---- */

6
mycrypt_prng.h
View File

@ -56,7 +56,11 @@ extern int prng_is_valid(int idx);
/* Slow RNG you **might** be able to use to seed a PRNG with. Be careful as this
* might not work on all platforms as planned
*/
extern unsigned long rng_get_bytes(unsigned char *buf, unsigned long len, void (*callback)(void));
/* ch2-02-1 */
extern unsigned long rng_get_bytes(unsigned char *buf,
unsigned long len,
void (*callback)(void));
/* ch2-02-1 */
extern int rng_make_prng(int bits, int wprng, prng_state *prng, void (*callback)(void));

5
prime.c
View File

@ -147,11 +147,11 @@ static int next_prime(mp_int *N, mp_digit step)
int res;
mp_int n1, a, y, r;
mp_digit dist, residues[UPPER_LIMIT];
_ARGCHK(N != NULL);
/* first find the residues */
for (x = 0; x < (long)UPPER_LIMIT; x++) {
for (x = 0; x < (long)UPPER_LIMIT; x++) {
if (mp_mod_d(N, prime_tab[x], &residues[x]) != MP_OKAY) {
return CRYPT_MEM;
}
@ -193,7 +193,6 @@ loop:
goto error;
}
}
for (x = 0; x < 8; x++) {
/* choose a */
mp_set(&a, prime_tab[x]);

1
rsa.c
View File

@ -73,7 +73,6 @@ int rsa_make_key(prng_state *prng, int wprng, int size, long e, rsa_key *key)
if (mp_copy(&p, &key->p) != MP_OKAY) { goto error2; }
if (mp_copy(&q, &key->q) != MP_OKAY) { goto error2; }
/* shrink ram required */
if (mp_shrink(&key->e) != MP_OKAY) { goto error2; }

352
tommath.h Normal file
View File

@ -0,0 +1,352 @@
/* LibTomMath, multiple-precision integer library -- Tom St Denis
*
* LibTomMath is library that provides for multiple-precision
* integer arithmetic as well as number theoretic functionality.
*
* The library is designed directly after the MPI library by
* Michael Fromberger but has been written from scratch with
* additional optimizations in place.
*
* The library is free for all purposes without any express
* guarantee it works.
*
* Tom St Denis, tomstdenis@iahu.ca, http://libtommath.iahu.ca
*/
#ifndef BN_H_
#define BN_H_
#include <stdio.h>
#include <string.h>
#include <stdlib.h>
#include <ctype.h>
#include <limits.h>
#undef MIN
#define MIN(x,y) ((x)<(y)?(x):(y))
#undef MAX
#define MAX(x,y) ((x)>(y)?(x):(y))
#ifdef __cplusplus
extern "C" {
#endif
/* some default configurations.
*
* A "mp_digit" must be able to hold DIGIT_BIT + 1 bits
* A "mp_word" must be able to hold 2*DIGIT_BIT + 1 bits
*
* At the very least a mp_digit must be able to hold 7 bits
* [any size beyond that is ok provided it overflow the data type]
*/
#ifdef MP_8BIT
typedef unsigned char mp_digit;
typedef unsigned short mp_word;
#elif defined(MP_16BIT)
typedef unsigned short mp_digit;
typedef unsigned long mp_word;
#else
#ifndef CRYPT
#ifdef _MSC_VER
typedef unsigned __int64 ulong64;
typedef signed __int64 long64;
#else
typedef unsigned long long ulong64;
typedef signed long long long64;
#endif
#endif
/* default case */
typedef unsigned long mp_digit;
typedef ulong64 mp_word;
#define DIGIT_BIT 28
#endif
#ifndef DIGIT_BIT
#define DIGIT_BIT ((CHAR_BIT * sizeof(mp_digit) - 1)) /* bits per digit */
#endif
#define MP_DIGIT_BIT DIGIT_BIT
#define MP_MASK ((((mp_digit)1)<<((mp_digit)DIGIT_BIT))-((mp_digit)1))
#define MP_DIGIT_MAX MP_MASK
/* equalities */
#define MP_LT -1 /* less than */
#define MP_EQ 0 /* equal to */
#define MP_GT 1 /* greater than */
#define MP_ZPOS 0 /* positive integer */
#define MP_NEG 1 /* negative */
#define MP_OKAY 0 /* ok result */
#define MP_MEM -2 /* out of mem */
#define MP_VAL -3 /* invalid input */
#define MP_RANGE MP_VAL
typedef int mp_err;
/* you'll have to tune these... */
extern int KARATSUBA_MUL_CUTOFF,
KARATSUBA_SQR_CUTOFF,
MONTGOMERY_EXPT_CUTOFF;
#define MP_PREC 64 /* default digits of precision */
typedef struct {
int used, alloc, sign;
mp_digit *dp;
} mp_int;
#define USED(m) ((m)->used)
#define DIGIT(m,k) ((m)->dp[k])
#define SIGN(m) ((m)->sign)
/* ---> init and deinit bignum functions <--- */
/* init a bignum */
int mp_init(mp_int *a);
/* free a bignum */
void mp_clear(mp_int *a);
/* exchange two ints */
void mp_exch(mp_int *a, mp_int *b);
/* shrink ram required for a bignum */
int mp_shrink(mp_int *a);
/* ---> Basic Manipulations <--- */
#define mp_iszero(a) (((a)->used == 0) ? 1 : 0)
#define mp_iseven(a) (((a)->used == 0 || (((a)->dp[0] & 1) == 0)) ? 1 : 0)
#define mp_isodd(a) (((a)->used > 0 && (((a)->dp[0] & 1) == 1)) ? 1 : 0)
/* set to zero */
void mp_zero(mp_int *a);
/* set to a digit */
void mp_set(mp_int *a, mp_digit b);
/* set a 32-bit const */
int mp_set_int(mp_int *a, unsigned long b);
/* grow an int to a given size */
int mp_grow(mp_int *a, int size);
/* init to a given number of digits */
int mp_init_size(mp_int *a, int size);
/* copy, b = a */
int mp_copy(mp_int *a, mp_int *b);
/* inits and copies, a = b */
int mp_init_copy(mp_int *a, mp_int *b);
/* trim unused digits */
void mp_clamp(mp_int *a);
/* ---> digit manipulation <--- */
/* right shift by "b" digits */
void mp_rshd(mp_int *a, int b);
/* left shift by "b" digits */
int mp_lshd(mp_int *a, int b);
/* c = a / 2^b */
int mp_div_2d(mp_int *a, int b, mp_int *c, mp_int *d);
/* b = a/2 */
int mp_div_2(mp_int *a, mp_int *b);
/* c = a * 2^b */
int mp_mul_2d(mp_int *a, int b, mp_int *c);
/* b = a*2 */
int mp_mul_2(mp_int *a, mp_int *b);
/* c = a mod 2^d */
int mp_mod_2d(mp_int *a, int b, mp_int *c);
/* computes a = 2^b */
int mp_2expt(mp_int *a, int b);
/* makes a pseudo-random int of a given size */
int mp_rand(mp_int *a, int digits);
/* ---> binary operations <--- */
/* c = a XOR b */
int mp_xor(mp_int *a, mp_int *b, mp_int *c);
/* c = a OR b */
int mp_or(mp_int *a, mp_int *b, mp_int *c);
/* c = a AND b */
int mp_and(mp_int *a, mp_int *b, mp_int *c);
/* ---> Basic arithmetic <--- */
/* b = -a */
int mp_neg(mp_int *a, mp_int *b);
/* b = |a| */
int mp_abs(mp_int *a, mp_int *b);
/* compare a to b */
int mp_cmp(mp_int *a, mp_int *b);
/* compare |a| to |b| */
int mp_cmp_mag(mp_int *a, mp_int *b);
/* c = a + b */
int mp_add(mp_int *a, mp_int *b, mp_int *c);
/* c = a - b */
int mp_sub(mp_int *a, mp_int *b, mp_int *c);
/* c = a * b */
int mp_mul(mp_int *a, mp_int *b, mp_int *c);
/* b = a^2 */
int mp_sqr(mp_int *a, mp_int *b);
/* a/b => cb + d == a */
int mp_div(mp_int *a, mp_int *b, mp_int *c, mp_int *d);
/* c = a mod b, 0 <= c < b */
int mp_mod(mp_int *a, mp_int *b, mp_int *c);
/* ---> single digit functions <--- */
/* compare against a single digit */
int mp_cmp_d(mp_int *a, mp_digit b);
/* c = a + b */
int mp_add_d(mp_int *a, mp_digit b, mp_int *c);
/* c = a - b */
int mp_sub_d(mp_int *a, mp_digit b, mp_int *c);
/* c = a * b */
int mp_mul_d(mp_int *a, mp_digit b, mp_int *c);
/* a/b => cb + d == a */
int mp_div_d(mp_int *a, mp_digit b, mp_int *c, mp_digit *d);
/* c = a^b */
int mp_expt_d(mp_int *a, mp_digit b, mp_int *c);
/* c = a mod b, 0 <= c < b */
int mp_mod_d(mp_int *a, mp_digit b, mp_digit *c);
/* ---> number theory <--- */
/* d = a + b (mod c) */
int mp_addmod(mp_int *a, mp_int *b, mp_int *c, mp_int *d);
/* d = a - b (mod c) */
int mp_submod(mp_int *a, mp_int *b, mp_int *c, mp_int *d);
/* d = a * b (mod c) */
int mp_mulmod(mp_int *a, mp_int *b, mp_int *c, mp_int *d);
/* c = a * a (mod b) */
int mp_sqrmod(mp_int *a, mp_int *b, mp_int *c);
/* c = 1/a (mod b) */
int mp_invmod(mp_int *a, mp_int *b, mp_int *c);
/* c = (a, b) */
int mp_gcd(mp_int *a, mp_int *b, mp_int *c);
/* c = [a, b] or (a*b)/(a, b) */
int mp_lcm(mp_int *a, mp_int *b, mp_int *c);
/* finds one of the b'th root of a, such that |c|^b <= |a|
*
* returns error if a < 0 and b is even
*/
int mp_n_root(mp_int *a, mp_digit b, mp_int *c);
/* shortcut for square root */
#define mp_sqrt(a, b) mp_n_root(a, 2, b)
/* computes the jacobi c = (a | n) (or Legendre if b is prime) */
int mp_jacobi(mp_int *a, mp_int *n, int *c);
/* used to setup the Barrett reduction for a given modulus b */
int mp_reduce_setup(mp_int *a, mp_int *b);
/* Barrett Reduction, computes a (mod b) with a precomputed value c
*
* Assumes that 0 < a <= b^2, note if 0 > a > -(b^2) then you can merely
* compute the reduction as -1 * mp_reduce(mp_abs(a)) [pseudo code].
*/
int mp_reduce(mp_int *a, mp_int *b, mp_int *c);
/* setups the montgomery reduction */
int mp_montgomery_setup(mp_int *a, mp_digit *mp);
/* computes a = B^n mod b without division or multiplication useful for
* normalizing numbers in a Montgomery system.
*/
int mp_montgomery_calc_normalization(mp_int *a, mp_int *b);
/* computes xR^-1 == x (mod N) via Montgomery Reduction */
int mp_montgomery_reduce(mp_int *a, mp_int *m, mp_digit mp);
/* d = a^b (mod c) */
int mp_exptmod(mp_int *a, mp_int *b, mp_int *c, mp_int *d);
/* ---> radix conversion <--- */
int mp_count_bits(mp_int *a);
int mp_unsigned_bin_size(mp_int *a);
int mp_read_unsigned_bin(mp_int *a, unsigned char *b, int c);
int mp_to_unsigned_bin(mp_int *a, unsigned char *b);
int mp_signed_bin_size(mp_int *a);
int mp_read_signed_bin(mp_int *a, unsigned char *b, int c);
int mp_to_signed_bin(mp_int *a, unsigned char *b);
int mp_read_radix(mp_int *a, char *str, int radix);
int mp_toradix(mp_int *a, char *str, int radix);
int mp_radix_size(mp_int *a, int radix);
#define mp_read_raw(mp, str, len) mp_read_signed_bin((mp), (str), (len))
#define mp_raw_size(mp) mp_signed_bin_size(mp)
#define mp_toraw(mp, str) mp_to_signed_bin((mp), (str))
#define mp_read_mag(mp, str, len) mp_read_unsigned_bin((mp), (str), (len))
#define mp_mag_size(mp) mp_unsigned_bin_size(mp)
#define mp_tomag(mp, str) mp_to_unsigned_bin((mp), (str))
#define mp_tobinary(M, S) mp_toradix((M), (S), 2)
#define mp_tooctal(M, S) mp_toradix((M), (S), 8)
#define mp_todecimal(M, S) mp_toradix((M), (S), 10)
#define mp_tohex(M, S) mp_toradix((M), (S), 16)
/* lowlevel functions, do not call! */
int s_mp_add(mp_int *a, mp_int *b, mp_int *c);
int s_mp_sub(mp_int *a, mp_int *b, mp_int *c);
#define s_mp_mul(a, b, c) s_mp_mul_digs(a, b, c, (a)->used + (b)->used + 1)
int fast_s_mp_mul_digs(mp_int *a, mp_int *b, mp_int *c, int digs);
int s_mp_mul_digs(mp_int *a, mp_int *b, mp_int *c, int digs);
int fast_s_mp_mul_high_digs(mp_int *a, mp_int *b, mp_int *c, int digs);
int s_mp_mul_high_digs(mp_int *a, mp_int *b, mp_int *c, int digs);
int fast_s_mp_sqr(mp_int *a, mp_int *b);
int s_mp_sqr(mp_int *a, mp_int *b);
int mp_karatsuba_mul(mp_int *a, mp_int *b, mp_int *c);
int mp_karatsuba_sqr(mp_int *a, mp_int *b);
int fast_mp_invmod(mp_int *a, mp_int *b, mp_int *c);
int fast_mp_montgomery_reduce(mp_int *a, mp_int *m, mp_digit mp);
int mp_exptmod_fast(mp_int *G, mp_int *X, mp_int *P, mp_int *Y);
void bn_reverse(unsigned char *s, int len);
#ifdef __cplusplus
}
#endif
#endif