diff --git a/LICENSE b/LICENSE index 2e83cda..50e7435 100644 --- a/LICENSE +++ b/LICENSE @@ -2,7 +2,7 @@ LibTomCrypt is public domain. As should all quality software be. All of the software was either written by or donated to Tom St Denis for the purposes of this project. The only exception is the SAFER.C source which has no known -license status (assumed copyrighted) which is why SAFER,C is shipped as disabled. +license status (assumed copyrighted) which is why SAFER.C is shipped as disabled. Tom St Denis diff --git a/changes b/changes index cd5ef23..f887acf 100644 --- a/changes +++ b/changes @@ -1,3 +1,31 @@ +October 29th, 2004 +v0.99 -- Merged in the latest version of LTM which includes all of the recent bug fixes + -- Deprecated LTMSSE and removed it (to be replaced with TFM later on) + -- Stefan Arentz pointed out that mp_s_rmap should be extern + -- Kristian Gjøsteen pointed out that there are typos in the + "test" makefile and minor issues in Yarrow and Sober [just cosmetics really] + -- Matthew P. Cashdollar pointed out that "export" is a C++ keyword + so changed the PRNG api to use "pexport" and "pimport" + -- Updated "hashsum" demo so it builds ;-) + -- Added automatic support for x86-64 (will configure for 64-bit little endian automagically) + -- Zhi Chen pointed out a bug in rsa_exptmod which would leak memory on error. + -- Made hash functions "init" return an int. slight change to API ;-( + -- Added "CHC" mode which turns any cipher into a hash the other LTC functions can use + -- Added CHC mode stuff to demos such as tv_gen and hashsum + -- Added "makefile.shared" which builds and installs shared/static object copies + of the library. + -- Added DER for bignum support + -- RSA is now fully joy. rsa_export/rsa_import use PKCS #1 encodings and should be + compatible with other crypto libs that use the format. + -- Added support for x86-64 for the ROL/ROR macros + -- Changed the DLL and SO makefiles to optimize for speed, commented SMALL_CODE in + mycrypt_custom.h and added -DSMALL_CODE to the default makefile + -- Updated primality testing code so it does a minimum of 5 tests [of Miller-Rabin] + (AFAIK not a security fix, just warm fuzzies) + -- Minor updates to the OMAC code (additional __ARGCHK and removed printf from omac_test... oops!) + -- Update build and configuration info which was really really really out of date. (Chapter 14) + ++ Minor update, switch RSA to use the PKCS style CRT + August 6th, 2004 v0.98 -- Update to hmac_init to free all allocated memory on error -- Update to PRNG API to fix import/export functions of Fortuna and Yarrow diff --git a/chc.c b/chc.c new file mode 100644 index 0000000..e144b68 --- /dev/null +++ b/chc.c @@ -0,0 +1,261 @@ +/* LibTomCrypt, modular cryptographic library -- Tom St Denis + * + * LibTomCrypt is a library that provides various cryptographic + * algorithms in a highly modular and flexible manner. + * + * The library is free for all purposes without any express + * guarantee it works. + * + * Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org + */ + +#include "mycrypt.h" + +#ifdef CHC_HASH + +#define UNDEFED_HASH -17 + +/* chc settings */ +static int cipher_idx=UNDEFED_HASH, /* which cipher */ + cipher_blocksize; /* blocksize of cipher */ + + +const struct _hash_descriptor chc_desc = { + "chc_hash", 12, 0, 0, { 0 }, 0, + &chc_init, + &chc_process, + &chc_done, + &chc_test +}; + +/* initialize the CHC state with a given cipher */ +int chc_register(int cipher) +{ + int err, kl, idx; + + if ((err = cipher_is_valid(cipher)) != CRYPT_OK) { + return err; + } + + /* will it be valid? */ + kl = cipher_descriptor[cipher].block_length; + + /* must be >64 bit block */ + if (kl <= 8) { + return CRYPT_INVALID_CIPHER; + } + + /* can we use the ideal keysize? */ + if ((err = cipher_descriptor[cipher].keysize(&kl)) != CRYPT_OK) { + return err; + } + /* we require that key size == block size be a valid choice */ + if (kl != cipher_descriptor[cipher].block_length) { + return CRYPT_INVALID_CIPHER; + } + + /* determine if chc_hash has been register_hash'ed already */ + if ((err = hash_is_valid(idx = find_hash("chc_hash"))) != CRYPT_OK) { + return err; + } + + /* store into descriptor */ + hash_descriptor[idx].hashsize = + hash_descriptor[idx].blocksize = cipher_descriptor[cipher].block_length; + + /* store the idx and block size */ + cipher_idx = cipher; + cipher_blocksize = cipher_descriptor[cipher].block_length; + return CRYPT_OK; +} + +/* "hash init" is simply encrypt 0 with the 0 key. Simple way to make an IV */ +int chc_init(hash_state *md) +{ + symmetric_key *key; + unsigned char buf[MAXBLOCKSIZE]; + int err; + + _ARGCHK(md != NULL); + + /* is the cipher valid? */ + if ((err = cipher_is_valid(cipher_idx)) != CRYPT_OK) { + return err; + } + + if (cipher_blocksize != cipher_descriptor[cipher_idx].block_length) { + return CRYPT_INVALID_CIPHER; + } + + if ((key = XMALLOC(sizeof(*key))) == NULL) { + return CRYPT_MEM; + } + + /* zero key and what not */ + zeromem(buf, cipher_blocksize); + if ((err = cipher_descriptor[cipher_idx].setup(buf, cipher_blocksize, 0, key)) != CRYPT_OK) { + XFREE(key); + return err; + } + + /* encrypt zero block */ + cipher_descriptor[cipher_idx].ecb_encrypt(buf, md->chc.state, key); + + /* zero other members */ + md->chc.length = 0; + md->chc.curlen = 0; + zeromem(md->chc.buf, sizeof(md->chc.buf)); + XFREE(key); + return CRYPT_OK; +} + +/* + key <= state + T0,T1 <= block + T0 <= encrypt T0 + state <= state xor T0 xor T1 +*/ +static int chc_compress(hash_state *md, unsigned char *buf) +{ + unsigned char T[2][MAXBLOCKSIZE]; + symmetric_key *key; + int err, x; + + if ((key = XMALLOC(sizeof(*key))) == NULL) { + return CRYPT_MEM; + } + if ((err = cipher_descriptor[cipher_idx].setup(md->chc.state, cipher_blocksize, 0, key)) != CRYPT_OK) { + XFREE(key); + return err; + } + memcpy(T[1], buf, cipher_blocksize); + cipher_descriptor[cipher_idx].ecb_encrypt(buf, T[0], key); + for (x = 0; x < cipher_blocksize; x++) { + md->chc.state[x] ^= T[0][x] ^ T[1][x]; + } + XFREE(key); +#ifdef CLEAN_STACK + zeromem(T, sizeof(T)); + zeromem(&key, sizeof(key)); +#endif + return CRYPT_OK; +} + +HASH_PROCESS(_chc_process, chc_compress, chc, (unsigned long)cipher_blocksize) + +int chc_process(hash_state * md, const unsigned char *buf, unsigned long len) +{ + int err; + + _ARGCHK(md != NULL); + _ARGCHK(buf != NULL); + + /* is the cipher valid? */ + if ((err = cipher_is_valid(cipher_idx)) != CRYPT_OK) { + return err; + } + if (cipher_blocksize != cipher_descriptor[cipher_idx].block_length) { + return CRYPT_INVALID_CIPHER; + } + + return _chc_process(md, buf, len); +} + +int chc_done(hash_state *md, unsigned char *buf) +{ + int err; + + _ARGCHK(md != NULL); + _ARGCHK(buf != NULL); + + /* is the cipher valid? */ + if ((err = cipher_is_valid(cipher_idx)) != CRYPT_OK) { + return err; + } + if (cipher_blocksize != cipher_descriptor[cipher_idx].block_length) { + return CRYPT_INVALID_CIPHER; + } + + if (md->chc.curlen >= sizeof(md->chc.buf)) { + return CRYPT_INVALID_ARG; + } + + /* increase the length of the message */ + md->chc.length += md->chc.curlen * 8; + + /* append the '1' bit */ + md->chc.buf[md->chc.curlen++] = (unsigned char)0x80; + + /* if the length is currently above l-8 bytes we append zeros + * then compress. Then we can fall back to padding zeros and length + * encoding like normal. + */ + if (md->chc.curlen > (unsigned long)(cipher_blocksize - 8)) { + while (md->chc.curlen < (unsigned long)cipher_blocksize) { + md->chc.buf[md->chc.curlen++] = (unsigned char)0; + } + chc_compress(md, md->chc.buf); + md->chc.curlen = 0; + } + + /* pad upto l-8 bytes of zeroes */ + while (md->chc.curlen < (unsigned long)(cipher_blocksize - 8)) { + md->chc.buf[md->chc.curlen++] = (unsigned char)0; + } + + /* store length */ + STORE64L(md->chc.length, md->chc.buf+(cipher_blocksize-8)); + chc_compress(md, md->chc.buf); + + /* copy output */ + XMEMCPY(buf, md->chc.state, cipher_blocksize); + +#ifdef CLEAN_STACK + zeromem(md, sizeof(hash_state)); +#endif + return CRYPT_OK; +} + +int chc_test(void) +{ + static const struct { + unsigned char *msg, + md[MAXBLOCKSIZE]; + int len; + } tests[] = { +{ + (unsigned char *)"hello world", + { 0xcf, 0x57, 0x9d, 0xc3, 0x0a, 0x0e, 0xea, 0x61, + 0x0d, 0x54, 0x47, 0xc4, 0x3c, 0x06, 0xf5, 0x4e }, + 16 +} +}; + int x, oldhashidx, idx; + unsigned char out[MAXBLOCKSIZE]; + hash_state md; + + /* AES can be under rijndael or aes... try to find it */ + if ((idx = find_cipher("aes")) == -1) { + if ((idx = find_cipher("rijndael")) == -1) { + return CRYPT_NOP; + } + } + oldhashidx = cipher_idx; + chc_register(idx); + + for (x = 0; x < (int)(sizeof(tests)/sizeof(tests[0])); x++) { + chc_init(&md); + chc_process(&md, tests[x].msg, strlen((char *)tests[x].msg)); + chc_done(&md, out); + if (memcmp(out, tests[x].md, tests[x].len)) { + return CRYPT_FAIL_TESTVECTOR; + } + } + if (oldhashidx != UNDEFED_HASH) { + chc_register(oldhashidx); + } + + return CRYPT_OK; +} + +#endif diff --git a/crypt b/crypt deleted file mode 100644 index 88a14ee..0000000 --- a/crypt +++ /dev/null @@ -1,25 +0,0 @@ -%PDF-1.3 -%Ç쏢 -3 0 obj -<< /Type /Pages /Kids [ -] /Count 0 ->> -endobj -1 0 obj -<> -endobj -2 0 obj -<>endobj -xref -0 4 -0000000000 65535 f -0000000068 00000 n -0000000116 00000 n -0000000015 00000 n -trailer -<< /Size 4 /Root 1 0 R /Info 2 0 R ->> -startxref -166 -%%EOF diff --git a/crypt.c b/crypt.c index 56b5c5a..3a4bdc3 100644 --- a/crypt.c +++ b/crypt.c @@ -123,6 +123,9 @@ const char *crypt_build_settings = #if defined(WHIRLPOOL) " WHIRLPOOL\n" #endif +#if defined(CHC_HASH) + " CHC_HASH \n" +#endif "\nBlock Chaining Modes:\n" #if defined(CFB) diff --git a/crypt.tex b/crypt.tex index 875d903..b8acb3f 100644 --- a/crypt.tex +++ b/crypt.tex @@ -47,7 +47,7 @@ \def\gap{\vspace{0.5ex}} \makeindex \begin{document} -\title{LibTomCrypt \\ Version 0.98} +\title{LibTomCrypt \\ Version 0.99} \author{Tom St Denis \\ \\ tomstdenis@iahu.ca \\ @@ -199,24 +199,6 @@ of the ciphers and hashes are patent free or under patents that have since expir The RC2 and RC4 symmetric ciphers are not under patents but are under trademark regulations. This means you can use the ciphers you just can't advertise that you are doing so. -\section{Building the library} - -To build the library on a GCC equipped platform simply type ``make'' at your command prompt. It will build the library -file ``libtomcrypt.a''. - -To install the library copy all of the ``.h'' files into your ``\#include'' path and the single libtomcrypt.a file into -your library path. - -With MSVC you can build the library with ``nmake -f makefile.msvc''. This will produce a ``tomcrypt.lib'' file which -is the core library. Copy the header files into your MSVC include path and the library in the lib path (typically -under where VC98 is installed). - -\section{Building against the library} - -In the recent versions the build steps have changed. The build options are now stored in ``mycrypt\_custom.h'' and -no longer in the makefile. If you change a build option in that file you must re-build the library from clean to -ensure the build is intact. - \section{Thanks} I would like to give thanks to the following people (in no particular order) for helping me develop this project from early on: @@ -1354,7 +1336,60 @@ int register_hash(const struct _hash_descriptor *hash); int unregister_hash(const struct _hash_descriptor *hash); \end{verbatim} -\subsection{Notice} +\section{Cipher Hash Construction} +\index{Cipher Hash Construction} +An addition to the suite of hash functions is the ``Cipher Hash Construction'' or ``CHC'' mode. In this mode +applicable block ciphers (such as AES) can be turned into hash functions that other LTC functions can use. In +particular this allows a cryptosystem to be designed using very few moving parts. + +In order to use the CHC system the developer will have to take a few extra steps. First the ``chc\_desc'' hash +descriptor must be registered with register\_hash(). At this point the CHC hash cannot be used to hash +data. While it is in the hash system you still have to tell the CHC code which cipher to use. This is accomplished +via the chc\_register() function. + +\index{chc\_register()} +\begin{verbatim} +int chc_register(int cipher); +\end{verbatim} + +A cipher has to be registered with CHC (and also in the cipher descriptor tables with +register\_cipher()). The chc\_register() function will bind a cipher to the CHC system. Only one cipher can +be bound to the CHC hash at a time. There are additional requirements for the system to work. + +\begin{enumerate} + \item The cipher must have a block size greater than 64--bits. + \item The cipher must allow an input key the size of the block size. +\end{enumerate} + +Example of using CHC with the AES block cipher. + +\begin{verbatim} +#include +int main(void) +{ + int err; + + /* register cipher and hash */ + if (register_cipher(&aes_enc_desc) == -1) { + printf("Could not register cipher\n"); + return EXIT_FAILURE; + } + if (register_hash(&chc_desc) == -1) { + printf("Could not register hash\n"); + return EXIT_FAILURE; + } + + /* start chc with AES */ + if ((err = chc_register(find_cipher("aes"))) != CRYPT_OK) { + printf("Error binding AES to CHC: %s\n", error_to_string(err)); + } + + /* now you can use chc_hash in any LTC function [aside from pkcs...] */ + /* ... */ +\end{verbatim} + + +\section{Notice} It is highly recommended that you \textbf{not} use the MD4 or MD5 hashes for the purposes of digital signatures or authentication codes. These hashes are provided for completeness and they still can be used for the purposes of password hashing or one-way accumulators (e.g. Yarrow). @@ -2260,10 +2295,11 @@ Note that the ``rsa\_make\_key()'' function allocates memory at runtime when you ``rsa\_free()'' (see below) when you are finished with the key. If ``rsa\_make\_key()'' fails it will automatically free the ram allocated itself. -There are three types of RSA keys. The types are {\bf PK\_PRIVATE\_OPTIMIZED}, {\bf PK\_PRIVATE} and {\bf PK\_PUBLIC}. The first -two are private keys where the ``optimized'' type uses the Chinese Remainder Theorem to speed up decryption/signatures. By -default all new keys are of the ``optimized'' type. The non-optimized private type is provided for backwards compatibility -as well as to save space since the optimized key requires about four times as much memory. +\index{PK\_PRIVATE} \index{PK\_PUBLIC} +There are two types of RSA keys. The types are {\bf PK\_PRIVATE} and {\bf PK\_PUBLIC}. The first type is a private +RSA key which includes the CRT parameters\footnote{As of v0.99 the PK\_PRIVATE\_OPTIMIZED type has been deprecated +and has been replaced by the PK\_PRIVATE type.} in the form of a RSAPrivateKey. The second type is a public RSA key +which only includes the modulus and public exponent. It takes the form of a RSAPublicKey. \subsection{RSA Exponentiation} @@ -2416,79 +2452,6 @@ int main(void) } \end{verbatim} -\chapter{Password Based Cryptography} -\section{PKCS \#5} -In order to securely handle user passwords for the purposes of creating session keys and chaining IVs the PKCS \#5 was drafted. PKCS \#5 -is made up of two algorithms, Algorithm One and Algorithm Two. Algorithm One is the older fairly limited algorithm which has been implemented -for completeness. Algorithm Two is a bit more modern and more flexible to work with. - -\section{Algorithm One} -Algorithm One accepts as input a password, an 8--byte salt and an iteration counter. The iteration counter is meant to act as delay for -people trying to brute force guess the password. The higher the iteration counter the longer the delay. This algorithm also requires a hash -algorithm and produces an output no longer than the output of the hash. - -\index{pkcs\_5\_alg1()} -\begin{alltt} -int pkcs_5_alg1(const unsigned char *password, unsigned long password_len, - const unsigned char *salt, - int iteration_count, int hash_idx, - unsigned char *out, unsigned long *outlen) -\end{alltt} -Where ``password'' is the users password. Since the algorithm allows binary passwords you must also specify the length in ``password\_len''. -The ``salt'' is a fixed size 8--byte array which should be random for each user and session. The ``iteration\_count'' is the delay desired -on the password. The ``hash\_idx'' is the index of the hash you wish to use in the descriptor table. - -The output of length upto ``outlen'' is stored in ``out''. If ``outlen'' is initially larger than the size of the hash functions output -it is set to the number of bytes stored. If it is smaller than not all of the hash output is stored in ``out''. - -\section{Algorithm Two} - -Algorithm Two is the recommended algorithm for this task. It allows variable length salts and can produce outputs larger than the -hash functions output. As such it can easily be used to derive session keys for ciphers and MACs as well initial vectors as required -from a single password and invokation of this algorithm. - -\index{pkcs\_5\_alg2()} -\begin{alltt} -int pkcs_5_alg2(const unsigned char *password, unsigned long password_len, - const unsigned char *salt, unsigned long salt_len, - int iteration_count, int hash_idx, - unsigned char *out, unsigned long *outlen) -\end{alltt} -Where ``password'' is the users password. Since the algorithm allows binary passwords you must also specify the length in ``password\_len''. -The ``salt'' is an array of size ``salt\_len''. It should be random for each user and session. The ``iteration\_count'' is the delay desired -on the password. The ``hash\_idx'' is the index of the hash you wish to use in the descriptor table. The output of length upto -``outlen'' is stored in ``out''. - -\begin{alltt} -/* demo to show how to make session state material from a password */ -#include -int main(void) -\{ - unsigned char password[100], salt[100], - cipher_key[16], cipher_iv[16], - mac_key[16], outbuf[48]; - int err, hash_idx; - unsigned long outlen, password_len, salt_len; - - /* register hash and get it's idx .... */ - - /* get users password and make up a salt ... */ - - /* create the material (100 iterations in algorithm) */ - outlen = sizeof(outbuf); - if ((err = pkcs_5_alg2(password, password_len, salt, salt_len, - 100, hash_idx, outbuf, &outlen)) != CRYPT_OK) \{ - /* error handle */ - \} - - /* now extract it */ - memcpy(cipher_key, outbuf, 16); - memcpy(cipher_iv, outbuf+16, 16); - memcpy(mac_key, outbuf+32, 16); - - /* use material (recall to store the salt in the output) */ -\} -\end{alltt} \chapter{Diffie-Hellman Key Exchange} @@ -2918,8 +2881,6 @@ int dsa_verify_key(dsa_key *key, int *stat); This will test ``key'' and store the result in ``stat''. If the result is $stat = 0$ the DSA key failed one of the tests and should not be used at all. If the result is $stat = 1$ the DSA key is valid (as far as valid mathematics are concerned). - - \section{Signatures} To generate a DSA signature call the following function @@ -2969,6 +2930,153 @@ int dsa_import(const unsigned char *in, unsigned long inlen, This will import the DSA key from the buffer ``in'' of length ``inlen'' to the ``key''. If the process fails the function will automatically free all of the heap allocated in the process (you don't have to call dsa\_free()). +\chapter{Standards Support} +\section{DER Support} +DER or ``Distinguished Encoding Rules'' is a subset of the ASN.1 encoding rules that is fully deterministic and +ideal for cryptography. In particular ASN.1 specifies an INTEGER type for storing arbitrary sized integers. DER +further limits the ASN.1 specifications to a deterministic encoding. + +\subsection{Storing INTEGER types} +\index{der\_encode\_integer()} +\begin{alltt} +int der_encode_integer(mp_int *num, unsigned char *out, unsigned long *outlen); +\end{alltt} + +This will store the integer in ``num'' to the output buffer ``out'' of length ``outlen''. It only stores +non--negative numbers. It stores the number of octets used back in ``outlen''. + +\subsection{Reading INTEGER types} +\index{der\_decode\_integer()} +\begin{alltt} +int der_decode_integer(const unsigned char *in, unsigned long *inlen, mp_int *num); +\end{alltt} +This will decode the DER encoded INTEGER in ``in'' of length ``inlen'' and store the resulting integer +in ``num''. It will store the bytes read in ``inlen'' which is handy if you have to parse multiple +data items out of a binary packet. + +\subsection{INTEGER length} +\index{der\_length\_integer()} +\begin{alltt} +int der_length_integer(mp_int *num, unsigned long *len); +\end{alltt} +This will determine the length of the DER encoding of the integer ``num'' and store it in ``len''. + +\subsection{Multiple INTEGER types} +To simplify the DER encoding/decoding there are two functions two handle multple types at once. + +\index{der\_put\_multi\_integer()} +\index{der\_get\_multi\_integer()} +\begin{alltt} +int der_put_multi_integer(unsigned char *dst, unsigned long *outlen, mp_int *num, ...); +int der_get_multi_integer(const unsigned char *src, unsigned long *inlen, mp_int *num, ...); +\end{alltt} + +These will handle multiple encodings/decodings at once. They work like their single operand counterparts +except they handle a \textbf{NULL} terminated list of operands. + +\begin{verbatim} +#include +int main(void) +{ + mp_int a, b, c, d; + unsigned char buffer[1000]; + unsigned long len; + int err; + + /* init a,b,c,d with some values ... */ + + /* ok we want to store them now... */ + len = sizeof(buffer); + if ((err = der_put_multi_integer(buffer, &len, + &a, &b, &c, &d, NULL)) != CRYPT_OK) { + // error + } + printf("I stored %lu bytes in buf\n", len); + + /* ok say we want to get them back for fun */ + /* len set previously...otherwise set it to the size of the packet */ + if ((err = der_get_multi_integer(buffer, &len, + &a, &b, &c, &d, NULL)) != CRYPT_OK) { + // error + } + printf("I read %lu bytes from buf\n", len); +} +\end{verbatim} +\section{Password Based Cryptography} +\subsection{PKCS \#5} +In order to securely handle user passwords for the purposes of creating session keys and chaining IVs the PKCS \#5 was drafted. PKCS \#5 +is made up of two algorithms, Algorithm One and Algorithm Two. Algorithm One is the older fairly limited algorithm which has been implemented +for completeness. Algorithm Two is a bit more modern and more flexible to work with. + +\subsection{Algorithm One} +Algorithm One accepts as input a password, an 8--byte salt and an iteration counter. The iteration counter is meant to act as delay for +people trying to brute force guess the password. The higher the iteration counter the longer the delay. This algorithm also requires a hash +algorithm and produces an output no longer than the output of the hash. + +\index{pkcs\_5\_alg1()} +\begin{alltt} +int pkcs_5_alg1(const unsigned char *password, unsigned long password_len, + const unsigned char *salt, + int iteration_count, int hash_idx, + unsigned char *out, unsigned long *outlen) +\end{alltt} +Where ``password'' is the users password. Since the algorithm allows binary passwords you must also specify the length in ``password\_len''. +The ``salt'' is a fixed size 8--byte array which should be random for each user and session. The ``iteration\_count'' is the delay desired +on the password. The ``hash\_idx'' is the index of the hash you wish to use in the descriptor table. + +The output of length upto ``outlen'' is stored in ``out''. If ``outlen'' is initially larger than the size of the hash functions output +it is set to the number of bytes stored. If it is smaller than not all of the hash output is stored in ``out''. + +\subsection{Algorithm Two} + +Algorithm Two is the recommended algorithm for this task. It allows variable length salts and can produce outputs larger than the +hash functions output. As such it can easily be used to derive session keys for ciphers and MACs as well initial vectors as required +from a single password and invokation of this algorithm. + +\index{pkcs\_5\_alg2()} +\begin{alltt} +int pkcs_5_alg2(const unsigned char *password, unsigned long password_len, + const unsigned char *salt, unsigned long salt_len, + int iteration_count, int hash_idx, + unsigned char *out, unsigned long *outlen) +\end{alltt} +Where ``password'' is the users password. Since the algorithm allows binary passwords you must also specify the length in ``password\_len''. +The ``salt'' is an array of size ``salt\_len''. It should be random for each user and session. The ``iteration\_count'' is the delay desired +on the password. The ``hash\_idx'' is the index of the hash you wish to use in the descriptor table. The output of length upto +``outlen'' is stored in ``out''. + +\begin{alltt} +/* demo to show how to make session state material from a password */ +#include +int main(void) +\{ + unsigned char password[100], salt[100], + cipher_key[16], cipher_iv[16], + mac_key[16], outbuf[48]; + int err, hash_idx; + unsigned long outlen, password_len, salt_len; + + /* register hash and get it's idx .... */ + + /* get users password and make up a salt ... */ + + /* create the material (100 iterations in algorithm) */ + outlen = sizeof(outbuf); + if ((err = pkcs_5_alg2(password, password_len, salt, salt_len, + 100, hash_idx, outbuf, &outlen)) != CRYPT_OK) \{ + /* error handle */ + \} + + /* now extract it */ + memcpy(cipher_key, outbuf, 16); + memcpy(cipher_iv, outbuf+16, 16); + memcpy(mac_key, outbuf+32, 16); + + /* use material (recall to store the salt in the output) */ +\} +\end{alltt} + + \chapter{Miscellaneous} \section{Base64 Encoding and Decoding} The library provides functions to encode and decode a RFC1521 base64 coding scheme. This means that it can decode what it @@ -3202,18 +3310,77 @@ possible as some compilers may ignore the ``volatile'' keyword or have multiple is modular enough putting the locks in the right place should not bloat the code significantly and will solve all thread safety issues within the library. -\chapter{Configuring the Library} +\chapter{Configuring and Building the Library} \section{Introduction} The library is fairly flexible about how it can be built, used and generally distributed. Additions are being made with -each new release that will make the library even more flexible. Most options are placed in the makefile and others -are in ``mycrypt\_cfg.h''. All are used when the library is built from scratch. +each new release that will make the library even more flexible. Each of the classes of functions can be disabled during +the build process to make a smaller library. This is particularly useful for shared libraries. -For GCC platforms the file ``makefile'' is the makefile to be used. On MSVC platforms ``makefile.vc'' and on PS2 platforms -``makefile.ps2''. +\section{Building a Static Library} +The library can be built as a static library which is generally the simplest and most portable method of +building the library. With a CC or GCC equipped platform you can issue the following + +\begin{alltt} +make install_lib +\end{alltt} + +Which will build the library and install it in /usr/lib (as well as the headers in /usr/include). The destination +directory of the library and headers can be changed by editing ``makefile''. The variable LIBNAME controls +where the library is to be installed and INCNAME controls where the headers are to be installed. A developer can +then use the library by including ``mycrypt.h'' in their program and linking against ``libtomcrypt.a''. + +A static library can also be built with the Intel C Compiler (ICC) by issuing the following + +\begin{alltt} +make -f makefile.icc install +\end{alltt} + +This will also build ``libtomcrypt.a'' except that it will use ICC. Additionally Microsoft's Visual C 6.00 can be used +by issuing + +\begin{alltt} +nmake -f makefile.msvc +\end{alltt} + +You will have to manually copy ``tomcrypt.lib'' and the headers to your MSVC lib/inc directories. + +\subsection{MPI Control} +If you already have LibTomMath installed you can safely remove it from the build. By commenting the line +in the appropriate makefile which starts with + +\begin{alltt} +MPIOBJECT=mpi +\end{alltt} + +Simply place a \# at the start and re-build the library. To properly link applications you will have to also +link in LibTomMath. Removing MPI has the benefit of cutting down the library size as well potentially have access +to the latest mpi. + +\section{Building a Shared Library} +LibTomCrypt can also be built as a shared library (.so, .dll, etc...). With non-Windows platforms the assumption +of the presence of gcc and ``libtool'' has been made. These are fairly common on Unix/Linux/BSD platforms. To +build a .so shared library issue + +\begin{alltt} +make -f makefile.shared +\end{alltt} +This will use libtool and gcc to build a shared library ``libtomcrypt.la'' as well as a static library ``libtomcrypt.a'' +and install them into /usr/lib (and the headers into /usr/include). To link your application you should use the +libtool program in ``--mode=link''. + +You can also build LibTomCrypt as a shared library (DLL) in Windows with Cygwin. Issue the following + +\begin{alltt} +make -f makefile.cygwin_dll +\end{alltt} +This will build ``libtomcrypt.dll.a'' which is an import library for ``libtomcrypt.dll''. You must copy +``libtomcrypt.dll.a'' to your library directory, ``libtomcrypt.dll' to somewhere in your PATH and the header +files to your include directory. So long as ``libtomcrypt.dll'' is in your system path you can run any LibTomCrypt +program that uses it. \section{mycrypt\_cfg.h} -The file ``mycrypt\_cfg.h'' is what lets you control what functionality you want to remove from the library. By default, -everything the library has to offer it built. +The file ``mycrypt\_cfg.h'' is what lets you control various high level macros which control the behaviour +of the library. \subsubsection{ARGTYPE} This lets you control how the \_ARGCHK macro will behave. The macro is used to check pointers inside the functions against @@ -3226,17 +3393,18 @@ and no error checking will be performed. There are five macros related to endianess issues. For little endian platforms define, ENDIAN\_LITTLE. For big endian platforms define ENDIAN\_BIG. Similarly when the default word size of an ``unsigned long'' is 32-bits define ENDIAN\_32BITWORD or define ENDIAN\_64BITWORD when its 64-bits. If you do not define any of them the library will automatically use ENDIAN\_NEUTRAL -which will work on all platforms. Currently the system will automatically detect GCC or MSVC on a windows platform as well -as GCC on a PS2 platform. +which will work on all platforms. + +Currently LibTomCrypt will detect x86-32 and x86-64 running GCC as well as x86-32 running MSVC. \section{The Configure Script} -There are also options you can specify from the configure script or ``mycrypt\_config.h''. +There are also options you can specify from the configure script or ``mycrypt\_custom.h''. \subsubsection{X memory routines} -The makefiles must define three macros denoted as XMALLOC, XCALLOC and XFREE which resolve to the name of the respective -functions. This lets you substitute in your own memory routines. If you substitute in your own functions they must behave -like the standard C library functions in terms of what they expect as input and output. By default the library uses the -standard C routines. +At the top of mycrypt\_custom.h are four macros denoted as XMALLOC, XCALLOC, XREALLOC and XFREE which resolve to +the name of the respective functions. This lets you substitute in your own memory routines. If you substitute in +your own functions they must behave like the standard C library functions in terms of what they expect as input and +output. By default the library uses the standard C routines. \subsubsection{X clock routines} The rng\_get\_bytes() function can call a function that requires the clock() function. These macros let you override @@ -3244,17 +3412,22 @@ the default clock() used with a replacement. By default the standard C library \subsubsection{NO\_FILE} During the build if NO\_FILE is defined then any function in the library that uses file I/O will not call the file I/O -functions and instead simply return CRYPT\_ERROR. This should help resolve any linker errors stemming from a lack of +functions and instead simply return CRYPT\_NOP. This should help resolve any linker errors stemming from a lack of file I/O on embedded platforms. \subsubsection{CLEAN\_STACK} -When this functions is defined the functions that store key material on the stack will clean up afterwards. Assumes that -you have no memory paging with the stack. +When this functions is defined the functions that store key material on the stack will clean up afterwards. +Assumes that you have no memory paging with the stack. + +\subsubsection{LTC\_TEST} +When this has been defined the various self--test functions (for ciphers, hashes, prngs, etc) are included in the build. +When this has been undefined the tests are removed and if called will return CRYPT\_NOP. \subsubsection{Symmetric Ciphers, One-way Hashes, PRNGS and Public Key Functions} -There are a plethora of macros for the ciphers, hashes, PRNGs and public key functions which are fairly self-explanatory. -When they are defined the functionality is included otherwise it is not. There are some dependency issues which are -noted in the file. For instance, Yarrow requires CTR chaining mode, a block cipher and a hash function. +There are a plethora of macros for the ciphers, hashes, PRNGs and public key functions which are fairly +self-explanatory. When they are defined the functionality is included otherwise it is not. There are some +dependency issues which are noted in the file. For instance, Yarrow requires CTR chaining mode, a block +cipher and a hash function. \subsubsection{TWOFISH\_SMALL and TWOFISH\_TABLES} Twofish is a 128-bit symmetric block cipher that is provided within the library. The cipher itself is flexible enough @@ -3272,6 +3445,20 @@ it will not speed up the encryption or decryption functions. When this is defined some of the code such as the Rijndael and SAFER+ ciphers are replaced with smaller code variants. These variants are slower but can save quite a bit of code space. +\section{MPI Tweaks} +\subsection{RSA Only Tweak} +If you plan on only using RSA with moduli in the range of 1024 to 2560 bits you can enable a series of tweaks +to reduce the library size. Follow these steps + +\begin{enumerate} + \item Undefine MDSA, MECC and MDH from mycrypt\_custom.h + \item Undefine LTM\_ALL from tommath\_superclass.h + \item Define SC\_RSA\_1 from tommath\_superclass.h + \item Rebuild the library. +\end{enumerate} + + + \input{crypt.ind} \end{document} diff --git a/cscope.tmplst b/cscope.tmplst new file mode 100644 index 0000000..7fabc86 --- /dev/null +++ b/cscope.tmplst @@ -0,0 +1,219 @@ +./aes.c +./aes_tab.c +./base64_decode.c +./base64_encode.c +./blowfish.c +./burn_stack.c +./cast5.c +./cbc_decrypt.c +./cbc_encrypt.c +./cbc_getiv.c +./cbc_setiv.c +./cbc_start.c +./cfb_decrypt.c +./cfb_encrypt.c +./cfb_getiv.c +./cfb_setiv.c +./cfb_start.c +./chc.c +./crypt.c +./crypt_argchk.c +./crypt_cipher_descriptor.c +./crypt_cipher_is_valid.c +./crypt_find_cipher.c +./crypt_find_cipher_any.c +./crypt_find_cipher_id.c +./crypt_find_hash.c +./crypt_find_hash_any.c +./crypt_find_hash_id.c +./crypt_find_prng.c +./crypt_hash_descriptor.c +./crypt_hash_is_valid.c +./crypt_prng_descriptor.c +./crypt_prng_is_valid.c +./crypt_register_cipher.c +./crypt_register_hash.c +./crypt_register_prng.c +./crypt_unregister_cipher.c +./crypt_unregister_hash.c +./crypt_unregister_prng.c +./ctr_decrypt.c +./ctr_encrypt.c +./ctr_getiv.c +./ctr_setiv.c +./ctr_start.c +./demos/encrypt.c +./demos/hashsum.c +./demos/small.c +./demos/test/base64_test.c +./demos/test/cipher_hash_test.c +./demos/test/der_tests.c +./demos/test/dh_tests.c +./demos/test/dsa_test.c +./demos/test/ecc_test.c +./demos/test/mac_test.c +./demos/test/makefile +./demos/test/makefile.icc +./demos/test/makefile.msvc +./demos/test/makefile.shared +./demos/test/modes_test.c +./demos/test/pkcs_1_test.c +./demos/test/rsa_test.c +./demos/test/store_test.c +./demos/test/test.c +./demos/test/test.h +./demos/tv_gen.c +./demos/x86_prof.c +./der_decode_integer.c +./der_encode_integer.c +./der_get_multi_integer.c +./der_length_integer.c +./der_put_multi_integer.c +./des.c +./dh.c +./dh_sys.c +./dsa_export.c +./dsa_free.c +./dsa_import.c +./dsa_make_key.c +./dsa_sign_hash.c +./dsa_verify_hash.c +./dsa_verify_key.c +./eax_addheader.c +./eax_decrypt.c +./eax_decrypt_verify_memory.c +./eax_done.c +./eax_encrypt.c +./eax_encrypt_authenticate_memory.c +./eax_init.c +./eax_test.c +./ecb_decrypt.c +./ecb_encrypt.c +./ecb_start.c +./ecc.c +./ecc_sys.c +./error_to_string.c +./fortuna.c +./hash_file.c +./hash_filehandle.c +./hash_memory.c +./hmac_done.c +./hmac_file.c +./hmac_init.c +./hmac_memory.c +./hmac_process.c +./hmac_test.c +./is_prime.c +./ltc_tommath.h +./makefile +./makefile.cygwin_dll +./makefile.icc +./makefile.msvc +./makefile.shared +./md2.c +./md4.c +./md5.c +./mpi.c +./mpi_to_ltc_error.c +./mycrypt.h +./mycrypt_argchk.h +./mycrypt_cfg.h +./mycrypt_cipher.h +./mycrypt_custom.h +./mycrypt_hash.h +./mycrypt_macros.h +./mycrypt_misc.h +./mycrypt_pk.h +./mycrypt_pkcs.h +./mycrypt_prng.h +./noekeon.c +./notes/etc/whirlgen.c +./notes/etc/whirltest.c +./ocb_decrypt.c +./ocb_decrypt_verify_memory.c +./ocb_done_decrypt.c +./ocb_done_encrypt.c +./ocb_encrypt.c +./ocb_encrypt_authenticate_memory.c +./ocb_init.c +./ocb_ntz.c +./ocb_shift_xor.c +./ocb_test.c +./ofb_decrypt.c +./ofb_encrypt.c +./ofb_getiv.c +./ofb_setiv.c +./ofb_start.c +./omac_done.c +./omac_file.c +./omac_init.c +./omac_memory.c +./omac_process.c +./omac_test.c +./packet_store_header.c +./packet_valid_header.c +./pkcs_1_i2osp.c +./pkcs_1_mgf1.c +./pkcs_1_oaep_decode.c +./pkcs_1_oaep_encode.c +./pkcs_1_os2ip.c +./pkcs_1_pss_decode.c +./pkcs_1_pss_encode.c +./pkcs_1_v15_es_decode.c +./pkcs_1_v15_es_encode.c +./pkcs_1_v15_sa_decode.c +./pkcs_1_v15_sa_encode.c +./pkcs_5_1.c +./pkcs_5_2.c +./pmac_done.c +./pmac_file.c +./pmac_init.c +./pmac_memory.c +./pmac_ntz.c +./pmac_process.c +./pmac_shift_xor.c +./pmac_test.c +./rand_prime.c +./rc2.c +./rc4.c +./rc5.c +./rc6.c +./rmd128.c +./rmd160.c +./rng_get_bytes.c +./rng_make_prng.c +./rsa_decrypt_key.c +./rsa_encrypt_key.c +./rsa_export.c +./rsa_exptmod.c +./rsa_free.c +./rsa_import.c +./rsa_make_key.c +./rsa_sign_hash.c +./rsa_v15_decrypt_key.c +./rsa_v15_encrypt_key.c +./rsa_v15_sign_hash.c +./rsa_v15_verify_hash.c +./rsa_verify_hash.c +./s_ocb_done.c +./safer.c +./safer_tab.c +./saferp.c +./sha1.c +./sha224.c +./sha256.c +./sha384.c +./sha512.c +./skipjack.c +./sober128.c +./sober128tab.c +./sprng.c +./tiger.c +./tim_exptmod.c +./twofish.c +./twofish_tab.c +./whirl.c +./whirltab.c +./xtea.c +./yarrow.c +./zeromem.c diff --git a/demos/hashsum.c b/demos/hashsum.c index e0269b3..c633ca8 100644 --- a/demos/hashsum.c +++ b/demos/hashsum.c @@ -7,7 +7,7 @@ * more functions ;) */ -#include +#include int errno; @@ -26,7 +26,7 @@ int main(int argc, char **argv) printf("usage: ./hash algorithm file [file ...]\n"); printf("Algorithms:\n"); for (x = 0; hash_descriptor[x].name != NULL; x++) { - printf(" %s\n", hash_descriptor[x].name); + printf(" %s (%d)\n", hash_descriptor[x].name, hash_descriptor[x].ID); } exit(EXIT_SUCCESS); } @@ -66,6 +66,8 @@ int main(int argc, char **argv) void register_algs(void) { + int err; + #ifdef TIGER register_hash (&tiger_desc); #endif @@ -102,5 +104,12 @@ void register_algs(void) #ifdef WHIRLPOOL register_hash (&whirlpool_desc); #endif +#ifdef CHC_HASH + register_hash(&chc_desc); + if ((err = chc_register(register_cipher(&aes_enc_desc))) != CRYPT_OK) { + printf("chc_register error: %s\n", error_to_string(err)); + exit(EXIT_FAILURE); + } +#endif } diff --git a/demos/test/cipher_hash_test.c b/demos/test/cipher_hash_test.c index 046454b..2737623 100644 --- a/demos/test/cipher_hash_test.c +++ b/demos/test/cipher_hash_test.c @@ -23,12 +23,12 @@ int cipher_hash_test(void) for (x = 0; prng_descriptor[x].name != NULL; x++) { DO(prng_descriptor[x].test()); DO(prng_descriptor[x].start(&nprng)); - DO(prng_descriptor[x].add_entropy("helloworld12", 12, &nprng)); + DO(prng_descriptor[x].add_entropy((unsigned char *)"helloworld12", 12, &nprng)); DO(prng_descriptor[x].ready(&nprng)); n = sizeof(buf); - DO(prng_descriptor[x].export(buf, &n, &nprng)); + DO(prng_descriptor[x].pexport(buf, &n, &nprng)); prng_descriptor[x].done(&nprng); - DO(prng_descriptor[x].import(buf, n, &nprng)); + DO(prng_descriptor[x].pimport(buf, n, &nprng)); DO(prng_descriptor[x].ready(&nprng)); if (prng_descriptor[x].read(buf, 100, &nprng) != 100) { fprintf(stderr, "Error reading from imported PRNG!\n"); diff --git a/demos/test/der_tests.c b/demos/test/der_tests.c new file mode 100644 index 0000000..0c0e3df --- /dev/null +++ b/demos/test/der_tests.c @@ -0,0 +1,82 @@ +#include "test.h" + +int der_tests(void) +{ + unsigned long x, y, z, zz; + unsigned char buf[2][4096]; + mp_int a, b, c, d, e, f, g; + + DO(mpi_to_ltc_error(mp_init_multi(&a, &b, &c, &d, &e, &f, &g, NULL))); + for (zz = 0; zz < 16; zz++) { + for (z = 0; z < 1024; z++) { + if (yarrow_read(buf[0], z, &test_yarrow) != z) { + printf("Failed to read %lu bytes from yarrow\n", z); + return 1; + } + DO(mpi_to_ltc_error(mp_read_unsigned_bin(&a, buf[0], z))); + x = sizeof(buf[0]); + DO(der_encode_integer(&a, buf[0], &x)); + y = x; + mp_zero(&b); + DO(der_decode_integer(buf[0], &y, &b)); + if (y != x || mp_cmp(&a, &b) != MP_EQ) { + printf("%lu: %lu vs %lu\n", z, x, y); +#ifdef BN_MP_TORADIX_C + mp_todecimal(&a, buf[0]); + mp_todecimal(&b, buf[1]); + printf("a == %s\nb == %s\n", buf[0], buf[1]); +#endif + mp_clear_multi(&a, &b, &c, &d, &e, &f, &g, NULL); + return 1; + } + } + } + + +/* test the multi */ + mp_set(&a, 1); + x = sizeof(buf[0]); + DO(der_put_multi_integer(buf[0], &x, &a, NULL)); + y = x; + mp_zero(&a); + DO(der_get_multi_integer(buf[0], &y, &a, NULL)); + if (x != y || mp_cmp_d(&a, 1)) { + printf("%lu, %lu, %d\n", x, y, mp_cmp_d(&a, 1)); + mp_clear_multi(&a, &b, &c, &d, &e, &f, &g, NULL); + return 1; + } + + mp_set(&a, 1); + mp_set(&b, 2); + x = sizeof(buf[0]); + DO(der_put_multi_integer(buf[0], &x, &a, &b, NULL)); + y = x; + mp_zero(&a); + mp_zero(&b); + DO(der_get_multi_integer(buf[0], &y, &a, &b, NULL)); + if (x != y || mp_cmp_d(&a, 1) || mp_cmp_d(&b, 2)) { + printf("%lu, %lu, %d, %d\n", x, y, mp_cmp_d(&a, 1), mp_cmp_d(&b, 2)); + mp_clear_multi(&a, &b, &c, &d, &e, &f, &g, NULL); + return 1; + } + + mp_set(&a, 1); + mp_set(&b, 2); + mp_set(&c, 3); + x = sizeof(buf[0]); + DO(der_put_multi_integer(buf[0], &x, &a, &b, &c, NULL)); + y = x; + mp_zero(&a); + mp_zero(&b); + mp_zero(&c); + DO(der_get_multi_integer(buf[0], &y, &a, &b, &c, NULL)); + if (x != y || mp_cmp_d(&a, 1) || mp_cmp_d(&b, 2) || mp_cmp_d(&c, 3)) { + printf("%lu, %lu, %d, %d, %d\n", x, y, mp_cmp_d(&a, 1), mp_cmp_d(&b, 2), mp_cmp_d(&c, 3)); + mp_clear_multi(&a, &b, &c, &d, &e, &f, &g, NULL); + return 1; + } + + + mp_clear_multi(&a, &b, &c, &d, &e, &f, &g, NULL); + return 0; +} diff --git a/demos/test/dh_tests.c b/demos/test/dh_tests.c index 785a97b..6977c58 100644 --- a/demos/test/dh_tests.c +++ b/demos/test/dh_tests.c @@ -1,5 +1,7 @@ #include "test.h" +#ifdef MDH + int dh_tests (void) { unsigned char buf[3][4096]; @@ -85,3 +87,13 @@ int dh_tests (void) dh_free (&usera); return 0; } + +#else + +int dh_tests(void) +{ + printf("NOP"); + return 0; +} + +#endif diff --git a/demos/test/dsa_test.c b/demos/test/dsa_test.c index 2076089..c5eeb6d 100644 --- a/demos/test/dsa_test.c +++ b/demos/test/dsa_test.c @@ -1,10 +1,12 @@ #include "test.h" +#ifdef MDSA + int dsa_test(void) { unsigned char msg[16], out[1024], out2[1024]; - unsigned long x, y; - int err, stat1, stat2; + unsigned long x; + int stat1, stat2; dsa_key key, key2; /* make a random key */ @@ -49,3 +51,13 @@ int dsa_test(void) return 0; } + +#else + +int dsa_test(void) +{ + printf("NOP"); + return 0; +} + +#endif diff --git a/demos/test/ecc_test.c b/demos/test/ecc_test.c index b64cbcf..eb66c58 100644 --- a/demos/test/ecc_test.c +++ b/demos/test/ecc_test.c @@ -1,5 +1,7 @@ #include "test.h" +#ifdef MECC + int ecc_tests (void) { unsigned char buf[4][4096]; @@ -87,3 +89,13 @@ int ecc_tests (void) ecc_free (&usera); return 0; } + +#else + +int ecc_tests(void) +{ + printf("NOP"); + return 0; +} + +#endif diff --git a/demos/test/makefile b/demos/test/makefile index 5eb0690..e306d17 100644 --- a/demos/test/makefile +++ b/demos/test/makefile @@ -10,7 +10,7 @@ CFLAGS += -fomit-frame-pointer default: test OBJECTS=test.o cipher_hash_test.o mac_test.o modes_test.o \ -pkcs_1_test.o store_test.o rsa_test.o ecc_test.o dsa_test.c dh_tests.o +pkcs_1_test.o store_test.o rsa_test.o ecc_test.o dsa_test.o dh_tests.o der_tests.o #uncomment this to get heap checking [e.g. memory leaks]. Note #that you *MUST* build libtomcrypt.a with -g3 enabled [and make install it] @@ -19,7 +19,7 @@ pkcs_1_test.o store_test.o rsa_test.o ecc_test.o dsa_test.c dh_tests.o #CCMALLOC = -lccmalloc -ldl test: $(OBJECTS) - $(CC) $(OBJECTS) -ltomcrypt $(CCMALLOC) -o test + $(CC) $(OBJECTS) /usr/lib/libtomcrypt.a $(CCMALLOC) -o test clean: - rm -f test *.o *.obj *.exe *~ + rm -rf test *.o *.obj *.exe *~ .libs diff --git a/demos/test/makefile.icc b/demos/test/makefile.icc index 22c7154..b32c9ba 100644 --- a/demos/test/makefile.icc +++ b/demos/test/makefile.icc @@ -5,7 +5,7 @@ CC=icc default: test OBJECTS=test.o cipher_hash_test.o mac_test.o modes_test.o \ -pkcs_1_test.o store_test.o rsa_test.o ecc_test.o dsa_test.c dh_tests.o +pkcs_1_test.o store_test.o rsa_test.o ecc_test.o dsa_test.o dh_tests.o der_tests.o test: $(OBJECTS) $(CC) $(OBJECTS) -ltomcrypt -o test diff --git a/demos/test/makefile.msvc b/demos/test/makefile.msvc index c1ca8e0..8769ecf 100644 --- a/demos/test/makefile.msvc +++ b/demos/test/makefile.msvc @@ -4,7 +4,7 @@ CFLAGS = $(CFLAGS) /W3 /Ox -I../../ -I./ default: test.exe OBJECTS = test.obj cipher_hash_test.obj mac_test.obj modes_test.obj \ -pkcs_1_test.obj store_test.obj rsa_test.obj ecc_test.obj dsa_test.c dh_tests.obj +pkcs_1_test.obj store_test.obj rsa_test.obj ecc_test.obj dsa_test.c dh_tests.obj der_tests.obj test.exe: $(OBJECTS) diff --git a/demos/test/makefile.shared b/demos/test/makefile.shared new file mode 100644 index 0000000..d90c1da --- /dev/null +++ b/demos/test/makefile.shared @@ -0,0 +1,19 @@ +# make test harness, it is good. +CFLAGS += -Wall -W -Os -I../../ -I./ + +# if you're not debugging +CFLAGS += -fomit-frame-pointer + +default: test + +#if you don't have mpi.o +#MPISHARED=-ltommath + +OBJECTS=test.o cipher_hash_test.o mac_test.o modes_test.o \ +pkcs_1_test.o store_test.o rsa_test.o ecc_test.o dsa_test.o dh_tests.o der_tests.o + +test: $(OBJECTS) + libtool --mode=link gcc $(CFLAGS) $(OBJECTS) -o test -ltomcrypt $(MPISHARED) + +clean: + rm -f test *.o *.obj *.exe *~ diff --git a/demos/test/pkcs_1_test.c b/demos/test/pkcs_1_test.c index ef7c81d..52af7b6 100644 --- a/demos/test/pkcs_1_test.c +++ b/demos/test/pkcs_1_test.c @@ -1,5 +1,7 @@ #include "test.h" +#ifdef PKCS_1 + int pkcs_1_test(void) { unsigned char buf[3][128]; @@ -101,3 +103,14 @@ int pkcs_1_test(void) } return 0; } + +#else + +int pkcs_1_test(void) +{ + printf("NOP"); + return 0; +} + +#endif + diff --git a/demos/test/rsa_test.c b/demos/test/rsa_test.c index 777fc87..a6034dd 100644 --- a/demos/test/rsa_test.c +++ b/demos/test/rsa_test.c @@ -1,12 +1,13 @@ #include "test.h" -#define RSA_MSGSIZE 78 +#ifdef MRSA +#define RSA_MSGSIZE 78 int rsa_test(void) { unsigned char in[1024], out[1024], tmp[1024]; - rsa_key key; + rsa_key key, privKey, pubKey; int hash_idx, prng_idx, stat, stat2; unsigned long rsa_msgsize, len, len2; static unsigned char lparam[] = { 0x01, 0x02, 0x03, 0x04 }; @@ -128,30 +129,90 @@ int rsa_test(void) /* sign a message (unsalted, lower cholestorol and Atkins approved) now */ len = sizeof(out); DO(rsa_sign_hash(in, 20, out, &len, &test_yarrow, prng_idx, hash_idx, 0, &key)); + +/* export key and import as both private and public */ + len2 = sizeof(tmp); + DO(rsa_export(tmp, &len2, PK_PRIVATE, &key)); + DO(rsa_import(tmp, len2, &privKey)); + len2 = sizeof(tmp); + DO(rsa_export(tmp, &len2, PK_PUBLIC, &key)); + DO(rsa_import(tmp, len2, &pubKey)); + + /* verify with original */ DO(rsa_verify_hash(out, len, in, 20, &test_yarrow, prng_idx, hash_idx, 0, &stat, &key)); /* change a byte */ in[0] ^= 1; DO(rsa_verify_hash(out, len, in, 20, &test_yarrow, prng_idx, hash_idx, 0, &stat2, &key)); if (!(stat == 1 && stat2 == 0)) { - printf("rsa_verify_hash (unsalted) failed, %d, %d", stat, stat2); + printf("rsa_verify_hash (unsalted, origKey) failed, %d, %d", stat, stat2); + rsa_free(&key); + rsa_free(&pubKey); + rsa_free(&privKey); return 1; } - /* sign a message (salted) now */ - len = sizeof(out); - DO(rsa_sign_hash(in, 20, out, &len, &test_yarrow, prng_idx, hash_idx, 8, &key)); - DO(rsa_verify_hash(out, len, in, 20, &test_yarrow, prng_idx, hash_idx, 8, &stat, &key)); + /* verify with privKey */ /* change a byte */ in[0] ^= 1; - DO(rsa_verify_hash(out, len, in, 20, &test_yarrow, prng_idx, hash_idx, 8, &stat2, &key)); + DO(rsa_verify_hash(out, len, in, 20, &test_yarrow, prng_idx, hash_idx, 0, &stat, &privKey)); + /* change a byte */ + in[0] ^= 1; + DO(rsa_verify_hash(out, len, in, 20, &test_yarrow, prng_idx, hash_idx, 0, &stat2, &privKey)); + + if (!(stat == 1 && stat2 == 0)) { + printf("rsa_verify_hash (unsalted, privKey) failed, %d, %d", stat, stat2); + rsa_free(&key); + rsa_free(&pubKey); + rsa_free(&privKey); + return 1; + } + + /* verify with pubKey */ + /* change a byte */ + in[0] ^= 1; + DO(rsa_verify_hash(out, len, in, 20, &test_yarrow, prng_idx, hash_idx, 0, &stat, &pubKey)); + /* change a byte */ + in[0] ^= 1; + DO(rsa_verify_hash(out, len, in, 20, &test_yarrow, prng_idx, hash_idx, 0, &stat2, &pubKey)); + + if (!(stat == 1 && stat2 == 0)) { + printf("rsa_verify_hash (unsalted, pubkey) failed, %d, %d", stat, stat2); + rsa_free(&key); + rsa_free(&pubKey); + rsa_free(&privKey); + return 1; + } + + /* sign a message (salted) now (use privKey to make, pubKey to verify) */ + len = sizeof(out); + DO(rsa_sign_hash(in, 20, out, &len, &test_yarrow, prng_idx, hash_idx, 8, &privKey)); + DO(rsa_verify_hash(out, len, in, 20, &test_yarrow, prng_idx, hash_idx, 8, &stat, &pubKey)); + /* change a byte */ + in[0] ^= 1; + DO(rsa_verify_hash(out, len, in, 20, &test_yarrow, prng_idx, hash_idx, 8, &stat2, &pubKey)); if (!(stat == 1 && stat2 == 0)) { printf("rsa_verify_hash (salted) failed, %d, %d", stat, stat2); + rsa_free(&key); + rsa_free(&pubKey); + rsa_free(&privKey); return 1; } /* free the key and return */ rsa_free(&key); + rsa_free(&pubKey); + rsa_free(&privKey); return 0; } + +#else + +int rsa_test(void) +{ + printf("NOP"); + return 0; +} + +#endif diff --git a/demos/test/test.c b/demos/test/test.c index b516804..a56e5d6 100644 --- a/demos/test/test.c +++ b/demos/test/test.c @@ -9,12 +9,13 @@ test_entry test_list[26] = { {"cipher_hash_test", "b", "a", cipher_hash_test }, {"modes_test", "c", "b", modes_test }, {"mac_test", "d", "c", mac_test }, +{"der_test", "e", "", der_tests }, -{"pkcs_1_test", "e", "b", pkcs_1_test }, -{"rsa_test", "f", "", rsa_test }, -{"ecc_test", "g", "a", ecc_tests }, -{"dsa_test", "h", "a", dsa_test }, -{"dh_test", "i", "a", dh_tests }, +{"pkcs_1_test", "f", "e", pkcs_1_test }, +{"rsa_test", "g", "e", rsa_test }, +{"ecc_test", "h", "a", ecc_tests }, +{"dsa_test", "i", "a", dsa_test }, +{"dh_test", "j", "a", dh_tests }, {NULL, NULL, NULL, NULL} }; @@ -32,6 +33,8 @@ void run_cmd(int res, int line, char *file, char *cmd) void register_algs(void) { + int err; + #ifdef RIJNDAEL register_cipher (&aes_desc); #endif @@ -111,6 +114,14 @@ void register_algs(void) #ifdef WHIRLPOOL register_hash (&whirlpool_desc); #endif +#ifdef CHC_HASH + register_hash(&chc_desc); + if ((err = chc_register(register_cipher(&aes_enc_desc))) != CRYPT_OK) { + printf("chc_register error: %s\n", error_to_string(err)); + exit(EXIT_FAILURE); + } +#endif + #ifdef YARROW register_prng(&yarrow_desc); @@ -197,6 +208,7 @@ void stack_check(void) int main(void) { int x; + unsigned char buf[16]; /* setup stack checker */ srand(time(NULL)); @@ -212,23 +224,32 @@ int main(void) // start dummy yarrow for internal use DO(yarrow_start(&test_yarrow)); - DO(yarrow_add_entropy("test", 4, &test_yarrow)); + sprng_read(buf, 16, NULL); + DO(yarrow_add_entropy(buf, 16, &test_yarrow)); DO(yarrow_ready(&test_yarrow)); // output sizes printf("Sizes of objects (in bytes)\n"); - printf("\tsymmetric_key\t=\t%5d\n", sizeof(symmetric_key)); - printf("\thash_state\t=\t%5d\n", sizeof(hash_state)); - printf("\thmac_state\t=\t%5d\n", sizeof(hmac_state)); - printf("\tomac_state\t=\t%5d\n", sizeof(omac_state)); - printf("\tpmac_state\t=\t%5d\n", sizeof(pmac_state)); - printf("\tocb_state\t=\t%5d\n", sizeof(ocb_state)); - printf("\teax_state\t=\t%5d\n", sizeof(eax_state)); - printf("\tmp_int\t\t=\t%5d\n", sizeof(mp_int)); - printf("\trsa_key\t\t=\t%5d\n", sizeof(rsa_key)); - printf("\tdsa_key\t\t=\t%5d\n", sizeof(dsa_key)); - printf("\tdh_key\t\t=\t%5d\n", sizeof(dh_key)); - printf("\tecc_key\t\t=\t%5d\n", sizeof(ecc_key)); + printf("\tsymmetric_key\t=\t%5lu\n", sizeof(symmetric_key)); + printf("\thash_state\t=\t%5lu\n", sizeof(hash_state)); + printf("\thmac_state\t=\t%5lu\n", sizeof(hmac_state)); + printf("\tomac_state\t=\t%5lu\n", sizeof(omac_state)); + printf("\tpmac_state\t=\t%5lu\n", sizeof(pmac_state)); + printf("\tocb_state\t=\t%5lu\n", sizeof(ocb_state)); + printf("\teax_state\t=\t%5lu\n", sizeof(eax_state)); + printf("\tmp_int\t\t=\t%5lu\n", sizeof(mp_int)); +#ifdef MRSA + printf("\trsa_key\t\t=\t%5lu\n", sizeof(rsa_key)); +#endif +#ifdef MDSA + printf("\tdsa_key\t\t=\t%5lu\n", sizeof(dsa_key)); +#endif +#ifdef MDH + printf("\tdh_key\t\t=\t%5lu\n", sizeof(dh_key)); +#endif +#ifdef MECC + printf("\tecc_key\t\t=\t%5lu\n", sizeof(ecc_key)); +#endif printf("\n\n"); // do tests diff --git a/demos/test/test.h b/demos/test/test.h index 44cdf92..1dee4bf 100644 --- a/demos/test/test.h +++ b/demos/test/test.h @@ -35,5 +35,6 @@ int rsa_test(void); int ecc_tests(void); int dsa_test(void); int dh_tests(void); +int der_tests(void); #endif diff --git a/demos/tv_gen.c b/demos/tv_gen.c index 101976e..07633fc 100644 --- a/demos/tv_gen.c +++ b/demos/tv_gen.c @@ -2,6 +2,8 @@ void reg_algs(void) { + int err; + #ifdef RIJNDAEL register_cipher (&aes_desc); #endif @@ -82,6 +84,14 @@ void reg_algs(void) #ifdef WHIRLPOOL register_hash (&whirlpool_desc); #endif +#ifdef CHC_HASH + register_hash(&chc_desc); + if ((err = chc_register(register_cipher(&aes_desc))) != CRYPT_OK) { + printf("chc_register error: %s\n", error_to_string(err)); + exit(EXIT_FAILURE); + } +#endif + } void hash_gen(void) @@ -98,7 +108,7 @@ void hash_gen(void) fprintf(out, "Hash Test Vectors:\n\nThese are the hashes of nn bytes '00 01 02 03 .. (nn-1)'\n\n"); for (x = 0; hash_descriptor[x].name != NULL; x++) { - buf = XMALLOC(2 * hash_descriptor[x].blocksize); + buf = XMALLOC(2 * hash_descriptor[x].blocksize + 1); if (buf == NULL) { perror("can't alloc mem"); exit(EXIT_FAILURE); @@ -222,7 +232,7 @@ void hmac_gen(void) key[y] = (y&255); } - input = XMALLOC(hash_descriptor[x].blocksize * 2); + input = XMALLOC(hash_descriptor[x].blocksize * 2 + 1); if (input == NULL) { perror("Can't malloc memory"); exit(EXIT_FAILURE); diff --git a/demos/tv_gen.lo b/demos/tv_gen.lo new file mode 100644 index 0000000..23b3e7c --- /dev/null +++ b/demos/tv_gen.lo @@ -0,0 +1,12 @@ +# demos/tv_gen.lo - a libtool object file +# Generated by ltmain.sh - GNU libtool 1.5.2 (1.1220.2.60 2004/01/25 12:25:08) +# +# Please DO NOT delete this file! +# It is necessary for linking the library. + +# Name of the PIC object. +pic_object='.libs/tv_gen.o' + +# Name of the non-PIC object. +non_pic_object='tv_gen.o' + diff --git a/demos/x86_prof.c b/demos/x86_prof.c index 7293bd6..b77b76c 100644 --- a/demos/x86_prof.c +++ b/demos/x86_prof.c @@ -49,9 +49,9 @@ void tally_results(int type) static ulong64 rdtsc (void) { #if defined __GNUC__ - #ifdef __i386__ - ulong64 a; - __asm__ __volatile__ ("rdtsc ":"=A" (a)); + #if defined(__i386__) || defined(__x86_64__) + unsigned long long a; + __asm__ __volatile__ ("rdtsc\nmovl %%eax,%0\nmovl %%edx,4+%0\n"::"m"(a):"%eax","%edx"); return a; #else /* gcc-IA64 version */ unsigned long result; @@ -110,6 +110,7 @@ void init_timer(void) void reg_algs(void) { + int err; #ifdef RIJNDAEL register_cipher (&aes_desc); #endif @@ -190,6 +191,14 @@ void reg_algs(void) #ifdef WHIRLPOOL register_hash (&whirlpool_desc); #endif +#ifdef CHC_HASH + register_hash(&chc_desc); + if ((err = chc_register(register_cipher(&aes_desc))) != CRYPT_OK) { + printf("chc_register error: %s\n", error_to_string(err)); + exit(EXIT_FAILURE); + } +#endif + #ifndef YARROW #error This demo requires Yarrow. diff --git a/der_decode_integer.c b/der_decode_integer.c new file mode 100644 index 0000000..71ce1f6 --- /dev/null +++ b/der_decode_integer.c @@ -0,0 +1,83 @@ +/* LibTomCrypt, modular cryptographic library -- Tom St Denis + * + * LibTomCrypt is a library that provides various cryptographic + * algorithms in a highly modular and flexible manner. + * + * The library is free for all purposes without any express + * guarantee it works. + * + * Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org + */ + +#include "mycrypt.h" + + +/* decodes a DER INTEGER in [in]. You have to tell this function + * how many bytes are available [inlen]. It will then attempt to + * read the INTEGER. If all goes well it stores the number of bytes + * read in [inlen] and the number in [num]. + */ +int der_decode_integer(const unsigned char *in, unsigned long *inlen, mp_int *num) +{ + unsigned long tmplen, y, z; + + _ARGCHK(num != NULL); + _ARGCHK(in != NULL); + _ARGCHK(inlen != NULL); + + /* save copy of max output size */ + tmplen = *inlen; + *inlen = 0; + + /* min DER INTEGER is 0x02 01 00 == 0 */ + if (tmplen < (1 + 1 + 1)) { + return CRYPT_INVALID_PACKET; + } + + /* ok expect 0x02 when we AND with 0011 1111 [3F] */ + if ((*in++ & 0x3F) != 0x02) { + return CRYPT_INVALID_PACKET; + } + ++(*inlen); + + /* now decode the len stuff */ + z = *in++; + ++(*inlen); + + if ((z & 0x80) == 0x00) { + /* short form */ + + /* will it overflow? */ + if (*inlen + z > tmplen) { + return CRYPT_INVALID_PACKET; + } + + /* no so read it */ + (*inlen) += z; + return mpi_to_ltc_error(mp_read_unsigned_bin(num, (unsigned char *)in, z)); + } else { + /* long form */ + z &= 0x7F; + + /* will number of length bytes overflow? (or > 4) */ + if (((*inlen + z) > tmplen) || (z > 4)) { + return CRYPT_INVALID_PACKET; + } + + /* now read it in */ + y = 0; + while (z--) { + y = ((unsigned long)(*in++)) | (y << 8); + ++(*inlen); + } + + /* now will reading y bytes overrun? */ + if ((*inlen + y) > tmplen) { + return CRYPT_INVALID_PACKET; + } + + /* no so read it */ + (*inlen) += y; + return mpi_to_ltc_error(mp_read_unsigned_bin(num, (unsigned char *)in, y)); + } +} diff --git a/der_encode_integer.c b/der_encode_integer.c new file mode 100644 index 0000000..b742dec --- /dev/null +++ b/der_encode_integer.c @@ -0,0 +1,93 @@ +/* LibTomCrypt, modular cryptographic library -- Tom St Denis + * + * LibTomCrypt is a library that provides various cryptographic + * algorithms in a highly modular and flexible manner. + * + * The library is free for all purposes without any express + * guarantee it works. + * + * Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org + */ + +#include "mycrypt.h" + +/* Exports a positive bignum as DER format (upto 2^32 bytes in size) */ +int der_encode_integer(mp_int *num, unsigned char *out, unsigned long *outlen) +{ + unsigned long tmplen, x, y, z; + int err, leading_zero; + + _ARGCHK(num != NULL); + _ARGCHK(out != NULL); + _ARGCHK(outlen != NULL); + + /* find out how big this will be */ + if ((err = der_length_integer(num, &tmplen)) != CRYPT_OK) { + return err; + } + + if (*outlen < tmplen) { + return CRYPT_BUFFER_OVERFLOW; + } + + /* we only need a leading zero if the msb of the first byte is one */ + if ((mp_count_bits(num) & 7) == 7 || mp_iszero(num) == MP_YES) { + leading_zero = 1; + } else { + leading_zero = 0; + } + + /* get length of num in bytes (plus 1 since we force the msbyte to zero) */ + y = mp_unsigned_bin_size(num) + leading_zero; + + /* now store initial data */ + *out++ = 0x02; + if (y < 128) { + /* short form */ + *out++ = (unsigned char)y; + } else { + /* long form (relies on y != 0) */ + + /* get length of length... ;-) */ + x = y; + z = 0; + while (x) { + ++z; + x >>= 8; + } + + /* store length of length */ + *out++ = 0x80 | ((unsigned char)z); + + /* now store length */ + + /* first shift length up so msbyte != 0 */ + x = y; + while ((x & 0xFF000000) == 0) { + x <<= 8; + } + + /* now store length */ + while (z--) { + *out++ = (unsigned char)((x >> 24) & 0xFF); + x <<= 8; + } + } + + /* now store msbyte of zero if num is non-zero */ + if (leading_zero) { + *out++ = 0x00; + } + + /* if it's not zero store it as big endian */ + if (mp_iszero(num) == MP_NO) { + /* now store the mpint */ + if ((err = mp_to_unsigned_bin(num, out)) != MP_OKAY) { + return mpi_to_ltc_error(err); + } + } + + /* we good */ + *outlen = tmplen; + return CRYPT_OK; +} diff --git a/der_get_multi_integer.c b/der_get_multi_integer.c new file mode 100644 index 0000000..d2b83c5 --- /dev/null +++ b/der_get_multi_integer.c @@ -0,0 +1,50 @@ +/* LibTomCrypt, modular cryptographic library -- Tom St Denis + * + * LibTomCrypt is a library that provides various cryptographic + * algorithms in a highly modular and flexible manner. + * + * The library is free for all purposes without any express + * guarantee it works. + * + * Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org + */ +#include +#include "mycrypt.h" + +/* will read multiple DER INTEGER encoded mp_ints from src + * of upto [inlen] bytes. It will store the number of bytes + * read back into [inlen]. + */ +int der_get_multi_integer(const unsigned char *src, unsigned long *inlen, + mp_int *num, ...) +{ + va_list args; + mp_int *next; + unsigned long wrote, len; + int err; + + _ARGCHK(src != NULL); + _ARGCHK(inlen != NULL); + + /* setup va list */ + next = num; + len = *inlen; + wrote = 0; + va_start(args, num); + + while (next != NULL) { + if ((err = der_decode_integer(src, inlen, next)) != CRYPT_OK) { + va_end(args); + return err; + } + wrote += *inlen; + src += *inlen; + len -= *inlen; + *inlen = len; + next = va_arg(args, mp_int*); + } + va_end(args); + *inlen = wrote; + return CRYPT_OK; +} + diff --git a/der_length_integer.c b/der_length_integer.c new file mode 100644 index 0000000..5291f82 --- /dev/null +++ b/der_length_integer.c @@ -0,0 +1,54 @@ +/* LibTomCrypt, modular cryptographic library -- Tom St Denis + * + * LibTomCrypt is a library that provides various cryptographic + * algorithms in a highly modular and flexible manner. + * + * The library is free for all purposes without any express + * guarantee it works. + * + * Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org + */ + +#include "mycrypt.h" + +/* Gets length of DER encoding of num */ + +int der_length_integer(mp_int *num, unsigned long *outlen) +{ + unsigned long z, len; + int leading_zero; + + _ARGCHK(num != NULL); + _ARGCHK(outlen != NULL); + + /* we only need a leading zero if the msb of the first byte is one */ + if ((mp_count_bits(num) & 7) == 7 || mp_iszero(num) == MP_YES) { + leading_zero = 1; + } else { + leading_zero = 0; + } + + /* size for bignum */ + z = len = leading_zero + mp_unsigned_bin_size(num); + + /* we need a 0x02 */ + ++len; + + /* now we need a length */ + if (z < 128) { + /* short form */ + ++len; + } else { + /* long form (relies on z != 0) */ + ++len; + + while (z) { + ++len; + z >>= 8; + } + } + + *outlen = len; + return CRYPT_OK; +} + diff --git a/der_put_multi_integer.c b/der_put_multi_integer.c new file mode 100644 index 0000000..e166e0b --- /dev/null +++ b/der_put_multi_integer.c @@ -0,0 +1,49 @@ +/* LibTomCrypt, modular cryptographic library -- Tom St Denis + * + * LibTomCrypt is a library that provides various cryptographic + * algorithms in a highly modular and flexible manner. + * + * The library is free for all purposes without any express + * guarantee it works. + * + * Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org + */ +#include +#include "mycrypt.h" + +/* store multiple mp_ints in DER INTEGER format to the dst, will not + * overflow the length you give it [outlen] and store the number of + * bytes used in [outlen] + */ +int der_put_multi_integer(unsigned char *dst, unsigned long *outlen, + mp_int *num, ...) +{ + va_list args; + mp_int *next; + unsigned long wrote, len; + int err; + + _ARGCHK(dst != NULL); + _ARGCHK(outlen != NULL); + + /* setup va list */ + next = num; + len = *outlen; + wrote = 0; + va_start(args, num); + + while (next != NULL) { + if ((err = der_encode_integer(next, dst, outlen)) != CRYPT_OK) { + va_end(args); + return err; + } + wrote += *outlen; + dst += *outlen; + len -= *outlen; + *outlen = len; + next = va_arg(args, mp_int*); + } + va_end(args); + *outlen = wrote; + return CRYPT_OK; +} diff --git a/doc/crypt.pdf b/doc/crypt.pdf index 778017a..c0ad1e3 100644 Binary files a/doc/crypt.pdf and b/doc/crypt.pdf differ diff --git a/ecc.c b/ecc.c index e5b8e4d..2c50a5f 100644 --- a/ecc.c +++ b/ecc.c @@ -22,6 +22,9 @@ /* size of our temp buffers for exported keys */ #define ECC_BUF_SIZE 160 +/* max private key size */ +#define ECC_MAXSIZE 66 + /* This holds the key settings. ***MUST*** be organized by size from smallest to largest. */ static const struct { int size; @@ -222,9 +225,6 @@ void ecc_find_base(void) #endif - - - static int is_valid_idx(int n) { int x; @@ -613,6 +613,7 @@ int ecc_make_key(prng_state *prng, int wprng, int keysize, ecc_key *key) /* find key size */ for (x = 0; (keysize > sets[x].size) && (sets[x].size != 0); x++); keysize = sets[x].size; + _ARGCHK(keysize <= ECC_MAXSIZE); if (sets[x].size == 0) { return CRYPT_INVALID_KEYSIZE; @@ -621,7 +622,7 @@ int ecc_make_key(prng_state *prng, int wprng, int keysize, ecc_key *key) /* allocate ram */ base = NULL; - buf = XMALLOC(128); + buf = XMALLOC(ECC_MAXSIZE); if (buf == NULL) { return CRYPT_MEM; } @@ -669,7 +670,7 @@ __ERR: mp_clear(&prime); __ERR2: #ifdef CLEAN_STACK - zeromem(buf, 128); + zeromem(buf, ECC_MAXSIZE); #endif XFREE(buf); diff --git a/fortuna.c b/fortuna.c index 44ba044..5d81255 100644 --- a/fortuna.c +++ b/fortuna.c @@ -274,7 +274,9 @@ int fortuna_export(unsigned char *out, unsigned long *outlen, prng_state *prng) } /* now hash it */ - sha256_init(md); + if ((err = sha256_init(md)) != CRYPT_OK) { + goto __ERR; + } if ((err = sha256_process(md, out+x*32, 32)) != CRYPT_OK) { goto __ERR; } diff --git a/hash_filehandle.c b/hash_filehandle.c index 777588a..cf179e0 100644 --- a/hash_filehandle.c +++ b/hash_filehandle.c @@ -31,9 +31,11 @@ int hash_filehandle(int hash, FILE *in, unsigned char *dst, unsigned long *outle if (*outlen < hash_descriptor[hash].hashsize) { return CRYPT_BUFFER_OVERFLOW; } - *outlen = hash_descriptor[hash].hashsize; + if ((err = hash_descriptor[hash].init(&md)) != CRYPT_OK) { + return err; + } - hash_descriptor[hash].init(&md); + *outlen = hash_descriptor[hash].hashsize; do { x = fread(buf, 1, sizeof(buf), in); if ((err = hash_descriptor[hash].process(&md, buf, x)) != CRYPT_OK) { diff --git a/hash_memory.c b/hash_memory.c index 89abb85..2c87d76 100644 --- a/hash_memory.c +++ b/hash_memory.c @@ -32,7 +32,9 @@ int hash_memory(int hash, const unsigned char *data, unsigned long len, unsigned return CRYPT_MEM; } - hash_descriptor[hash].init(md); + if ((err = hash_descriptor[hash].init(md)) != CRYPT_OK) { + goto __ERR; + } if ((err = hash_descriptor[hash].process(md, data, len)) != CRYPT_OK) { goto __ERR; } diff --git a/hmac_done.c b/hmac_done.c index 62ebe47..b31460b 100644 --- a/hmac_done.c +++ b/hmac_done.c @@ -75,7 +75,9 @@ int hmac_done(hmac_state *hmac, unsigned char *hashOut, unsigned long *outlen) } /* Now calculate the "outer" hash for step (5), (6), and (7) */ - hash_descriptor[hash].init(&hmac->md); + if ((err = hash_descriptor[hash].init(&hmac->md)) != CRYPT_OK) { + goto __ERR; + } if ((err = hash_descriptor[hash].process(&hmac->md, buf, HMAC_BLOCKSIZE)) != CRYPT_OK) { goto __ERR; } diff --git a/hmac_init.c b/hmac_init.c index a1cc0b5..0d894f1 100644 --- a/hmac_init.c +++ b/hmac_init.c @@ -91,7 +91,10 @@ int hmac_init(hmac_state *hmac, int hash, const unsigned char *key, unsigned lon } /* Pre-pend that to the hash data */ - hash_descriptor[hash].init(&hmac->md); + if ((err = hash_descriptor[hash].init(&hmac->md)) != CRYPT_OK) { + goto __ERR; + } + if ((err = hash_descriptor[hash].process(&hmac->md, buf, HMAC_BLOCKSIZE)) != CRYPT_OK) { goto __ERR; } diff --git a/ltc_tommath.h b/ltc_tommath.h index 3276141..896d389 100644 --- a/ltc_tommath.h +++ b/ltc_tommath.h @@ -1,4 +1,3 @@ - /* LibTomMath, multiple-precision integer library -- Tom St Denis * * LibTomMath is a library that provides multiple-precision @@ -21,7 +20,8 @@ #include #include #include -#include + +#include #undef MIN #define MIN(x,y) ((x)<(y)?(x):(y)) @@ -41,6 +41,14 @@ extern "C" { #endif + +/* detect 64-bit mode if possible */ +#if defined(__x86_64__) + #if !(defined(MP_64BIT) && defined(MP_16BIT) && defined(MP_8BIT)) + #define MP_64BIT + #endif +#endif + /* some default configurations. * * A "mp_digit" must be able to hold DIGIT_BIT + 1 bits @@ -62,7 +70,7 @@ extern "C" { typedef signed long long long64; #endif - typedef ulong64 mp_digit; + typedef unsigned long mp_digit; typedef unsigned long mp_word __attribute__ ((mode(TI))); #define DIGIT_BIT 60 @@ -101,16 +109,12 @@ extern "C" { #define XFREE free #define XREALLOC realloc #define XCALLOC calloc - #define XMEMSET memset - #define XMEMCPY memcpy #else /* prototypes for our heap functions */ - void *XMALLOC(size_t n); - void *REALLOC(void *p, size_t n); - void *XCALLOC(size_t n, size_t s); - void XFREE(void *p); - void *XMEMCPY(void *dest, const void *src, size_t n); - int XMEMCMP(const void *s1, const void *s2, size_t n); + extern void *XMALLOC(size_t n); + extern void *REALLOC(void *p, size_t n); + extern void *XCALLOC(size_t n, size_t s); + extern void XFREE(void *p); #endif #endif @@ -159,7 +163,7 @@ extern int KARATSUBA_MUL_CUTOFF, /* default precision */ #ifndef MP_PREC - #ifdef MP_LOW_MEM + #ifndef MP_LOW_MEM #define MP_PREC 64 /* default digits of precision */ #else #define MP_PREC 8 /* default digits of precision */ @@ -547,13 +551,13 @@ int mp_toom_mul(mp_int *a, mp_int *b, mp_int *c); int mp_karatsuba_sqr(mp_int *a, mp_int *b); int mp_toom_sqr(mp_int *a, mp_int *b); int fast_mp_invmod(mp_int *a, mp_int *b, mp_int *c); +int mp_invmod_slow (mp_int * a, mp_int * b, mp_int * c); int fast_mp_montgomery_reduce(mp_int *a, mp_int *m, mp_digit mp); int mp_exptmod_fast(mp_int *G, mp_int *X, mp_int *P, mp_int *Y, int mode); int s_mp_exptmod (mp_int * G, mp_int * X, mp_int * P, mp_int * Y); void bn_reverse(unsigned char *s, int len); - const char *mp_s_rmap; - +extern const char *mp_s_rmap; #ifdef __cplusplus } diff --git a/makefile b/makefile index f65aa5c..c90b88d 100644 --- a/makefile +++ b/makefile @@ -4,7 +4,7 @@ # Modified by Clay Culver # The version -VERSION=0.98 +VERSION=0.99 # Compiler and Linker Names #CC=gcc @@ -19,13 +19,13 @@ CFLAGS += -c -I./ -Wall -Wsign-compare -W -Wshadow # -Werror # optimize for SPEED -#CFLAGS += -O3 -funroll-loops +#CFLAGS += -O3 -funroll-all-loops #add -fomit-frame-pointer. hinders debugging! -CFLAGS += -fomit-frame-pointer +#CFLAGS += -fomit-frame-pointer # optimize for SIZE -CFLAGS += -Os +CFLAGS += -Os -DSMALL_CODE # compile for DEBUGING (required for ccmalloc checking!!!) #CFLAGS += -g3 @@ -82,7 +82,7 @@ blowfish.o des.o safer_tab.o safer.o saferp.o rc2.o xtea.o \ rc6.o rc5.o cast5.o noekeon.o twofish.o skipjack.o \ \ md2.o md4.o md5.o sha1.o sha256.o sha512.o tiger.o whirl.o \ -rmd128.o rmd160.o \ +rmd128.o rmd160.o chc.o \ \ packet_store_header.o packet_valid_header.o \ \ @@ -114,7 +114,11 @@ pkcs_1_v15_es_encode.o pkcs_1_v15_es_decode.o pkcs_1_v15_sa_encode.o pkcs_1_v15_ \ pkcs_5_1.o pkcs_5_2.o \ \ +der_encode_integer.o der_decode_integer.o der_length_integer.o \ +der_put_multi_integer.o der_get_multi_integer.o \ +\ burn_stack.o zeromem.o \ +\ $(MPIOBJECT) TESTOBJECTS=demos/test.o @@ -134,7 +138,7 @@ COMPRESSED=crypt-$(VERSION).tar.bz2 crypt-$(VERSION).zip HEADERS=ltc_tommath.h mycrypt_cfg.h \ mycrypt_misc.h mycrypt_prng.h mycrypt_cipher.h mycrypt_hash.h \ mycrypt_macros.h mycrypt_pk.h mycrypt.h mycrypt_argchk.h \ -mycrypt_custom.h mycrypt_pkcs.h +mycrypt_custom.h mycrypt_pkcs.h tommath_class.h tommath_superclass.h #The default rule for make builds the libtomcrypt library. default:library @@ -187,15 +191,22 @@ install: library docs install -g root -o root $(HEADERS) $(DESTDIR)$(INCPATH) install -g root -o root doc/crypt.pdf $(DESTDIR)$(DATAPATH) +install_lib: library + install -d -g root -o root $(DESTDIR)$(LIBPATH) + install -d -g root -o root $(DESTDIR)$(INCPATH) + install -g root -o root $(LIBNAME) $(DESTDIR)$(LIBPATH) + install -g root -o root $(HEADERS) $(DESTDIR)$(INCPATH) + #This rule cleans the source tree of all compiled code, not including the pdf #documentation. clean: rm -f $(OBJECTS) $(TESTOBJECTS) $(HASHOBJECTS) $(CRYPTOBJECTS) $(SMALLOBJECTS) $(LEFTOVERS) $(LIBNAME) rm -f $(TEST) $(HASH) $(COMPRESSED) $(PROFS) $(PROF) $(TVS) $(TV) - rm -f *.a *.dll *stackdump *.lib *.exe *.obj demos/*.obj demos/*.o *.bat *.txt *.il *.da demos/*.il demos/*.da *.dyn *.dpi \ + rm -f *.la *.lo *.o *.a *.dll *stackdump *.lib *.exe *.obj demos/*.obj demos/*.o *.bat *.txt *.il *.da demos/*.il demos/*.da *.dyn *.dpi \ *.gcda *.gcno demos/*.gcno demos/*.gcda *~ doc/* cd demos/test ; make clean - + rm -rf .libs demos/.libs demos/test/.libs + #This builds the crypt.pdf file. Note that the rm -f *.pdf has been removed #from the clean command! This is because most people would like to keep the #nice pre-compiled crypt.pdf that comes with libtomcrypt! We only need to @@ -230,12 +241,6 @@ profiled: rm *.o *.a x86_prof make CFLAGS="$(CFLAGS) -fprofile-use" EXTRALIBS=-lgcov x86_prof -#beta -beta: clean - cd .. ; rm -rf crypt* libtomcrypt-$(VERSION)-beta ; mkdir libtomcrypt-$(VERSION)-beta ; \ - cp -R ./libtomcrypt/* ./libtomcrypt-$(VERSION)-beta/ ; tar -c libtomcrypt-$(VERSION)-beta/* > crypt-$(VERSION)-beta.tar ; \ - bzip2 -9vv crypt-$(VERSION)-beta.tar ; zip -9 -r crypt-$(VERSION)-beta.zip libtomcrypt-$(VERSION)-beta/* - #zipup the project (take that!) zipup: clean docs cd .. ; rm -rf crypt* libtomcrypt-$(VERSION) ; mkdir libtomcrypt-$(VERSION) ; \ diff --git a/makefile.cygwin_dll b/makefile.cygwin_dll index 5683dc6..5e11b7c 100644 --- a/makefile.cygwin_dll +++ b/makefile.cygwin_dll @@ -7,13 +7,13 @@ default: ltc_dll CFLAGS += -I./ -Wall -Wsign-compare -W -Wno-unused -Wshadow -mno-cygwin -DWIN32 # optimize for SPEED -#CFLAGS += -O3 -funroll-loops +CFLAGS += -O3 -funroll-all-loops #add -fomit-frame-pointer. v3.2 is buggy for certain platforms! -#CFLAGS += -fomit-frame-pointer +CFLAGS += -fomit-frame-pointer # optimize for SIZE -CFLAGS += -Os +#CFLAGS += -Os #Leave MPI built-in or force developer to link against libtommath? MPIOBJECT=mpi.o @@ -28,7 +28,7 @@ crypt_find_cipher_id.o crypt_find_prng.o crypt_prng_is_valid.o \ crypt_unregister_cipher.o crypt_cipher_is_valid.o crypt_find_hash.o \ crypt_hash_descriptor.o crypt_register_cipher.o crypt_unregister_hash.o \ \ -sprng.o fortuna.o sober128.o yarrow.o rc4.o rng_get_bytes.o rng_make_prng.o \ +sober128.o fortuna.o sprng.o yarrow.o rc4.o rng_get_bytes.o rng_make_prng.o \ \ rand_prime.o is_prime.o \ \ @@ -47,7 +47,7 @@ blowfish.o des.o safer_tab.o safer.o saferp.o rc2.o xtea.o \ rc6.o rc5.o cast5.o noekeon.o twofish.o skipjack.o \ \ md2.o md4.o md5.o sha1.o sha256.o sha512.o tiger.o whirl.o \ -rmd128.o rmd160.o \ +rmd128.o rmd160.o chc.o \ \ packet_store_header.o packet_valid_header.o \ \ @@ -79,7 +79,11 @@ pkcs_1_v15_es_encode.o pkcs_1_v15_es_decode.o pkcs_1_v15_sa_encode.o pkcs_1_v15_ \ pkcs_5_1.o pkcs_5_2.o \ \ +der_encode_integer.o der_decode_integer.o der_length_integer.o \ +der_put_multi_integer.o der_get_multi_integer.o \ +\ burn_stack.o zeromem.o \ +\ $(MPIOBJECT) #ciphers come in two flavours... enc+dec and enc diff --git a/makefile.icc b/makefile.icc index f73a323..ee7ba54 100644 --- a/makefile.icc +++ b/makefile.icc @@ -98,7 +98,7 @@ blowfish.o des.o safer_tab.o safer.o saferp.o rc2.o xtea.o \ rc6.o rc5.o cast5.o noekeon.o twofish.o skipjack.o \ \ md2.o md4.o md5.o sha1.o sha256.o sha512.o tiger.o whirl.o \ -rmd128.o rmd160.o \ +rmd128.o rmd160.o chc.o \ \ packet_store_header.o packet_valid_header.o \ \ @@ -130,7 +130,11 @@ pkcs_1_v15_es_encode.o pkcs_1_v15_es_decode.o pkcs_1_v15_sa_encode.o pkcs_1_v15_ \ pkcs_5_1.o pkcs_5_2.o \ \ +der_encode_integer.o der_decode_integer.o der_length_integer.o \ +der_put_multi_integer.o der_get_multi_integer.o \ +\ burn_stack.o zeromem.o \ +\ $(MPIOBJECT) diff --git a/makefile.msvc b/makefile.msvc index 6209827..a5b5ef9 100644 --- a/makefile.msvc +++ b/makefile.msvc @@ -18,7 +18,7 @@ crypt_find_cipher_id.obj crypt_find_prng.obj crypt_prng_is_valid.obj crypt_unregister_cipher.obj crypt_cipher_is_valid.obj crypt_find_hash.obj \ crypt_hash_descriptor.obj crypt_register_cipher.obj crypt_unregister_hash.obj \ \ -sprng.obj fortuna.obj sober128.obj yarrow.obj rc4.obj rng_get_bytes.obj rng_make_prng.obj \ +sober128.obj fortuna.obj sprng.obj yarrow.obj rc4.obj rng_get_bytes.obj rng_make_prng.obj \ \ rand_prime.obj is_prime.obj \ \ @@ -37,7 +37,7 @@ blowfish.obj des.obj safer_tab.obj safer.obj saferp.obj rc2.obj xtea.obj \ rc6.obj rc5.obj cast5.obj noekeon.obj twofish.obj skipjack.obj \ \ md2.obj md4.obj md5.obj sha1.obj sha256.obj sha512.obj tiger.obj whirl.obj \ -rmd128.obj rmd160.obj \ +rmd128.obj rmd160.obj chc.obj \ \ packet_store_header.obj packet_valid_header.obj \ \ @@ -69,7 +69,11 @@ pkcs_1_v15_es_encode.obj pkcs_1_v15_es_decode.obj pkcs_1_v15_sa_encode.obj pkcs_ \ pkcs_5_1.obj pkcs_5_2.obj \ \ +der_encode_integer.obj der_decode_integer.obj der_length_integer.obj \ +der_put_multi_integer.obj der_get_multi_integer.obj \ +\ burn_stack.obj zeromem.obj \ +\ $(MPIOBJECT) #ciphers come in two flavours... enc+dec and enc diff --git a/makefile.shared b/makefile.shared new file mode 100644 index 0000000..5f5f5b8 --- /dev/null +++ b/makefile.shared @@ -0,0 +1,186 @@ +# MAKEFILE for linux GCC +# +# Tom St Denis +# Modified by Clay Culver + +# The version +VERSION=0:99 + +# Compiler and Linker Names +CC=libtool --mode=compile gcc + +# Archiver [makes .a files] +AR=libtool --mode=link + +# Compilation flags. Note the += does not write over the user's CFLAGS! +CFLAGS += -c -I./ -Wall -Wsign-compare -W -Wshadow +# -Werror + +# optimize for SPEED +CFLAGS += -O3 -funroll-all-loops + +#add -fomit-frame-pointer. hinders debugging! +CFLAGS += -fomit-frame-pointer + +# optimize for SIZE +#CFLAGS += -Os + +# compile for DEBUGING (required for ccmalloc checking!!!) +#CFLAGS += -g3 + +#These flags control how the library gets built. + +#Output filenames for various targets. +LIBNAME=libtomcrypt.la +HASH=hashsum +CRYPT=encrypt +SMALL=small +PROF=x86_prof +TV=tv_gen + +#LIBPATH-The directory for libtomcrypt to be installed to. +#INCPATH-The directory to install the header files for libtomcrypt. +#DATAPATH-The directory to install the pdf docs. +DESTDIR= +LIBPATH=/usr/lib +INCPATH=/usr/include +DATAPATH=/usr/share/doc/libtomcrypt/pdf + +#List of objects to compile. + +#Leave MPI built-in or force developer to link against libtommath? +MPIOBJECT=mpi.o + +#If you don't want mpi.o then add this +#MPISHARED=$(LIBPATH)/libtommath.la + +OBJECTS=error_to_string.o mpi_to_ltc_error.o base64_encode.o base64_decode.o \ +\ +crypt.o crypt_find_cipher.o crypt_find_hash_any.o \ +crypt_hash_is_valid.o crypt_register_hash.o crypt_unregister_prng.o \ +crypt_argchk.o crypt_find_cipher_any.o crypt_find_hash_id.o \ +crypt_prng_descriptor.o crypt_register_prng.o crypt_cipher_descriptor.o \ +crypt_find_cipher_id.o crypt_find_prng.o crypt_prng_is_valid.o \ +crypt_unregister_cipher.o crypt_cipher_is_valid.o crypt_find_hash.o \ +crypt_hash_descriptor.o crypt_register_cipher.o crypt_unregister_hash.o \ +\ +sober128.o fortuna.o sprng.o yarrow.o rc4.o rng_get_bytes.o rng_make_prng.o \ +\ +rand_prime.o is_prime.o \ +\ +ecc.o dh.o \ +\ +rsa_decrypt_key.o rsa_encrypt_key.o rsa_exptmod.o rsa_free.o rsa_make_key.o \ +rsa_sign_hash.o rsa_verify_hash.o rsa_export.o rsa_import.o tim_exptmod.o \ +rsa_v15_encrypt_key.o rsa_v15_decrypt_key.o rsa_v15_sign_hash.o rsa_v15_verify_hash.o \ +\ +dsa_export.o dsa_free.o dsa_import.o dsa_make_key.o dsa_sign_hash.o \ +dsa_verify_hash.o dsa_verify_key.o \ +\ +aes.o aes_enc.o \ +\ +blowfish.o des.o safer_tab.o safer.o saferp.o rc2.o xtea.o \ +rc6.o rc5.o cast5.o noekeon.o twofish.o skipjack.o \ +\ +md2.o md4.o md5.o sha1.o sha256.o sha512.o tiger.o whirl.o \ +rmd128.o rmd160.o chc.o \ +\ +packet_store_header.o packet_valid_header.o \ +\ +eax_addheader.o eax_decrypt.o eax_decrypt_verify_memory.o eax_done.o eax_encrypt.o \ +eax_encrypt_authenticate_memory.o eax_init.o eax_test.o \ +\ +ocb_decrypt.o ocb_decrypt_verify_memory.o ocb_done_decrypt.o ocb_done_encrypt.o \ +ocb_encrypt.o ocb_encrypt_authenticate_memory.o ocb_init.o ocb_ntz.o \ +ocb_shift_xor.o ocb_test.o s_ocb_done.o \ +\ +omac_done.o omac_file.o omac_init.o omac_memory.o omac_process.o omac_test.o \ +\ +pmac_done.o pmac_file.o pmac_init.o pmac_memory.o pmac_ntz.o pmac_process.o \ +pmac_shift_xor.o pmac_test.o \ +\ +cbc_start.o cbc_encrypt.o cbc_decrypt.o cbc_getiv.o cbc_setiv.o \ +cfb_start.o cfb_encrypt.o cfb_decrypt.o cfb_getiv.o cfb_setiv.o \ +ofb_start.o ofb_encrypt.o ofb_decrypt.o ofb_getiv.o ofb_setiv.o \ +ctr_start.o ctr_encrypt.o ctr_decrypt.o ctr_getiv.o ctr_setiv.o \ +ecb_start.o ecb_encrypt.o ecb_decrypt.o \ +\ +hash_file.o hash_filehandle.o hash_memory.o \ +\ +hmac_done.o hmac_file.o hmac_init.o hmac_memory.o hmac_process.o hmac_test.o \ +\ +pkcs_1_mgf1.o pkcs_1_oaep_encode.o pkcs_1_oaep_decode.o \ +pkcs_1_pss_encode.o pkcs_1_pss_decode.o pkcs_1_i2osp.o pkcs_1_os2ip.o \ +pkcs_1_v15_es_encode.o pkcs_1_v15_es_decode.o pkcs_1_v15_sa_encode.o pkcs_1_v15_sa_decode.o \ +\ +pkcs_5_1.o pkcs_5_2.o \ +\ +der_encode_integer.o der_decode_integer.o der_length_integer.o \ +der_put_multi_integer.o der_get_multi_integer.o \ +\ +burn_stack.o zeromem.o \ +\ +$(MPIOBJECT) + +TESTOBJECTS=demos/test.o +HASHOBJECTS=demos/hashsum.o +CRYPTOBJECTS=demos/encrypt.o +SMALLOBJECTS=demos/small.o +PROFS=demos/x86_prof.o +TVS=demos/tv_gen.o + +#Files left over from making the crypt.pdf. +LEFTOVERS=*.dvi *.log *.aux *.toc *.idx *.ilg *.ind *.out + +#Compressed filenames +COMPRESSED=crypt-$(VERSION).tar.bz2 crypt-$(VERSION).zip + +#Header files used by libtomcrypt. +HEADERS=ltc_tommath.h mycrypt_cfg.h \ +mycrypt_misc.h mycrypt_prng.h mycrypt_cipher.h mycrypt_hash.h \ +mycrypt_macros.h mycrypt_pk.h mycrypt.h mycrypt_argchk.h \ +mycrypt_custom.h mycrypt_pkcs.h tommath_class.h tommath_superclass.h + +#The default rule for make builds the libtomcrypt library. +default:library + +#ciphers come in two flavours... enc+dec and enc +aes_enc.o: aes.c aes_tab.c + $(CC) $(CFLAGS) -DENCRYPT_ONLY -c aes.c -o aes_enc.o + +#These are the rules to make certain object files. +aes.o: aes.c aes_tab.c +twofish.o: twofish.c twofish_tab.c +whirl.o: whirl.c whirltab.c +ecc.o: ecc.c ecc_sys.c +dh.o: dh.c dh_sys.c +sha512.o: sha512.c sha384.c +sha256.o: sha256.c sha224.c + +#This rule makes the libtomcrypt library. +library: $(LIBNAME) + +$(LIBNAME): $(OBJECTS) + libtool --mode=link gcc $(CFLAGS) *.lo -o libtomcrypt.la -rpath $(LIBPATH) -version-info $(VERSION) + libtool --mode=link gcc $(CFLAGS) *.o -o libtomcrypt.a + libtool --mode=install install -c libtomcrypt.la $(LIBPATH)/libtomcrypt.la + install -d -g root -o root $(DESTDIR)$(INCPATH) + install -g root -o root $(HEADERS) $(DESTDIR)$(INCPATH) + +#This rule makes the hash program included with libtomcrypt +hashsum: library + gcc $(CFLAGS) demos/hashsum.c -o hashsum.o + libtool --mode=link gcc -o hashsum hashsum.o -ltomcrypt $(MPISHARED) + +#makes the crypt program +crypt: library + gcc $(CFLAGS) demos/encrypt.c -o encrypt.o + libtool --mode=link gcc -o crypt encrypt.o -ltomcrypt $(MPISHARED) + +x86_prof: library + gcc $(CFLAGS) demos/x86_prof.c -o x86_prof.o + libtool --mode=link gcc -o x86_prof x86_prof.o -ltomcrypt $(MPISHARED) $(EXTRALIBS) + +tv_gen: library $(TVS) + gcc $(CFLAGS) demos/tv_gen.c -o tv_gen.o + libtool --mode=link gcc -o tv_gen tv_gen.o -ltomcrypt $(MPISHARED) diff --git a/md2.c b/md2.c index 30ac4ec..8e2a987 100644 --- a/md2.c +++ b/md2.c @@ -90,7 +90,7 @@ static void md2_compress(hash_state *md) } } -void md2_init(hash_state *md) +int md2_init(hash_state *md) { _ARGCHK(md != NULL); @@ -99,6 +99,7 @@ void md2_init(hash_state *md) zeromem(md->md2.chksum, sizeof(md->md2.chksum)); zeromem(md->md2.buf, sizeof(md->md2.buf)); md->md2.curlen = 0; + return CRYPT_OK; } int md2_process(hash_state *md, const unsigned char *buf, unsigned long len) diff --git a/md4.c b/md4.c index 5c2ea11..0e0cc6b 100644 --- a/md4.c +++ b/md4.c @@ -68,9 +68,9 @@ const struct _hash_descriptor md4_desc = } #ifdef CLEAN_STACK -static void _md4_compress(hash_state *md, unsigned char *buf) +static int _md4_compress(hash_state *md, unsigned char *buf) #else -static void md4_compress(hash_state *md, unsigned char *buf) +static int md4_compress(hash_state *md, unsigned char *buf) #endif { ulong32 x[16], a, b, c, d; @@ -147,17 +147,21 @@ static void md4_compress(hash_state *md, unsigned char *buf) md->md4.state[1] = md->md4.state[1] + b; md->md4.state[2] = md->md4.state[2] + c; md->md4.state[3] = md->md4.state[3] + d; + + return CRYPT_OK; } #ifdef CLEAN_STACK -static void md4_compress(hash_state *md, unsigned char *buf) +static int md4_compress(hash_state *md, unsigned char *buf) { - _md4_compress(md, buf); + int err; + err = _md4_compress(md, buf); burn_stack(sizeof(ulong32) * 20 + sizeof(int)); + return err; } #endif -void md4_init(hash_state * md) +int md4_init(hash_state * md) { _ARGCHK(md != NULL); md->md4.state[0] = 0x67452301UL; @@ -166,6 +170,7 @@ void md4_init(hash_state * md) md->md4.state[3] = 0x10325476UL; md->md4.length = 0; md->md4.curlen = 0; + return CRYPT_OK; } HASH_PROCESS(md4_process, md4_compress, md4, 64) diff --git a/md5.c b/md5.c index 8f6e1ea..5339169 100644 --- a/md5.c +++ b/md5.c @@ -81,9 +81,9 @@ static const ulong32 Korder[64] = { #endif #ifdef CLEAN_STACK -static void _md5_compress(hash_state *md, unsigned char *buf) +static int _md5_compress(hash_state *md, unsigned char *buf) #else -static void md5_compress(hash_state *md, unsigned char *buf) +static int md5_compress(hash_state *md, unsigned char *buf) #endif { ulong32 i, W[16], a, b, c, d; @@ -194,17 +194,21 @@ static void md5_compress(hash_state *md, unsigned char *buf) md->md5.state[1] = md->md5.state[1] + b; md->md5.state[2] = md->md5.state[2] + c; md->md5.state[3] = md->md5.state[3] + d; + + return CRYPT_OK; } #ifdef CLEAN_STACK -static void md5_compress(hash_state *md, unsigned char *buf) +static int md5_compress(hash_state *md, unsigned char *buf) { - _md5_compress(md, buf); + int err; + err = _md5_compress(md, buf); burn_stack(sizeof(ulong32) * 21); + return err; } #endif -void md5_init(hash_state * md) +int md5_init(hash_state * md) { _ARGCHK(md != NULL); md->md5.state[0] = 0x67452301UL; @@ -213,6 +217,7 @@ void md5_init(hash_state * md) md->md5.state[3] = 0x10325476UL; md->md5.curlen = 0; md->md5.length = 0; + return CRYPT_OK; } HASH_PROCESS(md5_process, md5_compress, md5, 64) diff --git a/mpi.c b/mpi.c index dc99927..2ddd0de 100644 --- a/mpi.c +++ b/mpi.c @@ -1,4 +1,6 @@ /* Start: bn_error.c */ +#include +#ifdef BN_ERROR_C /* LibTomMath, multiple-precision integer library -- Tom St Denis * * LibTomMath is a library that provides multiple-precision @@ -13,7 +15,6 @@ * * Tom St Denis, tomstdenis@iahu.ca, http://math.libtomcrypt.org */ -#include static const struct { int code; @@ -40,10 +41,13 @@ char *mp_error_to_string(int code) return "Invalid error code"; } +#endif /* End: bn_error.c */ /* Start: bn_fast_mp_invmod.c */ +#include +#ifdef BN_FAST_MP_INVMOD_C /* LibTomMath, multiple-precision integer library -- Tom St Denis * * LibTomMath is a library that provides multiple-precision @@ -58,12 +62,11 @@ char *mp_error_to_string(int code) * * Tom St Denis, tomstdenis@iahu.ca, http://math.libtomcrypt.org */ -#include /* computes the modular inverse via binary extended euclidean algorithm, * that is c = 1/a mod b * - * Based on mp_invmod except this is optimized for the case where b is + * Based on slow invmod except this is optimized for the case where b is * odd as per HAC Note 14.64 on pp. 610 */ int @@ -187,10 +190,13 @@ top: __ERR:mp_clear_multi (&x, &y, &u, &v, &B, &D, NULL); return res; } +#endif /* End: bn_fast_mp_invmod.c */ /* Start: bn_fast_mp_montgomery_reduce.c */ +#include +#ifdef BN_FAST_MP_MONTGOMERY_REDUCE_C /* LibTomMath, multiple-precision integer library -- Tom St Denis * * LibTomMath is a library that provides multiple-precision @@ -205,11 +211,10 @@ __ERR:mp_clear_multi (&x, &y, &u, &v, &B, &D, NULL); * * Tom St Denis, tomstdenis@iahu.ca, http://math.libtomcrypt.org */ -#include /* computes xR**-1 == x (mod N) via Montgomery Reduction * - * This is an optimized implementation of mp_montgomery_reduce + * This is an optimized implementation of montgomery_reduce * which uses the comba method to quickly calculate the columns of the * reduction. * @@ -258,15 +263,6 @@ fast_mp_montgomery_reduce (mp_int * x, mp_int * n, mp_digit rho) /* now we proceed to zero successive digits * from the least significant upwards */ -#ifdef LTMSSE - // compute globals we'd like to have in MMX registers - asm ("movl $268435455,%%eax \n\t" //mm2 == MP_MASK - "movd %%eax,%%mm2 \n\t" - "movd %0,%%mm3 \n\t" //mm3 = rho - "movq (%1),%%mm0 \n\t" // W[ix] for ix=0 - ::"r"(rho),"r"(W):"%eax"); -#endif - for (ix = 0; ix < n->used; ix++) { /* mu = ai * m' mod b * @@ -274,13 +270,9 @@ fast_mp_montgomery_reduce (mp_int * x, mp_int * n, mp_digit rho) * by casting the value down to a mp_digit. Note this requires * that W[ix-1] have the carry cleared (see after the inner loop) */ -#ifndef LTMSSE register mp_digit mu; mu = (mp_digit) (((W[ix] & MP_MASK) * rho) & MP_MASK); -#else - asm("pmuludq %mm3,%mm0 \n\t" // multiply against rho - "pand %mm2,%mm0 \n\t"); // mu == mm0 -#endif + /* a = a + mu * m * b**i * * This is computed in place and on the fly. The multiplication @@ -308,33 +300,13 @@ fast_mp_montgomery_reduce (mp_int * x, mp_int * n, mp_digit rho) /* inner loop */ for (iy = 0; iy < n->used; iy++) { -#ifndef LTMSSE *_W++ += ((mp_word)mu) * ((mp_word)*tmpn++); -#else -// SSE version - asm ("movd (%0), %%mm1 \n\t" // load right side - "pmuludq %%mm0,%%mm1 \n\t" // multiply into left side - "paddq (%1),%%mm1 \n\t" // add 64-bit result out - "movq %%mm1,(%1)" // store result - :: "r"(tmpn), "r"(_W)); - // update pointers - ++tmpn; - ++_W; -#endif } } /* now fix carry for next digit, W[ix+1] */ -#ifndef LTMSSE W[ix + 1] += W[ix] >> ((mp_word) DIGIT_BIT); -#else - asm("movq (%0),%%mm0 \n\t" // W[ix] - "psrlq $28,%%mm0 \n\t" // W[ix]>>28 - "paddq 8(%0),%%mm0 \n\t" // W[ix+1] + W[ix]>>28 - "movq %%mm0,8(%0) " // store - ::"r"(&W[ix])); -#endif -} + } /* now we have to propagate the carries and * shift the words downward [all those least @@ -352,36 +324,35 @@ fast_mp_montgomery_reduce (mp_int * x, mp_int * n, mp_digit rho) /* alias for next word, where the carry goes */ _W = W + ++ix; + for (; ix <= n->used * 2 + 1; ix++) { + *_W++ += *_W1++ >> ((mp_word) DIGIT_BIT); + } + + /* copy out, A = A/b**n + * + * The result is A/b**n but instead of converting from an + * array of mp_word to mp_digit than calling mp_rshd + * we just copy them in the right order + */ + /* alias for destination word */ tmpx = x->dp; - for (; ix <= n->used * 2 + 1; ix++) { -#ifndef LTMSSE - *tmpx++ = (mp_digit)(*_W1 & ((mp_word) MP_MASK)); - *_W++ += *_W1++ >> ((mp_word) DIGIT_BIT); -#else - asm("movq %%mm0,%%mm1 \n\t" // copy of W[ix] - "psrlq $28,%%mm0 \n\t" // >>28 - "pand %%mm2,%%mm1 \n\t" // & with MP_MASK - "paddq (%0),%%mm0 \n\t" // += _W - "movd %%mm1,(%1) \n\t" // store it - ::"r"(_W),"r"(tmpx)); - ++_W; ++tmpx; -#endif + /* alias for shifted double precision result */ + _W = W + n->used; + + for (ix = 0; ix < n->used + 1; ix++) { + *tmpx++ = (mp_digit)(*_W++ & ((mp_word) MP_MASK)); } /* zero oldused digits, if the input a was larger than * m->used+1 we'll have to clear the digits */ - for (ix = n->used + 1; ix < olduse; ix++) { + for (; ix < olduse; ix++) { *tmpx++ = 0; } } -#ifdef LTMSSE - asm("emms"); -#endif - /* set the max used and clamp */ x->used = n->used + 1; mp_clamp (x); @@ -392,10 +363,13 @@ fast_mp_montgomery_reduce (mp_int * x, mp_int * n, mp_digit rho) } return MP_OKAY; } +#endif /* End: bn_fast_mp_montgomery_reduce.c */ /* Start: bn_fast_s_mp_mul_digs.c */ +#include +#ifdef BN_FAST_S_MP_MUL_DIGS_C /* LibTomMath, multiple-precision integer library -- Tom St Denis * * LibTomMath is a library that provides multiple-precision @@ -410,7 +384,6 @@ fast_mp_montgomery_reduce (mp_int * x, mp_int * n, mp_digit rho) * * Tom St Denis, tomstdenis@iahu.ca, http://math.libtomcrypt.org */ -#include /* Fast (comba) multiplier * @@ -431,8 +404,9 @@ fast_mp_montgomery_reduce (mp_int * x, mp_int * n, mp_digit rho) int fast_s_mp_mul_digs (mp_int * a, mp_int * b, mp_int * c, int digs) { - int olduse, res, pa, ix; - mp_word W[MP_WARRAY]; + int olduse, res, pa, ix, iz; + mp_digit W[MP_WARRAY]; + register mp_word _W; /* grow the destination as required */ if (c->alloc < digs) { @@ -441,68 +415,39 @@ fast_s_mp_mul_digs (mp_int * a, mp_int * b, mp_int * c, int digs) } } - /* clear temp buf (the columns) */ - memset (W, 0, sizeof (mp_word) * digs); + /* number of output digits to produce */ + pa = MIN(digs, a->used + b->used); - /* calculate the columns */ - pa = a->used; - for (ix = 0; ix < pa; ix++) { - /* this multiplier has been modified to allow you to - * control how many digits of output are produced. - * So at most we want to make upto "digs" digits of output. - * - * this adds products to distinct columns (at ix+iy) of W - * note that each step through the loop is not dependent on - * the previous which means the compiler can easily unroll - * the loop without scheduling problems - */ - { -#ifndef LTMSSE - register mp_digit tmpx; -#endif + /* clear the carry */ + _W = 0; + for (ix = 0; ix <= pa; ix++) { + int tx, ty; + int iy; + mp_digit *tmpx, *tmpy; - register mp_digit *tmpy; - register mp_word *_W; - register int iy, pb; + /* get offsets into the two bignums */ + ty = MIN(b->used-1, ix); + tx = ix - ty; - /* alias for the the word on the left e.g. A[ix] * A[iy] */ -#ifndef LTMSSE - tmpx = a->dp[ix]; -#else -// SSE: now we load the left side in mm0 - asm (" movd %0, %%mm0 " :: "r"(a->dp[ix])); -#endif - /* alias for the right side */ - tmpy = b->dp; + /* setup temp aliases */ + tmpx = a->dp + tx; + tmpy = b->dp + ty; - /* alias for the columns, each step through the loop adds a new - term to each column + /* this is the number of times the loop will iterrate, essentially its + while (tx++ < a->used && ty-- >= 0) { ... } */ - _W = W + ix; + iy = MIN(a->used-tx, ty+1); - /* the number of digits is limited by their placement. E.g. - we avoid multiplying digits that will end up above the # of - digits of precision requested - */ - pb = MIN (b->used, digs - ix); - - for (iy = 0; iy < pb; iy++) { -#ifndef LTMSSE - *_W++ += ((mp_word)tmpx) * ((mp_word)*tmpy++); -#else -// SSE version - asm ("movd (%0), %%mm1 \n\t" // load right side - "pmuludq %%mm0,%%mm1 \n\t" // multiply into left side - "paddq (%1), %%mm1 \n\t" // add 64-bit result out - "movq %%mm1,(%1)" // store result - :: "r"(tmpy), "r"(_W)); - // update pointers - ++tmpy; - ++_W; -#endif + /* execute loop */ + for (iz = 0; iz < iy; ++iz) { + _W += ((mp_word)*tmpx++)*((mp_word)*tmpy--); } - } + /* store term */ + W[ix] = ((mp_digit)_W) & MP_MASK; + + /* make next carry */ + _W = _W >> ((mp_word)DIGIT_BIT); } /* setup dest */ @@ -511,80 +456,27 @@ fast_s_mp_mul_digs (mp_int * a, mp_int * b, mp_int * c, int digs) { register mp_digit *tmpc; - - /* At this point W[] contains the sums of each column. To get the - * correct result we must take the extra bits from each column and - * carry them down - * - * Note that while this adds extra code to the multiplier it - * saves time since the carry propagation is removed from the - * above nested loop.This has the effect of reducing the work - * from N*(N+N*c)==N**2 + c*N**2 to N**2 + N*c where c is the - * cost of the shifting. On very small numbers this is slower - * but on most cryptographic size numbers it is faster. - * - * In this particular implementation we feed the carries from - * behind which means when the loop terminates we still have one - * last digit to copy - */ tmpc = c->dp; - -#ifdef LTMSSE - // mm2 has W[ix-1] - asm("movq (%0),%%mm2"::"r"(W)); -#endif - - for (ix = 1; ix < digs; ix++) { -#ifndef LTMSSE - /* forward the carry from the previous temp */ - W[ix] += (W[ix - 1] >> ((mp_word) DIGIT_BIT)); - + for (ix = 0; ix < digs; ix++) { /* now extract the previous digit [below the carry] */ - *tmpc++ = (mp_digit) (W[ix - 1] & ((mp_word) MP_MASK)); - -#else - asm( - "movq (%0),%%mm1 \n\t" // W[ix] - "movd %%mm2,%%eax \n\t" // get 32-bit version of it W[ix-1] - "psrlq $28,%%mm2 \n\t" // W[ix-1] >> DIGIT_BIT ... must be 28 - "andl $268435455,%%eax \n\t" // & with MP_MASK against W[ix-1] - "paddq %%mm1,%%mm2 \n\t" // add them - "movl %%eax,(%1) \n\t" // store it - :: "r"(&W[ix]), "r"(tmpc) : "%eax"); - ++tmpc; -#endif - + *tmpc++ = W[ix]; } -#ifndef LTMSSE - /* fetch the last digit */ - *tmpc++ = (mp_digit) (W[digs - 1] & ((mp_word) MP_MASK)); -#else - // get last since we don't store into W[ix] anymore ;-) - asm("movd %%mm2,%%eax \n\t" - "andl $268435455,%%eax \n\t" // & with MP_MASK against W[ix-1] - "movl %%eax,(%0)" // store it - ::"r"(tmpc):"%eax"); - ++tmpc; -#endif - /* clear unused digits [that existed in the old copy of c] */ for (; ix < olduse; ix++) { *tmpc++ = 0; } } - -#ifdef LTMSSE - asm("emms"); -#endif - mp_clamp (c); return MP_OKAY; } +#endif /* End: bn_fast_s_mp_mul_digs.c */ /* Start: bn_fast_s_mp_mul_high_digs.c */ +#include +#ifdef BN_FAST_S_MP_MUL_HIGH_DIGS_C /* LibTomMath, multiple-precision integer library -- Tom St Denis * * LibTomMath is a library that provides multiple-precision @@ -599,10 +491,9 @@ fast_s_mp_mul_digs (mp_int * a, mp_int * b, mp_int * c, int digs) * * Tom St Denis, tomstdenis@iahu.ca, http://math.libtomcrypt.org */ - #include -/* this is a modified version of fast_s_mp_mul_digs that only produces - * output digits *above* digs. See the comments for fast_s_mp_mul_digs +/* this is a modified version of fast_s_mul_digs that only produces + * output digits *above* digs. See the comments for fast_s_mul_digs * to see how it works. * * This is used in the Barrett reduction since for one of the multiplications @@ -613,133 +504,78 @@ fast_s_mp_mul_digs (mp_int * a, mp_int * b, mp_int * c, int digs) int fast_s_mp_mul_high_digs (mp_int * a, mp_int * b, mp_int * c, int digs) { - int oldused, newused, res, pa, pb, ix; - mp_word W[MP_WARRAY]; + int olduse, res, pa, ix, iz; + mp_digit W[MP_WARRAY]; + mp_word _W; - /* calculate size of product and allocate more space if required */ - newused = a->used + b->used + 1; - if (c->alloc < newused) { - if ((res = mp_grow (c, newused)) != MP_OKAY) { + /* grow the destination as required */ + pa = a->used + b->used; + if (c->alloc < pa) { + if ((res = mp_grow (c, pa)) != MP_OKAY) { return res; } } - /* like the other comba method we compute the columns first */ - pa = a->used; - pb = b->used; - memset (W + digs, 0, (pa + pb + 1 - digs) * sizeof (mp_word)); - for (ix = 0; ix < pa; ix++) { - { -#ifndef LTMSSE - register mp_digit tmpx; -#endif + /* number of output digits to produce */ + pa = a->used + b->used; + _W = 0; + for (ix = digs; ix <= pa; ix++) { + int tx, ty, iy; + mp_digit *tmpx, *tmpy; - register mp_digit *tmpy; - register int iy; - register mp_word *_W; + /* get offsets into the two bignums */ + ty = MIN(b->used-1, ix); + tx = ix - ty; - /* work todo, that is we only calculate digits that are at "digs" or above */ - iy = digs - ix; + /* setup temp aliases */ + tmpx = a->dp + tx; + tmpy = b->dp + ty; - /* copy of word on the left of A[ix] * B[iy] */ -#ifndef LTMSSE - tmpx = a->dp[ix]; -#else -//SSE we load tmpx into mm0 - asm (" movd %0, %%mm0 " :: "r"(a->dp[ix])); -#endif - - /* alias for right side */ - tmpy = b->dp + iy; - - /* alias for the columns of output. Offset to be equal to or above the - * smallest digit place requested + /* this is the number of times the loop will iterrate, essentially its + while (tx++ < a->used && ty-- >= 0) { ... } */ - _W = W + digs; - - /* skip cases below zero where ix > digs */ - if (iy < 0) { - iy = abs(iy); - tmpy += iy; - _W += iy; - iy = 0; + iy = MIN(a->used-tx, ty+1); + + /* execute loop */ + for (iz = 0; iz < iy; iz++) { + _W += ((mp_word)*tmpx++)*((mp_word)*tmpy--); } - /* compute column products for digits above the minimum */ - for (; iy < pb; iy++) { -#ifndef LTMSSE - *_W++ += ((mp_word) tmpx) * ((mp_word)*tmpy++); -#else -// SSE version - asm ("movd (%0), %%mm1 \n\t" // load right side - "pmuludq %%mm0,%%mm1 \n\t" // multiply into left side - "paddq (%1),%%mm1 \n\t" // add 64-bit result out - "movq %%mm1,(%1)" // store result - :: "r"(tmpy), "r"(_W)); - // update pointers - ++tmpy; - ++_W; -#endif - } + /* store term */ + W[ix] = ((mp_digit)_W) & MP_MASK; - } + /* make next carry */ + _W = _W >> ((mp_word)DIGIT_BIT); } /* setup dest */ - oldused = c->used; - c->used = newused; + olduse = c->used; + c->used = pa; - /* now convert the array W downto what we need - * - * See comments in bn_fast_s_mp_mul_digs.c - */ -#ifdef LTMSSE - // mm2 has W[ix-1] - asm("movq (%0),%%mm2"::"r"(W + digs)); -#endif + { + register mp_digit *tmpc; - for (ix = digs + 1; ix < newused; ix++) { - /* forward the carry from the previous temp */ -#ifndef LTMSSE - W[ix] += (W[ix - 1] >> ((mp_word) DIGIT_BIT)); - c->dp[ix - 1] = (mp_digit) (W[ix - 1] & ((mp_word) MP_MASK)); -#else - asm( - "movd %%mm2,%%eax \n\t" // get 32-bit version of it W[ix-1] - "psrlq $28,%%mm2 \n\t" // W[ix-1] >> DIGIT_BIT ... must be 28 - "andl $268435455,%%eax \n\t" // & with MP_MASK against W[ix-1] - "paddq (%0),%%mm2 \n\t" // add them - "movl %%eax,(%1) \n\t" // store it - :: "r"(&W[ix]), "r"(&c->dp[ix-1]) : "%eax"); -#endif + tmpc = c->dp + digs; + for (ix = digs; ix <= pa; ix++) { + /* now extract the previous digit [below the carry] */ + *tmpc++ = W[ix]; + } + /* clear unused digits [that existed in the old copy of c] */ + for (; ix < olduse; ix++) { + *tmpc++ = 0; + } } - -#ifndef LTMSSE - c->dp[newused - 1] = (mp_digit) (W[newused - 1] & ((mp_word) MP_MASK)); -#else - // get last since we don't store into W[ix] anymore ;-) - asm("movd %%mm2,%%eax\n\t" - "andl $268435455,%%eax \n\t" // & with MP_MASK against W[ix-1] - "movl %%eax,(%0)" // store it - ::"r"(&(c->dp[newused-1])):"%eax"); -#endif - - for (; ix < oldused; ix++) { - c->dp[ix] = 0; - } - -#ifdef LTMSSE - asm("emms"); -#endif - mp_clamp (c); return MP_OKAY; } +#endif /* End: bn_fast_s_mp_mul_high_digs.c */ /* Start: bn_fast_s_mp_sqr.c */ +#include +#ifdef BN_FAST_S_MP_SQR_C /* LibTomMath, multiple-precision integer library -- Tom St Denis * * LibTomMath is a library that provides multiple-precision @@ -754,7 +590,6 @@ fast_s_mp_mul_high_digs (mp_int * a, mp_int * b, mp_int * c, int digs) * * Tom St Denis, tomstdenis@iahu.ca, http://math.libtomcrypt.org */ -#include /* fast squaring * @@ -773,182 +608,107 @@ fast_s_mp_mul_high_digs (mp_int * a, mp_int * b, mp_int * c, int digs) * Based on Algorithm 14.16 on pp.597 of HAC. * */ +/* the jist of squaring... + +you do like mult except the offset of the tmpx [one that starts closer to zero] +can't equal the offset of tmpy. So basically you set up iy like before then you min it with +(ty-tx) so that it never happens. You double all those you add in the inner loop + +After that loop you do the squares and add them in. + +Remove W2 and don't memset W + +*/ + int fast_s_mp_sqr (mp_int * a, mp_int * b) { - int olduse, newused, res, ix, pa; - mp_word W2[MP_WARRAY], W[MP_WARRAY]; + int olduse, res, pa, ix, iz; + mp_digit W[MP_WARRAY], *tmpx; + mp_word W1; - /* calculate size of product and allocate as required */ - pa = a->used; - newused = pa + pa; - if (b->alloc < newused) { - if ((res = mp_grow (b, newused)) != MP_OKAY) { + /* grow the destination as required */ + pa = a->used + a->used; + if (b->alloc < pa) { + if ((res = mp_grow (b, pa)) != MP_OKAY) { return res; } } - /* zero temp buffer (columns) - * Note that there are two buffers. Since squaring requires - * a outer and inner product and the inner product requires - * computing a product and doubling it (a relatively expensive - * op to perform n**2 times if you don't have to) the inner and - * outer products are computed in different buffers. This way - * the inner product can be doubled using n doublings instead of - * n**2 - */ - memset (W, 0, newused * sizeof (mp_word)); -#ifndef LTMSSE - memset (W2, 0, newused * sizeof (mp_word)); -#endif + /* number of output digits to produce */ + W1 = 0; + for (ix = 0; ix <= pa; ix++) { + int tx, ty, iy; + mp_word _W; + mp_digit *tmpy; - /* This computes the inner product. To simplify the inner N**2 loop - * the multiplication by two is done afterwards in the N loop. - */ + /* clear counter */ + _W = 0; - for (ix = 0; ix < pa; ix++) { - /* compute the outer product - * - * Note that every outer product is computed - * for a particular column only once which means that - * there is no need todo a double precision addition - * into the W2[] array. - */ -#ifndef LTMSSE - W2[ix + ix] = ((mp_word)a->dp[ix]) * ((mp_word)a->dp[ix]); -#else - asm("movd %0,%%xmm0 \n\t" // load a->dp[ix] - "movdq2q %%xmm0,%%mm0 \n\t" // get 64-bit version - "pmuludq %%xmm0,%%xmm0 \n\t" // square it - "movdqu %%xmm0,(%1) \n\t" // store it (8-byte result, 8-byte zero) - ::"r"(a->dp[ix]), "r"(&(W2[ix+ix]))); -#endif + /* get offsets into the two bignums */ + ty = MIN(a->used-1, ix); + tx = ix - ty; - { -#ifndef LTMSSE - register mp_digit tmpx; -#endif - register mp_digit *tmpy; - register mp_word *_W; - register int iy; + /* setup temp aliases */ + tmpx = a->dp + tx; + tmpy = a->dp + ty; - /* copy of left side */ -#ifndef LTMSSE - tmpx = a->dp[ix]; -#else -//SSE we load tmpx into mm0 [note: loaded above] -// asm (" movd %0, %%mm0 " :: "r"(a->dp[ix])); -#endif + /* this is the number of times the loop will iterrate, essentially its + while (tx++ < a->used && ty-- >= 0) { ... } + */ + iy = MIN(a->used-tx, ty+1); - /* alias for right side */ - tmpy = a->dp + (ix + 1); + /* now for squaring tx can never equal ty + * we halve the distance since they approach at a rate of 2x + * and we have to round because odd cases need to be executed + */ + iy = MIN(iy, (ty-tx+1)>>1); - /* the column to store the result in */ - _W = W + (ix + ix + 1); - - /* inner products */ - for (iy = ix + 1; iy < pa; iy++) { -#ifndef LTMSSE - *_W++ += ((mp_word)tmpx) * ((mp_word)*tmpy++); -#else -// SSE version - asm ("movd (%0), %%mm1 \n\t" // load right side - "pmuludq %%mm0,%%mm1 \n\t" // multiply into left side - "paddq (%1),%%mm1 \n\t" // add 64-bit result out - "movq %%mm1,(%1)" // store result - :: "r"(tmpy), "r"(_W)); - // update pointers - ++tmpy; - ++_W; -#endif + /* execute loop */ + for (iz = 0; iz < iy; iz++) { + _W += ((mp_word)*tmpx++)*((mp_word)*tmpy--); } - } + + /* double the inner product and add carry */ + _W = _W + _W + W1; + + /* even columns have the square term in them */ + if ((ix&1) == 0) { + _W += ((mp_word)a->dp[ix>>1])*((mp_word)a->dp[ix>>1]); + } + + /* store it */ + W[ix] = _W; + + /* make next carry */ + W1 = _W >> ((mp_word)DIGIT_BIT); } /* setup dest */ olduse = b->used; - b->used = newused; + b->used = a->used+a->used; - /* now compute digits - * - * We have to double the inner product sums, add in the - * outer product sums, propagate carries and convert - * to single precision. - */ { - register mp_digit *tmpb; - - /* double first value, since the inner products are - * half of what they should be - */ + mp_digit *tmpb; tmpb = b->dp; -#ifndef LTMSSE - W[0] += W[0] + W2[0]; -#else - // mm2 has W[ix-1] - asm("movq (%0),%%mm2 \n\t" // load W[0] - "paddq %%mm2,%%mm2 \n\t" // W[0] + W[0] - "paddq (%1),%%mm2 \n\t" // W[0] + W[0] + W2[0] - ::"r"(W),"r"(W2)); -#endif - - for (ix = 1; ix < newused; ix++) { -#ifndef LTMSSE - /* double/add next digit */ - W[ix] += W[ix] + W2[ix]; - - /* propagate carry forwards [from the previous digit] */ - W[ix] = W[ix] + (W[ix - 1] >> ((mp_word) DIGIT_BIT)); - - /* store the current digit now that the carry isn't - * needed - */ - *tmpb++ = (mp_digit) (W[ix - 1] & ((mp_word) MP_MASK)); -#else - asm( "movq (%0),%%mm0 \n\t" // load W[ix] - "movd %%mm2,%%eax \n\t" // 32-bit version of W[ix-1] - "paddq %%mm0,%%mm0 \n\t" // W[ix] + W[ix] - "psrlq $28,%%mm2 \n\t" // W[ix-1] >> DIGIT_BIT ... must be 28 - "paddq (%1),%%mm0 \n\t" // W[ix] + W[ix] + W2[ix] - "andl $268435455,%%eax \n\t" // & with MP_MASK against W[ix-1] - "paddq %%mm0,%%mm2 \n\t" // W[ix] + W[ix] + W2[ix] + W[ix-1]>>DIGIT_BIT - "movl %%eax,(%2) " // store it - :: "r"(&W[ix]), "r"(&W2[ix]), "r"(tmpb):"%eax"); - ++tmpb; -#endif + for (ix = 0; ix < pa; ix++) { + *tmpb++ = W[ix] & MP_MASK; } -#ifndef LTMSSE - /* set the last value. Note even if the carry is zero - * this is required since the next step will not zero - * it if b originally had a value at b->dp[2*a.used] - */ - *tmpb++ = (mp_digit) (W[(newused) - 1] & ((mp_word) MP_MASK)); -#else - // get last since we don't store into W[ix] anymore ;-) - asm("movd %%mm2,%%eax \n\t" - "andl $268435455,%%eax \n\t" // & with MP_MASK against W[ix-1] - "movl %%eax,(%0) " // store it - ::"r"(tmpb):"%eax"); - ++tmpb; -#endif - - /* clear high digits of b if there were any originally */ + /* clear unused digits [that existed in the old copy of c] */ for (; ix < olduse; ix++) { *tmpb++ = 0; } } - -#ifdef LTMSSE - asm("emms"); -#endif - mp_clamp (b); return MP_OKAY; } +#endif /* End: bn_fast_s_mp_sqr.c */ /* Start: bn_mp_2expt.c */ +#include +#ifdef BN_MP_2EXPT_C /* LibTomMath, multiple-precision integer library -- Tom St Denis * * LibTomMath is a library that provides multiple-precision @@ -963,7 +723,6 @@ int fast_s_mp_sqr (mp_int * a, mp_int * b) * * Tom St Denis, tomstdenis@iahu.ca, http://math.libtomcrypt.org */ -#include /* computes a = 2**b * @@ -987,14 +746,17 @@ mp_2expt (mp_int * a, int b) a->used = b / DIGIT_BIT + 1; /* put the single bit in its place */ - a->dp[b / DIGIT_BIT] = 1 << (b % DIGIT_BIT); + a->dp[b / DIGIT_BIT] = ((mp_digit)1) << (b % DIGIT_BIT); return MP_OKAY; } +#endif /* End: bn_mp_2expt.c */ /* Start: bn_mp_abs.c */ +#include +#ifdef BN_MP_ABS_C /* LibTomMath, multiple-precision integer library -- Tom St Denis * * LibTomMath is a library that provides multiple-precision @@ -1009,7 +771,6 @@ mp_2expt (mp_int * a, int b) * * Tom St Denis, tomstdenis@iahu.ca, http://math.libtomcrypt.org */ -#include /* b = |a| * @@ -1032,10 +793,13 @@ mp_abs (mp_int * a, mp_int * b) return MP_OKAY; } +#endif /* End: bn_mp_abs.c */ /* Start: bn_mp_add.c */ +#include +#ifdef BN_MP_ADD_C /* LibTomMath, multiple-precision integer library -- Tom St Denis * * LibTomMath is a library that provides multiple-precision @@ -1050,7 +814,6 @@ mp_abs (mp_int * a, mp_int * b) * * Tom St Denis, tomstdenis@iahu.ca, http://math.libtomcrypt.org */ -#include /* high level addition (handles signs) */ int mp_add (mp_int * a, mp_int * b, mp_int * c) @@ -1083,10 +846,13 @@ int mp_add (mp_int * a, mp_int * b, mp_int * c) return res; } +#endif /* End: bn_mp_add.c */ /* Start: bn_mp_add_d.c */ +#include +#ifdef BN_MP_ADD_D_C /* LibTomMath, multiple-precision integer library -- Tom St Denis * * LibTomMath is a library that provides multiple-precision @@ -1101,7 +867,6 @@ int mp_add (mp_int * a, mp_int * b, mp_int * c) * * Tom St Denis, tomstdenis@iahu.ca, http://math.libtomcrypt.org */ -#include /* single digit addition */ int @@ -1190,10 +955,13 @@ mp_add_d (mp_int * a, mp_digit b, mp_int * c) return MP_OKAY; } +#endif /* End: bn_mp_add_d.c */ /* Start: bn_mp_addmod.c */ +#include +#ifdef BN_MP_ADDMOD_C /* LibTomMath, multiple-precision integer library -- Tom St Denis * * LibTomMath is a library that provides multiple-precision @@ -1208,7 +976,6 @@ mp_add_d (mp_int * a, mp_digit b, mp_int * c) * * Tom St Denis, tomstdenis@iahu.ca, http://math.libtomcrypt.org */ -#include /* d = a + b (mod c) */ int @@ -1229,10 +996,13 @@ mp_addmod (mp_int * a, mp_int * b, mp_int * c, mp_int * d) mp_clear (&t); return res; } +#endif /* End: bn_mp_addmod.c */ /* Start: bn_mp_and.c */ +#include +#ifdef BN_MP_AND_C /* LibTomMath, multiple-precision integer library -- Tom St Denis * * LibTomMath is a library that provides multiple-precision @@ -1247,7 +1017,6 @@ mp_addmod (mp_int * a, mp_int * b, mp_int * c, mp_int * d) * * Tom St Denis, tomstdenis@iahu.ca, http://math.libtomcrypt.org */ -#include /* AND two ints together */ int @@ -1284,10 +1053,13 @@ mp_and (mp_int * a, mp_int * b, mp_int * c) mp_clear (&t); return MP_OKAY; } +#endif /* End: bn_mp_and.c */ /* Start: bn_mp_clamp.c */ +#include +#ifdef BN_MP_CLAMP_C /* LibTomMath, multiple-precision integer library -- Tom St Denis * * LibTomMath is a library that provides multiple-precision @@ -1302,7 +1074,6 @@ mp_and (mp_int * a, mp_int * b, mp_int * c) * * Tom St Denis, tomstdenis@iahu.ca, http://math.libtomcrypt.org */ -#include /* trim unused digits * @@ -1326,10 +1097,13 @@ mp_clamp (mp_int * a) a->sign = MP_ZPOS; } } +#endif /* End: bn_mp_clamp.c */ /* Start: bn_mp_clear.c */ +#include +#ifdef BN_MP_CLEAR_C /* LibTomMath, multiple-precision integer library -- Tom St Denis * * LibTomMath is a library that provides multiple-precision @@ -1344,7 +1118,6 @@ mp_clamp (mp_int * a) * * Tom St Denis, tomstdenis@iahu.ca, http://math.libtomcrypt.org */ -#include /* clear one (frees) */ void @@ -1368,10 +1141,13 @@ mp_clear (mp_int * a) a->sign = MP_ZPOS; } } +#endif /* End: bn_mp_clear.c */ /* Start: bn_mp_clear_multi.c */ +#include +#ifdef BN_MP_CLEAR_MULTI_C /* LibTomMath, multiple-precision integer library -- Tom St Denis * * LibTomMath is a library that provides multiple-precision @@ -1386,7 +1162,6 @@ mp_clear (mp_int * a) * * Tom St Denis, tomstdenis@iahu.ca, http://math.libtomcrypt.org */ -#include #include void mp_clear_multi(mp_int *mp, ...) @@ -1400,10 +1175,13 @@ void mp_clear_multi(mp_int *mp, ...) } va_end(args); } +#endif /* End: bn_mp_clear_multi.c */ /* Start: bn_mp_cmp.c */ +#include +#ifdef BN_MP_CMP_C /* LibTomMath, multiple-precision integer library -- Tom St Denis * * LibTomMath is a library that provides multiple-precision @@ -1418,7 +1196,6 @@ void mp_clear_multi(mp_int *mp, ...) * * Tom St Denis, tomstdenis@iahu.ca, http://math.libtomcrypt.org */ -#include /* compare two ints (signed)*/ int @@ -1441,10 +1218,13 @@ mp_cmp (mp_int * a, mp_int * b) return mp_cmp_mag(a, b); } } +#endif /* End: bn_mp_cmp.c */ /* Start: bn_mp_cmp_d.c */ +#include +#ifdef BN_MP_CMP_D_C /* LibTomMath, multiple-precision integer library -- Tom St Denis * * LibTomMath is a library that provides multiple-precision @@ -1459,7 +1239,6 @@ mp_cmp (mp_int * a, mp_int * b) * * Tom St Denis, tomstdenis@iahu.ca, http://math.libtomcrypt.org */ -#include /* compare a digit */ int mp_cmp_d(mp_int * a, mp_digit b) @@ -1483,10 +1262,13 @@ int mp_cmp_d(mp_int * a, mp_digit b) return MP_EQ; } } +#endif /* End: bn_mp_cmp_d.c */ /* Start: bn_mp_cmp_mag.c */ +#include +#ifdef BN_MP_CMP_MAG_C /* LibTomMath, multiple-precision integer library -- Tom St Denis * * LibTomMath is a library that provides multiple-precision @@ -1501,7 +1283,6 @@ int mp_cmp_d(mp_int * a, mp_digit b) * * Tom St Denis, tomstdenis@iahu.ca, http://math.libtomcrypt.org */ -#include /* compare maginitude of two ints (unsigned) */ int mp_cmp_mag (mp_int * a, mp_int * b) @@ -1536,10 +1317,13 @@ int mp_cmp_mag (mp_int * a, mp_int * b) } return MP_EQ; } +#endif /* End: bn_mp_cmp_mag.c */ /* Start: bn_mp_cnt_lsb.c */ +#include +#ifdef BN_MP_CNT_LSB_C /* LibTomMath, multiple-precision integer library -- Tom St Denis * * LibTomMath is a library that provides multiple-precision @@ -1554,7 +1338,6 @@ int mp_cmp_mag (mp_int * a, mp_int * b) * * Tom St Denis, tomstdenis@iahu.ca, http://math.libtomcrypt.org */ -#include static const int lnz[16] = { 4, 0, 1, 0, 2, 0, 1, 0, 3, 0, 1, 0, 2, 0, 1, 0 @@ -1587,10 +1370,13 @@ int mp_cnt_lsb(mp_int *a) return x; } +#endif /* End: bn_mp_cnt_lsb.c */ /* Start: bn_mp_copy.c */ +#include +#ifdef BN_MP_COPY_C /* LibTomMath, multiple-precision integer library -- Tom St Denis * * LibTomMath is a library that provides multiple-precision @@ -1605,7 +1391,6 @@ int mp_cnt_lsb(mp_int *a) * * Tom St Denis, tomstdenis@iahu.ca, http://math.libtomcrypt.org */ -#include /* copy, b = a */ int @@ -1653,10 +1438,13 @@ mp_copy (mp_int * a, mp_int * b) b->sign = a->sign; return MP_OKAY; } +#endif /* End: bn_mp_copy.c */ /* Start: bn_mp_count_bits.c */ +#include +#ifdef BN_MP_COUNT_BITS_C /* LibTomMath, multiple-precision integer library -- Tom St Denis * * LibTomMath is a library that provides multiple-precision @@ -1671,7 +1459,6 @@ mp_copy (mp_int * a, mp_int * b) * * Tom St Denis, tomstdenis@iahu.ca, http://math.libtomcrypt.org */ -#include /* returns the number of bits in an int */ int @@ -1696,10 +1483,13 @@ mp_count_bits (mp_int * a) } return r; } +#endif /* End: bn_mp_count_bits.c */ /* Start: bn_mp_div.c */ +#include +#ifdef BN_MP_DIV_C /* LibTomMath, multiple-precision integer library -- Tom St Denis * * LibTomMath is a library that provides multiple-precision @@ -1714,7 +1504,78 @@ mp_count_bits (mp_int * a) * * Tom St Denis, tomstdenis@iahu.ca, http://math.libtomcrypt.org */ -#include + +#ifdef BN_MP_DIV_SMALL + +/* slower bit-bang division... also smaller */ +int mp_div(mp_int * a, mp_int * b, mp_int * c, mp_int * d) +{ + mp_int ta, tb, tq, q; + int res, n, n2; + + /* is divisor zero ? */ + if (mp_iszero (b) == 1) { + return MP_VAL; + } + + /* if a < b then q=0, r = a */ + if (mp_cmp_mag (a, b) == MP_LT) { + if (d != NULL) { + res = mp_copy (a, d); + } else { + res = MP_OKAY; + } + if (c != NULL) { + mp_zero (c); + } + return res; + } + + /* init our temps */ + if ((res = mp_init_multi(&ta, &tb, &tq, &q, NULL) != MP_OKAY)) { + return res; + } + + + mp_set(&tq, 1); + n = mp_count_bits(a) - mp_count_bits(b); + if (((res = mp_copy(a, &ta)) != MP_OKAY) || + ((res = mp_copy(b, &tb)) != MP_OKAY) || + ((res = mp_mul_2d(&tb, n, &tb)) != MP_OKAY) || + ((res = mp_mul_2d(&tq, n, &tq)) != MP_OKAY)) { + goto __ERR; + } + + while (n-- >= 0) { + if (mp_cmp(&tb, &ta) != MP_GT) { + if (((res = mp_sub(&ta, &tb, &ta)) != MP_OKAY) || + ((res = mp_add(&q, &tq, &q)) != MP_OKAY)) { + goto __ERR; + } + } + if (((res = mp_div_2d(&tb, 1, &tb, NULL)) != MP_OKAY) || + ((res = mp_div_2d(&tq, 1, &tq, NULL)) != MP_OKAY)) { + goto __ERR; + } + } + + /* now q == quotient and ta == remainder */ + n = a->sign; + n2 = (a->sign == b->sign ? MP_ZPOS : MP_NEG); + if (c != NULL) { + mp_exch(c, &q); + c->sign = n2; + } + if (d != NULL) { + mp_exch(d, &ta); + d->sign = n; + } +__ERR: + mp_clear_multi(&ta, &tb, &tq, &q, NULL); + return res; +} + +#else /* integer signed division. * c*b + d == a [e.g. a/b, c=quotient, d=remainder] @@ -1889,7 +1750,7 @@ int mp_div (mp_int * a, mp_int * b, mp_int * c, mp_int * d) */ /* get sign before writing to c */ - x.sign = a->sign; + x.sign = x.used == 0 ? MP_ZPOS : a->sign; if (c != NULL) { mp_clamp (&q); @@ -1912,9 +1773,15 @@ __Q:mp_clear (&q); return res; } +#endif + +#endif + /* End: bn_mp_div.c */ /* Start: bn_mp_div_2.c */ +#include +#ifdef BN_MP_DIV_2_C /* LibTomMath, multiple-precision integer library -- Tom St Denis * * LibTomMath is a library that provides multiple-precision @@ -1929,7 +1796,6 @@ __Q:mp_clear (&q); * * Tom St Denis, tomstdenis@iahu.ca, http://math.libtomcrypt.org */ -#include /* b = a/2 */ int mp_div_2(mp_int * a, mp_int * b) @@ -1977,10 +1843,13 @@ int mp_div_2(mp_int * a, mp_int * b) mp_clamp (b); return MP_OKAY; } +#endif /* End: bn_mp_div_2.c */ /* Start: bn_mp_div_2d.c */ +#include +#ifdef BN_MP_DIV_2D_C /* LibTomMath, multiple-precision integer library -- Tom St Denis * * LibTomMath is a library that provides multiple-precision @@ -1995,7 +1864,6 @@ int mp_div_2(mp_int * a, mp_int * b) * * Tom St Denis, tomstdenis@iahu.ca, http://math.libtomcrypt.org */ -#include /* shift right by a certain bit count (store quotient in c, optional remainder in d) */ int mp_div_2d (mp_int * a, int b, mp_int * c, mp_int * d) @@ -2072,10 +1940,13 @@ int mp_div_2d (mp_int * a, int b, mp_int * c, mp_int * d) mp_clear (&t); return MP_OKAY; } +#endif /* End: bn_mp_div_2d.c */ /* Start: bn_mp_div_3.c */ +#include +#ifdef BN_MP_DIV_3_C /* LibTomMath, multiple-precision integer library -- Tom St Denis * * LibTomMath is a library that provides multiple-precision @@ -2090,7 +1961,6 @@ int mp_div_2d (mp_int * a, int b, mp_int * c, mp_int * d) * * Tom St Denis, tomstdenis@iahu.ca, http://math.libtomcrypt.org */ -#include /* divide by three (based on routine from MPI and the GMP manual) */ int @@ -2149,10 +2019,13 @@ mp_div_3 (mp_int * a, mp_int *c, mp_digit * d) return res; } +#endif /* End: bn_mp_div_3.c */ /* Start: bn_mp_div_d.c */ +#include +#ifdef BN_MP_DIV_D_C /* LibTomMath, multiple-precision integer library -- Tom St Denis * * LibTomMath is a library that provides multiple-precision @@ -2167,7 +2040,6 @@ mp_div_3 (mp_int * a, mp_int *c, mp_digit * d) * * Tom St Denis, tomstdenis@iahu.ca, http://math.libtomcrypt.org */ -#include static int s_is_power_of_two(mp_digit b, int *p) { @@ -2209,7 +2081,7 @@ int mp_div_d (mp_int * a, mp_digit b, mp_int * c, mp_digit * d) /* power of two ? */ if (s_is_power_of_two(b, &ix) == 1) { if (d != NULL) { - *d = a->dp[0] & ((1<dp[0] & ((((mp_digit)1)<used)) != MP_OKAY) { @@ -2255,10 +2129,13 @@ int mp_div_d (mp_int * a, mp_digit b, mp_int * c, mp_digit * d) return res; } +#endif /* End: bn_mp_div_d.c */ /* Start: bn_mp_dr_is_modulus.c */ +#include +#ifdef BN_MP_DR_IS_MODULUS_C /* LibTomMath, multiple-precision integer library -- Tom St Denis * * LibTomMath is a library that provides multiple-precision @@ -2273,7 +2150,6 @@ int mp_div_d (mp_int * a, mp_digit b, mp_int * c, mp_digit * d) * * Tom St Denis, tomstdenis@iahu.ca, http://math.libtomcrypt.org */ -#include /* determines if a number is a valid DR modulus */ int mp_dr_is_modulus(mp_int *a) @@ -2296,10 +2172,13 @@ int mp_dr_is_modulus(mp_int *a) return 1; } +#endif /* End: bn_mp_dr_is_modulus.c */ /* Start: bn_mp_dr_reduce.c */ +#include +#ifdef BN_MP_DR_REDUCE_C /* LibTomMath, multiple-precision integer library -- Tom St Denis * * LibTomMath is a library that provides multiple-precision @@ -2314,7 +2193,6 @@ int mp_dr_is_modulus(mp_int *a) * * Tom St Denis, tomstdenis@iahu.ca, http://math.libtomcrypt.org */ -#include /* reduce "x" in place modulo "n" using the Diminished Radix algorithm. * @@ -2388,10 +2266,13 @@ top: } return MP_OKAY; } +#endif /* End: bn_mp_dr_reduce.c */ /* Start: bn_mp_dr_setup.c */ +#include +#ifdef BN_MP_DR_SETUP_C /* LibTomMath, multiple-precision integer library -- Tom St Denis * * LibTomMath is a library that provides multiple-precision @@ -2406,7 +2287,6 @@ top: * * Tom St Denis, tomstdenis@iahu.ca, http://math.libtomcrypt.org */ -#include /* determines the setup value */ void mp_dr_setup(mp_int *a, mp_digit *d) @@ -2418,10 +2298,13 @@ void mp_dr_setup(mp_int *a, mp_digit *d) ((mp_word)a->dp[0])); } +#endif /* End: bn_mp_dr_setup.c */ /* Start: bn_mp_exch.c */ +#include +#ifdef BN_MP_EXCH_C /* LibTomMath, multiple-precision integer library -- Tom St Denis * * LibTomMath is a library that provides multiple-precision @@ -2436,7 +2319,6 @@ void mp_dr_setup(mp_int *a, mp_digit *d) * * Tom St Denis, tomstdenis@iahu.ca, http://math.libtomcrypt.org */ -#include /* swap the elements of two integers, for cases where you can't simply swap the * mp_int pointers around @@ -2450,10 +2332,13 @@ mp_exch (mp_int * a, mp_int * b) *a = *b; *b = t; } +#endif /* End: bn_mp_exch.c */ /* Start: bn_mp_expt_d.c */ +#include +#ifdef BN_MP_EXPT_D_C /* LibTomMath, multiple-precision integer library -- Tom St Denis * * LibTomMath is a library that provides multiple-precision @@ -2468,7 +2353,6 @@ mp_exch (mp_int * a, mp_int * b) * * Tom St Denis, tomstdenis@iahu.ca, http://math.libtomcrypt.org */ -#include /* calculate c = a**b using a square-multiply algorithm */ int mp_expt_d (mp_int * a, mp_digit b, mp_int * c) @@ -2505,10 +2389,13 @@ int mp_expt_d (mp_int * a, mp_digit b, mp_int * c) mp_clear (&g); return MP_OKAY; } +#endif /* End: bn_mp_expt_d.c */ /* Start: bn_mp_exptmod.c */ +#include +#ifdef BN_MP_EXPTMOD_C /* LibTomMath, multiple-precision integer library -- Tom St Denis * * LibTomMath is a library that provides multiple-precision @@ -2523,7 +2410,6 @@ int mp_expt_d (mp_int * a, mp_digit b, mp_int * c) * * Tom St Denis, tomstdenis@iahu.ca, http://math.libtomcrypt.org */ -#include /* this is a shell function that calls either the normal or Montgomery @@ -2542,6 +2428,7 @@ int mp_exptmod (mp_int * G, mp_int * X, mp_int * P, mp_int * Y) /* if exponent X is negative we have to recurse */ if (X->sign == MP_NEG) { +#ifdef BN_MP_INVMOD_C mp_int tmpG, tmpX; int err; @@ -2568,29 +2455,51 @@ int mp_exptmod (mp_int * G, mp_int * X, mp_int * P, mp_int * Y) err = mp_exptmod(&tmpG, &tmpX, P, Y); mp_clear_multi(&tmpG, &tmpX, NULL); return err; +#else + /* no invmod */ + return MP_VAL +#endif } +#ifdef BN_MP_DR_IS_MODULUS_C /* is it a DR modulus? */ dr = mp_dr_is_modulus(P); +#else + dr = 0; +#endif +#ifdef BN_MP_REDUCE_IS_2K_C /* if not, is it a uDR modulus? */ if (dr == 0) { dr = mp_reduce_is_2k(P) << 1; } +#endif /* if the modulus is odd or dr != 0 use the fast method */ +#ifdef BN_MP_EXPTMOD_FAST_C if (mp_isodd (P) == 1 || dr != 0) { return mp_exptmod_fast (G, X, P, Y, dr); } else { +#endif +#ifdef BN_S_MP_EXPTMOD_C /* otherwise use the generic Barrett reduction technique */ return s_mp_exptmod (G, X, P, Y); +#else + /* no exptmod for evens */ + return MP_VAL; +#endif +#ifdef BN_MP_EXPTMOD_FAST_C } +#endif } +#endif /* End: bn_mp_exptmod.c */ /* Start: bn_mp_exptmod_fast.c */ +#include +#ifdef BN_MP_EXPTMOD_FAST_C /* LibTomMath, multiple-precision integer library -- Tom St Denis * * LibTomMath is a library that provides multiple-precision @@ -2605,7 +2514,6 @@ int mp_exptmod (mp_int * G, mp_int * X, mp_int * P, mp_int * Y) * * Tom St Denis, tomstdenis@iahu.ca, http://math.libtomcrypt.org */ -#include /* computes Y == G**X mod P, HAC pp.616, Algorithm 14.85 * @@ -2677,29 +2585,52 @@ mp_exptmod_fast (mp_int * G, mp_int * X, mp_int * P, mp_int * Y, int redmode) /* determine and setup reduction code */ if (redmode == 0) { +#ifdef BN_MP_MONTGOMERY_SETUP_C /* now setup montgomery */ if ((err = mp_montgomery_setup (P, &mp)) != MP_OKAY) { goto __M; } +#else + err = MP_VAL; + goto __M; +#endif /* automatically pick the comba one if available (saves quite a few calls/ifs) */ +#ifdef BN_FAST_MP_MONTGOMERY_REDUCE_C if (((P->used * 2 + 1) < MP_WARRAY) && P->used < (1 << ((CHAR_BIT * sizeof (mp_word)) - (2 * DIGIT_BIT)))) { redux = fast_mp_montgomery_reduce; - } else { + } else +#endif + { +#ifdef BN_MP_MONTGOMERY_REDUCE_C /* use slower baseline Montgomery method */ redux = mp_montgomery_reduce; +#else + err = MP_VAL; + goto __M; +#endif } } else if (redmode == 1) { +#if defined(BN_MP_DR_SETUP_C) && defined(BN_MP_DR_REDUCE_C) /* setup DR reduction for moduli of the form B**k - b */ mp_dr_setup(P, &mp); redux = mp_dr_reduce; +#else + err = MP_VAL; + goto __M; +#endif } else { +#if defined(BN_MP_REDUCE_2K_SETUP_C) && defined(BN_MP_REDUCE_2K_C) /* setup DR reduction for moduli of the form 2**k - b */ if ((err = mp_reduce_2k_setup(P, &mp)) != MP_OKAY) { goto __M; } redux = mp_reduce_2k; +#else + err = MP_VAL; + goto __M; +#endif } /* setup result */ @@ -2709,16 +2640,21 @@ mp_exptmod_fast (mp_int * G, mp_int * X, mp_int * P, mp_int * Y, int redmode) /* create M table * - * The M table contains powers of the input base, e.g. M[x] = G^x mod P + * * The first half of the table is not computed though accept for M[0] and M[1] */ if (redmode == 0) { +#ifdef BN_MP_MONTGOMERY_CALC_NORMALIZATION_C /* now we need R mod m */ if ((err = mp_montgomery_calc_normalization (&res, P)) != MP_OKAY) { goto __RES; } +#else + err = MP_VAL; + goto __RES; +#endif /* now set M[1] to G * R mod m */ if ((err = mp_mulmod (G, &res, P, &M[1])) != MP_OKAY) { @@ -2862,7 +2798,7 @@ mp_exptmod_fast (mp_int * G, mp_int * X, mp_int * P, mp_int * Y, int redmode) * to reduce one more time to cancel out the factor * of R. */ - if ((err = mp_montgomery_reduce (&res, P, mp)) != MP_OKAY) { + if ((err = redux(&res, P, mp)) != MP_OKAY) { goto __RES; } } @@ -2878,10 +2814,14 @@ __M: } return err; } +#endif + /* End: bn_mp_exptmod_fast.c */ /* Start: bn_mp_exteuclid.c */ +#include +#ifdef BN_MP_EXTEUCLID_C /* LibTomMath, multiple-precision integer library -- Tom St Denis * * LibTomMath is a library that provides multiple-precision @@ -2896,7 +2836,6 @@ __M: * * Tom St Denis, tomstdenis@iahu.ca, http://math.libtomcrypt.org */ -#include /* Extended euclidean algorithm of (a, b) produces a*u1 + b*u2 = u3 @@ -2951,10 +2890,13 @@ int mp_exteuclid(mp_int *a, mp_int *b, mp_int *U1, mp_int *U2, mp_int *U3) _ERR: mp_clear_multi(&u1, &u2, &u3, &v1, &v2, &v3, &t1, &t2, &t3, &q, &tmp, NULL); return err; } +#endif /* End: bn_mp_exteuclid.c */ /* Start: bn_mp_fread.c */ +#include +#ifdef BN_MP_FREAD_C /* LibTomMath, multiple-precision integer library -- Tom St Denis * * LibTomMath is a library that provides multiple-precision @@ -2969,7 +2911,6 @@ _ERR: mp_clear_multi(&u1, &u2, &u3, &v1, &v2, &v3, &t1, &t2, &t3, &q, &tmp, NULL * * Tom St Denis, tomstdenis@iahu.ca, http://math.libtomcrypt.org */ -#include /* read a bigint from a file stream in ASCII */ int mp_fread(mp_int *a, int radix, FILE *stream) @@ -3016,10 +2957,13 @@ int mp_fread(mp_int *a, int radix, FILE *stream) return MP_OKAY; } +#endif /* End: bn_mp_fread.c */ /* Start: bn_mp_fwrite.c */ +#include +#ifdef BN_MP_FWRITE_C /* LibTomMath, multiple-precision integer library -- Tom St Denis * * LibTomMath is a library that provides multiple-precision @@ -3034,7 +2978,6 @@ int mp_fread(mp_int *a, int radix, FILE *stream) * * Tom St Denis, tomstdenis@iahu.ca, http://math.libtomcrypt.org */ -#include int mp_fwrite(mp_int *a, int radix, FILE *stream) { @@ -3066,10 +3009,13 @@ int mp_fwrite(mp_int *a, int radix, FILE *stream) return MP_OKAY; } +#endif /* End: bn_mp_fwrite.c */ /* Start: bn_mp_gcd.c */ +#include +#ifdef BN_MP_GCD_C /* LibTomMath, multiple-precision integer library -- Tom St Denis * * LibTomMath is a library that provides multiple-precision @@ -3084,7 +3030,6 @@ int mp_fwrite(mp_int *a, int radix, FILE *stream) * * Tom St Denis, tomstdenis@iahu.ca, http://math.libtomcrypt.org */ -#include /* Greatest Common Divisor using the binary method */ int mp_gcd (mp_int * a, mp_int * b, mp_int * c) @@ -3177,10 +3122,13 @@ __V:mp_clear (&u); __U:mp_clear (&v); return res; } +#endif /* End: bn_mp_gcd.c */ /* Start: bn_mp_get_int.c */ +#include +#ifdef BN_MP_GET_INT_C /* LibTomMath, multiple-precision integer library -- Tom St Denis * * LibTomMath is a library that provides multiple-precision @@ -3195,7 +3143,6 @@ __U:mp_clear (&v); * * Tom St Denis, tomstdenis@iahu.ca, http://math.libtomcrypt.org */ -#include /* get the lower 32-bits of an mp_int */ unsigned long mp_get_int(mp_int * a) @@ -3220,10 +3167,13 @@ unsigned long mp_get_int(mp_int * a) /* force result to 32-bits always so it is consistent on non 32-bit platforms */ return res & 0xFFFFFFFFUL; } +#endif /* End: bn_mp_get_int.c */ /* Start: bn_mp_grow.c */ +#include +#ifdef BN_MP_GROW_C /* LibTomMath, multiple-precision integer library -- Tom St Denis * * LibTomMath is a library that provides multiple-precision @@ -3238,7 +3188,6 @@ unsigned long mp_get_int(mp_int * a) * * Tom St Denis, tomstdenis@iahu.ca, http://math.libtomcrypt.org */ -#include /* grow as required */ int mp_grow (mp_int * a, int size) @@ -3275,10 +3224,13 @@ int mp_grow (mp_int * a, int size) } return MP_OKAY; } +#endif /* End: bn_mp_grow.c */ /* Start: bn_mp_init.c */ +#include +#ifdef BN_MP_INIT_C /* LibTomMath, multiple-precision integer library -- Tom St Denis * * LibTomMath is a library that provides multiple-precision @@ -3293,7 +3245,6 @@ int mp_grow (mp_int * a, int size) * * Tom St Denis, tomstdenis@iahu.ca, http://math.libtomcrypt.org */ -#include /* init a new mp_int */ int mp_init (mp_int * a) @@ -3319,10 +3270,13 @@ int mp_init (mp_int * a) return MP_OKAY; } +#endif /* End: bn_mp_init.c */ /* Start: bn_mp_init_copy.c */ +#include +#ifdef BN_MP_INIT_COPY_C /* LibTomMath, multiple-precision integer library -- Tom St Denis * * LibTomMath is a library that provides multiple-precision @@ -3337,7 +3291,6 @@ int mp_init (mp_int * a) * * Tom St Denis, tomstdenis@iahu.ca, http://math.libtomcrypt.org */ -#include /* creates "a" then copies b into it */ int mp_init_copy (mp_int * a, mp_int * b) @@ -3349,10 +3302,13 @@ int mp_init_copy (mp_int * a, mp_int * b) } return mp_copy (b, a); } +#endif /* End: bn_mp_init_copy.c */ /* Start: bn_mp_init_multi.c */ +#include +#ifdef BN_MP_INIT_MULTI_C /* LibTomMath, multiple-precision integer library -- Tom St Denis * * LibTomMath is a library that provides multiple-precision @@ -3367,7 +3323,6 @@ int mp_init_copy (mp_int * a, mp_int * b) * * Tom St Denis, tomstdenis@iahu.ca, http://math.libtomcrypt.org */ -#include #include int mp_init_multi(mp_int *mp, ...) @@ -3406,10 +3361,13 @@ int mp_init_multi(mp_int *mp, ...) return res; /* Assumed ok, if error flagged above. */ } +#endif /* End: bn_mp_init_multi.c */ /* Start: bn_mp_init_set.c */ +#include +#ifdef BN_MP_INIT_SET_C /* LibTomMath, multiple-precision integer library -- Tom St Denis * * LibTomMath is a library that provides multiple-precision @@ -3424,7 +3382,6 @@ int mp_init_multi(mp_int *mp, ...) * * Tom St Denis, tomstdenis@iahu.ca, http://math.libtomcrypt.org */ -#include /* initialize and set a digit */ int mp_init_set (mp_int * a, mp_digit b) @@ -3436,10 +3393,13 @@ int mp_init_set (mp_int * a, mp_digit b) mp_set(a, b); return err; } +#endif /* End: bn_mp_init_set.c */ /* Start: bn_mp_init_set_int.c */ +#include +#ifdef BN_MP_INIT_SET_INT_C /* LibTomMath, multiple-precision integer library -- Tom St Denis * * LibTomMath is a library that provides multiple-precision @@ -3454,7 +3414,6 @@ int mp_init_set (mp_int * a, mp_digit b) * * Tom St Denis, tomstdenis@iahu.ca, http://math.libtomcrypt.org */ -#include /* initialize and set a digit */ int mp_init_set_int (mp_int * a, unsigned long b) @@ -3465,10 +3424,13 @@ int mp_init_set_int (mp_int * a, unsigned long b) } return mp_set_int(a, b); } +#endif /* End: bn_mp_init_set_int.c */ /* Start: bn_mp_init_size.c */ +#include +#ifdef BN_MP_INIT_SIZE_C /* LibTomMath, multiple-precision integer library -- Tom St Denis * * LibTomMath is a library that provides multiple-precision @@ -3483,29 +3445,40 @@ int mp_init_set_int (mp_int * a, unsigned long b) * * Tom St Denis, tomstdenis@iahu.ca, http://math.libtomcrypt.org */ -#include /* init an mp_init for a given size */ int mp_init_size (mp_int * a, int size) { + int x; + /* pad size so there are always extra digits */ size += (MP_PREC * 2) - (size % MP_PREC); /* alloc mem */ - a->dp = OPT_CAST(mp_digit) XCALLOC (sizeof (mp_digit), size); + a->dp = OPT_CAST(mp_digit) XMALLOC (sizeof (mp_digit) * size); if (a->dp == NULL) { return MP_MEM; } + + /* set the members */ a->used = 0; a->alloc = size; a->sign = MP_ZPOS; + /* zero the digits */ + for (x = 0; x < size; x++) { + a->dp[x] = 0; + } + return MP_OKAY; } +#endif /* End: bn_mp_init_size.c */ /* Start: bn_mp_invmod.c */ +#include +#ifdef BN_MP_INVMOD_C /* LibTomMath, multiple-precision integer library -- Tom St Denis * * LibTomMath is a library that provides multiple-precision @@ -3520,10 +3493,52 @@ int mp_init_size (mp_int * a, int size) * * Tom St Denis, tomstdenis@iahu.ca, http://math.libtomcrypt.org */ -#include /* hac 14.61, pp608 */ int mp_invmod (mp_int * a, mp_int * b, mp_int * c) +{ + /* b cannot be negative */ + if (b->sign == MP_NEG || mp_iszero(b) == 1) { + return MP_VAL; + } + +#ifdef BN_FAST_MP_INVMOD_C + /* if the modulus is odd we can use a faster routine instead */ + if (mp_isodd (b) == 1) { + return fast_mp_invmod (a, b, c); + } +#endif + +#ifdef BN_MP_INVMOD_SLOW_C + return mp_invmod_slow(a, b, c); +#endif + + return MP_VAL; +} +#endif + +/* End: bn_mp_invmod.c */ + +/* Start: bn_mp_invmod_slow.c */ +#include +#ifdef BN_MP_INVMOD_SLOW_C +/* LibTomMath, multiple-precision integer library -- Tom St Denis + * + * LibTomMath is a library that provides multiple-precision + * integer arithmetic as well as number theoretic functionality. + * + * The library was designed directly after the MPI library by + * Michael Fromberger but has been written from scratch with + * additional optimizations in place. + * + * The library is free for all purposes without any express + * guarantee it works. + * + * Tom St Denis, tomstdenis@iahu.ca, http://math.libtomcrypt.org + */ + +/* hac 14.61, pp608 */ +int mp_invmod_slow (mp_int * a, mp_int * b, mp_int * c) { mp_int x, y, u, v, A, B, C, D; int res; @@ -3533,11 +3548,6 @@ int mp_invmod (mp_int * a, mp_int * b, mp_int * c) return MP_VAL; } - /* if the modulus is odd we can use a faster routine instead */ - if (mp_isodd (b) == 1) { - return fast_mp_invmod (a, b, c); - } - /* init temps */ if ((res = mp_init_multi(&x, &y, &u, &v, &A, &B, &C, &D, NULL)) != MP_OKAY) { @@ -3680,10 +3690,13 @@ top: __ERR:mp_clear_multi (&x, &y, &u, &v, &A, &B, &C, &D, NULL); return res; } +#endif -/* End: bn_mp_invmod.c */ +/* End: bn_mp_invmod_slow.c */ /* Start: bn_mp_is_square.c */ +#include +#ifdef BN_MP_IS_SQUARE_C /* LibTomMath, multiple-precision integer library -- Tom St Denis * * LibTomMath is a library that provides multiple-precision @@ -3698,7 +3711,6 @@ __ERR:mp_clear_multi (&x, &y, &u, &v, &A, &B, &C, &D, NULL); * * Tom St Denis, tomstdenis@iahu.ca, http://math.libtomcrypt.org */ -#include /* Check if remainders are possible squares - fast exclude non-squares */ static const char rem_128[128] = { @@ -3755,7 +3767,7 @@ int mp_is_square(mp_int *arg,int *ret) return MP_OKAY; } - /* product of primes less than 2^31 */ + if ((res = mp_init_set_int(&t,11L*13L*17L*19L*23L*29L*31L)) != MP_OKAY) { return res; } @@ -3787,10 +3799,13 @@ int mp_is_square(mp_int *arg,int *ret) ERR:mp_clear(&t); return res; } +#endif /* End: bn_mp_is_square.c */ /* Start: bn_mp_jacobi.c */ +#include +#ifdef BN_MP_JACOBI_C /* LibTomMath, multiple-precision integer library -- Tom St Denis * * LibTomMath is a library that provides multiple-precision @@ -3805,7 +3820,6 @@ ERR:mp_clear(&t); * * Tom St Denis, tomstdenis@iahu.ca, http://math.libtomcrypt.org */ -#include /* computes the jacobi c = (a | n) (or Legendre if n is prime) * HAC pp. 73 Algorithm 2.149 @@ -3890,10 +3904,13 @@ __P1:mp_clear (&p1); __A1:mp_clear (&a1); return res; } +#endif /* End: bn_mp_jacobi.c */ /* Start: bn_mp_karatsuba_mul.c */ +#include +#ifdef BN_MP_KARATSUBA_MUL_C /* LibTomMath, multiple-precision integer library -- Tom St Denis * * LibTomMath is a library that provides multiple-precision @@ -3908,7 +3925,6 @@ __A1:mp_clear (&a1); * * Tom St Denis, tomstdenis@iahu.ca, http://math.libtomcrypt.org */ -#include /* c = |a| * |b| using Karatsuba Multiplication using * three half size multiplications @@ -3972,9 +3988,6 @@ int mp_karatsuba_mul (mp_int * a, mp_int * b, mp_int * c) goto X0Y0; /* now shift the digits */ - x0.sign = x1.sign = a->sign; - y0.sign = y1.sign = b->sign; - x0.used = y0.used = B; x1.used = a->used - B; y1.used = b->used - B; @@ -4058,10 +4071,13 @@ X0:mp_clear (&x0); ERR: return err; } +#endif /* End: bn_mp_karatsuba_mul.c */ /* Start: bn_mp_karatsuba_sqr.c */ +#include +#ifdef BN_MP_KARATSUBA_SQR_C /* LibTomMath, multiple-precision integer library -- Tom St Denis * * LibTomMath is a library that provides multiple-precision @@ -4076,12 +4092,11 @@ ERR: * * Tom St Denis, tomstdenis@iahu.ca, http://math.libtomcrypt.org */ -#include /* Karatsuba squaring, computes b = a*a using three * half size squarings * - * See comments of mp_karatsuba_mul for details. It + * See comments of karatsuba_mul for details. It * is essentially the same algorithm but merely * tuned to perform recursive squarings. */ @@ -4177,10 +4192,13 @@ X0:mp_clear (&x0); ERR: return err; } +#endif /* End: bn_mp_karatsuba_sqr.c */ /* Start: bn_mp_lcm.c */ +#include +#ifdef BN_MP_LCM_C /* LibTomMath, multiple-precision integer library -- Tom St Denis * * LibTomMath is a library that provides multiple-precision @@ -4195,7 +4213,6 @@ ERR: * * Tom St Denis, tomstdenis@iahu.ca, http://math.libtomcrypt.org */ -#include /* computes least common multiple as |a*b|/(a, b) */ int mp_lcm (mp_int * a, mp_int * b, mp_int * c) @@ -4235,10 +4252,13 @@ __T: mp_clear_multi (&t1, &t2, NULL); return res; } +#endif /* End: bn_mp_lcm.c */ /* Start: bn_mp_lshd.c */ +#include +#ifdef BN_MP_LSHD_C /* LibTomMath, multiple-precision integer library -- Tom St Denis * * LibTomMath is a library that provides multiple-precision @@ -4253,7 +4273,6 @@ __T: * * Tom St Denis, tomstdenis@iahu.ca, http://math.libtomcrypt.org */ -#include /* shift left a certain amount of digits */ int mp_lshd (mp_int * a, int b) @@ -4300,10 +4319,13 @@ int mp_lshd (mp_int * a, int b) } return MP_OKAY; } +#endif /* End: bn_mp_lshd.c */ /* Start: bn_mp_mod.c */ +#include +#ifdef BN_MP_MOD_C /* LibTomMath, multiple-precision integer library -- Tom St Denis * * LibTomMath is a library that provides multiple-precision @@ -4318,7 +4340,6 @@ int mp_lshd (mp_int * a, int b) * * Tom St Denis, tomstdenis@iahu.ca, http://math.libtomcrypt.org */ -#include /* c = a mod b, 0 <= c < b */ int @@ -4346,10 +4367,13 @@ mp_mod (mp_int * a, mp_int * b, mp_int * c) mp_clear (&t); return res; } +#endif /* End: bn_mp_mod.c */ /* Start: bn_mp_mod_2d.c */ +#include +#ifdef BN_MP_MOD_2D_C /* LibTomMath, multiple-precision integer library -- Tom St Denis * * LibTomMath is a library that provides multiple-precision @@ -4364,7 +4388,6 @@ mp_mod (mp_int * a, mp_int * b, mp_int * c) * * Tom St Denis, tomstdenis@iahu.ca, http://math.libtomcrypt.org */ -#include /* calc a value mod 2**b */ int @@ -4399,10 +4422,13 @@ mp_mod_2d (mp_int * a, int b, mp_int * c) mp_clamp (c); return MP_OKAY; } +#endif /* End: bn_mp_mod_2d.c */ /* Start: bn_mp_mod_d.c */ +#include +#ifdef BN_MP_MOD_D_C /* LibTomMath, multiple-precision integer library -- Tom St Denis * * LibTomMath is a library that provides multiple-precision @@ -4417,17 +4443,19 @@ mp_mod_2d (mp_int * a, int b, mp_int * c) * * Tom St Denis, tomstdenis@iahu.ca, http://math.libtomcrypt.org */ -#include int mp_mod_d (mp_int * a, mp_digit b, mp_digit * c) { return mp_div_d(a, b, NULL, c); } +#endif /* End: bn_mp_mod_d.c */ /* Start: bn_mp_montgomery_calc_normalization.c */ +#include +#ifdef BN_MP_MONTGOMERY_CALC_NORMALIZATION_C /* LibTomMath, multiple-precision integer library -- Tom St Denis * * LibTomMath is a library that provides multiple-precision @@ -4442,31 +4470,31 @@ mp_mod_d (mp_int * a, mp_digit b, mp_digit * c) * * Tom St Denis, tomstdenis@iahu.ca, http://math.libtomcrypt.org */ -#include -/* calculates a = B^n mod b for Montgomery reduction - * Where B is the base [e.g. 2^DIGIT_BIT]. - * B^n mod b is computed by first computing - * A = B^(n-1) which doesn't require a reduction but a simple OR. - * then C = A * B = B^n is computed by performing upto DIGIT_BIT +/* * shifts with subtractions when the result is greater than b. * * The method is slightly modified to shift B unconditionally upto just under * the leading bit of b. This saves alot of multiple precision shifting. */ -int -mp_montgomery_calc_normalization (mp_int * a, mp_int * b) +int mp_montgomery_calc_normalization (mp_int * a, mp_int * b) { int x, bits, res; /* how many bits of last digit does b use */ bits = mp_count_bits (b) % DIGIT_BIT; - /* compute A = B^(n-1) * 2^(bits-1) */ - if ((res = mp_2expt (a, (b->used - 1) * DIGIT_BIT + bits - 1)) != MP_OKAY) { - return res; + + if (b->used > 1) { + if ((res = mp_2expt (a, (b->used - 1) * DIGIT_BIT + bits - 1)) != MP_OKAY) { + return res; + } + } else { + mp_set(a, 1); + bits = 1; } + /* now compute C = A * B mod b */ for (x = bits - 1; x < (int)DIGIT_BIT; x++) { if ((res = mp_mul_2 (a, a)) != MP_OKAY) { @@ -4481,10 +4509,13 @@ mp_montgomery_calc_normalization (mp_int * a, mp_int * b) return MP_OKAY; } +#endif /* End: bn_mp_montgomery_calc_normalization.c */ /* Start: bn_mp_montgomery_reduce.c */ +#include +#ifdef BN_MP_MONTGOMERY_REDUCE_C /* LibTomMath, multiple-precision integer library -- Tom St Denis * * LibTomMath is a library that provides multiple-precision @@ -4499,7 +4530,6 @@ mp_montgomery_calc_normalization (mp_int * a, mp_int * b) * * Tom St Denis, tomstdenis@iahu.ca, http://math.libtomcrypt.org */ -#include /* computes xR**-1 == x (mod N) via Montgomery Reduction */ int @@ -4510,7 +4540,7 @@ mp_montgomery_reduce (mp_int * x, mp_int * n, mp_digit rho) /* can the fast reduction [comba] method be used? * - * Note that unlike in mp_mul you're safely allowed *less* + * Note that unlike in mul you're safely allowed *less* * than the available columns [255 per default] since carries * are fixed up in the inner loop. */ @@ -4533,7 +4563,7 @@ mp_montgomery_reduce (mp_int * x, mp_int * n, mp_digit rho) /* mu = ai * rho mod b * * The value of rho must be precalculated via - * bn_mp_montgomery_setup() such that + * montgomery_setup() such that * it equals -1/n0 mod b this allows the * following inner loop to reduce the * input one digit at a time @@ -4597,10 +4627,13 @@ mp_montgomery_reduce (mp_int * x, mp_int * n, mp_digit rho) return MP_OKAY; } +#endif /* End: bn_mp_montgomery_reduce.c */ /* Start: bn_mp_montgomery_setup.c */ +#include +#ifdef BN_MP_MONTGOMERY_SETUP_C /* LibTomMath, multiple-precision integer library -- Tom St Denis * * LibTomMath is a library that provides multiple-precision @@ -4615,7 +4648,6 @@ mp_montgomery_reduce (mp_int * x, mp_int * n, mp_digit rho) * * Tom St Denis, tomstdenis@iahu.ca, http://math.libtomcrypt.org */ -#include /* setups the montgomery reduction stuff */ int @@ -4650,14 +4682,17 @@ mp_montgomery_setup (mp_int * n, mp_digit * rho) #endif /* rho = -1/m mod b */ - *rho = (((mp_digit) 1 << ((mp_digit) DIGIT_BIT)) - x) & MP_MASK; + *rho = (((mp_word)1 << ((mp_word) DIGIT_BIT)) - x) & MP_MASK; return MP_OKAY; } +#endif /* End: bn_mp_montgomery_setup.c */ /* Start: bn_mp_mul.c */ +#include +#ifdef BN_MP_MUL_C /* LibTomMath, multiple-precision integer library -- Tom St Denis * * LibTomMath is a library that provides multiple-precision @@ -4672,7 +4707,6 @@ mp_montgomery_setup (mp_int * n, mp_digit * rho) * * Tom St Denis, tomstdenis@iahu.ca, http://math.libtomcrypt.org */ -#include /* high level multiplication (handles sign) */ int mp_mul (mp_int * a, mp_int * b, mp_int * c) @@ -4681,12 +4715,18 @@ int mp_mul (mp_int * a, mp_int * b, mp_int * c) neg = (a->sign == b->sign) ? MP_ZPOS : MP_NEG; /* use Toom-Cook? */ +#ifdef BN_MP_TOOM_MUL_C if (MIN (a->used, b->used) >= TOOM_MUL_CUTOFF) { res = mp_toom_mul(a, b, c); + } else +#endif +#ifdef BN_MP_KARATSUBA_MUL_C /* use Karatsuba? */ - } else if (MIN (a->used, b->used) >= KARATSUBA_MUL_CUTOFF) { + if (MIN (a->used, b->used) >= KARATSUBA_MUL_CUTOFF) { res = mp_karatsuba_mul (a, b, c); - } else { + } else +#endif + { /* can we use the fast multiplier? * * The fast multiplier can be used if the output will @@ -4695,21 +4735,30 @@ int mp_mul (mp_int * a, mp_int * b, mp_int * c) */ int digs = a->used + b->used + 1; +#ifdef BN_FAST_S_MP_MUL_DIGS_C if ((digs < MP_WARRAY) && MIN(a->used, b->used) <= (1 << ((CHAR_BIT * sizeof (mp_word)) - (2 * DIGIT_BIT)))) { res = fast_s_mp_mul_digs (a, b, c, digs); - } else { - res = s_mp_mul (a, b, c); - } + } else +#endif +#ifdef BN_S_MP_MUL_DIGS_C + res = s_mp_mul (a, b, c); /* uses s_mp_mul_digs */ +#else + res = MP_VAL; +#endif + } - c->sign = (c->used == 0) ? MP_ZPOS : neg; + c->sign = (c->used > 0) ? neg : MP_ZPOS; return res; } +#endif /* End: bn_mp_mul.c */ /* Start: bn_mp_mul_2.c */ +#include +#ifdef BN_MP_MUL_2_C /* LibTomMath, multiple-precision integer library -- Tom St Denis * * LibTomMath is a library that provides multiple-precision @@ -4724,7 +4773,6 @@ int mp_mul (mp_int * a, mp_int * b, mp_int * c) * * Tom St Denis, tomstdenis@iahu.ca, http://math.libtomcrypt.org */ -#include /* b = a*2 */ int mp_mul_2(mp_int * a, mp_int * b) @@ -4786,10 +4834,13 @@ int mp_mul_2(mp_int * a, mp_int * b) b->sign = a->sign; return MP_OKAY; } +#endif /* End: bn_mp_mul_2.c */ /* Start: bn_mp_mul_2d.c */ +#include +#ifdef BN_MP_MUL_2D_C /* LibTomMath, multiple-precision integer library -- Tom St Denis * * LibTomMath is a library that provides multiple-precision @@ -4804,7 +4855,6 @@ int mp_mul_2(mp_int * a, mp_int * b) * * Tom St Denis, tomstdenis@iahu.ca, http://math.libtomcrypt.org */ -#include /* shift left by a certain bit count */ int mp_mul_2d (mp_int * a, int b, mp_int * c) @@ -4869,10 +4919,13 @@ int mp_mul_2d (mp_int * a, int b, mp_int * c) mp_clamp (c); return MP_OKAY; } +#endif /* End: bn_mp_mul_2d.c */ /* Start: bn_mp_mul_d.c */ +#include +#ifdef BN_MP_MUL_D_C /* LibTomMath, multiple-precision integer library -- Tom St Denis * * LibTomMath is a library that provides multiple-precision @@ -4887,7 +4940,6 @@ int mp_mul_2d (mp_int * a, int b, mp_int * c) * * Tom St Denis, tomstdenis@iahu.ca, http://math.libtomcrypt.org */ -#include /* multiply by a digit */ int @@ -4945,10 +4997,13 @@ mp_mul_d (mp_int * a, mp_digit b, mp_int * c) return MP_OKAY; } +#endif /* End: bn_mp_mul_d.c */ /* Start: bn_mp_mulmod.c */ +#include +#ifdef BN_MP_MULMOD_C /* LibTomMath, multiple-precision integer library -- Tom St Denis * * LibTomMath is a library that provides multiple-precision @@ -4963,7 +5018,6 @@ mp_mul_d (mp_int * a, mp_digit b, mp_int * c) * * Tom St Denis, tomstdenis@iahu.ca, http://math.libtomcrypt.org */ -#include /* d = a * b (mod c) */ int @@ -4984,10 +5038,13 @@ mp_mulmod (mp_int * a, mp_int * b, mp_int * c, mp_int * d) mp_clear (&t); return res; } +#endif /* End: bn_mp_mulmod.c */ /* Start: bn_mp_n_root.c */ +#include +#ifdef BN_MP_N_ROOT_C /* LibTomMath, multiple-precision integer library -- Tom St Denis * * LibTomMath is a library that provides multiple-precision @@ -5002,7 +5059,6 @@ mp_mulmod (mp_int * a, mp_int * b, mp_int * c, mp_int * d) * * Tom St Denis, tomstdenis@iahu.ca, http://math.libtomcrypt.org */ -#include /* find the n'th root of an integer * @@ -5114,10 +5170,13 @@ __T2:mp_clear (&t2); __T1:mp_clear (&t1); return res; } +#endif /* End: bn_mp_n_root.c */ /* Start: bn_mp_neg.c */ +#include +#ifdef BN_MP_NEG_C /* LibTomMath, multiple-precision integer library -- Tom St Denis * * LibTomMath is a library that provides multiple-precision @@ -5132,7 +5191,6 @@ __T1:mp_clear (&t1); * * Tom St Denis, tomstdenis@iahu.ca, http://math.libtomcrypt.org */ -#include /* b = -a */ int mp_neg (mp_int * a, mp_int * b) @@ -5146,10 +5204,13 @@ int mp_neg (mp_int * a, mp_int * b) } return MP_OKAY; } +#endif /* End: bn_mp_neg.c */ /* Start: bn_mp_or.c */ +#include +#ifdef BN_MP_OR_C /* LibTomMath, multiple-precision integer library -- Tom St Denis * * LibTomMath is a library that provides multiple-precision @@ -5164,7 +5225,6 @@ int mp_neg (mp_int * a, mp_int * b) * * Tom St Denis, tomstdenis@iahu.ca, http://math.libtomcrypt.org */ -#include /* OR two ints together */ int mp_or (mp_int * a, mp_int * b, mp_int * c) @@ -5194,10 +5254,13 @@ int mp_or (mp_int * a, mp_int * b, mp_int * c) mp_clear (&t); return MP_OKAY; } +#endif /* End: bn_mp_or.c */ /* Start: bn_mp_prime_fermat.c */ +#include +#ifdef BN_MP_PRIME_FERMAT_C /* LibTomMath, multiple-precision integer library -- Tom St Denis * * LibTomMath is a library that provides multiple-precision @@ -5212,7 +5275,6 @@ int mp_or (mp_int * a, mp_int * b, mp_int * c) * * Tom St Denis, tomstdenis@iahu.ca, http://math.libtomcrypt.org */ -#include /* performs one Fermat test. * @@ -5254,10 +5316,13 @@ int mp_prime_fermat (mp_int * a, mp_int * b, int *result) __T:mp_clear (&t); return err; } +#endif /* End: bn_mp_prime_fermat.c */ /* Start: bn_mp_prime_is_divisible.c */ +#include +#ifdef BN_MP_PRIME_IS_DIVISIBLE_C /* LibTomMath, multiple-precision integer library -- Tom St Denis * * LibTomMath is a library that provides multiple-precision @@ -5272,7 +5337,6 @@ __T:mp_clear (&t); * * Tom St Denis, tomstdenis@iahu.ca, http://math.libtomcrypt.org */ -#include /* determines if an integers is divisible by one * of the first PRIME_SIZE primes or not @@ -5302,10 +5366,13 @@ int mp_prime_is_divisible (mp_int * a, int *result) return MP_OKAY; } +#endif /* End: bn_mp_prime_is_divisible.c */ /* Start: bn_mp_prime_is_prime.c */ +#include +#ifdef BN_MP_PRIME_IS_PRIME_C /* LibTomMath, multiple-precision integer library -- Tom St Denis * * LibTomMath is a library that provides multiple-precision @@ -5320,12 +5387,11 @@ int mp_prime_is_divisible (mp_int * a, int *result) * * Tom St Denis, tomstdenis@iahu.ca, http://math.libtomcrypt.org */ -#include /* performs a variable number of rounds of Miller-Rabin * * Probability of error after t rounds is no more than - * (1/4)^t when 1 <= t <= PRIME_SIZE + * * Sets result to 1 if probably prime, 0 otherwise */ @@ -5383,10 +5449,13 @@ int mp_prime_is_prime (mp_int * a, int t, int *result) __B:mp_clear (&b); return err; } +#endif /* End: bn_mp_prime_is_prime.c */ /* Start: bn_mp_prime_miller_rabin.c */ +#include +#ifdef BN_MP_PRIME_MILLER_RABIN_C /* LibTomMath, multiple-precision integer library -- Tom St Denis * * LibTomMath is a library that provides multiple-precision @@ -5401,7 +5470,6 @@ __B:mp_clear (&b); * * Tom St Denis, tomstdenis@iahu.ca, http://math.libtomcrypt.org */ -#include /* Miller-Rabin test of "a" to the base of "b" as described in * HAC pp. 139 Algorithm 4.24 @@ -5484,10 +5552,13 @@ __R:mp_clear (&r); __N1:mp_clear (&n1); return err; } +#endif /* End: bn_mp_prime_miller_rabin.c */ /* Start: bn_mp_prime_next_prime.c */ +#include +#ifdef BN_MP_PRIME_NEXT_PRIME_C /* LibTomMath, multiple-precision integer library -- Tom St Denis * * LibTomMath is a library that provides multiple-precision @@ -5502,7 +5573,6 @@ __N1:mp_clear (&n1); * * Tom St Denis, tomstdenis@iahu.ca, http://math.libtomcrypt.org */ -#include /* finds the next prime after the number "a" using "t" trials * of Miller-Rabin. @@ -5652,10 +5722,13 @@ __ERR: return err; } +#endif /* End: bn_mp_prime_next_prime.c */ -/* Start: bn_mp_prime_random_ex.c */ +/* Start: bn_mp_prime_rabin_miller_trials.c */ +#include +#ifdef BN_MP_PRIME_RABIN_MILLER_TRIALS_C /* LibTomMath, multiple-precision integer library -- Tom St Denis * * LibTomMath is a library that provides multiple-precision @@ -5670,7 +5743,58 @@ __ERR: * * Tom St Denis, tomstdenis@iahu.ca, http://math.libtomcrypt.org */ + + +static const struct { + int k, t; +} sizes[] = { +{ 128, 28 }, +{ 256, 16 }, +{ 384, 10 }, +{ 512, 7 }, +{ 640, 6 }, +{ 768, 5 }, +{ 896, 4 }, +{ 1024, 4 } +}; + +/* returns # of RM trials required for a given bit size */ +int mp_prime_rabin_miller_trials(int size) +{ + int x; + + for (x = 0; x < (int)(sizeof(sizes)/(sizeof(sizes[0]))); x++) { + if (sizes[x].k == size) { + return sizes[x].t; + } else if (sizes[x].k > size) { + return (x == 0) ? sizes[0].t : sizes[x - 1].t; + } + } + return sizes[x-1].t + 1; +} + + +#endif + +/* End: bn_mp_prime_rabin_miller_trials.c */ + +/* Start: bn_mp_prime_random_ex.c */ #include +#ifdef BN_MP_PRIME_RANDOM_EX_C +/* LibTomMath, multiple-precision integer library -- Tom St Denis + * + * LibTomMath is a library that provides multiple-precision + * integer arithmetic as well as number theoretic functionality. + * + * The library was designed directly after the MPI library by + * Michael Fromberger but has been written from scratch with + * additional optimizations in place. + * + * The library is free for all purposes without any express + * guarantee it works. + * + * Tom St Denis, tomstdenis@iahu.ca, http://math.libtomcrypt.org + */ /* makes a truly random prime of a given size (bits), * @@ -5750,6 +5874,9 @@ int mp_prime_random_ex(mp_int *a, int t, int size, int flags, ltm_prime_callback /* is it prime? */ if ((err = mp_prime_is_prime(a, t, &res)) != MP_OKAY) { goto error; } + if (res == MP_NO) { + continue; + } if (flags & LTM_PRIME_SAFE) { /* see if (a-1)/2 is prime */ @@ -5774,10 +5901,13 @@ error: } +#endif /* End: bn_mp_prime_random_ex.c */ /* Start: bn_mp_radix_size.c */ +#include +#ifdef BN_MP_RADIX_SIZE_C /* LibTomMath, multiple-precision integer library -- Tom St Denis * * LibTomMath is a library that provides multiple-precision @@ -5792,7 +5922,6 @@ error: * * Tom St Denis, tomstdenis@iahu.ca, http://math.libtomcrypt.org */ -#include /* returns size of ASCII reprensentation */ int mp_radix_size (mp_int * a, int radix, int *size) @@ -5843,10 +5972,13 @@ int mp_radix_size (mp_int * a, int radix, int *size) return MP_OKAY; } +#endif /* End: bn_mp_radix_size.c */ /* Start: bn_mp_radix_smap.c */ +#include +#ifdef BN_MP_RADIX_SMAP_C /* LibTomMath, multiple-precision integer library -- Tom St Denis * * LibTomMath is a library that provides multiple-precision @@ -5861,14 +5993,16 @@ int mp_radix_size (mp_int * a, int radix, int *size) * * Tom St Denis, tomstdenis@iahu.ca, http://math.libtomcrypt.org */ -#include /* chars used in radix conversions */ const char *mp_s_rmap = "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz+/"; +#endif /* End: bn_mp_radix_smap.c */ /* Start: bn_mp_rand.c */ +#include +#ifdef BN_MP_RAND_C /* LibTomMath, multiple-precision integer library -- Tom St Denis * * LibTomMath is a library that provides multiple-precision @@ -5883,7 +6017,6 @@ const char *mp_s_rmap = "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrs * * Tom St Denis, tomstdenis@iahu.ca, http://math.libtomcrypt.org */ -#include /* makes a pseudo-random int of a given size */ int @@ -5918,10 +6051,13 @@ mp_rand (mp_int * a, int digits) return MP_OKAY; } +#endif /* End: bn_mp_rand.c */ /* Start: bn_mp_read_radix.c */ +#include +#ifdef BN_MP_READ_RADIX_C /* LibTomMath, multiple-precision integer library -- Tom St Denis * * LibTomMath is a library that provides multiple-precision @@ -5936,7 +6072,6 @@ mp_rand (mp_int * a, int digits) * * Tom St Denis, tomstdenis@iahu.ca, http://math.libtomcrypt.org */ -#include /* read a string [ASCII] in a given radix */ int mp_read_radix (mp_int * a, char *str, int radix) @@ -5998,10 +6133,13 @@ int mp_read_radix (mp_int * a, char *str, int radix) } return MP_OKAY; } +#endif /* End: bn_mp_read_radix.c */ /* Start: bn_mp_read_signed_bin.c */ +#include +#ifdef BN_MP_READ_SIGNED_BIN_C /* LibTomMath, multiple-precision integer library -- Tom St Denis * * LibTomMath is a library that provides multiple-precision @@ -6016,7 +6154,6 @@ int mp_read_radix (mp_int * a, char *str, int radix) * * Tom St Denis, tomstdenis@iahu.ca, http://math.libtomcrypt.org */ -#include /* read signed bin, big endian, first byte is 0==positive or 1==negative */ int @@ -6038,10 +6175,13 @@ mp_read_signed_bin (mp_int * a, unsigned char *b, int c) return MP_OKAY; } +#endif /* End: bn_mp_read_signed_bin.c */ /* Start: bn_mp_read_unsigned_bin.c */ +#include +#ifdef BN_MP_READ_UNSIGNED_BIN_C /* LibTomMath, multiple-precision integer library -- Tom St Denis * * LibTomMath is a library that provides multiple-precision @@ -6056,7 +6196,6 @@ mp_read_signed_bin (mp_int * a, unsigned char *b, int c) * * Tom St Denis, tomstdenis@iahu.ca, http://math.libtomcrypt.org */ -#include /* reads a unsigned char array, assumes the msb is stored first [big endian] */ int @@ -6092,10 +6231,13 @@ mp_read_unsigned_bin (mp_int * a, unsigned char *b, int c) mp_clamp (a); return MP_OKAY; } +#endif /* End: bn_mp_read_unsigned_bin.c */ /* Start: bn_mp_reduce.c */ +#include +#ifdef BN_MP_REDUCE_C /* LibTomMath, multiple-precision integer library -- Tom St Denis * * LibTomMath is a library that provides multiple-precision @@ -6110,7 +6252,6 @@ mp_read_unsigned_bin (mp_int * a, unsigned char *b, int c) * * Tom St Denis, tomstdenis@iahu.ca, http://math.libtomcrypt.org */ -#include /* reduces x mod m, assumes 0 < x < m**2, mu is * precomputed via mp_reduce_setup. @@ -6136,9 +6277,20 @@ mp_reduce (mp_int * x, mp_int * m, mp_int * mu) goto CLEANUP; } } else { +#ifdef BN_S_MP_MUL_HIGH_DIGS_C if ((res = s_mp_mul_high_digs (&q, mu, &q, um - 1)) != MP_OKAY) { goto CLEANUP; } +#elif defined(BN_FAST_S_MP_MUL_HIGH_DIGS_C) + if ((res = fast_s_mp_mul_high_digs (&q, mu, &q, um - 1)) != MP_OKAY) { + goto CLEANUP; + } +#else + { + res = MP_VAL; + goto CLEANUP; + } +#endif } /* q3 = q2 / b**(k+1) */ @@ -6180,10 +6332,13 @@ CLEANUP: return res; } +#endif /* End: bn_mp_reduce.c */ /* Start: bn_mp_reduce_2k.c */ +#include +#ifdef BN_MP_REDUCE_2K_C /* LibTomMath, multiple-precision integer library -- Tom St Denis * * LibTomMath is a library that provides multiple-precision @@ -6198,7 +6353,6 @@ CLEANUP: * * Tom St Denis, tomstdenis@iahu.ca, http://math.libtomcrypt.org */ -#include /* reduces a modulo n where n is of the form 2**p - d */ int @@ -6240,10 +6394,13 @@ ERR: return res; } +#endif /* End: bn_mp_reduce_2k.c */ /* Start: bn_mp_reduce_2k_setup.c */ +#include +#ifdef BN_MP_REDUCE_2K_SETUP_C /* LibTomMath, multiple-precision integer library -- Tom St Denis * * LibTomMath is a library that provides multiple-precision @@ -6258,7 +6415,6 @@ ERR: * * Tom St Denis, tomstdenis@iahu.ca, http://math.libtomcrypt.org */ -#include /* determines the setup value */ int @@ -6286,10 +6442,13 @@ mp_reduce_2k_setup(mp_int *a, mp_digit *d) mp_clear(&tmp); return MP_OKAY; } +#endif /* End: bn_mp_reduce_2k_setup.c */ /* Start: bn_mp_reduce_is_2k.c */ +#include +#ifdef BN_MP_REDUCE_IS_2K_C /* LibTomMath, multiple-precision integer library -- Tom St Denis * * LibTomMath is a library that provides multiple-precision @@ -6304,12 +6463,12 @@ mp_reduce_2k_setup(mp_int *a, mp_digit *d) * * Tom St Denis, tomstdenis@iahu.ca, http://math.libtomcrypt.org */ -#include /* determines if mp_reduce_2k can be used */ int mp_reduce_is_2k(mp_int *a) { - int ix, iy, iz, iw; + int ix, iy, iw; + mp_digit iz; if (a->used == 0) { return 0; @@ -6326,7 +6485,7 @@ int mp_reduce_is_2k(mp_int *a) return 0; } iz <<= 1; - if (iz > (int)MP_MASK) { + if (iz > (mp_digit)MP_MASK) { ++iw; iz = 1; } @@ -6335,10 +6494,13 @@ int mp_reduce_is_2k(mp_int *a) return 1; } +#endif /* End: bn_mp_reduce_is_2k.c */ /* Start: bn_mp_reduce_setup.c */ +#include +#ifdef BN_MP_REDUCE_SETUP_C /* LibTomMath, multiple-precision integer library -- Tom St Denis * * LibTomMath is a library that provides multiple-precision @@ -6353,13 +6515,11 @@ int mp_reduce_is_2k(mp_int *a) * * Tom St Denis, tomstdenis@iahu.ca, http://math.libtomcrypt.org */ -#include /* pre-calculate the value required for Barrett reduction * For a given modulus "b" it calulates the value required in "a" */ -int -mp_reduce_setup (mp_int * a, mp_int * b) +int mp_reduce_setup (mp_int * a, mp_int * b) { int res; @@ -6368,10 +6528,13 @@ mp_reduce_setup (mp_int * a, mp_int * b) } return mp_div (a, b, a, NULL); } +#endif /* End: bn_mp_reduce_setup.c */ /* Start: bn_mp_rshd.c */ +#include +#ifdef BN_MP_RSHD_C /* LibTomMath, multiple-precision integer library -- Tom St Denis * * LibTomMath is a library that provides multiple-precision @@ -6386,7 +6549,6 @@ mp_reduce_setup (mp_int * a, mp_int * b) * * Tom St Denis, tomstdenis@iahu.ca, http://math.libtomcrypt.org */ -#include /* shift right a certain amount of digits */ void mp_rshd (mp_int * a, int b) @@ -6438,10 +6600,13 @@ void mp_rshd (mp_int * a, int b) /* remove excess digits */ a->used -= b; } +#endif /* End: bn_mp_rshd.c */ /* Start: bn_mp_set.c */ +#include +#ifdef BN_MP_SET_C /* LibTomMath, multiple-precision integer library -- Tom St Denis * * LibTomMath is a library that provides multiple-precision @@ -6456,7 +6621,6 @@ void mp_rshd (mp_int * a, int b) * * Tom St Denis, tomstdenis@iahu.ca, http://math.libtomcrypt.org */ -#include /* set to a digit */ void mp_set (mp_int * a, mp_digit b) @@ -6465,10 +6629,13 @@ void mp_set (mp_int * a, mp_digit b) a->dp[0] = b & MP_MASK; a->used = (a->dp[0] != 0) ? 1 : 0; } +#endif /* End: bn_mp_set.c */ /* Start: bn_mp_set_int.c */ +#include +#ifdef BN_MP_SET_INT_C /* LibTomMath, multiple-precision integer library -- Tom St Denis * * LibTomMath is a library that provides multiple-precision @@ -6483,7 +6650,6 @@ void mp_set (mp_int * a, mp_digit b) * * Tom St Denis, tomstdenis@iahu.ca, http://math.libtomcrypt.org */ -#include /* set a 32-bit const */ int mp_set_int (mp_int * a, unsigned long b) @@ -6511,10 +6677,13 @@ int mp_set_int (mp_int * a, unsigned long b) mp_clamp (a); return MP_OKAY; } +#endif /* End: bn_mp_set_int.c */ /* Start: bn_mp_shrink.c */ +#include +#ifdef BN_MP_SHRINK_C /* LibTomMath, multiple-precision integer library -- Tom St Denis * * LibTomMath is a library that provides multiple-precision @@ -6529,7 +6698,6 @@ int mp_set_int (mp_int * a, unsigned long b) * * Tom St Denis, tomstdenis@iahu.ca, http://math.libtomcrypt.org */ -#include /* shrink a bignum */ int mp_shrink (mp_int * a) @@ -6544,10 +6712,13 @@ int mp_shrink (mp_int * a) } return MP_OKAY; } +#endif /* End: bn_mp_shrink.c */ /* Start: bn_mp_signed_bin_size.c */ +#include +#ifdef BN_MP_SIGNED_BIN_SIZE_C /* LibTomMath, multiple-precision integer library -- Tom St Denis * * LibTomMath is a library that provides multiple-precision @@ -6562,17 +6733,19 @@ int mp_shrink (mp_int * a) * * Tom St Denis, tomstdenis@iahu.ca, http://math.libtomcrypt.org */ -#include /* get the size for an signed equivalent */ int mp_signed_bin_size (mp_int * a) { return 1 + mp_unsigned_bin_size (a); } +#endif /* End: bn_mp_signed_bin_size.c */ /* Start: bn_mp_sqr.c */ +#include +#ifdef BN_MP_SQR_C /* LibTomMath, multiple-precision integer library -- Tom St Denis * * LibTomMath is a library that provides multiple-precision @@ -6587,7 +6760,6 @@ int mp_signed_bin_size (mp_int * a) * * Tom St Denis, tomstdenis@iahu.ca, http://math.libtomcrypt.org */ -#include /* computes b = a*a */ int @@ -6595,29 +6767,43 @@ mp_sqr (mp_int * a, mp_int * b) { int res; +#ifdef BN_MP_TOOM_SQR_C /* use Toom-Cook? */ if (a->used >= TOOM_SQR_CUTOFF) { res = mp_toom_sqr(a, b); /* Karatsuba? */ - } else if (a->used >= KARATSUBA_SQR_CUTOFF) { + } else +#endif +#ifdef BN_MP_KARATSUBA_SQR_C +if (a->used >= KARATSUBA_SQR_CUTOFF) { res = mp_karatsuba_sqr (a, b); - } else { + } else +#endif + { +#ifdef BN_FAST_S_MP_SQR_C /* can we use the fast comba multiplier? */ if ((a->used * 2 + 1) < MP_WARRAY && a->used < (1 << (sizeof(mp_word) * CHAR_BIT - 2*DIGIT_BIT - 1))) { res = fast_s_mp_sqr (a, b); - } else { + } else +#endif +#ifdef BN_S_MP_SQR_C res = s_mp_sqr (a, b); - } +#else + res = MP_VAL; +#endif } b->sign = MP_ZPOS; return res; } +#endif /* End: bn_mp_sqr.c */ /* Start: bn_mp_sqrmod.c */ +#include +#ifdef BN_MP_SQRMOD_C /* LibTomMath, multiple-precision integer library -- Tom St Denis * * LibTomMath is a library that provides multiple-precision @@ -6632,7 +6818,6 @@ mp_sqr (mp_int * a, mp_int * b) * * Tom St Denis, tomstdenis@iahu.ca, http://math.libtomcrypt.org */ -#include /* c = a * a (mod b) */ int @@ -6653,10 +6838,13 @@ mp_sqrmod (mp_int * a, mp_int * b, mp_int * c) mp_clear (&t); return res; } +#endif /* End: bn_mp_sqrmod.c */ /* Start: bn_mp_sqrt.c */ +#include +#ifdef BN_MP_SQRT_C /* LibTomMath, multiple-precision integer library -- Tom St Denis * * LibTomMath is a library that provides multiple-precision @@ -6671,7 +6859,6 @@ mp_sqrmod (mp_int * a, mp_int * b, mp_int * c) * * Tom St Denis, tomstdenis@iahu.ca, http://math.libtomcrypt.org */ -#include /* this function is less generic than mp_n_root, simpler and faster */ int mp_sqrt(mp_int *arg, mp_int *ret) @@ -6732,10 +6919,13 @@ E2: mp_clear(&t1); return res; } +#endif /* End: bn_mp_sqrt.c */ /* Start: bn_mp_sub.c */ +#include +#ifdef BN_MP_SUB_C /* LibTomMath, multiple-precision integer library -- Tom St Denis * * LibTomMath is a library that provides multiple-precision @@ -6750,7 +6940,6 @@ E2: mp_clear(&t1); * * Tom St Denis, tomstdenis@iahu.ca, http://math.libtomcrypt.org */ -#include /* high level subtraction (handles signs) */ int @@ -6789,10 +6978,13 @@ mp_sub (mp_int * a, mp_int * b, mp_int * c) return res; } +#endif /* End: bn_mp_sub.c */ /* Start: bn_mp_sub_d.c */ +#include +#ifdef BN_MP_SUB_D_C /* LibTomMath, multiple-precision integer library -- Tom St Denis * * LibTomMath is a library that provides multiple-precision @@ -6807,7 +6999,6 @@ mp_sub (mp_int * a, mp_int * b, mp_int * c) * * Tom St Denis, tomstdenis@iahu.ca, http://math.libtomcrypt.org */ -#include /* single digit subtraction */ int @@ -6876,10 +7067,13 @@ mp_sub_d (mp_int * a, mp_digit b, mp_int * c) return MP_OKAY; } +#endif /* End: bn_mp_sub_d.c */ /* Start: bn_mp_submod.c */ +#include +#ifdef BN_MP_SUBMOD_C /* LibTomMath, multiple-precision integer library -- Tom St Denis * * LibTomMath is a library that provides multiple-precision @@ -6894,7 +7088,6 @@ mp_sub_d (mp_int * a, mp_digit b, mp_int * c) * * Tom St Denis, tomstdenis@iahu.ca, http://math.libtomcrypt.org */ -#include /* d = a - b (mod c) */ int @@ -6916,10 +7109,13 @@ mp_submod (mp_int * a, mp_int * b, mp_int * c, mp_int * d) mp_clear (&t); return res; } +#endif /* End: bn_mp_submod.c */ /* Start: bn_mp_to_signed_bin.c */ +#include +#ifdef BN_MP_TO_SIGNED_BIN_C /* LibTomMath, multiple-precision integer library -- Tom St Denis * * LibTomMath is a library that provides multiple-precision @@ -6934,7 +7130,6 @@ mp_submod (mp_int * a, mp_int * b, mp_int * c, mp_int * d) * * Tom St Denis, tomstdenis@iahu.ca, http://math.libtomcrypt.org */ -#include /* store in signed [big endian] format */ int @@ -6948,10 +7143,13 @@ mp_to_signed_bin (mp_int * a, unsigned char *b) b[0] = (unsigned char) ((a->sign == MP_ZPOS) ? 0 : 1); return MP_OKAY; } +#endif /* End: bn_mp_to_signed_bin.c */ /* Start: bn_mp_to_unsigned_bin.c */ +#include +#ifdef BN_MP_TO_UNSIGNED_BIN_C /* LibTomMath, multiple-precision integer library -- Tom St Denis * * LibTomMath is a library that provides multiple-precision @@ -6966,7 +7164,6 @@ mp_to_signed_bin (mp_int * a, unsigned char *b) * * Tom St Denis, tomstdenis@iahu.ca, http://math.libtomcrypt.org */ -#include /* store in unsigned [big endian] format */ int @@ -6995,10 +7192,13 @@ mp_to_unsigned_bin (mp_int * a, unsigned char *b) mp_clear (&t); return MP_OKAY; } +#endif /* End: bn_mp_to_unsigned_bin.c */ /* Start: bn_mp_toom_mul.c */ +#include +#ifdef BN_MP_TOOM_MUL_C /* LibTomMath, multiple-precision integer library -- Tom St Denis * * LibTomMath is a library that provides multiple-precision @@ -7013,9 +7213,13 @@ mp_to_unsigned_bin (mp_int * a, unsigned char *b) * * Tom St Denis, tomstdenis@iahu.ca, http://math.libtomcrypt.org */ -#include -/* multiplication using the Toom-Cook 3-way algorithm */ +/* multiplication using the Toom-Cook 3-way algorithm + * + * Much more complicated than Karatsuba but has a lower asymptotic running time of + * O(N**1.464). This algorithm is only particularly useful on VERY large + * inputs (we're talking 1000s of digits here...). +*/ int mp_toom_mul(mp_int *a, mp_int *b, mp_int *c) { mp_int w0, w1, w2, w3, w4, tmp1, tmp2, a0, a1, a2, b0, b1, b2; @@ -7271,10 +7475,13 @@ ERR: return res; } +#endif /* End: bn_mp_toom_mul.c */ /* Start: bn_mp_toom_sqr.c */ +#include +#ifdef BN_MP_TOOM_SQR_C /* LibTomMath, multiple-precision integer library -- Tom St Denis * * LibTomMath is a library that provides multiple-precision @@ -7289,7 +7496,6 @@ ERR: * * Tom St Denis, tomstdenis@iahu.ca, http://math.libtomcrypt.org */ -#include /* squaring using Toom-Cook 3-way algorithm */ int @@ -7495,10 +7701,13 @@ ERR: return res; } +#endif /* End: bn_mp_toom_sqr.c */ /* Start: bn_mp_toradix.c */ +#include +#ifdef BN_MP_TORADIX_C /* LibTomMath, multiple-precision integer library -- Tom St Denis * * LibTomMath is a library that provides multiple-precision @@ -7513,7 +7722,6 @@ ERR: * * Tom St Denis, tomstdenis@iahu.ca, http://math.libtomcrypt.org */ -#include /* stores a bignum as a ASCII string in a given radix (2..64) */ int mp_toradix (mp_int * a, char *str, int radix) @@ -7568,10 +7776,13 @@ int mp_toradix (mp_int * a, char *str, int radix) return MP_OKAY; } +#endif /* End: bn_mp_toradix.c */ /* Start: bn_mp_toradix_n.c */ +#include +#ifdef BN_MP_TORADIX_N_C /* LibTomMath, multiple-precision integer library -- Tom St Denis * * LibTomMath is a library that provides multiple-precision @@ -7586,7 +7797,6 @@ int mp_toradix (mp_int * a, char *str, int radix) * * Tom St Denis, tomstdenis@iahu.ca, http://math.libtomcrypt.org */ -#include /* stores a bignum as a ASCII string in a given radix (2..64) * @@ -7655,10 +7865,13 @@ int mp_toradix_n(mp_int * a, char *str, int radix, int maxlen) return MP_OKAY; } +#endif /* End: bn_mp_toradix_n.c */ /* Start: bn_mp_unsigned_bin_size.c */ +#include +#ifdef BN_MP_UNSIGNED_BIN_SIZE_C /* LibTomMath, multiple-precision integer library -- Tom St Denis * * LibTomMath is a library that provides multiple-precision @@ -7673,7 +7886,6 @@ int mp_toradix_n(mp_int * a, char *str, int radix, int maxlen) * * Tom St Denis, tomstdenis@iahu.ca, http://math.libtomcrypt.org */ -#include /* get the size for an unsigned equivalent */ int @@ -7682,10 +7894,13 @@ mp_unsigned_bin_size (mp_int * a) int size = mp_count_bits (a); return (size / 8 + ((size & 7) != 0 ? 1 : 0)); } +#endif /* End: bn_mp_unsigned_bin_size.c */ /* Start: bn_mp_xor.c */ +#include +#ifdef BN_MP_XOR_C /* LibTomMath, multiple-precision integer library -- Tom St Denis * * LibTomMath is a library that provides multiple-precision @@ -7700,7 +7915,6 @@ mp_unsigned_bin_size (mp_int * a) * * Tom St Denis, tomstdenis@iahu.ca, http://math.libtomcrypt.org */ -#include /* XOR two ints together */ int @@ -7724,17 +7938,20 @@ mp_xor (mp_int * a, mp_int * b, mp_int * c) } for (ix = 0; ix < px; ix++) { - t.dp[ix] ^= x->dp[ix]; + } mp_clamp (&t); mp_exch (c, &t); mp_clear (&t); return MP_OKAY; } +#endif /* End: bn_mp_xor.c */ /* Start: bn_mp_zero.c */ +#include +#ifdef BN_MP_ZERO_C /* LibTomMath, multiple-precision integer library -- Tom St Denis * * LibTomMath is a library that provides multiple-precision @@ -7749,7 +7966,6 @@ mp_xor (mp_int * a, mp_int * b, mp_int * c) * * Tom St Denis, tomstdenis@iahu.ca, http://math.libtomcrypt.org */ -#include /* set to zero */ void @@ -7759,65 +7975,13 @@ mp_zero (mp_int * a) a->used = 0; memset (a->dp, 0, sizeof (mp_digit) * a->alloc); } +#endif /* End: bn_mp_zero.c */ -/* Start: bn_prime_sizes_tab.c */ -/* LibTomMath, multiple-precision integer library -- Tom St Denis - * - * LibTomMath is a library that provides multiple-precision - * integer arithmetic as well as number theoretic functionality. - * - * The library was designed directly after the MPI library by - * Michael Fromberger but has been written from scratch with - * additional optimizations in place. - * - * The library is free for all purposes without any express - * guarantee it works. - * - * Tom St Denis, tomstdenis@iahu.ca, http://math.libtomcrypt.org - */ -#include - -/* this table gives the # of rabin miller trials for a prob of failure lower than 2^-96 */ -static const struct { - int k, t; -} sizes[] = { -{ 128, 28 }, -{ 256, 16 }, -{ 384, 10 }, -{ 512, 7 }, -{ 640, 6 }, -{ 768, 5 }, -{ 896, 4 }, -{ 1024, 4 }, -{ 1152, 3 }, -{ 1280, 3 }, -{ 1408, 3 }, -{ 1536, 3 }, -{ 1664, 3 }, -{ 1792, 2 } }; - -/* returns # of RM trials required for a given bit size */ -int mp_prime_rabin_miller_trials(int size) -{ - int x; - - for (x = 0; x < (int)(sizeof(sizes)/(sizeof(sizes[0]))); x++) { - if (sizes[x].k == size) { - return sizes[x].t; - } else if (sizes[x].k > size) { - return (x == 0) ? sizes[0].t : sizes[x - 1].t; - } - } - return 1; -} - - - -/* End: bn_prime_sizes_tab.c */ - /* Start: bn_prime_tab.c */ +#include +#ifdef BN_PRIME_TAB_C /* LibTomMath, multiple-precision integer library -- Tom St Denis * * LibTomMath is a library that provides multiple-precision @@ -7832,7 +7996,6 @@ int mp_prime_rabin_miller_trials(int size) * * Tom St Denis, tomstdenis@iahu.ca, http://math.libtomcrypt.org */ -#include const mp_digit __prime_tab[] = { 0x0002, 0x0003, 0x0005, 0x0007, 0x000B, 0x000D, 0x0011, 0x0013, 0x0017, 0x001D, 0x001F, 0x0025, 0x0029, 0x002B, 0x002F, 0x0035, @@ -7873,10 +8036,13 @@ const mp_digit __prime_tab[] = { 0x062B, 0x062F, 0x063D, 0x0641, 0x0647, 0x0649, 0x064D, 0x0653 #endif }; +#endif /* End: bn_prime_tab.c */ /* Start: bn_reverse.c */ +#include +#ifdef BN_REVERSE_C /* LibTomMath, multiple-precision integer library -- Tom St Denis * * LibTomMath is a library that provides multiple-precision @@ -7891,7 +8057,6 @@ const mp_digit __prime_tab[] = { * * Tom St Denis, tomstdenis@iahu.ca, http://math.libtomcrypt.org */ -#include /* reverse an array, used for radix code */ void @@ -7910,10 +8075,13 @@ bn_reverse (unsigned char *s, int len) --iy; } } +#endif /* End: bn_reverse.c */ /* Start: bn_s_mp_add.c */ +#include +#ifdef BN_S_MP_ADD_C /* LibTomMath, multiple-precision integer library -- Tom St Denis * * LibTomMath is a library that provides multiple-precision @@ -7928,7 +8096,6 @@ bn_reverse (unsigned char *s, int len) * * Tom St Denis, tomstdenis@iahu.ca, http://math.libtomcrypt.org */ -#include /* low level addition, based on HAC pp.594, Algorithm 14.7 */ int @@ -8017,10 +8184,13 @@ s_mp_add (mp_int * a, mp_int * b, mp_int * c) mp_clamp (c); return MP_OKAY; } +#endif /* End: bn_s_mp_add.c */ /* Start: bn_s_mp_exptmod.c */ +#include +#ifdef BN_S_MP_EXPTMOD_C /* LibTomMath, multiple-precision integer library -- Tom St Denis * * LibTomMath is a library that provides multiple-precision @@ -8035,7 +8205,6 @@ s_mp_add (mp_int * a, mp_int * b, mp_int * c) * * Tom St Denis, tomstdenis@iahu.ca, http://math.libtomcrypt.org */ -#include #ifdef MP_LOW_MEM #define TAB_SIZE 32 @@ -8255,10 +8424,13 @@ __M: } return err; } +#endif /* End: bn_s_mp_exptmod.c */ /* Start: bn_s_mp_mul_digs.c */ +#include +#ifdef BN_S_MP_MUL_DIGS_C /* LibTomMath, multiple-precision integer library -- Tom St Denis * * LibTomMath is a library that provides multiple-precision @@ -8273,7 +8445,6 @@ __M: * * Tom St Denis, tomstdenis@iahu.ca, http://math.libtomcrypt.org */ -#include /* multiplies |a| * |b| and only computes upto digs digits of result * HAC pp. 595, Algorithm 14.12 Modified so you can control how @@ -8344,10 +8515,13 @@ s_mp_mul_digs (mp_int * a, mp_int * b, mp_int * c, int digs) mp_clear (&t); return MP_OKAY; } +#endif /* End: bn_s_mp_mul_digs.c */ /* Start: bn_s_mp_mul_high_digs.c */ +#include +#ifdef BN_S_MP_MUL_HIGH_DIGS_C /* LibTomMath, multiple-precision integer library -- Tom St Denis * * LibTomMath is a library that provides multiple-precision @@ -8362,7 +8536,6 @@ s_mp_mul_digs (mp_int * a, mp_int * b, mp_int * c, int digs) * * Tom St Denis, tomstdenis@iahu.ca, http://math.libtomcrypt.org */ -#include /* multiplies |a| * |b| and does not compute the lower digs digits * [meant to get the higher part of the product] @@ -8377,10 +8550,12 @@ s_mp_mul_high_digs (mp_int * a, mp_int * b, mp_int * c, int digs) mp_digit tmpx, *tmpt, *tmpy; /* can we use the fast multiplier? */ +#ifdef BN_FAST_S_MP_MUL_HIGH_DIGS_C if (((a->used + b->used + 1) < MP_WARRAY) && MIN (a->used, b->used) < (1 << ((CHAR_BIT * sizeof (mp_word)) - (2 * DIGIT_BIT)))) { return fast_s_mp_mul_high_digs (a, b, c, digs); } +#endif if ((res = mp_init_size (&t, a->used + b->used + 1)) != MP_OKAY) { return res; @@ -8421,10 +8596,13 @@ s_mp_mul_high_digs (mp_int * a, mp_int * b, mp_int * c, int digs) mp_clear (&t); return MP_OKAY; } +#endif /* End: bn_s_mp_mul_high_digs.c */ /* Start: bn_s_mp_sqr.c */ +#include +#ifdef BN_S_MP_SQR_C /* LibTomMath, multiple-precision integer library -- Tom St Denis * * LibTomMath is a library that provides multiple-precision @@ -8439,7 +8617,6 @@ s_mp_mul_high_digs (mp_int * a, mp_int * b, mp_int * c, int digs) * * Tom St Denis, tomstdenis@iahu.ca, http://math.libtomcrypt.org */ -#include /* low level squaring, b = a*a, HAC pp.596-597, Algorithm 14.16 */ int @@ -8504,10 +8681,13 @@ s_mp_sqr (mp_int * a, mp_int * b) mp_clear (&t); return MP_OKAY; } +#endif /* End: bn_s_mp_sqr.c */ /* Start: bn_s_mp_sub.c */ +#include +#ifdef BN_S_MP_SUB_C /* LibTomMath, multiple-precision integer library -- Tom St Denis * * LibTomMath is a library that provides multiple-precision @@ -8522,7 +8702,6 @@ s_mp_sqr (mp_int * a, mp_int * b) * * Tom St Denis, tomstdenis@iahu.ca, http://math.libtomcrypt.org */ -#include /* low level subtraction (assumes |a| > |b|), HAC pp.595 Algorithm 14.9 */ int @@ -8591,10 +8770,13 @@ s_mp_sub (mp_int * a, mp_int * b, mp_int * c) return MP_OKAY; } +#endif /* End: bn_s_mp_sub.c */ /* Start: bncore.c */ +#include +#ifdef BNCORE_C /* LibTomMath, multiple-precision integer library -- Tom St Denis * * LibTomMath is a library that provides multiple-precision @@ -8609,26 +8791,21 @@ s_mp_sub (mp_int * a, mp_int * b, mp_int * c) * * Tom St Denis, tomstdenis@iahu.ca, http://math.libtomcrypt.org */ -#include /* Known optimal configurations CPU /Compiler /MUL CUTOFF/SQR CUTOFF ------------------------------------------------------------- - Intel P4 Northwood /GCC v3.3.3 / 121/ 128/SSE patches ;-) - Intel P4 Northwood /GCC v3.3.3 / 59/ 81/profiled build - Intel P4 Northwood /GCC v3.3.3 / 59/ 80/profiled_single build - Intel P4 Northwood /ICC v8.0 / 57/ 70/profiled build - Intel P4 Northwood /ICC v8.0 / 54/ 76/profiled_single build - AMD Athlon XP /GCC v3.2 / 109/ 127/ + Intel P4 Northwood /GCC v3.4.1 / 88/ 128/LTM 0.32 ;-) */ -int KARATSUBA_MUL_CUTOFF = 121, /* Min. number of digits before Karatsuba multiplication is used. */ - KARATSUBA_SQR_CUTOFF = 128, /* Min. number of digits before Karatsuba squaring is used. */ +int KARATSUBA_MUL_CUTOFF = 88, /* Min. number of digits before Karatsuba multiplication is used. */ + KARATSUBA_SQR_CUTOFF = 128, /* Min. number of digits before Karatsuba squaring is used. */ TOOM_MUL_CUTOFF = 350, /* no optimal values of these are known yet so set em high */ TOOM_SQR_CUTOFF = 400; +#endif /* End: bncore.c */ diff --git a/mycrypt.h b/mycrypt.h index 43a93e9..1d6a938 100644 --- a/mycrypt.h +++ b/mycrypt.h @@ -16,8 +16,8 @@ extern "C" { #endif /* version */ -#define CRYPT 0x0098 -#define SCRYPT "0.98" +#define CRYPT 0x0099 +#define SCRYPT "0.99" /* max size of either a cipher/hash block or symmetric key [largest of the two] */ #define MAXBLOCKSIZE 64 diff --git a/mycrypt_argchk.h b/mycrypt_argchk.h index 090d4d0..69f27d6 100644 --- a/mycrypt_argchk.h +++ b/mycrypt_argchk.h @@ -5,7 +5,7 @@ #include /* this is the default LibTomCrypt macro */ - void crypt_argchk(char *v, char *s, int d); +void crypt_argchk(char *v, char *s, int d); #define _ARGCHK(x) if (!(x)) { crypt_argchk(#x, __FILE__, __LINE__); } #elif ARGTYPE == 1 diff --git a/mycrypt_cfg.h b/mycrypt_cfg.h index 4d40c70..b440e0b 100644 --- a/mycrypt_cfg.h +++ b/mycrypt_cfg.h @@ -42,6 +42,12 @@ int XMEMCMP(const void *s1, const void *s2, size_t n); #define ENDIAN_64BITWORD #endif +/* detect amd64 */ +#if defined(__x86_64__) + #define ENDIAN_LITTLE + #define ENDIAN_64BITWORD +#endif + /* #define ENDIAN_LITTLE */ /* #define ENDIAN_BIG */ diff --git a/mycrypt_custom.h b/mycrypt_custom.h index c71579f..03058bb 100644 --- a/mycrypt_custom.h +++ b/mycrypt_custom.h @@ -18,7 +18,7 @@ #define XCLOCKS_PER_SEC CLOCKS_PER_SEC /* Use small code where possible */ -#define SMALL_CODE +// #define SMALL_CODE /* Enable self-test test vector checking */ #define LTC_TEST @@ -27,7 +27,7 @@ // #define CLEAN_STACK /* disable all file related functions */ -//#define NO_FILE +// #define NO_FILE /* various ciphers */ #define BLOWFISH @@ -37,10 +37,13 @@ #define SAFERP #define RIJNDAEL #define XTEA +/* _TABLES tells it to use tables during setup, _SMALL means to use the smaller scheduled key format + * (saves 4KB of ram), _ALL_TABLES enables all tables during setup */ #define TWOFISH #define TWOFISH_TABLES // #define TWOFISH_ALL_TABLES // #define TWOFISH_SMALL +/* DES includes EDE triple-DES */ #define DES #define CAST5 #define NOEKEON @@ -50,7 +53,7 @@ */ //#define SAFER -/* modes of operation */ +/* block cipher modes of operation */ #define CFB #define OFB #define ECB @@ -58,6 +61,7 @@ #define CTR /* hash functions */ +#define CHC_HASH #define WHIRLPOOL #define SHA512 #define SHA384 @@ -147,16 +151,7 @@ /* Include the MPI functionality? (required by the PK algorithms) */ #define MPI -/* Use SSE2 optimizations in LTM? Requires GCC or ICC and a P4 or K8 processor */ -// #define LTMSSE - -/* prevents the code from being "unportable" at least to non i386 platforms */ -#if defined(LTMSSE) && !( (defined(__GNUC__) && defined(__i386__)) || defined(INTEL_CC)) - #warning LTMSSE is only available for GNU CC (i386) or Intel CC - #undef LTMSSE -#endif - -/* PKCS #1 and #5 stuff */ +/* PKCS #1 (RSA) and #5 (Password Handling) stuff */ #define PKCS_1 #define PKCS_5 diff --git a/mycrypt_hash.h b/mycrypt_hash.h index b661d12..d5d8900 100644 --- a/mycrypt_hash.h +++ b/mycrypt_hash.h @@ -78,7 +78,18 @@ struct whirlpool_state { }; #endif +#ifdef CHC_HASH +struct chc_state { + ulong64 length; + unsigned char state[MAXBLOCKSIZE], buf[MAXBLOCKSIZE]; + ulong32 curlen; +}; +#endif + typedef union Hash_state { +#ifdef CHC_HASH + struct chc_state chc; +#endif #ifdef WHIRLPOOL struct whirlpool_state whirlpool; #endif @@ -118,26 +129,34 @@ extern struct _hash_descriptor { unsigned long blocksize; /* the block size the hash uses */ unsigned char DER[64]; /* DER encoded identifier */ unsigned long DERlen; /* length of DER encoding */ - void (*init)(hash_state *); + int (*init)(hash_state *); int (*process)(hash_state *, const unsigned char *, unsigned long); int (*done)(hash_state *, unsigned char *); - int (*test)(void); + int (*test)(void); } hash_descriptor[]; +#ifdef CHC_HASH + int chc_register(int cipher); + int chc_init(hash_state * md); + int chc_process(hash_state * md, const unsigned char *buf, unsigned long len); + int chc_done(hash_state * md, unsigned char *hash); + int chc_test(void); + extern const struct _hash_descriptor chc_desc; +#endif #ifdef WHIRLPOOL - void whirlpool_init(hash_state * md); + int whirlpool_init(hash_state * md); int whirlpool_process(hash_state * md, const unsigned char *buf, unsigned long len); int whirlpool_done(hash_state * md, unsigned char *hash); - int whirlpool_test(void); + int whirlpool_test(void); extern const struct _hash_descriptor whirlpool_desc; #endif #ifdef SHA512 - void sha512_init(hash_state * md); + int sha512_init(hash_state * md); int sha512_process(hash_state * md, const unsigned char *buf, unsigned long len); int sha512_done(hash_state * md, unsigned char *hash); - int sha512_test(void); + int sha512_test(void); extern const struct _hash_descriptor sha512_desc; #endif @@ -145,89 +164,88 @@ extern struct _hash_descriptor { #ifndef SHA512 #error SHA512 is required for SHA384 #endif - void sha384_init(hash_state * md); + int sha384_init(hash_state * md); #define sha384_process sha512_process int sha384_done(hash_state * md, unsigned char *hash); - int sha384_test(void); + int sha384_test(void); extern const struct _hash_descriptor sha384_desc; #endif #ifdef SHA256 - void sha256_init(hash_state * md); + int sha256_init(hash_state * md); int sha256_process(hash_state * md, const unsigned char *buf, unsigned long len); int sha256_done(hash_state * md, unsigned char *hash); - int sha256_test(void); + int sha256_test(void); extern const struct _hash_descriptor sha256_desc; #ifdef SHA224 #ifndef SHA256 #error SHA256 is required for SHA224 #endif - void sha224_init(hash_state * md); + int sha224_init(hash_state * md); #define sha224_process sha256_process int sha224_done(hash_state * md, unsigned char *hash); - int sha224_test(void); + int sha224_test(void); extern const struct _hash_descriptor sha224_desc; #endif #endif #ifdef SHA1 - void sha1_init(hash_state * md); + int sha1_init(hash_state * md); int sha1_process(hash_state * md, const unsigned char *buf, unsigned long len); int sha1_done(hash_state * md, unsigned char *hash); - int sha1_test(void); + int sha1_test(void); extern const struct _hash_descriptor sha1_desc; #endif #ifdef MD5 - void md5_init(hash_state * md); + int md5_init(hash_state * md); int md5_process(hash_state * md, const unsigned char *buf, unsigned long len); int md5_done(hash_state * md, unsigned char *hash); - int md5_test(void); + int md5_test(void); extern const struct _hash_descriptor md5_desc; #endif #ifdef MD4 - void md4_init(hash_state * md); + int md4_init(hash_state * md); int md4_process(hash_state * md, const unsigned char *buf, unsigned long len); int md4_done(hash_state * md, unsigned char *hash); - int md4_test(void); + int md4_test(void); extern const struct _hash_descriptor md4_desc; #endif #ifdef MD2 - void md2_init(hash_state * md); + int md2_init(hash_state * md); int md2_process(hash_state * md, const unsigned char *buf, unsigned long len); int md2_done(hash_state * md, unsigned char *hash); - int md2_test(void); + int md2_test(void); extern const struct _hash_descriptor md2_desc; #endif #ifdef TIGER - void tiger_init(hash_state * md); + int tiger_init(hash_state * md); int tiger_process(hash_state * md, const unsigned char *buf, unsigned long len); int tiger_done(hash_state * md, unsigned char *hash); - int tiger_test(void); + int tiger_test(void); extern const struct _hash_descriptor tiger_desc; #endif #ifdef RIPEMD128 - void rmd128_init(hash_state * md); + int rmd128_init(hash_state * md); int rmd128_process(hash_state * md, const unsigned char *buf, unsigned long len); int rmd128_done(hash_state * md, unsigned char *hash); - int rmd128_test(void); + int rmd128_test(void); extern const struct _hash_descriptor rmd128_desc; #endif #ifdef RIPEMD160 - void rmd160_init(hash_state * md); + int rmd160_init(hash_state * md); int rmd160_process(hash_state * md, const unsigned char *buf, unsigned long len); int rmd160_done(hash_state * md, unsigned char *hash); - int rmd160_test(void); + int rmd160_test(void); extern const struct _hash_descriptor rmd160_desc; #endif - int find_hash(const char *name); int find_hash_id(unsigned char ID); int find_hash_any(const char *name, int digestlen); @@ -244,6 +262,7 @@ extern struct _hash_descriptor { int func_name (hash_state * md, const unsigned char *buf, unsigned long len) \ { \ unsigned long n; \ + int err; \ _ARGCHK(md != NULL); \ _ARGCHK(buf != NULL); \ if (md-> state_var .curlen > sizeof(md-> state_var .buf)) { \ @@ -251,7 +270,9 @@ int func_name (hash_state * md, const unsigned char *buf, unsigned long len) } \ while (len > 0) { \ if (md-> state_var .curlen == 0 && len >= block_size) { \ - compress_name (md, (unsigned char *)buf); \ + if ((err = compress_name (md, (unsigned char *)buf)) != CRYPT_OK) { \ + return err; \ + } \ md-> state_var .length += block_size * 8; \ buf += block_size; \ len -= block_size; \ @@ -262,7 +283,9 @@ int func_name (hash_state * md, const unsigned char *buf, unsigned long len) buf += n; \ len -= n; \ if (md-> state_var .curlen == block_size) { \ - compress_name (md, md-> state_var .buf); \ + if ((err = compress_name (md, md-> state_var .buf)) != CRYPT_OK) {\ + return err; \ + } \ md-> state_var .length += 8*block_size; \ md-> state_var .curlen = 0; \ } \ diff --git a/mycrypt_macros.h b/mycrypt_macros.h index cd69cd3..6e2eaa2 100644 --- a/mycrypt_macros.h +++ b/mycrypt_macros.h @@ -10,7 +10,11 @@ /* this is the "32-bit at least" data type * Re-define it to suit your platform but it must be at least 32-bits */ -typedef unsigned long ulong32; +#if defined(__x86_64__) + typedef unsigned ulong32; +#else + typedef unsigned long ulong32; +#endif /* ---- HELPER MACROS ---- */ #ifdef ENDIAN_NEUTRAL @@ -194,9 +198,9 @@ typedef unsigned long ulong32; #define ROR(x,n) _lrotr(x,n) #define ROL(x,n) _lrotl(x,n) -#elif defined(__GNUC__) && defined(__i386__) && !defined(INTEL_CC) +#elif defined(__GNUC__) && (defined(__i386__) || defined(__x86_64__)) && !defined(INTEL_CC) -static inline unsigned long ROL(unsigned long word, int i) +static inline unsigned ROL(unsigned word, int i) { __asm__("roll %%cl,%0" :"=r" (word) @@ -204,7 +208,7 @@ static inline unsigned long ROL(unsigned long word, int i) return word; } -static inline unsigned long ROR(unsigned long word, int i) +static inline unsigned ROR(unsigned word, int i) { __asm__("rorl %%cl,%0" :"=r" (word) @@ -220,6 +224,26 @@ static inline unsigned long ROR(unsigned long word, int i) #endif +#if defined(__GNUCC__) && defined(__x86_64__) + +static inline unsigned long ROL64(unsigned long word, int i) +{ + __asm__("rolq %%cl,%0" + :"=r" (word) + :"0" (word),"c" (i)); + return word; +} + +static inline unsigned long ROR64(unsigned long word, int i) +{ + __asm__("rorq %%cl,%0" + :"=r" (word) + :"0" (word),"c" (i)); + return word; +} + +#else + #define ROL64(x, y) \ ( (((x)<<((ulong64)(y)&63)) | \ (((x)&CONST64(0xFFFFFFFFFFFFFFFF))>>((ulong64)64-((y)&63)))) & CONST64(0xFFFFFFFFFFFFFFFF)) @@ -228,6 +252,8 @@ static inline unsigned long ROR(unsigned long word, int i) ( ((((x)&CONST64(0xFFFFFFFFFFFFFFFF))>>((ulong64)(y)&CONST64(63))) | \ ((x)<<((ulong64)(64-((y)&CONST64(63)))))) & CONST64(0xFFFFFFFFFFFFFFFF)) +#endif + #undef MAX #undef MIN #define MAX(x, y) ( ((x)>(y))?(x):(y) ) diff --git a/mycrypt_pk.h b/mycrypt_pk.h index 9afacda..6345116 100644 --- a/mycrypt_pk.h +++ b/mycrypt_pk.h @@ -67,7 +67,6 @@ #define PK_PRIVATE 0 /* PK private keys */ #define PK_PUBLIC 1 /* PK public keys */ -#define PK_PRIVATE_OPTIMIZED 2 /* PK private key [rsa optimized] */ /* ---- PACKET ---- */ #ifdef PACKET @@ -90,7 +89,7 @@ typedef struct Rsa_key { int type; - mp_int e, d, N, qP, pQ, dP, dQ, p, q; + mp_int e, d, N, p, q, qP, dP, dQ; } rsa_key; int rsa_make_key(prng_state *prng, int wprng, int size, long e, rsa_key *key); @@ -276,3 +275,11 @@ typedef struct { int dsa_verify_key(dsa_key *key, int *stat); #endif + +/* DER handling */ +int der_encode_integer(mp_int *num, unsigned char *out, unsigned long *outlen); +int der_decode_integer(const unsigned char *in, unsigned long *inlen, mp_int *num); +int der_length_integer(mp_int *num, unsigned long *len); +int der_put_multi_integer(unsigned char *dst, unsigned long *outlen, mp_int *num, ...); +int der_get_multi_integer(const unsigned char *src, unsigned long *inlen, mp_int *num, ...); + diff --git a/mycrypt_prng.h b/mycrypt_prng.h index 76d342e..e706849 100644 --- a/mycrypt_prng.h +++ b/mycrypt_prng.h @@ -60,8 +60,8 @@ extern struct _prng_descriptor { int (*ready)(prng_state *); unsigned long (*read)(unsigned char *, unsigned long, prng_state *); int (*done)(prng_state *); - int (*export)(unsigned char *, unsigned long *, prng_state *); - int (*import)(const unsigned char *, unsigned long, prng_state *); + int (*pexport)(unsigned char *, unsigned long *, prng_state *); + int (*pimport)(const unsigned char *, unsigned long, prng_state *); int (*test)(void); } prng_descriptor[]; diff --git a/notes/hash_tv.txt b/notes/hash_tv.txt index 7fd9062..4f2714d 100644 --- a/notes/hash_tv.txt +++ b/notes/hash_tv.txt @@ -1734,3 +1734,38 @@ Hash: whirlpool 127: 3C9A7F387B7104DF19CF264B0B5821B2E46E44ADC79262546E98FFA113EB3D45799EAC78CCA4643C937FCC3C1D249A212FACB34C63D45EEC81069095D7CDCE7B 128: 803A3B37C89E84FBBEC75BEE3D00DD728FFC4246B5A5E989DC8DC2CD0F7937966AB78C79E1D4648EE6EB40F3D70491CB46B8AB42E155672E2AB8374FCF70DD79 +Hash: chc_hash + 0: 4047929F1F572643B55F829EB3291D11 + 1: 8898FD04F810507740E7A8DBF44C18E8 + 2: 1445928BB912A6D3C5111923B6C5D48D + 3: D85B2E8854D16A440CF32DDDA741DA52 + 4: 5F3082124472598098B03649EA409CDC + 5: 604A19622A06D0486D559A07C95B297A + 6: A16F89E4DACA6C8174C9D66AA23B15AF + 7: FC6893F79A2D28315FBBEFCAF0280793 + 8: 6A80F04CB93B1CFB947DED28141E877A + 9: D036D0B4DEF1FA138C3181367143D1A9 + 10: F031A2DC2A196B268046F73728EE7831 + 11: 2E05C9B5A43CFB01AD026ABA8AE8201F + 12: 8B49EF0BC936792F905E61AE621E63C3 + 13: 485CF5E83BC66843D446D9922547E43B + 14: 704767A75D1FD6639CE72291AE1F6CD8 + 15: 19F6228C2531747CB20F644F9EC65691 + 16: B78FEC0628D7F47B042A3C15C57750FB + 17: 3EF9AFAAFAE9C80D09CD078E1CC0BD8A + 18: 5E4501C8DD0D49589F4FFA20F278D316 + 19: 00D2D0FDD0E0476C9D40DE5A04508849 + 20: CC7382E78D8DF07F0BAB66203F191745 + 21: 85B841BCCCB4AD2420BCABCFD06A0757 + 22: 7159E38F4D7E4CEBEBF86A65A984BA2A + 23: C8949A9D92601726F77E1AEF0E5F1E0F + 24: 8CE35EF6EC7DDA294134077420159F68 + 25: A0F4E4522832676B49E7CD393E6D9761 + 26: F55C27D180948585819833322D7BC4CA + 27: 0A3975A0113E1FE6A66F8C7D529715B5 + 28: F77135C5D04096181305C0906BAEE789 + 29: 31FF81B49B9003D73F878F810D49C851 + 30: BE1E12BF021D0DB2FC5CE7D5348A1DE7 + 31: CB4AF60D7340EC6849574DF1E5BAA24E + 32: 7C5ABDBA19396D7BE48C2A84F8CC747B + diff --git a/notes/hmac_tv.txt b/notes/hmac_tv.txt index 3003490..18edd70 100644 --- a/notes/hmac_tv.txt +++ b/notes/hmac_tv.txt @@ -1734,3 +1734,38 @@ HMAC-whirlpool 127: 1D8B2525E519A3FF8BDAAF31E80EE695F5914B78E7DAB801729B5D84C3A7A2B36A33803F5E0723981CF8A9586EC1BEABC58154EFD919AFF08935FBD756327AAB 128: 4AABF1C3F24C20FFAA61D6106E32EF1BB7CDEB607354BD4B6251893941730054244E198EECD4943C77082CC9B406A2E12271BCA455DF15D3613336615C36B22E +HMAC-chc_hash + 0: 0607F24D43AA98A86FCC45B53DA04F9D + 1: BE4FB5E0BC4BD8132DB14BCBD7E4CD10 + 2: A3246C609FE39D7C9F7CFCF16185FB48 + 3: 3C7EA951205937240F0756BC0F2F4D1B + 4: 7F69A5DD411DFE6BB99D1B8391B31272 + 5: DCB4D4D7F3B9AF6F51F30DCF733068CC + 6: 1363B27E6B28BCD8AE3DCD0F55B387D7 + 7: BB525342845B1253CFE98F00237A85F3 + 8: 89FB247A36A9926FDA10F2013119151B + 9: 54EB023EF9CE37EDC986373E23A9ED16 + 10: 2358D8884471CB1D9E233107C7A7A4A0 + 11: 94BAB092B00574C5FBEB1D7E54B684C4 + 12: DF1819707621B8A66D9709397E92DC2F + 13: 3044DFFC7947787FDB12F62141B9E4FB + 14: 9EA9943FC2635AD852D1C5699234915D + 15: 1CC75C985BE6EDD3AD5907ED72ECE05E + 16: 1A826C4817FF59E686A59B0B96C9A619 + 17: 44DB2A64264B125DE535A182CB7B2B2C + 18: 4741D46F73F2A860F95751E7E14CC244 + 19: 13FDD4463084FEEB24F713DD9858E7F4 + 20: D3308382E65E588D576D970A792BAC61 + 21: 38E04BD5885FEA9E140F065F37DD09FC + 22: 5C309499657F24C1812FD8B926A419E2 + 23: D1FDB9E8AC245737DA836D68FA507736 + 24: F6924085988770FCC3BC9EEA8F72604E + 25: C72B261A79411F74D707C6B6F45823BD + 26: 2ED2333EBAC77F291FC6E844F2A7E42D + 27: CE0D3EF674917CEA5171F1A52EA62AAE + 28: 55EDEAC9F935ABEAF2956C8E83F3E447 + 29: 820B799CB66DC9763FFD9AB634D971EC + 30: E14B18AB25025BF5DF2C1A73C235AD8B + 31: DE9F394575B9F525A734F302F0DB0A42 + 32: 625ED3B09144ADFF57B6659BB2044FBE + diff --git a/omac_done.c b/omac_done.c index f065a1d..958ee3e 100644 --- a/omac_done.c +++ b/omac_done.c @@ -15,10 +15,12 @@ int omac_done(omac_state *state, unsigned char *out, unsigned long *outlen) { - int err, mode, x; + int err, mode; + unsigned x; - _ARGCHK(state != NULL); - _ARGCHK(out != NULL); + _ARGCHK(state != NULL); + _ARGCHK(out != NULL); + _ARGCHK(outlen != NULL); if ((err = cipher_is_valid(state->cipher_idx)) != CRYPT_OK) { return err; } @@ -43,7 +45,7 @@ int omac_done(omac_state *state, unsigned char *out, unsigned long *outlen) } /* now xor prev + Lu[mode] */ - for (x = 0; x < state->blklen; x++) { + for (x = 0; x < (unsigned)state->blklen; x++) { state->block[x] ^= state->prev[x] ^ state->Lu[mode][x]; } @@ -51,7 +53,7 @@ int omac_done(omac_state *state, unsigned char *out, unsigned long *outlen) cipher_descriptor[state->cipher_idx].ecb_encrypt(state->block, state->block, &state->key); /* output it */ - for (x = 0; x < state->blklen && (unsigned long)x < *outlen; x++) { + for (x = 0; x < (unsigned)state->blklen && x < *outlen; x++) { out[x] = state->block[x]; } *outlen = x; diff --git a/omac_test.c b/omac_test.c index 2d50d9a..e346073 100644 --- a/omac_test.c +++ b/omac_test.c @@ -65,7 +65,7 @@ int omac_test(void) }; unsigned char out[16]; - int x, y, err, idx; + int x, err, idx; unsigned long len; @@ -83,8 +83,11 @@ int omac_test(void) } if (memcmp(out, tests[x].tag, 16) != 0) { +#if 0 + int y; printf("\n\nTag: "); for (y = 0; y < 16; y++) printf("%02x", out[y]); printf("\n\n"); +#endif return CRYPT_FAIL_TESTVECTOR; } } diff --git a/pkcs_1_mgf1.c b/pkcs_1_mgf1.c index 3add990..8b2bf8b 100644 --- a/pkcs_1_mgf1.c +++ b/pkcs_1_mgf1.c @@ -56,7 +56,9 @@ int pkcs_1_mgf1(const unsigned char *seed, unsigned long seedlen, ++counter; /* get hash of seed || counter */ - hash_descriptor[hash_idx].init(md); + if ((err = hash_descriptor[hash_idx].init(md)) != CRYPT_OK) { + goto __ERR; + } if ((err = hash_descriptor[hash_idx].process(md, seed, seedlen)) != CRYPT_OK) { goto __ERR; } diff --git a/pkcs_1_pss_decode.c b/pkcs_1_pss_decode.c index ff01b76..564c90c 100644 --- a/pkcs_1_pss_decode.c +++ b/pkcs_1_pss_decode.c @@ -118,7 +118,9 @@ int pkcs_1_pss_decode(const unsigned char *msghash, unsigned long msghashlen, } /* M = (eight) 0x00 || msghash || salt, mask = H(M) */ - hash_descriptor[hash_idx].init(&md); + if ((err = hash_descriptor[hash_idx].init(&md)) != CRYPT_OK) { + goto __ERR; + } zeromem(mask, 8); if ((err = hash_descriptor[hash_idx].process(&md, mask, 8)) != CRYPT_OK) { goto __ERR; diff --git a/pkcs_1_pss_encode.c b/pkcs_1_pss_encode.c index 4ee1d51..43691fc 100644 --- a/pkcs_1_pss_encode.c +++ b/pkcs_1_pss_encode.c @@ -77,7 +77,9 @@ int pkcs_1_pss_encode(const unsigned char *msghash, unsigned long msghashlen, } /* M = (eight) 0x00 || msghash || salt, hash = H(M) */ - hash_descriptor[hash_idx].init(&md); + if ((err = hash_descriptor[hash_idx].init(&md)) != CRYPT_OK) { + goto __ERR; + } zeromem(DB, 8); if ((err = hash_descriptor[hash_idx].process(&md, DB, 8)) != CRYPT_OK) { goto __ERR; diff --git a/pkcs_5_1.c b/pkcs_5_1.c index b87f195..a98affa 100644 --- a/pkcs_5_1.c +++ b/pkcs_5_1.c @@ -47,7 +47,9 @@ int pkcs_5_alg1(const unsigned char *password, unsigned long password_len, } /* hash initial password + salt */ - hash_descriptor[hash_idx].init(md); + if ((err = hash_descriptor[hash_idx].init(md)) != CRYPT_OK) { + goto __ERR; + } if ((err = hash_descriptor[hash_idx].process(md, password, password_len)) != CRYPT_OK) { goto __ERR; } diff --git a/rmd128.c b/rmd128.c index 13a3135..f9351de 100644 --- a/rmd128.c +++ b/rmd128.c @@ -75,9 +75,9 @@ const struct _hash_descriptor rmd128_desc = (a) = ROL((a), (s)); #ifdef CLEAN_STACK -static void _rmd128_compress(hash_state *md, unsigned char *buf) +static int _rmd128_compress(hash_state *md, unsigned char *buf) #else -static void rmd128_compress(hash_state *md, unsigned char *buf) +static int rmd128_compress(hash_state *md, unsigned char *buf) #endif { ulong32 aa,bb,cc,dd,aaa,bbb,ccc,ddd,X[16]; @@ -244,17 +244,21 @@ static void rmd128_compress(hash_state *md, unsigned char *buf) md->rmd128.state[2] = md->rmd128.state[3] + aa + bbb; md->rmd128.state[3] = md->rmd128.state[0] + bb + ccc; md->rmd128.state[0] = ddd; + + return CRYPT_OK; } #ifdef CLEAN_STACK -static void rmd128_compress(hash_state *md, unsigned char *buf) +static int rmd128_compress(hash_state *md, unsigned char *buf) { - _rmd128_compress(md, buf); + int err; + err = _rmd128_compress(md, buf); burn_stack(sizeof(ulong32) * 24 + sizeof(int)); + return err; } #endif -void rmd128_init(hash_state * md) +int rmd128_init(hash_state * md) { _ARGCHK(md != NULL); md->rmd128.state[0] = 0x67452301UL; @@ -263,6 +267,7 @@ void rmd128_init(hash_state * md) md->rmd128.state[3] = 0x10325476UL; md->rmd128.curlen = 0; md->rmd128.length = 0; + return CRYPT_OK; } HASH_PROCESS(rmd128_process, rmd128_compress, rmd128, 64) diff --git a/rmd160.c b/rmd160.c index 6b49076..2079448 100644 --- a/rmd160.c +++ b/rmd160.c @@ -96,9 +96,9 @@ const struct _hash_descriptor rmd160_desc = #ifdef CLEAN_STACK -static void _rmd160_compress(hash_state *md, unsigned char *buf) +static int _rmd160_compress(hash_state *md, unsigned char *buf) #else -static void rmd160_compress(hash_state *md, unsigned char *buf) +static int rmd160_compress(hash_state *md, unsigned char *buf) #endif { ulong32 aa,bb,cc,dd,ee,aaa,bbb,ccc,ddd,eee,X[16]; @@ -303,17 +303,21 @@ static void rmd160_compress(hash_state *md, unsigned char *buf) md->rmd160.state[3] = md->rmd160.state[4] + aa + bbb; md->rmd160.state[4] = md->rmd160.state[0] + bb + ccc; md->rmd160.state[0] = ddd; + + return CRYPT_OK; } #ifdef CLEAN_STACK -static void rmd160_compress(hash_state *md, unsigned char *buf) +static int rmd160_compress(hash_state *md, unsigned char *buf) { - _rmd160_compress(md, buf); + int err; + err = _rmd160_compress(md, buf); burn_stack(sizeof(ulong32) * 26 + sizeof(int)); + return err; } #endif -void rmd160_init(hash_state * md) +int rmd160_init(hash_state * md) { _ARGCHK(md != NULL); md->rmd160.state[0] = 0x67452301UL; @@ -323,6 +327,7 @@ void rmd160_init(hash_state * md) md->rmd160.state[4] = 0xc3d2e1f0UL; md->rmd160.curlen = 0; md->rmd160.length = 0; + return CRYPT_OK; } HASH_PROCESS(rmd160_process, rmd160_compress, rmd160, 64) diff --git a/rsa_export.c b/rsa_export.c index a5c20c0..bee5cf6 100644 --- a/rsa_export.c +++ b/rsa_export.c @@ -13,60 +13,43 @@ #ifdef MRSA -/* Export an RSA key */ +/* This will export either an RSAPublicKey or RSAPrivateKey [defined in PKCS #1 v2.1] */ int rsa_export(unsigned char *out, unsigned long *outlen, int type, rsa_key *key) { - unsigned long y, z; int err; _ARGCHK(out != NULL); _ARGCHK(outlen != NULL); _ARGCHK(key != NULL); - - /* can we store the static header? */ - if (*outlen < (PACKET_SIZE + 1)) { - return CRYPT_BUFFER_OVERFLOW; - } /* type valid? */ - if (!(key->type == PK_PRIVATE || key->type == PK_PRIVATE_OPTIMIZED) && - (type == PK_PRIVATE || type == PK_PRIVATE_OPTIMIZED)) { + if (!(key->type == PK_PRIVATE) && (type == PK_PRIVATE)) { return CRYPT_PK_INVALID_TYPE; } + + if (type == PK_PRIVATE) { + /* private key */ + mp_int zero; - /* start at offset y=PACKET_SIZE */ - y = PACKET_SIZE; - - /* output key type */ - out[y++] = type; - - /* output modulus */ - OUTPUT_BIGNUM(&key->N, out, y, z); - - /* output public key */ - OUTPUT_BIGNUM(&key->e, out, y, z); - - if (type == PK_PRIVATE || type == PK_PRIVATE_OPTIMIZED) { - OUTPUT_BIGNUM(&key->d, out, y, z); + /* first INTEGER == 0 to signify two-prime RSA */ + if ((err = mp_init(&zero)) != MP_OKAY) { + return mpi_to_ltc_error(err); + } + + /* output is + Version, n, e, d, p, q, d mod (p-1), d mod (q - 1), 1/q mod p + */ + err = der_put_multi_integer(out, outlen, &zero, &key->N, &key->e, + &key->d, &key->p, &key->q, &key->dP, + &key->dQ, &key->qP, NULL); + + /* clear zero and return */ + mp_clear(&zero); + return err; + } else { + /* public key */ + return der_put_multi_integer(out, outlen, &key->N, &key->e, NULL); } - - if (type == PK_PRIVATE_OPTIMIZED) { - OUTPUT_BIGNUM(&key->dQ, out, y, z); - OUTPUT_BIGNUM(&key->dP, out, y, z); - OUTPUT_BIGNUM(&key->pQ, out, y, z); - OUTPUT_BIGNUM(&key->qP, out, y, z); - OUTPUT_BIGNUM(&key->p, out, y, z); - OUTPUT_BIGNUM(&key->q, out, y, z); - } - - /* store packet header */ - packet_store_header(out, PACKET_SECT_RSA, PACKET_SUB_KEY); - - /* copy to the user buffer */ - *outlen = y; - - /* clear stack and return */ - return CRYPT_OK; } #endif /* MRSA */ diff --git a/rsa_exptmod.c b/rsa_exptmod.c index e94fad7..2eebd86 100644 --- a/rsa_exptmod.c +++ b/rsa_exptmod.c @@ -35,7 +35,7 @@ int rsa_exptmod(const unsigned char *in, unsigned long inlen, } /* is the key of the right type for the operation? */ - if (which == PK_PRIVATE && (key->type != PK_PRIVATE && key->type != PK_PRIVATE_OPTIMIZED)) { + if (which == PK_PRIVATE && (key->type != PK_PRIVATE)) { return CRYPT_PK_NOT_PRIVATE; } @@ -45,7 +45,7 @@ int rsa_exptmod(const unsigned char *in, unsigned long inlen, } /* init and copy into tmp */ - if ((err = mp_init_multi(&tmp, &tmpa, &tmpb, NULL)) != MP_OKAY) { goto error; } + if ((err = mp_init_multi(&tmp, &tmpa, &tmpb, NULL)) != MP_OKAY) { return mpi_to_ltc_error(err); } if ((err = mp_read_unsigned_bin(&tmp, (unsigned char *)in, (int)inlen)) != MP_OKAY) { goto error; } /* sanity check on the input */ @@ -55,24 +55,23 @@ int rsa_exptmod(const unsigned char *in, unsigned long inlen, } /* are we using the private exponent and is the key optimized? */ - if (which == PK_PRIVATE && key->type == PK_PRIVATE_OPTIMIZED) { + if (which == PK_PRIVATE) { /* tmpa = tmp^dP mod p */ if ((err = tim_exptmod(prng, prng_idx, &tmp, &key->e, &key->dP, &key->p, &tmpa)) != MP_OKAY) { goto error; } /* tmpb = tmp^dQ mod q */ if ((err = tim_exptmod(prng, prng_idx, &tmp, &key->e, &key->dQ, &key->q, &tmpb)) != MP_OKAY) { goto error; } - /* tmp = tmpa*qP + tmpb*pQ mod N */ - if ((err = mp_mul(&tmpa, &key->qP, &tmpa)) != MP_OKAY) { goto error; } - if ((err = mp_mul(&tmpb, &key->pQ, &tmpb)) != MP_OKAY) { goto error; } - if ((err = mp_addmod(&tmpa, &tmpb, &key->N, &tmp)) != MP_OKAY) { goto error; } + /* tmp = (tmpa - tmpb) * qInv (mod p) */ + if ((err = mp_sub(&tmpa, &tmpb, &tmp)) != MP_OKAY) { goto error; } + if ((err = mp_mulmod(&tmp, &key->qP, &key->p, &tmp)) != MP_OKAY) { goto error; } + + /* tmp = tmpb + q * tmp */ + if ((err = mp_mul(&tmp, &key->q, &tmp)) != MP_OKAY) { goto error; } + if ((err = mp_add(&tmp, &tmpb, &tmp)) != MP_OKAY) { goto error; } } else { /* exptmod it */ - if (which == PK_PRIVATE) { - if ((err = tim_exptmod(prng, prng_idx, &tmp, &key->e, &key->d, &key->N, &tmp)) != MP_OKAY) { goto error; } - } else { - if ((err = mp_exptmod(&tmp, &key->e, &key->N, &tmp)) != MP_OKAY) { goto error; } - } + if ((err = mp_exptmod(&tmp, &key->e, &key->N, &tmp)) != MP_OKAY) { goto error; } } /* read it back */ diff --git a/rsa_free.c b/rsa_free.c index c97242b..4562788 100644 --- a/rsa_free.c +++ b/rsa_free.c @@ -18,7 +18,7 @@ void rsa_free(rsa_key *key) { _ARGCHK(key != NULL); mp_clear_multi(&key->e, &key->d, &key->N, &key->dQ, &key->dP, - &key->qP, &key->pQ, &key->p, &key->q, NULL); + &key->qP, &key->p, &key->q, NULL); } #endif diff --git a/rsa_import.c b/rsa_import.c index deffc38..02b4ca8 100644 --- a/rsa_import.c +++ b/rsa_import.c @@ -13,67 +13,55 @@ #ifdef MRSA +/* import an RSAPublicKey or RSAPrivateKey [two-prime only, defined in PKCS #1 v2.1] */ int rsa_import(const unsigned char *in, unsigned long inlen, rsa_key *key) { - unsigned long x, y; + unsigned long x; int err; _ARGCHK(in != NULL); _ARGCHK(key != NULL); - /* check length */ - if (inlen < (1+PACKET_SIZE)) { - return CRYPT_INVALID_PACKET; - } - - /* test packet header */ - if ((err = packet_valid_header((unsigned char *)in, PACKET_SECT_RSA, PACKET_SUB_KEY)) != CRYPT_OK) { - return err; - } - /* init key */ if ((err = mp_init_multi(&key->e, &key->d, &key->N, &key->dQ, &key->dP, &key->qP, - &key->pQ, &key->p, &key->q, NULL)) != MP_OKAY) { + &key->p, &key->q, NULL)) != MP_OKAY) { return mpi_to_ltc_error(err); } - /* get key type */ - y = PACKET_SIZE; - key->type = (int)in[y++]; - - /* load the modulus */ - INPUT_BIGNUM(&key->N, in, x, y, inlen); - - /* load public exponent */ - INPUT_BIGNUM(&key->e, in, x, y, inlen); - - /* get private exponent */ - if (key->type == PK_PRIVATE || key->type == PK_PRIVATE_OPTIMIZED) { - INPUT_BIGNUM(&key->d, in, x, y, inlen); + /* read first number, it's either N or 0 [0 == private key] */ + x = inlen; + if ((err = der_get_multi_integer(in, &x, &key->N, NULL)) != CRYPT_OK) { + goto __ERR; } - /* get CRT private data if required */ - if (key->type == PK_PRIVATE_OPTIMIZED) { - INPUT_BIGNUM(&key->dQ, in, x, y, inlen); - INPUT_BIGNUM(&key->dP, in, x, y, inlen); - INPUT_BIGNUM(&key->pQ, in, x, y, inlen); - INPUT_BIGNUM(&key->qP, in, x, y, inlen); - INPUT_BIGNUM(&key->p, in, x, y, inlen); - INPUT_BIGNUM(&key->q, in, x, y, inlen); - } + /* advance */ + inlen -= x; + in += x; - /* free up ram not required */ - if (key->type != PK_PRIVATE_OPTIMIZED) { - mp_clear_multi(&key->dQ, &key->dP, &key->pQ, &key->qP, &key->p, &key->q, NULL); - } - if (key->type != PK_PRIVATE && key->type != PK_PRIVATE_OPTIMIZED) { - mp_clear(&key->d); - } + if (mp_cmp_d(&key->N, 0) == MP_EQ) { + /* it's a private key */ + if ((err = der_get_multi_integer(in, &inlen, &key->N, &key->e, + &key->d, &key->p, &key->q, &key->dP, + &key->dQ, &key->qP, NULL)) != CRYPT_OK) { + goto __ERR; + } + key->type = PK_PRIVATE; + } else { + /* it's a public key and we lack e */ + if ((err = der_get_multi_integer(in, &inlen, &key->e, NULL)) != CRYPT_OK) { + goto __ERR; + } + + /* free up some ram */ + mp_clear_multi(&key->p, &key->q, &key->qP, &key->dP, &key->dQ, NULL); + + key->type = PK_PUBLIC; + } return CRYPT_OK; -error: +__ERR: mp_clear_multi(&key->d, &key->e, &key->N, &key->dQ, &key->dP, - &key->pQ, &key->qP, &key->p, &key->q, NULL); + &key->qP, &key->p, &key->q, NULL); return err; } diff --git a/rsa_make_key.c b/rsa_make_key.c index ded68cf..fc95450 100644 --- a/rsa_make_key.c +++ b/rsa_make_key.c @@ -61,7 +61,7 @@ int rsa_make_key(prng_state *prng, int wprng, int size, long e, rsa_key *key) /* make key */ if ((err = mp_init_multi(&key->e, &key->d, &key->N, &key->dQ, &key->dP, - &key->qP, &key->pQ, &key->p, &key->q, NULL)) != MP_OKAY) { + &key->qP, &key->p, &key->q, NULL)) != MP_OKAY) { goto error; } @@ -73,15 +73,9 @@ int rsa_make_key(prng_state *prng, int wprng, int size, long e, rsa_key *key) /* find d mod q-1 and d mod p-1 */ if ((err = mp_sub_d(&p, 1, &tmp1)) != MP_OKAY) { goto error2; } /* tmp1 = q-1 */ if ((err = mp_sub_d(&q, 1, &tmp2)) != MP_OKAY) { goto error2; } /* tmp2 = p-1 */ - if ((err = mp_mod(&key->d, &tmp1, &key->dP)) != MP_OKAY) { goto error2; } /* dP = d mod p-1 */ if ((err = mp_mod(&key->d, &tmp2, &key->dQ)) != MP_OKAY) { goto error2; } /* dQ = d mod q-1 */ - if ((err = mp_invmod(&q, &p, &key->qP)) != MP_OKAY) { goto error2; } /* qP = 1/q mod p */ - if ((err = mp_mulmod(&key->qP, &q, &key->N, &key->qP)) != MP_OKAY) { goto error2; } /* qP = q * (1/q mod p) mod N */ - - if ((err = mp_invmod(&p, &q, &key->pQ)) != MP_OKAY) { goto error2; } /* pQ = 1/p mod q */ - if ((err = mp_mulmod(&key->pQ, &p, &key->N, &key->pQ)) != MP_OKAY) { goto error2; } /* pQ = p * (1/p mod q) mod N */ if ((err = mp_copy(&p, &key->p)) != MP_OKAY) { goto error2; } if ((err = mp_copy(&q, &key->q)) != MP_OKAY) { goto error2; } @@ -93,19 +87,18 @@ int rsa_make_key(prng_state *prng, int wprng, int size, long e, rsa_key *key) if ((err = mp_shrink(&key->dQ)) != MP_OKAY) { goto error2; } if ((err = mp_shrink(&key->dP)) != MP_OKAY) { goto error2; } if ((err = mp_shrink(&key->qP)) != MP_OKAY) { goto error2; } - if ((err = mp_shrink(&key->pQ)) != MP_OKAY) { goto error2; } if ((err = mp_shrink(&key->p)) != MP_OKAY) { goto error2; } if ((err = mp_shrink(&key->q)) != MP_OKAY) { goto error2; } /* set key type (in this case it's CRT optimized) */ - key->type = PK_PRIVATE_OPTIMIZED; + key->type = PK_PRIVATE; /* return ok and free temps */ err = CRYPT_OK; goto done; error2: mp_clear_multi(&key->d, &key->e, &key->N, &key->dQ, &key->dP, - &key->qP, &key->pQ, &key->p, &key->q, NULL); + &key->qP, &key->p, &key->q, NULL); error: err = mpi_to_ltc_error(err); done: diff --git a/sha1.c b/sha1.c index 77700f6..d6e57c3 100644 --- a/sha1.c +++ b/sha1.c @@ -38,9 +38,9 @@ const struct _hash_descriptor sha1_desc = #define F3(x,y,z) (x ^ y ^ z) #ifdef CLEAN_STACK -static void _sha1_compress(hash_state *md, unsigned char *buf) +static int _sha1_compress(hash_state *md, unsigned char *buf) #else -static void sha1_compress(hash_state *md, unsigned char *buf) +static int sha1_compress(hash_state *md, unsigned char *buf) #endif { ulong32 a,b,c,d,e,W[80],i; @@ -139,17 +139,21 @@ static void sha1_compress(hash_state *md, unsigned char *buf) md->sha1.state[2] = md->sha1.state[2] + c; md->sha1.state[3] = md->sha1.state[3] + d; md->sha1.state[4] = md->sha1.state[4] + e; + + return CRYPT_OK; } #ifdef CLEAN_STACK -static void sha1_compress(hash_state *md, unsigned char *buf) +static int sha1_compress(hash_state *md, unsigned char *buf) { - _sha1_compress(md, buf); + int err; + err = _sha1_compress(md, buf); burn_stack(sizeof(ulong32) * 87); + return err; } #endif -void sha1_init(hash_state * md) +int sha1_init(hash_state * md) { _ARGCHK(md != NULL); md->sha1.state[0] = 0x67452301UL; @@ -159,6 +163,7 @@ void sha1_init(hash_state * md) md->sha1.state[4] = 0xc3d2e1f0UL; md->sha1.curlen = 0; md->sha1.length = 0; + return CRYPT_OK; } HASH_PROCESS(sha1_process, sha1_compress, sha1, 64) diff --git a/sha224.c b/sha224.c index fb9f09e..2b25ff0 100644 --- a/sha224.c +++ b/sha224.c @@ -28,7 +28,7 @@ const struct _hash_descriptor sha224_desc = }; /* init the sha256 er... sha224 state ;-) */ -void sha224_init(hash_state * md) +int sha224_init(hash_state * md) { _ARGCHK(md != NULL); @@ -42,6 +42,7 @@ void sha224_init(hash_state * md) md->sha256.state[5] = 0x68581511UL; md->sha256.state[6] = 0x64f98fa7UL; md->sha256.state[7] = 0xbefa4fa4UL; + return CRYPT_OK; } int sha224_done(hash_state * md, unsigned char *hash) diff --git a/sha256.c b/sha256.c index 02bce05..b918e3f 100644 --- a/sha256.c +++ b/sha256.c @@ -66,9 +66,9 @@ static const unsigned long K[64] = { /* compress 512-bits */ #ifdef CLEAN_STACK -static void _sha256_compress(hash_state * md, unsigned char *buf) +static int _sha256_compress(hash_state * md, unsigned char *buf) #else -static void sha256_compress(hash_state * md, unsigned char *buf) +static int sha256_compress(hash_state * md, unsigned char *buf) #endif { ulong32 S[8], W[64], t0, t1; @@ -185,19 +185,21 @@ static void sha256_compress(hash_state * md, unsigned char *buf) for (i = 0; i < 8; i++) { md->sha256.state[i] = md->sha256.state[i] + S[i]; } - + return CRYPT_OK; } #ifdef CLEAN_STACK -static void sha256_compress(hash_state * md, unsigned char *buf) +static int sha256_compress(hash_state * md, unsigned char *buf) { - _sha256_compress(md, buf); + int err; + err = _sha256_compress(md, buf); burn_stack(sizeof(ulong32) * 74); + return err; } #endif /* init the sha256 state */ -void sha256_init(hash_state * md) +int sha256_init(hash_state * md) { _ARGCHK(md != NULL); @@ -211,6 +213,7 @@ void sha256_init(hash_state * md) md->sha256.state[5] = 0x9B05688CUL; md->sha256.state[6] = 0x1F83D9ABUL; md->sha256.state[7] = 0x5BE0CD19UL; + return CRYPT_OK; } HASH_PROCESS(sha256_process, sha256_compress, sha256, 64) diff --git a/sha384.c b/sha384.c index d771fc8..190e8ca 100644 --- a/sha384.c +++ b/sha384.c @@ -30,7 +30,7 @@ const struct _hash_descriptor sha384_desc = &sha384_test }; -void sha384_init(hash_state * md) +int sha384_init(hash_state * md) { _ARGCHK(md != NULL); @@ -44,6 +44,7 @@ void sha384_init(hash_state * md) md->sha512.state[5] = CONST64(0x8eb44a8768581511); md->sha512.state[6] = CONST64(0xdb0c2e0d64f98fa7); md->sha512.state[7] = CONST64(0x47b5481dbefa4fa4); + return CRYPT_OK; } int sha384_done(hash_state * md, unsigned char *hash) diff --git a/sha512.c b/sha512.c index 9b5ddad..baf27cf 100644 --- a/sha512.c +++ b/sha512.c @@ -90,9 +90,9 @@ CONST64(0x5fcb6fab3ad6faec), CONST64(0x6c44198c4a475817) /* compress 1024-bits */ #ifdef CLEAN_STACK -static void _sha512_compress(hash_state * md, unsigned char *buf) +static int _sha512_compress(hash_state * md, unsigned char *buf) #else -static void sha512_compress(hash_state * md, unsigned char *buf) +static int sha512_compress(hash_state * md, unsigned char *buf) #endif { ulong64 S[8], W[80], t0, t1; @@ -151,22 +151,25 @@ static void sha512_compress(hash_state * md, unsigned char *buf) for (i = 0; i < 8; i++) { md->sha512.state[i] = md->sha512.state[i] + S[i]; } + + return CRYPT_OK; } /* compress 1024-bits */ #ifdef CLEAN_STACK -static void sha512_compress(hash_state * md, unsigned char *buf) +static int sha512_compress(hash_state * md, unsigned char *buf) { - _sha512_compress(md, buf); + int err; + err = _sha512_compress(md, buf); burn_stack(sizeof(ulong64) * 90 + sizeof(int)); + return err; } #endif /* init the sha512 state */ -void sha512_init(hash_state * md) +int sha512_init(hash_state * md) { _ARGCHK(md != NULL); - md->sha512.curlen = 0; md->sha512.length = 0; md->sha512.state[0] = CONST64(0x6a09e667f3bcc908); @@ -177,6 +180,7 @@ void sha512_init(hash_state * md) md->sha512.state[5] = CONST64(0x9b05688c2b3e6c1f); md->sha512.state[6] = CONST64(0x1f83d9abfb41bd6b); md->sha512.state[7] = CONST64(0x5be0cd19137e2179); + return CRYPT_OK; } HASH_PROCESS(sha512_process, sha512_compress, sha512, 128) diff --git a/sober128.c b/sober128.c index dee7471..bc00748 100644 --- a/sober128.c +++ b/sober128.c @@ -438,7 +438,7 @@ int sober128_test(void) } return CRYPT_OK; #endif -}; +} #endif diff --git a/tiger.c b/tiger.c index 06eb384..3235953 100644 --- a/tiger.c +++ b/tiger.c @@ -606,9 +606,9 @@ static void key_schedule(ulong64 *x) } #ifdef CLEAN_STACK -static void _tiger_compress(hash_state *md, unsigned char *buf) +static int _tiger_compress(hash_state *md, unsigned char *buf) #else -static void tiger_compress(hash_state *md, unsigned char *buf) +static int tiger_compress(hash_state *md, unsigned char *buf) #endif { ulong64 a, b, c, x[8]; @@ -632,17 +632,21 @@ static void tiger_compress(hash_state *md, unsigned char *buf) md->tiger.state[0] = a ^ md->tiger.state[0]; md->tiger.state[1] = b - md->tiger.state[1]; md->tiger.state[2] = c + md->tiger.state[2]; + + return CRYPT_OK; } #ifdef CLEAN_STACK -static void tiger_compress(hash_state *md, unsigned char *buf) +static int tiger_compress(hash_state *md, unsigned char *buf) { - _tiger_compress(md, buf); + int err; + err = _tiger_compress(md, buf); burn_stack(sizeof(ulong64) * 11 + sizeof(unsigned long)); + return err; } #endif -void tiger_init(hash_state *md) +int tiger_init(hash_state *md) { _ARGCHK(md != NULL); md->tiger.state[0] = CONST64(0x0123456789ABCDEF); @@ -650,6 +654,7 @@ void tiger_init(hash_state *md) md->tiger.state[2] = CONST64(0xF096A5B4C3B2E187); md->tiger.curlen = 0; md->tiger.length = 0; + return CRYPT_OK; } HASH_PROCESS(tiger_process, tiger_compress, tiger, 64) diff --git a/tommath_class.h b/tommath_class.h new file mode 100644 index 0000000..c94e8e0 --- /dev/null +++ b/tommath_class.h @@ -0,0 +1,955 @@ +#if !(defined(LTM1) && defined(LTM2) && defined(LTM3)) +#if defined(LTM2) +#define LTM3 +#endif +#if defined(LTM1) +#define LTM2 +#endif +#define LTM1 + +#if defined(LTM_ALL) +#define BN_ERROR_C +#define BN_FAST_MP_INVMOD_C +#define BN_FAST_MP_MONTGOMERY_REDUCE_C +#define BN_FAST_S_MP_MUL_DIGS_C +#define BN_FAST_S_MP_MUL_HIGH_DIGS_C +#define BN_FAST_S_MP_SQR_C +#define BN_MP_2EXPT_C +#define BN_MP_ABS_C +#define BN_MP_ADD_C +#define BN_MP_ADD_D_C +#define BN_MP_ADDMOD_C +#define BN_MP_AND_C +#define BN_MP_CLAMP_C +#define BN_MP_CLEAR_C +#define BN_MP_CLEAR_MULTI_C +#define BN_MP_CMP_C +#define BN_MP_CMP_D_C +#define BN_MP_CMP_MAG_C +#define BN_MP_CNT_LSB_C +#define BN_MP_COPY_C +#define BN_MP_COUNT_BITS_C +#define BN_MP_DIV_C +#define BN_MP_DIV_2_C +#define BN_MP_DIV_2D_C +#define BN_MP_DIV_3_C +#define BN_MP_DIV_D_C +#define BN_MP_DR_IS_MODULUS_C +#define BN_MP_DR_REDUCE_C +#define BN_MP_DR_SETUP_C +#define BN_MP_EXCH_C +#define BN_MP_EXPT_D_C +#define BN_MP_EXPTMOD_C +#define BN_MP_EXPTMOD_FAST_C +#define BN_MP_EXTEUCLID_C +#define BN_MP_FREAD_C +#define BN_MP_FWRITE_C +#define BN_MP_GCD_C +#define BN_MP_GET_INT_C +#define BN_MP_GROW_C +#define BN_MP_INIT_C +#define BN_MP_INIT_COPY_C +#define BN_MP_INIT_MULTI_C +#define BN_MP_INIT_SET_C +#define BN_MP_INIT_SET_INT_C +#define BN_MP_INIT_SIZE_C +#define BN_MP_INVMOD_C +#define BN_MP_INVMOD_SLOW_C +#define BN_MP_IS_SQUARE_C +#define BN_MP_JACOBI_C +#define BN_MP_KARATSUBA_MUL_C +#define BN_MP_KARATSUBA_SQR_C +#define BN_MP_LCM_C +#define BN_MP_LSHD_C +#define BN_MP_MOD_C +#define BN_MP_MOD_2D_C +#define BN_MP_MOD_D_C +#define BN_MP_MONTGOMERY_CALC_NORMALIZATION_C +#define BN_MP_MONTGOMERY_REDUCE_C +#define BN_MP_MONTGOMERY_SETUP_C +#define BN_MP_MUL_C +#define BN_MP_MUL_2_C +#define BN_MP_MUL_2D_C +#define BN_MP_MUL_D_C +#define BN_MP_MULMOD_C +#define BN_MP_N_ROOT_C +#define BN_MP_NEG_C +#define BN_MP_OR_C +#define BN_MP_PRIME_FERMAT_C +#define BN_MP_PRIME_IS_DIVISIBLE_C +#define BN_MP_PRIME_IS_PRIME_C +#define BN_MP_PRIME_MILLER_RABIN_C +#define BN_MP_PRIME_NEXT_PRIME_C +#define BN_MP_PRIME_RABIN_MILLER_TRIALS_C +#define BN_MP_PRIME_RANDOM_EX_C +#define BN_MP_RADIX_SIZE_C +#define BN_MP_RADIX_SMAP_C +#define BN_MP_RAND_C +#define BN_MP_READ_RADIX_C +#define BN_MP_READ_SIGNED_BIN_C +#define BN_MP_READ_UNSIGNED_BIN_C +#define BN_MP_REDUCE_C +#define BN_MP_REDUCE_2K_C +#define BN_MP_REDUCE_2K_SETUP_C +#define BN_MP_REDUCE_IS_2K_C +#define BN_MP_REDUCE_SETUP_C +#define BN_MP_RSHD_C +#define BN_MP_SET_C +#define BN_MP_SET_INT_C +#define BN_MP_SHRINK_C +#define BN_MP_SIGNED_BIN_SIZE_C +#define BN_MP_SQR_C +#define BN_MP_SQRMOD_C +#define BN_MP_SQRT_C +#define BN_MP_SUB_C +#define BN_MP_SUB_D_C +#define BN_MP_SUBMOD_C +#define BN_MP_TO_SIGNED_BIN_C +#define BN_MP_TO_UNSIGNED_BIN_C +#define BN_MP_TOOM_MUL_C +#define BN_MP_TOOM_SQR_C +#define BN_MP_TORADIX_C +#define BN_MP_TORADIX_N_C +#define BN_MP_UNSIGNED_BIN_SIZE_C +#define BN_MP_XOR_C +#define BN_MP_ZERO_C +#define BN_PRIME_TAB_C +#define BN_REVERSE_C +#define BN_S_MP_ADD_C +#define BN_S_MP_EXPTMOD_C +#define BN_S_MP_MUL_DIGS_C +#define BN_S_MP_MUL_HIGH_DIGS_C +#define BN_S_MP_SQR_C +#define BN_S_MP_SUB_C +#define BNCORE_C +#endif + +#if defined(BN_ERROR_C) + #define BN_MP_ERROR_TO_STRING_C +#endif + +#if defined(BN_FAST_MP_INVMOD_C) + #define BN_MP_ISEVEN_C + #define BN_MP_INIT_MULTI_C + #define BN_MP_COPY_C + #define BN_MP_ABS_C + #define BN_MP_SET_C + #define BN_MP_DIV_2_C + #define BN_MP_ISODD_C + #define BN_MP_SUB_C + #define BN_MP_CMP_C + #define BN_MP_ISZERO_C + #define BN_MP_CMP_D_C + #define BN_MP_ADD_C + #define BN_MP_EXCH_C + #define BN_MP_CLEAR_MULTI_C +#endif + +#if defined(BN_FAST_MP_MONTGOMERY_REDUCE_C) + #define BN_MP_MONTGOMERY_REDUCE_C + #define BN_MP_GROW_C + #define BN_MP_RSHD_C + #define BN_MP_CLAMP_C + #define BN_MP_CMP_MAG_C + #define BN_S_MP_SUB_C +#endif + +#if defined(BN_FAST_S_MP_MUL_DIGS_C) + #define BN_MP_GROW_C + #define BN_MP_CLAMP_C +#endif + +#if defined(BN_FAST_S_MP_MUL_HIGH_DIGS_C) + #define BN_FAST_S_MP_MUL_DIGS_C + #define BN_MP_GROW_C + #define BN_MP_CLAMP_C +#endif + +#if defined(BN_FAST_S_MP_SQR_C) + #define BN_MP_GROW_C + #define BN_MP_CLAMP_C +#endif + +#if defined(BN_MP_2EXPT_C) + #define BN_MP_ZERO_C + #define BN_MP_GROW_C +#endif + +#if defined(BN_MP_ABS_C) + #define BN_MP_COPY_C +#endif + +#if defined(BN_MP_ADD_C) + #define BN_S_MP_ADD_C + #define BN_MP_CMP_MAG_C + #define BN_S_MP_SUB_C +#endif + +#if defined(BN_MP_ADD_D_C) + #define BN_MP_GROW_C + #define BN_MP_SUB_D_C + #define BN_MP_CLAMP_C +#endif + +#if defined(BN_MP_ADDMOD_C) + #define BN_MP_INIT_C + #define BN_MP_ADD_C + #define BN_MP_CLEAR_C + #define BN_MP_MOD_C +#endif + +#if defined(BN_MP_AND_C) + #define BN_MP_INIT_COPY_C + #define BN_MP_CLAMP_C + #define BN_MP_EXCH_C + #define BN_MP_CLEAR_C +#endif + +#if defined(BN_MP_CLAMP_C) +#endif + +#if defined(BN_MP_CLEAR_C) +#endif + +#if defined(BN_MP_CLEAR_MULTI_C) + #define BN_MP_CLEAR_C +#endif + +#if defined(BN_MP_CMP_C) + #define BN_MP_CMP_MAG_C +#endif + +#if defined(BN_MP_CMP_D_C) +#endif + +#if defined(BN_MP_CMP_MAG_C) +#endif + +#if defined(BN_MP_CNT_LSB_C) + #define BN_MP_ISZERO_C +#endif + +#if defined(BN_MP_COPY_C) + #define BN_MP_GROW_C +#endif + +#if defined(BN_MP_COUNT_BITS_C) +#endif + +#if defined(BN_MP_DIV_C) + #define BN_MP_ISZERO_C + #define BN_MP_CMP_MAG_C + #define BN_MP_COPY_C + #define BN_MP_ZERO_C + #define BN_MP_INIT_MULTI_C + #define BN_MP_SET_C + #define BN_MP_COUNT_BITS_C + #define BN_MP_MUL_2D_C + #define BN_MP_CMP_C + #define BN_MP_SUB_C + #define BN_MP_ADD_C + #define BN_MP_DIV_2D_C + #define BN_MP_EXCH_C + #define BN_MP_CLEAR_MULTI_C + #define BN_MP_INIT_SIZE_C + #define BN_MP_INIT_C + #define BN_MP_INIT_COPY_C + #define BN_MP_LSHD_C + #define BN_MP_RSHD_C + #define BN_MP_MUL_D_C + #define BN_MP_CLAMP_C + #define BN_MP_CLEAR_C +#endif + +#if defined(BN_MP_DIV_2_C) + #define BN_MP_GROW_C + #define BN_MP_CLAMP_C +#endif + +#if defined(BN_MP_DIV_2D_C) + #define BN_MP_COPY_C + #define BN_MP_ZERO_C + #define BN_MP_INIT_C + #define BN_MP_MOD_2D_C + #define BN_MP_CLEAR_C + #define BN_MP_RSHD_C + #define BN_MP_CLAMP_C + #define BN_MP_EXCH_C +#endif + +#if defined(BN_MP_DIV_3_C) + #define BN_MP_INIT_SIZE_C + #define BN_MP_CLAMP_C + #define BN_MP_EXCH_C + #define BN_MP_CLEAR_C +#endif + +#if defined(BN_MP_DIV_D_C) + #define BN_MP_ISZERO_C + #define BN_MP_COPY_C + #define BN_MP_DIV_2D_C + #define BN_MP_DIV_3_C + #define BN_MP_INIT_SIZE_C + #define BN_MP_CLAMP_C + #define BN_MP_EXCH_C + #define BN_MP_CLEAR_C +#endif + +#if defined(BN_MP_DR_IS_MODULUS_C) +#endif + +#if defined(BN_MP_DR_REDUCE_C) + #define BN_MP_GROW_C + #define BN_MP_CLAMP_C + #define BN_MP_CMP_MAG_C + #define BN_S_MP_SUB_C +#endif + +#if defined(BN_MP_DR_SETUP_C) +#endif + +#if defined(BN_MP_EXCH_C) +#endif + +#if defined(BN_MP_EXPT_D_C) + #define BN_MP_INIT_COPY_C + #define BN_MP_SET_C + #define BN_MP_SQR_C + #define BN_MP_CLEAR_C + #define BN_MP_MUL_C +#endif + +#if defined(BN_MP_EXPTMOD_C) + #define BN_MP_INIT_C + #define BN_MP_INVMOD_C + #define BN_MP_CLEAR_C + #define BN_MP_ABS_C + #define BN_MP_CLEAR_MULTI_C + #define BN_MP_DR_IS_MODULUS_C + #define BN_MP_REDUCE_IS_2K_C + #define BN_MP_ISODD_C + #define BN_MP_EXPTMOD_FAST_C + #define BN_S_MP_EXPTMOD_C +#endif + +#if defined(BN_MP_EXPTMOD_FAST_C) + #define BN_MP_COUNT_BITS_C + #define BN_MP_INIT_C + #define BN_MP_CLEAR_C + #define BN_MP_MONTGOMERY_SETUP_C + #define BN_FAST_MP_MONTGOMERY_REDUCE_C + #define BN_MP_MONTGOMERY_REDUCE_C + #define BN_MP_DR_SETUP_C + #define BN_MP_DR_REDUCE_C + #define BN_MP_REDUCE_2K_SETUP_C + #define BN_MP_REDUCE_2K_C + #define BN_MP_MONTGOMERY_CALC_NORMALIZATION_C + #define BN_MP_MULMOD_C + #define BN_MP_SET_C + #define BN_MP_MOD_C + #define BN_MP_COPY_C + #define BN_MP_SQR_C + #define BN_MP_MUL_C + #define BN_MP_EXCH_C +#endif + +#if defined(BN_MP_EXTEUCLID_C) + #define BN_MP_INIT_MULTI_C + #define BN_MP_SET_C + #define BN_MP_COPY_C + #define BN_MP_ISZERO_C + #define BN_MP_DIV_C + #define BN_MP_MUL_C + #define BN_MP_SUB_C + #define BN_MP_EXCH_C + #define BN_MP_CLEAR_MULTI_C +#endif + +#if defined(BN_MP_FREAD_C) + #define BN_MP_ZERO_C + #define BN_MP_S_RMAP_C + #define BN_MP_MUL_D_C + #define BN_MP_ADD_D_C + #define BN_MP_CMP_D_C +#endif + +#if defined(BN_MP_FWRITE_C) + #define BN_MP_RADIX_SIZE_C + #define BN_MP_TORADIX_C +#endif + +#if defined(BN_MP_GCD_C) + #define BN_MP_ISZERO_C + #define BN_MP_ABS_C + #define BN_MP_ZERO_C + #define BN_MP_INIT_COPY_C + #define BN_MP_CNT_LSB_C + #define BN_MP_DIV_2D_C + #define BN_MP_CMP_MAG_C + #define BN_MP_EXCH_C + #define BN_S_MP_SUB_C + #define BN_MP_MUL_2D_C + #define BN_MP_CLEAR_C +#endif + +#if defined(BN_MP_GET_INT_C) +#endif + +#if defined(BN_MP_GROW_C) +#endif + +#if defined(BN_MP_INIT_C) +#endif + +#if defined(BN_MP_INIT_COPY_C) + #define BN_MP_COPY_C +#endif + +#if defined(BN_MP_INIT_MULTI_C) + #define BN_MP_ERR_C + #define BN_MP_INIT_C + #define BN_MP_CLEAR_C +#endif + +#if defined(BN_MP_INIT_SET_C) + #define BN_MP_INIT_C + #define BN_MP_SET_C +#endif + +#if defined(BN_MP_INIT_SET_INT_C) + #define BN_MP_INIT_C + #define BN_MP_SET_INT_C +#endif + +#if defined(BN_MP_INIT_SIZE_C) + #define BN_MP_INIT_C +#endif + +#if defined(BN_MP_INVMOD_C) + #define BN_MP_ISZERO_C + #define BN_MP_ISODD_C + #define BN_FAST_MP_INVMOD_C + #define BN_MP_INVMOD_SLOW_C +#endif + +#if defined(BN_MP_INVMOD_SLOW_C) + #define BN_MP_ISZERO_C + #define BN_MP_INIT_MULTI_C + #define BN_MP_COPY_C + #define BN_MP_ISEVEN_C + #define BN_MP_SET_C + #define BN_MP_DIV_2_C + #define BN_MP_ISODD_C + #define BN_MP_ADD_C + #define BN_MP_SUB_C + #define BN_MP_CMP_C + #define BN_MP_CMP_D_C + #define BN_MP_CMP_MAG_C + #define BN_MP_EXCH_C + #define BN_MP_CLEAR_MULTI_C +#endif + +#if defined(BN_MP_IS_SQUARE_C) + #define BN_MP_MOD_D_C + #define BN_MP_INIT_SET_INT_C + #define BN_MP_MOD_C + #define BN_MP_GET_INT_C + #define BN_MP_SQRT_C + #define BN_MP_SQR_C + #define BN_MP_CMP_MAG_C + #define BN_MP_CLEAR_C +#endif + +#if defined(BN_MP_JACOBI_C) + #define BN_MP_CMP_D_C + #define BN_MP_ISZERO_C + #define BN_MP_INIT_COPY_C + #define BN_MP_CNT_LSB_C + #define BN_MP_DIV_2D_C + #define BN_MP_MOD_C + #define BN_MP_CLEAR_C +#endif + +#if defined(BN_MP_KARATSUBA_MUL_C) + #define BN_MP_MUL_C + #define BN_MP_INIT_SIZE_C + #define BN_MP_CLAMP_C + #define BN_MP_SUB_C + #define BN_MP_ADD_C + #define BN_MP_LSHD_C + #define BN_MP_CLEAR_C +#endif + +#if defined(BN_MP_KARATSUBA_SQR_C) + #define BN_MP_KARATSUBA_MUL_C + #define BN_MP_INIT_SIZE_C + #define BN_MP_CLAMP_C + #define BN_MP_SQR_C + #define BN_MP_SUB_C + #define BN_S_MP_ADD_C + #define BN_MP_LSHD_C + #define BN_MP_ADD_C + #define BN_MP_CLEAR_C +#endif + +#if defined(BN_MP_LCM_C) + #define BN_MP_INIT_MULTI_C + #define BN_MP_GCD_C + #define BN_MP_CMP_MAG_C + #define BN_MP_DIV_C + #define BN_MP_MUL_C + #define BN_MP_CLEAR_MULTI_C +#endif + +#if defined(BN_MP_LSHD_C) + #define BN_MP_GROW_C + #define BN_MP_RSHD_C +#endif + +#if defined(BN_MP_MOD_C) + #define BN_MP_INIT_C + #define BN_MP_DIV_C + #define BN_MP_CLEAR_C + #define BN_MP_ADD_C + #define BN_MP_EXCH_C +#endif + +#if defined(BN_MP_MOD_2D_C) + #define BN_MP_ZERO_C + #define BN_MP_COPY_C + #define BN_MP_CLAMP_C +#endif + +#if defined(BN_MP_MOD_D_C) + #define BN_MP_DIV_D_C +#endif + +#if defined(BN_MP_MONTGOMERY_CALC_NORMALIZATION_C) + #define BN_MP_COUNT_BITS_C + #define BN_MP_2EXPT_C + #define BN_MP_SET_C + #define BN_MP_MUL_2_C + #define BN_MP_CMP_MAG_C + #define BN_S_MP_SUB_C +#endif + +#if defined(BN_MP_MONTGOMERY_REDUCE_C) + #define BN_MP_MUL_C + #define BN_FAST_MP_MONTGOMERY_REDUCE_C + #define BN_MP_GROW_C + #define BN_MP_MONTGOMERY_SETUP_C + #define BN_MP_CLAMP_C + #define BN_MP_RSHD_C + #define BN_MP_CMP_MAG_C + #define BN_S_MP_SUB_C +#endif + +#if defined(BN_MP_MONTGOMERY_SETUP_C) +#endif + +#if defined(BN_MP_MUL_C) + #define BN_MP_TOOM_MUL_C + #define BN_MP_KARATSUBA_MUL_C + #define BN_FAST_S_MP_MUL_DIGS_C + #define BN_S_MP_MUL_C + #define BN_S_MP_MUL_DIGS_C +#endif + +#if defined(BN_MP_MUL_2_C) + #define BN_MP_GROW_C +#endif + +#if defined(BN_MP_MUL_2D_C) + #define BN_MP_COPY_C + #define BN_MP_GROW_C + #define BN_MP_LSHD_C + #define BN_MP_CLAMP_C +#endif + +#if defined(BN_MP_MUL_D_C) + #define BN_MP_GROW_C + #define BN_MP_CLAMP_C +#endif + +#if defined(BN_MP_MULMOD_C) + #define BN_MP_INIT_C + #define BN_MP_MUL_C + #define BN_MP_CLEAR_C + #define BN_MP_MOD_C +#endif + +#if defined(BN_MP_N_ROOT_C) + #define BN_MP_INIT_C + #define BN_MP_SET_C + #define BN_MP_COPY_C + #define BN_MP_EXPT_D_C + #define BN_MP_MUL_C + #define BN_MP_SUB_C + #define BN_MP_MUL_D_C + #define BN_MP_DIV_C + #define BN_MP_CMP_C + #define BN_MP_SUB_D_C + #define BN_MP_EXCH_C + #define BN_MP_CLEAR_C +#endif + +#if defined(BN_MP_NEG_C) + #define BN_MP_COPY_C + #define BN_MP_ISZERO_C +#endif + +#if defined(BN_MP_OR_C) + #define BN_MP_INIT_COPY_C + #define BN_MP_CLAMP_C + #define BN_MP_EXCH_C + #define BN_MP_CLEAR_C +#endif + +#if defined(BN_MP_PRIME_FERMAT_C) + #define BN_MP_CMP_D_C + #define BN_MP_INIT_C + #define BN_MP_EXPTMOD_C + #define BN_MP_CMP_C + #define BN_MP_CLEAR_C +#endif + +#if defined(BN_MP_PRIME_IS_DIVISIBLE_C) + #define BN_MP_MOD_D_C +#endif + +#if defined(BN_MP_PRIME_IS_PRIME_C) + #define BN_MP_CMP_D_C + #define BN_MP_PRIME_IS_DIVISIBLE_C + #define BN_MP_INIT_C + #define BN_MP_SET_C + #define BN_MP_PRIME_MILLER_RABIN_C + #define BN_MP_CLEAR_C +#endif + +#if defined(BN_MP_PRIME_MILLER_RABIN_C) + #define BN_MP_CMP_D_C + #define BN_MP_INIT_COPY_C + #define BN_MP_SUB_D_C + #define BN_MP_CNT_LSB_C + #define BN_MP_DIV_2D_C + #define BN_MP_EXPTMOD_C + #define BN_MP_CMP_C + #define BN_MP_SQRMOD_C + #define BN_MP_CLEAR_C +#endif + +#if defined(BN_MP_PRIME_NEXT_PRIME_C) + #define BN_MP_CMP_D_C + #define BN_MP_SET_C + #define BN_MP_SUB_D_C + #define BN_MP_ISEVEN_C + #define BN_MP_MOD_D_C + #define BN_MP_INIT_C + #define BN_MP_ADD_D_C + #define BN_MP_PRIME_MILLER_RABIN_C + #define BN_MP_CLEAR_C +#endif + +#if defined(BN_MP_PRIME_RABIN_MILLER_TRIALS_C) +#endif + +#if defined(BN_MP_PRIME_RANDOM_EX_C) + #define BN_MP_READ_UNSIGNED_BIN_C + #define BN_MP_PRIME_IS_PRIME_C + #define BN_MP_SUB_D_C + #define BN_MP_DIV_2_C + #define BN_MP_MUL_2_C + #define BN_MP_ADD_D_C +#endif + +#if defined(BN_MP_RADIX_SIZE_C) + #define BN_MP_COUNT_BITS_C + #define BN_MP_INIT_COPY_C + #define BN_MP_ISZERO_C + #define BN_MP_DIV_D_C + #define BN_MP_CLEAR_C +#endif + +#if defined(BN_MP_RADIX_SMAP_C) + #define BN_MP_S_RMAP_C +#endif + +#if defined(BN_MP_RAND_C) + #define BN_MP_ZERO_C + #define BN_MP_ADD_D_C + #define BN_MP_LSHD_C +#endif + +#if defined(BN_MP_READ_RADIX_C) + #define BN_MP_ZERO_C + #define BN_MP_S_RMAP_C + #define BN_MP_MUL_D_C + #define BN_MP_ADD_D_C + #define BN_MP_ISZERO_C +#endif + +#if defined(BN_MP_READ_SIGNED_BIN_C) + #define BN_MP_READ_UNSIGNED_BIN_C +#endif + +#if defined(BN_MP_READ_UNSIGNED_BIN_C) + #define BN_MP_GROW_C + #define BN_MP_ZERO_C + #define BN_MP_MUL_2D_C + #define BN_MP_CLAMP_C +#endif + +#if defined(BN_MP_REDUCE_C) + #define BN_MP_REDUCE_SETUP_C + #define BN_MP_INIT_COPY_C + #define BN_MP_RSHD_C + #define BN_MP_MUL_C + #define BN_S_MP_MUL_HIGH_DIGS_C + #define BN_MP_MOD_2D_C + #define BN_S_MP_MUL_DIGS_C + #define BN_MP_SUB_C + #define BN_MP_CMP_D_C + #define BN_MP_SET_C + #define BN_MP_LSHD_C + #define BN_MP_ADD_C + #define BN_MP_CMP_C + #define BN_S_MP_SUB_C + #define BN_MP_CLEAR_C +#endif + +#if defined(BN_MP_REDUCE_2K_C) + #define BN_MP_INIT_C + #define BN_MP_COUNT_BITS_C + #define BN_MP_DIV_2D_C + #define BN_MP_MUL_D_C + #define BN_S_MP_ADD_C + #define BN_MP_CMP_MAG_C + #define BN_S_MP_SUB_C + #define BN_MP_CLEAR_C +#endif + +#if defined(BN_MP_REDUCE_2K_SETUP_C) + #define BN_MP_INIT_C + #define BN_MP_COUNT_BITS_C + #define BN_MP_2EXPT_C + #define BN_MP_CLEAR_C + #define BN_S_MP_SUB_C +#endif + +#if defined(BN_MP_REDUCE_IS_2K_C) + #define BN_MP_REDUCE_2K_C + #define BN_MP_COUNT_BITS_C +#endif + +#if defined(BN_MP_REDUCE_SETUP_C) + #define BN_MP_2EXPT_C + #define BN_MP_DIV_C +#endif + +#if defined(BN_MP_RSHD_C) + #define BN_MP_ZERO_C +#endif + +#if defined(BN_MP_SET_C) + #define BN_MP_ZERO_C +#endif + +#if defined(BN_MP_SET_INT_C) + #define BN_MP_ZERO_C + #define BN_MP_MUL_2D_C + #define BN_MP_CLAMP_C +#endif + +#if defined(BN_MP_SHRINK_C) +#endif + +#if defined(BN_MP_SIGNED_BIN_SIZE_C) + #define BN_MP_UNSIGNED_BIN_SIZE_C +#endif + +#if defined(BN_MP_SQR_C) + #define BN_MP_TOOM_SQR_C + #define BN_MP_KARATSUBA_SQR_C + #define BN_FAST_S_MP_SQR_C + #define BN_S_MP_SQR_C +#endif + +#if defined(BN_MP_SQRMOD_C) + #define BN_MP_INIT_C + #define BN_MP_SQR_C + #define BN_MP_CLEAR_C + #define BN_MP_MOD_C +#endif + +#if defined(BN_MP_SQRT_C) + #define BN_MP_N_ROOT_C + #define BN_MP_ISZERO_C + #define BN_MP_ZERO_C + #define BN_MP_INIT_COPY_C + #define BN_MP_RSHD_C + #define BN_MP_DIV_C + #define BN_MP_ADD_C + #define BN_MP_DIV_2_C + #define BN_MP_CMP_MAG_C + #define BN_MP_EXCH_C + #define BN_MP_CLEAR_C +#endif + +#if defined(BN_MP_SUB_C) + #define BN_S_MP_ADD_C + #define BN_MP_CMP_MAG_C + #define BN_S_MP_SUB_C +#endif + +#if defined(BN_MP_SUB_D_C) + #define BN_MP_GROW_C + #define BN_MP_ADD_D_C + #define BN_MP_CLAMP_C +#endif + +#if defined(BN_MP_SUBMOD_C) + #define BN_MP_INIT_C + #define BN_MP_SUB_C + #define BN_MP_CLEAR_C + #define BN_MP_MOD_C +#endif + +#if defined(BN_MP_TO_SIGNED_BIN_C) + #define BN_MP_TO_UNSIGNED_BIN_C +#endif + +#if defined(BN_MP_TO_UNSIGNED_BIN_C) + #define BN_MP_INIT_COPY_C + #define BN_MP_ISZERO_C + #define BN_MP_DIV_2D_C + #define BN_MP_CLEAR_C +#endif + +#if defined(BN_MP_TOOM_MUL_C) + #define BN_MP_INIT_MULTI_C + #define BN_MP_MOD_2D_C + #define BN_MP_COPY_C + #define BN_MP_RSHD_C + #define BN_MP_MUL_C + #define BN_MP_MUL_2_C + #define BN_MP_ADD_C + #define BN_MP_SUB_C + #define BN_MP_DIV_2_C + #define BN_MP_MUL_2D_C + #define BN_MP_MUL_D_C + #define BN_MP_DIV_3_C + #define BN_MP_LSHD_C + #define BN_MP_CLEAR_MULTI_C +#endif + +#if defined(BN_MP_TOOM_SQR_C) + #define BN_MP_INIT_MULTI_C + #define BN_MP_MOD_2D_C + #define BN_MP_COPY_C + #define BN_MP_RSHD_C + #define BN_MP_SQR_C + #define BN_MP_MUL_2_C + #define BN_MP_ADD_C + #define BN_MP_SUB_C + #define BN_MP_DIV_2_C + #define BN_MP_MUL_2D_C + #define BN_MP_MUL_D_C + #define BN_MP_DIV_3_C + #define BN_MP_LSHD_C + #define BN_MP_CLEAR_MULTI_C +#endif + +#if defined(BN_MP_TORADIX_C) + #define BN_MP_ISZERO_C + #define BN_MP_INIT_COPY_C + #define BN_MP_DIV_D_C + #define BN_MP_CLEAR_C + #define BN_MP_S_RMAP_C +#endif + +#if defined(BN_MP_TORADIX_N_C) + #define BN_MP_ISZERO_C + #define BN_MP_INIT_COPY_C + #define BN_MP_DIV_D_C + #define BN_MP_CLEAR_C + #define BN_MP_S_RMAP_C +#endif + +#if defined(BN_MP_UNSIGNED_BIN_SIZE_C) + #define BN_MP_COUNT_BITS_C +#endif + +#if defined(BN_MP_XOR_C) + #define BN_MP_INIT_COPY_C + #define BN_MP_CLAMP_C + #define BN_MP_EXCH_C + #define BN_MP_CLEAR_C +#endif + +#if defined(BN_MP_ZERO_C) +#endif + +#if defined(BN_PRIME_TAB_C) +#endif + +#if defined(BN_REVERSE_C) +#endif + +#if defined(BN_S_MP_ADD_C) + #define BN_MP_GROW_C + #define BN_MP_CLAMP_C +#endif + +#if defined(BN_S_MP_EXPTMOD_C) + #define BN_MP_COUNT_BITS_C + #define BN_MP_INIT_C + #define BN_MP_CLEAR_C + #define BN_MP_REDUCE_SETUP_C + #define BN_MP_MOD_C + #define BN_MP_COPY_C + #define BN_MP_SQR_C + #define BN_MP_REDUCE_C + #define BN_MP_MUL_C + #define BN_MP_SET_C + #define BN_MP_EXCH_C +#endif + +#if defined(BN_S_MP_MUL_DIGS_C) + #define BN_FAST_S_MP_MUL_DIGS_C + #define BN_MP_INIT_SIZE_C + #define BN_MP_CLAMP_C + #define BN_MP_EXCH_C + #define BN_MP_CLEAR_C +#endif + +#if defined(BN_S_MP_MUL_HIGH_DIGS_C) + #define BN_FAST_S_MP_MUL_HIGH_DIGS_C + #define BN_MP_INIT_SIZE_C + #define BN_MP_CLAMP_C + #define BN_MP_EXCH_C + #define BN_MP_CLEAR_C +#endif + +#if defined(BN_S_MP_SQR_C) + #define BN_MP_INIT_SIZE_C + #define BN_MP_CLAMP_C + #define BN_MP_EXCH_C + #define BN_MP_CLEAR_C +#endif + +#if defined(BN_S_MP_SUB_C) + #define BN_MP_GROW_C + #define BN_MP_CLAMP_C +#endif + +#if defined(BNCORE_C) +#endif + +#ifdef LTM3 +#define LTM_LAST +#endif +#include +#include +#else +#define LTM_LAST +#endif diff --git a/tommath_superclass.h b/tommath_superclass.h new file mode 100644 index 0000000..043b224 --- /dev/null +++ b/tommath_superclass.h @@ -0,0 +1,70 @@ +/* super class file for PK algos */ + +/* default ... include all MPI */ +#define LTM_ALL + +/* RSA only (does not support DH/DSA/ECC) */ +// #define SC_RSA_1 + +/* For reference.... On an Athlon64 optimizing for speed... + LTM's mpi.o with all functions [striped] is 142KiB in size. +*/ + +/* Works for RSA only, mpi.o is 68KiB */ +#ifdef SC_RSA_1 + #define BN_MP_SHRINK_C + #define BN_MP_LCM_C + #define BN_MP_PRIME_RANDOM_EX_C + #define BN_MP_INVMOD_C + #define BN_MP_GCD_C + #define BN_MP_MOD_C + #define BN_MP_MULMOD_C + #define BN_MP_ADDMOD_C + #define BN_MP_EXPTMOD_C + #define BN_MP_SET_INT_C + #define BN_MP_INIT_MULTI_C + #define BN_MP_CLEAR_MULTI_C + #define BN_MP_UNSIGNED_BIN_SIZE_C + #define BN_MP_TO_UNSIGNED_BIN_C + #define BN_MP_MOD_D_C + #define BN_MP_PRIME_RABIN_MILLER_TRIALS_C + #define BN_REVERSE_C + #define BN_PRIME_TAB_C + + /* other modifiers */ +// #define BN_MP_DIV_SMALL /* Slower division, not critical (currently buggy?) */ + + /* here we are on the last pass so we turn things off. The functions classes are still there + * but we remove them specifically from the build. This also invokes tweaks in functions + * like removing support for even moduli, etc... + */ +#ifdef LTM_LAST + #undef BN_MP_TOOM_MUL_C + #undef BN_MP_TOOM_SQR_C + #undef BN_MP_KARATSUBA_MUL_C + #undef BN_MP_KARATSUBA_SQR_C + #undef BN_MP_REDUCE_C + #undef BN_MP_REDUCE_SETUP_C + #undef BN_MP_DR_IS_MODULUS_C + #undef BN_MP_DR_SETUP_C + #undef BN_MP_DR_REDUCE_C + #undef BN_MP_REDUCE_IS_2K_C + #undef BN_MP_REDUCE_2K_SETUP_C + #undef BN_MP_REDUCE_2K_C + #undef BN_S_MP_EXPTMOD_C + #undef BN_MP_DIV_3_C + #undef BN_S_MP_MUL_HIGH_DIGS_C + #undef BN_FAST_S_MP_MUL_HIGH_DIGS_C + #undef BN_FAST_MP_INVMOD_C + + /* To safely undefine these you have to make sure your RSA key won't exceed the Comba threshold + * which is roughly 255 digits [7140 bits for 32-bit machines, 15300 bits for 64-bit machines] + * which means roughly speaking you can handle upto 2536-bit RSA keys with these defined without + * trouble. + */ + #undef BN_S_MP_MUL_DIGS_C + #undef BN_S_MP_SQR_C + #undef BN_MP_MONTGOMERY_REDUCE_C +#endif + +#endif diff --git a/whirl.c b/whirl.c index 5233c47..8135b93 100644 --- a/whirl.c +++ b/whirl.c @@ -50,9 +50,9 @@ const struct _hash_descriptor whirlpool_desc = SB7(GB(a, i-7, 0)) #ifdef CLEAN_STACK -static void _whirlpool_compress(hash_state *md, unsigned char *buf) +static int _whirlpool_compress(hash_state *md, unsigned char *buf) #else -static void whirlpool_compress(hash_state *md, unsigned char *buf) +static int whirlpool_compress(hash_state *md, unsigned char *buf) #endif { ulong64 K[2][8], T[3][8]; @@ -90,7 +90,7 @@ static void whirlpool_compress(hash_state *md, unsigned char *buf) /* xor the constant */ K[0][0] ^= cont[x+1]; - /* apply main transform to T[0] into T[1] */ + /* apply main transform to T[1] into T[0] */ for (y = 0; y < 8; y++) { T[0][y] = theta_pi_gamma(T[1], y) ^ K[0][y]; } @@ -100,22 +100,27 @@ static void whirlpool_compress(hash_state *md, unsigned char *buf) for (x = 0; x < 8; x++) { md->whirlpool.state[x] ^= T[0][x] ^ T[2][x]; } + + return CRYPT_OK; } #ifdef CLEAN_STACK -static void whirlpool_compress(hash_state *md, unsigned char *buf) +static int whirlpool_compress(hash_state *md, unsigned char *buf) { - _whirlpool_compress(md, buf); + int err; + err = _whirlpool_compress(md, buf); burn_stack((5 * 8 * sizeof(ulong64)) + (2 * sizeof(int))); + return err; } #endif -void whirlpool_init(hash_state * md) +int whirlpool_init(hash_state * md) { _ARGCHK(md != NULL); zeromem(&md->whirlpool, sizeof(md->whirlpool)); + return CRYPT_OK; } HASH_PROCESS(whirlpool_process, whirlpool_compress, whirlpool, 64) diff --git a/yarrow.c b/yarrow.c index 5b48bee..333892e 100644 --- a/yarrow.c +++ b/yarrow.c @@ -65,7 +65,7 @@ int yarrow_start(prng_state *prng) prng->yarrow.cipher = register_cipher(&safer_sk128_desc); #elif defined(DES) prng->yarrow.cipher = register_cipher(&des3_desc); -#elif +#else #error YARROW needs at least one CIPHER #endif if ((err = cipher_is_valid(prng->yarrow.cipher)) != CRYPT_OK) { @@ -118,7 +118,9 @@ int yarrow_add_entropy(const unsigned char *buf, unsigned long len, prng_state * } /* start the hash */ - hash_descriptor[prng->yarrow.hash].init(&md); + if ((err = hash_descriptor[prng->yarrow.hash].init(&md)) != CRYPT_OK) { + return err; + } /* hash the current pool */ if ((err = hash_descriptor[prng->yarrow.hash].process(&md, prng->yarrow.pool,