TeaSpeak/tomcrypt
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

added libtomcrypt-0.89

Browse Source
This commit is contained in:
Tom St Denis 2003-07-16 17:43:06 +00:00 committed by Steffen Jaeckel
parent bd479d2bc1
commit 710106cda5
15 changed files with 1509 additions and 1515 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
bits.c
View File

@ -1,6 +1,4 @@
/* portable way to get secure random bits to feed a PRNG */
#include <fcntl.h>
#include <unistd.h>
#include "mycrypt.h"
#ifdef DEVRANDOM
@ -11,20 +9,26 @@ static unsigned long rng_nix(unsigned char *buf, unsigned long len,
#ifdef NO_FILE
return 0;
#else
int src;
FILE *f;
unsigned long x;
#ifdef TRY_URANDOM_FIRST
src = open("/dev/urandom", O_RDONLY);
if (src == -1)
f = fopen("/dev/urandom", "rb");
if (f == NULL)
#endif /* TRY_URANDOM_FIRST */
src = open("/dev/random", O_RDONLY);
f = fopen("/dev/random", "rb");
if (src == -1) {
if (f == NULL) {
return 0;
}
x = (unsigned long)read(src, buf, (size_t)len);
close(src);
/* disable buffering */
if (setvbuf(f, NULL, _IONBF, 0) != 0) {
fclose(f);
return 0;
}
x = (unsigned long)fread(buf, 1, (size_t)len, f);
fclose(f);
return x;
#endif /* NO_FILE */
}

8
changes
View File

@ -1,3 +1,11 @@
July 15th, 2003
v0.89 -- Fix a bug in bits.c which would prevent it from building with msvc
-- Merged in LibTomMath v0.24 [and I used the alloc/free macros this time!]
-- Removed the LTC version of next_prime() and replaced it with a call to the
mp_prime_next_prime() from LibTomMath
-- reverted bits.c to the 0.86 copy since the new one doesn't build in MSVC
or cygwin.
Jul 10th, 2003
v0.88 -- Sped up CAST5 key schedule for MSVC
-- added "ulong32" which allows people on 64-bit platforms to force the 32-bit tables in

6
crypt.c
View File

@ -519,9 +519,9 @@ const char *crypt_build_settings =
#if defined(TRY_UNRANDOM_FIRST)
" TRY_UNRANDOM_FIRST "
#endif
#if defined(SMALL_PRIME_TAB)
" SMALL_PRIME_TAB "
#endif
#if defined(LTC_TEST)
" LTC_TEST "
#endif
"\n"
"\n\n\n"

2177
crypt.pdf
View File

File diff suppressed because it is too large Load Diff

2
crypt.tex
View File

@ -47,7 +47,7 @@
\def\gap{\vspace{0.5ex}}
\makeindex
\begin{document}
\title{A Tiny Crypto Library, \\ LibTomCrypt \\ Version 0.88}
\title{A Tiny Crypto Library, \\ LibTomCrypt \\ Version 0.89}
\author{Tom St Denis \\
Algonquin College \\
\\

6
dh.c
View File

@ -14,7 +14,7 @@ static const struct {
"2",
"1tH+dRFGpEYyVLe4ydZcYyGDpeAxnChz0yk+pNCtkEXwUsOORyguBtx8spUD"
"FAjEDS8PutUBTEu2q4USqu19dUbCLj9D2jY7y3871RnSccurMBsMm35ILcyQ"
"rpN0MQKc/"
"rpN0MQKc/"
},
#endif
#ifdef DH1024
@ -465,7 +465,7 @@ int dh_shared_secret(dh_key *private_key, dh_key *public_key,
}
if (mp_read_radix(&p, (char *)sets[private_key->idx].prime, 64) != MP_OKAY) { goto error; }
if (mp_exptmod(&public_key->y, &private_key->x, &p, &tmp) != MP_OKAY) { goto error; }
if (mp_exptmod(&public_key->y, &private_key->x, &p, &tmp) != MP_OKAY) { goto error; }
/* enough space for output? */
x = (unsigned long)mp_unsigned_bin_size(&tmp);
@ -473,7 +473,7 @@ int dh_shared_secret(dh_key *private_key, dh_key *public_key,
res = CRYPT_BUFFER_OVERFLOW;
goto done;
}
if (mp_to_unsigned_bin(&tmp, out) != MP_OKAY) { goto error; }
if (mp_to_unsigned_bin(&tmp, out) != MP_OKAY) { goto error; }
*outlen = x;
res = CRYPT_OK;
goto done;

2
makefile
View File

@ -9,7 +9,7 @@
# a build. This is easy to remedy though, for those that have problems.
# The version
VERSION=0.88
VERSION=0.89
#ch1-01-1
# Compiler and Linker Names

2
makefile.msvc
View File

@ -1,8 +1,6 @@
#MSVC Makefile [tested with MSVC 6.00 with SP5]
#
#Tom St Denis
# note optimizations are turned off because it causes a bug in aes.c that cannot be rectified [right away]
CFLAGS = /I. /Ox /DWIN32 /W3
default: library

653
mpi.c
View File

@ -217,7 +217,7 @@ fast_mp_montgomery_reduce (mp_int * x, mp_int * n, mp_digit rho)
* that W[ix-1] have the carry cleared (see after the inner loop)
*/
register mp_digit mu;
mu = MULT(W[ix] & MP_MASK, rho) & MP_MASK;
mu = ((W[ix] & MP_MASK) * rho) & MP_MASK;
/* a = a + mu * m * b**i
*
@ -246,7 +246,7 @@ fast_mp_montgomery_reduce (mp_int * x, mp_int * n, mp_digit rho)
/* inner loop */
for (iy = 0; iy < n->used; iy++) {
*_W++ += MULT(mu, *tmpn++);
*_W++ += ((mp_word)mu) * ((mp_word)*tmpn++);
}
}
@ -254,7 +254,6 @@ fast_mp_montgomery_reduce (mp_int * x, mp_int * n, mp_digit rho)
W[ix + 1] += W[ix] >> ((mp_word) DIGIT_BIT);
}
{
register mp_digit *tmpx;
register mp_word *_W, *_W1;
@ -384,7 +383,7 @@ fast_s_mp_mul_digs (mp_int * a, mp_int * b, mp_int * c, int digs)
pb = MIN (b->used, digs - ix);
for (iy = 0; iy < pb; iy++) {
*_W++ += MULT(tmpx, *tmpy++);
*_W++ += ((mp_word)tmpx) * ((mp_word)*tmpy++);
}
}
@ -407,20 +406,27 @@ fast_s_mp_mul_digs (mp_int * a, mp_int * b, mp_int * c, int digs)
* from N*(N+N*c)==N**2 + c*N**2 to N**2 + N*c where c is the
* cost of the shifting. On very small numbers this is slower
* but on most cryptographic size numbers it is faster.
*
* In this particular implementation we feed the carries from
* behind which means when the loop terminates we still have one
* last digit to copy
*/
tmpc = c->dp;
for (ix = 1; ix < digs; ix++) {
/* forward the carry from the previous temp */
W[ix] += (W[ix - 1] >> ((mp_word) DIGIT_BIT));
/* now extract the previous digit [below the carry] */
*tmpc++ = (mp_digit) (W[ix - 1] & ((mp_word) MP_MASK));
}
/* fetch the last digit */
*tmpc++ = (mp_digit) (W[digs - 1] & ((mp_word) MP_MASK));
/* clear unused */
/* clear unused digits [that existed in the old copy of c] */
for (; ix < olduse; ix++) {
*tmpc++ = 0;
}
}
mp_clamp (c);
return MP_OKAY;
}
@ -501,7 +507,7 @@ fast_s_mp_mul_high_digs (mp_int * a, mp_int * b, mp_int * c, int digs)
/* compute column products for digits above the minimum */
for (; iy < pb; iy++) {
*_W++ += MULT(tmpx, *tmpy++);
*_W++ += ((mp_word) tmpx) * ((mp_word)*tmpy++);
}
}
}
@ -510,12 +516,15 @@ fast_s_mp_mul_high_digs (mp_int * a, mp_int * b, mp_int * c, int digs)
oldused = c->used;
c->used = newused;
/* now convert the array W downto what we need */
/* now convert the array W downto what we need
*
* See comments in bn_fast_s_mp_mul_digs.c
*/
for (ix = digs + 1; ix < newused; ix++) {
W[ix] += (W[ix - 1] >> ((mp_word) DIGIT_BIT));
c->dp[ix - 1] = (mp_digit) (W[ix - 1] & ((mp_word) MP_MASK));
}
c->dp[(pa + pb + 1) - 1] = (mp_digit) (W[(pa + pb + 1) - 1] & ((mp_word) MP_MASK));
c->dp[newused - 1] = (mp_digit) (W[newused - 1] & ((mp_word) MP_MASK));
for (; ix < oldused; ix++) {
c->dp[ix] = 0;
@ -597,7 +606,7 @@ fast_s_mp_sqr (mp_int * a, mp_int * b)
* for a particular column only once which means that
* there is no need todo a double precision addition
*/
W2[ix + ix] = MULT(a->dp[ix], a->dp[ix]);
W2[ix + ix] = ((mp_word)a->dp[ix]) * ((mp_word)a->dp[ix]);
{
register mp_digit tmpx, *tmpy;
@ -615,7 +624,7 @@ fast_s_mp_sqr (mp_int * a, mp_int * b)
/* inner products */
for (iy = ix + 1; iy < pa; iy++) {
*_W++ += MULT(tmpx, *tmpy++);
*_W++ += ((mp_word)tmpx) * ((mp_word)*tmpy++);
}
}
}
@ -805,19 +814,88 @@ mp_add (mp_int * a, mp_int * b, mp_int * c)
int
mp_add_d (mp_int * a, mp_digit b, mp_int * c)
{
mp_int t;
int res;
int res, ix, oldused;
mp_digit *tmpa, *tmpc, mu;
if ((res = mp_init_size(&t, 1)) != MP_OKAY) {
return res;
/* grow c as required */
if (c->alloc < a->used + 1) {
if ((res = mp_grow(c, a->used + 1)) != MP_OKAY) {
return res;
}
}
mp_set (&t, b);
res = mp_add (a, &t, c);
mp_clear (&t);
return res;
/* if a is negative and |a| >= b, call c = |a| - b */
if (a->sign == MP_NEG && (a->used > 1 || a->dp[0] >= b)) {
/* temporarily fix sign of a */
a->sign = MP_ZPOS;
/* c = |a| - b */
res = mp_sub_d(a, b, c);
/* fix sign */
a->sign = c->sign = MP_NEG;
return res;
}
/* old number of used digits in c */
oldused = c->used;
/* sign always positive */
c->sign = MP_ZPOS;
/* source alias */
tmpa = a->dp;
/* destination alias */
tmpc = c->dp;
/* if a is positive */
if (a->sign == MP_ZPOS) {
/* setup size */
c->used = a->used + 1;
/* add digit, after this we're propagating
* the carry.
*/
*tmpc = *tmpa++ + b;
mu = *tmpc >> DIGIT_BIT;
*tmpc++ &= MP_MASK;
/* now handle rest of the digits */
for (ix = 1; ix < a->used; ix++) {
*tmpc = *tmpa++ + mu;
mu = *tmpc >> DIGIT_BIT;
*tmpc++ &= MP_MASK;
}
/* set final carry */
ix++;
*tmpc++ = mu;
} else {
/* a was negative and |a| < b */
c->used = 1;
/* the result is a single digit */
*tmpc++ = b - a->dp[0];
/* setup count so the clearing of oldused
* can fall through correctly
*/
ix = 1;
}
/* now zero to oldused */
while (ix++ < oldused) {
*tmpc++ = 0;
}
mp_clamp(c);
return MP_OKAY;
}
/* End: bn_mp_add_d.c */
/* Start: bn_mp_addmod.c */
@ -958,7 +1036,7 @@ mp_clamp (mp_int * a)
* integer arithmetic as well as number theoretic functionality.
*
* The library is designed directly after the MPI library by
* Michael Fromberger but has been written from scratch with
* Michael Fromberger but has been written from scratch with
* additional optimizations in place.
*
* The library is free for all purposes without any express
@ -973,15 +1051,14 @@ void
mp_clear (mp_int * a)
{
if (a->dp != NULL) {
/* first zero the digits */
memset (a->dp, 0, sizeof (mp_digit) * a->used);
/* free ram */
free (a->dp);
XFREE (a->dp);
/* reset members to make debugging easier */
a->dp = NULL;
a->dp = NULL;
a->alloc = a->used = 0;
}
}
@ -1725,6 +1802,19 @@ mp_div_3 (mp_int * a, mp_int *c, mp_digit * d)
*/
#include <tommath.h>
static int s_is_power_of_two(mp_digit b, int *p)
{
int x;
for (x = 1; x < DIGIT_BIT; x++) {
if (b == (((mp_digit)1)<<x)) {
*p = x;
return 1;
}
}
return 0;
}
/* single digit division (based on routine from MPI) */
int
mp_div_d (mp_int * a, mp_digit b, mp_int * c, mp_digit * d)
@ -1733,15 +1823,40 @@ mp_div_d (mp_int * a, mp_digit b, mp_int * c, mp_digit * d)
mp_word w;
mp_digit t;
int res, ix;
/* cannot divide by zero */
if (b == 0) {
return MP_VAL;
}
/* quick outs */
if (b == 1 || mp_iszero(a) == 1) {
if (d != NULL) {
*d = 0;
}
if (c != NULL) {
return mp_copy(a, c);
}
return MP_OKAY;
}
/* power of two ? */
if (s_is_power_of_two(b, &ix) == 1) {
if (d != NULL) {
*d = a->dp[0] & ((1<<ix) - 1);
}
if (c != NULL) {
return mp_div_2d(a, ix, c, NULL);
}
return MP_OKAY;
}
/* three? */
if (b == 3) {
return mp_div_3(a, c, d);
}
/* no easy answer [c'est la vie]. Just division */
if ((res = mp_init_size(&q, a->used)) != MP_OKAY) {
return res;
}
@ -1877,7 +1992,7 @@ top:
/* compute (x mod B**m) + mp * [x/B**m] inline and inplace */
for (i = 0; i < m; i++) {
r = MULT(*tmpx2++, k) + *tmpx1 + mu;
r = ((mp_word)*tmpx2++) * ((mp_word)k) + *tmpx1 + mu;
*tmpx1++ = (mp_digit)(r & MP_MASK);
mu = (mp_digit)(r >> ((mp_word)DIGIT_BIT));
}
@ -2476,24 +2591,24 @@ int mp_fwrite(mp_int *a, int radix, FILE *stream)
return MP_VAL;
}
buf = malloc(len);
buf = XMALLOC(len);
if (buf == NULL) {
return MP_MEM;
}
if ((err = mp_toradix(a, buf, radix)) != MP_OKAY) {
free(buf);
XFREE(buf);
return err;
}
for (x = 0; x < len; x++) {
if (fputc(buf[x], stream) == EOF) {
free(buf);
XFREE(buf);
return MP_VAL;
}
}
free(buf);
XFREE(buf);
return MP_OKAY;
}
@ -2532,7 +2647,7 @@ mp_gcd (mp_int * a, mp_int * b, mp_int * c)
return mp_copy (a, c);
}
if (mp_iszero (a) == 1 && mp_iszero (b) == 1) {
mp_set (c, 1);
mp_zero(c);
return MP_OKAY;
}
@ -2631,7 +2746,7 @@ mp_grow (mp_int * a, int size)
/* ensure there are always at least MP_PREC digits extra on top */
size += (MP_PREC * 2) - (size & (MP_PREC - 1));
a->dp = OPT_CAST realloc (a->dp, sizeof (mp_digit) * size);
a->dp = OPT_CAST XREALLOC (a->dp, sizeof (mp_digit) * size);
if (a->dp == NULL) {
return MP_MEM;
}
@ -3666,7 +3781,7 @@ mp_montgomery_reduce (mp_int * x, mp_int * n, mp_digit rho)
for (ix = 0; ix < n->used; ix++) {
/* mu = ai * m' mod b */
mu = MULT(x->dp[ix], rho) & MP_MASK;
mu = ((mp_word)x->dp[ix]) * ((mp_word)rho) & MP_MASK;
/* a = a + mu * m * b**i */
{
@ -3683,7 +3798,7 @@ mp_montgomery_reduce (mp_int * x, mp_int * n, mp_digit rho)
/* Multiply and add in place */
for (iy = 0; iy < n->used; iy++) {
r = MULT(mu, *tmpn++) +
r = ((mp_word)mu) * ((mp_word)*tmpn++) +
((mp_word) u) + ((mp_word) * tmpx);
u = (mp_digit)(r >> ((mp_word) DIGIT_BIT));
*tmpx++ = (mp_digit)(r & ((mp_word) MP_MASK));
@ -4039,7 +4154,7 @@ mp_mul_d (mp_int * a, mp_digit b, mp_int * c)
u = 0;
for (ix = 0; ix < pa; ix++) {
/* compute product and carry sum for this term */
r = ((mp_word) u) + MULT(*tmpa++, b);
r = ((mp_word) u) + ((mp_word)*tmpa++) * ((mp_word)b);
/* mask off higher bits to get a single digit */
*tmpc++ = (mp_digit) (r & ((mp_word) MP_MASK));
@ -4415,6 +4530,11 @@ mp_prime_fermat (mp_int * a, mp_int * b, int *result)
/* default to fail */
*result = 0;
/* ensure b > 1 */
if (mp_cmp_d(b, 1) != MP_GT) {
return MP_VAL;
}
/* init t */
if ((err = mp_init (&t)) != MP_OKAY) {
return err;
@ -4506,7 +4626,7 @@ mp_prime_is_divisible (mp_int * a, int *result)
/* performs a variable number of rounds of Miller-Rabin
*
* Probability of error after t rounds is no more than
* (1/4)^t when 1 <= t <= 256
* (1/4)^t when 1 <= t <= PRIME_SIZE
*
* Sets result to 1 if probably prime, 0 otherwise
*/
@ -4520,7 +4640,7 @@ mp_prime_is_prime (mp_int * a, int t, int *result)
*result = 0;
/* valid value of t? */
if (t < 1 || t > PRIME_SIZE) {
if (t <= 0 || t > PRIME_SIZE) {
return MP_VAL;
}
@ -4536,6 +4656,8 @@ mp_prime_is_prime (mp_int * a, int t, int *result)
if ((err = mp_prime_is_divisible (a, &res)) != MP_OKAY) {
return err;
}
/* return if it was trivially divisible */
if (res == 1) {
return MP_OKAY;
}
@ -4599,6 +4721,11 @@ mp_prime_miller_rabin (mp_int * a, mp_int * b, int *result)
/* default */
*result = 0;
/* ensure b > 1 */
if (mp_cmp_d(b, 1) != MP_GT) {
return MP_VAL;
}
/* get n1 = a - 1 */
if ((err = mp_init_copy (&n1, a)) != MP_OKAY) {
return err;
@ -4611,8 +4738,13 @@ mp_prime_miller_rabin (mp_int * a, mp_int * b, int *result)
if ((err = mp_init_copy (&r, &n1)) != MP_OKAY) {
goto __N1;
}
/* count the number of least significant bits
* which are zero
*/
s = mp_cnt_lsb(&r);
/* now divide n - 1 by 2**s */
if ((err = mp_div_2d (&r, s, &r, NULL)) != MP_OKAY) {
goto __R;
}
@ -4677,40 +4809,152 @@ __N1:mp_clear (&n1);
/* finds the next prime after the number "a" using "t" trials
* of Miller-Rabin.
*
* bbs_style = 1 means the prime must be congruent to 3 mod 4
*/
int mp_prime_next_prime(mp_int *a, int t)
int mp_prime_next_prime(mp_int *a, int t, int bbs_style)
{
int err, res;
int err, res, x, y;
mp_digit res_tab[PRIME_SIZE], step, kstep;
mp_int b;
if (mp_iseven(a) == 1) {
/* force odd */
if ((err = mp_add_d(a, 1, a)) != MP_OKAY) {
return err;
/* ensure t is valid */
if (t <= 0 || t > PRIME_SIZE) {
return MP_VAL;
}
/* force positive */
if (a->sign == MP_NEG) {
a->sign = MP_ZPOS;
}
/* simple algo if a is less than the largest prime in the table */
if (mp_cmp_d(a, __prime_tab[PRIME_SIZE-1]) == MP_LT) {
/* find which prime it is bigger than */
for (x = PRIME_SIZE - 2; x >= 0; x--) {
if (mp_cmp_d(a, __prime_tab[x]) != MP_LT) {
if (bbs_style == 1) {
/* ok we found a prime smaller or
* equal [so the next is larger]
*
* however, the prime must be
* congruent to 3 mod 4
*/
if ((__prime_tab[x + 1] & 3) != 3) {
/* scan upwards for a prime congruent to 3 mod 4 */
for (y = x + 1; y < PRIME_SIZE; y++) {
if ((__prime_tab[y] & 3) == 3) {
mp_set(a, __prime_tab[y]);
return MP_OKAY;
}
}
}
} else {
mp_set(a, __prime_tab[x + 1]);
return MP_OKAY;
}
}
}
/* at this point a maybe 1 */
if (mp_cmp_d(a, 1) == MP_EQ) {
mp_set(a, 2);
return MP_OKAY;
}
/* fall through to the sieve */
}
/* generate a prime congruent to 3 mod 4 or 1/3 mod 4? */
if (bbs_style == 1) {
kstep = 4;
} else {
kstep = 2;
}
/* at this point we will use a combination of a sieve and Miller-Rabin */
if (bbs_style == 1) {
/* if a mod 4 != 3 subtract the correct value to make it so */
if ((a->dp[0] & 3) != 3) {
if ((err = mp_sub_d(a, (a->dp[0] & 3) + 1, a)) != MP_OKAY) { return err; };
}
} else {
/* force to next odd number */
if ((err = mp_add_d(a, 2, a)) != MP_OKAY) {
if (mp_iseven(a) == 1) {
/* force odd */
if ((err = mp_sub_d(a, 1, a)) != MP_OKAY) {
return err;
}
}
}
/* generate the restable */
for (x = 1; x < PRIME_SIZE; x++) {
if ((err = mp_mod_d(a, __prime_tab[x], res_tab + x)) != MP_OKAY) {
return err;
}
}
/* init temp used for Miller-Rabin Testing */
if ((err = mp_init(&b)) != MP_OKAY) {
return err;
}
for (;;) {
/* skip to the next non-trivially divisible candidate */
step = 0;
do {
/* y == 1 if any residue was zero [e.g. cannot be prime] */
y = 0;
/* increase step to next candidate */
step += kstep;
/* compute the new residue without using division */
for (x = 1; x < PRIME_SIZE; x++) {
/* add the step to each residue */
res_tab[x] += kstep;
/* subtract the modulus [instead of using division] */
if (res_tab[x] >= __prime_tab[x]) {
res_tab[x] -= __prime_tab[x];
}
/* set flag if zero */
if (res_tab[x] == 0) {
y = 1;
}
}
} while (y == 1 && step < ((((mp_digit)1)<<DIGIT_BIT) - kstep));
/* add the step */
if ((err = mp_add_d(a, step, a)) != MP_OKAY) {
goto __ERR;
}
/* if step == MAX then skip test */
if (step >= ((((mp_digit)1)<<DIGIT_BIT) - kstep)) {
continue;
}
/* is this prime? */
if ((err = mp_prime_is_prime(a, t, &res)) != MP_OKAY) {
return err;
for (x = 0; x < t; x++) {
mp_set(&b, __prime_tab[t]);
if ((err = mp_prime_miller_rabin(a, &b, &res)) != MP_OKAY) {
goto __ERR;
}
if (res == 0) {
break;
}
}
if (res == 1) {
break;
}
/* add two, next candidate */
if ((err = mp_add_d(a, 2, a)) != MP_OKAY) {
return err;
}
}
return MP_OKAY;
err = MP_OKAY;
__ERR:
mp_clear(&b);
return err;
}
@ -4990,14 +5234,14 @@ mp_read_unsigned_bin (mp_int * a, unsigned char *b, int c)
return res;
}
if (DIGIT_BIT != 7) {
#ifndef MP_8BIT
a->dp[0] |= *b++;
a->used += 1;
} else {
#else
a->dp[0] = (*b & MP_MASK);
a->dp[1] |= ((*b++ >> 7U) & 1);
a->used += 2;
}
#endif
}
mp_clamp (a);
return MP_OKAY;
@ -5441,7 +5685,7 @@ int
mp_shrink (mp_int * a)
{
if (a->alloc != a->used) {
if ((a->dp = OPT_CAST realloc (a->dp, sizeof (mp_digit) * a->used)) == NULL) {
if ((a->dp = OPT_CAST XREALLOC (a->dp, sizeof (mp_digit) * a->used)) == NULL) {
return MP_MEM;
}
a->alloc = a->used;
@ -5638,20 +5882,65 @@ mp_sub (mp_int * a, mp_int * b, mp_int * c)
int
mp_sub_d (mp_int * a, mp_digit b, mp_int * c)
{
mp_int t;
int res;
mp_digit *tmpa, *tmpc, mu;
int res, ix, oldused;
if ((res = mp_init (&t)) != MP_OKAY) {
return res;
/* grow c as required */
if (c->alloc < a->used + 1) {
if ((res = mp_grow(c, a->used + 1)) != MP_OKAY) {
return res;
}
}
mp_set (&t, b);
res = mp_sub (a, &t, c);
mp_clear (&t);
return res;
/* if a is negative just do an unsigned
* addition [with fudged signs]
*/
if (a->sign == MP_NEG) {
a->sign = MP_ZPOS;
res = mp_add_d(a, b, c);
a->sign = c->sign = MP_NEG;
return res;
}
/* setup regs */
oldused = c->used;
tmpa = a->dp;
tmpc = c->dp;
/* if a <= b simply fix the single digit */
if ((a->used == 1 && a->dp[0] <= b) || a->used == 0) {
*tmpc++ = b - *tmpa;
ix = 1;
/* negative/1digit */
c->sign = MP_NEG;
c->used = 1;
} else {
/* positive/size */
c->sign = MP_ZPOS;
c->used = a->used;
/* subtract first digit */
*tmpc = *tmpa++ - b;
mu = *tmpc >> (sizeof(mp_digit) * CHAR_BIT - 1);
*tmpc++ &= MP_MASK;
/* handle rest of the digits */
for (ix = 1; ix < a->used; ix++) {
*tmpc = *tmpa++ - mu;
mu = *tmpc >> (sizeof(mp_digit) * CHAR_BIT - 1);
*tmpc++ &= MP_MASK;
}
}
for (; ix < oldused; ix++) {
*tmpc++ = 0;
}
mp_clamp(c);
return MP_OKAY;
}
/* End: bn_mp_sub_d.c */
/* Start: bn_mp_submod.c */
@ -5756,11 +6045,11 @@ mp_to_unsigned_bin (mp_int * a, unsigned char *b)
x = 0;
while (mp_iszero (&t) == 0) {
if (DIGIT_BIT != 7) {
#ifndef MP_8BIT
b[x++] = (unsigned char) (t.dp[0] & 255);
} else {
#else
b[x++] = (unsigned char) (t.dp[0] | ((t.dp[1] & 0x01) << 7));
}
#endif
if ((res = mp_div_2d (&t, 8, &t, NULL)) != MP_OKAY) {
mp_clear (&t);
return res;
@ -6452,216 +6741,6 @@ mp_zero (mp_int * a)
/* End: bn_mp_zero.c */
/* Start: bn_mult.c */
/* LibTomMath, multiple-precision integer library -- Tom St Denis
*
* LibTomMath is library that provides for multiple-precision
* integer arithmetic as well as number theoretic functionality.
*
* The library is designed directly after the MPI library by
* Michael Fromberger but has been written from scratch with
* additional optimizations in place.
*
* The library is free for all purposes without any express
* guarantee it works.
*
* Tom St Denis, tomstdenis@iahu.ca, http://math.libtomcrypt.org
*/
#include <tommath.h>
/* this file provides a nxn=>2n multiplier based on the
* fact that xy = ((x-y)^2 - (x+y)^2)/4
* so by having a square table for 0..2^(n+1)
* we can compute (x+y)^2 via table lookup, etc..
*/
#ifdef SLOW_MULT
/* table of x^2 for -510..510 */
#if defined(MP_8BIT) || defined(MP_16BIT)
static const unsigned long sqr[] = {
65025, 64770, 64516, 64262, 64009, 63756, 63504, 63252, 63001, 62750, 62500, 62250,
62001, 61752, 61504, 61256, 61009, 60762, 60516, 60270, 60025, 59780, 59536, 59292,
59049, 58806, 58564, 58322, 58081, 57840, 57600, 57360, 57121, 56882, 56644, 56406,
56169, 55932, 55696, 55460, 55225, 54990, 54756, 54522, 54289, 54056, 53824, 53592,
53361, 53130, 52900, 52670, 52441, 52212, 51984, 51756, 51529, 51302, 51076, 50850,
50625, 50400, 50176, 49952, 49729, 49506, 49284, 49062, 48841, 48620, 48400, 48180,
47961, 47742, 47524, 47306, 47089, 46872, 46656, 46440, 46225, 46010, 45796, 45582,
45369, 45156, 44944, 44732, 44521, 44310, 44100, 43890, 43681, 43472, 43264, 43056,
42849, 42642, 42436, 42230, 42025, 41820, 41616, 41412, 41209, 41006, 40804, 40602,
40401, 40200, 40000, 39800, 39601, 39402, 39204, 39006, 38809, 38612, 38416, 38220,
38025, 37830, 37636, 37442, 37249, 37056, 36864, 36672, 36481, 36290, 36100, 35910,
35721, 35532, 35344, 35156, 34969, 34782, 34596, 34410, 34225, 34040, 33856, 33672,
33489, 33306, 33124, 32942, 32761, 32580, 32400, 32220, 32041, 31862, 31684, 31506,
31329, 31152, 30976, 30800, 30625, 30450, 30276, 30102, 29929, 29756, 29584, 29412,
29241, 29070, 28900, 28730, 28561, 28392, 28224, 28056, 27889, 27722, 27556, 27390,
27225, 27060, 26896, 26732, 26569, 26406, 26244, 26082, 25921, 25760, 25600, 25440,
25281, 25122, 24964, 24806, 24649, 24492, 24336, 24180, 24025, 23870, 23716, 23562,
23409, 23256, 23104, 22952, 22801, 22650, 22500, 22350, 22201, 22052, 21904, 21756,
21609, 21462, 21316, 21170, 21025, 20880, 20736, 20592, 20449, 20306, 20164, 20022,
19881, 19740, 19600, 19460, 19321, 19182, 19044, 18906, 18769, 18632, 18496, 18360,
18225, 18090, 17956, 17822, 17689, 17556, 17424, 17292, 17161, 17030, 16900, 16770,
16641, 16512, 16384, 16256, 16129, 16002, 15876, 15750, 15625, 15500, 15376, 15252,
15129, 15006, 14884, 14762, 14641, 14520, 14400, 14280, 14161, 14042, 13924, 13806,
13689, 13572, 13456, 13340, 13225, 13110, 12996, 12882, 12769, 12656, 12544, 12432,
12321, 12210, 12100, 11990, 11881, 11772, 11664, 11556, 11449, 11342, 11236, 11130,
11025, 10920, 10816, 10712, 10609, 10506, 10404, 10302, 10201, 10100, 10000, 9900,
9801, 9702, 9604, 9506, 9409, 9312, 9216, 9120, 9025, 8930, 8836, 8742,
8649, 8556, 8464, 8372, 8281, 8190, 8100, 8010, 7921, 7832, 7744, 7656,
7569, 7482, 7396, 7310, 7225, 7140, 7056, 6972, 6889, 6806, 6724, 6642,
6561, 6480, 6400, 6320, 6241, 6162, 6084, 6006, 5929, 5852, 5776, 5700,
5625, 5550, 5476, 5402, 5329, 5256, 5184, 5112, 5041, 4970, 4900, 4830,
4761, 4692, 4624, 4556, 4489, 4422, 4356, 4290, 4225, 4160, 4096, 4032,
3969, 3906, 3844, 3782, 3721, 3660, 3600, 3540, 3481, 3422, 3364, 3306,
3249, 3192, 3136, 3080, 3025, 2970, 2916, 2862, 2809, 2756, 2704, 2652,
2601, 2550, 2500, 2450, 2401, 2352, 2304, 2256, 2209, 2162, 2116, 2070,
2025, 1980, 1936, 1892, 1849, 1806, 1764, 1722, 1681, 1640, 1600, 1560,
1521, 1482, 1444, 1406, 1369, 1332, 1296, 1260, 1225, 1190, 1156, 1122,
1089, 1056, 1024, 992, 961, 930, 900, 870, 841, 812, 784, 756,
729, 702, 676, 650, 625, 600, 576, 552, 529, 506, 484, 462,
441, 420, 400, 380, 361, 342, 324, 306, 289, 272, 256, 240,
225, 210, 196, 182, 169, 156, 144, 132, 121, 110, 100, 90,
81, 72, 64, 56, 49, 42, 36, 30, 25, 20, 16, 12,
9, 6, 4, 2, 1, 0, 0, 0, 1, 2, 4, 6,
9, 12, 16, 20, 25, 30, 36, 42, 49, 56, 64, 72,
81, 90, 100, 110, 121, 132, 144, 156, 169, 182, 196, 210,
225, 240, 256, 272, 289, 306, 324, 342, 361, 380, 400, 420,
441, 462, 484, 506, 529, 552, 576, 600, 625, 650, 676, 702,
729, 756, 784, 812, 841, 870, 900, 930, 961, 992, 1024, 1056,
1089, 1122, 1156, 1190, 1225, 1260, 1296, 1332, 1369, 1406, 1444, 1482,
1521, 1560, 1600, 1640, 1681, 1722, 1764, 1806, 1849, 1892, 1936, 1980,
2025, 2070, 2116, 2162, 2209, 2256, 2304, 2352, 2401, 2450, 2500, 2550,
2601, 2652, 2704, 2756, 2809, 2862, 2916, 2970, 3025, 3080, 3136, 3192,
3249, 3306, 3364, 3422, 3481, 3540, 3600, 3660, 3721, 3782, 3844, 3906,
3969, 4032, 4096, 4160, 4225, 4290, 4356, 4422, 4489, 4556, 4624, 4692,
4761, 4830, 4900, 4970, 5041, 5112, 5184, 5256, 5329, 5402, 5476, 5550,
5625, 5700, 5776, 5852, 5929, 6006, 6084, 6162, 6241, 6320, 6400, 6480,
6561, 6642, 6724, 6806, 6889, 6972, 7056, 7140, 7225, 7310, 7396, 7482,
7569, 7656, 7744, 7832, 7921, 8010, 8100, 8190, 8281, 8372, 8464, 8556,
8649, 8742, 8836, 8930, 9025, 9120, 9216, 9312, 9409, 9506, 9604, 9702,
9801, 9900, 10000, 10100, 10201, 10302, 10404, 10506, 10609, 10712, 10816, 10920,
11025, 11130, 11236, 11342, 11449, 11556, 11664, 11772, 11881, 11990, 12100, 12210,
12321, 12432, 12544, 12656, 12769, 12882, 12996, 13110, 13225, 13340, 13456, 13572,
13689, 13806, 13924, 14042, 14161, 14280, 14400, 14520, 14641, 14762, 14884, 15006,
15129, 15252, 15376, 15500, 15625, 15750, 15876, 16002, 16129, 16256, 16384, 16512,
16641, 16770, 16900, 17030, 17161, 17292, 17424, 17556, 17689, 17822, 17956, 18090,
18225, 18360, 18496, 18632, 18769, 18906, 19044, 19182, 19321, 19460, 19600, 19740,
19881, 20022, 20164, 20306, 20449, 20592, 20736, 20880, 21025, 21170, 21316, 21462,
21609, 21756, 21904, 22052, 22201, 22350, 22500, 22650, 22801, 22952, 23104, 23256,
23409, 23562, 23716, 23870, 24025, 24180, 24336, 24492, 24649, 24806, 24964, 25122,
25281, 25440, 25600, 25760, 25921, 26082, 26244, 26406, 26569, 26732, 26896, 27060,
27225, 27390, 27556, 27722, 27889, 28056, 28224, 28392, 28561, 28730, 28900, 29070,
29241, 29412, 29584, 29756, 29929, 30102, 30276, 30450, 30625, 30800, 30976, 31152,
31329, 31506, 31684, 31862, 32041, 32220, 32400, 32580, 32761, 32942, 33124, 33306,
33489, 33672, 33856, 34040, 34225, 34410, 34596, 34782, 34969, 35156, 35344, 35532,
35721, 35910, 36100, 36290, 36481, 36672, 36864, 37056, 37249, 37442, 37636, 37830,
38025, 38220, 38416, 38612, 38809, 39006, 39204, 39402, 39601, 39800, 40000, 40200,
40401, 40602, 40804, 41006, 41209, 41412, 41616, 41820, 42025, 42230, 42436, 42642,
42849, 43056, 43264, 43472, 43681, 43890, 44100, 44310, 44521, 44732, 44944, 45156,
45369, 45582, 45796, 46010, 46225, 46440, 46656, 46872, 47089, 47306, 47524, 47742,
47961, 48180, 48400, 48620, 48841, 49062, 49284, 49506, 49729, 49952, 50176, 50400,
50625, 50850, 51076, 51302, 51529, 51756, 51984, 52212, 52441, 52670, 52900, 53130,
53361, 53592, 53824, 54056, 54289, 54522, 54756, 54990, 55225, 55460, 55696, 55932,
56169, 56406, 56644, 56882, 57121, 57360, 57600, 57840, 58081, 58322, 58564, 58806,
59049, 59292, 59536, 59780, 60025, 60270, 60516, 60762, 61009, 61256, 61504, 61752,
62001, 62250, 62500, 62750, 63001, 63252, 63504, 63756, 64009, 64262, 64516, 64770,
65025};
#endif
#if defined(MP_8BIT)
/*
4 add/sub
2 table lookups
-
6 operations
versus
8 shifts
8 ands
8 jump/zero
8 adds
--
32 operations
*/
mp_word s_mp_mult(mp_digit a, mp_digit b)
{
int A, B;
/* since mp_digit < 9-bits a+b may truncate... */
A = a; B = b;
A += 510;
return (mp_word)(sqr[A+B] - sqr[A-B]);
}
#elif defined(MP_16BIT)
/*
17 add/sub
4 shifts
8 table lookups
2 ands
--
31 operations
A double/multiply would require
16 shifts
16 ands
16 jump/zero
16 adds
--
64 operations
*/
mp_word s_mp_mult(mp_digit a, mp_digit b)
{
mp_digit a1, a2, b1, b2;
a1 = a&255; a2 = a>>8;
b1 = (b&255)+510; b2 = (b>>8)+510;
return (mp_word)(
(sqr[b1+a1] - sqr[b1-a1]) +
((sqr[b1+a2] + sqr[b2+a1] - (sqr[b1-a2] + sqr[b2-a1]))<<8) +
((sqr[b2+a2] - sqr[b2-a2])<<16));
}
#elif defined(MP_28BIT)
/* use a 2-ary sliding window
29 shifts
14 additions
13 ands
18 table lookups
--
74 operations
versus 4*28 == 112 via the other method
*/
mp_word s_mp_mult(mp_digit a, mp_digit b)
{
mp_digit wnd[4];
mp_word res;
/* make window */
wnd[0] = 0;
wnd[1] = a;
wnd[2] = a<<1;
wnd[3] = (a<<1) + a;
/* go over the 28 bits of b */
#define RND(i) res = (res << 2) + ((mp_word)wnd[(b>>(2*i))&3]);
res = wnd[b>>26];
RND(12); RND(11); RND(10); RND( 9);
RND( 8); RND( 7); RND( 6); RND( 5);
RND( 4); RND( 3); RND( 2); RND( 1); RND(0);
return res;
}
#else
mp_word s_mp_mult(mp_digit a, mp_digit b)
{
return ((mp_word)a)*((mp_word)b);
}
#endif
#endif /* SLOW_MULT */
/* End: bn_mult.c */
/* Start: bn_prime_tab.c */
/* LibTomMath, multiple-precision integer library -- Tom St Denis
*
@ -7164,7 +7243,7 @@ s_mp_mul_digs (mp_int * a, mp_int * b, mp_int * c, int digs)
for (iy = 0; iy < pb; iy++) {
/* compute the column as a mp_word */
r = ((mp_word) *tmpt) +
MULT(tmpx, *tmpy++) +
((mp_word)tmpx) * ((mp_word)*tmpy++) +
((mp_word) u);
/* the new column is the lower part of the result */
@ -7246,7 +7325,7 @@ s_mp_mul_high_digs (mp_int * a, mp_int * b, mp_int * c, int digs)
for (iy = digs - ix; iy < pb; iy++) {
/* calculate the double precision result */
r = ((mp_word) * tmpt) + MULT(tmpx, *tmpy++) + ((mp_word) u);
r = ((mp_word) * tmpt) + ((mp_word)tmpx) * ((mp_word)*tmpy++) + ((mp_word) u);
/* get the lower part */
*tmpt++ = (mp_digit) (r & ((mp_word) MP_MASK));
@ -7299,8 +7378,8 @@ s_mp_sqr (mp_int * a, mp_int * b)
for (ix = 0; ix < pa; ix++) {
/* first calculate the digit at 2*ix */
/* calculate double precision result */
r = ((mp_word) t.dp[2*ix]) +
MULT(a->dp[ix], a->dp[ix]);
r = ((mp_word) t.dp[2*ix]) +
((mp_word)a->dp[ix])*((mp_word)a->dp[ix]);
/* store lower part in result */
t.dp[2*ix] = (mp_digit) (r & ((mp_word) MP_MASK));
@ -7316,12 +7395,12 @@ s_mp_sqr (mp_int * a, mp_int * b)
for (iy = ix + 1; iy < pa; iy++) {
/* first calculate the product */
r = MULT(tmpx, a->dp[iy]);
r = ((mp_word)tmpx) * ((mp_word)a->dp[iy]);
/* now calculate the double precision result, note we use
* addition instead of *2 since it's easier to optimize
*/
r = ((mp_word) * tmpt) + r + r + ((mp_word) u);
r = ((mp_word) *tmpt) + r + r + ((mp_word) u);
/* store lower part */
*tmpt++ = (mp_digit) (r & ((mp_word) MP_MASK));

4
mycrypt.h
View File

@ -16,8 +16,8 @@ extern "C" {
#endif
/* version */
#define CRYPT 0x0088
#define SCRYPT "0.88"
#define CRYPT 0x0089
#define SCRYPT "0.89"
/* max size of either a cipher/hash block or symmetric key [largest of the two] */
#define MAXBLOCKSIZE 128

14
mycrypt_macros.h
View File

@ -12,8 +12,6 @@
*/
typedef unsigned long ulong32;
extern char *crypt_error;
/* ---- HELPER MACROS ---- */
#ifdef ENDIAN_NEUTRAL
@ -190,13 +188,15 @@ extern char *crypt_error;
#ifdef _MSC_VER
# include <stdlib.h>
# pragma intrinsic(_lrotr,_lrotl)
# define ROR(x,n) _lrotr(x,n)
# define ROL(x,n) _lrotl(x,n)
/* instrinsic rotate */
#include <stdlib.h>
#pragma intrinsic(_lrotr,_lrotl)
#define ROR(x,n) _lrotr(x,n)
#define ROL(x,n) _lrotl(x,n)
#else
/* rotates the hard way */
#define ROL(x, y) ( (((unsigned long)(x)<<(unsigned long)((y)&31)) | (((unsigned long)(x)&0xFFFFFFFFUL)>>(unsigned long)(32-((y)&31)))) & 0xFFFFFFFFUL)
#define ROR(x, y) ( ((((unsigned long)(x)&0xFFFFFFFFUL)>>(unsigned long)((y)&31)) | ((unsigned long)(x)<<(unsigned long)(32-((y)&31)))) & 0xFFFFFFFFUL)
@ -216,7 +216,7 @@ extern char *crypt_error;
#define MIN(x, y) ( ((x)<(y))?(x):(y) )
/* extract a byte portably */
#if (CHAR_BIT == 8)
#ifdef _MSC_VER
#define byte(x, n) ((unsigned char)((x) >> (8 * (n))))
#else
#define byte(x, n) (((x) >> (8 * (n))) & 255)

98
prime.c
View File

@ -12,94 +12,6 @@ int is_prime(mp_int *N, int *result)
return CRYPT_MEM;
}
return CRYPT_OK;
}
static int next_prime(mp_int *N, mp_digit step)
{
long x, s, j, total_dist;
int res;
mp_int n1, a, y, r;
mp_digit dist, residues[UPPER_LIMIT];
_ARGCHK(N != NULL);
/* first find the residues */
for (x = 0; x < (long)UPPER_LIMIT; x++) {
if (mp_mod_d(N, __prime_tab[x], &residues[x]) != MP_OKAY) {
return CRYPT_MEM;
}
}
/* init variables */
if (mp_init_multi(&r, &n1, &a, &y, NULL) != MP_OKAY) {
return CRYPT_MEM;
}
total_dist = 0;
loop:
/* while one of the residues is zero keep looping */
dist = step;
for (x = 0; (dist < (MP_DIGIT_MAX-step-1)) && (x < (long)UPPER_LIMIT); x++) {
j = (long)residues[x] + (long)dist + total_dist;
if (j % (long)__prime_tab[x] == 0) {
dist += step; x = -1;
}
}
/* recalc the total distance from where we started */
total_dist += dist;
/* add to N */
if (mp_add_d(N, dist, N) != MP_OKAY) { goto error; }
/* n1 = N - 1 */
if (mp_sub_d(N, 1, &n1) != MP_OKAY) { goto error; }
/* r = N - 1 */
if (mp_copy(&n1, &r) != MP_OKAY) { goto error; }
/* find s such that N-1 = (2^s)r */
s = 0;
while (mp_iseven(&r)) {
++s;
if (mp_div_2(&r, &r) != MP_OKAY) {
goto error;
}
}
for (x = 0; x < 8; x++) {
/* choose a */
mp_set(&a, __prime_tab[x]);
/* compute y = a^r mod n */
if (mp_exptmod(&a, &r, N, &y) != MP_OKAY) { goto error; }
/* (y != 1) AND (y != N-1) */
if ((mp_cmp_d(&y, 1) != 0) && (mp_cmp(&y, &n1) != 0)) {
/* while j <= s-1 and y != n-1 */
for (j = 1; (j <= (s-1)) && (mp_cmp(&y, &n1) != 0); j++) {
/* y = y^2 mod N */
if (mp_sqrmod(&y, N, &y) != MP_OKAY) { goto error; }
/* if y == 1 return false */
if (mp_cmp_d(&y, 1) == 0) { goto loop; }
}
/* if y != n-1 return false */
if (mp_cmp(&y, &n1) != 0) { goto loop; }
}
}
res = CRYPT_OK;
goto done;
error:
res = CRYPT_MEM;
done:
mp_clear_multi(&a, &y, &n1, &r, NULL);
#ifdef CLEAN_STACK
zeromem(residues, sizeof(residues));
#endif
return res;
}
int rand_prime(mp_int *N, long len, prng_state *prng, int wprng)
@ -111,11 +23,11 @@ int rand_prime(mp_int *N, long len, prng_state *prng, int wprng)
/* pass a negative size if you want a prime congruent to 3 mod 4 */
if (len < 0) {
step = 4;
step = 1;
ormask = 3;
len = -len;
} else {
step = 2;
step = 0;
ormask = 1;
}
@ -150,9 +62,9 @@ int rand_prime(mp_int *N, long len, prng_state *prng, int wprng)
return CRYPT_MEM;
}
/* add the step size to it while N is not prime */
if ((err = next_prime(N, step)) != CRYPT_OK) {
return err;
/* Find the next prime after N */
if (mp_prime_next_prime(N, 8, step) != MP_OKAY) {
return CRYPT_MEM;
}
#ifdef CLEAN_STACK

1
sha1.c
View File

@ -46,7 +46,6 @@ static void sha1_compress(hash_state *md)
W[i] = ROL(W[i-3] ^ W[i-8] ^ W[i-14] ^ W[i-16], 1);
}
/* compress */
/* round one */
#define FF0(a,b,c,d,e,i) e = (ROL(a, 5) + F0(b,c,d) + e + W[i] + 0x5a827999UL); b = ROL(b, 30);

17
tommath.h
View File

@ -91,7 +91,7 @@ extern "C" {
/* otherwise the bits per digit is calculated automatically from the size of a mp_digit */
#ifndef DIGIT_BIT
#define DIGIT_BIT ((CHAR_BIT * sizeof(mp_digit) - 1)) /* bits per digit */
#define DIGIT_BIT ((int)((CHAR_BIT * sizeof(mp_digit) - 1))) /* bits per digit */
#endif
@ -126,16 +126,6 @@ extern int KARATSUBA_MUL_CUTOFF,
/* define this to use lower memory usage routines (exptmods mostly) */
/* #define MP_LOW_MEM */
/* have no cpu based mult? */
/* #define SLOW_MULT */
#ifdef SLOW_MULT
#define MULT(x, y) s_mp_mult((x), (y))
mp_word s_mp_mult(mp_digit, mp_digit);
#else
#define MULT(x, y) (((mp_word)(x)) * ((mp_word)(y)))
#endif
/* size of comba arrays, should be at least 2 * 2**(BITS_PER_WORD - BITS_PER_DIGIT*2) */
#define MP_WARRAY (1 << (sizeof(mp_word) * CHAR_BIT - 2 * DIGIT_BIT + 1))
@ -411,9 +401,10 @@ int mp_prime_is_prime(mp_int *a, int t, int *result);
/* finds the next prime after the number "a" using "t" trials
* of Miller-Rabin.
*
* bbs_style = 1 means the prime must be congruent to 3 mod 4
*/
int mp_prime_next_prime(mp_int *a, int t);
int mp_prime_next_prime(mp_int *a, int t, int bbs_style);
/* ---> radix conversion <--- */
int mp_count_bits(mp_int *a);

12
twofish.c
View File

@ -74,7 +74,7 @@ static const unsigned char SBOX[2][256] = {
0x36, 0x42, 0x4a, 0x5e, 0xc1, 0xe0},
{
0x75, 0xf3, 0xc6, 0xf4, 0xdb, 0x7b, 0xfb, 0xc8, 0x4a, 0xd3,
0xe6, 0x6b, 0x45, 0x7d, 0xe8, 0x4b, 0xd6, 0x32, 0xd8, 0xfd,
0xe6, 0x6b, 0x45, 0x7d, 0xe8, 0x4b, 0xd6, 0x32, 0xd8, 0xfd,
0x37, 0x71, 0xf1, 0xe1, 0x30, 0x0f, 0xf8, 0x1b, 0x87, 0xfa,
0x06, 0x3f, 0x5e, 0xba, 0xae, 0x5b, 0x8a, 0x00, 0xbc, 0x9d,
0x6d, 0xc1, 0xb1, 0x0e, 0x80, 0x5d, 0xd2, 0xd5, 0xa0, 0x84,
@ -111,7 +111,7 @@ static const ulong32 mds_tab[4][256] = {
0x36362228UL, 0xd9d97929UL, 0x8181942aUL, 0x6e6ecf2bUL, 0x3131272cUL, 0xdede7c2dUL, 0x8686912eUL, 0x6969ca2fUL,
0x24243c30UL, 0xcbcb6731UL, 0x93938a32UL, 0x7c7cd133UL, 0x23233934UL, 0xcccc6235UL, 0x94948f36UL, 0x7b7bd437UL,
0x2a2a3638UL, 0xc5c56d39UL, 0x9d9d803aUL, 0x7272db3bUL, 0x2d2d333cUL, 0xc2c2683dUL, 0x9a9a853eUL, 0x7575de3fUL,
0x70705040UL, 0x9f9f0b41UL, 0xc7c7e642UL, 0x2828bd43UL, 0x77775544UL, 0x98980e45UL, 0xc0c0e346UL, 0x2f2fb847UL,
0x70705040UL, 0x9f9f0b41UL, 0xc7c7e642UL, 0x2828bd43UL, 0x77775544UL, 0x98980e45UL, 0xc0c0e346UL, 0x2f2fb847UL,
0x7e7e5a48UL, 0x91910149UL, 0xc9c9ec4aUL, 0x2626b74bUL, 0x79795f4cUL, 0x9696044dUL, 0xcecee94eUL, 0x2121b24fUL,
0x6c6c4450UL, 0x83831f51UL, 0xdbdbf252UL, 0x3434a953UL, 0x6b6b4154UL, 0x84841a55UL, 0xdcdcf756UL, 0x3333ac57UL,
0x62624e58UL, 0x8d8d1559UL, 0xd5d5f85aUL, 0x3a3aa35bUL, 0x65654b5cUL, 0x8a8a105dUL, 0xd2d2fd5eUL, 0x3d3da65fUL,
@ -148,7 +148,7 @@ static const ulong32 mds_tab[4][256] = {
0x40507070UL, 0x410b9f9fUL, 0x42e6c7c7UL, 0x43bd2828UL, 0x44557777UL, 0x450e9898UL, 0x46e3c0c0UL, 0x47b82f2fUL,
0x485a7e7eUL, 0x49019191UL, 0x4aecc9c9UL, 0x4bb72626UL, 0x4c5f7979UL, 0x4d049696UL, 0x4ee9ceceUL, 0x4fb22121UL,
0x50446c6cUL, 0x511f8383UL, 0x52f2dbdbUL, 0x53a93434UL, 0x54416b6bUL, 0x551a8484UL, 0x56f7dcdcUL, 0x57ac3333UL,
0x584e6262UL, 0x59158d8dUL, 0x5af8d5d5UL, 0x5ba33a3aUL, 0x5c4b6565UL, 0x5d108a8aUL, 0x5efdd2d2UL, 0x5fa63d3dUL,
0x584e6262UL, 0x59158d8dUL, 0x5af8d5d5UL, 0x5ba33a3aUL, 0x5c4b6565UL, 0x5d108a8aUL, 0x5efdd2d2UL, 0x5fa63d3dUL,
0x60784848UL, 0x6123a7a7UL, 0x62ceffffUL, 0x63951010UL, 0x647d4f4fUL, 0x6526a0a0UL, 0x66cbf8f8UL, 0x67901717UL,
0x68724646UL, 0x6929a9a9UL, 0x6ac4f1f1UL, 0x6b9f1e1eUL, 0x6c774141UL, 0x6d2caeaeUL, 0x6ec1f6f6UL, 0x6f9a1919UL,
0x706c5454UL, 0x7137bbbbUL, 0x72dae3e3UL, 0x73810c0cUL, 0x74695353UL, 0x7532bcbcUL, 0x76dfe4e4UL, 0x77840b0bUL,
@ -185,7 +185,7 @@ static const ulong32 mds_tab[4][256] = {
0x6258624eUL, 0x8d598d15UL, 0xd55ad5f8UL, 0x3a5b3aa3UL, 0x655c654bUL, 0x8a5d8a10UL, 0xd25ed2fdUL, 0x3d5f3da6UL,
0x48604878UL, 0xa761a723UL, 0xff62ffceUL, 0x10631095UL, 0x4f644f7dUL, 0xa065a026UL, 0xf866f8cbUL, 0x17671790UL,
0x46684672UL, 0xa969a929UL, 0xf16af1c4UL, 0x1e6b1e9fUL, 0x416c4177UL, 0xae6dae2cUL, 0xf66ef6c1UL, 0x196f199aUL,
0x5470546cUL, 0xbb71bb37UL, 0xe372e3daUL, 0x0c730c81UL, 0x53745369UL, 0xbc75bc32UL, 0xe476e4dfUL, 0x0b770b84UL,
0x5470546cUL, 0xbb71bb37UL, 0xe372e3daUL, 0x0c730c81UL, 0x53745369UL, 0xbc75bc32UL, 0xe476e4dfUL, 0x0b770b84UL,
0x5a785a66UL, 0xb579b53dUL, 0xed7aedd0UL, 0x027b028bUL, 0x5d7c5d63UL, 0xb27db238UL, 0xea7eead5UL, 0x057f058eUL,
0xe080e0a0UL, 0x0f810ffbUL, 0x57825716UL, 0xb883b84dUL, 0xe784e7a5UL, 0x088508feUL, 0x50865013UL, 0xbf87bf48UL,
0xee88eeaaUL, 0x018901f1UL, 0x598a591cUL, 0xb68bb647UL, 0xe98ce9afUL, 0x068d06f4UL, 0x5e8e5e19UL, 0xb18fb142UL,
@ -222,7 +222,7 @@ static const ulong32 mds_tab[4][256] = {
0x6c54706cUL, 0x37bb7137UL, 0xdae372daUL, 0x810c7381UL, 0x69537469UL, 0x32bc7532UL, 0xdfe476dfUL, 0x840b7784UL,
0x665a7866UL, 0x3db5793dUL, 0xd0ed7ad0UL, 0x8b027b8bUL, 0x635d7c63UL, 0x38b27d38UL, 0xd5ea7ed5UL, 0x8e057f8eUL,
0xa0e080a0UL, 0xfb0f81fbUL, 0x16578216UL, 0x4db8834dUL, 0xa5e784a5UL, 0xfe0885feUL, 0x13508613UL, 0x48bf8748UL,
0xaaee88aaUL, 0xf10189f1UL, 0x1c598a1cUL, 0x47b68b47UL, 0xafe98cafUL, 0xf4068df4UL, 0x195e8e19UL, 0x42b18f42UL,
0xaaee88aaUL, 0xf10189f1UL, 0x1c598a1cUL, 0x47b68b47UL, 0xafe98cafUL, 0xf4068df4UL, 0x195e8e19UL, 0x42b18f42UL,
0xb4fc90b4UL, 0xef1391efUL, 0x024b9202UL, 0x59a49359UL, 0xb1fb94b1UL, 0xea1495eaUL, 0x074c9607UL, 0x5ca3975cUL,
0xbef298beUL, 0xe51d99e5UL, 0x08459a08UL, 0x53aa9b53UL, 0xbbf59cbbUL, 0xe01a9de0UL, 0x0d429e0dUL, 0x56ad9f56UL,
0x88d8a088UL, 0xd337a1d3UL, 0x3e6fa23eUL, 0x6580a365UL, 0x8ddfa48dUL, 0xd630a5d6UL, 0x3b68a63bUL, 0x6087a760UL,
@ -319,7 +319,7 @@ static ulong32 gf_mult(ulong32 a, ulong32 b, ulong32 p)
P[1] = p;
B[1] = b;
P[0] = B[0] = 0;
/* unrolled branchless GF multiplier */
result ^= B[a&1]; a >>= 1; B[1] = P[B[1]>>7] ^ (B[1] << 1);
result ^= B[a&1]; a >>= 1; B[1] = P[B[1]>>7] ^ (B[1] << 1);