diff --git a/bits.c b/bits.c index 0643888..1a25754 100644 --- a/bits.c +++ b/bits.c @@ -10,7 +10,7 @@ static unsigned long rng_nix(unsigned char *buf, unsigned long len, return 0; #else FILE *f; - int x; + unsigned long x; #ifdef TRY_URANDOM_FIRST f = fopen("/dev/urandom", "rb"); if (f == NULL) @@ -21,8 +21,8 @@ static unsigned long rng_nix(unsigned char *buf, unsigned long len, return 0; } - x = fread(buf, 1, len, f); - fclose(f); + x = (unsigned long)fread(buf, 1, (size_t)len, f); + (void)fclose(f); return x; #endif /* NO_FILE */ } @@ -133,20 +133,20 @@ static unsigned long rng_win32(unsigned char *buf, unsigned long len, unsigned long rng_get_bytes(unsigned char *buf, unsigned long len, void (*callback)(void)) { - int x; + unsigned long x; _ARGCHK(buf != NULL); #ifdef SONY_PS2 - x = rng_ps2(buf, len, callback); if (x) { return x; } + x = rng_ps2(buf, len, callback); if (x != 0) { return x; } #elif defined(DEVRANDOM) - x = rng_nix(buf, len, callback); if (x) { return x; } + x = rng_nix(buf, len, callback); if (x != 0) { return x; } #endif #ifdef WIN32 - x = rng_win32(buf, len, callback); if (x) { return x; } + x = rng_win32(buf, len, callback); if (x != 0) { return x; } #endif #ifdef ANSI_RNG - x = rng_ansic(buf, len, callback); if (x) { return x; } + x = rng_ansic(buf, len, callback); if (x != 0) { return x; } #endif return 0; } @@ -155,34 +155,34 @@ int rng_make_prng(int bits, int wprng, prng_state *prng, void (*callback)(void)) { unsigned char buf[256]; - int errno; + int err; _ARGCHK(prng != NULL); /* check parameter */ - if ((errno = prng_is_valid(wprng)) != CRYPT_OK) { - return errno; + if ((err = prng_is_valid(wprng)) != CRYPT_OK) { + return err; } if (bits < 64 || bits > 1024) { return CRYPT_INVALID_PRNGSIZE; } - if ((errno = prng_descriptor[wprng].start(prng)) != CRYPT_OK) { - return errno; + if ((err = prng_descriptor[wprng].start(prng)) != CRYPT_OK) { + return err; } - bits = ((bits/8)+(bits&7?1:0)) * 2; - if (rng_get_bytes(buf, bits, callback) != (unsigned long)bits) { + bits = ((bits/8)+((bits&7)==0x80?1:0)) * 2; + if (rng_get_bytes(buf, (unsigned long)bits, callback) != (unsigned long)bits) { return CRYPT_ERROR_READPRNG; } - if ((errno = prng_descriptor[wprng].add_entropy(buf, bits, prng)) != CRYPT_OK) { - return errno; + if ((err = prng_descriptor[wprng].add_entropy(buf, (unsigned long)bits, prng)) != CRYPT_OK) { + return err; } - if ((errno = prng_descriptor[wprng].ready(prng)) != CRYPT_OK) { - return errno; + if ((err = prng_descriptor[wprng].ready(prng)) != CRYPT_OK) { + return err; } #ifdef CLEAN_STACK diff --git a/blowfish.c b/blowfish.c index 6719314..3dbe266 100644 --- a/blowfish.c +++ b/blowfish.c @@ -304,7 +304,7 @@ int blowfish_setup(const unsigned char *key, int keylen, int num_rounds, for (x = y = 0; x < 18; x++) { A = 0; for (z = 0; z < 4; z++) { - A = (A << 8) | (unsigned long) key[y++ % keylen]; + A = (A << 8) | ((unsigned long)key[y++ % keylen]); } skey->blowfish.K[x] = ORIG_P[x] ^ A; } @@ -317,7 +317,10 @@ int blowfish_setup(const unsigned char *key, int keylen, int num_rounds, } /* encrypt K array */ - zeromem(B, 8); + for (x = 0; x < 8; x++) { + B[x] = 0; + } + for (x = 0; x < 18; x += 2) { /* encrypt it */ blowfish_ecb_encrypt(B, B, skey); @@ -433,7 +436,7 @@ void blowfish_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_ int blowfish_test(void) { - int errno; + int err; symmetric_key key; static const struct { unsigned char key[8], pt[8], ct[8]; @@ -459,8 +462,8 @@ int blowfish_test(void) for (x = 0; x < (int)(sizeof(tests) / sizeof(tests[0])); x++) { /* setup key */ - if ((errno = blowfish_setup(tests[x].key, 8, 16, &key)) != CRYPT_OK) { - return errno; + if ((err = blowfish_setup(tests[x].key, 8, 16, &key)) != CRYPT_OK) { + return err; } /* encrypt and decrypt */ @@ -468,7 +471,7 @@ int blowfish_test(void) blowfish_ecb_decrypt(buf[0], buf[1], &key); /* compare */ - if (memcmp(buf[0], tests[x].ct, 8) || memcmp(buf[1], tests[x].pt, 8)) { + if ((memcmp(buf[0], tests[x].ct, 8) != 0) || (memcmp(buf[1], tests[x].pt, 8) != 0)) { return CRYPT_FAIL_TESTVECTOR; } } diff --git a/cast5.c b/cast5.c index 336e921..77b6262 100644 --- a/cast5.c +++ b/cast5.c @@ -15,367 +15,367 @@ const struct _cipher_descriptor cast5_desc = { }; static const unsigned long S1[256] = { -0x30fb40d4, 0x9fa0ff0b, 0x6beccd2f, 0x3f258c7a, 0x1e213f2f, 0x9c004dd3, -0x6003e540, 0xcf9fc949, 0xbfd4af27, 0x88bbbdb5, 0xe2034090, 0x98d09675, -0x6e63a0e0, 0x15c361d2, 0xc2e7661d, 0x22d4ff8e, 0x28683b6f, 0xc07fd059, -0xff2379c8, 0x775f50e2, 0x43c340d3, 0xdf2f8656, 0x887ca41a, 0xa2d2bd2d, -0xa1c9e0d6, 0x346c4819, 0x61b76d87, 0x22540f2f, 0x2abe32e1, 0xaa54166b, -0x22568e3a, 0xa2d341d0, 0x66db40c8, 0xa784392f, 0x004dff2f, 0x2db9d2de, -0x97943fac, 0x4a97c1d8, 0x527644b7, 0xb5f437a7, 0xb82cbaef, 0xd751d159, -0x6ff7f0ed, 0x5a097a1f, 0x827b68d0, 0x90ecf52e, 0x22b0c054, 0xbc8e5935, -0x4b6d2f7f, 0x50bb64a2, 0xd2664910, 0xbee5812d, 0xb7332290, 0xe93b159f, -0xb48ee411, 0x4bff345d, 0xfd45c240, 0xad31973f, 0xc4f6d02e, 0x55fc8165, -0xd5b1caad, 0xa1ac2dae, 0xa2d4b76d, 0xc19b0c50, 0x882240f2, 0x0c6e4f38, -0xa4e4bfd7, 0x4f5ba272, 0x564c1d2f, 0xc59c5319, 0xb949e354, 0xb04669fe, -0xb1b6ab8a, 0xc71358dd, 0x6385c545, 0x110f935d, 0x57538ad5, 0x6a390493, -0xe63d37e0, 0x2a54f6b3, 0x3a787d5f, 0x6276a0b5, 0x19a6fcdf, 0x7a42206a, -0x29f9d4d5, 0xf61b1891, 0xbb72275e, 0xaa508167, 0x38901091, 0xc6b505eb, -0x84c7cb8c, 0x2ad75a0f, 0x874a1427, 0xa2d1936b, 0x2ad286af, 0xaa56d291, -0xd7894360, 0x425c750d, 0x93b39e26, 0x187184c9, 0x6c00b32d, 0x73e2bb14, -0xa0bebc3c, 0x54623779, 0x64459eab, 0x3f328b82, 0x7718cf82, 0x59a2cea6, -0x04ee002e, 0x89fe78e6, 0x3fab0950, 0x325ff6c2, 0x81383f05, 0x6963c5c8, -0x76cb5ad6, 0xd49974c9, 0xca180dcf, 0x380782d5, 0xc7fa5cf6, 0x8ac31511, -0x35e79e13, 0x47da91d0, 0xf40f9086, 0xa7e2419e, 0x31366241, 0x051ef495, -0xaa573b04, 0x4a805d8d, 0x548300d0, 0x00322a3c, 0xbf64cddf, 0xba57a68e, -0x75c6372b, 0x50afd341, 0xa7c13275, 0x915a0bf5, 0x6b54bfab, 0x2b0b1426, -0xab4cc9d7, 0x449ccd82, 0xf7fbf265, 0xab85c5f3, 0x1b55db94, 0xaad4e324, -0xcfa4bd3f, 0x2deaa3e2, 0x9e204d02, 0xc8bd25ac, 0xeadf55b3, 0xd5bd9e98, -0xe31231b2, 0x2ad5ad6c, 0x954329de, 0xadbe4528, 0xd8710f69, 0xaa51c90f, -0xaa786bf6, 0x22513f1e, 0xaa51a79b, 0x2ad344cc, 0x7b5a41f0, 0xd37cfbad, -0x1b069505, 0x41ece491, 0xb4c332e6, 0x032268d4, 0xc9600acc, 0xce387e6d, -0xbf6bb16c, 0x6a70fb78, 0x0d03d9c9, 0xd4df39de, 0xe01063da, 0x4736f464, -0x5ad328d8, 0xb347cc96, 0x75bb0fc3, 0x98511bfb, 0x4ffbcc35, 0xb58bcf6a, -0xe11f0abc, 0xbfc5fe4a, 0xa70aec10, 0xac39570a, 0x3f04442f, 0x6188b153, -0xe0397a2e, 0x5727cb79, 0x9ceb418f, 0x1cacd68d, 0x2ad37c96, 0x0175cb9d, -0xc69dff09, 0xc75b65f0, 0xd9db40d8, 0xec0e7779, 0x4744ead4, 0xb11c3274, -0xdd24cb9e, 0x7e1c54bd, 0xf01144f9, 0xd2240eb1, 0x9675b3fd, 0xa3ac3755, -0xd47c27af, 0x51c85f4d, 0x56907596, 0xa5bb15e6, 0x580304f0, 0xca042cf1, -0x011a37ea, 0x8dbfaadb, 0x35ba3e4a, 0x3526ffa0, 0xc37b4d09, 0xbc306ed9, -0x98a52666, 0x5648f725, 0xff5e569d, 0x0ced63d0, 0x7c63b2cf, 0x700b45e1, -0xd5ea50f1, 0x85a92872, 0xaf1fbda7, 0xd4234870, 0xa7870bf3, 0x2d3b4d79, -0x42e04198, 0x0cd0ede7, 0x26470db8, 0xf881814c, 0x474d6ad7, 0x7c0c5e5c, -0xd1231959, 0x381b7298, 0xf5d2f4db, 0xab838653, 0x6e2f1e23, 0x83719c9e, -0xbd91e046, 0x9a56456e, 0xdc39200c, 0x20c8c571, 0x962bda1c, 0xe1e696ff, -0xb141ab08, 0x7cca89b9, 0x1a69e783, 0x02cc4843, 0xa2f7c579, 0x429ef47d, -0x427b169c, 0x5ac9f049, 0xdd8f0f00, 0x5c8165bf}; +0x30fb40d4UL, 0x9fa0ff0bUL, 0x6beccd2fUL, 0x3f258c7aUL, 0x1e213f2fUL, 0x9c004dd3UL, +0x6003e540UL, 0xcf9fc949UL, 0xbfd4af27UL, 0x88bbbdb5UL, 0xe2034090UL, 0x98d09675UL, +0x6e63a0e0UL, 0x15c361d2UL, 0xc2e7661dUL, 0x22d4ff8eUL, 0x28683b6fUL, 0xc07fd059UL, +0xff2379c8UL, 0x775f50e2UL, 0x43c340d3UL, 0xdf2f8656UL, 0x887ca41aUL, 0xa2d2bd2dUL, +0xa1c9e0d6UL, 0x346c4819UL, 0x61b76d87UL, 0x22540f2fUL, 0x2abe32e1UL, 0xaa54166bUL, +0x22568e3aUL, 0xa2d341d0UL, 0x66db40c8UL, 0xa784392fUL, 0x004dff2fUL, 0x2db9d2deUL, +0x97943facUL, 0x4a97c1d8UL, 0x527644b7UL, 0xb5f437a7UL, 0xb82cbaefUL, 0xd751d159UL, +0x6ff7f0edUL, 0x5a097a1fUL, 0x827b68d0UL, 0x90ecf52eUL, 0x22b0c054UL, 0xbc8e5935UL, +0x4b6d2f7fUL, 0x50bb64a2UL, 0xd2664910UL, 0xbee5812dUL, 0xb7332290UL, 0xe93b159fUL, +0xb48ee411UL, 0x4bff345dUL, 0xfd45c240UL, 0xad31973fUL, 0xc4f6d02eUL, 0x55fc8165UL, +0xd5b1caadUL, 0xa1ac2daeUL, 0xa2d4b76dUL, 0xc19b0c50UL, 0x882240f2UL, 0x0c6e4f38UL, +0xa4e4bfd7UL, 0x4f5ba272UL, 0x564c1d2fUL, 0xc59c5319UL, 0xb949e354UL, 0xb04669feUL, +0xb1b6ab8aUL, 0xc71358ddUL, 0x6385c545UL, 0x110f935dUL, 0x57538ad5UL, 0x6a390493UL, +0xe63d37e0UL, 0x2a54f6b3UL, 0x3a787d5fUL, 0x6276a0b5UL, 0x19a6fcdfUL, 0x7a42206aUL, +0x29f9d4d5UL, 0xf61b1891UL, 0xbb72275eUL, 0xaa508167UL, 0x38901091UL, 0xc6b505ebUL, +0x84c7cb8cUL, 0x2ad75a0fUL, 0x874a1427UL, 0xa2d1936bUL, 0x2ad286afUL, 0xaa56d291UL, +0xd7894360UL, 0x425c750dUL, 0x93b39e26UL, 0x187184c9UL, 0x6c00b32dUL, 0x73e2bb14UL, +0xa0bebc3cUL, 0x54623779UL, 0x64459eabUL, 0x3f328b82UL, 0x7718cf82UL, 0x59a2cea6UL, +0x04ee002eUL, 0x89fe78e6UL, 0x3fab0950UL, 0x325ff6c2UL, 0x81383f05UL, 0x6963c5c8UL, +0x76cb5ad6UL, 0xd49974c9UL, 0xca180dcfUL, 0x380782d5UL, 0xc7fa5cf6UL, 0x8ac31511UL, +0x35e79e13UL, 0x47da91d0UL, 0xf40f9086UL, 0xa7e2419eUL, 0x31366241UL, 0x051ef495UL, +0xaa573b04UL, 0x4a805d8dUL, 0x548300d0UL, 0x00322a3cUL, 0xbf64cddfUL, 0xba57a68eUL, +0x75c6372bUL, 0x50afd341UL, 0xa7c13275UL, 0x915a0bf5UL, 0x6b54bfabUL, 0x2b0b1426UL, +0xab4cc9d7UL, 0x449ccd82UL, 0xf7fbf265UL, 0xab85c5f3UL, 0x1b55db94UL, 0xaad4e324UL, +0xcfa4bd3fUL, 0x2deaa3e2UL, 0x9e204d02UL, 0xc8bd25acUL, 0xeadf55b3UL, 0xd5bd9e98UL, +0xe31231b2UL, 0x2ad5ad6cUL, 0x954329deUL, 0xadbe4528UL, 0xd8710f69UL, 0xaa51c90fUL, +0xaa786bf6UL, 0x22513f1eUL, 0xaa51a79bUL, 0x2ad344ccUL, 0x7b5a41f0UL, 0xd37cfbadUL, +0x1b069505UL, 0x41ece491UL, 0xb4c332e6UL, 0x032268d4UL, 0xc9600accUL, 0xce387e6dUL, +0xbf6bb16cUL, 0x6a70fb78UL, 0x0d03d9c9UL, 0xd4df39deUL, 0xe01063daUL, 0x4736f464UL, +0x5ad328d8UL, 0xb347cc96UL, 0x75bb0fc3UL, 0x98511bfbUL, 0x4ffbcc35UL, 0xb58bcf6aUL, +0xe11f0abcUL, 0xbfc5fe4aUL, 0xa70aec10UL, 0xac39570aUL, 0x3f04442fUL, 0x6188b153UL, +0xe0397a2eUL, 0x5727cb79UL, 0x9ceb418fUL, 0x1cacd68dUL, 0x2ad37c96UL, 0x0175cb9dUL, +0xc69dff09UL, 0xc75b65f0UL, 0xd9db40d8UL, 0xec0e7779UL, 0x4744ead4UL, 0xb11c3274UL, +0xdd24cb9eUL, 0x7e1c54bdUL, 0xf01144f9UL, 0xd2240eb1UL, 0x9675b3fdUL, 0xa3ac3755UL, +0xd47c27afUL, 0x51c85f4dUL, 0x56907596UL, 0xa5bb15e6UL, 0x580304f0UL, 0xca042cf1UL, +0x011a37eaUL, 0x8dbfaadbUL, 0x35ba3e4aUL, 0x3526ffa0UL, 0xc37b4d09UL, 0xbc306ed9UL, +0x98a52666UL, 0x5648f725UL, 0xff5e569dUL, 0x0ced63d0UL, 0x7c63b2cfUL, 0x700b45e1UL, +0xd5ea50f1UL, 0x85a92872UL, 0xaf1fbda7UL, 0xd4234870UL, 0xa7870bf3UL, 0x2d3b4d79UL, +0x42e04198UL, 0x0cd0ede7UL, 0x26470db8UL, 0xf881814cUL, 0x474d6ad7UL, 0x7c0c5e5cUL, +0xd1231959UL, 0x381b7298UL, 0xf5d2f4dbUL, 0xab838653UL, 0x6e2f1e23UL, 0x83719c9eUL, +0xbd91e046UL, 0x9a56456eUL, 0xdc39200cUL, 0x20c8c571UL, 0x962bda1cUL, 0xe1e696ffUL, +0xb141ab08UL, 0x7cca89b9UL, 0x1a69e783UL, 0x02cc4843UL, 0xa2f7c579UL, 0x429ef47dUL, +0x427b169cUL, 0x5ac9f049UL, 0xdd8f0f00UL, 0x5c8165bfUL}; static const unsigned long S2[256] = { -0x1f201094, 0xef0ba75b, 0x69e3cf7e, 0x393f4380, 0xfe61cf7a, 0xeec5207a, -0x55889c94, 0x72fc0651, 0xada7ef79, 0x4e1d7235, 0xd55a63ce, 0xde0436ba, -0x99c430ef, 0x5f0c0794, 0x18dcdb7d, 0xa1d6eff3, 0xa0b52f7b, 0x59e83605, -0xee15b094, 0xe9ffd909, 0xdc440086, 0xef944459, 0xba83ccb3, 0xe0c3cdfb, -0xd1da4181, 0x3b092ab1, 0xf997f1c1, 0xa5e6cf7b, 0x01420ddb, 0xe4e7ef5b, -0x25a1ff41, 0xe180f806, 0x1fc41080, 0x179bee7a, 0xd37ac6a9, 0xfe5830a4, -0x98de8b7f, 0x77e83f4e, 0x79929269, 0x24fa9f7b, 0xe113c85b, 0xacc40083, -0xd7503525, 0xf7ea615f, 0x62143154, 0x0d554b63, 0x5d681121, 0xc866c359, -0x3d63cf73, 0xcee234c0, 0xd4d87e87, 0x5c672b21, 0x071f6181, 0x39f7627f, -0x361e3084, 0xe4eb573b, 0x602f64a4, 0xd63acd9c, 0x1bbc4635, 0x9e81032d, -0x2701f50c, 0x99847ab4, 0xa0e3df79, 0xba6cf38c, 0x10843094, 0x2537a95e, -0xf46f6ffe, 0xa1ff3b1f, 0x208cfb6a, 0x8f458c74, 0xd9e0a227, 0x4ec73a34, -0xfc884f69, 0x3e4de8df, 0xef0e0088, 0x3559648d, 0x8a45388c, 0x1d804366, -0x721d9bfd, 0xa58684bb, 0xe8256333, 0x844e8212, 0x128d8098, 0xfed33fb4, -0xce280ae1, 0x27e19ba5, 0xd5a6c252, 0xe49754bd, 0xc5d655dd, 0xeb667064, -0x77840b4d, 0xa1b6a801, 0x84db26a9, 0xe0b56714, 0x21f043b7, 0xe5d05860, -0x54f03084, 0x066ff472, 0xa31aa153, 0xdadc4755, 0xb5625dbf, 0x68561be6, -0x83ca6b94, 0x2d6ed23b, 0xeccf01db, 0xa6d3d0ba, 0xb6803d5c, 0xaf77a709, -0x33b4a34c, 0x397bc8d6, 0x5ee22b95, 0x5f0e5304, 0x81ed6f61, 0x20e74364, -0xb45e1378, 0xde18639b, 0x881ca122, 0xb96726d1, 0x8049a7e8, 0x22b7da7b, -0x5e552d25, 0x5272d237, 0x79d2951c, 0xc60d894c, 0x488cb402, 0x1ba4fe5b, -0xa4b09f6b, 0x1ca815cf, 0xa20c3005, 0x8871df63, 0xb9de2fcb, 0x0cc6c9e9, -0x0beeff53, 0xe3214517, 0xb4542835, 0x9f63293c, 0xee41e729, 0x6e1d2d7c, -0x50045286, 0x1e6685f3, 0xf33401c6, 0x30a22c95, 0x31a70850, 0x60930f13, -0x73f98417, 0xa1269859, 0xec645c44, 0x52c877a9, 0xcdff33a6, 0xa02b1741, -0x7cbad9a2, 0x2180036f, 0x50d99c08, 0xcb3f4861, 0xc26bd765, 0x64a3f6ab, -0x80342676, 0x25a75e7b, 0xe4e6d1fc, 0x20c710e6, 0xcdf0b680, 0x17844d3b, -0x31eef84d, 0x7e0824e4, 0x2ccb49eb, 0x846a3bae, 0x8ff77888, 0xee5d60f6, -0x7af75673, 0x2fdd5cdb, 0xa11631c1, 0x30f66f43, 0xb3faec54, 0x157fd7fa, -0xef8579cc, 0xd152de58, 0xdb2ffd5e, 0x8f32ce19, 0x306af97a, 0x02f03ef8, -0x99319ad5, 0xc242fa0f, 0xa7e3ebb0, 0xc68e4906, 0xb8da230c, 0x80823028, -0xdcdef3c8, 0xd35fb171, 0x088a1bc8, 0xbec0c560, 0x61a3c9e8, 0xbca8f54d, -0xc72feffa, 0x22822e99, 0x82c570b4, 0xd8d94e89, 0x8b1c34bc, 0x301e16e6, -0x273be979, 0xb0ffeaa6, 0x61d9b8c6, 0x00b24869, 0xb7ffce3f, 0x08dc283b, -0x43daf65a, 0xf7e19798, 0x7619b72f, 0x8f1c9ba4, 0xdc8637a0, 0x16a7d3b1, -0x9fc393b7, 0xa7136eeb, 0xc6bcc63e, 0x1a513742, 0xef6828bc, 0x520365d6, -0x2d6a77ab, 0x3527ed4b, 0x821fd216, 0x095c6e2e, 0xdb92f2fb, 0x5eea29cb, -0x145892f5, 0x91584f7f, 0x5483697b, 0x2667a8cc, 0x85196048, 0x8c4bacea, -0x833860d4, 0x0d23e0f9, 0x6c387e8a, 0x0ae6d249, 0xb284600c, 0xd835731d, -0xdcb1c647, 0xac4c56ea, 0x3ebd81b3, 0x230eabb0, 0x6438bc87, 0xf0b5b1fa, -0x8f5ea2b3, 0xfc184642, 0x0a036b7a, 0x4fb089bd, 0x649da589, 0xa345415e, -0x5c038323, 0x3e5d3bb9, 0x43d79572, 0x7e6dd07c, 0x06dfdf1e, 0x6c6cc4ef, -0x7160a539, 0x73bfbe70, 0x83877605, 0x4523ecf1}; +0x1f201094UL, 0xef0ba75bUL, 0x69e3cf7eUL, 0x393f4380UL, 0xfe61cf7aUL, 0xeec5207aUL, +0x55889c94UL, 0x72fc0651UL, 0xada7ef79UL, 0x4e1d7235UL, 0xd55a63ceUL, 0xde0436baUL, +0x99c430efUL, 0x5f0c0794UL, 0x18dcdb7dUL, 0xa1d6eff3UL, 0xa0b52f7bUL, 0x59e83605UL, +0xee15b094UL, 0xe9ffd909UL, 0xdc440086UL, 0xef944459UL, 0xba83ccb3UL, 0xe0c3cdfbUL, +0xd1da4181UL, 0x3b092ab1UL, 0xf997f1c1UL, 0xa5e6cf7bUL, 0x01420ddbUL, 0xe4e7ef5bUL, +0x25a1ff41UL, 0xe180f806UL, 0x1fc41080UL, 0x179bee7aUL, 0xd37ac6a9UL, 0xfe5830a4UL, +0x98de8b7fUL, 0x77e83f4eUL, 0x79929269UL, 0x24fa9f7bUL, 0xe113c85bUL, 0xacc40083UL, +0xd7503525UL, 0xf7ea615fUL, 0x62143154UL, 0x0d554b63UL, 0x5d681121UL, 0xc866c359UL, +0x3d63cf73UL, 0xcee234c0UL, 0xd4d87e87UL, 0x5c672b21UL, 0x071f6181UL, 0x39f7627fUL, +0x361e3084UL, 0xe4eb573bUL, 0x602f64a4UL, 0xd63acd9cUL, 0x1bbc4635UL, 0x9e81032dUL, +0x2701f50cUL, 0x99847ab4UL, 0xa0e3df79UL, 0xba6cf38cUL, 0x10843094UL, 0x2537a95eUL, +0xf46f6ffeUL, 0xa1ff3b1fUL, 0x208cfb6aUL, 0x8f458c74UL, 0xd9e0a227UL, 0x4ec73a34UL, +0xfc884f69UL, 0x3e4de8dfUL, 0xef0e0088UL, 0x3559648dUL, 0x8a45388cUL, 0x1d804366UL, +0x721d9bfdUL, 0xa58684bbUL, 0xe8256333UL, 0x844e8212UL, 0x128d8098UL, 0xfed33fb4UL, +0xce280ae1UL, 0x27e19ba5UL, 0xd5a6c252UL, 0xe49754bdUL, 0xc5d655ddUL, 0xeb667064UL, +0x77840b4dUL, 0xa1b6a801UL, 0x84db26a9UL, 0xe0b56714UL, 0x21f043b7UL, 0xe5d05860UL, +0x54f03084UL, 0x066ff472UL, 0xa31aa153UL, 0xdadc4755UL, 0xb5625dbfUL, 0x68561be6UL, +0x83ca6b94UL, 0x2d6ed23bUL, 0xeccf01dbUL, 0xa6d3d0baUL, 0xb6803d5cUL, 0xaf77a709UL, +0x33b4a34cUL, 0x397bc8d6UL, 0x5ee22b95UL, 0x5f0e5304UL, 0x81ed6f61UL, 0x20e74364UL, +0xb45e1378UL, 0xde18639bUL, 0x881ca122UL, 0xb96726d1UL, 0x8049a7e8UL, 0x22b7da7bUL, +0x5e552d25UL, 0x5272d237UL, 0x79d2951cUL, 0xc60d894cUL, 0x488cb402UL, 0x1ba4fe5bUL, +0xa4b09f6bUL, 0x1ca815cfUL, 0xa20c3005UL, 0x8871df63UL, 0xb9de2fcbUL, 0x0cc6c9e9UL, +0x0beeff53UL, 0xe3214517UL, 0xb4542835UL, 0x9f63293cUL, 0xee41e729UL, 0x6e1d2d7cUL, +0x50045286UL, 0x1e6685f3UL, 0xf33401c6UL, 0x30a22c95UL, 0x31a70850UL, 0x60930f13UL, +0x73f98417UL, 0xa1269859UL, 0xec645c44UL, 0x52c877a9UL, 0xcdff33a6UL, 0xa02b1741UL, +0x7cbad9a2UL, 0x2180036fUL, 0x50d99c08UL, 0xcb3f4861UL, 0xc26bd765UL, 0x64a3f6abUL, +0x80342676UL, 0x25a75e7bUL, 0xe4e6d1fcUL, 0x20c710e6UL, 0xcdf0b680UL, 0x17844d3bUL, +0x31eef84dUL, 0x7e0824e4UL, 0x2ccb49ebUL, 0x846a3baeUL, 0x8ff77888UL, 0xee5d60f6UL, +0x7af75673UL, 0x2fdd5cdbUL, 0xa11631c1UL, 0x30f66f43UL, 0xb3faec54UL, 0x157fd7faUL, +0xef8579ccUL, 0xd152de58UL, 0xdb2ffd5eUL, 0x8f32ce19UL, 0x306af97aUL, 0x02f03ef8UL, +0x99319ad5UL, 0xc242fa0fUL, 0xa7e3ebb0UL, 0xc68e4906UL, 0xb8da230cUL, 0x80823028UL, +0xdcdef3c8UL, 0xd35fb171UL, 0x088a1bc8UL, 0xbec0c560UL, 0x61a3c9e8UL, 0xbca8f54dUL, +0xc72feffaUL, 0x22822e99UL, 0x82c570b4UL, 0xd8d94e89UL, 0x8b1c34bcUL, 0x301e16e6UL, +0x273be979UL, 0xb0ffeaa6UL, 0x61d9b8c6UL, 0x00b24869UL, 0xb7ffce3fUL, 0x08dc283bUL, +0x43daf65aUL, 0xf7e19798UL, 0x7619b72fUL, 0x8f1c9ba4UL, 0xdc8637a0UL, 0x16a7d3b1UL, +0x9fc393b7UL, 0xa7136eebUL, 0xc6bcc63eUL, 0x1a513742UL, 0xef6828bcUL, 0x520365d6UL, +0x2d6a77abUL, 0x3527ed4bUL, 0x821fd216UL, 0x095c6e2eUL, 0xdb92f2fbUL, 0x5eea29cbUL, +0x145892f5UL, 0x91584f7fUL, 0x5483697bUL, 0x2667a8ccUL, 0x85196048UL, 0x8c4baceaUL, +0x833860d4UL, 0x0d23e0f9UL, 0x6c387e8aUL, 0x0ae6d249UL, 0xb284600cUL, 0xd835731dUL, +0xdcb1c647UL, 0xac4c56eaUL, 0x3ebd81b3UL, 0x230eabb0UL, 0x6438bc87UL, 0xf0b5b1faUL, +0x8f5ea2b3UL, 0xfc184642UL, 0x0a036b7aUL, 0x4fb089bdUL, 0x649da589UL, 0xa345415eUL, +0x5c038323UL, 0x3e5d3bb9UL, 0x43d79572UL, 0x7e6dd07cUL, 0x06dfdf1eUL, 0x6c6cc4efUL, +0x7160a539UL, 0x73bfbe70UL, 0x83877605UL, 0x4523ecf1UL}; static const unsigned long S3[256] = { -0x8defc240, 0x25fa5d9f, 0xeb903dbf, 0xe810c907, 0x47607fff, 0x369fe44b, -0x8c1fc644, 0xaececa90, 0xbeb1f9bf, 0xeefbcaea, 0xe8cf1950, 0x51df07ae, -0x920e8806, 0xf0ad0548, 0xe13c8d83, 0x927010d5, 0x11107d9f, 0x07647db9, -0xb2e3e4d4, 0x3d4f285e, 0xb9afa820, 0xfade82e0, 0xa067268b, 0x8272792e, -0x553fb2c0, 0x489ae22b, 0xd4ef9794, 0x125e3fbc, 0x21fffcee, 0x825b1bfd, -0x9255c5ed, 0x1257a240, 0x4e1a8302, 0xbae07fff, 0x528246e7, 0x8e57140e, -0x3373f7bf, 0x8c9f8188, 0xa6fc4ee8, 0xc982b5a5, 0xa8c01db7, 0x579fc264, -0x67094f31, 0xf2bd3f5f, 0x40fff7c1, 0x1fb78dfc, 0x8e6bd2c1, 0x437be59b, -0x99b03dbf, 0xb5dbc64b, 0x638dc0e6, 0x55819d99, 0xa197c81c, 0x4a012d6e, -0xc5884a28, 0xccc36f71, 0xb843c213, 0x6c0743f1, 0x8309893c, 0x0feddd5f, -0x2f7fe850, 0xd7c07f7e, 0x02507fbf, 0x5afb9a04, 0xa747d2d0, 0x1651192e, -0xaf70bf3e, 0x58c31380, 0x5f98302e, 0x727cc3c4, 0x0a0fb402, 0x0f7fef82, -0x8c96fdad, 0x5d2c2aae, 0x8ee99a49, 0x50da88b8, 0x8427f4a0, 0x1eac5790, -0x796fb449, 0x8252dc15, 0xefbd7d9b, 0xa672597d, 0xada840d8, 0x45f54504, -0xfa5d7403, 0xe83ec305, 0x4f91751a, 0x925669c2, 0x23efe941, 0xa903f12e, -0x60270df2, 0x0276e4b6, 0x94fd6574, 0x927985b2, 0x8276dbcb, 0x02778176, -0xf8af918d, 0x4e48f79e, 0x8f616ddf, 0xe29d840e, 0x842f7d83, 0x340ce5c8, -0x96bbb682, 0x93b4b148, 0xef303cab, 0x984faf28, 0x779faf9b, 0x92dc560d, -0x224d1e20, 0x8437aa88, 0x7d29dc96, 0x2756d3dc, 0x8b907cee, 0xb51fd240, -0xe7c07ce3, 0xe566b4a1, 0xc3e9615e, 0x3cf8209d, 0x6094d1e3, 0xcd9ca341, -0x5c76460e, 0x00ea983b, 0xd4d67881, 0xfd47572c, 0xf76cedd9, 0xbda8229c, -0x127dadaa, 0x438a074e, 0x1f97c090, 0x081bdb8a, 0x93a07ebe, 0xb938ca15, -0x97b03cff, 0x3dc2c0f8, 0x8d1ab2ec, 0x64380e51, 0x68cc7bfb, 0xd90f2788, -0x12490181, 0x5de5ffd4, 0xdd7ef86a, 0x76a2e214, 0xb9a40368, 0x925d958f, -0x4b39fffa, 0xba39aee9, 0xa4ffd30b, 0xfaf7933b, 0x6d498623, 0x193cbcfa, -0x27627545, 0x825cf47a, 0x61bd8ba0, 0xd11e42d1, 0xcead04f4, 0x127ea392, -0x10428db7, 0x8272a972, 0x9270c4a8, 0x127de50b, 0x285ba1c8, 0x3c62f44f, -0x35c0eaa5, 0xe805d231, 0x428929fb, 0xb4fcdf82, 0x4fb66a53, 0x0e7dc15b, -0x1f081fab, 0x108618ae, 0xfcfd086d, 0xf9ff2889, 0x694bcc11, 0x236a5cae, -0x12deca4d, 0x2c3f8cc5, 0xd2d02dfe, 0xf8ef5896, 0xe4cf52da, 0x95155b67, -0x494a488c, 0xb9b6a80c, 0x5c8f82bc, 0x89d36b45, 0x3a609437, 0xec00c9a9, -0x44715253, 0x0a874b49, 0xd773bc40, 0x7c34671c, 0x02717ef6, 0x4feb5536, -0xa2d02fff, 0xd2bf60c4, 0xd43f03c0, 0x50b4ef6d, 0x07478cd1, 0x006e1888, -0xa2e53f55, 0xb9e6d4bc, 0xa2048016, 0x97573833, 0xd7207d67, 0xde0f8f3d, -0x72f87b33, 0xabcc4f33, 0x7688c55d, 0x7b00a6b0, 0x947b0001, 0x570075d2, -0xf9bb88f8, 0x8942019e, 0x4264a5ff, 0x856302e0, 0x72dbd92b, 0xee971b69, -0x6ea22fde, 0x5f08ae2b, 0xaf7a616d, 0xe5c98767, 0xcf1febd2, 0x61efc8c2, -0xf1ac2571, 0xcc8239c2, 0x67214cb8, 0xb1e583d1, 0xb7dc3e62, 0x7f10bdce, -0xf90a5c38, 0x0ff0443d, 0x606e6dc6, 0x60543a49, 0x5727c148, 0x2be98a1d, -0x8ab41738, 0x20e1be24, 0xaf96da0f, 0x68458425, 0x99833be5, 0x600d457d, -0x282f9350, 0x8334b362, 0xd91d1120, 0x2b6d8da0, 0x642b1e31, 0x9c305a00, -0x52bce688, 0x1b03588a, 0xf7baefd5, 0x4142ed9c, 0xa4315c11, 0x83323ec5, -0xdfef4636, 0xa133c501, 0xe9d3531c, 0xee353783}; +0x8defc240UL, 0x25fa5d9fUL, 0xeb903dbfUL, 0xe810c907UL, 0x47607fffUL, 0x369fe44bUL, +0x8c1fc644UL, 0xaececa90UL, 0xbeb1f9bfUL, 0xeefbcaeaUL, 0xe8cf1950UL, 0x51df07aeUL, +0x920e8806UL, 0xf0ad0548UL, 0xe13c8d83UL, 0x927010d5UL, 0x11107d9fUL, 0x07647db9UL, +0xb2e3e4d4UL, 0x3d4f285eUL, 0xb9afa820UL, 0xfade82e0UL, 0xa067268bUL, 0x8272792eUL, +0x553fb2c0UL, 0x489ae22bUL, 0xd4ef9794UL, 0x125e3fbcUL, 0x21fffceeUL, 0x825b1bfdUL, +0x9255c5edUL, 0x1257a240UL, 0x4e1a8302UL, 0xbae07fffUL, 0x528246e7UL, 0x8e57140eUL, +0x3373f7bfUL, 0x8c9f8188UL, 0xa6fc4ee8UL, 0xc982b5a5UL, 0xa8c01db7UL, 0x579fc264UL, +0x67094f31UL, 0xf2bd3f5fUL, 0x40fff7c1UL, 0x1fb78dfcUL, 0x8e6bd2c1UL, 0x437be59bUL, +0x99b03dbfUL, 0xb5dbc64bUL, 0x638dc0e6UL, 0x55819d99UL, 0xa197c81cUL, 0x4a012d6eUL, +0xc5884a28UL, 0xccc36f71UL, 0xb843c213UL, 0x6c0743f1UL, 0x8309893cUL, 0x0feddd5fUL, +0x2f7fe850UL, 0xd7c07f7eUL, 0x02507fbfUL, 0x5afb9a04UL, 0xa747d2d0UL, 0x1651192eUL, +0xaf70bf3eUL, 0x58c31380UL, 0x5f98302eUL, 0x727cc3c4UL, 0x0a0fb402UL, 0x0f7fef82UL, +0x8c96fdadUL, 0x5d2c2aaeUL, 0x8ee99a49UL, 0x50da88b8UL, 0x8427f4a0UL, 0x1eac5790UL, +0x796fb449UL, 0x8252dc15UL, 0xefbd7d9bUL, 0xa672597dUL, 0xada840d8UL, 0x45f54504UL, +0xfa5d7403UL, 0xe83ec305UL, 0x4f91751aUL, 0x925669c2UL, 0x23efe941UL, 0xa903f12eUL, +0x60270df2UL, 0x0276e4b6UL, 0x94fd6574UL, 0x927985b2UL, 0x8276dbcbUL, 0x02778176UL, +0xf8af918dUL, 0x4e48f79eUL, 0x8f616ddfUL, 0xe29d840eUL, 0x842f7d83UL, 0x340ce5c8UL, +0x96bbb682UL, 0x93b4b148UL, 0xef303cabUL, 0x984faf28UL, 0x779faf9bUL, 0x92dc560dUL, +0x224d1e20UL, 0x8437aa88UL, 0x7d29dc96UL, 0x2756d3dcUL, 0x8b907ceeUL, 0xb51fd240UL, +0xe7c07ce3UL, 0xe566b4a1UL, 0xc3e9615eUL, 0x3cf8209dUL, 0x6094d1e3UL, 0xcd9ca341UL, +0x5c76460eUL, 0x00ea983bUL, 0xd4d67881UL, 0xfd47572cUL, 0xf76cedd9UL, 0xbda8229cUL, +0x127dadaaUL, 0x438a074eUL, 0x1f97c090UL, 0x081bdb8aUL, 0x93a07ebeUL, 0xb938ca15UL, +0x97b03cffUL, 0x3dc2c0f8UL, 0x8d1ab2ecUL, 0x64380e51UL, 0x68cc7bfbUL, 0xd90f2788UL, +0x12490181UL, 0x5de5ffd4UL, 0xdd7ef86aUL, 0x76a2e214UL, 0xb9a40368UL, 0x925d958fUL, +0x4b39fffaUL, 0xba39aee9UL, 0xa4ffd30bUL, 0xfaf7933bUL, 0x6d498623UL, 0x193cbcfaUL, +0x27627545UL, 0x825cf47aUL, 0x61bd8ba0UL, 0xd11e42d1UL, 0xcead04f4UL, 0x127ea392UL, +0x10428db7UL, 0x8272a972UL, 0x9270c4a8UL, 0x127de50bUL, 0x285ba1c8UL, 0x3c62f44fUL, +0x35c0eaa5UL, 0xe805d231UL, 0x428929fbUL, 0xb4fcdf82UL, 0x4fb66a53UL, 0x0e7dc15bUL, +0x1f081fabUL, 0x108618aeUL, 0xfcfd086dUL, 0xf9ff2889UL, 0x694bcc11UL, 0x236a5caeUL, +0x12deca4dUL, 0x2c3f8cc5UL, 0xd2d02dfeUL, 0xf8ef5896UL, 0xe4cf52daUL, 0x95155b67UL, +0x494a488cUL, 0xb9b6a80cUL, 0x5c8f82bcUL, 0x89d36b45UL, 0x3a609437UL, 0xec00c9a9UL, +0x44715253UL, 0x0a874b49UL, 0xd773bc40UL, 0x7c34671cUL, 0x02717ef6UL, 0x4feb5536UL, +0xa2d02fffUL, 0xd2bf60c4UL, 0xd43f03c0UL, 0x50b4ef6dUL, 0x07478cd1UL, 0x006e1888UL, +0xa2e53f55UL, 0xb9e6d4bcUL, 0xa2048016UL, 0x97573833UL, 0xd7207d67UL, 0xde0f8f3dUL, +0x72f87b33UL, 0xabcc4f33UL, 0x7688c55dUL, 0x7b00a6b0UL, 0x947b0001UL, 0x570075d2UL, +0xf9bb88f8UL, 0x8942019eUL, 0x4264a5ffUL, 0x856302e0UL, 0x72dbd92bUL, 0xee971b69UL, +0x6ea22fdeUL, 0x5f08ae2bUL, 0xaf7a616dUL, 0xe5c98767UL, 0xcf1febd2UL, 0x61efc8c2UL, +0xf1ac2571UL, 0xcc8239c2UL, 0x67214cb8UL, 0xb1e583d1UL, 0xb7dc3e62UL, 0x7f10bdceUL, +0xf90a5c38UL, 0x0ff0443dUL, 0x606e6dc6UL, 0x60543a49UL, 0x5727c148UL, 0x2be98a1dUL, +0x8ab41738UL, 0x20e1be24UL, 0xaf96da0fUL, 0x68458425UL, 0x99833be5UL, 0x600d457dUL, +0x282f9350UL, 0x8334b362UL, 0xd91d1120UL, 0x2b6d8da0UL, 0x642b1e31UL, 0x9c305a00UL, +0x52bce688UL, 0x1b03588aUL, 0xf7baefd5UL, 0x4142ed9cUL, 0xa4315c11UL, 0x83323ec5UL, +0xdfef4636UL, 0xa133c501UL, 0xe9d3531cUL, 0xee353783UL}; static const unsigned long S4[256] = { -0x9db30420, 0x1fb6e9de, 0xa7be7bef, 0xd273a298, 0x4a4f7bdb, 0x64ad8c57, -0x85510443, 0xfa020ed1, 0x7e287aff, 0xe60fb663, 0x095f35a1, 0x79ebf120, -0xfd059d43, 0x6497b7b1, 0xf3641f63, 0x241e4adf, 0x28147f5f, 0x4fa2b8cd, -0xc9430040, 0x0cc32220, 0xfdd30b30, 0xc0a5374f, 0x1d2d00d9, 0x24147b15, -0xee4d111a, 0x0fca5167, 0x71ff904c, 0x2d195ffe, 0x1a05645f, 0x0c13fefe, -0x081b08ca, 0x05170121, 0x80530100, 0xe83e5efe, 0xac9af4f8, 0x7fe72701, -0xd2b8ee5f, 0x06df4261, 0xbb9e9b8a, 0x7293ea25, 0xce84ffdf, 0xf5718801, -0x3dd64b04, 0xa26f263b, 0x7ed48400, 0x547eebe6, 0x446d4ca0, 0x6cf3d6f5, -0x2649abdf, 0xaea0c7f5, 0x36338cc1, 0x503f7e93, 0xd3772061, 0x11b638e1, -0x72500e03, 0xf80eb2bb, 0xabe0502e, 0xec8d77de, 0x57971e81, 0xe14f6746, -0xc9335400, 0x6920318f, 0x081dbb99, 0xffc304a5, 0x4d351805, 0x7f3d5ce3, -0xa6c866c6, 0x5d5bcca9, 0xdaec6fea, 0x9f926f91, 0x9f46222f, 0x3991467d, -0xa5bf6d8e, 0x1143c44f, 0x43958302, 0xd0214eeb, 0x022083b8, 0x3fb6180c, -0x18f8931e, 0x281658e6, 0x26486e3e, 0x8bd78a70, 0x7477e4c1, 0xb506e07c, -0xf32d0a25, 0x79098b02, 0xe4eabb81, 0x28123b23, 0x69dead38, 0x1574ca16, -0xdf871b62, 0x211c40b7, 0xa51a9ef9, 0x0014377b, 0x041e8ac8, 0x09114003, -0xbd59e4d2, 0xe3d156d5, 0x4fe876d5, 0x2f91a340, 0x557be8de, 0x00eae4a7, -0x0ce5c2ec, 0x4db4bba6, 0xe756bdff, 0xdd3369ac, 0xec17b035, 0x06572327, -0x99afc8b0, 0x56c8c391, 0x6b65811c, 0x5e146119, 0x6e85cb75, 0xbe07c002, -0xc2325577, 0x893ff4ec, 0x5bbfc92d, 0xd0ec3b25, 0xb7801ab7, 0x8d6d3b24, -0x20c763ef, 0xc366a5fc, 0x9c382880, 0x0ace3205, 0xaac9548a, 0xeca1d7c7, -0x041afa32, 0x1d16625a, 0x6701902c, 0x9b757a54, 0x31d477f7, 0x9126b031, -0x36cc6fdb, 0xc70b8b46, 0xd9e66a48, 0x56e55a79, 0x026a4ceb, 0x52437eff, -0x2f8f76b4, 0x0df980a5, 0x8674cde3, 0xedda04eb, 0x17a9be04, 0x2c18f4df, -0xb7747f9d, 0xab2af7b4, 0xefc34d20, 0x2e096b7c, 0x1741a254, 0xe5b6a035, -0x213d42f6, 0x2c1c7c26, 0x61c2f50f, 0x6552daf9, 0xd2c231f8, 0x25130f69, -0xd8167fa2, 0x0418f2c8, 0x001a96a6, 0x0d1526ab, 0x63315c21, 0x5e0a72ec, -0x49bafefd, 0x187908d9, 0x8d0dbd86, 0x311170a7, 0x3e9b640c, 0xcc3e10d7, -0xd5cad3b6, 0x0caec388, 0xf73001e1, 0x6c728aff, 0x71eae2a1, 0x1f9af36e, -0xcfcbd12f, 0xc1de8417, 0xac07be6b, 0xcb44a1d8, 0x8b9b0f56, 0x013988c3, -0xb1c52fca, 0xb4be31cd, 0xd8782806, 0x12a3a4e2, 0x6f7de532, 0x58fd7eb6, -0xd01ee900, 0x24adffc2, 0xf4990fc5, 0x9711aac5, 0x001d7b95, 0x82e5e7d2, -0x109873f6, 0x00613096, 0xc32d9521, 0xada121ff, 0x29908415, 0x7fbb977f, -0xaf9eb3db, 0x29c9ed2a, 0x5ce2a465, 0xa730f32c, 0xd0aa3fe8, 0x8a5cc091, -0xd49e2ce7, 0x0ce454a9, 0xd60acd86, 0x015f1919, 0x77079103, 0xdea03af6, -0x78a8565e, 0xdee356df, 0x21f05cbe, 0x8b75e387, 0xb3c50651, 0xb8a5c3ef, -0xd8eeb6d2, 0xe523be77, 0xc2154529, 0x2f69efdf, 0xafe67afb, 0xf470c4b2, -0xf3e0eb5b, 0xd6cc9876, 0x39e4460c, 0x1fda8538, 0x1987832f, 0xca007367, -0xa99144f8, 0x296b299e, 0x492fc295, 0x9266beab, 0xb5676e69, 0x9bd3ddda, -0xdf7e052f, 0xdb25701c, 0x1b5e51ee, 0xf65324e6, 0x6afce36c, 0x0316cc04, -0x8644213e, 0xb7dc59d0, 0x7965291f, 0xccd6fd43, 0x41823979, 0x932bcdf6, -0xb657c34d, 0x4edfd282, 0x7ae5290c, 0x3cb9536b, 0x851e20fe, 0x9833557e, -0x13ecf0b0, 0xd3ffb372, 0x3f85c5c1, 0x0aef7ed2}; +0x9db30420UL, 0x1fb6e9deUL, 0xa7be7befUL, 0xd273a298UL, 0x4a4f7bdbUL, 0x64ad8c57UL, +0x85510443UL, 0xfa020ed1UL, 0x7e287affUL, 0xe60fb663UL, 0x095f35a1UL, 0x79ebf120UL, +0xfd059d43UL, 0x6497b7b1UL, 0xf3641f63UL, 0x241e4adfUL, 0x28147f5fUL, 0x4fa2b8cdUL, +0xc9430040UL, 0x0cc32220UL, 0xfdd30b30UL, 0xc0a5374fUL, 0x1d2d00d9UL, 0x24147b15UL, +0xee4d111aUL, 0x0fca5167UL, 0x71ff904cUL, 0x2d195ffeUL, 0x1a05645fUL, 0x0c13fefeUL, +0x081b08caUL, 0x05170121UL, 0x80530100UL, 0xe83e5efeUL, 0xac9af4f8UL, 0x7fe72701UL, +0xd2b8ee5fUL, 0x06df4261UL, 0xbb9e9b8aUL, 0x7293ea25UL, 0xce84ffdfUL, 0xf5718801UL, +0x3dd64b04UL, 0xa26f263bUL, 0x7ed48400UL, 0x547eebe6UL, 0x446d4ca0UL, 0x6cf3d6f5UL, +0x2649abdfUL, 0xaea0c7f5UL, 0x36338cc1UL, 0x503f7e93UL, 0xd3772061UL, 0x11b638e1UL, +0x72500e03UL, 0xf80eb2bbUL, 0xabe0502eUL, 0xec8d77deUL, 0x57971e81UL, 0xe14f6746UL, +0xc9335400UL, 0x6920318fUL, 0x081dbb99UL, 0xffc304a5UL, 0x4d351805UL, 0x7f3d5ce3UL, +0xa6c866c6UL, 0x5d5bcca9UL, 0xdaec6feaUL, 0x9f926f91UL, 0x9f46222fUL, 0x3991467dUL, +0xa5bf6d8eUL, 0x1143c44fUL, 0x43958302UL, 0xd0214eebUL, 0x022083b8UL, 0x3fb6180cUL, +0x18f8931eUL, 0x281658e6UL, 0x26486e3eUL, 0x8bd78a70UL, 0x7477e4c1UL, 0xb506e07cUL, +0xf32d0a25UL, 0x79098b02UL, 0xe4eabb81UL, 0x28123b23UL, 0x69dead38UL, 0x1574ca16UL, +0xdf871b62UL, 0x211c40b7UL, 0xa51a9ef9UL, 0x0014377bUL, 0x041e8ac8UL, 0x09114003UL, +0xbd59e4d2UL, 0xe3d156d5UL, 0x4fe876d5UL, 0x2f91a340UL, 0x557be8deUL, 0x00eae4a7UL, +0x0ce5c2ecUL, 0x4db4bba6UL, 0xe756bdffUL, 0xdd3369acUL, 0xec17b035UL, 0x06572327UL, +0x99afc8b0UL, 0x56c8c391UL, 0x6b65811cUL, 0x5e146119UL, 0x6e85cb75UL, 0xbe07c002UL, +0xc2325577UL, 0x893ff4ecUL, 0x5bbfc92dUL, 0xd0ec3b25UL, 0xb7801ab7UL, 0x8d6d3b24UL, +0x20c763efUL, 0xc366a5fcUL, 0x9c382880UL, 0x0ace3205UL, 0xaac9548aUL, 0xeca1d7c7UL, +0x041afa32UL, 0x1d16625aUL, 0x6701902cUL, 0x9b757a54UL, 0x31d477f7UL, 0x9126b031UL, +0x36cc6fdbUL, 0xc70b8b46UL, 0xd9e66a48UL, 0x56e55a79UL, 0x026a4cebUL, 0x52437effUL, +0x2f8f76b4UL, 0x0df980a5UL, 0x8674cde3UL, 0xedda04ebUL, 0x17a9be04UL, 0x2c18f4dfUL, +0xb7747f9dUL, 0xab2af7b4UL, 0xefc34d20UL, 0x2e096b7cUL, 0x1741a254UL, 0xe5b6a035UL, +0x213d42f6UL, 0x2c1c7c26UL, 0x61c2f50fUL, 0x6552daf9UL, 0xd2c231f8UL, 0x25130f69UL, +0xd8167fa2UL, 0x0418f2c8UL, 0x001a96a6UL, 0x0d1526abUL, 0x63315c21UL, 0x5e0a72ecUL, +0x49bafefdUL, 0x187908d9UL, 0x8d0dbd86UL, 0x311170a7UL, 0x3e9b640cUL, 0xcc3e10d7UL, +0xd5cad3b6UL, 0x0caec388UL, 0xf73001e1UL, 0x6c728affUL, 0x71eae2a1UL, 0x1f9af36eUL, +0xcfcbd12fUL, 0xc1de8417UL, 0xac07be6bUL, 0xcb44a1d8UL, 0x8b9b0f56UL, 0x013988c3UL, +0xb1c52fcaUL, 0xb4be31cdUL, 0xd8782806UL, 0x12a3a4e2UL, 0x6f7de532UL, 0x58fd7eb6UL, +0xd01ee900UL, 0x24adffc2UL, 0xf4990fc5UL, 0x9711aac5UL, 0x001d7b95UL, 0x82e5e7d2UL, +0x109873f6UL, 0x00613096UL, 0xc32d9521UL, 0xada121ffUL, 0x29908415UL, 0x7fbb977fUL, +0xaf9eb3dbUL, 0x29c9ed2aUL, 0x5ce2a465UL, 0xa730f32cUL, 0xd0aa3fe8UL, 0x8a5cc091UL, +0xd49e2ce7UL, 0x0ce454a9UL, 0xd60acd86UL, 0x015f1919UL, 0x77079103UL, 0xdea03af6UL, +0x78a8565eUL, 0xdee356dfUL, 0x21f05cbeUL, 0x8b75e387UL, 0xb3c50651UL, 0xb8a5c3efUL, +0xd8eeb6d2UL, 0xe523be77UL, 0xc2154529UL, 0x2f69efdfUL, 0xafe67afbUL, 0xf470c4b2UL, +0xf3e0eb5bUL, 0xd6cc9876UL, 0x39e4460cUL, 0x1fda8538UL, 0x1987832fUL, 0xca007367UL, +0xa99144f8UL, 0x296b299eUL, 0x492fc295UL, 0x9266beabUL, 0xb5676e69UL, 0x9bd3dddaUL, +0xdf7e052fUL, 0xdb25701cUL, 0x1b5e51eeUL, 0xf65324e6UL, 0x6afce36cUL, 0x0316cc04UL, +0x8644213eUL, 0xb7dc59d0UL, 0x7965291fUL, 0xccd6fd43UL, 0x41823979UL, 0x932bcdf6UL, +0xb657c34dUL, 0x4edfd282UL, 0x7ae5290cUL, 0x3cb9536bUL, 0x851e20feUL, 0x9833557eUL, +0x13ecf0b0UL, 0xd3ffb372UL, 0x3f85c5c1UL, 0x0aef7ed2UL}; static const unsigned long S5[256] = { -0x7ec90c04, 0x2c6e74b9, 0x9b0e66df, 0xa6337911, 0xb86a7fff, 0x1dd358f5, -0x44dd9d44, 0x1731167f, 0x08fbf1fa, 0xe7f511cc, 0xd2051b00, 0x735aba00, -0x2ab722d8, 0x386381cb, 0xacf6243a, 0x69befd7a, 0xe6a2e77f, 0xf0c720cd, -0xc4494816, 0xccf5c180, 0x38851640, 0x15b0a848, 0xe68b18cb, 0x4caadeff, -0x5f480a01, 0x0412b2aa, 0x259814fc, 0x41d0efe2, 0x4e40b48d, 0x248eb6fb, -0x8dba1cfe, 0x41a99b02, 0x1a550a04, 0xba8f65cb, 0x7251f4e7, 0x95a51725, -0xc106ecd7, 0x97a5980a, 0xc539b9aa, 0x4d79fe6a, 0xf2f3f763, 0x68af8040, -0xed0c9e56, 0x11b4958b, 0xe1eb5a88, 0x8709e6b0, 0xd7e07156, 0x4e29fea7, -0x6366e52d, 0x02d1c000, 0xc4ac8e05, 0x9377f571, 0x0c05372a, 0x578535f2, -0x2261be02, 0xd642a0c9, 0xdf13a280, 0x74b55bd2, 0x682199c0, 0xd421e5ec, -0x53fb3ce8, 0xc8adedb3, 0x28a87fc9, 0x3d959981, 0x5c1ff900, 0xfe38d399, -0x0c4eff0b, 0x062407ea, 0xaa2f4fb1, 0x4fb96976, 0x90c79505, 0xb0a8a774, -0xef55a1ff, 0xe59ca2c2, 0xa6b62d27, 0xe66a4263, 0xdf65001f, 0x0ec50966, -0xdfdd55bc, 0x29de0655, 0x911e739a, 0x17af8975, 0x32c7911c, 0x89f89468, -0x0d01e980, 0x524755f4, 0x03b63cc9, 0x0cc844b2, 0xbcf3f0aa, 0x87ac36e9, -0xe53a7426, 0x01b3d82b, 0x1a9e7449, 0x64ee2d7e, 0xcddbb1da, 0x01c94910, -0xb868bf80, 0x0d26f3fd, 0x9342ede7, 0x04a5c284, 0x636737b6, 0x50f5b616, -0xf24766e3, 0x8eca36c1, 0x136e05db, 0xfef18391, 0xfb887a37, 0xd6e7f7d4, -0xc7fb7dc9, 0x3063fcdf, 0xb6f589de, 0xec2941da, 0x26e46695, 0xb7566419, -0xf654efc5, 0xd08d58b7, 0x48925401, 0xc1bacb7f, 0xe5ff550f, 0xb6083049, -0x5bb5d0e8, 0x87d72e5a, 0xab6a6ee1, 0x223a66ce, 0xc62bf3cd, 0x9e0885f9, -0x68cb3e47, 0x086c010f, 0xa21de820, 0xd18b69de, 0xf3f65777, 0xfa02c3f6, -0x407edac3, 0xcbb3d550, 0x1793084d, 0xb0d70eba, 0x0ab378d5, 0xd951fb0c, -0xded7da56, 0x4124bbe4, 0x94ca0b56, 0x0f5755d1, 0xe0e1e56e, 0x6184b5be, -0x580a249f, 0x94f74bc0, 0xe327888e, 0x9f7b5561, 0xc3dc0280, 0x05687715, -0x646c6bd7, 0x44904db3, 0x66b4f0a3, 0xc0f1648a, 0x697ed5af, 0x49e92ff6, -0x309e374f, 0x2cb6356a, 0x85808573, 0x4991f840, 0x76f0ae02, 0x083be84d, -0x28421c9a, 0x44489406, 0x736e4cb8, 0xc1092910, 0x8bc95fc6, 0x7d869cf4, -0x134f616f, 0x2e77118d, 0xb31b2be1, 0xaa90b472, 0x3ca5d717, 0x7d161bba, -0x9cad9010, 0xaf462ba2, 0x9fe459d2, 0x45d34559, 0xd9f2da13, 0xdbc65487, -0xf3e4f94e, 0x176d486f, 0x097c13ea, 0x631da5c7, 0x445f7382, 0x175683f4, -0xcdc66a97, 0x70be0288, 0xb3cdcf72, 0x6e5dd2f3, 0x20936079, 0x459b80a5, -0xbe60e2db, 0xa9c23101, 0xeba5315c, 0x224e42f2, 0x1c5c1572, 0xf6721b2c, -0x1ad2fff3, 0x8c25404e, 0x324ed72f, 0x4067b7fd, 0x0523138e, 0x5ca3bc78, -0xdc0fd66e, 0x75922283, 0x784d6b17, 0x58ebb16e, 0x44094f85, 0x3f481d87, -0xfcfeae7b, 0x77b5ff76, 0x8c2302bf, 0xaaf47556, 0x5f46b02a, 0x2b092801, -0x3d38f5f7, 0x0ca81f36, 0x52af4a8a, 0x66d5e7c0, 0xdf3b0874, 0x95055110, -0x1b5ad7a8, 0xf61ed5ad, 0x6cf6e479, 0x20758184, 0xd0cefa65, 0x88f7be58, -0x4a046826, 0x0ff6f8f3, 0xa09c7f70, 0x5346aba0, 0x5ce96c28, 0xe176eda3, -0x6bac307f, 0x376829d2, 0x85360fa9, 0x17e3fe2a, 0x24b79767, 0xf5a96b20, -0xd6cd2595, 0x68ff1ebf, 0x7555442c, 0xf19f06be, 0xf9e0659a, 0xeeb9491d, -0x34010718, 0xbb30cab8, 0xe822fe15, 0x88570983, 0x750e6249, 0xda627e55, -0x5e76ffa8, 0xb1534546, 0x6d47de08, 0xefe9e7d4}; +0x7ec90c04UL, 0x2c6e74b9UL, 0x9b0e66dfUL, 0xa6337911UL, 0xb86a7fffUL, 0x1dd358f5UL, +0x44dd9d44UL, 0x1731167fUL, 0x08fbf1faUL, 0xe7f511ccUL, 0xd2051b00UL, 0x735aba00UL, +0x2ab722d8UL, 0x386381cbUL, 0xacf6243aUL, 0x69befd7aUL, 0xe6a2e77fUL, 0xf0c720cdUL, +0xc4494816UL, 0xccf5c180UL, 0x38851640UL, 0x15b0a848UL, 0xe68b18cbUL, 0x4caadeffUL, +0x5f480a01UL, 0x0412b2aaUL, 0x259814fcUL, 0x41d0efe2UL, 0x4e40b48dUL, 0x248eb6fbUL, +0x8dba1cfeUL, 0x41a99b02UL, 0x1a550a04UL, 0xba8f65cbUL, 0x7251f4e7UL, 0x95a51725UL, +0xc106ecd7UL, 0x97a5980aUL, 0xc539b9aaUL, 0x4d79fe6aUL, 0xf2f3f763UL, 0x68af8040UL, +0xed0c9e56UL, 0x11b4958bUL, 0xe1eb5a88UL, 0x8709e6b0UL, 0xd7e07156UL, 0x4e29fea7UL, +0x6366e52dUL, 0x02d1c000UL, 0xc4ac8e05UL, 0x9377f571UL, 0x0c05372aUL, 0x578535f2UL, +0x2261be02UL, 0xd642a0c9UL, 0xdf13a280UL, 0x74b55bd2UL, 0x682199c0UL, 0xd421e5ecUL, +0x53fb3ce8UL, 0xc8adedb3UL, 0x28a87fc9UL, 0x3d959981UL, 0x5c1ff900UL, 0xfe38d399UL, +0x0c4eff0bUL, 0x062407eaUL, 0xaa2f4fb1UL, 0x4fb96976UL, 0x90c79505UL, 0xb0a8a774UL, +0xef55a1ffUL, 0xe59ca2c2UL, 0xa6b62d27UL, 0xe66a4263UL, 0xdf65001fUL, 0x0ec50966UL, +0xdfdd55bcUL, 0x29de0655UL, 0x911e739aUL, 0x17af8975UL, 0x32c7911cUL, 0x89f89468UL, +0x0d01e980UL, 0x524755f4UL, 0x03b63cc9UL, 0x0cc844b2UL, 0xbcf3f0aaUL, 0x87ac36e9UL, +0xe53a7426UL, 0x01b3d82bUL, 0x1a9e7449UL, 0x64ee2d7eUL, 0xcddbb1daUL, 0x01c94910UL, +0xb868bf80UL, 0x0d26f3fdUL, 0x9342ede7UL, 0x04a5c284UL, 0x636737b6UL, 0x50f5b616UL, +0xf24766e3UL, 0x8eca36c1UL, 0x136e05dbUL, 0xfef18391UL, 0xfb887a37UL, 0xd6e7f7d4UL, +0xc7fb7dc9UL, 0x3063fcdfUL, 0xb6f589deUL, 0xec2941daUL, 0x26e46695UL, 0xb7566419UL, +0xf654efc5UL, 0xd08d58b7UL, 0x48925401UL, 0xc1bacb7fUL, 0xe5ff550fUL, 0xb6083049UL, +0x5bb5d0e8UL, 0x87d72e5aUL, 0xab6a6ee1UL, 0x223a66ceUL, 0xc62bf3cdUL, 0x9e0885f9UL, +0x68cb3e47UL, 0x086c010fUL, 0xa21de820UL, 0xd18b69deUL, 0xf3f65777UL, 0xfa02c3f6UL, +0x407edac3UL, 0xcbb3d550UL, 0x1793084dUL, 0xb0d70ebaUL, 0x0ab378d5UL, 0xd951fb0cUL, +0xded7da56UL, 0x4124bbe4UL, 0x94ca0b56UL, 0x0f5755d1UL, 0xe0e1e56eUL, 0x6184b5beUL, +0x580a249fUL, 0x94f74bc0UL, 0xe327888eUL, 0x9f7b5561UL, 0xc3dc0280UL, 0x05687715UL, +0x646c6bd7UL, 0x44904db3UL, 0x66b4f0a3UL, 0xc0f1648aUL, 0x697ed5afUL, 0x49e92ff6UL, +0x309e374fUL, 0x2cb6356aUL, 0x85808573UL, 0x4991f840UL, 0x76f0ae02UL, 0x083be84dUL, +0x28421c9aUL, 0x44489406UL, 0x736e4cb8UL, 0xc1092910UL, 0x8bc95fc6UL, 0x7d869cf4UL, +0x134f616fUL, 0x2e77118dUL, 0xb31b2be1UL, 0xaa90b472UL, 0x3ca5d717UL, 0x7d161bbaUL, +0x9cad9010UL, 0xaf462ba2UL, 0x9fe459d2UL, 0x45d34559UL, 0xd9f2da13UL, 0xdbc65487UL, +0xf3e4f94eUL, 0x176d486fUL, 0x097c13eaUL, 0x631da5c7UL, 0x445f7382UL, 0x175683f4UL, +0xcdc66a97UL, 0x70be0288UL, 0xb3cdcf72UL, 0x6e5dd2f3UL, 0x20936079UL, 0x459b80a5UL, +0xbe60e2dbUL, 0xa9c23101UL, 0xeba5315cUL, 0x224e42f2UL, 0x1c5c1572UL, 0xf6721b2cUL, +0x1ad2fff3UL, 0x8c25404eUL, 0x324ed72fUL, 0x4067b7fdUL, 0x0523138eUL, 0x5ca3bc78UL, +0xdc0fd66eUL, 0x75922283UL, 0x784d6b17UL, 0x58ebb16eUL, 0x44094f85UL, 0x3f481d87UL, +0xfcfeae7bUL, 0x77b5ff76UL, 0x8c2302bfUL, 0xaaf47556UL, 0x5f46b02aUL, 0x2b092801UL, +0x3d38f5f7UL, 0x0ca81f36UL, 0x52af4a8aUL, 0x66d5e7c0UL, 0xdf3b0874UL, 0x95055110UL, +0x1b5ad7a8UL, 0xf61ed5adUL, 0x6cf6e479UL, 0x20758184UL, 0xd0cefa65UL, 0x88f7be58UL, +0x4a046826UL, 0x0ff6f8f3UL, 0xa09c7f70UL, 0x5346aba0UL, 0x5ce96c28UL, 0xe176eda3UL, +0x6bac307fUL, 0x376829d2UL, 0x85360fa9UL, 0x17e3fe2aUL, 0x24b79767UL, 0xf5a96b20UL, +0xd6cd2595UL, 0x68ff1ebfUL, 0x7555442cUL, 0xf19f06beUL, 0xf9e0659aUL, 0xeeb9491dUL, +0x34010718UL, 0xbb30cab8UL, 0xe822fe15UL, 0x88570983UL, 0x750e6249UL, 0xda627e55UL, +0x5e76ffa8UL, 0xb1534546UL, 0x6d47de08UL, 0xefe9e7d4UL}; static const unsigned long S6[256] = { -0xf6fa8f9d, 0x2cac6ce1, 0x4ca34867, 0xe2337f7c, 0x95db08e7, 0x016843b4, -0xeced5cbc, 0x325553ac, 0xbf9f0960, 0xdfa1e2ed, 0x83f0579d, 0x63ed86b9, -0x1ab6a6b8, 0xde5ebe39, 0xf38ff732, 0x8989b138, 0x33f14961, 0xc01937bd, -0xf506c6da, 0xe4625e7e, 0xa308ea99, 0x4e23e33c, 0x79cbd7cc, 0x48a14367, -0xa3149619, 0xfec94bd5, 0xa114174a, 0xeaa01866, 0xa084db2d, 0x09a8486f, -0xa888614a, 0x2900af98, 0x01665991, 0xe1992863, 0xc8f30c60, 0x2e78ef3c, -0xd0d51932, 0xcf0fec14, 0xf7ca07d2, 0xd0a82072, 0xfd41197e, 0x9305a6b0, -0xe86be3da, 0x74bed3cd, 0x372da53c, 0x4c7f4448, 0xdab5d440, 0x6dba0ec3, -0x083919a7, 0x9fbaeed9, 0x49dbcfb0, 0x4e670c53, 0x5c3d9c01, 0x64bdb941, -0x2c0e636a, 0xba7dd9cd, 0xea6f7388, 0xe70bc762, 0x35f29adb, 0x5c4cdd8d, -0xf0d48d8c, 0xb88153e2, 0x08a19866, 0x1ae2eac8, 0x284caf89, 0xaa928223, -0x9334be53, 0x3b3a21bf, 0x16434be3, 0x9aea3906, 0xefe8c36e, 0xf890cdd9, -0x80226dae, 0xc340a4a3, 0xdf7e9c09, 0xa694a807, 0x5b7c5ecc, 0x221db3a6, -0x9a69a02f, 0x68818a54, 0xceb2296f, 0x53c0843a, 0xfe893655, 0x25bfe68a, -0xb4628abc, 0xcf222ebf, 0x25ac6f48, 0xa9a99387, 0x53bddb65, 0xe76ffbe7, -0xe967fd78, 0x0ba93563, 0x8e342bc1, 0xe8a11be9, 0x4980740d, 0xc8087dfc, -0x8de4bf99, 0xa11101a0, 0x7fd37975, 0xda5a26c0, 0xe81f994f, 0x9528cd89, -0xfd339fed, 0xb87834bf, 0x5f04456d, 0x22258698, 0xc9c4c83b, 0x2dc156be, -0x4f628daa, 0x57f55ec5, 0xe2220abe, 0xd2916ebf, 0x4ec75b95, 0x24f2c3c0, -0x42d15d99, 0xcd0d7fa0, 0x7b6e27ff, 0xa8dc8af0, 0x7345c106, 0xf41e232f, -0x35162386, 0xe6ea8926, 0x3333b094, 0x157ec6f2, 0x372b74af, 0x692573e4, -0xe9a9d848, 0xf3160289, 0x3a62ef1d, 0xa787e238, 0xf3a5f676, 0x74364853, -0x20951063, 0x4576698d, 0xb6fad407, 0x592af950, 0x36f73523, 0x4cfb6e87, -0x7da4cec0, 0x6c152daa, 0xcb0396a8, 0xc50dfe5d, 0xfcd707ab, 0x0921c42f, -0x89dff0bb, 0x5fe2be78, 0x448f4f33, 0x754613c9, 0x2b05d08d, 0x48b9d585, -0xdc049441, 0xc8098f9b, 0x7dede786, 0xc39a3373, 0x42410005, 0x6a091751, -0x0ef3c8a6, 0x890072d6, 0x28207682, 0xa9a9f7be, 0xbf32679d, 0xd45b5b75, -0xb353fd00, 0xcbb0e358, 0x830f220a, 0x1f8fb214, 0xd372cf08, 0xcc3c4a13, -0x8cf63166, 0x061c87be, 0x88c98f88, 0x6062e397, 0x47cf8e7a, 0xb6c85283, -0x3cc2acfb, 0x3fc06976, 0x4e8f0252, 0x64d8314d, 0xda3870e3, 0x1e665459, -0xc10908f0, 0x513021a5, 0x6c5b68b7, 0x822f8aa0, 0x3007cd3e, 0x74719eef, -0xdc872681, 0x073340d4, 0x7e432fd9, 0x0c5ec241, 0x8809286c, 0xf592d891, -0x08a930f6, 0x957ef305, 0xb7fbffbd, 0xc266e96f, 0x6fe4ac98, 0xb173ecc0, -0xbc60b42a, 0x953498da, 0xfba1ae12, 0x2d4bd736, 0x0f25faab, 0xa4f3fceb, -0xe2969123, 0x257f0c3d, 0x9348af49, 0x361400bc, 0xe8816f4a, 0x3814f200, -0xa3f94043, 0x9c7a54c2, 0xbc704f57, 0xda41e7f9, 0xc25ad33a, 0x54f4a084, -0xb17f5505, 0x59357cbe, 0xedbd15c8, 0x7f97c5ab, 0xba5ac7b5, 0xb6f6deaf, -0x3a479c3a, 0x5302da25, 0x653d7e6a, 0x54268d49, 0x51a477ea, 0x5017d55b, -0xd7d25d88, 0x44136c76, 0x0404a8c8, 0xb8e5a121, 0xb81a928a, 0x60ed5869, -0x97c55b96, 0xeaec991b, 0x29935913, 0x01fdb7f1, 0x088e8dfa, 0x9ab6f6f5, -0x3b4cbf9f, 0x4a5de3ab, 0xe6051d35, 0xa0e1d855, 0xd36b4cf1, 0xf544edeb, -0xb0e93524, 0xbebb8fbd, 0xa2d762cf, 0x49c92f54, 0x38b5f331, 0x7128a454, -0x48392905, 0xa65b1db8, 0x851c97bd, 0xd675cf2f}; +0xf6fa8f9dUL, 0x2cac6ce1UL, 0x4ca34867UL, 0xe2337f7cUL, 0x95db08e7UL, 0x016843b4UL, +0xeced5cbcUL, 0x325553acUL, 0xbf9f0960UL, 0xdfa1e2edUL, 0x83f0579dUL, 0x63ed86b9UL, +0x1ab6a6b8UL, 0xde5ebe39UL, 0xf38ff732UL, 0x8989b138UL, 0x33f14961UL, 0xc01937bdUL, +0xf506c6daUL, 0xe4625e7eUL, 0xa308ea99UL, 0x4e23e33cUL, 0x79cbd7ccUL, 0x48a14367UL, +0xa3149619UL, 0xfec94bd5UL, 0xa114174aUL, 0xeaa01866UL, 0xa084db2dUL, 0x09a8486fUL, +0xa888614aUL, 0x2900af98UL, 0x01665991UL, 0xe1992863UL, 0xc8f30c60UL, 0x2e78ef3cUL, +0xd0d51932UL, 0xcf0fec14UL, 0xf7ca07d2UL, 0xd0a82072UL, 0xfd41197eUL, 0x9305a6b0UL, +0xe86be3daUL, 0x74bed3cdUL, 0x372da53cUL, 0x4c7f4448UL, 0xdab5d440UL, 0x6dba0ec3UL, +0x083919a7UL, 0x9fbaeed9UL, 0x49dbcfb0UL, 0x4e670c53UL, 0x5c3d9c01UL, 0x64bdb941UL, +0x2c0e636aUL, 0xba7dd9cdUL, 0xea6f7388UL, 0xe70bc762UL, 0x35f29adbUL, 0x5c4cdd8dUL, +0xf0d48d8cUL, 0xb88153e2UL, 0x08a19866UL, 0x1ae2eac8UL, 0x284caf89UL, 0xaa928223UL, +0x9334be53UL, 0x3b3a21bfUL, 0x16434be3UL, 0x9aea3906UL, 0xefe8c36eUL, 0xf890cdd9UL, +0x80226daeUL, 0xc340a4a3UL, 0xdf7e9c09UL, 0xa694a807UL, 0x5b7c5eccUL, 0x221db3a6UL, +0x9a69a02fUL, 0x68818a54UL, 0xceb2296fUL, 0x53c0843aUL, 0xfe893655UL, 0x25bfe68aUL, +0xb4628abcUL, 0xcf222ebfUL, 0x25ac6f48UL, 0xa9a99387UL, 0x53bddb65UL, 0xe76ffbe7UL, +0xe967fd78UL, 0x0ba93563UL, 0x8e342bc1UL, 0xe8a11be9UL, 0x4980740dUL, 0xc8087dfcUL, +0x8de4bf99UL, 0xa11101a0UL, 0x7fd37975UL, 0xda5a26c0UL, 0xe81f994fUL, 0x9528cd89UL, +0xfd339fedUL, 0xb87834bfUL, 0x5f04456dUL, 0x22258698UL, 0xc9c4c83bUL, 0x2dc156beUL, +0x4f628daaUL, 0x57f55ec5UL, 0xe2220abeUL, 0xd2916ebfUL, 0x4ec75b95UL, 0x24f2c3c0UL, +0x42d15d99UL, 0xcd0d7fa0UL, 0x7b6e27ffUL, 0xa8dc8af0UL, 0x7345c106UL, 0xf41e232fUL, +0x35162386UL, 0xe6ea8926UL, 0x3333b094UL, 0x157ec6f2UL, 0x372b74afUL, 0x692573e4UL, +0xe9a9d848UL, 0xf3160289UL, 0x3a62ef1dUL, 0xa787e238UL, 0xf3a5f676UL, 0x74364853UL, +0x20951063UL, 0x4576698dUL, 0xb6fad407UL, 0x592af950UL, 0x36f73523UL, 0x4cfb6e87UL, +0x7da4cec0UL, 0x6c152daaUL, 0xcb0396a8UL, 0xc50dfe5dUL, 0xfcd707abUL, 0x0921c42fUL, +0x89dff0bbUL, 0x5fe2be78UL, 0x448f4f33UL, 0x754613c9UL, 0x2b05d08dUL, 0x48b9d585UL, +0xdc049441UL, 0xc8098f9bUL, 0x7dede786UL, 0xc39a3373UL, 0x42410005UL, 0x6a091751UL, +0x0ef3c8a6UL, 0x890072d6UL, 0x28207682UL, 0xa9a9f7beUL, 0xbf32679dUL, 0xd45b5b75UL, +0xb353fd00UL, 0xcbb0e358UL, 0x830f220aUL, 0x1f8fb214UL, 0xd372cf08UL, 0xcc3c4a13UL, +0x8cf63166UL, 0x061c87beUL, 0x88c98f88UL, 0x6062e397UL, 0x47cf8e7aUL, 0xb6c85283UL, +0x3cc2acfbUL, 0x3fc06976UL, 0x4e8f0252UL, 0x64d8314dUL, 0xda3870e3UL, 0x1e665459UL, +0xc10908f0UL, 0x513021a5UL, 0x6c5b68b7UL, 0x822f8aa0UL, 0x3007cd3eUL, 0x74719eefUL, +0xdc872681UL, 0x073340d4UL, 0x7e432fd9UL, 0x0c5ec241UL, 0x8809286cUL, 0xf592d891UL, +0x08a930f6UL, 0x957ef305UL, 0xb7fbffbdUL, 0xc266e96fUL, 0x6fe4ac98UL, 0xb173ecc0UL, +0xbc60b42aUL, 0x953498daUL, 0xfba1ae12UL, 0x2d4bd736UL, 0x0f25faabUL, 0xa4f3fcebUL, +0xe2969123UL, 0x257f0c3dUL, 0x9348af49UL, 0x361400bcUL, 0xe8816f4aUL, 0x3814f200UL, +0xa3f94043UL, 0x9c7a54c2UL, 0xbc704f57UL, 0xda41e7f9UL, 0xc25ad33aUL, 0x54f4a084UL, +0xb17f5505UL, 0x59357cbeUL, 0xedbd15c8UL, 0x7f97c5abUL, 0xba5ac7b5UL, 0xb6f6deafUL, +0x3a479c3aUL, 0x5302da25UL, 0x653d7e6aUL, 0x54268d49UL, 0x51a477eaUL, 0x5017d55bUL, +0xd7d25d88UL, 0x44136c76UL, 0x0404a8c8UL, 0xb8e5a121UL, 0xb81a928aUL, 0x60ed5869UL, +0x97c55b96UL, 0xeaec991bUL, 0x29935913UL, 0x01fdb7f1UL, 0x088e8dfaUL, 0x9ab6f6f5UL, +0x3b4cbf9fUL, 0x4a5de3abUL, 0xe6051d35UL, 0xa0e1d855UL, 0xd36b4cf1UL, 0xf544edebUL, +0xb0e93524UL, 0xbebb8fbdUL, 0xa2d762cfUL, 0x49c92f54UL, 0x38b5f331UL, 0x7128a454UL, +0x48392905UL, 0xa65b1db8UL, 0x851c97bdUL, 0xd675cf2fUL}; static const unsigned long S7[256] = { -0x85e04019, 0x332bf567, 0x662dbfff, 0xcfc65693, 0x2a8d7f6f, 0xab9bc912, -0xde6008a1, 0x2028da1f, 0x0227bce7, 0x4d642916, 0x18fac300, 0x50f18b82, -0x2cb2cb11, 0xb232e75c, 0x4b3695f2, 0xb28707de, 0xa05fbcf6, 0xcd4181e9, -0xe150210c, 0xe24ef1bd, 0xb168c381, 0xfde4e789, 0x5c79b0d8, 0x1e8bfd43, -0x4d495001, 0x38be4341, 0x913cee1d, 0x92a79c3f, 0x089766be, 0xbaeeadf4, -0x1286becf, 0xb6eacb19, 0x2660c200, 0x7565bde4, 0x64241f7a, 0x8248dca9, -0xc3b3ad66, 0x28136086, 0x0bd8dfa8, 0x356d1cf2, 0x107789be, 0xb3b2e9ce, -0x0502aa8f, 0x0bc0351e, 0x166bf52a, 0xeb12ff82, 0xe3486911, 0xd34d7516, -0x4e7b3aff, 0x5f43671b, 0x9cf6e037, 0x4981ac83, 0x334266ce, 0x8c9341b7, -0xd0d854c0, 0xcb3a6c88, 0x47bc2829, 0x4725ba37, 0xa66ad22b, 0x7ad61f1e, -0x0c5cbafa, 0x4437f107, 0xb6e79962, 0x42d2d816, 0x0a961288, 0xe1a5c06e, -0x13749e67, 0x72fc081a, 0xb1d139f7, 0xf9583745, 0xcf19df58, 0xbec3f756, -0xc06eba30, 0x07211b24, 0x45c28829, 0xc95e317f, 0xbc8ec511, 0x38bc46e9, -0xc6e6fa14, 0xbae8584a, 0xad4ebc46, 0x468f508b, 0x7829435f, 0xf124183b, -0x821dba9f, 0xaff60ff4, 0xea2c4e6d, 0x16e39264, 0x92544a8b, 0x009b4fc3, -0xaba68ced, 0x9ac96f78, 0x06a5b79a, 0xb2856e6e, 0x1aec3ca9, 0xbe838688, -0x0e0804e9, 0x55f1be56, 0xe7e5363b, 0xb3a1f25d, 0xf7debb85, 0x61fe033c, -0x16746233, 0x3c034c28, 0xda6d0c74, 0x79aac56c, 0x3ce4e1ad, 0x51f0c802, -0x98f8f35a, 0x1626a49f, 0xeed82b29, 0x1d382fe3, 0x0c4fb99a, 0xbb325778, -0x3ec6d97b, 0x6e77a6a9, 0xcb658b5c, 0xd45230c7, 0x2bd1408b, 0x60c03eb7, -0xb9068d78, 0xa33754f4, 0xf430c87d, 0xc8a71302, 0xb96d8c32, 0xebd4e7be, -0xbe8b9d2d, 0x7979fb06, 0xe7225308, 0x8b75cf77, 0x11ef8da4, 0xe083c858, -0x8d6b786f, 0x5a6317a6, 0xfa5cf7a0, 0x5dda0033, 0xf28ebfb0, 0xf5b9c310, -0xa0eac280, 0x08b9767a, 0xa3d9d2b0, 0x79d34217, 0x021a718d, 0x9ac6336a, -0x2711fd60, 0x438050e3, 0x069908a8, 0x3d7fedc4, 0x826d2bef, 0x4eeb8476, -0x488dcf25, 0x36c9d566, 0x28e74e41, 0xc2610aca, 0x3d49a9cf, 0xbae3b9df, -0xb65f8de6, 0x92aeaf64, 0x3ac7d5e6, 0x9ea80509, 0xf22b017d, 0xa4173f70, -0xdd1e16c3, 0x15e0d7f9, 0x50b1b887, 0x2b9f4fd5, 0x625aba82, 0x6a017962, -0x2ec01b9c, 0x15488aa9, 0xd716e740, 0x40055a2c, 0x93d29a22, 0xe32dbf9a, -0x058745b9, 0x3453dc1e, 0xd699296e, 0x496cff6f, 0x1c9f4986, 0xdfe2ed07, -0xb87242d1, 0x19de7eae, 0x053e561a, 0x15ad6f8c, 0x66626c1c, 0x7154c24c, -0xea082b2a, 0x93eb2939, 0x17dcb0f0, 0x58d4f2ae, 0x9ea294fb, 0x52cf564c, -0x9883fe66, 0x2ec40581, 0x763953c3, 0x01d6692e, 0xd3a0c108, 0xa1e7160e, -0xe4f2dfa6, 0x693ed285, 0x74904698, 0x4c2b0edd, 0x4f757656, 0x5d393378, -0xa132234f, 0x3d321c5d, 0xc3f5e194, 0x4b269301, 0xc79f022f, 0x3c997e7e, -0x5e4f9504, 0x3ffafbbd, 0x76f7ad0e, 0x296693f4, 0x3d1fce6f, 0xc61e45be, -0xd3b5ab34, 0xf72bf9b7, 0x1b0434c0, 0x4e72b567, 0x5592a33d, 0xb5229301, -0xcfd2a87f, 0x60aeb767, 0x1814386b, 0x30bcc33d, 0x38a0c07d, 0xfd1606f2, -0xc363519b, 0x589dd390, 0x5479f8e6, 0x1cb8d647, 0x97fd61a9, 0xea7759f4, -0x2d57539d, 0x569a58cf, 0xe84e63ad, 0x462e1b78, 0x6580f87e, 0xf3817914, -0x91da55f4, 0x40a230f3, 0xd1988f35, 0xb6e318d2, 0x3ffa50bc, 0x3d40f021, -0xc3c0bdae, 0x4958c24c, 0x518f36b2, 0x84b1d370, 0x0fedce83, 0x878ddada, -0xf2a279c7, 0x94e01be8, 0x90716f4b, 0x954b8aa3}; +0x85e04019UL, 0x332bf567UL, 0x662dbfffUL, 0xcfc65693UL, 0x2a8d7f6fUL, 0xab9bc912UL, +0xde6008a1UL, 0x2028da1fUL, 0x0227bce7UL, 0x4d642916UL, 0x18fac300UL, 0x50f18b82UL, +0x2cb2cb11UL, 0xb232e75cUL, 0x4b3695f2UL, 0xb28707deUL, 0xa05fbcf6UL, 0xcd4181e9UL, +0xe150210cUL, 0xe24ef1bdUL, 0xb168c381UL, 0xfde4e789UL, 0x5c79b0d8UL, 0x1e8bfd43UL, +0x4d495001UL, 0x38be4341UL, 0x913cee1dUL, 0x92a79c3fUL, 0x089766beUL, 0xbaeeadf4UL, +0x1286becfUL, 0xb6eacb19UL, 0x2660c200UL, 0x7565bde4UL, 0x64241f7aUL, 0x8248dca9UL, +0xc3b3ad66UL, 0x28136086UL, 0x0bd8dfa8UL, 0x356d1cf2UL, 0x107789beUL, 0xb3b2e9ceUL, +0x0502aa8fUL, 0x0bc0351eUL, 0x166bf52aUL, 0xeb12ff82UL, 0xe3486911UL, 0xd34d7516UL, +0x4e7b3affUL, 0x5f43671bUL, 0x9cf6e037UL, 0x4981ac83UL, 0x334266ceUL, 0x8c9341b7UL, +0xd0d854c0UL, 0xcb3a6c88UL, 0x47bc2829UL, 0x4725ba37UL, 0xa66ad22bUL, 0x7ad61f1eUL, +0x0c5cbafaUL, 0x4437f107UL, 0xb6e79962UL, 0x42d2d816UL, 0x0a961288UL, 0xe1a5c06eUL, +0x13749e67UL, 0x72fc081aUL, 0xb1d139f7UL, 0xf9583745UL, 0xcf19df58UL, 0xbec3f756UL, +0xc06eba30UL, 0x07211b24UL, 0x45c28829UL, 0xc95e317fUL, 0xbc8ec511UL, 0x38bc46e9UL, +0xc6e6fa14UL, 0xbae8584aUL, 0xad4ebc46UL, 0x468f508bUL, 0x7829435fUL, 0xf124183bUL, +0x821dba9fUL, 0xaff60ff4UL, 0xea2c4e6dUL, 0x16e39264UL, 0x92544a8bUL, 0x009b4fc3UL, +0xaba68cedUL, 0x9ac96f78UL, 0x06a5b79aUL, 0xb2856e6eUL, 0x1aec3ca9UL, 0xbe838688UL, +0x0e0804e9UL, 0x55f1be56UL, 0xe7e5363bUL, 0xb3a1f25dUL, 0xf7debb85UL, 0x61fe033cUL, +0x16746233UL, 0x3c034c28UL, 0xda6d0c74UL, 0x79aac56cUL, 0x3ce4e1adUL, 0x51f0c802UL, +0x98f8f35aUL, 0x1626a49fUL, 0xeed82b29UL, 0x1d382fe3UL, 0x0c4fb99aUL, 0xbb325778UL, +0x3ec6d97bUL, 0x6e77a6a9UL, 0xcb658b5cUL, 0xd45230c7UL, 0x2bd1408bUL, 0x60c03eb7UL, +0xb9068d78UL, 0xa33754f4UL, 0xf430c87dUL, 0xc8a71302UL, 0xb96d8c32UL, 0xebd4e7beUL, +0xbe8b9d2dUL, 0x7979fb06UL, 0xe7225308UL, 0x8b75cf77UL, 0x11ef8da4UL, 0xe083c858UL, +0x8d6b786fUL, 0x5a6317a6UL, 0xfa5cf7a0UL, 0x5dda0033UL, 0xf28ebfb0UL, 0xf5b9c310UL, +0xa0eac280UL, 0x08b9767aUL, 0xa3d9d2b0UL, 0x79d34217UL, 0x021a718dUL, 0x9ac6336aUL, +0x2711fd60UL, 0x438050e3UL, 0x069908a8UL, 0x3d7fedc4UL, 0x826d2befUL, 0x4eeb8476UL, +0x488dcf25UL, 0x36c9d566UL, 0x28e74e41UL, 0xc2610acaUL, 0x3d49a9cfUL, 0xbae3b9dfUL, +0xb65f8de6UL, 0x92aeaf64UL, 0x3ac7d5e6UL, 0x9ea80509UL, 0xf22b017dUL, 0xa4173f70UL, +0xdd1e16c3UL, 0x15e0d7f9UL, 0x50b1b887UL, 0x2b9f4fd5UL, 0x625aba82UL, 0x6a017962UL, +0x2ec01b9cUL, 0x15488aa9UL, 0xd716e740UL, 0x40055a2cUL, 0x93d29a22UL, 0xe32dbf9aUL, +0x058745b9UL, 0x3453dc1eUL, 0xd699296eUL, 0x496cff6fUL, 0x1c9f4986UL, 0xdfe2ed07UL, +0xb87242d1UL, 0x19de7eaeUL, 0x053e561aUL, 0x15ad6f8cUL, 0x66626c1cUL, 0x7154c24cUL, +0xea082b2aUL, 0x93eb2939UL, 0x17dcb0f0UL, 0x58d4f2aeUL, 0x9ea294fbUL, 0x52cf564cUL, +0x9883fe66UL, 0x2ec40581UL, 0x763953c3UL, 0x01d6692eUL, 0xd3a0c108UL, 0xa1e7160eUL, +0xe4f2dfa6UL, 0x693ed285UL, 0x74904698UL, 0x4c2b0eddUL, 0x4f757656UL, 0x5d393378UL, +0xa132234fUL, 0x3d321c5dUL, 0xc3f5e194UL, 0x4b269301UL, 0xc79f022fUL, 0x3c997e7eUL, +0x5e4f9504UL, 0x3ffafbbdUL, 0x76f7ad0eUL, 0x296693f4UL, 0x3d1fce6fUL, 0xc61e45beUL, +0xd3b5ab34UL, 0xf72bf9b7UL, 0x1b0434c0UL, 0x4e72b567UL, 0x5592a33dUL, 0xb5229301UL, +0xcfd2a87fUL, 0x60aeb767UL, 0x1814386bUL, 0x30bcc33dUL, 0x38a0c07dUL, 0xfd1606f2UL, +0xc363519bUL, 0x589dd390UL, 0x5479f8e6UL, 0x1cb8d647UL, 0x97fd61a9UL, 0xea7759f4UL, +0x2d57539dUL, 0x569a58cfUL, 0xe84e63adUL, 0x462e1b78UL, 0x6580f87eUL, 0xf3817914UL, +0x91da55f4UL, 0x40a230f3UL, 0xd1988f35UL, 0xb6e318d2UL, 0x3ffa50bcUL, 0x3d40f021UL, +0xc3c0bdaeUL, 0x4958c24cUL, 0x518f36b2UL, 0x84b1d370UL, 0x0fedce83UL, 0x878ddadaUL, +0xf2a279c7UL, 0x94e01be8UL, 0x90716f4bUL, 0x954b8aa3UL}; static const unsigned long S8[256] = { -0xe216300d, 0xbbddfffc, 0xa7ebdabd, 0x35648095, 0x7789f8b7, 0xe6c1121b, -0x0e241600, 0x052ce8b5, 0x11a9cfb0, 0xe5952f11, 0xece7990a, 0x9386d174, -0x2a42931c, 0x76e38111, 0xb12def3a, 0x37ddddfc, 0xde9adeb1, 0x0a0cc32c, -0xbe197029, 0x84a00940, 0xbb243a0f, 0xb4d137cf, 0xb44e79f0, 0x049eedfd, -0x0b15a15d, 0x480d3168, 0x8bbbde5a, 0x669ded42, 0xc7ece831, 0x3f8f95e7, -0x72df191b, 0x7580330d, 0x94074251, 0x5c7dcdfa, 0xabbe6d63, 0xaa402164, -0xb301d40a, 0x02e7d1ca, 0x53571dae, 0x7a3182a2, 0x12a8ddec, 0xfdaa335d, -0x176f43e8, 0x71fb46d4, 0x38129022, 0xce949ad4, 0xb84769ad, 0x965bd862, -0x82f3d055, 0x66fb9767, 0x15b80b4e, 0x1d5b47a0, 0x4cfde06f, 0xc28ec4b8, -0x57e8726e, 0x647a78fc, 0x99865d44, 0x608bd593, 0x6c200e03, 0x39dc5ff6, -0x5d0b00a3, 0xae63aff2, 0x7e8bd632, 0x70108c0c, 0xbbd35049, 0x2998df04, -0x980cf42a, 0x9b6df491, 0x9e7edd53, 0x06918548, 0x58cb7e07, 0x3b74ef2e, -0x522fffb1, 0xd24708cc, 0x1c7e27cd, 0xa4eb215b, 0x3cf1d2e2, 0x19b47a38, -0x424f7618, 0x35856039, 0x9d17dee7, 0x27eb35e6, 0xc9aff67b, 0x36baf5b8, -0x09c467cd, 0xc18910b1, 0xe11dbf7b, 0x06cd1af8, 0x7170c608, 0x2d5e3354, -0xd4de495a, 0x64c6d006, 0xbcc0c62c, 0x3dd00db3, 0x708f8f34, 0x77d51b42, -0x264f620f, 0x24b8d2bf, 0x15c1b79e, 0x46a52564, 0xf8d7e54e, 0x3e378160, -0x7895cda5, 0x859c15a5, 0xe6459788, 0xc37bc75f, 0xdb07ba0c, 0x0676a3ab, -0x7f229b1e, 0x31842e7b, 0x24259fd7, 0xf8bef472, 0x835ffcb8, 0x6df4c1f2, -0x96f5b195, 0xfd0af0fc, 0xb0fe134c, 0xe2506d3d, 0x4f9b12ea, 0xf215f225, -0xa223736f, 0x9fb4c428, 0x25d04979, 0x34c713f8, 0xc4618187, 0xea7a6e98, -0x7cd16efc, 0x1436876c, 0xf1544107, 0xbedeee14, 0x56e9af27, 0xa04aa441, -0x3cf7c899, 0x92ecbae6, 0xdd67016d, 0x151682eb, 0xa842eedf, 0xfdba60b4, -0xf1907b75, 0x20e3030f, 0x24d8c29e, 0xe139673b, 0xefa63fb8, 0x71873054, -0xb6f2cf3b, 0x9f326442, 0xcb15a4cc, 0xb01a4504, 0xf1e47d8d, 0x844a1be5, -0xbae7dfdc, 0x42cbda70, 0xcd7dae0a, 0x57e85b7a, 0xd53f5af6, 0x20cf4d8c, -0xcea4d428, 0x79d130a4, 0x3486ebfb, 0x33d3cddc, 0x77853b53, 0x37effcb5, -0xc5068778, 0xe580b3e6, 0x4e68b8f4, 0xc5c8b37e, 0x0d809ea2, 0x398feb7c, -0x132a4f94, 0x43b7950e, 0x2fee7d1c, 0x223613bd, 0xdd06caa2, 0x37df932b, -0xc4248289, 0xacf3ebc3, 0x5715f6b7, 0xef3478dd, 0xf267616f, 0xc148cbe4, -0x9052815e, 0x5e410fab, 0xb48a2465, 0x2eda7fa4, 0xe87b40e4, 0xe98ea084, -0x5889e9e1, 0xefd390fc, 0xdd07d35b, 0xdb485694, 0x38d7e5b2, 0x57720101, -0x730edebc, 0x5b643113, 0x94917e4f, 0x503c2fba, 0x646f1282, 0x7523d24a, -0xe0779695, 0xf9c17a8f, 0x7a5b2121, 0xd187b896, 0x29263a4d, 0xba510cdf, -0x81f47c9f, 0xad1163ed, 0xea7b5965, 0x1a00726e, 0x11403092, 0x00da6d77, -0x4a0cdd61, 0xad1f4603, 0x605bdfb0, 0x9eedc364, 0x22ebe6a8, 0xcee7d28a, -0xa0e736a0, 0x5564a6b9, 0x10853209, 0xc7eb8f37, 0x2de705ca, 0x8951570f, -0xdf09822b, 0xbd691a6c, 0xaa12e4f2, 0x87451c0f, 0xe0f6a27a, 0x3ada4819, -0x4cf1764f, 0x0d771c2b, 0x67cdb156, 0x350d8384, 0x5938fa0f, 0x42399ef3, -0x36997b07, 0x0e84093d, 0x4aa93e61, 0x8360d87b, 0x1fa98b0c, 0x1149382c, -0xe97625a5, 0x0614d1b7, 0x0e25244b, 0x0c768347, 0x589e8d82, 0x0d2059d1, -0xa466bb1e, 0xf8da0a82, 0x04f19130, 0xba6e4ec0, 0x99265164, 0x1ee7230d, -0x50b2ad80, 0xeaee6801, 0x8db2a283, 0xea8bf59e}; +0xe216300dUL, 0xbbddfffcUL, 0xa7ebdabdUL, 0x35648095UL, 0x7789f8b7UL, 0xe6c1121bUL, +0x0e241600UL, 0x052ce8b5UL, 0x11a9cfb0UL, 0xe5952f11UL, 0xece7990aUL, 0x9386d174UL, +0x2a42931cUL, 0x76e38111UL, 0xb12def3aUL, 0x37ddddfcUL, 0xde9adeb1UL, 0x0a0cc32cUL, +0xbe197029UL, 0x84a00940UL, 0xbb243a0fUL, 0xb4d137cfUL, 0xb44e79f0UL, 0x049eedfdUL, +0x0b15a15dUL, 0x480d3168UL, 0x8bbbde5aUL, 0x669ded42UL, 0xc7ece831UL, 0x3f8f95e7UL, +0x72df191bUL, 0x7580330dUL, 0x94074251UL, 0x5c7dcdfaUL, 0xabbe6d63UL, 0xaa402164UL, +0xb301d40aUL, 0x02e7d1caUL, 0x53571daeUL, 0x7a3182a2UL, 0x12a8ddecUL, 0xfdaa335dUL, +0x176f43e8UL, 0x71fb46d4UL, 0x38129022UL, 0xce949ad4UL, 0xb84769adUL, 0x965bd862UL, +0x82f3d055UL, 0x66fb9767UL, 0x15b80b4eUL, 0x1d5b47a0UL, 0x4cfde06fUL, 0xc28ec4b8UL, +0x57e8726eUL, 0x647a78fcUL, 0x99865d44UL, 0x608bd593UL, 0x6c200e03UL, 0x39dc5ff6UL, +0x5d0b00a3UL, 0xae63aff2UL, 0x7e8bd632UL, 0x70108c0cUL, 0xbbd35049UL, 0x2998df04UL, +0x980cf42aUL, 0x9b6df491UL, 0x9e7edd53UL, 0x06918548UL, 0x58cb7e07UL, 0x3b74ef2eUL, +0x522fffb1UL, 0xd24708ccUL, 0x1c7e27cdUL, 0xa4eb215bUL, 0x3cf1d2e2UL, 0x19b47a38UL, +0x424f7618UL, 0x35856039UL, 0x9d17dee7UL, 0x27eb35e6UL, 0xc9aff67bUL, 0x36baf5b8UL, +0x09c467cdUL, 0xc18910b1UL, 0xe11dbf7bUL, 0x06cd1af8UL, 0x7170c608UL, 0x2d5e3354UL, +0xd4de495aUL, 0x64c6d006UL, 0xbcc0c62cUL, 0x3dd00db3UL, 0x708f8f34UL, 0x77d51b42UL, +0x264f620fUL, 0x24b8d2bfUL, 0x15c1b79eUL, 0x46a52564UL, 0xf8d7e54eUL, 0x3e378160UL, +0x7895cda5UL, 0x859c15a5UL, 0xe6459788UL, 0xc37bc75fUL, 0xdb07ba0cUL, 0x0676a3abUL, +0x7f229b1eUL, 0x31842e7bUL, 0x24259fd7UL, 0xf8bef472UL, 0x835ffcb8UL, 0x6df4c1f2UL, +0x96f5b195UL, 0xfd0af0fcUL, 0xb0fe134cUL, 0xe2506d3dUL, 0x4f9b12eaUL, 0xf215f225UL, +0xa223736fUL, 0x9fb4c428UL, 0x25d04979UL, 0x34c713f8UL, 0xc4618187UL, 0xea7a6e98UL, +0x7cd16efcUL, 0x1436876cUL, 0xf1544107UL, 0xbedeee14UL, 0x56e9af27UL, 0xa04aa441UL, +0x3cf7c899UL, 0x92ecbae6UL, 0xdd67016dUL, 0x151682ebUL, 0xa842eedfUL, 0xfdba60b4UL, +0xf1907b75UL, 0x20e3030fUL, 0x24d8c29eUL, 0xe139673bUL, 0xefa63fb8UL, 0x71873054UL, +0xb6f2cf3bUL, 0x9f326442UL, 0xcb15a4ccUL, 0xb01a4504UL, 0xf1e47d8dUL, 0x844a1be5UL, +0xbae7dfdcUL, 0x42cbda70UL, 0xcd7dae0aUL, 0x57e85b7aUL, 0xd53f5af6UL, 0x20cf4d8cUL, +0xcea4d428UL, 0x79d130a4UL, 0x3486ebfbUL, 0x33d3cddcUL, 0x77853b53UL, 0x37effcb5UL, +0xc5068778UL, 0xe580b3e6UL, 0x4e68b8f4UL, 0xc5c8b37eUL, 0x0d809ea2UL, 0x398feb7cUL, +0x132a4f94UL, 0x43b7950eUL, 0x2fee7d1cUL, 0x223613bdUL, 0xdd06caa2UL, 0x37df932bUL, +0xc4248289UL, 0xacf3ebc3UL, 0x5715f6b7UL, 0xef3478ddUL, 0xf267616fUL, 0xc148cbe4UL, +0x9052815eUL, 0x5e410fabUL, 0xb48a2465UL, 0x2eda7fa4UL, 0xe87b40e4UL, 0xe98ea084UL, +0x5889e9e1UL, 0xefd390fcUL, 0xdd07d35bUL, 0xdb485694UL, 0x38d7e5b2UL, 0x57720101UL, +0x730edebcUL, 0x5b643113UL, 0x94917e4fUL, 0x503c2fbaUL, 0x646f1282UL, 0x7523d24aUL, +0xe0779695UL, 0xf9c17a8fUL, 0x7a5b2121UL, 0xd187b896UL, 0x29263a4dUL, 0xba510cdfUL, +0x81f47c9fUL, 0xad1163edUL, 0xea7b5965UL, 0x1a00726eUL, 0x11403092UL, 0x00da6d77UL, +0x4a0cdd61UL, 0xad1f4603UL, 0x605bdfb0UL, 0x9eedc364UL, 0x22ebe6a8UL, 0xcee7d28aUL, +0xa0e736a0UL, 0x5564a6b9UL, 0x10853209UL, 0xc7eb8f37UL, 0x2de705caUL, 0x8951570fUL, +0xdf09822bUL, 0xbd691a6cUL, 0xaa12e4f2UL, 0x87451c0fUL, 0xe0f6a27aUL, 0x3ada4819UL, +0x4cf1764fUL, 0x0d771c2bUL, 0x67cdb156UL, 0x350d8384UL, 0x5938fa0fUL, 0x42399ef3UL, +0x36997b07UL, 0x0e84093dUL, 0x4aa93e61UL, 0x8360d87bUL, 0x1fa98b0cUL, 0x1149382cUL, +0xe97625a5UL, 0x0614d1b7UL, 0x0e25244bUL, 0x0c768347UL, 0x589e8d82UL, 0x0d2059d1UL, +0xa466bb1eUL, 0xf8da0a82UL, 0x04f19130UL, 0xba6e4ec0UL, 0x99265164UL, 0x1ee7230dUL, +0x50b2ad80UL, 0xeaee6801UL, 0x8db2a283UL, 0xea8bf59eUL}; /* returns the i'th byte of a variable */ -#define GB(x, i) (((x[(15-i)>>2])>>(8*((15-i)&3)))&255) +#define GB(x, i) (((x[(15-i)>>2])>>(unsigned)(8*((15-i)&3)))&255) int cast5_setup(const unsigned char *key, int keylen, int num_rounds, symmetric_key *skey) { @@ -400,7 +400,7 @@ int cast5_setup(const unsigned char *key, int keylen, int num_rounds, symmetric_ /* extend the key as required */ zeromem(buf, sizeof(buf)); - memcpy(buf, key, keylen); + memcpy(buf, key, (size_t)keylen); /* load and start the awful looking network */ for (y = 0; y < 4; y++) { @@ -564,27 +564,27 @@ int cast5_test(void) {0x23, 0x8B, 0x4F, 0xE5, 0x84, 0x7E, 0x44, 0xB2} }, { 10, - {0x01, 0x23, 0x45, 0x67, 0x12, 0x34, 0x56, 0x78, 0x23, 0x45}, + {0x01, 0x23, 0x45, 0x67, 0x12, 0x34, 0x56, 0x78, 0x23, 0x45, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, {0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF}, {0xEB, 0x6A, 0x71, 0x1A, 0x2C, 0x02, 0x27, 0x1B}, }, { 5, - {0x01, 0x23, 0x45, 0x67, 0x12}, + {0x01, 0x23, 0x45, 0x67, 0x12, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, {0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF}, {0x7A, 0xC8, 0x16, 0xD1, 0x6E, 0x9B, 0x30, 0x2E} } }; - int i, errno; + int i, err; symmetric_key key; unsigned char buf[8], buf2[8]; for (i = 0; i < (int)(sizeof(tests) / sizeof(tests[0])); i++) { - if ((errno = cast5_setup(tests[i].key, tests[i].keylen, 0, &key)) != CRYPT_OK) { - return errno; + if ((err = cast5_setup(tests[i].key, tests[i].keylen, 0, &key)) != CRYPT_OK) { + return err; } cast5_ecb_encrypt(tests[i].pt, buf, &key); cast5_ecb_decrypt(buf, buf2, &key); - if (memcmp(buf, tests[i].ct, 8) || memcmp(buf2, tests[i].pt, 8)) { + if ((memcmp(buf, tests[i].ct, 8) != 0) || (memcmp(buf2, tests[i].pt, 8) != 0)) { return CRYPT_FAIL_TESTVECTOR; } diff --git a/cbc.c b/cbc.c index fd980ca..e22755c 100644 --- a/cbc.c +++ b/cbc.c @@ -5,20 +5,20 @@ int cbc_start(int cipher, const unsigned char *IV, const unsigned char *key, int keylen, int num_rounds, symmetric_CBC *cbc) { - int x, errno; + int x, err; _ARGCHK(IV != NULL); _ARGCHK(key != NULL); _ARGCHK(cbc != NULL); /* bad param? */ - if ((errno = cipher_is_valid(cipher)) != CRYPT_OK) { - return errno; + if ((err = cipher_is_valid(cipher)) != CRYPT_OK) { + return err; } /* setup cipher */ - if ((errno = cipher_descriptor[cipher].setup(key, keylen, num_rounds, &cbc->key)) != CRYPT_OK) { - return errno; + if ((err = cipher_descriptor[cipher].setup(key, keylen, num_rounds, &cbc->key)) != CRYPT_OK) { + return err; } /* copy IV */ @@ -32,15 +32,15 @@ int cbc_start(int cipher, const unsigned char *IV, const unsigned char *key, int cbc_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_CBC *cbc) { - int x, errno; + int x, err; unsigned char tmp[MAXBLOCKSIZE]; _ARGCHK(pt != NULL); _ARGCHK(ct != NULL); _ARGCHK(cbc != NULL); - if ((errno = cipher_is_valid(cbc->cipher)) != CRYPT_OK) { - return errno; + if ((err = cipher_is_valid(cbc->cipher)) != CRYPT_OK) { + return err; } /* xor IV against plaintext */ @@ -64,7 +64,7 @@ int cbc_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_CBC *cbc) int cbc_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_CBC *cbc) { - int x, errno; + int x, err; unsigned char tmp[MAXBLOCKSIZE], tmp2[MAXBLOCKSIZE]; _ARGCHK(pt != NULL); @@ -72,8 +72,8 @@ int cbc_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_CBC *cbc) _ARGCHK(cbc != NULL); /* decrypt the block from ct into tmp */ - if ((errno = cipher_is_valid(cbc->cipher)) != CRYPT_OK) { - return errno; + if ((err = cipher_is_valid(cbc->cipher)) != CRYPT_OK) { + return err; } cipher_descriptor[cbc->cipher].ecb_decrypt(ct, tmp, &cbc->key); diff --git a/cfb.c b/cfb.c index c193751..b5d3cec 100644 --- a/cfb.c +++ b/cfb.c @@ -5,14 +5,14 @@ int cfb_start(int cipher, const unsigned char *IV, const unsigned char *key, int keylen, int num_rounds, symmetric_CFB *cfb) { - int x, errno; + int x, err; _ARGCHK(IV != NULL); _ARGCHK(key != NULL); _ARGCHK(cfb != NULL); - if ((errno = cipher_is_valid(cipher)) != CRYPT_OK) { - return errno; + if ((err = cipher_is_valid(cipher)) != CRYPT_OK) { + return err; } /* copy data */ @@ -22,8 +22,8 @@ int cfb_start(int cipher, const unsigned char *IV, const unsigned char *key, cfb->IV[x] = IV[x]; /* init the cipher */ - if ((errno = cipher_descriptor[cipher].setup(key, keylen, num_rounds, &cfb->key)) != CRYPT_OK) { - return errno; + if ((err = cipher_descriptor[cipher].setup(key, keylen, num_rounds, &cfb->key)) != CRYPT_OK) { + return err; } /* encrypt the IV */ @@ -35,16 +35,16 @@ int cfb_start(int cipher, const unsigned char *IV, const unsigned char *key, int cfb_encrypt(const unsigned char *pt, unsigned char *ct, unsigned long len, symmetric_CFB *cfb) { - int errno; + int err; _ARGCHK(pt != NULL); _ARGCHK(ct != NULL); _ARGCHK(cfb != NULL); - if ((errno = cipher_is_valid(cfb->cipher)) != CRYPT_OK) { - return errno; + if ((err = cipher_is_valid(cfb->cipher)) != CRYPT_OK) { + return err; } - while (len--) { + while (len-- > 0) { if (cfb->padlen == cfb->blocklen) { cipher_descriptor[cfb->cipher].ecb_encrypt(cfb->pad, cfb->IV, &cfb->key); cfb->padlen = 0; @@ -59,16 +59,16 @@ int cfb_encrypt(const unsigned char *pt, unsigned char *ct, unsigned long len, s int cfb_decrypt(const unsigned char *ct, unsigned char *pt, unsigned long len, symmetric_CFB *cfb) { - int errno; + int err; _ARGCHK(pt != NULL); _ARGCHK(ct != NULL); _ARGCHK(cfb != NULL); - if ((errno = cipher_is_valid(cfb->cipher)) != CRYPT_OK) { - return errno; + if ((err = cipher_is_valid(cfb->cipher)) != CRYPT_OK) { + return err; } - while (len--) { + while (len-- > 0) { if (cfb->padlen == cfb->blocklen) { cipher_descriptor[cfb->cipher].ecb_encrypt(cfb->pad, cfb->IV, &cfb->key); cfb->padlen = 0; diff --git a/changes b/changes index 3185e36..c8bed88 100644 --- a/changes +++ b/changes @@ -1,3 +1,29 @@ +Dec 16th, 2002 +v0.80 -- Found a change I made to the MPI that is questionable. Not quite a bug but definately not desired. Had todo + with the digit shifting. In v0.79 I simply truncated without zeroing. It didn't cause problems during my + testing but I fixed it up none the less. + -- Optimized s_mp_mul_dig() from MPI to do a minimal number of passes. + -- Fixed in rsa_exptmod() where I was getting the size of the result. Basically it accomplishes the same thing + but the fixed code is more readable. + -- Fixed slight bug in dh_sign_hash() where the random "k" value was 1 byte shorter than it should have been. I've + also made the #define FAST_PK speed up signatures as well. Essentially FAST_PK tells the DH sub-system to + limit any private exponent to 256-bits. Note that when FAST_PK is defined does not make the library + binary or source incompatible with a copy of the library with it undefined. + -- Removed the DSA code. If you want fast diffie-hellman just define FAST_PK :-) + -- Updated dh_sign_hash()/dh_verify_hash() to export "unsigned" bignums. Saves two bytes but is not binary + compatible with the previous release... sorry! I've performed the same fix to the ecc code as well. + -- Fixed up the PK code to remove all use of mp_toraw() and mp_read_raw() [get all the changes out of the way now] + -- Fixed a bug in the DH code where it missed trapping a few errors if they occurred. + -- Fixed a slight "its-not-a-bug-but-could-be-done-better" bug in the next_prime() function. Essentially it was + testing to ensure that in the loop that searches for the next candidate that the step never grows beyond + 65000. Should have been testing for MP_DIGIT_MAX + -- Spruced up the config.pl script. It now makes a header file "mycrypt_custom.h" which can be included *before* + you include mycrypt.h. This allows you to add libtomcrypt to a project without completely changing your make + system around. Note that you should use the makefile it writes to at least build the library initially. + -- Used splint to check alot of the code out. Tons of minor fixes and explicit casts added. + -- Also made all the internal functions of MPI are now static to avoid poluting the namespace + -- **Notice**: There are no planned future releases for at least a month from the this release date. + Dec 14th, 2002 v0.79 -- Change to PK code [binary and source]. I made it so you have to pass the buffer size to the *_decrypt_key and *_verify_hash functions. This prevents malformed packets from performing buffer overflows. I've also trimmed diff --git a/config.pl b/config.pl index fd8093c..2a03557 100644 --- a/config.pl +++ b/config.pl @@ -13,6 +13,7 @@ "CFLAGS,Include Paths,-I./", "CFLAGS,Other compiler options,", "CFLAGS,XMALLOC,-DXMALLOC=malloc", + "CFLAGS,XREALLOC,-DXREALLOC=realloc", "CFLAGS,XCALLOC,-DXCALLOC=calloc", "CFLAGS,XFREE,-DXFREE=free", "CFLAGS,XCLOCK,-DXCLOCK=clock", @@ -67,7 +68,6 @@ "MRSA,Include RSA public key support,y", "MDH,Include Diffie-Hellman (over Z/pZ) public key support,y", "MECC,Include Eliptic Curve public key crypto support,y", - "MDSA,Include Digital Signature Algoritm (DSA) support\n(not required for signatures in the other three),y", "KR,Include Keyring support (groups all three PK systems),y", "DH768,768-bit DH key support,y", @@ -87,17 +87,11 @@ "ECC384,384-bit ECC key support,y", "ECC521,521-bit ECC key support,y", - "DSA1024,1024-bit (160-bit) DSA key support,y", - "DSA2048,2048-bit (256-bit) DSA key support,y", - "DSA4096,4096-bit (512-bit) DSA key support,y", - "GF,Include GF(2^w) math support (not used internally),n", "MPI,Include MPI big integer math support (required by the public key code),y", "MPI_FASTEXPT,Use the faster exponentiation code (uses some heap but is faster),y", - "MPI_FASTEXPT_LOWMEM,Use the low ram variant of the fast code\nRequires the fast code to enabled,n", - - + "MPI_FASTEXPT_LOWMEM,Use the low ram variant of the fast code\nRequires the fast code to enabled,n", ); # scan for switches and make variables @@ -116,6 +110,27 @@ for (@opts) { $r = <>; @vars{'CFLAGS'} = @vars{'CFLAGS'} . "-D" . $m[0] . " " if (($r eq "y\n") || ($r eq "\n" && @m[2] eq "y")); } +# write header + +open(OUT,">mycrypt_custom.h"); +print OUT "/* This header is meant to be included before mycrypt.h in projects where\n"; +print OUT " * you don't want to throw all the defines in a makefile. \n"; +print OUT " */\n\n#ifndef MYCRYPT_CUSTOM_H_\n#define MYCRYPT_CUSTOM_H_\n\n#ifdef CRYPT\n\t#error mycrypt_custom.h should be included before mycrypt.h\n#endif\n\n"; + +@m = split(" ", @vars{'CFLAGS'}); +for (@m) { + if ($_ =~ /^-D/) { + $_ =~ s/-D//; + $_ =~ s/=/" "/ge; + print OUT "#define $_\n"; + } +} + +print OUT "\n\n#include \n\n#endif\n\n"; +close OUT; + +print "\n\nmycrypt_custom.h generated.\n"; + open(OUT,">makefile.out"); print OUT "#makefile generated with config.pl\n#\n#Tom St Denis (tomstdenis\@yahoo.com, http://tom.iahu.ca) \n\n"; @@ -129,15 +144,19 @@ for (@settings) { # output objects print OUT "\ndefault: library\n\n"; -print OUT "OBJECTS = keyring.o gf.o mem.o sprng.o dsa.o ecc.o base64.o dh.o rsa.o bits.o yarrow.o cfb.o ofb.o ecb.o ctr.o cbc.o hash.o tiger.o sha1.o md5.o md4.o md2.o sha256.o sha512.o xtea.o aes.o serpent.o des.o safer_tab.o safer.o safer+.o rc4.o rc2.o rc6.o rc5.o cast5.o noekeon.o blowfish.o crypt.o ampi.o mpi.o prime.o twofish.o packet.o hmac.o strings.o\n\n"; +print OUT "OBJECTS = keyring.o gf.o mem.o sprng.o ecc.o base64.o dh.o rsa.o bits.o yarrow.o cfb.o ofb.o ecb.o ctr.o cbc.o hash.o tiger.o sha1.o md5.o md4.o md2.o sha256.o sha512.o xtea.o aes.o serpent.o des.o safer_tab.o safer.o safer+.o rc4.o rc2.o rc6.o rc5.o cast5.o noekeon.o blowfish.o crypt.o ampi.o mpi.o prime.o twofish.o packet.o hmac.o strings.o\n\n"; # some depends print OUT "rsa.o: rsa_sys.c\ndh.o: dh_sys.c\necc.o: ecc_sys.c\n\n"; # targets -print OUT "library: \$(OBJECTS)\n\t \$(AR) rs libtomcrypt.a \$(OBJECTS)\n\n"; +print OUT "library: \$(OBJECTS)\n\t \$(AR) r libtomcrypt.a \$(OBJECTS)\n\t ranlib libtomcrypt.a\n\n"; print OUT "clean:\n\trm -f \$(OBJECTS) libtomcrypt.a \n\n"; close OUT; -print "\n\nmakefile.out was written.\n"; \ No newline at end of file +print "makefile.out generated.\n"; + +print "\nNow use makefile.out to build the library, e.g. `make -f makefile.out'\n"; +print "In your project just include mycrypt_custom.h (you don't have to include mycrypt.h \n"; +print "but if you do make sure mycrypt_custom.h appears first) your settings should be intact.\n"; \ No newline at end of file diff --git a/config.pl.README b/config.pl.README new file mode 100644 index 0000000..00b927b --- /dev/null +++ b/config.pl.README @@ -0,0 +1,18 @@ +How to use the config.pl script +------------------------------- + +The configuration script "config.pl" is very simple to use. It is designed to prompt the user for +all the valid libtomcrypt build options then make "makefile.out" and "mycrypt_custom.h". In order to +run the script you need Perl installed. + +After running the script you can build the library two ways. + +1) Use the makefile.out it generates. Simply type "make -f makefile.out" to build the library. + +2) Add the libtomcrypt source files to your project. You have to make sure HAVE_CUSTOM is defined when you +build the source files. You have to copy "mycrypt_custom.h" into the your projects include path. + +You should copy the library and header files to their respective global search paths. + +To use the library with this system you need only include "mycrypt_custom.h" in your application. It will +include the required header files. diff --git a/crypt.c b/crypt.c index b200a6e..09d7797 100644 --- a/crypt.c +++ b/crypt.c @@ -116,7 +116,7 @@ void crypt_argchk(char *v, char *s, int d) fprintf(stderr, "_ARGCHK '%s' failure on line %d of file %s\n", v, d, s); #endif - raise(SIGABRT); + (void)raise(SIGABRT); } #endif /* ch1-01-1 */ @@ -138,7 +138,7 @@ int find_hash(const char *name) int x; _ARGCHK(name != NULL); for (x = 0; x < TAB_SIZE; x++) { - if (hash_descriptor[x].name != NULL && !strcmp(hash_descriptor[x].name, name)) { + if (hash_descriptor[x].name != NULL && strcmp(hash_descriptor[x].name, name) == 0) { return x; } } @@ -150,7 +150,7 @@ int find_prng(const char *name) int x; _ARGCHK(name != NULL); for (x = 0; x < TAB_SIZE; x++) { - if ((prng_descriptor[x].name != NULL) && !strcmp(prng_descriptor[x].name, name)) { + if ((prng_descriptor[x].name != NULL) && strcmp(prng_descriptor[x].name, name) == 0) { return x; } } @@ -230,7 +230,7 @@ int unregister_cipher(const struct _cipher_descriptor *cipher) /* is it already registered? */ for (x = 0; x < TAB_SIZE; x++) { - if (!memcmp(&cipher_descriptor[x], cipher, sizeof(struct _cipher_descriptor))) { + if (memcmp(&cipher_descriptor[x], cipher, sizeof(struct _cipher_descriptor)) == 0) { cipher_descriptor[x].name = NULL; cipher_descriptor[x].ID = 255; return CRYPT_OK; @@ -247,7 +247,7 @@ int register_hash(const struct _hash_descriptor *hash) /* is it already registered? */ for (x = 0; x < TAB_SIZE; x++) { - if (!memcmp(&hash_descriptor[x], hash, sizeof(struct _hash_descriptor))) { + if (memcmp(&hash_descriptor[x], hash, sizeof(struct _hash_descriptor)) == 0) { return x; } } @@ -272,7 +272,7 @@ int unregister_hash(const struct _hash_descriptor *hash) /* is it already registered? */ for (x = 0; x < TAB_SIZE; x++) { - if (!memcmp(&hash_descriptor[x], hash, sizeof(struct _hash_descriptor))) { + if (memcmp(&hash_descriptor[x], hash, sizeof(struct _hash_descriptor)) == 0) { hash_descriptor[x].name = NULL; return CRYPT_OK; } @@ -288,7 +288,7 @@ int register_prng(const struct _prng_descriptor *prng) /* is it already registered? */ for (x = 0; x < TAB_SIZE; x++) { - if (!memcmp(&prng_descriptor[x], prng, sizeof(struct _prng_descriptor))) { + if (memcmp(&prng_descriptor[x], prng, sizeof(struct _prng_descriptor)) == 0) { return x; } } @@ -313,7 +313,7 @@ int unregister_prng(const struct _prng_descriptor *prng) /* is it already registered? */ for (x = 0; x < TAB_SIZE; x++) { - if (!memcmp(&prng_descriptor[x], prng, sizeof(struct _prng_descriptor))) { + if (memcmp(&prng_descriptor[x], prng, sizeof(struct _prng_descriptor)) != 0) { prng_descriptor[x].name = NULL; return CRYPT_OK; } @@ -417,6 +417,9 @@ const char *crypt_build_settings = #if defined(CAST5) " CAST5\n" #endif +#if defined(NOEKEON) + " Noekeon\n" +#endif "\nHashes built-in:\n" #if defined(SHA512) @@ -482,6 +485,9 @@ const char *crypt_build_settings = #if defined(MECC) " ECC\n" #endif +#if defined(KR) + " KR\n" +#endif "\nCompiler:\n" #if defined(WIN32) diff --git a/crypt.pdf b/crypt.pdf index 7c84a8e..976f7e2 100644 Binary files a/crypt.pdf and b/crypt.pdf differ diff --git a/crypt.tex b/crypt.tex index a05bef6..363ec7a 100644 --- a/crypt.tex +++ b/crypt.tex @@ -44,7 +44,7 @@ \def\gap{\vspace{0.5ex}} \makeindex \begin{document} -\title{A Tiny Crypto Library, \\ LibTomCrypt \\ Version 0.79} +\title{A Tiny Crypto Library, \\ LibTomCrypt \\ Version 0.80} \author{Tom St Denis \\ Algonquin College \\ \\ diff --git a/ctr.c b/ctr.c index 67fc285..08abe1c 100644 --- a/ctr.c +++ b/ctr.c @@ -5,20 +5,20 @@ int ctr_start(int cipher, const unsigned char *count, const unsigned char *key, int keylen, int num_rounds, symmetric_CTR *ctr) { - int x, errno; + int x, err; _ARGCHK(count != NULL); _ARGCHK(key != NULL); _ARGCHK(ctr != NULL); /* bad param? */ - if ((errno = cipher_is_valid(cipher)) != CRYPT_OK) { - return errno; + if ((err = cipher_is_valid(cipher)) != CRYPT_OK) { + return err; } /* setup cipher */ - if ((errno = cipher_descriptor[cipher].setup(key, keylen, num_rounds, &ctr->key)) != CRYPT_OK) { - return errno; + if ((err = cipher_descriptor[cipher].setup(key, keylen, num_rounds, &ctr->key)) != CRYPT_OK) { + return err; } /* copy ctr */ @@ -34,23 +34,23 @@ int ctr_start(int cipher, const unsigned char *count, const unsigned char *key, int ctr_encrypt(const unsigned char *pt, unsigned char *ct, unsigned long len, symmetric_CTR *ctr) { - int x, errno; + int x, err; _ARGCHK(pt != NULL); _ARGCHK(ct != NULL); _ARGCHK(ctr != NULL); - if ((errno = cipher_is_valid(ctr->cipher)) != CRYPT_OK) { - return errno; + if ((err = cipher_is_valid(ctr->cipher)) != CRYPT_OK) { + return err; } - while (len--) { + while (len-- > 0) { /* is the pad empty? */ if (ctr->padlen == ctr->blocklen) { /* increment counter */ for (x = 0; x < ctr->blocklen; x++) { - ctr->ctr[x] = (ctr->ctr[x] + 1) & 255; - if (ctr->ctr[x] != 0) { + ctr->ctr[x] = (ctr->ctr[x] + (unsigned char)1) & (unsigned char)255; + if (ctr->ctr[x] != (unsigned char)0) { break; } } diff --git a/demos/test.c b/demos/test.c index c03d218..cc1d217 100644 --- a/demos/test.c +++ b/demos/test.c @@ -87,7 +87,7 @@ void cipher_tests(void) { printf("Ciphers compiled in\n"); for (x = 0; cipher_descriptor[x].name != NULL; x++) { - printf(" %12s (%2d) Key Size: %4ld to %4ld, Block Size: %3ld, Default # of rounds: %2ld\n", cipher_descriptor[x].name, + printf(" %12s (%2d) Key Size: %4d to %4d, Block Size: %3d, Default # of rounds: %2d\n", cipher_descriptor[x].name, cipher_descriptor[x].ID, cipher_descriptor[x].min_key_length*8,cipher_descriptor[x].max_key_length*8, cipher_descriptor[x].block_length*8, cipher_descriptor[x].default_rounds); @@ -751,7 +751,7 @@ void dh_tests(void) printf("Error: %s\n", error_to_string(errno)); exit(-1); } - printf("dh_sign/verify_hash: %s (%d,%d)\n", ((stat==1)&&(stat2==0))?"passed":"failed", stat,stat2); + printf("dh_sign/verify_hash: %s (%d,%d), %lu\n", ((stat==1)&&(stat2==0))?"passed":"failed", stat,stat2, x); dh_free(&usera); } #else @@ -1070,16 +1070,15 @@ void register_all_algs(void) register_cipher(&null_desc); -#ifdef SHA1 - register_hash(&sha1_desc); -#endif #ifdef SHA256 register_hash(&sha256_desc); #endif #ifdef TIGER register_hash(&tiger_desc); #endif - +#ifdef SHA1 + register_hash(&sha1_desc); +#endif #ifdef MD5 register_hash(&md5_desc); #endif @@ -1432,7 +1431,6 @@ int main(void) printf(crypt_build_settings); test_errs(); - #ifdef HMAC printf("HMAC: %s\n", hmac_test() == CRYPT_OK ? "passed" : "failed"); #endif diff --git a/des.c b/des.c index ae35bdf..81a7bd6 100644 --- a/des.c +++ b/des.c @@ -30,26 +30,19 @@ const struct _cipher_descriptor des3_desc = &des3_keysize }; -static const unsigned char Df_Key[24] = -{ - 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef, - 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10, - 0x89, 0xab, 0xcd, 0xef, 0x01, 0x23, 0x45, 0x67 -}; - -static const unsigned short bytebit[8] = +static const unsigned long bytebit[8] = { 0200, 0100, 040, 020, 010, 04, 02, 01 }; static const unsigned long bigbyte[24] = { - 0x800000L, 0x400000L, 0x200000L, 0x100000L, - 0x80000L, 0x40000L, 0x20000L, 0x10000L, - 0x8000L, 0x4000L, 0x2000L, 0x1000L, - 0x800L, 0x400L, 0x200L, 0x100L, - 0x80L, 0x40L, 0x20L, 0x10L, - 0x8L, 0x4L, 0x2L, 0x1L + 0x800000UL, 0x400000UL, 0x200000UL, 0x100000UL, + 0x80000UL, 0x40000UL, 0x20000UL, 0x10000UL, + 0x8000UL, 0x4000UL, 0x2000UL, 0x1000UL, + 0x800UL, 0x400UL, 0x200UL, 0x100UL, + 0x80UL, 0x40UL, 0x20UL, 0x10UL, + 0x8UL, 0x4UL, 0x2UL, 0x1L }; /* Use the key schedule specific in the standard (ANSI X3.92-1981) */ @@ -78,162 +71,162 @@ static const unsigned char pc2[48] = { static const unsigned long SP1[64] = { - 0x01010400L, 0x00000000L, 0x00010000L, 0x01010404L, - 0x01010004L, 0x00010404L, 0x00000004L, 0x00010000L, - 0x00000400L, 0x01010400L, 0x01010404L, 0x00000400L, - 0x01000404L, 0x01010004L, 0x01000000L, 0x00000004L, - 0x00000404L, 0x01000400L, 0x01000400L, 0x00010400L, - 0x00010400L, 0x01010000L, 0x01010000L, 0x01000404L, - 0x00010004L, 0x01000004L, 0x01000004L, 0x00010004L, - 0x00000000L, 0x00000404L, 0x00010404L, 0x01000000L, - 0x00010000L, 0x01010404L, 0x00000004L, 0x01010000L, - 0x01010400L, 0x01000000L, 0x01000000L, 0x00000400L, - 0x01010004L, 0x00010000L, 0x00010400L, 0x01000004L, - 0x00000400L, 0x00000004L, 0x01000404L, 0x00010404L, - 0x01010404L, 0x00010004L, 0x01010000L, 0x01000404L, - 0x01000004L, 0x00000404L, 0x00010404L, 0x01010400L, - 0x00000404L, 0x01000400L, 0x01000400L, 0x00000000L, - 0x00010004L, 0x00010400L, 0x00000000L, 0x01010004 + 0x01010400UL, 0x00000000UL, 0x00010000UL, 0x01010404UL, + 0x01010004UL, 0x00010404UL, 0x00000004UL, 0x00010000UL, + 0x00000400UL, 0x01010400UL, 0x01010404UL, 0x00000400UL, + 0x01000404UL, 0x01010004UL, 0x01000000UL, 0x00000004UL, + 0x00000404UL, 0x01000400UL, 0x01000400UL, 0x00010400UL, + 0x00010400UL, 0x01010000UL, 0x01010000UL, 0x01000404UL, + 0x00010004UL, 0x01000004UL, 0x01000004UL, 0x00010004UL, + 0x00000000UL, 0x00000404UL, 0x00010404UL, 0x01000000UL, + 0x00010000UL, 0x01010404UL, 0x00000004UL, 0x01010000UL, + 0x01010400UL, 0x01000000UL, 0x01000000UL, 0x00000400UL, + 0x01010004UL, 0x00010000UL, 0x00010400UL, 0x01000004UL, + 0x00000400UL, 0x00000004UL, 0x01000404UL, 0x00010404UL, + 0x01010404UL, 0x00010004UL, 0x01010000UL, 0x01000404UL, + 0x01000004UL, 0x00000404UL, 0x00010404UL, 0x01010400UL, + 0x00000404UL, 0x01000400UL, 0x01000400UL, 0x00000000UL, + 0x00010004UL, 0x00010400UL, 0x00000000UL, 0x01010004UL }; static const unsigned long SP2[64] = { - 0x80108020L, 0x80008000L, 0x00008000L, 0x00108020L, - 0x00100000L, 0x00000020L, 0x80100020L, 0x80008020L, - 0x80000020L, 0x80108020L, 0x80108000L, 0x80000000L, - 0x80008000L, 0x00100000L, 0x00000020L, 0x80100020L, - 0x00108000L, 0x00100020L, 0x80008020L, 0x00000000L, - 0x80000000L, 0x00008000L, 0x00108020L, 0x80100000L, - 0x00100020L, 0x80000020L, 0x00000000L, 0x00108000L, - 0x00008020L, 0x80108000L, 0x80100000L, 0x00008020L, - 0x00000000L, 0x00108020L, 0x80100020L, 0x00100000L, - 0x80008020L, 0x80100000L, 0x80108000L, 0x00008000L, - 0x80100000L, 0x80008000L, 0x00000020L, 0x80108020L, - 0x00108020L, 0x00000020L, 0x00008000L, 0x80000000L, - 0x00008020L, 0x80108000L, 0x00100000L, 0x80000020L, - 0x00100020L, 0x80008020L, 0x80000020L, 0x00100020L, - 0x00108000L, 0x00000000L, 0x80008000L, 0x00008020L, - 0x80000000L, 0x80100020L, 0x80108020L, 0x00108000 + 0x80108020UL, 0x80008000UL, 0x00008000UL, 0x00108020UL, + 0x00100000UL, 0x00000020UL, 0x80100020UL, 0x80008020UL, + 0x80000020UL, 0x80108020UL, 0x80108000UL, 0x80000000UL, + 0x80008000UL, 0x00100000UL, 0x00000020UL, 0x80100020UL, + 0x00108000UL, 0x00100020UL, 0x80008020UL, 0x00000000UL, + 0x80000000UL, 0x00008000UL, 0x00108020UL, 0x80100000UL, + 0x00100020UL, 0x80000020UL, 0x00000000UL, 0x00108000UL, + 0x00008020UL, 0x80108000UL, 0x80100000UL, 0x00008020UL, + 0x00000000UL, 0x00108020UL, 0x80100020UL, 0x00100000UL, + 0x80008020UL, 0x80100000UL, 0x80108000UL, 0x00008000UL, + 0x80100000UL, 0x80008000UL, 0x00000020UL, 0x80108020UL, + 0x00108020UL, 0x00000020UL, 0x00008000UL, 0x80000000UL, + 0x00008020UL, 0x80108000UL, 0x00100000UL, 0x80000020UL, + 0x00100020UL, 0x80008020UL, 0x80000020UL, 0x00100020UL, + 0x00108000UL, 0x00000000UL, 0x80008000UL, 0x00008020UL, + 0x80000000UL, 0x80100020UL, 0x80108020UL, 0x00108000UL }; static const unsigned long SP3[64] = { - 0x00000208L, 0x08020200L, 0x00000000L, 0x08020008L, - 0x08000200L, 0x00000000L, 0x00020208L, 0x08000200L, - 0x00020008L, 0x08000008L, 0x08000008L, 0x00020000L, - 0x08020208L, 0x00020008L, 0x08020000L, 0x00000208L, - 0x08000000L, 0x00000008L, 0x08020200L, 0x00000200L, - 0x00020200L, 0x08020000L, 0x08020008L, 0x00020208L, - 0x08000208L, 0x00020200L, 0x00020000L, 0x08000208L, - 0x00000008L, 0x08020208L, 0x00000200L, 0x08000000L, - 0x08020200L, 0x08000000L, 0x00020008L, 0x00000208L, - 0x00020000L, 0x08020200L, 0x08000200L, 0x00000000L, - 0x00000200L, 0x00020008L, 0x08020208L, 0x08000200L, - 0x08000008L, 0x00000200L, 0x00000000L, 0x08020008L, - 0x08000208L, 0x00020000L, 0x08000000L, 0x08020208L, - 0x00000008L, 0x00020208L, 0x00020200L, 0x08000008L, - 0x08020000L, 0x08000208L, 0x00000208L, 0x08020000L, - 0x00020208L, 0x00000008L, 0x08020008L, 0x00020200 + 0x00000208UL, 0x08020200UL, 0x00000000UL, 0x08020008UL, + 0x08000200UL, 0x00000000UL, 0x00020208UL, 0x08000200UL, + 0x00020008UL, 0x08000008UL, 0x08000008UL, 0x00020000UL, + 0x08020208UL, 0x00020008UL, 0x08020000UL, 0x00000208UL, + 0x08000000UL, 0x00000008UL, 0x08020200UL, 0x00000200UL, + 0x00020200UL, 0x08020000UL, 0x08020008UL, 0x00020208UL, + 0x08000208UL, 0x00020200UL, 0x00020000UL, 0x08000208UL, + 0x00000008UL, 0x08020208UL, 0x00000200UL, 0x08000000UL, + 0x08020200UL, 0x08000000UL, 0x00020008UL, 0x00000208UL, + 0x00020000UL, 0x08020200UL, 0x08000200UL, 0x00000000UL, + 0x00000200UL, 0x00020008UL, 0x08020208UL, 0x08000200UL, + 0x08000008UL, 0x00000200UL, 0x00000000UL, 0x08020008UL, + 0x08000208UL, 0x00020000UL, 0x08000000UL, 0x08020208UL, + 0x00000008UL, 0x00020208UL, 0x00020200UL, 0x08000008UL, + 0x08020000UL, 0x08000208UL, 0x00000208UL, 0x08020000UL, + 0x00020208UL, 0x00000008UL, 0x08020008UL, 0x00020200UL }; static const unsigned long SP4[64] = { - 0x00802001L, 0x00002081L, 0x00002081L, 0x00000080L, - 0x00802080L, 0x00800081L, 0x00800001L, 0x00002001L, - 0x00000000L, 0x00802000L, 0x00802000L, 0x00802081L, - 0x00000081L, 0x00000000L, 0x00800080L, 0x00800001L, - 0x00000001L, 0x00002000L, 0x00800000L, 0x00802001L, - 0x00000080L, 0x00800000L, 0x00002001L, 0x00002080L, - 0x00800081L, 0x00000001L, 0x00002080L, 0x00800080L, - 0x00002000L, 0x00802080L, 0x00802081L, 0x00000081L, - 0x00800080L, 0x00800001L, 0x00802000L, 0x00802081L, - 0x00000081L, 0x00000000L, 0x00000000L, 0x00802000L, - 0x00002080L, 0x00800080L, 0x00800081L, 0x00000001L, - 0x00802001L, 0x00002081L, 0x00002081L, 0x00000080L, - 0x00802081L, 0x00000081L, 0x00000001L, 0x00002000L, - 0x00800001L, 0x00002001L, 0x00802080L, 0x00800081L, - 0x00002001L, 0x00002080L, 0x00800000L, 0x00802001L, - 0x00000080L, 0x00800000L, 0x00002000L, 0x00802080 + 0x00802001UL, 0x00002081UL, 0x00002081UL, 0x00000080UL, + 0x00802080UL, 0x00800081UL, 0x00800001UL, 0x00002001UL, + 0x00000000UL, 0x00802000UL, 0x00802000UL, 0x00802081UL, + 0x00000081UL, 0x00000000UL, 0x00800080UL, 0x00800001UL, + 0x00000001UL, 0x00002000UL, 0x00800000UL, 0x00802001UL, + 0x00000080UL, 0x00800000UL, 0x00002001UL, 0x00002080UL, + 0x00800081UL, 0x00000001UL, 0x00002080UL, 0x00800080UL, + 0x00002000UL, 0x00802080UL, 0x00802081UL, 0x00000081UL, + 0x00800080UL, 0x00800001UL, 0x00802000UL, 0x00802081UL, + 0x00000081UL, 0x00000000UL, 0x00000000UL, 0x00802000UL, + 0x00002080UL, 0x00800080UL, 0x00800081UL, 0x00000001UL, + 0x00802001UL, 0x00002081UL, 0x00002081UL, 0x00000080UL, + 0x00802081UL, 0x00000081UL, 0x00000001UL, 0x00002000UL, + 0x00800001UL, 0x00002001UL, 0x00802080UL, 0x00800081UL, + 0x00002001UL, 0x00002080UL, 0x00800000UL, 0x00802001UL, + 0x00000080UL, 0x00800000UL, 0x00002000UL, 0x00802080UL }; static const unsigned long SP5[64] = { - 0x00000100L, 0x02080100L, 0x02080000L, 0x42000100L, - 0x00080000L, 0x00000100L, 0x40000000L, 0x02080000L, - 0x40080100L, 0x00080000L, 0x02000100L, 0x40080100L, - 0x42000100L, 0x42080000L, 0x00080100L, 0x40000000L, - 0x02000000L, 0x40080000L, 0x40080000L, 0x00000000L, - 0x40000100L, 0x42080100L, 0x42080100L, 0x02000100L, - 0x42080000L, 0x40000100L, 0x00000000L, 0x42000000L, - 0x02080100L, 0x02000000L, 0x42000000L, 0x00080100L, - 0x00080000L, 0x42000100L, 0x00000100L, 0x02000000L, - 0x40000000L, 0x02080000L, 0x42000100L, 0x40080100L, - 0x02000100L, 0x40000000L, 0x42080000L, 0x02080100L, - 0x40080100L, 0x00000100L, 0x02000000L, 0x42080000L, - 0x42080100L, 0x00080100L, 0x42000000L, 0x42080100L, - 0x02080000L, 0x00000000L, 0x40080000L, 0x42000000L, - 0x00080100L, 0x02000100L, 0x40000100L, 0x00080000L, - 0x00000000L, 0x40080000L, 0x02080100L, 0x40000100 + 0x00000100UL, 0x02080100UL, 0x02080000UL, 0x42000100UL, + 0x00080000UL, 0x00000100UL, 0x40000000UL, 0x02080000UL, + 0x40080100UL, 0x00080000UL, 0x02000100UL, 0x40080100UL, + 0x42000100UL, 0x42080000UL, 0x00080100UL, 0x40000000UL, + 0x02000000UL, 0x40080000UL, 0x40080000UL, 0x00000000UL, + 0x40000100UL, 0x42080100UL, 0x42080100UL, 0x02000100UL, + 0x42080000UL, 0x40000100UL, 0x00000000UL, 0x42000000UL, + 0x02080100UL, 0x02000000UL, 0x42000000UL, 0x00080100UL, + 0x00080000UL, 0x42000100UL, 0x00000100UL, 0x02000000UL, + 0x40000000UL, 0x02080000UL, 0x42000100UL, 0x40080100UL, + 0x02000100UL, 0x40000000UL, 0x42080000UL, 0x02080100UL, + 0x40080100UL, 0x00000100UL, 0x02000000UL, 0x42080000UL, + 0x42080100UL, 0x00080100UL, 0x42000000UL, 0x42080100UL, + 0x02080000UL, 0x00000000UL, 0x40080000UL, 0x42000000UL, + 0x00080100UL, 0x02000100UL, 0x40000100UL, 0x00080000UL, + 0x00000000UL, 0x40080000UL, 0x02080100UL, 0x40000100UL }; static const unsigned long SP6[64] = { - 0x20000010L, 0x20400000L, 0x00004000L, 0x20404010L, - 0x20400000L, 0x00000010L, 0x20404010L, 0x00400000L, - 0x20004000L, 0x00404010L, 0x00400000L, 0x20000010L, - 0x00400010L, 0x20004000L, 0x20000000L, 0x00004010L, - 0x00000000L, 0x00400010L, 0x20004010L, 0x00004000L, - 0x00404000L, 0x20004010L, 0x00000010L, 0x20400010L, - 0x20400010L, 0x00000000L, 0x00404010L, 0x20404000L, - 0x00004010L, 0x00404000L, 0x20404000L, 0x20000000L, - 0x20004000L, 0x00000010L, 0x20400010L, 0x00404000L, - 0x20404010L, 0x00400000L, 0x00004010L, 0x20000010L, - 0x00400000L, 0x20004000L, 0x20000000L, 0x00004010L, - 0x20000010L, 0x20404010L, 0x00404000L, 0x20400000L, - 0x00404010L, 0x20404000L, 0x00000000L, 0x20400010L, - 0x00000010L, 0x00004000L, 0x20400000L, 0x00404010L, - 0x00004000L, 0x00400010L, 0x20004010L, 0x00000000L, - 0x20404000L, 0x20000000L, 0x00400010L, 0x20004010 + 0x20000010UL, 0x20400000UL, 0x00004000UL, 0x20404010UL, + 0x20400000UL, 0x00000010UL, 0x20404010UL, 0x00400000UL, + 0x20004000UL, 0x00404010UL, 0x00400000UL, 0x20000010UL, + 0x00400010UL, 0x20004000UL, 0x20000000UL, 0x00004010UL, + 0x00000000UL, 0x00400010UL, 0x20004010UL, 0x00004000UL, + 0x00404000UL, 0x20004010UL, 0x00000010UL, 0x20400010UL, + 0x20400010UL, 0x00000000UL, 0x00404010UL, 0x20404000UL, + 0x00004010UL, 0x00404000UL, 0x20404000UL, 0x20000000UL, + 0x20004000UL, 0x00000010UL, 0x20400010UL, 0x00404000UL, + 0x20404010UL, 0x00400000UL, 0x00004010UL, 0x20000010UL, + 0x00400000UL, 0x20004000UL, 0x20000000UL, 0x00004010UL, + 0x20000010UL, 0x20404010UL, 0x00404000UL, 0x20400000UL, + 0x00404010UL, 0x20404000UL, 0x00000000UL, 0x20400010UL, + 0x00000010UL, 0x00004000UL, 0x20400000UL, 0x00404010UL, + 0x00004000UL, 0x00400010UL, 0x20004010UL, 0x00000000UL, + 0x20404000UL, 0x20000000UL, 0x00400010UL, 0x20004010UL }; static const unsigned long SP7[64] = { - 0x00200000L, 0x04200002L, 0x04000802L, 0x00000000L, - 0x00000800L, 0x04000802L, 0x00200802L, 0x04200800L, - 0x04200802L, 0x00200000L, 0x00000000L, 0x04000002L, - 0x00000002L, 0x04000000L, 0x04200002L, 0x00000802L, - 0x04000800L, 0x00200802L, 0x00200002L, 0x04000800L, - 0x04000002L, 0x04200000L, 0x04200800L, 0x00200002L, - 0x04200000L, 0x00000800L, 0x00000802L, 0x04200802L, - 0x00200800L, 0x00000002L, 0x04000000L, 0x00200800L, - 0x04000000L, 0x00200800L, 0x00200000L, 0x04000802L, - 0x04000802L, 0x04200002L, 0x04200002L, 0x00000002L, - 0x00200002L, 0x04000000L, 0x04000800L, 0x00200000L, - 0x04200800L, 0x00000802L, 0x00200802L, 0x04200800L, - 0x00000802L, 0x04000002L, 0x04200802L, 0x04200000L, - 0x00200800L, 0x00000000L, 0x00000002L, 0x04200802L, - 0x00000000L, 0x00200802L, 0x04200000L, 0x00000800L, - 0x04000002L, 0x04000800L, 0x00000800L, 0x00200002 + 0x00200000UL, 0x04200002UL, 0x04000802UL, 0x00000000UL, + 0x00000800UL, 0x04000802UL, 0x00200802UL, 0x04200800UL, + 0x04200802UL, 0x00200000UL, 0x00000000UL, 0x04000002UL, + 0x00000002UL, 0x04000000UL, 0x04200002UL, 0x00000802UL, + 0x04000800UL, 0x00200802UL, 0x00200002UL, 0x04000800UL, + 0x04000002UL, 0x04200000UL, 0x04200800UL, 0x00200002UL, + 0x04200000UL, 0x00000800UL, 0x00000802UL, 0x04200802UL, + 0x00200800UL, 0x00000002UL, 0x04000000UL, 0x00200800UL, + 0x04000000UL, 0x00200800UL, 0x00200000UL, 0x04000802UL, + 0x04000802UL, 0x04200002UL, 0x04200002UL, 0x00000002UL, + 0x00200002UL, 0x04000000UL, 0x04000800UL, 0x00200000UL, + 0x04200800UL, 0x00000802UL, 0x00200802UL, 0x04200800UL, + 0x00000802UL, 0x04000002UL, 0x04200802UL, 0x04200000UL, + 0x00200800UL, 0x00000000UL, 0x00000002UL, 0x04200802UL, + 0x00000000UL, 0x00200802UL, 0x04200000UL, 0x00000800UL, + 0x04000002UL, 0x04000800UL, 0x00000800UL, 0x00200002UL }; static const unsigned long SP8[64] = { - 0x10001040L, 0x00001000L, 0x00040000L, 0x10041040L, - 0x10000000L, 0x10001040L, 0x00000040L, 0x10000000L, - 0x00040040L, 0x10040000L, 0x10041040L, 0x00041000L, - 0x10041000L, 0x00041040L, 0x00001000L, 0x00000040L, - 0x10040000L, 0x10000040L, 0x10001000L, 0x00001040L, - 0x00041000L, 0x00040040L, 0x10040040L, 0x10041000L, - 0x00001040L, 0x00000000L, 0x00000000L, 0x10040040L, - 0x10000040L, 0x10001000L, 0x00041040L, 0x00040000L, - 0x00041040L, 0x00040000L, 0x10041000L, 0x00001000L, - 0x00000040L, 0x10040040L, 0x00001000L, 0x00041040L, - 0x10001000L, 0x00000040L, 0x10000040L, 0x10040000L, - 0x10040040L, 0x10000000L, 0x00040000L, 0x10001040L, - 0x00000000L, 0x10041040L, 0x00040040L, 0x10000040L, - 0x10040000L, 0x10001000L, 0x10001040L, 0x00000000L, - 0x10041040L, 0x00041000L, 0x00041000L, 0x00001040L, - 0x00001040L, 0x00040040L, 0x10000000L, 0x10041000 + 0x10001040UL, 0x00001000UL, 0x00040000UL, 0x10041040UL, + 0x10000000UL, 0x10001040UL, 0x00000040UL, 0x10000000UL, + 0x00040040UL, 0x10040000UL, 0x10041040UL, 0x00041000UL, + 0x10041000UL, 0x00041040UL, 0x00001000UL, 0x00000040UL, + 0x10040000UL, 0x10000040UL, 0x10001000UL, 0x00001040UL, + 0x00041000UL, 0x00040040UL, 0x10040040UL, 0x10041000UL, + 0x00001040UL, 0x00000000UL, 0x00000000UL, 0x10040040UL, + 0x10000040UL, 0x10001000UL, 0x00041040UL, 0x00040000UL, + 0x00041040UL, 0x00040000UL, 0x10041000UL, 0x00001000UL, + 0x00000040UL, 0x10040040UL, 0x00001000UL, 0x00041040UL, + 0x10001000UL, 0x00000040UL, 0x10000040UL, 0x10040000UL, + 0x10040040UL, 0x10000000UL, 0x00040000UL, 0x10001040UL, + 0x00000000UL, 0x10041040UL, 0x00040040UL, 0x10000040UL, + 0x10040000UL, 0x10001000UL, 0x10001040UL, 0x00000000UL, + 0x10041040UL, 0x00041000UL, 0x00041000UL, 0x00001040UL, + 0x00001040UL, 0x00040040UL, 0x10000000UL, 0x10041000UL }; @@ -245,15 +238,14 @@ void _deskey(const unsigned char *key, short edf, unsigned long *keyout) void deskey(const unsigned char *key, short edf, unsigned long *keyout) #endif { - int i, j, l, m, n; + unsigned long i, j, l, m, n, kn[32]; unsigned char pc1m[56], pcr[56]; - unsigned long kn[32]; for(j=0; j < 56; j++) { - l = pc1[j]; + l = (unsigned long)pc1[j]; m = l & 07; - pc1m[j] = (key[l >> 3] & bytebit[m]) ? 1 : 0; + pc1m[j] = (unsigned char)((key[l >> 3U] & bytebit[m]) == bytebit[m] ? 1 : 0); } for(i=0; i < 16; i++) @@ -264,20 +256,20 @@ void deskey(const unsigned char *key, short edf, unsigned long *keyout) kn[m] = kn[n] = 0L; for(j=0; j < 28; j++) { - l = j + totrot[i]; + l = j + (unsigned long)totrot[i]; if(l < 28) pcr[j] = pc1m[l]; else pcr[j] = pc1m[l - 28]; } for(/*j = 28*/; j < 56; j++) { - l = j + totrot[i]; + l = j + (unsigned long)totrot[i]; if(l < 56) pcr[j] = pc1m[l]; else pcr[j] = pc1m[l - 28]; } for(j=0; j < 24; j++) { - if(pcr[pc2[j]]) kn[m] |= bigbyte[j]; - if(pcr[pc2[j+24]]) kn[n] |= bigbyte[j]; + if((int)pcr[(int)pc2[j]] != 0) kn[m] |= bigbyte[j]; + if((int)pcr[(int)pc2[j+24]] != 0) kn[n] |= bigbyte[j]; } } @@ -522,7 +514,7 @@ void des3_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_key int des_test(void) { - int errno; + int err; static const struct des_test_case { int num, mode; // mode 1 = encrypt unsigned char key[8], txt[8], out[8]; @@ -636,10 +628,10 @@ int des_test(void) for(i=0; i < (int)(sizeof(cases)/sizeof(cases[0])); i++) { - if ((errno = des_setup(cases[i].key, 8, 0, &des)) != CRYPT_OK) { - return errno; + if ((err = des_setup(cases[i].key, 8, 0, &des)) != CRYPT_OK) { + return err; } - if (cases[i].mode) { + if (cases[i].mode != 0) { des_ecb_encrypt(cases[i].txt, out, &des); } else { des_ecb_decrypt(cases[i].txt, out, &des); @@ -657,10 +649,10 @@ int des3_test(void) { unsigned char key[24], pt[8], ct[8], tmp[8]; symmetric_key skey; - int x, errno; + int x, err; - if ((errno = des_test()) != CRYPT_OK) { - return errno; + if ((err = des_test()) != CRYPT_OK) { + return err; } for (x = 0; x < 8; x++) { @@ -671,14 +663,14 @@ int des3_test(void) key[x] = x; } - if ((errno = des3_setup(key, 24, 0, &skey)) != CRYPT_OK) { - return errno; + if ((err = des3_setup(key, 24, 0, &skey)) != CRYPT_OK) { + return err; } des3_ecb_encrypt(pt, ct, &skey); des3_ecb_decrypt(ct, tmp, &skey); - if (memcmp(pt, tmp, 8)) { + if (memcmp(pt, tmp, 8) != 0) { return CRYPT_FAIL_TESTVECTOR; } diff --git a/dh.c b/dh.c index 7683deb..03914ab 100644 --- a/dh.c +++ b/dh.c @@ -151,12 +151,12 @@ int dh_test(void) if (mp_init_multi(&p, &g, &tmp, NULL) != MP_OKAY) { goto error; } - for (x = 0; sets[x].size; x++) { + for (x = 0; sets[x].size != 0; x++) { #if 0 printf("dh_test():testing size %d-bits\n", sets[x].size * 8); #endif - if (mp_read_radix(&g, sets[x].base, 64) != MP_OKAY) { goto error; } - if (mp_read_radix(&p, sets[x].prime, 64) != MP_OKAY) { goto error; } + if (mp_read_radix(&g,(unsigned char *)sets[x].base, 64) != MP_OKAY) { goto error; } + if (mp_read_radix(&p,(unsigned char *)sets[x].prime, 64) != MP_OKAY) { goto error; } /* ensure p is prime */ if ((res = is_prime(&p, &primality)) != CRYPT_OK) { goto done; } @@ -198,7 +198,7 @@ void dh_sizes(int *low, int *high) _ARGCHK(high != NULL); *low = INT_MAX; *high = 0; - for (x = 0; sets[x].size; x++) { + for (x = 0; sets[x].size != 0; x++) { if (*low > sets[x].size) *low = sets[x].size; if (*high < sets[x].size) *high = sets[x].size; } @@ -207,7 +207,7 @@ void dh_sizes(int *low, int *high) int dh_get_size(dh_key *key) { _ARGCHK(key != NULL); - if (is_valid_idx(key->idx)) + if (is_valid_idx(key->idx) == 1) return sets[key->idx].size; else return INT_MAX; /* large value that would cause dh_make_key() to fail */ @@ -215,20 +215,20 @@ int dh_get_size(dh_key *key) int dh_make_key(prng_state *prng, int wprng, int keysize, dh_key *key) { - unsigned char buf[768]; + unsigned char buf[512]; unsigned long x; mp_int p, g; - int res, errno; + int res, err; _ARGCHK(key != NULL); /* good prng? */ - if ((errno = prng_is_valid(wprng)) != CRYPT_OK) { - return errno; + if ((err = prng_is_valid(wprng)) != CRYPT_OK) { + return err; } /* find key size */ - for (x = 0; (keysize > sets[x].size) && (sets[x].size); x++); + for (x = 0; (keysize > sets[x].size) && (sets[x].size != 0); x++); #ifdef FAST_PK keysize = MIN(sets[x].size, 32); #else @@ -241,8 +241,7 @@ int dh_make_key(prng_state *prng, int wprng, int keysize, dh_key *key) key->idx = x; /* make up random string */ - buf[0] = 0; - if (prng_descriptor[wprng].read(buf+1, keysize, prng) != (unsigned long)keysize) { + if (prng_descriptor[wprng].read(buf, keysize, prng) != (unsigned long)keysize) { return CRYPT_ERROR_READPRNG; } @@ -254,7 +253,7 @@ int dh_make_key(prng_state *prng, int wprng, int keysize, dh_key *key) if (mp_read_radix(&p, sets[key->idx].prime, 64) != MP_OKAY) { goto error; } /* load the x value */ - mp_read_raw(&key->x, buf, keysize+1); + if (mp_read_unsigned_bin(&key->x, buf, keysize) != MP_OKAY) { goto error; } if (mp_exptmod(&g, &key->x, &p, &key->y) != MP_OKAY) { goto error; } key->type = PK_PRIVATE; @@ -281,10 +280,10 @@ void dh_free(dh_key *key) #define OUTPUT_BIGNUM(num, buf2, y, z) \ { \ - z = mp_unsigned_bin_size(num); \ + z = (unsigned long)mp_unsigned_bin_size(num); \ STORE32L(z, buf2+y); \ y += 4; \ - mp_to_unsigned_bin(num, buf2+y); \ + (void)mp_to_unsigned_bin(num, buf2+y); \ y += z; \ } @@ -293,7 +292,7 @@ void dh_free(dh_key *key) { \ /* load value */ \ if (y + 4 > inlen) { \ - errno = CRYPT_INVALID_PACKET; \ + err = CRYPT_INVALID_PACKET; \ goto error; \ } \ LOAD32L(x, in+y); \ @@ -301,18 +300,18 @@ void dh_free(dh_key *key) \ /* sanity check... */ \ if (x+y > inlen) { \ - errno = CRYPT_INVALID_PACKET; \ + err = CRYPT_INVALID_PACKET; \ goto error; \ } \ \ /* load it */ \ - if (mp_read_unsigned_bin(num, (unsigned char *)in+y, x) != MP_OKAY) {\ - errno = CRYPT_MEM; \ + if (mp_read_unsigned_bin(num, (unsigned char *)in+y, (int)x) != MP_OKAY) {\ + err = CRYPT_MEM; \ goto error; \ } \ y += x; \ if (mp_shrink(num) != MP_OKAY) { \ - errno = CRYPT_MEM; \ + err = CRYPT_MEM; \ goto error; \ } \ } @@ -336,7 +335,7 @@ int dh_export(unsigned char *out, unsigned long *outlen, int type, dh_key *key) /* header */ buf2[y++] = type; - buf2[y++] = sets[key->idx].size / 8; + buf2[y++] = (unsigned char)(sets[key->idx].size / 8); /* export y */ OUTPUT_BIGNUM(&key->y, buf2, y, z); @@ -359,7 +358,7 @@ int dh_export(unsigned char *out, unsigned long *outlen, int type, dh_key *key) /* output it */ *outlen = y; - memcpy(out, buf2, y); + memcpy(out, buf2, (size_t)y); /* clear mem */ #ifdef CLEAN_STACK @@ -371,14 +370,14 @@ int dh_export(unsigned char *out, unsigned long *outlen, int type, dh_key *key) int dh_import(const unsigned char *in, unsigned long inlen, dh_key *key) { unsigned long x, y, s; - int errno; + int err; _ARGCHK(in != NULL); _ARGCHK(key != NULL); /* check type byte */ - if ((errno = packet_valid_header((unsigned char *)in, PACKET_SECT_DH, PACKET_SUB_KEY)) != CRYPT_OK) { - return errno; + if ((err = packet_valid_header((unsigned char *)in, PACKET_SECT_DH, PACKET_SUB_KEY)) != CRYPT_OK) { + return err; } if (2+PACKET_SIZE > inlen) { @@ -391,25 +390,25 @@ int dh_import(const unsigned char *in, unsigned long inlen, dh_key *key) } y = PACKET_SIZE; - key->type = in[y++]; - s = (long)in[y++] * 8; + key->type = (int)in[y++]; + s = (unsigned long)in[y++] * 8; - for (x = 0; (s > (unsigned long)sets[x].size) && (sets[x].size); x++); + for (x = 0; (s > (unsigned long)sets[x].size) && (sets[x].size != 0); x++); if (sets[x].size == 0) { - errno = CRYPT_INVALID_KEYSIZE; + err = CRYPT_INVALID_KEYSIZE; goto error; } - key->idx = x; + key->idx = (int)x; /* type check both values */ if ((key->type != PK_PUBLIC) && (key->type != PK_PRIVATE)) { - errno = CRYPT_PK_TYPE_MISMATCH; + err = CRYPT_PK_TYPE_MISMATCH; goto error; } /* is the key idx valid? */ - if (!is_valid_idx(key->idx)) { - errno = CRYPT_PK_TYPE_MISMATCH; + if (is_valid_idx(key->idx) != 1) { + err = CRYPT_PK_TYPE_MISMATCH; goto error; } @@ -428,7 +427,7 @@ int dh_import(const unsigned char *in, unsigned long inlen, dh_key *key) return CRYPT_OK; error: mp_clear_multi(&key->y, &key->x, NULL); - return errno; + return err; } int dh_shared_secret(dh_key *private_key, dh_key *public_key, @@ -458,16 +457,16 @@ int dh_shared_secret(dh_key *private_key, dh_key *public_key, return CRYPT_MEM; } - if (mp_read_radix(&p, sets[private_key->idx].prime, 64) != MP_OKAY) { goto error; } - if (mp_exptmod(&public_key->y, &private_key->x, &p, &tmp) != MP_OKAY) { goto error; } + if (mp_read_radix(&p, (unsigned char *)sets[private_key->idx].prime, 64) != MP_OKAY) { goto error; } + if (mp_exptmod(&public_key->y, &private_key->x, &p, &tmp) != MP_OKAY) { goto error; } /* enough space for output? */ - x = mp_raw_size(&tmp); + x = (unsigned long)mp_unsigned_bin_size(&tmp); if (*outlen < x) { res = CRYPT_BUFFER_OVERFLOW; goto done; } - mp_toraw(&tmp, out); + (void)mp_to_unsigned_bin(&tmp, out); *outlen = x; res = CRYPT_OK; goto done; diff --git a/dh_sys.c b/dh_sys.c index ff73f45..fc39c5c 100644 --- a/dh_sys.c +++ b/dh_sys.c @@ -3,10 +3,10 @@ int dh_encrypt_key(const unsigned char *inkey, unsigned long keylen, prng_state *prng, int wprng, int hash, dh_key *key) { - unsigned char pub_expt[1536], dh_shared[1536], skey[MAXBLOCKSIZE]; + unsigned char pub_expt[768], dh_shared[768], skey[MAXBLOCKSIZE]; dh_key pubkey; unsigned long x, y, z, hashsize, pubkeysize; - int errno; + int err; _ARGCHK(inkey != NULL); _ARGCHK(out != NULL); @@ -14,12 +14,12 @@ int dh_encrypt_key(const unsigned char *inkey, unsigned long keylen, _ARGCHK(key != NULL); /* check that wprng/hash are not invalid */ - if ((errno = prng_is_valid(wprng)) != CRYPT_OK) { - return errno; + if ((err = prng_is_valid(wprng)) != CRYPT_OK) { + return err; } - if ((errno = hash_is_valid(hash)) != CRYPT_OK) { - return errno; + if ((err = hash_is_valid(hash)) != CRYPT_OK) { + return err; } if (keylen > hash_descriptor[hash].hashsize) { @@ -27,14 +27,14 @@ int dh_encrypt_key(const unsigned char *inkey, unsigned long keylen, } /* make a random key and export the public copy */ - if ((errno = dh_make_key(prng, wprng, dh_get_size(key), &pubkey)) != CRYPT_OK) { - return errno; + if ((err = dh_make_key(prng, wprng, dh_get_size(key), &pubkey)) != CRYPT_OK) { + return err; } pubkeysize = sizeof(pub_expt); - if ((errno = dh_export(pub_expt, &pubkeysize, PK_PUBLIC, &pubkey)) != CRYPT_OK) { + if ((err = dh_export(pub_expt, &pubkeysize, PK_PUBLIC, &pubkey)) != CRYPT_OK) { dh_free(&pubkey); - return errno; + return err; } /* now check if the out buffer is big enough */ @@ -46,16 +46,16 @@ int dh_encrypt_key(const unsigned char *inkey, unsigned long keylen, /* make random key */ hashsize = hash_descriptor[hash].hashsize; - x = sizeof(dh_shared); - if ((errno = dh_shared_secret(&pubkey, key, dh_shared, &x)) != CRYPT_OK) { + x = (unsigned long)sizeof(dh_shared); + if ((err = dh_shared_secret(&pubkey, key, dh_shared, &x)) != CRYPT_OK) { dh_free(&pubkey); - return errno; + return err; } dh_free(&pubkey); z = sizeof(skey); - if ((errno = hash_memory(hash, dh_shared, x, skey, &z)) != CRYPT_OK) { - return errno; + if ((err = hash_memory(hash, dh_shared, x, skey, &z)) != CRYPT_OK) { + return err; } /* output header */ @@ -97,9 +97,9 @@ int dh_decrypt_key(const unsigned char *in, unsigned long inlen, unsigned char *outkey, unsigned long *keylen, dh_key *key) { - unsigned char shared_secret[1536], skey[MAXBLOCKSIZE]; - unsigned long x, y, z, res, hashsize, keysize; - int hash, errno; + unsigned char shared_secret[768], skey[MAXBLOCKSIZE]; + unsigned long x, y, z,hashsize, keysize; + int res, hash, err; dh_key pubkey; _ARGCHK(in != NULL); @@ -120,8 +120,8 @@ int dh_decrypt_key(const unsigned char *in, unsigned long inlen, } /* is header correct? */ - if ((errno = packet_valid_header((unsigned char *)in, PACKET_SECT_DH, PACKET_SUB_ENC_KEY)) != CRYPT_OK) { - return errno; + if ((err = packet_valid_header((unsigned char *)in, PACKET_SECT_DH, PACKET_SUB_ENC_KEY)) != CRYPT_OK) { + return err; } /* now lets get the hash name */ @@ -145,22 +145,22 @@ int dh_decrypt_key(const unsigned char *in, unsigned long inlen, } y += 4; - if ((errno = dh_import(in+y, x, &pubkey)) != CRYPT_OK) { - return errno; + if ((err = dh_import(in+y, x, &pubkey)) != CRYPT_OK) { + return err; } y += x; /* make shared key */ - x = sizeof(shared_secret); - if ((errno = dh_shared_secret(key, &pubkey, shared_secret, &x)) != CRYPT_OK) { + x = (unsigned long)sizeof(shared_secret); + if ((err = dh_shared_secret(key, &pubkey, shared_secret, &x)) != CRYPT_OK) { dh_free(&pubkey); - return errno; + return err; } dh_free(&pubkey); z = sizeof(skey); - if ((errno = hash_memory(hash, shared_secret, x, skey, &z)) != CRYPT_OK) { - return errno; + if ((err = hash_memory(hash, shared_secret, x, skey, &z)) != CRYPT_OK) { + return err; } /* load in the encrypted key */ @@ -200,9 +200,9 @@ int dh_sign_hash(const unsigned char *in, unsigned long inlen, prng_state *prng, int wprng, dh_key *key) { mp_int a, b, k, m, g, p, p1, tmp; - unsigned char buf[1536], md[MAXBLOCKSIZE]; + unsigned char buf[1536]; unsigned long x, y; - int res, errno; + int res, err; _ARGCHK(in != NULL); _ARGCHK(out != NULL); @@ -214,26 +214,21 @@ int dh_sign_hash(const unsigned char *in, unsigned long inlen, return CRYPT_PK_NOT_PRIVATE; } - if ((errno = prng_is_valid(wprng)) != CRYPT_OK) { - return errno; + if ((err = prng_is_valid(wprng)) != CRYPT_OK) { + return err; } /* is the IDX valid ? */ - if (!is_valid_idx(key->idx)) { + if (is_valid_idx(key->idx) != 1) { return CRYPT_PK_INVALID_TYPE; } - /* hash the message */ - md[0] = 0; - memcpy(md+1, in, MIN(sizeof(md) - 1, inlen)); - /* make up a random value k, * since the order of the group is prime * we need not check if gcd(k, r) is 1 */ - buf[0] = 0; - if (prng_descriptor[wprng].read(buf+1, sets[key->idx].size-1, prng) != - (unsigned long)(sets[key->idx].size-1)) { + if (prng_descriptor[wprng].read(buf, sets[key->idx].size, prng) != + (unsigned long)(sets[key->idx].size)) { return CRYPT_ERROR_READPRNG; } @@ -243,8 +238,12 @@ int dh_sign_hash(const unsigned char *in, unsigned long inlen, } /* load k and m */ - if (mp_read_raw(&m, md, 1+MIN(sizeof(md) - 1, inlen)) != MP_OKAY) { goto error; } - if (mp_read_raw(&k, buf, sets[key->idx].size) != MP_OKAY) { goto error; } + if (mp_read_unsigned_bin(&m, (unsigned char *)in, inlen) != MP_OKAY) { goto error; } +#ifdef FAST_PK + if (mp_read_unsigned_bin(&k, buf, MIN(32,sets[key->idx].size)) != MP_OKAY) { goto error; } +#else + if (mp_read_unsigned_bin(&k, buf, sets[key->idx].size) != MP_OKAY) { goto error; } +#endif /* load g, p and p1 */ if (mp_read_radix(&g, sets[key->idx].base, 64) != MP_OKAY) { goto error; } @@ -265,13 +264,13 @@ int dh_sign_hash(const unsigned char *in, unsigned long inlen, y = PACKET_SIZE; /* now store them both (a,b) */ - x = mp_raw_size(&a); + x = (unsigned long)mp_unsigned_bin_size(&a); STORE32L(x, buf+y); y += 4; - mp_toraw(&a, buf+y); y += x; + mp_to_unsigned_bin(&a, buf+y); y += x; - x = mp_raw_size(&b); + x = (unsigned long)mp_unsigned_bin_size(&b); STORE32L(x, buf+y); y += 4; - mp_toraw(&b, buf+y); y += x; + mp_to_unsigned_bin(&b, buf+y); y += x; /* check if size too big */ if (*outlen < y) { @@ -283,10 +282,9 @@ int dh_sign_hash(const unsigned char *in, unsigned long inlen, packet_store_header(buf, PACKET_SECT_DH, PACKET_SUB_SIGNED); /* store it */ - memcpy(out, buf, y); + memcpy(out, buf, (size_t)y); *outlen = y; #ifdef CLEAN_STACK - zeromem(md, sizeof(md)); zeromem(buf, sizeof(buf)); #endif @@ -304,9 +302,8 @@ int dh_verify_hash(const unsigned char *sig, unsigned long siglen, int *stat, dh_key *key) { mp_int a, b, p, g, m, tmp; - unsigned char md[MAXBLOCKSIZE]; unsigned long x, y; - int res, errno; + int res, err; _ARGCHK(sig != NULL); _ARGCHK(hash != NULL); @@ -324,17 +321,13 @@ int dh_verify_hash(const unsigned char *sig, unsigned long siglen, } /* header ok? */ - if ((errno = packet_valid_header((unsigned char *)sig, PACKET_SECT_DH, PACKET_SUB_SIGNED)) != CRYPT_OK) { - return errno; + if ((err = packet_valid_header((unsigned char *)sig, PACKET_SECT_DH, PACKET_SUB_SIGNED)) != CRYPT_OK) { + return err; } /* get hash out of packet */ y = PACKET_SIZE; - /* hash the message */ - md[0] = 0; - memcpy(md+1, hash, MIN(sizeof(md) - 1, hashlen)); - /* init all bignums */ if (mp_init_multi(&a, &p, &b, &g, &m, &tmp, NULL) != MP_OKAY) { return CRYPT_MEM; @@ -349,7 +342,7 @@ int dh_verify_hash(const unsigned char *sig, unsigned long siglen, } y += 4; - if (mp_read_raw(&a, (unsigned char *)sig+y, x) != MP_OKAY) { goto error; } + if (mp_read_unsigned_bin(&a, (unsigned char *)sig+y, x) != MP_OKAY) { goto error; } y += x; LOAD32L(x, sig+y); @@ -359,7 +352,7 @@ int dh_verify_hash(const unsigned char *sig, unsigned long siglen, siglen -= x; } y += 4; - if (mp_read_raw(&b, (unsigned char *)sig+y, x) != MP_OKAY) { goto error; } + if (mp_read_unsigned_bin(&b, (unsigned char *)sig+y, x) != MP_OKAY) { goto error; } y += x; /* load p and g */ @@ -367,7 +360,7 @@ int dh_verify_hash(const unsigned char *sig, unsigned long siglen, if (mp_read_radix(&g, sets[key->idx].base, 64) != MP_OKAY) { goto error; } /* load m */ - if (mp_read_raw(&m, md, 1+MIN(sizeof(md)-1, hashlen)) != MP_OKAY) { goto error; } + if (mp_read_unsigned_bin(&m, (unsigned char *)hash, hashlen) != MP_OKAY) { goto error; } /* find g^m mod p */ if (mp_exptmod(&g, &m, &p, &m) != MP_OKAY) { goto error; } /* m = g^m mod p */ @@ -389,9 +382,6 @@ error: res = CRYPT_MEM; done: mp_clear_multi(&tmp, &m, &g, &p, &b, &a, NULL); -#ifdef CLEAN_STACK - zeromem(md, sizeof(md)); -#endif return res; } diff --git a/dsa.c b/dsa.c deleted file mode 100644 index fce0b8b..0000000 --- a/dsa.c +++ /dev/null @@ -1,398 +0,0 @@ -/* Implementation of the Digital Signature Algorithm (DSA) by Tom St Denis */ -#ifdef MDSA - -#include - -static const struct { - int size, osize; - char *order, - *prime, - *base; -} sets[] = { -#ifdef DSA1024 -{ - 1024, 160, - - "PE6GbKzFwpeAAMtC3PUsqsRQMWl", - - "PyhJv87GTec3fBvC8BQT4yQ8gSYB8rk6DfLRfeirnZsQaQBVwh8PZ7V1hKfD" - "SGGUgr1cAb3YrnZw97HvyaKmypY2dM19OxeNWNI4f6IyYwj/mcAiJpkjxMmZ" - "mYVrTbGxBG8OaKBD9vFd9/Jif8djJ18GnaRsdRoCBDec+W++x6D", - - "3uYLnHhrVRR6hATv30lj/XX5AecEE2tJVgtWcHkbwKuR3WEqqvP8xBUG70Ve" - "p6kUchz/E/kZaGIJ0mrqme6bNDIxoNqtshyDfska/Zfm/QHuDZWljVGbPx68" - "eSBw1vzkRKFCmR8QgpT+R887JufEgQRRIQOuLK8c1ND61efJH2t" -}, -#endif -#ifdef DSA2048 -{ - 2048, 256, - - "TZLgPgD7D46uoATLyNSgKsgh6LglcVDwlPFvT6dcOdN", - - "EUlAFvO8lXjhXn/6BobNq4bo0st12+zwgpshNJgoUap/LFCQcGeVGt/s/ocD" - "M+4v+bU3dNKjFJEYzb+sxmy5dbzQsa15+Ud4v1UJ/7D4p0IyA+h9aeU9i/C9" - "tJQC824mQhmL5cxx7SbQPMD/2+P04hLyeDOir1L1vmvE1tWZg43Jbza2LTQJ" - "52wi/Sguai3vFZVMObEPBfbXzg9b8pH1i75Q1os9w0LtfJ4pYQJD3Xn66jYF" - "mpLVqK4yuMXOOq07bkM5Nx+jQvFpGuRiD5e4a2FB1NjXbCGMtRxu6eurPAIY" - "F5dw3QWXkZm74SFmLTi0GW+3pipDWiBSUu9pUpp6rr", - - "79PG50FKgZgffOnFiUuuZLhWicqFZ6EwvWXQi7uBmvMQUoXNEBschAhRtLQE" - "ev5iHrR2g41rEEundwwFTbRdyq2txBS2bClkFjGlojPwayWvXLAaDltfkhws" - "TjS/gNKch4qD1nPu+Kd1RmjWp1B1JzBXnlcj/z5qMaF8oL4bk9qGGEmaeOLs" - "90vW0Z/7QWBC8h+65SohFBmydUWwXhs4rAa7NwHbPltnXdF6kZHpQOtT5h+4" - "hYA83eYzdeOl5rYrFDiyJ+nfOptgLiLIHB9L0wkOhFrb52+S7qKpgYe1+oof" - "K1/Rd4D8fL5qvGyXWz1dB8W2iqAXeXKlkWZrvHQdMM" -}, -#endif -#ifdef DSA4096 -{ - 4096, 512, - - "4GO4hUY+2MqiwNBYFx/JqRejRKXXJfcaY7mIBYksn2Dwn6JQZp9Qpg3bbnOJ" - "kt5ZqH2dtEjbV9B/AXF51jOkW/", - - "Jddrq1iN+f03IKVqcDSOz7IquBVxzb34Cwzmc7rHpIOW3DqW7IjMz47ETtWu" - "KvG3JxFdYaiv69lAE+X38DEqQSTE8Ba9jfNYs9PYeH4RfsT5op/u3r41anRW" - "jJTHMhnvwwQ0eQrZ+9d7LQePnQSUs3eXb8ZdNsh8/h30b3gIMk+08bZoJejF" - "6Y2vMtMQUHmmoM/+IlrMz7TZ4tu0jkYWBp1y74WLGemXkYvU6pqH8dTQX1MM" - "oG93eBKQ87jHbtBJ+L6EbcqO/jVa6lwUivEbBs9UtKf4lC0pe3SZqfFhrJde" - "2b5LfbPBLk2pNdC5MJCsIVz7TUL28SWYwx7Nx7ybxtKd76L8kgbLfoOYiJRx" - "WIFGRE40Q9/0zuqzz6D1WHKQE4wg5oy6WQeO3Q5BN1UC6O4EUSkD7mC3KmWA" - "MgxNDZYMA+BSCTirVL2eS90WCA4LkTsHhoLgafwZT5xanUKGY/cZix29sy21" - "J1Ut4cbPFjxg76OVu9obONitMLg+63dz3Ho8LMhXaKN43yl5Kc4PxeUCQWVU" - "gHXg8RSldQMOvhwohHFibiMUrRkkCs2//Ts6hVdS3cEFgfYhpnzeEiGBCuat" - "ZZYpaWKZlmrlcUYH7Rg9SyHH1h4DLrki5ySIjGxozT6JhIrMme8uQcN9YOiq" - "GwRhjR3AM1QiOUfolENTYCn", - - "3VIJLic34uyamh2TbNHEjECeH289m938S2wvHYe/3xPNiCjVhBxl6RAgom+Q" - "3X7+r8EII4QQKXXdqR3Ad/nXzJkgMUJVvt5d5lIwwKM7+ffbLmhJWldO0Jkc" - "7oZQr7t81khBUG4wgPVZO8OwjB66v9npPCcBLNLO6DAWE82CM8YfPJzQt0tr" - "JSHwcgixvkFft25SdI0V9zg2H6sj2Q/yAYUEAPzyDfQVvLzqEN2tmIhturnR" - "wUW4WLy8PSls/tt5eWjdI++ofdGHNJmKaZjHgym52GhNQmWZYWzK/hcllWtC" - "U8vCw7GY3nE4uF74YuTYC6LGx7wXS5ivj531KTPe4EarZ4j+aVw9ZJhfy/h+" - "K0esj9ALQP9jSz3OMDKeYaJKjj/scC5NrPdSjeJf7EvlVf41ufZHNGrFVmVW" - "kqaEuNZr+SmC6/2buPEmL4UO94H1z4QItK+rHqNWEQP6ptST0lcFwHO4uESR" - "qp8scA2/Fh+G0TfJ/rg8wImqbWsgrUwGnmDmKtFLRiX4aMPIsyFIsJvPQECT" - "EIR6yd6QIRVGZbCRiVsCqMrHsn0KZWSeKdtW9TRt/yNu+VKcgRZFfU991Nab" - "OBxkAS1kw9kyj/HZYxPG4NrqL0j5bnb1VjqQZKEEQMSBAyMMfDuMyWhrmsxV" - "ffmF/sYGxFHCbacGeu06C3U" -}, -#endif -{ - 0, 0, - NULL, - NULL, - NULL -} -}; - -int dsa_test(void) -{ - mp_int q, p, g, t; - int errno, i, res, primality; - - /* init memory */ - if (mp_init_multi(&q, &p, &g, &t, NULL) != MP_OKAY) { - return CRYPT_MEM; - } - - res = CRYPT_MEM; - for (i = 0; i < sets[i].size; i++) { - #if 0 - printf("Testing size: %d\n", sets[i].size); - #endif - /* read in order, prime, generator */ - if (mp_read_radix(&q, sets[i].order, 64) != MP_OKAY) { goto error; } - if (mp_read_radix(&p, sets[i].prime, 64) != MP_OKAY) { goto error; } - if (mp_read_radix(&g, sets[i].base, 64) != MP_OKAY) { goto error; } - - /* now see if the order and modulus are prime */ - if ((errno = is_prime(&q, &primality)) != CRYPT_OK) { - res = errno; - goto error; - } - if (primality == 0) { - res = CRYPT_FAIL_TESTVECTOR; - goto error; - } - - if ((errno = is_prime(&p, &primality)) != CRYPT_OK) { - res = errno; - goto error; - } - if (primality == 0) { - res = CRYPT_FAIL_TESTVECTOR; - goto error; - } - - /* now see what g^q mod p is (should be 1) */ - if (mp_exptmod(&g, &q, &p, &t) != MP_OKAY) { goto error; } - if (mp_cmp_d(&t, 1)) { - res = CRYPT_FAIL_TESTVECTOR; - goto error; - } - } - res = CRYPT_OK; -error: - mp_clear_multi(&t, &g, &p, &q, NULL); - return res; -} - -int dsa_make_key(prng_state *prng, int wprng, int keysize, dsa_key *key) -{ - mp_int g, p, q; - unsigned char buf[64]; - int errno, idx, x; - - _ARGCHK(prng != NULL); - _ARGCHK(key != NULL); - - /* good prng? */ - if ((errno = prng_is_valid(wprng)) != CRYPT_OK) { - return errno; - } - - /* find key size */ - for (x = 0; (keysize > sets[x].size) && (sets[x].size); x++); - if (sets[x].size == 0) { - return CRYPT_INVALID_KEYSIZE; - } - key->idx = x; - keysize = sets[x].osize; - - /* read prng */ - if (prng_descriptor[wprng].read(buf, keysize, prng) != (unsigned long)keysize) { - return CRYPT_ERROR_READPRNG; - } - - /* init parameters */ - if (mp_init_multi(&g, &p, &q, &key->x, &key->y, NULL) != MP_OKAY) { - return CRYPT_MEM; - } - if (mp_read_radix(&q, sets[x].order, 64) != MP_OKAY) { goto error; } - if (mp_read_radix(&g, sets[x].base, 64) != MP_OKAY) { goto error; } - if (mp_read_radix(&p, sets[x].prime, 64) != MP_OKAY) { goto error; } - - /* load exponent */ - if (mp_read_unsigned_bin(&key->x, buf, keysize) != MP_OKAY) { goto error; } - if (mp_mod(&key->x, &q, &key->x) != MP_OKAY) { goto error; } - - /* calc public key */ - if (mp_exptmod(&g, &key->x, &p, &key->y) != MP_OKAY) { goto error; } - key->type = PK_PRIVATE; - - /* shrink values */ - if (mp_shrink(&key->x) != MP_OKAY) { goto error; } - if (mp_shrink(&key->y) != MP_OKAY) { goto error; } - - /* free temps */ - mp_clear_multi(&g, &q, &p, NULL); -#ifdef CLEAN_STACK - zeromem(buf, sizeof(buf)); -#endif - - return CRYPT_OK; -error: - mp_clear_multi(&g, &q, &p, &key->x, &key->y, NULL); - return CRYPT_MEM; -} - -void dsa_free(dsa_key *key) -{ - _ARGCHK(key != NULL); - mp_clear_multi(&key->x, &key->y, NULL); -} - -static int is_valid_idx(int n) -{ - int x; - - for (x = 0; sets[x].size; x++); - if ((n < 0) || (n >= x)) { - return 0; - } - return 1; -} - -int dsa_export(unsigned char *out, unsigned long *outlen, int type, dsa_key *key) -{ - unsigned char buf[4096]; - unsigned long x, y; - - _ARGCHK(out != NULL); - _ARGCHK(outlen != NULL); - _ARGCHK(key != NULL); - - if (is_valid_idx(key->idx) == 0) { - return CRYPT_PK_INVALID_TYPE; - } - - if (type == PK_PRIVATE && key->type != PK_PRIVATE) { - return CRYPT_PK_NOT_PRIVATE; - } - - y = PACKET_SIZE; - - buf[y++] = type; - buf[y++] = sets[key->idx].osize/8; - - x = mp_unsigned_bin_size(&key->y); - STORE32L(x, &buf[y]); - y += 4; - mp_to_unsigned_bin(&key->y, &buf[y]); - y += x; - - if (type == PK_PRIVATE) { - x = mp_unsigned_bin_size(&key->x); - STORE32L(x, &buf[y]); - y += 4; - mp_to_unsigned_bin(&key->x, &buf[y]); - y += x; - } - - /* check for overflow */ - if (*outlen < y) { - #ifdef CLEAN_STACK - zeromem(buf, sizeof(buf)); - #endif - return CRYPT_BUFFER_OVERFLOW; - } - - /* store header */ - packet_store_header(buf, PACKET_SECT_DSA, PACKET_SUB_KEY); - - /* output it */ - *outlen = y; - memcpy(out, buf, y); - - /* clear mem */ -#ifdef CLEAN_STACK - zeromem(buf, sizeof(buf)); -#endif - return CRYPT_OK; -} - -#define INPUT_BIGNUM(num, in, x, y) \ -{ \ - /* load value */ \ - if (y + 4 > inlen) { \ - errno = CRYPT_INVALID_PACKET; \ - goto error; \ - } \ - LOAD32L(x, in+y); \ - y += 4; \ - \ - /* sanity check... */ \ - if (x+y > inlen) { \ - errno = CRYPT_INVALID_PACKET; \ - goto error; \ - } \ - \ - /* load it */ \ - if (mp_read_unsigned_bin(num, (unsigned char *)in+y, x) != MP_OKAY) {\ - errno = CRYPT_MEM; \ - goto error; \ - } \ - y += x; \ - if (mp_shrink(num) != MP_OKAY) { \ - errno = CRYPT_MEM; \ - goto error; \ - } \ -} - -int dsa_import(const unsigned char *in, unsigned long inlen, dsa_key *key) -{ - unsigned long x, y, s; - int errno; - - _ARGCHK(in != NULL); - _ARGCHK(key != NULL); - - /* check type byte */ - if ((errno = packet_valid_header((unsigned char *)in, PACKET_SECT_DSA, PACKET_SUB_KEY)) != CRYPT_OK) { - return errno; - } - - if (2+PACKET_SIZE > inlen) { - return CRYPT_INVALID_PACKET; - } - - - /* init */ - if (mp_init_multi(&key->x, &key->y, NULL) != MP_OKAY) { - return CRYPT_MEM; - } - - y = PACKET_SIZE; - key->type = in[y++]; - s = (long)in[y++] * 8; - - for (x = 0; (s > (unsigned long)sets[x].osize) && (sets[x].osize); x++); - if (sets[x].osize == 0) { - errno = CRYPT_INVALID_KEYSIZE; - goto error; - } - key->idx = x; - - /* type check both values */ - if ((key->type != PK_PUBLIC) && (key->type != PK_PRIVATE)) { - errno = CRYPT_PK_TYPE_MISMATCH; - goto error; - } - - /* is the key idx valid? */ - if (!is_valid_idx(key->idx)) { - errno = CRYPT_PK_TYPE_MISMATCH; - goto error; - } - - /* load public value g^x mod p*/ - INPUT_BIGNUM(&key->y, in, x, y); - - if (key->type == PK_PRIVATE) { - INPUT_BIGNUM(&key->x, in, x, y); - } - - /* eliminate private key if public */ - if (key->type == PK_PUBLIC) { - mp_clear(&key->x); - } - - return CRYPT_OK; -error: - mp_clear_multi(&key->y, &key->x, NULL); - return errno; -} - - - -int dsa_sign_hash(const unsigned char *in, unsigned long inlen, - unsigned char *out, unsigned long *outlen, - prng_state *prng, int wprng, dsa_key *key) -{ - mp_int g, q, p, k, tmp; - unsigned char buf[4096]; - int x, y, errno; - - _ARGCHK(in != NULL); - _ARGCHK(out != NULL); - _ARGCHK(outlen != NULL); - _ARGCHK(prng != NULL); - _ARGCHK(key != NULL); - - if ((errno = prng_is_valid(wprng)) != CRYPT_OK) { - return errno; - } - - if (is_valid_idx(key->idx) == 0) { - return CRYPT_PK_INVALID_TYPE; - } - -return 0; -} - - - -#endif /* MDSA */ - diff --git a/ecb.c b/ecb.c index b85452e..0c04881 100644 --- a/ecb.c +++ b/ecb.c @@ -4,12 +4,12 @@ int ecb_start(int cipher, const unsigned char *key, int keylen, int num_rounds, symmetric_ECB *ecb) { - int errno; + int err; _ARGCHK(key != NULL); _ARGCHK(ecb != NULL); - if ((errno = cipher_is_valid(cipher)) != CRYPT_OK) { - return errno; + if ((err = cipher_is_valid(cipher)) != CRYPT_OK) { + return err; } ecb->cipher = cipher; ecb->blocklen = cipher_descriptor[cipher].block_length; @@ -18,13 +18,13 @@ int ecb_start(int cipher, const unsigned char *key, int keylen, int num_rounds, int ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_ECB *ecb) { - int errno; + int err; _ARGCHK(pt != NULL); _ARGCHK(ct != NULL); _ARGCHK(ecb != NULL); - if ((errno = cipher_is_valid(ecb->cipher)) != CRYPT_OK) { - return errno; + if ((err = cipher_is_valid(ecb->cipher)) != CRYPT_OK) { + return err; } cipher_descriptor[ecb->cipher].ecb_encrypt(pt, ct, &ecb->key); return CRYPT_OK; @@ -32,13 +32,13 @@ int ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_ECB *ecb) int ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_ECB *ecb) { - int errno; + int err; _ARGCHK(pt != NULL); _ARGCHK(ct != NULL); _ARGCHK(ecb != NULL); - if ((errno = cipher_is_valid(ecb->cipher)) != CRYPT_OK) { - return errno; + if ((err = cipher_is_valid(ecb->cipher)) != CRYPT_OK) { + return err; } cipher_descriptor[ecb->cipher].ecb_decrypt(ct, pt, &ecb->key); return CRYPT_OK; diff --git a/ecc.c b/ecc.c index 8b50504..1bb7ea2 100644 --- a/ecc.c +++ b/ecc.c @@ -212,7 +212,7 @@ static int is_valid_idx(int n) { int x; - for (x = 0; sets[x].size; x++); + for (x = 0; sets[x].size != 0; x++); if ((n < 0) || (n >= x)) { return 0; } @@ -289,10 +289,13 @@ static int add_point(ecc_point *P, ecc_point *Q, ecc_point *R, mp_int *modulus) } /* is P==Q or P==-Q? */ - mp_neg(&Q->y, &tmp); - mp_mod(&tmp, modulus, &tmp); - if (!mp_cmp(&P->x, &Q->x)) - if (!mp_cmp(&P->y, &Q->y) || !mp_cmp(&P->y, &tmp)) { + if (mp_neg(&Q->y, &tmp) != MP_OKAY || mp_mod(&tmp, modulus, &tmp) != MP_OKAY) { + mp_clear(&tmp); + return CRYPT_MEM; + } + + if (mp_cmp(&P->x, &Q->x) == MP_EQ) + if (mp_cmp(&P->y, &Q->y) == MP_EQ || mp_cmp(&P->y, &tmp) == MP_EQ) { mp_clear(&tmp); return dbl_point(P, R, modulus); } @@ -329,12 +332,12 @@ done: } /* perform R = kG where k == integer and G == ecc_point */ -static int ecc_mulmod(mp_int *k, ecc_point *G, ecc_point *R, mp_int *modulus, int idx) +static int ecc_mulmod(mp_int *k, ecc_point *G, ecc_point *R, mp_int *modulus) { ecc_point *tG, *M[14]; - int i, j, m, z, first, res; + int i, j, z, res; mp_digit d; - unsigned char bits[768]; + unsigned char bits[150], m, first; /* init M tab */ for (i = 0; i < 14; i++) { @@ -348,14 +351,14 @@ static int ecc_mulmod(mp_int *k, ecc_point *G, ecc_point *R, mp_int *modulus, in } /* get bits of k */ - first = m = 0; + first = m = (unsigned char)0; for (z = i = 0; z < (int)USED(k); z++) { d = DIGIT(k, z); for (j = 0; j < (int)MP_DIGIT_BIT; j++) { - first |= (d&1)<<(m++); - if (m == 4) { + first |= (d&1)<<(unsigned)(m++); + if (m == (unsigned char)4) { bits[i++] = first; - first = m = 0; + first = m = (unsigned char)0; } d >>= 1; } @@ -371,7 +374,7 @@ static int ecc_mulmod(mp_int *k, ecc_point *G, ecc_point *R, mp_int *modulus, in if (tG == NULL) { goto error; } /* skip leading digits which are zero */ - --i; while (i && bits[i] == 0) { --i; } + --i; while (i != 0 && bits[i] == (unsigned char)0) { --i; } if (i == 0) { res = CRYPT_INVALID_ARG; @@ -393,12 +396,12 @@ static int ecc_mulmod(mp_int *k, ecc_point *G, ecc_point *R, mp_int *modulus, in if (mp_copy(&G->y, &tG->y) != MP_OKAY) { goto error; } /* set result M[bits[i]] */ - if (bits[i] == 1) { + if (bits[i] == (unsigned char)1) { if (mp_copy(&G->x, &R->x) != MP_OKAY) { goto error; } if (mp_copy(&G->y, &R->y) != MP_OKAY) { goto error; } - } else if (bits[i]>=2) { - if (mp_copy(&M[bits[i]-2]->x, &R->x) != MP_OKAY) { goto error; } - if (mp_copy(&M[bits[i]-2]->y, &R->y) != MP_OKAY) { goto error; } + } else if (bits[i] >= (unsigned char)2) { + if (mp_copy(&M[(int)bits[i]-2]->x, &R->x) != MP_OKAY) { goto error; } + if (mp_copy(&M[(int)bits[i]-2]->y, &R->y) != MP_OKAY) { goto error; } } while (--i >= 0) { @@ -408,14 +411,14 @@ static int ecc_mulmod(mp_int *k, ecc_point *G, ecc_point *R, mp_int *modulus, in } /* now based on the value of bits[i] we do ops */ - if (bits[i] == 0) { + if (bits[i] == (unsigned char)0) { /* nop */ - } else if (bits[i] == 1) { + } else if (bits[i] == (unsigned char)1) { /* add base point */ if (add_point(R, tG, R, modulus) != CRYPT_OK) { goto error; } } else { /* other case */ - if (add_point(R, M[bits[i]-2], R, modulus) != CRYPT_OK) { goto error; } + if (add_point(R, M[(int)bits[i] - 2], R, modulus) != CRYPT_OK) { goto error; } } } @@ -483,8 +486,8 @@ int ecc_test(void) /* then we should have G == (order + 1)G */ if (mp_add_d(&order, 1, &order) != MP_OKAY) { goto error; } - if (ecc_mulmod(&order, G, GG, &modulus, i) != CRYPT_OK) { goto error; } - if (mp_cmp(&G->x, &GG->x) || mp_cmp(&G->y, &GG->y)) { + if (ecc_mulmod(&order, G, GG, &modulus) != CRYPT_OK) { goto error; } + if (mp_cmp(&G->x, &GG->x) != 0 || mp_cmp(&G->y, &GG->y) != 0) { res = CRYPT_FAIL_TESTVECTOR; goto done1; } @@ -508,7 +511,7 @@ void ecc_sizes(int *low, int *high) *low = INT_MAX; *high = 0; - for (i = 0; sets[i].size; i++) { + for (i = 0; sets[i].size != 0; i++) { if (sets[i].size < *low) { *low = sets[i].size; } @@ -520,7 +523,7 @@ void ecc_sizes(int *low, int *high) int ecc_make_key(prng_state *prng, int wprng, int keysize, ecc_key *key) { - int x, res, errno; + int x, res, err; ecc_point *base; mp_int prime; unsigned char buf[4096]; @@ -528,12 +531,12 @@ int ecc_make_key(prng_state *prng, int wprng, int keysize, ecc_key *key) _ARGCHK(key != NULL); /* good prng? */ - if ((errno = prng_is_valid(wprng)) != CRYPT_OK) { - return errno; + if ((err = prng_is_valid(wprng)) != CRYPT_OK) { + return err; } /* find key size */ - for (x = 0; (keysize > sets[x].size) && (sets[x].size); x++); + for (x = 0; (keysize > sets[x].size) && (sets[x].size != 0); x++); keysize = sets[x].size; if (sets[x].size == 0) { @@ -542,8 +545,7 @@ int ecc_make_key(prng_state *prng, int wprng, int keysize, ecc_key *key) key->idx = x; /* make up random string */ - buf[0] = 0; - if (prng_descriptor[wprng].read(buf+1, keysize, prng) != (unsigned long)keysize) { + if (prng_descriptor[wprng].read(buf, (unsigned long)keysize, prng) != (unsigned long)keysize) { return CRYPT_ERROR_READPRNG; } @@ -561,10 +563,10 @@ int ecc_make_key(prng_state *prng, int wprng, int keysize, ecc_key *key) if (mp_read_radix(&prime, (unsigned char *)sets[key->idx].prime, 64) != MP_OKAY) { goto error; } if (mp_read_radix(&base->x, (unsigned char *)sets[key->idx].Gx, 64) != MP_OKAY) { goto error; } if (mp_read_radix(&base->y, (unsigned char *)sets[key->idx].Gy, 64) != MP_OKAY) { goto error; } - if (mp_read_raw(&key->k, (unsigned char *)buf, keysize+1) != MP_OKAY) { goto error; } + if (mp_read_unsigned_bin(&key->k, (unsigned char *)buf, keysize) != MP_OKAY) { goto error; } /* make the public key */ - if (ecc_mulmod(&key->k, base, &key->pubkey, &prime, x) != CRYPT_OK) { goto error; } + if (ecc_mulmod(&key->k, base, &key->pubkey, &prime) != CRYPT_OK) { goto error; } key->type = PK_PRIVATE; /* shrink key */ @@ -679,10 +681,10 @@ done: #define OUTPUT_BIGNUM(num, buf2, y, z) \ { \ - z = mp_unsigned_bin_size(num); \ + z = (unsigned long)mp_unsigned_bin_size(num); \ STORE32L(z, buf2+y); \ y += 4; \ - mp_to_unsigned_bin(num, buf2+y); \ + (void)mp_to_unsigned_bin(num, buf2+y); \ y += z; \ } @@ -691,7 +693,7 @@ done: { \ /* load value */ \ if (y+4 > inlen) { \ - errno = CRYPT_INVALID_PACKET; \ + err = CRYPT_INVALID_PACKET; \ goto error; \ } \ LOAD32L(x, in+y); \ @@ -699,18 +701,18 @@ done: \ /* sanity check... */ \ if (y+x > inlen) { \ - errno = CRYPT_INVALID_PACKET; \ + err = CRYPT_INVALID_PACKET; \ goto error; \ } \ \ /* load it */ \ - if (mp_read_unsigned_bin(num, (unsigned char *)in+y, x) != MP_OKAY) {\ - errno = CRYPT_MEM; \ + if (mp_read_unsigned_bin(num, (unsigned char *)in+y, (int)x) != MP_OKAY) {\ + err = CRYPT_MEM; \ goto error; \ } \ y += x; \ if (mp_shrink(num) != MP_OKAY) { \ - errno = CRYPT_MEM; \ + err = CRYPT_MEM; \ goto error; \ } \ } @@ -718,7 +720,7 @@ done: int ecc_export(unsigned char *out, unsigned long *outlen, int type, ecc_key *key) { unsigned long y, z; - int res, errno; + int res, err; unsigned char buf2[512]; _ARGCHK(out != NULL); @@ -732,17 +734,17 @@ int ecc_export(unsigned char *out, unsigned long *outlen, int type, ecc_key *key /* output type and magic byte */ y = PACKET_SIZE; - buf2[y++] = type; - buf2[y++] = sets[key->idx].size; + buf2[y++] = (unsigned char)type; + buf2[y++] = (unsigned char)sets[key->idx].size; /* output x coordinate */ OUTPUT_BIGNUM(&(key->pubkey.x), buf2, y, z); /* compress y and output it */ - if ((errno = compress_y_point(&key->pubkey, key->idx, &res)) != CRYPT_OK) { - return errno; + if ((err = compress_y_point(&key->pubkey, key->idx, &res)) != CRYPT_OK) { + return err; } - buf2[y++] = res; + buf2[y++] = (unsigned char)res; if (type == PK_PRIVATE) { OUTPUT_BIGNUM(&key->k, buf2, y, z); @@ -756,7 +758,7 @@ int ecc_export(unsigned char *out, unsigned long *outlen, int type, ecc_key *key /* store header */ packet_store_header(buf2, PACKET_SECT_ECC, PACKET_SUB_KEY); - memcpy(out, buf2, y); + memcpy(out, buf2, (size_t)y); *outlen = y; #ifdef CLEAN_STACK @@ -768,14 +770,14 @@ int ecc_export(unsigned char *out, unsigned long *outlen, int type, ecc_key *key int ecc_import(const unsigned char *in, unsigned long inlen, ecc_key *key) { unsigned long x, y, s; - int errno; + int err; _ARGCHK(in != NULL); _ARGCHK(key != NULL); /* check type */ - if ((errno = packet_valid_header((unsigned char *)in, PACKET_SECT_ECC, PACKET_SUB_KEY)) != CRYPT_OK) { - return errno; + if ((err = packet_valid_header((unsigned char *)in, PACKET_SECT_ECC, PACKET_SUB_KEY)) != CRYPT_OK) { + return err; } if (2+PACKET_SIZE > inlen) { @@ -788,25 +790,25 @@ int ecc_import(const unsigned char *in, unsigned long inlen, ecc_key *key) } y = PACKET_SIZE; - key->type = in[y++]; - s = in[y++]; + key->type = (int)in[y++]; + s = (unsigned long)in[y++]; - for (x = 0; (s > (unsigned long)sets[x].size) && (sets[x].size); x++); + for (x = 0; (s > (unsigned long)sets[x].size) && (sets[x].size != 0); x++); if (sets[x].size == 0) { - errno = CRYPT_INVALID_KEYSIZE; + err = CRYPT_INVALID_KEYSIZE; goto error; } - key->idx = x; + key->idx = (int)x; /* type check both values */ if ((key->type != PK_PUBLIC) && (key->type != PK_PRIVATE)) { - errno = CRYPT_INVALID_PACKET; + err = CRYPT_INVALID_PACKET; goto error; } /* is the key idx valid? */ - if (!is_valid_idx(key->idx)) { - errno = CRYPT_INVALID_PACKET; + if (is_valid_idx(key->idx) != 1) { + err = CRYPT_INVALID_PACKET; goto error; } @@ -814,8 +816,8 @@ int ecc_import(const unsigned char *in, unsigned long inlen, ecc_key *key) INPUT_BIGNUM(&key->pubkey.x, in, x, y); /* load y */ - x = in[y++]; - if ((errno = expand_y_point(&key->pubkey, key->idx, x)) != CRYPT_OK) { + x = (unsigned long)in[y++]; + if ((err = expand_y_point(&key->pubkey, key->idx, (int)x)) != CRYPT_OK) { goto error; } @@ -832,7 +834,7 @@ int ecc_import(const unsigned char *in, unsigned long inlen, ecc_key *key) return CRYPT_OK; error: mp_clear_multi(&key->pubkey.x, &key->pubkey.y, &key->k, NULL); - return errno; + return err; } int ecc_shared_secret(ecc_key *private_key, ecc_key *public_key, @@ -841,7 +843,7 @@ int ecc_shared_secret(ecc_key *private_key, ecc_key *public_key, unsigned long x, y; ecc_point *result; mp_int prime; - int res, errno; + int res, err; _ARGCHK(private_key != NULL); _ARGCHK(public_key != NULL); @@ -869,18 +871,18 @@ int ecc_shared_secret(ecc_key *private_key, ecc_key *public_key, } if (mp_read_radix(&prime, (unsigned char *)sets[private_key->idx].prime, 64) != MP_OKAY) { goto error; } - if ((errno = ecc_mulmod(&private_key->k, &public_key->pubkey, result, &prime, private_key->idx)) != CRYPT_OK) { res = errno; goto done1; } + if ((err = ecc_mulmod(&private_key->k, &public_key->pubkey, result, &prime)) != CRYPT_OK) { res = err; goto done1; } - x = mp_raw_size(&result->x); - y = mp_raw_size(&result->y); + x = (unsigned long)mp_unsigned_bin_size(&result->x); + y = (unsigned long)mp_unsigned_bin_size(&result->y); if (*outlen < (x+y)) { res = CRYPT_BUFFER_OVERFLOW; goto done1; } *outlen = x+y; - mp_toraw(&result->x, out); - mp_toraw(&result->y, out+x); + (void)mp_to_unsigned_bin(&result->x, out); + (void)mp_to_unsigned_bin(&result->y, out+x); res = CRYPT_OK; goto done1; diff --git a/ecc_sys.c b/ecc_sys.c index e72142d..88839cf 100644 --- a/ecc_sys.c +++ b/ecc_sys.c @@ -6,7 +6,7 @@ int ecc_encrypt_key(const unsigned char *inkey, unsigned long keylen, unsigned char pub_expt[256], ecc_shared[256], skey[MAXBLOCKSIZE]; ecc_key pubkey; unsigned long x, y, z, hashsize, pubkeysize; - int errno; + int err; _ARGCHK(inkey != NULL); _ARGCHK(out != NULL); @@ -14,12 +14,12 @@ int ecc_encrypt_key(const unsigned char *inkey, unsigned long keylen, _ARGCHK(key != NULL); /* check that wprng/cipher/hash are not invalid */ - if ((errno = prng_is_valid(wprng)) != CRYPT_OK) { - return errno; + if ((err = prng_is_valid(wprng)) != CRYPT_OK) { + return err; } - if ((errno = hash_is_valid(hash)) != CRYPT_OK) { - return errno; + if ((err = hash_is_valid(hash)) != CRYPT_OK) { + return err; } if (keylen > hash_descriptor[hash].hashsize) { @@ -27,14 +27,14 @@ int ecc_encrypt_key(const unsigned char *inkey, unsigned long keylen, } /* make a random key and export the public copy */ - if ((errno = ecc_make_key(prng, wprng, ecc_get_size(key), &pubkey)) != CRYPT_OK) { - return errno; + if ((err = ecc_make_key(prng, wprng, ecc_get_size(key), &pubkey)) != CRYPT_OK) { + return err; } - pubkeysize = sizeof(pub_expt); - if ((errno = ecc_export(pub_expt, &pubkeysize, PK_PUBLIC, &pubkey)) != CRYPT_OK) { + pubkeysize = (unsigned long)sizeof(pub_expt); + if ((err = ecc_export(pub_expt, &pubkeysize, PK_PUBLIC, &pubkey)) != CRYPT_OK) { ecc_free(&pubkey); - return errno; + return err; } /* now check if the out buffer is big enough */ @@ -45,15 +45,15 @@ int ecc_encrypt_key(const unsigned char *inkey, unsigned long keylen, /* make random key */ hashsize = hash_descriptor[hash].hashsize; - x = sizeof(ecc_shared); - if ((errno = ecc_shared_secret(&pubkey, key, ecc_shared, &x)) != CRYPT_OK) { + x = (unsigned long)sizeof(ecc_shared); + if ((err = ecc_shared_secret(&pubkey, key, ecc_shared, &x)) != CRYPT_OK) { ecc_free(&pubkey); - return errno; + return err; } ecc_free(&pubkey); - z = sizeof(skey); - if ((errno = hash_memory(hash, ecc_shared, x, skey, &z)) != CRYPT_OK) { - return errno; + z = (unsigned long)sizeof(skey); + if ((err = hash_memory(hash, ecc_shared, x, skey, &z)) != CRYPT_OK) { + return err; } /* Encrypt the key */ @@ -101,8 +101,8 @@ int ecc_decrypt_key(const unsigned char *in, unsigned long inlen, ecc_key *key) { unsigned char shared_secret[256], skey[MAXBLOCKSIZE]; - unsigned long x, y, z, res, hashsize, keysize; - int hash, errno; + unsigned long x, y, z, hashsize, keysize; + int hash, res, err; ecc_key pubkey; _ARGCHK(in != NULL); @@ -123,8 +123,8 @@ int ecc_decrypt_key(const unsigned char *in, unsigned long inlen, } /* is header correct? */ - if ((errno = packet_valid_header((unsigned char *)in, PACKET_SECT_ECC, PACKET_SUB_ENC_KEY)) != CRYPT_OK) { - return errno; + if ((err = packet_valid_header((unsigned char *)in, PACKET_SECT_ECC, PACKET_SUB_ENC_KEY)) != CRYPT_OK) { + return err; } /* now lets get the hash name */ @@ -145,22 +145,22 @@ int ecc_decrypt_key(const unsigned char *in, unsigned long inlen, inlen -= x; } y += 4; - if ((errno = ecc_import(in+y, x, &pubkey)) != CRYPT_OK) { - return errno; + if ((err = ecc_import(in+y, x, &pubkey)) != CRYPT_OK) { + return err; } y += x; /* make shared key */ - x = sizeof(shared_secret); - if ((errno = ecc_shared_secret(key, &pubkey, shared_secret, &x)) != CRYPT_OK) { + x = (unsigned long)sizeof(shared_secret); + if ((err = ecc_shared_secret(key, &pubkey, shared_secret, &x)) != CRYPT_OK) { ecc_free(&pubkey); - return errno; + return err; } ecc_free(&pubkey); - z = sizeof(skey); - if ((errno = hash_memory(hash, shared_secret, x, skey, &z)) != CRYPT_OK) { - return errno; + z = (unsigned long)sizeof(skey); + if ((err = hash_memory(hash, shared_secret, x, skey, &z)) != CRYPT_OK) { + return err; } LOAD32L(keysize, in+y); @@ -198,9 +198,9 @@ int ecc_sign_hash(const unsigned char *in, unsigned long inlen, { ecc_key pubkey; mp_int b, p; - unsigned char epubkey[256], er[256], md[MAXBLOCKSIZE]; + unsigned char epubkey[256], er[256]; unsigned long x, y, pubkeysize, rsize; - int res, errno; + int res, err; _ARGCHK(in != NULL); _ARGCHK(out != NULL); @@ -213,36 +213,33 @@ int ecc_sign_hash(const unsigned char *in, unsigned long inlen, } /* is the IDX valid ? */ - if (!is_valid_idx(key->idx)) { + if (is_valid_idx(key->idx) != 1) { return CRYPT_PK_INVALID_TYPE; } - if ((errno = prng_is_valid(wprng)) != CRYPT_OK) { - return errno; + if ((err = prng_is_valid(wprng)) != CRYPT_OK) { + return err; } /* make up a key and export the public copy */ - if ((errno = ecc_make_key(prng, wprng, ecc_get_size(key), &pubkey)) != CRYPT_OK) { - return errno; + if ((err = ecc_make_key(prng, wprng, ecc_get_size(key), &pubkey)) != CRYPT_OK) { + return err; } - pubkeysize = sizeof(epubkey); - if ((errno = ecc_export(epubkey, &pubkeysize, PK_PUBLIC, &pubkey)) != CRYPT_OK) { + pubkeysize = (unsigned long)sizeof(epubkey); + if ((err = ecc_export(epubkey, &pubkeysize, PK_PUBLIC, &pubkey)) != CRYPT_OK) { ecc_free(&pubkey); - return errno; + return err; } /* get the hash and load it as a bignum into 'b' */ - md[0] = 0; - memcpy(md+1, in, MIN(sizeof(md)-1,inlen)); - /* init the bignums */ if (mp_init_multi(&b, &p, NULL) != MP_OKAY) { ecc_free(&pubkey); return CRYPT_MEM; } - if (mp_read_radix(&p, (unsigned char *)sets[key->idx].order, 64) != MP_OKAY) { goto error; } - if (mp_read_raw(&b, md, 1+MIN(sizeof(md)-1,inlen)) != MP_OKAY) { goto error; } + if (mp_read_radix(&p, (unsigned char *)sets[key->idx].order, 64) != MP_OKAY) { goto error; } + if (mp_read_unsigned_bin(&b, (unsigned char *)in, (int)inlen) != MP_OKAY) { goto error; } /* find b = (m - x)/k */ if (mp_invmod(&pubkey.k, &p, &pubkey.k) != MP_OKAY) { goto error; } /* k = 1/k */ @@ -250,11 +247,11 @@ int ecc_sign_hash(const unsigned char *in, unsigned long inlen, if (mp_mulmod(&b, &pubkey.k, &p, &b) != MP_OKAY) { goto error; } /* b = (m - x)/k */ /* export it */ - rsize = mp_raw_size(&b); - if (rsize > sizeof(er)) { + rsize = (unsigned long)mp_unsigned_bin_size(&b); + if (rsize > (unsigned long)sizeof(er)) { goto error; } - mp_toraw(&b, er); + (void)mp_to_unsigned_bin(&b, er); /* now lets check the outlen before we write */ if (*outlen < (12 + rsize + pubkeysize)) { @@ -298,7 +295,6 @@ done1: #ifdef CLEAN_STACK zeromem(er, sizeof(er)); zeromem(epubkey, sizeof(epubkey)); - zeromem(md, sizeof(md)); #endif return res; } @@ -312,8 +308,7 @@ int ecc_verify_hash(const unsigned char *sig, unsigned long siglen, ecc_key pubkey; mp_int b, p, m; unsigned long x, y; - int res, errno; - unsigned char md[MAXBLOCKSIZE]; + int res, err; _ARGCHK(sig != NULL); _ARGCHK(hash != NULL); @@ -330,8 +325,8 @@ int ecc_verify_hash(const unsigned char *sig, unsigned long siglen, } /* is the message format correct? */ - if ((errno = packet_valid_header((unsigned char *)sig, PACKET_SECT_ECC, PACKET_SUB_SIGNED)) != CRYPT_OK) { - return errno; + if ((err = packet_valid_header((unsigned char *)sig, PACKET_SECT_ECC, PACKET_SUB_SIGNED)) != CRYPT_OK) { + return err; } /* get hash name */ @@ -347,8 +342,8 @@ int ecc_verify_hash(const unsigned char *sig, unsigned long siglen, y += 4; /* load the public key */ - if ((errno = ecc_import((unsigned char*)sig+y, x, &pubkey)) != CRYPT_OK) { - return errno; + if ((err = ecc_import((unsigned char*)sig+y, x, &pubkey)) != CRYPT_OK) { + return err; } y += x; @@ -375,19 +370,17 @@ int ecc_verify_hash(const unsigned char *sig, unsigned long siglen, } /* load b */ - if (mp_read_raw(&b, (unsigned char *)sig+y, x) != MP_OKAY) { goto error; } + if (mp_read_unsigned_bin(&b, (unsigned char *)sig+y, (int)x) != MP_OKAY) { goto error; } y += x; /* get m in binary a bignum */ - md[0] = 0; - memcpy(md+1,hash,MIN(sizeof(md)-1,inlen)); - if (mp_read_raw(&m, md, 1+MIN(sizeof(md)-1,inlen)) != MP_OKAY) { goto error; } + if (mp_read_unsigned_bin(&m, (unsigned char *)hash, (int)inlen) != MP_OKAY) { goto error; } /* load prime */ if (mp_read_radix(&p, (unsigned char *)sets[key->idx].prime, 64) != MP_OKAY) { goto error; } /* get bA */ - if (ecc_mulmod(&b, &pubkey.pubkey, &pubkey.pubkey, &p, key->idx) != CRYPT_OK) { goto error; } + if (ecc_mulmod(&b, &pubkey.pubkey, &pubkey.pubkey, &p) != CRYPT_OK) { goto error; } /* get bA + Y */ if (add_point(&pubkey.pubkey, &key->pubkey, &pubkey.pubkey, &p) != CRYPT_OK) { goto error; } @@ -395,10 +388,10 @@ int ecc_verify_hash(const unsigned char *sig, unsigned long siglen, /* get mG */ if (mp_read_radix(&mG->x, (unsigned char *)sets[key->idx].Gx, 64) != MP_OKAY) { goto error; } if (mp_read_radix(&mG->y, (unsigned char *)sets[key->idx].Gy, 64) != MP_OKAY) { goto error; } - if (ecc_mulmod(&m, mG, mG, &p, key->idx) != CRYPT_OK) { goto error; } + if (ecc_mulmod(&m, mG, mG, &p) != CRYPT_OK) { goto error; } /* compare mG to bA + Y */ - if (!mp_cmp(&mG->x, &pubkey.pubkey.x) && !mp_cmp(&mG->y, &pubkey.pubkey.y)) { + if (mp_cmp(&mG->x, &pubkey.pubkey.x) == MP_EQ && mp_cmp(&mG->y, &pubkey.pubkey.y) == MP_EQ) { *stat = 1; } @@ -411,9 +404,6 @@ done: del_point(mG); ecc_free(&pubkey); mp_clear_multi(&p, &m, &b, NULL); -#ifdef CLEAN_STACK - zeromem(md, sizeof(md)); -#endif return CRYPT_OK; } diff --git a/hash.c b/hash.c index dc756ab..90a7c59 100644 --- a/hash.c +++ b/hash.c @@ -3,14 +3,14 @@ int hash_memory(int hash, const unsigned char *data, unsigned long len, unsigned char *dst, unsigned long *outlen) { hash_state md; - int errno; + int err; _ARGCHK(data != NULL); _ARGCHK(dst != NULL); _ARGCHK(outlen != NULL); - if ((errno = hash_is_valid(hash)) != CRYPT_OK) { - return errno; + if ((err = hash_is_valid(hash)) != CRYPT_OK) { + return err; } if (*outlen < hash_descriptor[hash].hashsize) { @@ -31,14 +31,15 @@ int hash_filehandle(int hash, FILE *in, unsigned char *dst, unsigned long *outle #else hash_state md; unsigned char buf[512]; - int x, errno; + size_t x; + int err; _ARGCHK(dst != NULL); _ARGCHK(outlen != NULL); _ARGCHK(in != NULL); - if ((errno = hash_is_valid(hash)) != CRYPT_OK) { - return errno; + if ((err = hash_is_valid(hash)) != CRYPT_OK) { + return err; } if (*outlen < hash_descriptor[hash].hashsize) { @@ -67,13 +68,13 @@ int hash_file(int hash, const char *fname, unsigned char *dst, unsigned long *ou return CRYPT_ERROR; #else FILE *in; - int errno; + int err; _ARGCHK(fname != NULL); _ARGCHK(dst != NULL); _ARGCHK(outlen != NULL); - if ((errno = hash_is_valid(hash)) != CRYPT_OK) { - return errno; + if ((err = hash_is_valid(hash)) != CRYPT_OK) { + return err; } in = fopen(fname, "rb"); @@ -81,11 +82,11 @@ int hash_file(int hash, const char *fname, unsigned char *dst, unsigned long *ou return CRYPT_INVALID_ARG; } - if ((errno = hash_filehandle(hash, in, dst, outlen)) != CRYPT_OK) { - fclose(in); - return errno; + if ((err = hash_filehandle(hash, in, dst, outlen)) != CRYPT_OK) { + (void)fclose(in); + return err; } - fclose(in); + (void)fclose(in); return CRYPT_OK; #endif diff --git a/hmac.c b/hmac.c index 5379507..d4d78dd 100644 --- a/hmac.c +++ b/hmac.c @@ -28,13 +28,13 @@ int hmac_init(hmac_state *hmac, int hash, const unsigned char *key, unsigned lon unsigned char buf[MAXBLOCKSIZE]; unsigned long hashsize; unsigned long i, z; - int errno; + int err; _ARGCHK(hmac != NULL); _ARGCHK(key != NULL); - if ((errno = hash_is_valid(hash)) != CRYPT_OK) { - return errno; + if ((err = hash_is_valid(hash)) != CRYPT_OK) { + return err; } if(key == NULL || keylen == 0) { @@ -46,17 +46,17 @@ int hmac_init(hmac_state *hmac, int hash, const unsigned char *key, unsigned lon // (1) make sure we have a large enough key hmac->hashsize = hashsize = hash_descriptor[hash].hashsize; if(keylen > HMAC_BLOCKSIZE) { - z = sizeof(hmac->key); - if ((errno = hash_memory(hash, key, keylen, hmac->key, &z)) != CRYPT_OK) { - return errno; + z = (unsigned long)sizeof(hmac->key); + if ((err = hash_memory(hash, key, keylen, hmac->key, &z)) != CRYPT_OK) { + return err; } if(hashsize < HMAC_BLOCKSIZE) { - zeromem(hmac->key+hashsize, HMAC_BLOCKSIZE - hashsize); + zeromem((hmac->key) + hashsize, (size_t)(HMAC_BLOCKSIZE - hashsize)); } } else { - memcpy(hmac->key, key, keylen); + memcpy(hmac->key, key, (size_t)keylen); if(keylen < HMAC_BLOCKSIZE) { - zeromem(hmac->key + keylen, HMAC_BLOCKSIZE - keylen); + zeromem((hmac->key) + keylen, (size_t)(HMAC_BLOCKSIZE - keylen)); } } @@ -78,11 +78,11 @@ int hmac_init(hmac_state *hmac, int hash, const unsigned char *key, unsigned lon int hmac_process(hmac_state *hmac, const unsigned char *buf, unsigned long len) { - int errno; + int err; _ARGCHK(hmac != NULL); _ARGCHK(buf != NULL); - if ((errno = hash_is_valid(hmac->hash)) != CRYPT_OK) { - return errno; + if ((err = hash_is_valid(hmac->hash)) != CRYPT_OK) { + return err; } hash_descriptor[hmac->hash].process(&hmac->md, buf, len); return CRYPT_OK; @@ -93,14 +93,14 @@ int hmac_done(hmac_state *hmac, unsigned char *hashOut) unsigned char buf[MAXBLOCKSIZE]; unsigned char isha[MAXBLOCKSIZE]; unsigned long hashsize, i; - int hash, errno; + int hash, err; _ARGCHK(hmac != NULL); _ARGCHK(hashOut != NULL); hash = hmac->hash; - if((errno = hash_is_valid(hash)) != CRYPT_OK) { - return errno; + if((err = hash_is_valid(hash)) != CRYPT_OK) { + return err; } // Get the hash of the first HMAC vector plus the data @@ -128,22 +128,22 @@ int hmac_memory(int hash, const unsigned char *key, unsigned long keylen, const unsigned char *data, unsigned long len, unsigned char *dst) { hmac_state hmac; - int errno; + int err; _ARGCHK(key != NULL); _ARGCHK(data != NULL); _ARGCHK(dst != NULL); - if ((errno = hmac_init(&hmac, hash, key, keylen)) != CRYPT_OK) { - return errno; + if ((err = hmac_init(&hmac, hash, key, keylen)) != CRYPT_OK) { + return err; } - if ((errno = hmac_process(&hmac, data, len)) != CRYPT_OK) { - return errno; + if ((err = hmac_process(&hmac, data, len)) != CRYPT_OK) { + return err; } - if ((errno = hmac_done(&hmac, dst)) != CRYPT_OK) { - return errno; + if ((err = hmac_done(&hmac, dst)) != CRYPT_OK) { + return err; } return CRYPT_OK; } @@ -158,14 +158,15 @@ int hmac_file(int hash, const char *fname, const unsigned char *key, hmac_state hmac; FILE *in; unsigned char buf[512]; - int x, errno; + size_t x; + int err; _ARGCHK(fname != NULL); _ARGCHK(key != NULL); _ARGCHK(dst != NULL); - if ((errno = hmac_init(&hmac, hash, key, keylen)) != CRYPT_OK) { - return errno; + if ((err = hmac_init(&hmac, hash, key, keylen)) != CRYPT_OK) { + return err; } in = fopen(fname, "rb"); @@ -176,16 +177,16 @@ int hmac_file(int hash, const char *fname, const unsigned char *key, /* process the file contents */ do { x = fread(buf, 1, sizeof(buf), in); - if ((errno = hmac_process(&hmac, buf, x)) != CRYPT_OK) { - fclose(in); - return errno; + if ((err = hmac_process(&hmac, buf, (unsigned long)x)) != CRYPT_OK) { + (void)fclose(in); + return err; } } while (x == sizeof(buf)); - fclose(in); + (void)fclose(in); /* get final hmac */ - if ((errno = hmac_done(&hmac, dst)) != CRYPT_OK) { - return errno; + if ((err = hmac_done(&hmac, dst)) != CRYPT_OK) { + return err; } #ifdef CLEAN_STACK @@ -219,9 +220,9 @@ int hmac_test(void) int num; char *algo; unsigned char key[128]; - int keylen; + unsigned long keylen; unsigned char data[128]; - int datalen; + unsigned long datalen; unsigned char digest[MAXBLOCKSIZE]; } cases[] = { /* @@ -435,18 +436,18 @@ Key First" 0x1f, 0xb1, 0xf5, 0x62, 0xdb, 0x3a, 0xa5, 0x3e} } }; - int errno; + int err; int failed=0; for(i=0; i < (int)(sizeof(cases) / sizeof(cases[0])); i++) { int hash = find_hash(cases[i].algo); - if((errno = hmac_memory(hash, cases[i].key, cases[i].keylen, cases[i].data, cases[i].datalen, digest)) != CRYPT_OK) { + if((err = hmac_memory(hash, cases[i].key, cases[i].keylen, cases[i].data, cases[i].datalen, digest)) != CRYPT_OK) { #if 0 printf("HMAC-%s test #%d\n", cases[i].algo, cases[i].num); #endif - return errno; + return err; } - if(memcmp(digest, cases[i].digest, hash_descriptor[hash].hashsize) != 0) { + if(memcmp(digest, cases[i].digest, (size_t)hash_descriptor[hash].hashsize) != 0) { #if 0 unsigned int j; printf("\nHMAC-%s test #%d:\n", cases[i].algo, cases[i].num); @@ -467,7 +468,7 @@ Key First" } } - if(failed) { + if (failed != 0) { return CRYPT_FAIL_TESTVECTOR; } diff --git a/keyring.c b/keyring.c index e8e6080..2d4c8c8 100644 --- a/keyring.c +++ b/keyring.c @@ -9,61 +9,61 @@ static const unsigned char sign_magic[4] = { 0x87, 0x56, 0x43, 0x21 }; static const unsigned char enc_magic[4] = { 0x0F, 0xED, 0xCB, 0xA9 }; static const unsigned long crc_table[256] = { - 0x00000000L, 0x77073096L, 0xee0e612cL, 0x990951baL, 0x076dc419L, - 0x706af48fL, 0xe963a535L, 0x9e6495a3L, 0x0edb8832L, 0x79dcb8a4L, - 0xe0d5e91eL, 0x97d2d988L, 0x09b64c2bL, 0x7eb17cbdL, 0xe7b82d07L, - 0x90bf1d91L, 0x1db71064L, 0x6ab020f2L, 0xf3b97148L, 0x84be41deL, - 0x1adad47dL, 0x6ddde4ebL, 0xf4d4b551L, 0x83d385c7L, 0x136c9856L, - 0x646ba8c0L, 0xfd62f97aL, 0x8a65c9ecL, 0x14015c4fL, 0x63066cd9L, - 0xfa0f3d63L, 0x8d080df5L, 0x3b6e20c8L, 0x4c69105eL, 0xd56041e4L, - 0xa2677172L, 0x3c03e4d1L, 0x4b04d447L, 0xd20d85fdL, 0xa50ab56bL, - 0x35b5a8faL, 0x42b2986cL, 0xdbbbc9d6L, 0xacbcf940L, 0x32d86ce3L, - 0x45df5c75L, 0xdcd60dcfL, 0xabd13d59L, 0x26d930acL, 0x51de003aL, - 0xc8d75180L, 0xbfd06116L, 0x21b4f4b5L, 0x56b3c423L, 0xcfba9599L, - 0xb8bda50fL, 0x2802b89eL, 0x5f058808L, 0xc60cd9b2L, 0xb10be924L, - 0x2f6f7c87L, 0x58684c11L, 0xc1611dabL, 0xb6662d3dL, 0x76dc4190L, - 0x01db7106L, 0x98d220bcL, 0xefd5102aL, 0x71b18589L, 0x06b6b51fL, - 0x9fbfe4a5L, 0xe8b8d433L, 0x7807c9a2L, 0x0f00f934L, 0x9609a88eL, - 0xe10e9818L, 0x7f6a0dbbL, 0x086d3d2dL, 0x91646c97L, 0xe6635c01L, - 0x6b6b51f4L, 0x1c6c6162L, 0x856530d8L, 0xf262004eL, 0x6c0695edL, - 0x1b01a57bL, 0x8208f4c1L, 0xf50fc457L, 0x65b0d9c6L, 0x12b7e950L, - 0x8bbeb8eaL, 0xfcb9887cL, 0x62dd1ddfL, 0x15da2d49L, 0x8cd37cf3L, - 0xfbd44c65L, 0x4db26158L, 0x3ab551ceL, 0xa3bc0074L, 0xd4bb30e2L, - 0x4adfa541L, 0x3dd895d7L, 0xa4d1c46dL, 0xd3d6f4fbL, 0x4369e96aL, - 0x346ed9fcL, 0xad678846L, 0xda60b8d0L, 0x44042d73L, 0x33031de5L, - 0xaa0a4c5fL, 0xdd0d7cc9L, 0x5005713cL, 0x270241aaL, 0xbe0b1010L, - 0xc90c2086L, 0x5768b525L, 0x206f85b3L, 0xb966d409L, 0xce61e49fL, - 0x5edef90eL, 0x29d9c998L, 0xb0d09822L, 0xc7d7a8b4L, 0x59b33d17L, - 0x2eb40d81L, 0xb7bd5c3bL, 0xc0ba6cadL, 0xedb88320L, 0x9abfb3b6L, - 0x03b6e20cL, 0x74b1d29aL, 0xead54739L, 0x9dd277afL, 0x04db2615L, - 0x73dc1683L, 0xe3630b12L, 0x94643b84L, 0x0d6d6a3eL, 0x7a6a5aa8L, - 0xe40ecf0bL, 0x9309ff9dL, 0x0a00ae27L, 0x7d079eb1L, 0xf00f9344L, - 0x8708a3d2L, 0x1e01f268L, 0x6906c2feL, 0xf762575dL, 0x806567cbL, - 0x196c3671L, 0x6e6b06e7L, 0xfed41b76L, 0x89d32be0L, 0x10da7a5aL, - 0x67dd4accL, 0xf9b9df6fL, 0x8ebeeff9L, 0x17b7be43L, 0x60b08ed5L, - 0xd6d6a3e8L, 0xa1d1937eL, 0x38d8c2c4L, 0x4fdff252L, 0xd1bb67f1L, - 0xa6bc5767L, 0x3fb506ddL, 0x48b2364bL, 0xd80d2bdaL, 0xaf0a1b4cL, - 0x36034af6L, 0x41047a60L, 0xdf60efc3L, 0xa867df55L, 0x316e8eefL, - 0x4669be79L, 0xcb61b38cL, 0xbc66831aL, 0x256fd2a0L, 0x5268e236L, - 0xcc0c7795L, 0xbb0b4703L, 0x220216b9L, 0x5505262fL, 0xc5ba3bbeL, - 0xb2bd0b28L, 0x2bb45a92L, 0x5cb36a04L, 0xc2d7ffa7L, 0xb5d0cf31L, - 0x2cd99e8bL, 0x5bdeae1dL, 0x9b64c2b0L, 0xec63f226L, 0x756aa39cL, - 0x026d930aL, 0x9c0906a9L, 0xeb0e363fL, 0x72076785L, 0x05005713L, - 0x95bf4a82L, 0xe2b87a14L, 0x7bb12baeL, 0x0cb61b38L, 0x92d28e9bL, - 0xe5d5be0dL, 0x7cdcefb7L, 0x0bdbdf21L, 0x86d3d2d4L, 0xf1d4e242L, - 0x68ddb3f8L, 0x1fda836eL, 0x81be16cdL, 0xf6b9265bL, 0x6fb077e1L, - 0x18b74777L, 0x88085ae6L, 0xff0f6a70L, 0x66063bcaL, 0x11010b5cL, - 0x8f659effL, 0xf862ae69L, 0x616bffd3L, 0x166ccf45L, 0xa00ae278L, - 0xd70dd2eeL, 0x4e048354L, 0x3903b3c2L, 0xa7672661L, 0xd06016f7L, - 0x4969474dL, 0x3e6e77dbL, 0xaed16a4aL, 0xd9d65adcL, 0x40df0b66L, - 0x37d83bf0L, 0xa9bcae53L, 0xdebb9ec5L, 0x47b2cf7fL, 0x30b5ffe9L, - 0xbdbdf21cL, 0xcabac28aL, 0x53b39330L, 0x24b4a3a6L, 0xbad03605L, - 0xcdd70693L, 0x54de5729L, 0x23d967bfL, 0xb3667a2eL, 0xc4614ab8L, - 0x5d681b02L, 0x2a6f2b94L, 0xb40bbe37L, 0xc30c8ea1L, 0x5a05df1bL, - 0x2d02ef8dL + 0x00000000UL, 0x77073096UL, 0xee0e612cUL, 0x990951baUL, 0x076dc419UL, + 0x706af48fUL, 0xe963a535UL, 0x9e6495a3UL, 0x0edb8832UL, 0x79dcb8a4UL, + 0xe0d5e91eUL, 0x97d2d988UL, 0x09b64c2bUL, 0x7eb17cbdUL, 0xe7b82d07UL, + 0x90bf1d91UL, 0x1db71064UL, 0x6ab020f2UL, 0xf3b97148UL, 0x84be41deUL, + 0x1adad47dUL, 0x6ddde4ebUL, 0xf4d4b551UL, 0x83d385c7UL, 0x136c9856UL, + 0x646ba8c0UL, 0xfd62f97aUL, 0x8a65c9ecUL, 0x14015c4fUL, 0x63066cd9UL, + 0xfa0f3d63UL, 0x8d080df5UL, 0x3b6e20c8UL, 0x4c69105eUL, 0xd56041e4UL, + 0xa2677172UL, 0x3c03e4d1UL, 0x4b04d447UL, 0xd20d85fdUL, 0xa50ab56bUL, + 0x35b5a8faUL, 0x42b2986cUL, 0xdbbbc9d6UL, 0xacbcf940UL, 0x32d86ce3UL, + 0x45df5c75UL, 0xdcd60dcfUL, 0xabd13d59UL, 0x26d930acUL, 0x51de003aUL, + 0xc8d75180UL, 0xbfd06116UL, 0x21b4f4b5UL, 0x56b3c423UL, 0xcfba9599UL, + 0xb8bda50fUL, 0x2802b89eUL, 0x5f058808UL, 0xc60cd9b2UL, 0xb10be924UL, + 0x2f6f7c87UL, 0x58684c11UL, 0xc1611dabUL, 0xb6662d3dUL, 0x76dc4190UL, + 0x01db7106UL, 0x98d220bcUL, 0xefd5102aUL, 0x71b18589UL, 0x06b6b51fUL, + 0x9fbfe4a5UL, 0xe8b8d433UL, 0x7807c9a2UL, 0x0f00f934UL, 0x9609a88eUL, + 0xe10e9818UL, 0x7f6a0dbbUL, 0x086d3d2dUL, 0x91646c97UL, 0xe6635c01UL, + 0x6b6b51f4UL, 0x1c6c6162UL, 0x856530d8UL, 0xf262004eUL, 0x6c0695edUL, + 0x1b01a57bUL, 0x8208f4c1UL, 0xf50fc457UL, 0x65b0d9c6UL, 0x12b7e950UL, + 0x8bbeb8eaUL, 0xfcb9887cUL, 0x62dd1ddfUL, 0x15da2d49UL, 0x8cd37cf3UL, + 0xfbd44c65UL, 0x4db26158UL, 0x3ab551ceUL, 0xa3bc0074UL, 0xd4bb30e2UL, + 0x4adfa541UL, 0x3dd895d7UL, 0xa4d1c46dUL, 0xd3d6f4fbUL, 0x4369e96aUL, + 0x346ed9fcUL, 0xad678846UL, 0xda60b8d0UL, 0x44042d73UL, 0x33031de5UL, + 0xaa0a4c5fUL, 0xdd0d7cc9UL, 0x5005713cUL, 0x270241aaUL, 0xbe0b1010UL, + 0xc90c2086UL, 0x5768b525UL, 0x206f85b3UL, 0xb966d409UL, 0xce61e49fUL, + 0x5edef90eUL, 0x29d9c998UL, 0xb0d09822UL, 0xc7d7a8b4UL, 0x59b33d17UL, + 0x2eb40d81UL, 0xb7bd5c3bUL, 0xc0ba6cadUL, 0xedb88320UL, 0x9abfb3b6UL, + 0x03b6e20cUL, 0x74b1d29aUL, 0xead54739UL, 0x9dd277afUL, 0x04db2615UL, + 0x73dc1683UL, 0xe3630b12UL, 0x94643b84UL, 0x0d6d6a3eUL, 0x7a6a5aa8UL, + 0xe40ecf0bUL, 0x9309ff9dUL, 0x0a00ae27UL, 0x7d079eb1UL, 0xf00f9344UL, + 0x8708a3d2UL, 0x1e01f268UL, 0x6906c2feUL, 0xf762575dUL, 0x806567cbUL, + 0x196c3671UL, 0x6e6b06e7UL, 0xfed41b76UL, 0x89d32be0UL, 0x10da7a5aUL, + 0x67dd4accUL, 0xf9b9df6fUL, 0x8ebeeff9UL, 0x17b7be43UL, 0x60b08ed5UL, + 0xd6d6a3e8UL, 0xa1d1937eUL, 0x38d8c2c4UL, 0x4fdff252UL, 0xd1bb67f1UL, + 0xa6bc5767UL, 0x3fb506ddUL, 0x48b2364bUL, 0xd80d2bdaUL, 0xaf0a1b4cUL, + 0x36034af6UL, 0x41047a60UL, 0xdf60efc3UL, 0xa867df55UL, 0x316e8eefUL, + 0x4669be79UL, 0xcb61b38cUL, 0xbc66831aUL, 0x256fd2a0UL, 0x5268e236UL, + 0xcc0c7795UL, 0xbb0b4703UL, 0x220216b9UL, 0x5505262fUL, 0xc5ba3bbeUL, + 0xb2bd0b28UL, 0x2bb45a92UL, 0x5cb36a04UL, 0xc2d7ffa7UL, 0xb5d0cf31UL, + 0x2cd99e8bUL, 0x5bdeae1dUL, 0x9b64c2b0UL, 0xec63f226UL, 0x756aa39cUL, + 0x026d930aUL, 0x9c0906a9UL, 0xeb0e363fUL, 0x72076785UL, 0x05005713UL, + 0x95bf4a82UL, 0xe2b87a14UL, 0x7bb12baeUL, 0x0cb61b38UL, 0x92d28e9bUL, + 0xe5d5be0dUL, 0x7cdcefb7UL, 0x0bdbdf21UL, 0x86d3d2d4UL, 0xf1d4e242UL, + 0x68ddb3f8UL, 0x1fda836eUL, 0x81be16cdUL, 0xf6b9265bUL, 0x6fb077e1UL, + 0x18b74777UL, 0x88085ae6UL, 0xff0f6a70UL, 0x66063bcaUL, 0x11010b5cUL, + 0x8f659effUL, 0xf862ae69UL, 0x616bffd3UL, 0x166ccf45UL, 0xa00ae278UL, + 0xd70dd2eeUL, 0x4e048354UL, 0x3903b3c2UL, 0xa7672661UL, 0xd06016f7UL, + 0x4969474dUL, 0x3e6e77dbUL, 0xaed16a4aUL, 0xd9d65adcUL, 0x40df0b66UL, + 0x37d83bf0UL, 0xa9bcae53UL, 0xdebb9ec5UL, 0x47b2cf7fUL, 0x30b5ffe9UL, + 0xbdbdf21cUL, 0xcabac28aUL, 0x53b39330UL, 0x24b4a3a6UL, 0xbad03605UL, + 0xcdd70693UL, 0x54de5729UL, 0x23d967bfUL, 0xb3667a2eUL, 0xc4614ab8UL, + 0x5d681b02UL, 0x2a6f2b94UL, 0xb40bbe37UL, 0xc30c8ea1UL, 0x5a05df1bUL, + 0x2d02ef8dUL }; -#define DO1(buf) crc = crc_table[((int)crc ^ (*buf++)) & 0xff] ^ (crc >> 8); +#define DO1(buf) crc = crc_table[(crc ^ (*buf++)) & 0xff] ^ (crc >> 8); #define DO2(buf) DO1(buf); DO1(buf); #define DO4(buf) DO2(buf); DO2(buf); #define DO8(buf) DO4(buf); DO4(buf); @@ -76,10 +76,11 @@ static unsigned long crc32 (unsigned long crc, const unsigned char *buf, unsigne DO8 (buf); len -= 8; } - if (len) { + + if (len > 0) { do { DO1 (buf); - } while (--len); + } while (--len > 0); } return crc ^ 0xffffffffUL; } @@ -102,10 +103,10 @@ unsigned long kr_crc(const unsigned char *name, const unsigned char *email, cons _ARGCHK(name != NULL); _ARGCHK(email != NULL); _ARGCHK(description != NULL); - crc = crc32(0, NULL, 0); - crc = crc32(crc, name, MIN(MAXLEN, strlen((char *)name))); - crc = crc32(crc, email, MIN(MAXLEN, strlen((char *)email))); - return crc32(crc, description, MIN(MAXLEN, strlen((char *)description))); + crc = crc32(0UL, NULL, 0UL); + crc = crc32(crc, name, (unsigned long)MIN(MAXLEN, strlen((char *)name))); + crc = crc32(crc, email, (unsigned long)MIN(MAXLEN, strlen((char *)email))); + return crc32(crc, description, (unsigned long)MIN(MAXLEN, strlen((char *)description))); } pk_key *kr_find(pk_key *pk, unsigned long ID) @@ -127,7 +128,7 @@ pk_key *kr_find_name(pk_key *pk, const char *name) _ARGCHK(name != NULL); while (pk != NULL) { - if (pk->system != NON_KEY && !strncmp((char *)pk->name, (char *)name, sizeof(pk->name)-1)) { + if (pk->system != NON_KEY && strncmp((char *)pk->name, (char *)name, sizeof(pk->name)-1) == 0) { return pk; } pk = pk->next; @@ -241,12 +242,12 @@ int kr_del(pk_key **_pk, unsigned long ID) int kr_clear(pk_key **pk) { - int errno; + int err; _ARGCHK(pk != NULL); while ((*pk)->system != NON_KEY) { - if ((errno = kr_del(pk, (*pk)->ID)) != CRYPT_OK) { - return errno; + if ((err = kr_del(pk, (*pk)->ID)) != CRYPT_OK) { + return err; } } XFREE(*pk); @@ -266,7 +267,7 @@ static unsigned long _write(unsigned char *buf, unsigned long len, FILE *f, symm return 0; } } - return fwrite(buf, 1, len, f); + return (unsigned long)fwrite(buf, 1, (size_t)len, f); #endif } @@ -278,7 +279,7 @@ static unsigned long _read(unsigned char *buf, unsigned long len, FILE *f, symme unsigned long y; _ARGCHK(buf != NULL); _ARGCHK(f != NULL); - y = fread(buf, 1, len, f); + y = (unsigned long)fread(buf, 1, (size_t)len, f); if (ctr != NULL) { if (ctr_decrypt(buf, buf, y, ctr) != CRYPT_OK) { return 0; @@ -293,7 +294,7 @@ int kr_export(pk_key *pk, unsigned long ID, int key_type, unsigned char *out, un unsigned char buf[8192], *obuf; pk_key *ppk; unsigned long len; - int errno; + int err; _ARGCHK(pk != NULL); _ARGCHK(out != NULL); @@ -328,18 +329,18 @@ int kr_export(pk_key *pk, unsigned long ID, int key_type, unsigned char *out, un obuf = buf+6+4+MAXLEN*3; switch (ppk->system) { case RSA_KEY: - if ((errno = rsa_export(obuf, &len, key_type, &(ppk->key.rsa))) != CRYPT_OK) { - return errno; + if ((err = rsa_export(obuf, &len, key_type, &(ppk->key.rsa))) != CRYPT_OK) { + return err; } break; case DH_KEY: - if ((errno = dh_export(obuf, &len, key_type, &(ppk->key.dh))) != CRYPT_OK) { - return errno; + if ((err = dh_export(obuf, &len, key_type, &(ppk->key.dh))) != CRYPT_OK) { + return err; } break; case ECC_KEY: - if ((errno = ecc_export(obuf, &len, key_type, &(ppk->key.ecc))) != CRYPT_OK) { - return errno; + if ((err = ecc_export(obuf, &len, key_type, &(ppk->key.ecc))) != CRYPT_OK) { + return err; } break; } @@ -365,7 +366,7 @@ int kr_export(pk_key *pk, unsigned long ID, int key_type, unsigned char *out, un int kr_import(pk_key *pk, const unsigned char *in, unsigned long inlen) { _pk_key key; - int system, key_type, errno; + int system, key_type, err; unsigned long ID; _ARGCHK(pk != NULL); @@ -375,7 +376,7 @@ int kr_import(pk_key *pk, const unsigned char *in, unsigned long inlen) return CRYPT_INVALID_PACKET; } - if (memcmp(in, key_magic, 4)) { + if (memcmp(in, key_magic, 4) != 0) { return CRYPT_INVALID_PACKET; } key_type = in[4]; /* get type */ @@ -393,18 +394,18 @@ int kr_import(pk_key *pk, const unsigned char *in, unsigned long inlen) switch (system) { case RSA_KEY: - if ((errno = rsa_import(in+10+3*MAXLEN, inlen, &(key.rsa))) != CRYPT_OK) { - return errno; + if ((err = rsa_import(in+10+3*MAXLEN, inlen, &(key.rsa))) != CRYPT_OK) { + return err; } break; case DH_KEY: - if ((errno = dh_import(in+10+3*MAXLEN, inlen, &(key.dh))) != CRYPT_OK) { - return errno; + if ((err = dh_import(in+10+3*MAXLEN, inlen, &(key.dh))) != CRYPT_OK) { + return err; } break; case ECC_KEY: - if ((errno = ecc_import(in+10+3*MAXLEN, inlen, &(key.ecc))) != CRYPT_OK) { - return errno; + if ((err = ecc_import(in+10+3*MAXLEN, inlen, &(key.ecc))) != CRYPT_OK) { + return err; } break; } @@ -420,20 +421,20 @@ int kr_load(pk_key **pk, FILE *in, symmetric_CTR *ctr) { unsigned char buf[8192], blen[4]; unsigned long len; - int res, errno; + int res, err; _ARGCHK(pk != NULL); _ARGCHK(in != NULL); /* init keyring */ - if ((errno = kr_init(pk)) != CRYPT_OK) { - return errno; + if ((err = kr_init(pk)) != CRYPT_OK) { + return err; } /* read in magic bytes */ if (_read(buf, 6, in, ctr) != 6) { goto done2; } - if (memcmp(buf, file_magic, 4)) { + if (memcmp(buf, file_magic, 4) != 0) { return CRYPT_INVALID_PACKET; } @@ -447,13 +448,13 @@ int kr_load(pk_key **pk, FILE *in, symmetric_CTR *ctr) /* get length */ LOAD32L(len, blen); - if (len > sizeof(buf)) { + if (len > (unsigned long)sizeof(buf)) { return CRYPT_INVALID_PACKET; } if (_read(buf, len, in, ctr) != len) { goto done2; } - if ((errno = kr_import(*pk, buf, len)) != CRYPT_OK) { - return errno; + if ((err = kr_import(*pk, buf, len)) != CRYPT_OK) { + return err; } } @@ -472,21 +473,21 @@ int kr_save(pk_key *pk, FILE *out, symmetric_CTR *ctr) { unsigned char buf[8192], blen[4]; unsigned long len; - int res, errno; + int res, err; _ARGCHK(pk != NULL); _ARGCHK(out != NULL); /* write out magic bytes */ memcpy(buf, file_magic, 4); - buf[4] = CRYPT&255; - buf[5] = (CRYPT>>8)&255; + buf[4] = (unsigned char)(CRYPT&255); + buf[5] = (unsigned char)((CRYPT>>8)&255); if (_write(buf, 6, out, ctr) != 6) { goto done2; } while (pk->system != NON_KEY) { len = sizeof(buf); - if ((errno = kr_export(pk, pk->ID, pk->key_type, buf, &len)) != CRYPT_OK) { - return errno; + if ((err = kr_export(pk, pk->ID, pk->key_type, buf, &len)) != CRYPT_OK) { + return err; } STORE32L(len, blen); @@ -512,7 +513,7 @@ int kr_make_key(pk_key *pk, prng_state *prng, int wprng, const unsigned char *email, const unsigned char *description) { _pk_key key; - int key_type, errno; + int key_type, err; _ARGCHK(pk != NULL); _ARGCHK(name != NULL); @@ -520,28 +521,28 @@ int kr_make_key(pk_key *pk, prng_state *prng, int wprng, _ARGCHK(description != NULL); /* valid PRNG? */ - if ((errno = prng_is_valid(wprng)) != CRYPT_OK) { - return errno; + if ((err = prng_is_valid(wprng)) != CRYPT_OK) { + return err; } /* make the key first */ zeromem(&key, sizeof(key)); switch (system) { case RSA_KEY: - if ((errno = rsa_make_key(prng, wprng, keysize, 65537, &(key.rsa))) != CRYPT_OK) { - return errno; + if ((err = rsa_make_key(prng, wprng, keysize, 65537, &(key.rsa))) != CRYPT_OK) { + return err; } key_type = key.rsa.type; break; case DH_KEY: - if ((errno = dh_make_key(prng, wprng, keysize, &(key.dh))) != CRYPT_OK) { - return errno; + if ((err = dh_make_key(prng, wprng, keysize, &(key.dh))) != CRYPT_OK) { + return err; } key_type = key.dh.type; break; case ECC_KEY: - if ((errno = ecc_make_key(prng, wprng, keysize, &(key.ecc))) != CRYPT_OK) { - return errno; + if ((err = ecc_make_key(prng, wprng, keysize, &(key.ecc))) != CRYPT_OK) { + return err; } key_type = key.ecc.type; break; @@ -550,8 +551,8 @@ int kr_make_key(pk_key *pk, prng_state *prng, int wprng, } /* now add the key */ - if ((errno = kr_add(pk, key_type, system, name, email, description, &key)) != CRYPT_OK) { - return errno; + if ((err = kr_add(pk, key_type, system, name, email, description, &key)) != CRYPT_OK) { + return err; } #ifdef CLEAN_STACK @@ -568,7 +569,7 @@ int kr_encrypt_key(pk_key *pk, unsigned long ID, unsigned char buf[8192]; unsigned long len; pk_key *kr; - int errno; + int err; _ARGCHK(pk != NULL); _ARGCHK(in != NULL); @@ -591,18 +592,18 @@ int kr_encrypt_key(pk_key *pk, unsigned long ID, len = sizeof(buf)-12; switch (kr->system) { case RSA_KEY: - if ((errno = rsa_encrypt_key(in, inlen, buf+12, &len, prng, wprng, &(kr->key.rsa))) != CRYPT_OK) { - return errno; + if ((err = rsa_encrypt_key(in, inlen, buf+12, &len, prng, wprng, &(kr->key.rsa))) != CRYPT_OK) { + return err; } break; case DH_KEY: - if ((errno = dh_encrypt_key(in, inlen, buf+12, &len, prng, wprng, hash, &(kr->key.dh))) != CRYPT_OK) { - return errno; + if ((err = dh_encrypt_key(in, inlen, buf+12, &len, prng, wprng, hash, &(kr->key.dh))) != CRYPT_OK) { + return err; } break; case ECC_KEY: - if ((errno = ecc_encrypt_key(in, inlen, buf+12, &len, prng, wprng, hash, &(kr->key.ecc))) != CRYPT_OK) { - return errno; + if ((err = ecc_encrypt_key(in, inlen, buf+12, &len, prng, wprng, hash, &(kr->key.ecc))) != CRYPT_OK) { + return err; } break; } @@ -630,7 +631,7 @@ int kr_decrypt_key(pk_key *pk, const unsigned char *in, unsigned char buf[8192]; unsigned long pklen, len, ID; pk_key *kr; - int errno; + int err; _ARGCHK(pk != NULL); _ARGCHK(in != NULL); @@ -659,18 +660,18 @@ int kr_decrypt_key(pk_key *pk, const unsigned char *in, len = sizeof(buf); switch (kr->system) { case RSA_KEY: - if ((errno = rsa_decrypt_key(in+12, pklen, buf, &len, &(kr->key.rsa))) != CRYPT_OK) { - return errno; + if ((err = rsa_decrypt_key(in+12, pklen, buf, &len, &(kr->key.rsa))) != CRYPT_OK) { + return err; } break; case DH_KEY: - if ((errno = dh_decrypt_key(in+12, pklen, buf, &len, &(kr->key.dh))) != CRYPT_OK) { - return errno; + if ((err = dh_decrypt_key(in+12, pklen, buf, &len, &(kr->key.dh))) != CRYPT_OK) { + return err; } break; case ECC_KEY: - if ((errno = ecc_decrypt_key(in+12, pklen, buf, &len, &(kr->key.ecc))) != CRYPT_OK) { - return errno; + if ((err = ecc_decrypt_key(in+12, pklen, buf, &len, &(kr->key.ecc))) != CRYPT_OK) { + return err; } break; } @@ -698,7 +699,7 @@ int kr_sign_hash(pk_key *pk, unsigned long ID, unsigned char buf[8192]; unsigned long len; pk_key *kr; - int errno; + int err; _ARGCHK(pk != NULL); _ARGCHK(in != NULL); @@ -726,18 +727,18 @@ int kr_sign_hash(pk_key *pk, unsigned long ID, len = sizeof(buf)-16; switch (kr->system) { case RSA_KEY: - if ((errno = rsa_sign_hash(in, inlen, buf+16, &len, &(kr->key.rsa))) != CRYPT_OK) { - return errno; + if ((err = rsa_sign_hash(in, inlen, buf+16, &len, &(kr->key.rsa))) != CRYPT_OK) { + return err; } break; case DH_KEY: - if ((errno = dh_sign_hash(in, inlen, buf+16, &len, prng, wprng, &(kr->key.dh))) != CRYPT_OK) { - return errno; + if ((err = dh_sign_hash(in, inlen, buf+16, &len, prng, wprng, &(kr->key.dh))) != CRYPT_OK) { + return err; } break; case ECC_KEY: - if ((errno = ecc_sign_hash(in, inlen, buf+16, &len, prng, wprng, &(kr->key.ecc))) != CRYPT_OK) { - return errno; + if ((err = ecc_sign_hash(in, inlen, buf+16, &len, prng, wprng, &(kr->key.ecc))) != CRYPT_OK) { + return err; } break; } @@ -765,7 +766,7 @@ int kr_verify_hash(pk_key *pk, const unsigned char *in, const unsigned char *has { unsigned long inlen, pklen, ID; pk_key *kr; - int errno; + int err; _ARGCHK(pk != NULL); _ARGCHK(in != NULL); @@ -796,18 +797,18 @@ int kr_verify_hash(pk_key *pk, const unsigned char *in, const unsigned char *has switch (kr->system) { case RSA_KEY: - if ((errno = rsa_verify_hash(in+16, pklen, hash, stat, &(kr->key.rsa))) != CRYPT_OK) { - return errno; + if ((err = rsa_verify_hash(in+16, pklen, hash, stat, &(kr->key.rsa))) != CRYPT_OK) { + return err; } break; case DH_KEY: - if ((errno = dh_verify_hash(in+16, pklen, hash, inlen, stat, &(kr->key.dh))) != CRYPT_OK) { - return errno; + if ((err = dh_verify_hash(in+16, pklen, hash, inlen, stat, &(kr->key.dh))) != CRYPT_OK) { + return err; } break; case ECC_KEY: - if ((errno = ecc_verify_hash(in+16, pklen, hash, inlen, stat, &(kr->key.ecc))) != CRYPT_OK) { - return errno; + if ((err = ecc_verify_hash(in+16, pklen, hash, inlen, stat, &(kr->key.ecc))) != CRYPT_OK) { + return err; } break; } @@ -819,25 +820,25 @@ int kr_fingerprint(pk_key *pk, unsigned long ID, int hash, { unsigned char buf[8192]; unsigned long len; - int errno; + int err; _ARGCHK(pk != NULL); _ARGCHK(out != NULL); _ARGCHK(outlen != NULL); /* valid hash? */ - if ((errno = hash_is_valid(hash)) != CRYPT_OK) { - return errno; + if ((err = hash_is_valid(hash)) != CRYPT_OK) { + return err; } - len = sizeof(buf); - if ((errno = kr_export(pk, ID, PK_PUBLIC, buf, &len)) != CRYPT_OK) { - return errno; + len = (unsigned long)sizeof(buf); + if ((err = kr_export(pk, ID, PK_PUBLIC, buf, &len)) != CRYPT_OK) { + return err; } /* now hash it */ - if ((errno = hash_memory(hash, buf, len, out, outlen)) != CRYPT_OK) { - return errno; + if ((err = hash_memory(hash, buf, len, out, outlen)) != CRYPT_OK) { + return err; } #ifdef CLEAN_STACK diff --git a/makefile b/makefile index 0191ef8..524839c 100644 --- a/makefile +++ b/makefile @@ -9,7 +9,7 @@ # a build. This is easy to remedy though, for those that have problems. # The version -VERSION=0.79 +VERSION=0.80 #ch1-01-1 # Compiler and Linker Names @@ -165,7 +165,6 @@ CFLAGS += -DRC4 CFLAGS += -DMRSA CFLAGS += -DMDH CFLAGS += -DMECC -#CFLAGS += -DMDSA CFLAGS += -DKR #ch1-01-10 @@ -189,9 +188,6 @@ CFLAGS += -DECC256 CFLAGS += -DECC384 CFLAGS += -DECC521 -CFLAGS += -DDSA1024 -CFLAGS += -DDSA2048 -CFLAGS += -DDSA4096 #ch1-01-12 #ch1-01-11 @@ -232,7 +228,7 @@ LIBPATH=/usr/lib INCPATH=/usr/include #List of objects to compile. -OBJECTS=keyring.o gf.o mem.o sprng.o dsa.o ecc.o base64.o dh.o rsa.o \ +OBJECTS=keyring.o gf.o mem.o sprng.o ecc.o base64.o dh.o rsa.o \ bits.o yarrow.o cfb.o ofb.o ecb.o ctr.o cbc.o hash.o tiger.o sha1.o \ md5.o md4.o md2.o sha256.o sha512.o xtea.o aes.o serpent.o des.o \ safer_tab.o safer.o safer+.o rc4.o rc2.o rc6.o rc5.o cast5.o noekeon.o blowfish.o crypt.o \ @@ -300,7 +296,7 @@ install: library docs clean: rm -f $(OBJECTS) $(TESTOBJECTS) $(HASHOBJECTS) $(CRYPTOBJECTS) $(SMALLOBJECTS) $(LEFTOVERS) $(LIBNAME) rm -f $(TEST) $(HASH) $(COMPRESSED) - rm -f *stackdump *.lib *.exe *.obj demos/*.obj zlib/*.obj *.bat + rm -f *stackdump *.lib *.exe *.obj demos/*.obj *.bat makefile.out mycrypt_custom.h #This builds the crypt.pdf file. Note that the rm -f *.pdf has been removed #from the clean command! This is because most people would like to keep the diff --git a/makefile.out b/makefile.out deleted file mode 100644 index 1c66b3b..0000000 --- a/makefile.out +++ /dev/null @@ -1,23 +0,0 @@ -#makefile generated with config.pl -# -#Tom St Denis (tomstdenis@yahoo.com, http://tom.iahu.ca) - -CC = gcc -AR = ar -LD = ld -CFLAGS += -Os -Wall -Wsign-compare -W -Wno-unused -Werror -I./ -DXMALLOC=malloc -DXCALLOC=calloc -DXFREE=free -DXCLOCK=clock -DXCLOCKS_PER_SEC=CLOCKS_PER_SEC -DSMALL_CODE -DBLOWFISH -DRC2 -DRC5 -DRC6 -DSERPENT -DSAFERP -DSAFER -DRIJNDAEL -DXTEA -DTWOFISH -DDES -DCAST5 -DNOEKEON -DCFB -DOFB -DECB -DCBC -DCTR -DSHA512 -DSHA384 -DSHA256 -DTIGER -DSHA1 -DMD5 -DMD4 -DMD2 -DHMAC -DBASE64 -DYARROW -DSPRNG -DRC4 -DDEVRANDOM -DMRSA -DMDH -DMECC -DMDSA -DKR -DDH768 -DDH1024 -DDH1280 -DDH1536 -DDH1792 -DDH2048 -DDH2560 -DDH3072 -DDH4096 -DECC160 -DECC192 -DECC224 -DECC256 -DECC384 -DECC521 -DDSA1024 -DDSA2048 -DDSA4096 -DMPI -DMPI_FASTEXPT - -default: library - -OBJECTS = keyring.o gf.o mem.o sprng.o dsa.o ecc.o base64.o dh.o rsa.o bits.o yarrow.o cfb.o ofb.o ecb.o ctr.o cbc.o hash.o tiger.o sha1.o md5.o md4.o md2.o sha256.o sha512.o xtea.o aes.o serpent.o des.o safer_tab.o safer.o safer+.o rc4.o rc2.o rc6.o rc5.o cast5.o noekeon.o blowfish.o crypt.o ampi.o mpi.o prime.o twofish.o packet.o hmac.o strings.o - -rsa.o: rsa_sys.c -dh.o: dh_sys.c -ecc.o: ecc_sys.c - -library: $(OBJECTS) - $(AR) rs libtomcrypt.a $(OBJECTS) - -clean: - rm -f $(OBJECTS) libtomcrypt.a - diff --git a/makefile.ps2 b/makefile.ps2 index be78b6e..3a2024a 100644 --- a/makefile.ps2 +++ b/makefile.ps2 @@ -142,7 +142,6 @@ CFLAGS += -DRC4 CFLAGS += -DMRSA CFLAGS += -DMDH CFLAGS += -DMECC -#CFLAGS += -DDSA CFLAGS += -DKR # Control which built in DH or ECC key paramaters @@ -164,10 +163,6 @@ CFLAGS += -DECC256 CFLAGS += -DECC384 CFLAGS += -DECC521 -CFLAGS += -DDSA1024 -CFLAGS += -DDSA2048 -CFLAGS += -DDSA4096 - # include GF math routines? (not currently used by anything internally) #CFLAGS += -DGF @@ -203,7 +198,7 @@ LIBPATH=/usr/lib INCPATH=/usr/include #List of objects to compile. -OBJECTS=keyring.o gf.o mem.o sprng.o dsa.o ecc.o base64.o dh.o rsa.o \ +OBJECTS=keyring.o gf.o mem.o sprng.o ecc.o base64.o dh.o rsa.o \ bits.o yarrow.o cfb.o ofb.o ecb.o ctr.o cbc.o hash.o tiger.o sha1.o \ md5.o md4.o md2.o sha256.o sha512.o xtea.o aes.o serpent.o des.o \ safer_tab.o safer.o safer+.o rc4.o rc2.o rc6.o rc5.o cast5.o noekeon.o blowfish.o crypt.o \ diff --git a/makefile.vc b/makefile.vc index d3536ee..f20dc3c 100644 --- a/makefile.vc +++ b/makefile.vc @@ -114,7 +114,6 @@ CFLAGS += /DRC4 CFLAGS += /DMRSA CFLAGS += /DMDH CFLAGS += /DMECC -#CFLAGS += /DDSA CFLAGS += /DKR # Control which built in DH or ECC key paramaters @@ -136,10 +135,6 @@ CFLAGS += /DECC256 CFLAGS += /DECC384 CFLAGS += /DECC521 -CFLAGS += /DDSA1024 -CFLAGS += /DDSA2048 -CFLAGS += /DDSA4096 - # include GF math routines? (not currently used by anything internally) #CFLAGS += /DGF @@ -252,8 +247,6 @@ cast5.obj: cast5.c $(CC) $(CFLAGS) cast5.c noekeon.obj: noekeon.c $(CC) $(CFLAGS) noekeon.c -dsa.obj: dsa.c - $(CC) $(CFLAGS) dsa.c demos/test.obj: demos/test.c $(CC) $(CFLAGS) demos/test.c @@ -261,11 +254,11 @@ demos/test.obj: demos/test.c demos/hashsum.obj: demos/hashsum.c $(CC) $(CFLAGS) demos/hashsum.c -tomcrypt.lib: keyring.obj gf.obj mem.obj sprng.obj dsa.obj ecc.obj base64.obj dh.obj rsa.obj bits.obj hmac.obj \ +tomcrypt.lib: keyring.obj gf.obj mem.obj sprng.obj ecc.obj base64.obj dh.obj rsa.obj bits.obj hmac.obj \ yarrow.obj cfb.obj ofb.obj ecb.obj ctr.obj cbc.obj hash.obj tiger.obj sha1.obj md2.obj md5.obj md4.obj sha256.obj sha512.obj xtea.obj \ aes.obj serpent.obj safer_tab.obj safer.obj safer+.obj cast5.obj noekeon.obj rc2.obj rc6.obj rc5.obj des.obj blowfish.obj crypt.obj ampi.obj \ strings.obj mpi.obj prime.obj twofish.obj packet.obj - $(AR) /out:tomcrypt.lib keyring.obj gf.obj mem.obj sprng.obj dsa.obj ecc.obj base64.obj dh.obj rsa.obj hmac.obj \ + $(AR) /out:tomcrypt.lib keyring.obj gf.obj mem.obj sprng.obj ecc.obj base64.obj dh.obj rsa.obj hmac.obj \ bits.obj yarrow.obj cfb.obj ofb.obj ecb.obj ctr.obj cbc.obj hash.obj tiger.obj sha1.obj md2.obj md5.obj md4.obj sha256.obj \ strings.obj sha512.obj xtea.obj aes.obj serpent.obj safer_tab.obj safer.obj safer+.obj cast5.obj noekeon.obj rc2.obj rc6.obj rc5.obj des.obj \ blowfish.obj crypt.obj ampi.obj mpi.obj prime.obj twofish.obj packet.obj diff --git a/md2.c b/md2.c index c26fb12..82bd4a3 100644 --- a/md2.c +++ b/md2.c @@ -47,7 +47,7 @@ static void md2_update_chksum(hash_state *md) /* caution, the RFC says its "C[j] = S[M[i*16+j] xor L]" but the reference source code [and test vectors] say otherwise. */ - L = (md->md2.chksum[j] ^= PI_SUBST[md->md2.buf[j] ^ L]); + L = (md->md2.chksum[j] ^= PI_SUBST[(int)(md->md2.buf[j] ^ L)]); } } @@ -62,14 +62,14 @@ static void md2_compress(hash_state *md) md->md2.X[32+j] = md->md2.X[j] ^ md->md2.X[16+j]; } - t = 0; + t = (unsigned char)0; /* do 18 rounds */ for (j = 0; j < 18; j++) { for (k = 0; k < 48; k++) { - t = (md->md2.X[k] ^= PI_SUBST[t]); + t = (md->md2.X[k] ^= PI_SUBST[(int)t]); } - t = (t + j) & 255; + t = (t + (unsigned char)j) & 255; } } @@ -89,9 +89,9 @@ void md2_process(hash_state *md, const unsigned char *buf, unsigned long len) unsigned long n; _ARGCHK(md != NULL); _ARGCHK(buf != NULL); - while (len) { + while (len > 0) { n = MIN(len, (16 - md->md2.curlen)); - memcpy(md->md2.buf + md->md2.curlen, buf, n); + memcpy(md->md2.buf + md->md2.curlen, buf, (size_t)n); md->md2.curlen += n; buf += n; len -= n; @@ -107,7 +107,7 @@ void md2_process(hash_state *md, const unsigned char *buf, unsigned long len) void md2_done(hash_state * md, unsigned char *hash) { - int i, k; + unsigned long i, k; _ARGCHK(md != NULL); _ARGCHK(hash != NULL); @@ -115,7 +115,7 @@ void md2_done(hash_state * md, unsigned char *hash) /* pad the message */ k = 16 - md->md2.curlen; for (i = md->md2.curlen; i < 16; i++) { - md->md2.buf[i] = k; + md->md2.buf[i] = (unsigned char)k; } /* hash and update */ @@ -137,7 +137,7 @@ void md2_done(hash_state * md, unsigned char *hash) int md2_test(void) { static const struct { - unsigned char *msg; + char *msg; unsigned char md[16]; } tests[] = { { "", @@ -177,9 +177,9 @@ int md2_test(void) for (i = 0; i < (int)(sizeof(tests) / sizeof(tests[0])); i++) { md2_init(&md); - md2_process(&md, tests[i].msg, strlen(tests[i].msg)); + md2_process(&md, (unsigned char*)tests[i].msg, (unsigned long)strlen(tests[i].msg)); md2_done(&md, buf); - if (memcmp(buf, tests[i].md, 16)) { + if (memcmp(buf, tests[i].md, 16) != 0) { return CRYPT_FAIL_TESTVECTOR; } } diff --git a/md4.c b/md4.c index 6cfaeba..767e789 100644 --- a/md4.c +++ b/md4.c @@ -160,9 +160,9 @@ void md4_process(hash_state * md, const unsigned char *buf, unsigned long len) unsigned long n; _ARGCHK(md != NULL); _ARGCHK(buf != NULL); - while (len) { + while (len > 0) { n = MIN(len, (64 - md->md4.curlen)); - memcpy(md->md4.buf + md->md4.curlen, buf, n); + memcpy(md->md4.buf + md->md4.curlen, buf, (size_t)n); md->md4.curlen += n; buf += n; len -= n; @@ -187,7 +187,7 @@ void md4_done(hash_state * md, unsigned char *hash) md->md4.length += md->md4.curlen * 8; /* append the '1' bit */ - md->md4.buf[md->md4.curlen++] = 0x80; + md->md4.buf[md->md4.curlen++] = (unsigned char)0x80; /* if the length is currently above 56 bytes we append zeros * then compress. Then we can fall back to padding zeros and length @@ -195,7 +195,7 @@ void md4_done(hash_state * md, unsigned char *hash) */ if (md->md4.curlen > 56) { while (md->md4.curlen < 64) { - md->md4.buf[md->md4.curlen++] = 0; + md->md4.buf[md->md4.curlen++] = (unsigned char)0; } md4_compress(md); md->md4.curlen = 0; @@ -203,7 +203,7 @@ void md4_done(hash_state * md, unsigned char *hash) /* pad upto 56 bytes of zeroes */ while (md->md4.curlen < 56) { - md->md4.buf[md->md4.curlen++] = 0; + md->md4.buf[md->md4.curlen++] = (unsigned char)0; } /* store length */ @@ -222,30 +222,28 @@ void md4_done(hash_state * md, unsigned char *hash) int md4_test(void) { static const struct md4_test_case { - int num; - unsigned char input[128]; - int inputlen; + char *input; unsigned char digest[16]; } cases[] = { - { 1, "", 0, + { "", {0x31, 0xd6, 0xcf, 0xe0, 0xd1, 0x6a, 0xe9, 0x31, 0xb7, 0x3c, 0x59, 0xd7, 0xe0, 0xc0, 0x89, 0xc0} }, - { 2, "a", 1, + { "a", {0xbd, 0xe5, 0x2c, 0xb3, 0x1d, 0xe3, 0x3e, 0x46, 0x24, 0x5e, 0x05, 0xfb, 0xdb, 0xd6, 0xfb, 0x24} }, - { 3, "abc", 3, + { "abc", {0xa4, 0x48, 0x01, 0x7a, 0xaf, 0x21, 0xd8, 0x52, 0x5f, 0xc1, 0x0a, 0xe8, 0x7a, 0xa6, 0x72, 0x9d} }, - { 4, "message digest", 14, + { "message digest", {0xd9, 0x13, 0x0a, 0x81, 0x64, 0x54, 0x9f, 0xe8, 0x18, 0x87, 0x48, 0x06, 0xe1, 0xc7, 0x01, 0x4b} }, - { 5, "abcdefghijklmnopqrstuvwxyz", 26, + { "abcdefghijklmnopqrstuvwxyz", {0xd7, 0x9e, 0x1c, 0x30, 0x8a, 0xa5, 0xbb, 0xcd, 0xee, 0xa8, 0xed, 0x63, 0xdf, 0x41, 0x2d, 0xa9} }, - { 6, "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789", 62, + { "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789", {0x04, 0x3f, 0x85, 0x82, 0xf2, 0x41, 0xdb, 0x35, 0x1c, 0xe6, 0x27, 0xe1, 0x53, 0xe7, 0xf0, 0xe4} }, - { 7, "12345678901234567890123456789012345678901234567890123456789012345678901234567890", 80, + { "12345678901234567890123456789012345678901234567890123456789012345678901234567890", {0xe3, 0x3b, 0x4d, 0xdc, 0x9c, 0x38, 0xf2, 0x19, 0x9c, 0x3e, 0x7b, 0x16, 0x4f, 0xcc, 0x05, 0x36} }, }; @@ -255,7 +253,7 @@ int md4_test(void) for(i = 0; i < (int)(sizeof(cases) / sizeof(cases[0])); i++) { md4_init(&md); - md4_process(&md, cases[i].input, cases[i].inputlen); + md4_process(&md, (unsigned char *)cases[i].input, (unsigned long)strlen(cases[i].input)); md4_done(&md, digest); if (memcmp(digest, cases[i].digest, 16) != 0) { return CRYPT_FAIL_TESTVECTOR; diff --git a/md5.c b/md5.c index a489f62..a55d15e 100644 --- a/md5.c +++ b/md5.c @@ -147,9 +147,9 @@ void md5_process(hash_state * md, const unsigned char *buf, unsigned long len) unsigned long n; _ARGCHK(md != NULL); _ARGCHK(buf != NULL); - while (len) { + while (len > 0) { n = MIN(len, (64 - md->md5.curlen)); - memcpy(md->md5.buf + md->md5.curlen, buf, n); + memcpy(md->md5.buf + md->md5.curlen, buf, (size_t)n); md->md5.curlen += n; buf += n; len -= n; @@ -174,7 +174,7 @@ void md5_done(hash_state * md, unsigned char *hash) md->md5.length += md->md5.curlen * 8; /* append the '1' bit */ - md->md5.buf[md->md5.curlen++] = 0x80; + md->md5.buf[md->md5.curlen++] = (unsigned char)0x80; /* if the length is currently above 56 bytes we append zeros * then compress. Then we can fall back to padding zeros and length @@ -182,7 +182,7 @@ void md5_done(hash_state * md, unsigned char *hash) */ if (md->md5.curlen > 56) { while (md->md5.curlen < 64) { - md->md5.buf[md->md5.curlen++] = 0; + md->md5.buf[md->md5.curlen++] = (unsigned char)0; } md5_compress(md); md->md5.curlen = 0; @@ -190,7 +190,7 @@ void md5_done(hash_state * md, unsigned char *hash) /* pad upto 56 bytes of zeroes */ while (md->md5.curlen < 56) { - md->md5.buf[md->md5.curlen++] = 0; + md->md5.buf[md->md5.curlen++] = (unsigned char)0; } /* store length */ @@ -209,7 +209,7 @@ void md5_done(hash_state * md, unsigned char *hash) int md5_test(void) { static const struct { - unsigned char *msg; + char *msg; unsigned char hash[16]; } tests[] = { { "", @@ -242,9 +242,9 @@ int md5_test(void) for (i = 0; tests[i].msg != NULL; i++) { md5_init(&md); - md5_process(&md, tests[i].msg, strlen(tests[i].msg)); + md5_process(&md, (unsigned char *)tests[i].msg, (unsigned long)strlen(tests[i].msg)); md5_done(&md, tmp); - if (memcmp(tmp, tests[i].hash, 16)) { + if (memcmp(tmp, tests[i].hash, 16) != 0) { return CRYPT_FAIL_TESTVECTOR; } } diff --git a/mem.c b/mem.c index 7cbb791..41a1c12 100644 --- a/mem.c +++ b/mem.c @@ -1,10 +1,10 @@ #include "mycrypt.h" -void zeromem(void *dst, unsigned long len) +void zeromem(void *dst, size_t len) { unsigned char *mem = (unsigned char *)dst; _ARGCHK(dst != NULL); - while (len--) + while (len-- > 0) *mem++ = 0; } @@ -12,7 +12,7 @@ void burn_stack(unsigned long len) { unsigned char buf[32]; zeromem(buf, sizeof(buf)); - if (len > sizeof(buf)) + if (len > (unsigned long)sizeof(buf)) burn_stack(len - sizeof(buf)); } diff --git a/mpi.c b/mpi.c index 4293f6b..2162f7b 100644 --- a/mpi.c +++ b/mpi.c @@ -147,10 +147,10 @@ static const char *s_dmap_2 = and yet they are primarily housekeeping. */ #if MP_MACRO == 0 - void s_mp_setz(mp_digit *dp, mp_size count); /* zero digits */ - void s_mp_copy(mp_digit *sp, mp_digit *dp, mp_size count); /* copy */ - void *s_mp_alloc(size_t nb, size_t ni); /* general allocator */ - void s_mp_free(void *ptr); /* general free function */ + static void s_mp_setz(mp_digit *dp, mp_size count); /* zero digits */ + static void s_mp_copy(mp_digit *sp, mp_digit *dp, mp_size count); /* copy */ + static void *s_mp_alloc(size_t nb, size_t ni); /* general allocator */ + static void s_mp_free(void *ptr); /* general free function */ #else /* Even if these are defined as macros, we need to respect the settings @@ -174,50 +174,50 @@ static const char *s_dmap_2 = #define s_mp_free(ptr) {if(ptr) XFREE(ptr);} #endif /* MP_MACRO */ -mp_err s_mp_grow(mp_int *mp, mp_size min); /* increase allocated size */ -mp_err s_mp_pad(mp_int *mp, mp_size min); /* left pad with zeroes */ +static mp_err s_mp_grow(mp_int *mp, mp_size min); /* increase allocated size */ +static mp_err s_mp_pad(mp_int *mp, mp_size min); /* left pad with zeroes */ -void s_mp_clamp(mp_int *mp); /* clip leading zeroes */ +static void s_mp_clamp(mp_int *mp); /* clip leading zeroes */ -void s_mp_exch(mp_int *a, mp_int *b); /* swap a and b in place */ +static void s_mp_exch(mp_int *a, mp_int *b); /* swap a and b in place */ -mp_err s_mp_lshd(mp_int *mp, mp_size p); /* left-shift by p digits */ -void s_mp_rshd(mp_int *mp, mp_size p); /* right-shift by p digits */ -void s_mp_div_2d(mp_int *mp, mp_digit d); /* divide by 2^d in place */ -void s_mp_mod_2d(mp_int *mp, mp_digit d); /* modulo 2^d in place */ -mp_err s_mp_mul_2d(mp_int *mp, mp_digit d); /* multiply by 2^d in place*/ -void s_mp_div_2(mp_int *mp); /* divide by 2 in place */ -mp_err s_mp_mul_2(mp_int *mp); /* multiply by 2 in place */ +static mp_err s_mp_lshd(mp_int *mp, mp_size p); /* left-shift by p digits */ +static void s_mp_rshd(mp_int *mp, mp_size p); /* right-shift by p digits */ +static void s_mp_div_2d(mp_int *mp, mp_digit d); /* divide by 2^d in place */ +static void s_mp_mod_2d(mp_int *mp, mp_digit d); /* modulo 2^d in place */ +static mp_err s_mp_mul_2d(mp_int *mp, mp_digit d); /* multiply by 2^d in place*/ +static void s_mp_div_2(mp_int *mp); /* divide by 2 in place */ +static mp_err s_mp_mul_2(mp_int *mp); /* multiply by 2 in place */ mp_digit s_mp_norm(mp_int *a, mp_int *b); /* normalize for division */ -mp_err s_mp_add_d(mp_int *mp, mp_digit d); /* unsigned digit addition */ -mp_err s_mp_sub_d(mp_int *mp, mp_digit d); /* unsigned digit subtract */ -mp_err s_mp_mul_d(mp_int *mp, mp_digit d); /* unsigned digit multiply */ -mp_err s_mp_div_d(mp_int *mp, mp_digit d, mp_digit *r); +static mp_err s_mp_add_d(mp_int *mp, mp_digit d); /* unsigned digit addition */ +static mp_err s_mp_sub_d(mp_int *mp, mp_digit d); /* unsigned digit subtract */ +static mp_err s_mp_mul_d(mp_int *mp, mp_digit d); /* unsigned digit multiply */ +static mp_err s_mp_div_d(mp_int *mp, mp_digit d, mp_digit *r); /* unsigned digit divide */ -mp_err s_mp_reduce(mp_int *x, mp_int *m, mp_int *mu); +static mp_err s_mp_reduce(mp_int *x, mp_int *m, mp_int *mu); /* Barrett reduction */ -mp_err s_mp_add(mp_int *a, mp_int *b); /* magnitude addition */ -mp_err s_mp_sub(mp_int *a, mp_int *b); /* magnitude subtract */ -mp_err s_mp_mul(mp_int *a, mp_int *b); /* magnitude multiply */ +static mp_err s_mp_add(mp_int *a, mp_int *b); /* magnitude addition */ +static mp_err s_mp_sub(mp_int *a, mp_int *b); /* magnitude subtract */ +static mp_err s_mp_mul(mp_int *a, mp_int *b); /* magnitude multiply */ #if 0 -void s_mp_kmul(mp_digit *a, mp_digit *b, mp_digit *out, mp_size len); +static void s_mp_kmul(mp_digit *a, mp_digit *b, mp_digit *out, mp_size len); /* multiply buffers in place */ #endif #if MP_SQUARE -mp_err s_mp_sqr(mp_int *a); /* magnitude square */ +static mp_err s_mp_sqr(mp_int *a); /* magnitude square */ #else #define s_mp_sqr(a) s_mp_mul(a, a) #endif -mp_err s_mp_div(mp_int *a, mp_int *b); /* magnitude divide */ -mp_err s_mp_2expt(mp_int *a, mp_digit k); /* a = 2^k */ -int s_mp_cmp(mp_int *a, mp_int *b); /* magnitude comparison */ -int s_mp_cmp_d(mp_int *a, mp_digit d); /* magnitude digit compare */ -int s_mp_ispow2(mp_int *v); /* is v a power of 2? */ -int s_mp_ispow2d(mp_digit d); /* is d a power of 2? */ +static mp_err s_mp_div(mp_int *a, mp_int *b); /* magnitude divide */ +static mp_err s_mp_2expt(mp_int *a, mp_digit k); /* a = 2^k */ +static int s_mp_cmp(mp_int *a, mp_int *b); /* magnitude comparison */ +static int s_mp_cmp_d(mp_int *a, mp_digit d); /* magnitude digit compare */ +static int s_mp_ispow2(mp_int *v); /* is v a power of 2? */ +static int s_mp_ispow2d(mp_digit d); /* is d a power of 2? */ -int s_mp_tovalue(char ch, int r); /* convert ch to value */ +static int s_mp_tovalue(char ch, int r); /* convert ch to value */ char s_mp_todigit(int val, int r, int low); /* convert val to digit */ -int s_mp_outlen(int bits, int r); /* output length in bytes */ +static int s_mp_outlen(int bits, int r); /* output length in bytes */ /* }}} */ @@ -2821,7 +2821,7 @@ const char *mp_strerror(mp_err ec) /* {{{ s_mp_grow(mp, min) */ /* Make sure there are at least 'min' digits allocated to mp */ -mp_err s_mp_grow(mp_int *mp, mp_size min) +static mp_err s_mp_grow(mp_int *mp, mp_size min) { if(min > ALLOC(mp)) { mp_digit *tmp; @@ -2851,7 +2851,7 @@ mp_err s_mp_grow(mp_int *mp, mp_size min) /* {{{ s_mp_pad(mp, min) */ /* Make sure the used size of mp is at least 'min', growing if needed */ -mp_err s_mp_pad(mp_int *mp, mp_size min) +static mp_err s_mp_pad(mp_int *mp, mp_size min) { if(min > USED(mp)) { mp_err res; @@ -2874,7 +2874,7 @@ mp_err s_mp_pad(mp_int *mp, mp_size min) #if MP_MACRO == 0 /* Set 'count' digits pointed to by dp to be zeroes */ -void s_mp_setz(mp_digit *dp, mp_size count) +static void s_mp_setz(mp_digit *dp, mp_size count) { #if MP_MEMSET == 0 int ix; @@ -2894,7 +2894,7 @@ void s_mp_setz(mp_digit *dp, mp_size count) #if MP_MACRO == 0 /* Copy 'count' digits from sp to dp */ -void s_mp_copy(mp_digit *sp, mp_digit *dp, mp_size count) +static void s_mp_copy(mp_digit *sp, mp_digit *dp, mp_size count) { #if MP_MEMCPY == 0 int ix; @@ -2914,7 +2914,7 @@ void s_mp_copy(mp_digit *sp, mp_digit *dp, mp_size count) #if MP_MACRO == 0 /* Allocate ni records of nb bytes each, and return a pointer to that */ -void *s_mp_alloc(size_t nb, size_t ni) +static void *s_mp_alloc(size_t nb, size_t ni) { return XCALLOC(nb, ni); @@ -2927,7 +2927,7 @@ void *s_mp_alloc(size_t nb, size_t ni) #if MP_MACRO == 0 /* Free the memory pointed to by ptr */ -void s_mp_free(void *ptr) +static void s_mp_free(void *ptr) { if(ptr) XFREE(ptr); @@ -2940,7 +2940,7 @@ void s_mp_free(void *ptr) /* {{{ s_mp_clamp(mp) */ /* Remove leading zeroes from the given value */ -void s_mp_clamp(mp_int *mp) +static void s_mp_clamp(mp_int *mp) { mp_size du = USED(mp); mp_digit *zp = DIGITS(mp) + du - 1; @@ -2958,7 +2958,7 @@ void s_mp_clamp(mp_int *mp) /* {{{ s_mp_exch(a, b) */ /* Exchange the data for a and b; (b, a) = (a, b) */ -void s_mp_exch(mp_int *a, mp_int *b) +static void s_mp_exch(mp_int *a, mp_int *b) { mp_int tmp; @@ -2982,7 +2982,7 @@ void s_mp_exch(mp_int *a, mp_int *b) alternative to multiplication by powers of the radix */ -mp_err s_mp_lshd(mp_int *mp, mp_size p) +static mp_err s_mp_lshd(mp_int *mp, mp_size p) { mp_err res; mp_size pos; @@ -3020,7 +3020,7 @@ mp_err s_mp_lshd(mp_int *mp, mp_size p) end are lost. Cannot fail. */ -void s_mp_rshd(mp_int *mp, mp_size p) +static void s_mp_rshd(mp_int *mp, mp_size p) { mp_size ix; mp_digit *dp; @@ -3058,7 +3058,7 @@ void s_mp_rshd(mp_int *mp, mp_size p) /* {{{ s_mp_div_2(mp) */ /* Divide by two -- take advantage of radix properties to do it fast */ -void s_mp_div_2(mp_int *mp) +static void s_mp_div_2(mp_int *mp) { s_mp_div_2d(mp, 1); @@ -3068,7 +3068,7 @@ void s_mp_div_2(mp_int *mp) /* {{{ s_mp_mul_2(mp) */ -mp_err s_mp_mul_2(mp_int *mp) +static mp_err s_mp_mul_2(mp_int *mp) { int ix; mp_digit kin = 0, kout, *dp = DIGITS(mp); @@ -3107,7 +3107,7 @@ mp_err s_mp_mul_2(mp_int *mp) amounts to a bitwise AND of the value, and does not require the full division code */ -void s_mp_mod_2d(mp_int *mp, mp_digit d) +static void s_mp_mod_2d(mp_int *mp, mp_digit d) { unsigned int ndig = (d / DIGIT_BIT), nbit = (d % DIGIT_BIT); unsigned int ix; @@ -3121,15 +3121,10 @@ void s_mp_mod_2d(mp_int *mp, mp_digit d) dp[ndig] &= dmask; /* Flush all digits above the one with 2^d in it */ - -/* for(ix = ndig + 1; ix < USED(mp); ix++) dp[ix] = 0; s_mp_clamp(mp); -*/ - USED(mp) = ndig; - } /* end s_mp_mod_2d() */ /* }}} */ @@ -3141,7 +3136,7 @@ void s_mp_mod_2d(mp_int *mp, mp_digit d) amounts to a bitwise shift of the value, and does not require the full multiplication code. */ -mp_err s_mp_mul_2d(mp_int *mp, mp_digit d) +static mp_err s_mp_mul_2d(mp_int *mp, mp_digit d) { mp_err res; mp_digit save, next, mask, *dp; @@ -3194,7 +3189,7 @@ mp_err s_mp_mul_2d(mp_int *mp, mp_digit d) amounts to a bitwise shift of the value, and does not require the full division code (used in Barrett reduction, see below) */ -void s_mp_div_2d(mp_int *mp, mp_digit d) +static void s_mp_div_2d(mp_int *mp, mp_digit d) { int ix; mp_digit save, next, mask, *dp = DIGITS(mp); @@ -3261,7 +3256,7 @@ mp_digit s_mp_norm(mp_int *a, mp_int *b) /* {{{ s_mp_add_d(mp, d) */ /* Add d to |mp| in place */ -mp_err s_mp_add_d(mp_int *mp, mp_digit d) /* unsigned digit addition */ +static mp_err s_mp_add_d(mp_int *mp, mp_digit d) /* unsigned digit addition */ { mp_word w, k = 0; mp_size ix = 1, used = USED(mp); @@ -3296,7 +3291,7 @@ mp_err s_mp_add_d(mp_int *mp, mp_digit d) /* unsigned digit addition */ /* {{{ s_mp_sub_d(mp, d) */ /* Subtract d from |mp| in place, assumes |mp| > d */ -mp_err s_mp_sub_d(mp_int *mp, mp_digit d) /* unsigned digit subtract */ +static mp_err s_mp_sub_d(mp_int *mp, mp_digit d) /* unsigned digit subtract */ { mp_word w, b = 0; mp_size ix = 1, used = USED(mp); @@ -3331,7 +3326,7 @@ mp_err s_mp_sub_d(mp_int *mp, mp_digit d) /* unsigned digit subtract */ /* {{{ s_mp_mul_d(a, d) */ /* Compute a = a * d, single digit multiplication */ -mp_err s_mp_mul_d(mp_int *a, mp_digit d) +static mp_err s_mp_mul_d(mp_int *a, mp_digit d) { mp_word w, k = 0; mp_size ix, max; @@ -3385,7 +3380,7 @@ mp_err s_mp_mul_d(mp_int *a, mp_digit d) single digit d. If r is null, the remainder will be discarded. */ -mp_err s_mp_div_d(mp_int *mp, mp_digit d, mp_digit *r) +static mp_err s_mp_div_d(mp_int *mp, mp_digit d, mp_digit *r) { mp_word w = 0, t; mp_int quot; @@ -3438,7 +3433,7 @@ mp_err s_mp_div_d(mp_int *mp, mp_digit d, mp_digit *r) /* {{{ s_mp_add(a, b) */ /* Compute a = |a| + |b| */ -mp_err s_mp_add(mp_int *a, mp_int *b) /* magnitude addition */ +static mp_err s_mp_add(mp_int *a, mp_int *b) /* magnitude addition */ { mp_word w = 0; mp_digit *pa, *pb; @@ -3495,7 +3490,7 @@ mp_err s_mp_add(mp_int *a, mp_int *b) /* magnitude addition */ /* {{{ s_mp_sub(a, b) */ /* Compute a = |a| - |b|, assumes |a| >= |b| */ -mp_err s_mp_sub(mp_int *a, mp_int *b) /* magnitude subtract */ +static mp_err s_mp_sub(mp_int *a, mp_int *b) /* magnitude subtract */ { mp_word w = 0; mp_digit *pa, *pb; @@ -3544,7 +3539,7 @@ mp_err s_mp_sub(mp_int *a, mp_int *b) /* magnitude subtract */ /* {{{ s_mp_mul(a, b) */ /* Compute a = |a| * |b| */ -mp_err s_mp_mul(mp_int *a, mp_int *b) +static mp_err s_mp_mul(mp_int *a, mp_int *b) { mp_word w, k = 0; mp_int tmp; @@ -3591,7 +3586,7 @@ mp_err s_mp_mul(mp_int *a, mp_int *b) } /* end s_mp_mul() */ /* Compute a = |a| * |b| max of digs digits */ -mp_err s_mp_mul_dig(mp_int *a, mp_int *b, int digs) +static mp_err s_mp_mul_dig(mp_int *a, mp_int *b, int digs) { mp_word w, k = 0; mp_int tmp; @@ -3610,6 +3605,9 @@ mp_err s_mp_mul_dig(mp_int *a, mp_int *b, int digs) /* Outer loop: Digits of b */ + ub = MIN(digs, (int)ub); + ua = MIN(digs, (int)ua); + pb = DIGITS(b); for(ix = 0; ix < ub; ++ix, ++pb) { if(*pb == 0) @@ -3645,7 +3643,7 @@ mp_err s_mp_mul_dig(mp_int *a, mp_int *b, int digs) /* {{{ s_mp_kmul(a, b, out, len) */ #if 0 -void s_mp_kmul(mp_digit *a, mp_digit *b, mp_digit *out, mp_size len) +static void s_mp_kmul(mp_digit *a, mp_digit *b, mp_digit *out, mp_size len) { mp_word w, k = 0; mp_size ix, jx; @@ -3682,7 +3680,7 @@ void s_mp_kmul(mp_digit *a, mp_digit *b, mp_digit *out, mp_size len) iterations of the multiplication loop. */ #if MP_SQUARE -mp_err s_mp_sqr(mp_int *a) +static mp_err s_mp_sqr(mp_int *a) { mp_word w, k = 0; mp_int tmp; @@ -3797,7 +3795,7 @@ mp_err s_mp_sqr(mp_int *a) Compute a = a / b and b = a mod b. Assumes b > a. */ -mp_err s_mp_div(mp_int *a, mp_int *b) +static mp_err s_mp_div(mp_int *a, mp_int *b) { mp_int quot, rem, t; mp_word q; @@ -3920,7 +3918,7 @@ T: /* {{{ s_mp_2expt(a, k) */ -mp_err s_mp_2expt(mp_int *a, mp_digit k) +static mp_err s_mp_2expt(mp_int *a, mp_digit k) { mp_err res; mp_size dig, bit; @@ -3955,7 +3953,7 @@ mp_err s_mp_2expt(mp_int *a, mp_digit k) pp. 603-604. */ -mp_err s_mp_reduce(mp_int *x, mp_int *m, mp_int *mu) +static mp_err s_mp_reduce(mp_int *x, mp_int *m, mp_int *mu) { mp_int q; mp_err res; @@ -4010,7 +4008,7 @@ mp_err s_mp_reduce(mp_int *x, mp_int *m, mp_int *mu) /* {{{ s_mp_cmp(a, b) */ /* Compare |a| <=> |b|, return 0 if equal, <0 if a0 if a>b */ -int s_mp_cmp(mp_int *a, mp_int *b) +static int s_mp_cmp(mp_int *a, mp_int *b) { mp_size ua = USED(a), ub = USED(b); @@ -4041,7 +4039,7 @@ int s_mp_cmp(mp_int *a, mp_int *b) /* {{{ s_mp_cmp_d(a, d) */ /* Compare |a| <=> d, return 0 if equal, <0 if a0 if a>d */ -int s_mp_cmp_d(mp_int *a, mp_digit d) +static int s_mp_cmp_d(mp_int *a, mp_digit d) { mp_size ua = USED(a); mp_digit *ap = DIGITS(a); @@ -4066,7 +4064,7 @@ int s_mp_cmp_d(mp_int *a, mp_digit d) Returns -1 if the value is not a power of two; otherwise, it returns k such that v = 2^k, i.e. lg(v). */ -int s_mp_ispow2(mp_int *v) +static int s_mp_ispow2(mp_int *v) { mp_digit d, *dp; mp_size uv = USED(v); @@ -4101,7 +4099,7 @@ int s_mp_ispow2(mp_int *v) /* {{{ s_mp_ispow2d(d) */ -int s_mp_ispow2d(mp_digit d) +static int s_mp_ispow2d(mp_digit d) { int pow = 0; @@ -4132,7 +4130,7 @@ int s_mp_ispow2d(mp_digit d) The results will be odd if you use a radix < 2 or > 62, you are expected to know what you're up to. */ -int s_mp_tovalue(char ch, int r) +static int s_mp_tovalue(char ch, int r) { int val, xch; @@ -4200,7 +4198,7 @@ char s_mp_todigit(int val, int r, int low) Does not include space for a sign or a NUL terminator. */ -int s_mp_outlen(int bits, int r) +static int s_mp_outlen(int bits, int r) { return (int)((double)bits * LOG_V_2(r)); diff --git a/mpi.h b/mpi.h index afe2486..e19ecf8 100644 --- a/mpi.h +++ b/mpi.h @@ -151,9 +151,6 @@ mp_err mp_sqrmod(mp_int *a, mp_int *m, mp_int *c); #define mp_sqrmod(a, m, c) mp_mulmod(a, a, m, c) #endif mp_err mp_exptmod(mp_int *a, mp_int *b, mp_int *m, mp_int *c); -mp_err s_mp_reduce(mp_int *x, mp_int *m, mp_int *mu); -mp_err s_mp_lshd(mp_int *mp, mp_size p); -mp_err s_mp_mul_dig(mp_int *a, mp_int *b, int digs); mp_err mp_exptmod_d(mp_int *a, mp_digit d, mp_int *m, mp_int *c); #endif /* MP_MODARITH */ diff --git a/mpi.old b/mpi.old new file mode 100644 index 0000000..6307cab --- /dev/null +++ b/mpi.old @@ -0,0 +1,4216 @@ + /* + mpi.c + + by Michael J. Fromberger + Copyright (C) 1998 Michael J. Fromberger, All Rights Reserved + + Arbitrary precision integer arithmetic library + + $Id: mpi.c,v 1.22 2001/09/14 15:11:20 sting Exp sting $ + */ + +#include +#include +#include +#include + +#include "mycrypt.h" + +#ifdef MPI + +#if MP_DEBUG +#include + +#define DIAG(T,V) {fprintf(stderr,T);mp_print(V,stderr);fputc('\n',stderr);} +#else +#define DIAG(T,V) +#endif + +/* + If MP_LOGTAB is not defined, use the math library to compute the + logarithms on the fly. Otherwise, use the static table below. + Pick which works best for your system. + */ +#if MP_LOGTAB + +/* {{{ s_logv_2[] - log table for 2 in various bases */ + +/* + A table of the logs of 2 for various bases (the 0 and 1 entries of + this table are meaningless and should not be referenced). + + This table is used to compute output lengths for the mp_toradix() + function. Since a number n in radix r takes up about log_r(n) + digits, we estimate the output size by taking the least integer + greater than log_r(n), where: + + log_r(n) = log_2(n) * log_r(2) + + This table, therefore, is a table of log_r(2) for 2 <= r <= 36, + which are the output bases supported. + */ +const float s_logv_2[] = { + 0.000000000, 0.000000000, 1.000000000, 0.630929754, /* 0 1 2 3 */ + 0.500000000, 0.430676558, 0.386852807, 0.356207187, /* 4 5 6 7 */ + 0.333333333, 0.315464877, 0.301029996, 0.289064826, /* 8 9 10 11 */ + 0.278942946, 0.270238154, 0.262649535, 0.255958025, /* 12 13 14 15 */ + 0.250000000, 0.244650542, 0.239812467, 0.235408913, /* 16 17 18 19 */ + 0.231378213, 0.227670249, 0.224243824, 0.221064729, /* 20 21 22 23 */ + 0.218104292, 0.215338279, 0.212746054, 0.210309918, /* 24 25 26 27 */ + 0.208014598, 0.205846832, 0.203795047, 0.201849087, /* 28 29 30 31 */ + 0.200000000, 0.198239863, 0.196561632, 0.194959022, /* 32 33 34 35 */ + 0.193426404, 0.191958720, 0.190551412, 0.189200360, /* 36 37 38 39 */ + 0.187901825, 0.186652411, 0.185449023, 0.184288833, /* 40 41 42 43 */ + 0.183169251, 0.182087900, 0.181042597, 0.180031327, /* 44 45 46 47 */ + 0.179052232, 0.178103594, 0.177183820, 0.176291434, /* 48 49 50 51 */ + 0.175425064, 0.174583430, 0.173765343, 0.172969690, /* 52 53 54 55 */ + 0.172195434, 0.171441601, 0.170707280, 0.169991616, /* 56 57 58 59 */ + 0.169293808, 0.168613099, 0.167948779, 0.167300179, /* 60 61 62 63 */ + 0.166666667 +}; +/* }}} */ +#define LOG_V_2(R) s_logv_2[(R)] + +#else + +#include +#define LOG_V_2(R) (log(2.0)/log(R)) + +#endif + +/* Default precision for newly created mp_int's */ +static unsigned static int s_mp_defprec = MP_DEFPREC; + +/* {{{ Digit arithmetic macros */ + +/* + When adding and multiplying digits, the results can be larger than + can be contained in an mp_digit. Thus, an mp_word is used. These + macros mask off the upper and lower digits of the mp_word (the + mp_word may be more than 2 mp_digits wide, but we only concern + ourselves with the low-order 2 mp_digits) + + If your mp_word DOES have more than 2 mp_digits, you need to + uncomment the first line, and comment out the second. + */ + +/* #define CARRYOUT(W) (((W)>>DIGIT_BIT)&MP_DIGIT_MAX) */ +#define CARRYOUT(W) ((W)>>DIGIT_BIT) +#define ACCUM(W) ((W)&MP_DIGIT_MAX) + +/* }}} */ + +/* {{{ Comparison constants */ + + +/* }}} */ + +/* {{{ Constant strings */ + +/* Constant strings returned by mp_strerror() */ +static const char *mp_err_string[] = { + "unknown result code", /* say what? */ + "boolean true", /* MP_OKAY, MP_YES */ + "boolean false", /* MP_NO */ + "out of memory", /* MP_MEM */ + "argument out of range", /* MP_RANGE */ + "invalid input parameter", /* MP_BADARG */ + "result is undefined" /* MP_UNDEF */ +}; + +/* Value to digit maps for radix conversion */ + +/* s_dmap_1 - standard digits and letters */ +static const char *s_dmap_1 = + "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz+/"; + +#if 0 +/* s_dmap_2 - base64 ordering for digits */ +static const char *s_dmap_2 = + "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/"; +#endif + +/* }}} */ + +/* {{{ Static function declarations */ + +/* + If MP_MACRO is false, these will be defined as actual functions; + otherwise, suitable macro definitions will be used. This works + around the fact that ANSI C89 doesn't support an 'inline' keyword + (although I hear C9x will ... about bloody time). At present, the + macro definitions are identical to the function bodies, but they'll + expand in place, instead of generating a function call. + + I chose these particular functions to be made into macros because + some profiling showed they are called a lot on a typical workload, + and yet they are primarily housekeeping. + */ +#if MP_MACRO == 0 + void s_mp_setz(mp_digit *dp, mp_size count); /* zero digits */ + void s_mp_copy(mp_digit *sp, mp_digit *dp, mp_size count); /* copy */ + void *s_mp_alloc(size_t nb, size_t ni); /* general allocator */ + void s_mp_free(void *ptr); /* general free function */ +#else + + /* Even if these are defined as macros, we need to respect the settings + of the MP_MEMSET and MP_MEMCPY configuration options... + */ + #if MP_MEMSET == 0 + #define s_mp_setz(dp, count) \ + {int ix;for(ix=0;ix<(count);ix++)(dp)[ix]=0;} + #else + #define s_mp_setz(dp, count) memset(dp, 0, (count) * sizeof(mp_digit)) + #endif /* MP_MEMSET */ + + #if MP_MEMCPY == 0 + #define s_mp_copy(sp, dp, count) \ + {int ix;for(ix=0;ix<(count);ix++)(dp)[ix]=(sp)[ix];} + #else + #define s_mp_copy(sp, dp, count) memcpy(dp, sp, (count) * sizeof(mp_digit)) + #endif /* MP_MEMCPY */ + + #define s_mp_alloc(nb, ni) XCALLOC(nb, ni) + #define s_mp_free(ptr) {if(ptr) XFREE(ptr);} +#endif /* MP_MACRO */ + +static mp_err s_mp_grow(mp_int *mp, mp_size min); /* increase allocated size */ +static mp_err s_mp_pad(mp_int *mp, mp_size min); /* left pad with zeroes */ + +void s_mp_clamp(mp_int *mp); /* clip leading zeroes */ + +void s_mp_exch(mp_int *a, mp_int *b); /* swap a and b in place */ + +static mp_err s_mp_lshd(mp_int *mp, mp_size p); /* left-shift by p digits */ +void s_mp_rshd(mp_int *mp, mp_size p); /* right-shift by p digits */ +void s_mp_div_2d(mp_int *mp, mp_digit d); /* divide by 2^d in place */ +void s_mp_mod_2d(mp_int *mp, mp_digit d); /* modulo 2^d in place */ +static mp_err s_mp_mul_2d(mp_int *mp, mp_digit d); /* multiply by 2^d in place*/ +void s_mp_div_2(mp_int *mp); /* divide by 2 in place */ +static mp_err s_mp_mul_2(mp_int *mp); /* multiply by 2 in place */ +mp_digit s_mp_norm(mp_int *a, mp_int *b); /* normalize for division */ +static mp_err s_mp_add_d(mp_int *mp, mp_digit d); /* unsigned digit addition */ +static mp_err s_mp_sub_d(mp_int *mp, mp_digit d); /* unsigned digit subtract */ +static mp_err s_mp_mul_d(mp_int *mp, mp_digit d); /* unsigned digit multiply */ +static mp_err s_mp_div_d(mp_int *mp, mp_digit d, mp_digit *r); + /* unsigned digit divide */ +static mp_err s_mp_reduce(mp_int *x, mp_int *m, mp_int *mu); + /* Barrett reduction */ +static mp_err s_mp_add(mp_int *a, mp_int *b); /* magnitude addition */ +static mp_err s_mp_sub(mp_int *a, mp_int *b); /* magnitude subtract */ +static mp_err s_mp_mul(mp_int *a, mp_int *b); /* magnitude multiply */ +#if 0 +void s_mp_kmul(mp_digit *a, mp_digit *b, mp_digit *out, mp_size len); + /* multiply buffers in place */ +#endif +#if MP_SQUARE +static mp_err s_mp_sqr(mp_int *a); /* magnitude square */ +#else +#define s_mp_sqr(a) s_mp_mul(a, a) +#endif +static mp_err s_mp_div(mp_int *a, mp_int *b); /* magnitude divide */ +static mp_err s_mp_2expt(mp_int *a, mp_digit k); /* a = 2^k */ +static int s_mp_cmp(mp_int *a, mp_int *b); /* magnitude comparison */ +static int s_mp_cmp_d(mp_int *a, mp_digit d); /* magnitude digit compare */ +static int s_mp_ispow2(mp_int *v); /* is v a power of 2? */ +static int s_mp_ispow2d(mp_digit d); /* is d a power of 2? */ + +static int s_mp_tovalue(char ch, int r); /* convert ch to value */ +char s_mp_todigit(int val, int r, int low); /* convert val to digit */ +static int s_mp_outlen(int bits, int r); /* output length in bytes */ + +/* }}} */ + +/* {{{ Default precision manipulation */ + +unsigned int mp_get_prec(void) +{ + return s_mp_defprec; + +} /* end mp_get_prec() */ + +void mp_set_prec(unsigned int prec) +{ + if(prec == 0) + s_mp_defprec = MP_DEFPREC; + else + s_mp_defprec = prec; + +} /* end mp_set_prec() */ + +/* }}} */ + +/*------------------------------------------------------------------------*/ +/* {{{ mp_init(mp) */ + +/* + mp_init(mp) + + Initialize a new zero-valued mp_int. Returns MP_OKAY if successful, + MP_MEM if memory could not be allocated for the structure. + */ + +mp_err mp_init(mp_int *mp) +{ + return mp_init_size(mp, s_mp_defprec); + +} /* end mp_init() */ + +/* }}} */ + +/* {{{ mp_init_array(mp[], count) */ + +mp_err mp_init_array(mp_int mp[], int count) +{ + mp_err res; + int pos; + + ARGCHK(mp !=NULL && count > 0, MP_BADARG); + + for(pos = 0; pos < count; ++pos) { + if((res = mp_init(&mp[pos])) != MP_OKAY) + goto CLEANUP; + } + + return MP_OKAY; + + CLEANUP: + while(--pos >= 0) + mp_clear(&mp[pos]); + + return res; + +} /* end mp_init_array() */ + +/* }}} */ + +/* {{{ mp_init_size(mp, prec) */ + +/* + mp_init_size(mp, prec) + + Initialize a new zero-valued mp_int with at least the given + precision; returns MP_OKAY if successful, or MP_MEM if memory could + not be allocated for the structure. + */ + +mp_err mp_init_size(mp_int *mp, mp_size prec) +{ + ARGCHK(mp != NULL && prec > 0, MP_BADARG); + + if((DIGITS(mp) = s_mp_alloc(prec, sizeof(mp_digit))) == NULL) + return MP_MEM; + + SIGN(mp) = MP_ZPOS; + USED(mp) = 1; + ALLOC(mp) = prec; + + return MP_OKAY; + +} /* end mp_init_size() */ + +/* }}} */ + +/* {{{ mp_init_copy(mp, from) */ + +/* + mp_init_copy(mp, from) + + Initialize mp as an exact copy of from. Returns MP_OKAY if + successful, MP_MEM if memory could not be allocated for the new + structure. + */ + +mp_err mp_init_copy(mp_int *mp, mp_int *from) +{ + ARGCHK(mp != NULL && from != NULL, MP_BADARG); + + if(mp == from) + return MP_OKAY; + + if((DIGITS(mp) = s_mp_alloc(USED(from), sizeof(mp_digit))) == NULL) + return MP_MEM; + + s_mp_copy(DIGITS(from), DIGITS(mp), USED(from)); + USED(mp) = USED(from); + ALLOC(mp) = USED(from); + SIGN(mp) = SIGN(from); + + return MP_OKAY; + +} /* end mp_init_copy() */ + +/* }}} */ + +/* {{{ mp_copy(from, to) */ + +/* + mp_copy(from, to) + + Copies the mp_int 'from' to the mp_int 'to'. It is presumed that + 'to' has already been initialized (if not, use mp_init_copy() + instead). If 'from' and 'to' are identical, nothing happens. + */ + +mp_err mp_copy(mp_int *from, mp_int *to) +{ + ARGCHK(from != NULL && to != NULL, MP_BADARG); + + if(from == to) + return MP_OKAY; + + { /* copy */ + mp_digit *tmp; + + /* + If the allocated buffer in 'to' already has enough space to hold + all the used digits of 'from', we'll re-use it to avoid hitting + the memory allocater more than necessary; otherwise, we'd have + to grow anyway, so we just allocate a hunk and make the copy as + usual + */ + if(ALLOC(to) >= USED(from)) { + s_mp_setz(DIGITS(to) + USED(from), ALLOC(to) - USED(from)); + s_mp_copy(DIGITS(from), DIGITS(to), USED(from)); + + } else { + if((tmp = s_mp_alloc(USED(from), sizeof(mp_digit))) == NULL) + return MP_MEM; + + s_mp_copy(DIGITS(from), tmp, USED(from)); + + if(DIGITS(to) != NULL) { +#if MP_CRYPTO + s_mp_setz(DIGITS(to), ALLOC(to)); +#endif + s_mp_free(DIGITS(to)); + } + + DIGITS(to) = tmp; + ALLOC(to) = USED(from); + } + + /* Copy the precision and sign from the original */ + USED(to) = USED(from); + SIGN(to) = SIGN(from); + } /* end copy */ + + return MP_OKAY; + +} /* end mp_copy() */ + +/* }}} */ + +/* {{{ mp_exch(mp1, mp2) */ + +/* + mp_exch(mp1, mp2) + + Exchange mp1 and mp2 without allocating any intermediate memory + (well, unless you count the stack space needed for this call and the + locals it creates...). This cannot fail. + */ + +void mp_exch(mp_int *mp1, mp_int *mp2) +{ +#if MP_ARGCHK == 2 + assert(mp1 != NULL && mp2 != NULL); +#else + if(mp1 == NULL || mp2 == NULL) + return; +#endif + + s_mp_exch(mp1, mp2); + +} /* end mp_exch() */ + +/* }}} */ + +/* {{{ mp_clear(mp) */ + +/* + mp_clear(mp) + + Release the storage used by an mp_int, and void its fields so that + if someone calls mp_clear() again for the same int later, we won't + get tollchocked. + */ + +void mp_clear(mp_int *mp) +{ + if(mp == NULL) + return; + + if(DIGITS(mp) != NULL) { +#if MP_CRYPTO + s_mp_setz(DIGITS(mp), ALLOC(mp)); +#endif + s_mp_free(DIGITS(mp)); + DIGITS(mp) = NULL; + } + + USED(mp) = 0; + ALLOC(mp) = 0; + +} /* end mp_clear() */ + +/* }}} */ + +/* {{{ mp_clear_array(mp[], count) */ + +void mp_clear_array(mp_int mp[], int count) +{ +// ARGCHK(mp != NULL && count > 0, MP_BADARG); + + while(--count >= 0) + mp_clear(&mp[count]); + +} /* end mp_clear_array() */ + +/* }}} */ + +/* {{{ mp_zero(mp) */ + +/* + mp_zero(mp) + + Set mp to zero. Does not change the allocated size of the structure, + and therefore cannot fail (except on a bad argument, which we ignore) + */ +void mp_zero(mp_int *mp) +{ + if(mp == NULL) + return; + + s_mp_setz(DIGITS(mp), ALLOC(mp)); + USED(mp) = 1; + SIGN(mp) = MP_ZPOS; + +} /* end mp_zero() */ + +/* }}} */ + +/* {{{ mp_set(mp, d) */ + +void mp_set(mp_int *mp, mp_digit d) +{ + if(mp == NULL) + return; + + mp_zero(mp); + DIGIT(mp, 0) = d; + +} /* end mp_set() */ + +/* }}} */ + +/* {{{ mp_set_int(mp, z) */ + +mp_err mp_set_int(mp_int *mp, long z) +{ + int ix; + unsigned long v = abs(z); + mp_err res; + + ARGCHK(mp != NULL, MP_BADARG); + + mp_zero(mp); + if(z == 0) + return MP_OKAY; /* shortcut for zero */ + + for(ix = sizeof(long) - 1; ix >= 0; ix--) { + +/* --- bug in MSVC [first release] */ + if (ix == -1) break; +/* --- end of fix */ + + if((res = s_mp_mul_2d(mp, CHAR_BIT)) != MP_OKAY) + return res; + + res = s_mp_add_d(mp, + (mp_digit)((v >> (ix * CHAR_BIT)) & UCHAR_MAX)); + if(res != MP_OKAY) + return res; + } + + if(z < 0) + SIGN(mp) = MP_NEG; + + return MP_OKAY; + +} /* end mp_set_int() */ + +/* }}} */ + +/*------------------------------------------------------------------------*/ +/* {{{ Digit arithmetic */ + +/* {{{ mp_add_d(a, d, b) */ + +/* + mp_add_d(a, d, b) + + Compute the sum b = a + d, for a single digit d. Respects the sign of + its primary addend (single digits are unsigned anyway). + */ + +mp_err mp_add_d(mp_int *a, mp_digit d, mp_int *b) +{ + mp_err res = MP_OKAY; + + ARGCHK(a != NULL && b != NULL, MP_BADARG); + + if((res = mp_copy(a, b)) != MP_OKAY) + return res; + + if(SIGN(b) == MP_ZPOS) { + res = s_mp_add_d(b, d); + } else if(s_mp_cmp_d(b, d) >= 0) { + res = s_mp_sub_d(b, d); + } else { + SIGN(b) = MP_ZPOS; + + DIGIT(b, 0) = d - DIGIT(b, 0); + } + + return res; + +} /* end mp_add_d() */ + +/* }}} */ + +/* {{{ mp_sub_d(a, d, b) */ + +/* + mp_sub_d(a, d, b) + + Compute the difference b = a - d, for a single digit d. Respects the + sign of its subtrahend (single digits are unsigned anyway). + */ + +mp_err mp_sub_d(mp_int *a, mp_digit d, mp_int *b) +{ + mp_err res; + + ARGCHK(a != NULL && b != NULL, MP_BADARG); + + if((res = mp_copy(a, b)) != MP_OKAY) + return res; + + if(SIGN(b) == MP_NEG) { + if((res = s_mp_add_d(b, d)) != MP_OKAY) + return res; + + } else if(s_mp_cmp_d(b, d) >= 0) { + if((res = s_mp_sub_d(b, d)) != MP_OKAY) + return res; + + } else { + mp_neg(b, b); + + DIGIT(b, 0) = d - DIGIT(b, 0); + SIGN(b) = MP_NEG; + } + + if(s_mp_cmp_d(b, 0) == 0) + SIGN(b) = MP_ZPOS; + + return MP_OKAY; + +} /* end mp_sub_d() */ + +/* }}} */ + +/* {{{ mp_mul_d(a, d, b) */ + +/* + mp_mul_d(a, d, b) + + Compute the product b = a * d, for a single digit d. Respects the sign + of its multiplicand (single digits are unsigned anyway) + */ + +mp_err mp_mul_d(mp_int *a, mp_digit d, mp_int *b) +{ + mp_err res; + + ARGCHK(a != NULL && b != NULL, MP_BADARG); + + if(d == 0) { + mp_zero(b); + return MP_OKAY; + } + + if((res = mp_copy(a, b)) != MP_OKAY) + return res; + + res = s_mp_mul_d(b, d); + + return res; + +} /* end mp_mul_d() */ + +/* }}} */ + +/* {{{ mp_mul_2(a, c) */ + +mp_err mp_mul_2(mp_int *a, mp_int *c) +{ + mp_err res; + + ARGCHK(a != NULL && c != NULL, MP_BADARG); + + if((res = mp_copy(a, c)) != MP_OKAY) + return res; + + return s_mp_mul_2(c); + +} /* end mp_mul_2() */ + +/* }}} */ + +/* {{{ mp_div_d(a, d, q, r) */ + +/* + mp_div_d(a, d, q, r) + + Compute the quotient q = a / d and remainder r = a mod d, for a + single digit d. Respects the sign of its divisor (single digits are + unsigned anyway). + */ + +mp_err mp_div_d(mp_int *a, mp_digit d, mp_int *q, mp_digit *r) +{ + mp_err res; + mp_digit rem; + int pow; + + ARGCHK(a != NULL, MP_BADARG); + + if(d == 0) + return MP_RANGE; + + /* Shortcut for powers of two ... */ + if((pow = s_mp_ispow2d(d)) >= 0) { + mp_digit mask; + + mask = (1 << pow) - 1; + rem = DIGIT(a, 0) & mask; + + if(q) { + mp_copy(a, q); + s_mp_div_2d(q, (mp_digit)pow); + } + + if(r) + *r = rem; + + return MP_OKAY; + } + + /* + If the quotient is actually going to be returned, we'll try to + avoid hitting the memory allocator by copying the dividend into it + and doing the division there. This can't be any _worse_ than + always copying, and will sometimes be better (since it won't make + another copy) + + If it's not going to be returned, we need to allocate a temporary + to hold the quotient, which will just be discarded. + */ + if(q) { + if((res = mp_copy(a, q)) != MP_OKAY) + return res; + + res = s_mp_div_d(q, d, &rem); + if(s_mp_cmp_d(q, 0) == MP_EQ) + SIGN(q) = MP_ZPOS; + + } else { + mp_int qp; + + if((res = mp_init_copy(&qp, a)) != MP_OKAY) + return res; + + res = s_mp_div_d(&qp, d, &rem); + if(s_mp_cmp_d(&qp, 0) == 0) + SIGN(&qp) = MP_ZPOS; + + mp_clear(&qp); + } + + if(r) + *r = rem; + + return res; + +} /* end mp_div_d() */ + +/* }}} */ + +/* {{{ mp_div_2(a, c) */ + +/* + mp_div_2(a, c) + + Compute c = a / 2, disregarding the remainder. + */ + +mp_err mp_div_2(mp_int *a, mp_int *c) +{ + mp_err res; + + ARGCHK(a != NULL && c != NULL, MP_BADARG); + + if((res = mp_copy(a, c)) != MP_OKAY) + return res; + + s_mp_div_2(c); + + return MP_OKAY; + +} /* end mp_div_2() */ + +/* }}} */ + +/* {{{ mp_expt_d(a, d, b) */ + +mp_err mp_expt_d(mp_int *a, mp_digit d, mp_int *c) +{ + mp_int s, x; + mp_err res; + + ARGCHK(a != NULL && c != NULL, MP_BADARG); + + if((res = mp_init(&s)) != MP_OKAY) + return res; + if((res = mp_init_copy(&x, a)) != MP_OKAY) + goto X; + + DIGIT(&s, 0) = 1; + + while(d != 0) { + if(d & 1) { + if((res = s_mp_mul(&s, &x)) != MP_OKAY) + goto CLEANUP; + } + + d >>= 1; + + if((res = s_mp_sqr(&x)) != MP_OKAY) + goto CLEANUP; + } + + s_mp_exch(&s, c); + +CLEANUP: + mp_clear(&x); +X: + mp_clear(&s); + + return res; + +} /* end mp_expt_d() */ + +/* }}} */ + +/* }}} */ + +/*------------------------------------------------------------------------*/ +/* {{{ Full arithmetic */ + +/* {{{ mp_abs(a, b) */ + +/* + mp_abs(a, b) + + Compute b = |a|. 'a' and 'b' may be identical. + */ + +mp_err mp_abs(mp_int *a, mp_int *b) +{ + mp_err res; + + ARGCHK(a != NULL && b != NULL, MP_BADARG); + + if((res = mp_copy(a, b)) != MP_OKAY) + return res; + + SIGN(b) = MP_ZPOS; + + return MP_OKAY; + +} /* end mp_abs() */ + +/* }}} */ + +/* {{{ mp_neg(a, b) */ + +/* + mp_neg(a, b) + + Compute b = -a. 'a' and 'b' may be identical. + */ + +mp_err mp_neg(mp_int *a, mp_int *b) +{ + mp_err res; + + ARGCHK(a != NULL && b != NULL, MP_BADARG); + + if((res = mp_copy(a, b)) != MP_OKAY) + return res; + + if(s_mp_cmp_d(b, 0) == MP_EQ) + SIGN(b) = MP_ZPOS; + else + SIGN(b) = (SIGN(b) == MP_NEG) ? MP_ZPOS : MP_NEG; + + return MP_OKAY; + +} /* end mp_neg() */ + +/* }}} */ + +/* {{{ mp_add(a, b, c) */ + +/* + mp_add(a, b, c) + + Compute c = a + b. All parameters may be identical. + */ + +mp_err mp_add(mp_int *a, mp_int *b, mp_int *c) +{ + mp_err res; + int cmp; + + ARGCHK(a != NULL && b != NULL && c != NULL, MP_BADARG); + + if(SIGN(a) == SIGN(b)) { /* same sign: add values, keep sign */ + + /* Commutativity of addition lets us do this in either order, + so we avoid having to use a temporary even if the result + is supposed to replace the output + */ + if(c == b) { + if((res = s_mp_add(c, a)) != MP_OKAY) + return res; + } else { + if(c != a && (res = mp_copy(a, c)) != MP_OKAY) + return res; + + if((res = s_mp_add(c, b)) != MP_OKAY) + return res; + } + + } else if((cmp = s_mp_cmp(a, b)) > 0) { /* different sign: a > b */ + + /* If the output is going to be clobbered, we will use a temporary + variable; otherwise, we'll do it without touching the memory + allocator at all, if possible + */ + if(c == b) { + mp_int tmp; + + if((res = mp_init_copy(&tmp, a)) != MP_OKAY) + return res; + if((res = s_mp_sub(&tmp, b)) != MP_OKAY) { + mp_clear(&tmp); + return res; + } + + s_mp_exch(&tmp, c); + mp_clear(&tmp); + + } else { + + if(c != a && (res = mp_copy(a, c)) != MP_OKAY) + return res; + if((res = s_mp_sub(c, b)) != MP_OKAY) + return res; + + } + + } else if(cmp == 0) { /* different sign, a == b */ + + mp_zero(c); + return MP_OKAY; + + } else { /* different sign: a < b */ + + /* See above... */ + if(c == a) { + mp_int tmp; + + if((res = mp_init_copy(&tmp, b)) != MP_OKAY) + return res; + if((res = s_mp_sub(&tmp, a)) != MP_OKAY) { + mp_clear(&tmp); + return res; + } + + s_mp_exch(&tmp, c); + mp_clear(&tmp); + + } else { + + if(c != b && (res = mp_copy(b, c)) != MP_OKAY) + return res; + if((res = s_mp_sub(c, a)) != MP_OKAY) + return res; + + } + } + + if(USED(c) == 1 && DIGIT(c, 0) == 0) + SIGN(c) = MP_ZPOS; + + return MP_OKAY; + +} /* end mp_add() */ + +/* }}} */ + +/* {{{ mp_sub(a, b, c) */ + +/* + mp_sub(a, b, c) + + Compute c = a - b. All parameters may be identical. + */ + +mp_err mp_sub(mp_int *a, mp_int *b, mp_int *c) +{ + mp_err res; + int cmp; + + ARGCHK(a != NULL && b != NULL && c != NULL, MP_BADARG); + + if(SIGN(a) != SIGN(b)) { + if(c == a) { + if((res = s_mp_add(c, b)) != MP_OKAY) + return res; + } else { + if(c != b && ((res = mp_copy(b, c)) != MP_OKAY)) + return res; + if((res = s_mp_add(c, a)) != MP_OKAY) + return res; + SIGN(c) = SIGN(a); + } + + } else if((cmp = s_mp_cmp(a, b)) > 0) { /* Same sign, a > b */ + if(c == b) { + mp_int tmp; + + if((res = mp_init_copy(&tmp, a)) != MP_OKAY) + return res; + if((res = s_mp_sub(&tmp, b)) != MP_OKAY) { + mp_clear(&tmp); + return res; + } + s_mp_exch(&tmp, c); + mp_clear(&tmp); + + } else { + if(c != a && ((res = mp_copy(a, c)) != MP_OKAY)) + return res; + + if((res = s_mp_sub(c, b)) != MP_OKAY) + return res; + } + + } else if(cmp == 0) { /* Same sign, equal magnitude */ + mp_zero(c); + return MP_OKAY; + + } else { /* Same sign, b > a */ + if(c == a) { + mp_int tmp; + + if((res = mp_init_copy(&tmp, b)) != MP_OKAY) + return res; + + if((res = s_mp_sub(&tmp, a)) != MP_OKAY) { + mp_clear(&tmp); + return res; + } + s_mp_exch(&tmp, c); + mp_clear(&tmp); + + } else { + if(c != b && ((res = mp_copy(b, c)) != MP_OKAY)) + return res; + + if((res = s_mp_sub(c, a)) != MP_OKAY) + return res; + } + + SIGN(c) = !SIGN(b); + } + + if(USED(c) == 1 && DIGIT(c, 0) == 0) + SIGN(c) = MP_ZPOS; + + return MP_OKAY; + +} /* end mp_sub() */ + +/* }}} */ + +/* {{{ mp_mul(a, b, c) */ + +/* + mp_mul(a, b, c) + + Compute c = a * b. All parameters may be identical. + */ + +mp_err mp_mul(mp_int *a, mp_int *b, mp_int *c) +{ + mp_err res; + mp_sign sgn; + + ARGCHK(a != NULL && b != NULL && c != NULL, MP_BADARG); + + sgn = (SIGN(a) == SIGN(b)) ? MP_ZPOS : MP_NEG; + + if(c == b) { + if((res = s_mp_mul(c, a)) != MP_OKAY) + return res; + + } else { + if((res = mp_copy(a, c)) != MP_OKAY) + return res; + + if((res = s_mp_mul(c, b)) != MP_OKAY) + return res; + } + + if(sgn == MP_ZPOS || s_mp_cmp_d(c, 0) == MP_EQ) + SIGN(c) = MP_ZPOS; + else + SIGN(c) = sgn; + + return MP_OKAY; + +} /* end mp_mul() */ + +/* }}} */ + +/* {{{ mp_mul_2d(a, d, c) */ + +/* + mp_mul_2d(a, d, c) + + Compute c = a * 2^d. a may be the same as c. + */ + +mp_err mp_mul_2d(mp_int *a, mp_digit d, mp_int *c) +{ + mp_err res; + + ARGCHK(a != NULL && c != NULL, MP_BADARG); + + if((res = mp_copy(a, c)) != MP_OKAY) + return res; + + if(d == 0) + return MP_OKAY; + + return s_mp_mul_2d(c, d); + +} /* end mp_mul() */ + +/* }}} */ + +/* {{{ mp_sqr(a, b) */ + +#if MP_SQUARE +mp_err mp_sqr(mp_int *a, mp_int *b) +{ + mp_err res; + + ARGCHK(a != NULL && b != NULL, MP_BADARG); + + if((res = mp_copy(a, b)) != MP_OKAY) + return res; + + if((res = s_mp_sqr(b)) != MP_OKAY) + return res; + + SIGN(b) = MP_ZPOS; + + return MP_OKAY; + +} /* end mp_sqr() */ +#endif + +/* }}} */ + +/* {{{ mp_div(a, b, q, r) */ + +/* + mp_div(a, b, q, r) + + Compute q = a / b and r = a mod b. Input parameters may be re-used + as output parameters. If q or r is NULL, that portion of the + computation will be discarded (although it will still be computed) + + Pay no attention to the hacker behind the curtain. + */ + +mp_err mp_div(mp_int *a, mp_int *b, mp_int *q, mp_int *r) +{ + mp_err res; + mp_int qtmp, rtmp; + int cmp; + + ARGCHK(a != NULL && b != NULL, MP_BADARG); + + if(mp_cmp_z(b) == MP_EQ) + return MP_RANGE; + + /* If a <= b, we can compute the solution without division, and + avoid any memory allocation + */ + if((cmp = s_mp_cmp(a, b)) < 0) { + if(r) { + if((res = mp_copy(a, r)) != MP_OKAY) + return res; + } + + if(q) + mp_zero(q); + + return MP_OKAY; + + } else if(cmp == 0) { + + /* Set quotient to 1, with appropriate sign */ + if(q) { + int qneg = (SIGN(a) != SIGN(b)); + + mp_set(q, 1); + if(qneg) + SIGN(q) = MP_NEG; + } + + if(r) + mp_zero(r); + + return MP_OKAY; + } + + /* If we get here, it means we actually have to do some division */ + + /* Set up some temporaries... */ + if((res = mp_init_copy(&qtmp, a)) != MP_OKAY) + return res; + if((res = mp_init_copy(&rtmp, b)) != MP_OKAY) + goto CLEANUP; + + if((res = s_mp_div(&qtmp, &rtmp)) != MP_OKAY) + goto CLEANUP; + + /* Compute the signs for the output */ + SIGN(&rtmp) = SIGN(a); /* Sr = Sa */ + if(SIGN(a) == SIGN(b)) + SIGN(&qtmp) = MP_ZPOS; /* Sq = MP_ZPOS if Sa = Sb */ + else + SIGN(&qtmp) = MP_NEG; /* Sq = MP_NEG if Sa != Sb */ + + if(s_mp_cmp_d(&qtmp, 0) == MP_EQ) + SIGN(&qtmp) = MP_ZPOS; + if(s_mp_cmp_d(&rtmp, 0) == MP_EQ) + SIGN(&rtmp) = MP_ZPOS; + + /* Copy output, if it is needed */ + if(q) + s_mp_exch(&qtmp, q); + + if(r) + s_mp_exch(&rtmp, r); + +CLEANUP: + mp_clear(&rtmp); + mp_clear(&qtmp); + + return res; + +} /* end mp_div() */ + +/* }}} */ + +/* {{{ mp_div_2d(a, d, q, r) */ + +mp_err mp_div_2d(mp_int *a, mp_digit d, mp_int *q, mp_int *r) +{ + mp_err res; + + ARGCHK(a != NULL, MP_BADARG); + + if(q) { + if((res = mp_copy(a, q)) != MP_OKAY) + return res; + + s_mp_div_2d(q, d); + } + + if(r) { + if((res = mp_copy(a, r)) != MP_OKAY) + return res; + + s_mp_mod_2d(r, d); + } + + return MP_OKAY; + +} /* end mp_div_2d() */ + +/* }}} */ + +/* {{{ mp_expt(a, b, c) */ + +/* + mp_expt(a, b, c) + + Compute c = a ** b, that is, raise a to the b power. Uses a + standard iterative square-and-multiply technique. + */ + +mp_err mp_expt(mp_int *a, mp_int *b, mp_int *c) +{ + mp_int s, x; + mp_err res; + mp_digit d; + int dig, bit; + + ARGCHK(a != NULL && b != NULL && c != NULL, MP_BADARG); + + if(mp_cmp_z(b) < 0) + return MP_RANGE; + + if((res = mp_init(&s)) != MP_OKAY) + return res; + + mp_set(&s, 1); + + if((res = mp_init_copy(&x, a)) != MP_OKAY) + goto X; + + /* Loop over low-order digits in ascending order */ + for(dig = 0; dig < (int)(USED(b) - 1); dig++) { + d = DIGIT(b, dig); + + /* Loop over bits of each non-maximal digit */ + for(bit = 0; bit < (int)DIGIT_BIT; bit++) { + if(d & 1) { + if((res = s_mp_mul(&s, &x)) != MP_OKAY) + goto CLEANUP; + } + + d >>= 1; + + if((res = s_mp_sqr(&x)) != MP_OKAY) + goto CLEANUP; + } + } + + /* Consider now the last digit... */ + d = DIGIT(b, dig); + + while(d) { + if(d & 1) { + if((res = s_mp_mul(&s, &x)) != MP_OKAY) + goto CLEANUP; + } + + d >>= 1; + + if((res = s_mp_sqr(&x)) != MP_OKAY) + goto CLEANUP; + } + + if(mp_iseven(b)) + SIGN(&s) = SIGN(a); + + res = mp_copy(&s, c); + +CLEANUP: + mp_clear(&x); +X: + mp_clear(&s); + + return res; + +} /* end mp_expt() */ + +/* }}} */ + +/* {{{ mp_2expt(a, k) */ + +/* Compute a = 2^k */ + +mp_err mp_2expt(mp_int *a, mp_digit k) +{ + ARGCHK(a != NULL, MP_BADARG); + + return s_mp_2expt(a, k); + +} /* end mp_2expt() */ + +/* }}} */ + +/* {{{ mp_mod(a, m, c) */ + +/* + mp_mod(a, m, c) + + Compute c = a (mod m). Result will always be 0 <= c < m. + */ + +mp_err mp_mod(mp_int *a, mp_int *m, mp_int *c) +{ + mp_err res; + int mag; + + ARGCHK(a != NULL && m != NULL && c != NULL, MP_BADARG); + + if(SIGN(m) == MP_NEG) + return MP_RANGE; + + /* + If |a| > m, we need to divide to get the remainder and take the + absolute value. + + If |a| < m, we don't need to do any division, just copy and adjust + the sign (if a is negative). + + If |a| == m, we can simply set the result to zero. + + This order is intended to minimize the average path length of the + comparison chain on common workloads -- the most frequent cases are + that |a| != m, so we do those first. + */ + if((mag = s_mp_cmp(a, m)) > 0) { + if((res = mp_div(a, m, NULL, c)) != MP_OKAY) + return res; + + if(SIGN(c) == MP_NEG) { + if((res = mp_add(c, m, c)) != MP_OKAY) + return res; + } + + } else if(mag < 0) { + if((res = mp_copy(a, c)) != MP_OKAY) + return res; + + if(mp_cmp_z(a) < 0) { + if((res = mp_add(c, m, c)) != MP_OKAY) + return res; + + } + + } else { + mp_zero(c); + + } + + return MP_OKAY; + +} /* end mp_mod() */ + +/* }}} */ + +/* {{{ mp_mod_d(a, d, c) */ + +/* + mp_mod_d(a, d, c) + + Compute c = a (mod d). Result will always be 0 <= c < d + */ +mp_err mp_mod_d(mp_int *a, mp_digit d, mp_digit *c) +{ + mp_err res; + mp_digit rem; + + ARGCHK(a != NULL && c != NULL, MP_BADARG); + + if(s_mp_cmp_d(a, d) > 0) { + if((res = mp_div_d(a, d, NULL, &rem)) != MP_OKAY) + return res; + + } else { + if(SIGN(a) == MP_NEG) + rem = d - DIGIT(a, 0); + else + rem = DIGIT(a, 0); + } + + if(c) + *c = rem; + + return MP_OKAY; + +} /* end mp_mod_d() */ + +/* }}} */ + +/* {{{ mp_sqrt(a, b) */ + +/* + mp_sqrt(a, b) + + Compute the integer square root of a, and store the result in b. + Uses an integer-arithmetic version of Newton's iterative linear + approximation technique to determine this value; the result has the + following two properties: + + b^2 <= a + (b+1)^2 >= a + + It is a range error to pass a negative value. + */ +mp_err mp_sqrt(mp_int *a, mp_int *b) +{ + mp_int x, t; + mp_err res; + + ARGCHK(a != NULL && b != NULL, MP_BADARG); + + /* Cannot take square root of a negative value */ + if(SIGN(a) == MP_NEG) + return MP_RANGE; + + /* Special cases for zero and one, trivial */ + if(mp_cmp_d(a, 0) == MP_EQ || mp_cmp_d(a, 1) == MP_EQ) + return mp_copy(a, b); + + /* Initialize the temporaries we'll use below */ + if((res = mp_init_size(&t, USED(a))) != MP_OKAY) + return res; + + /* Compute an initial guess for the iteration as a itself */ + if((res = mp_init_copy(&x, a)) != MP_OKAY) + goto X; + + for(;;) { + /* t = (x * x) - a */ + mp_copy(&x, &t); /* can't fail, t is big enough for original x */ + if((res = mp_sqr(&t, &t)) != MP_OKAY || + (res = mp_sub(&t, a, &t)) != MP_OKAY) + goto CLEANUP; + + /* t = t / 2x */ + s_mp_mul_2(&x); + if((res = mp_div(&t, &x, &t, NULL)) != MP_OKAY) + goto CLEANUP; + s_mp_div_2(&x); + + /* Terminate the loop, if the quotient is zero */ + if(mp_cmp_z(&t) == MP_EQ) + break; + + /* x = x - t */ + if((res = mp_sub(&x, &t, &x)) != MP_OKAY) + goto CLEANUP; + + } + + /* Copy result to output parameter */ + mp_sub_d(&x, 1, &x); + s_mp_exch(&x, b); + + CLEANUP: + mp_clear(&x); + X: + mp_clear(&t); + + return res; + +} /* end mp_sqrt() */ + +/* }}} */ + +/* }}} */ + +/*------------------------------------------------------------------------*/ +/* {{{ Modular arithmetic */ + +#if MP_MODARITH +/* {{{ mp_addmod(a, b, m, c) */ + +/* + mp_addmod(a, b, m, c) + + Compute c = (a + b) mod m + */ + +mp_err mp_addmod(mp_int *a, mp_int *b, mp_int *m, mp_int *c) +{ + mp_err res; + + ARGCHK(a != NULL && b != NULL && m != NULL && c != NULL, MP_BADARG); + + if((res = mp_add(a, b, c)) != MP_OKAY) + return res; + if((res = mp_mod(c, m, c)) != MP_OKAY) + return res; + + return MP_OKAY; + +} + +/* }}} */ + +/* {{{ mp_submod(a, b, m, c) */ + +/* + mp_submod(a, b, m, c) + + Compute c = (a - b) mod m + */ + +mp_err mp_submod(mp_int *a, mp_int *b, mp_int *m, mp_int *c) +{ + mp_err res; + + ARGCHK(a != NULL && b != NULL && m != NULL && c != NULL, MP_BADARG); + + if((res = mp_sub(a, b, c)) != MP_OKAY) + return res; + if((res = mp_mod(c, m, c)) != MP_OKAY) + return res; + + return MP_OKAY; + +} + +/* }}} */ + +/* {{{ mp_mulmod(a, b, m, c) */ + +/* + mp_mulmod(a, b, m, c) + + Compute c = (a * b) mod m + */ + +mp_err mp_mulmod(mp_int *a, mp_int *b, mp_int *m, mp_int *c) +{ + mp_err res; + + ARGCHK(a != NULL && b != NULL && m != NULL && c != NULL, MP_BADARG); + + if((res = mp_mul(a, b, c)) != MP_OKAY) + return res; + if((res = mp_mod(c, m, c)) != MP_OKAY) + return res; + + return MP_OKAY; + +} + +/* }}} */ + +/* {{{ mp_sqrmod(a, m, c) */ + +#if MP_SQUARE +mp_err mp_sqrmod(mp_int *a, mp_int *m, mp_int *c) +{ + mp_err res; + + ARGCHK(a != NULL && m != NULL && c != NULL, MP_BADARG); + + if((res = mp_sqr(a, c)) != MP_OKAY) + return res; + if((res = mp_mod(c, m, c)) != MP_OKAY) + return res; + + return MP_OKAY; + +} /* end mp_sqrmod() */ +#endif + +/* }}} */ + +/* shrinks the memory required to store a mp_int if possible */ +mp_err mp_shrink(mp_int *a) +{ + if (a->used != a->alloc) { + if ((a->dp = XREALLOC(a->dp, a->used * sizeof(mp_digit))) == NULL) { + return MP_MEM; + } else { + a->alloc = a->used; + return MP_OKAY; + } + } else { + return MP_OKAY; + } +} + +/* {{{ mp_exptmod(a, b, m, c) */ + +#ifdef MPI_FASTEXPT + +/* computes y == g^x mod p */ +mp_err mp_exptmod(mp_int *G, mp_int *X, mp_int *P, mp_int *Y) +{ + mp_int *M, tx, mu, res; + int QQQ, QQ, Q, x, *vals, err; + + /* determine the value of Q */ + x = (USED(X) - 1) * DIGIT_BIT; + Q = DIGIT(X, USED(X)-1); + while (Q) { + ++x; + Q >>= 1; + } + if (x <= 8) { Q = 2; } + else if (x <= 64) { Q = 3; } + else if (x <= 256) { Q = 4; } + else if (x <= 950) { Q = 5; } + else if (x <= 2755) { Q = 6; } + else { Q = 7; } + +#ifdef MPI_FASTEXPT_LOWMEM + if (Q > 5) { + Q = 5; + } +#endif + + /* alloc room for table */ + vals = XCALLOC(sizeof(int), USED(X)*((DIGIT_BIT/Q)+((DIGIT_BIT%Q)?1:0))); + if (vals == NULL) { err = MP_MEM; goto _ERR; } + + M = XCALLOC(sizeof(mp_int), 1<= 0) { + for (QQ = 0; QQ < Q; QQ++) { + if ((err = s_mp_sqr(&res)) != MP_OKAY) { goto _TX; } + if ((err = s_mp_reduce(&res, P, &mu)) != MP_OKAY) { goto _TX; } + } + if (vals[x] != 0) { + if ((err = s_mp_mul(&res, &M[vals[x]])) != MP_OKAY) { goto _TX; } + if ((err = s_mp_reduce(&res, P, &mu)) != MP_OKAY) { goto _TX; } + } + } + s_mp_exch(&res, Y); + + /* free ram */ +_TX: + mp_clear(&tx); +_RES: + mp_clear(&res); +_MU: + mp_clear(&mu); +_M: + for (x = 0; x < (1<>= 1; + + if((res = s_mp_sqr(&x)) != MP_OKAY) + goto CLEANUP; + if((res = s_mp_reduce(&x, m, &mu)) != MP_OKAY) + goto CLEANUP; + } + } + + /* Now do the last digit... */ + d = *db; + + while(d) { + if(d & 1) { + if((res = s_mp_mul(&s, &x)) != MP_OKAY) + goto CLEANUP; + if((res = s_mp_reduce(&s, m, &mu)) != MP_OKAY) + goto CLEANUP; + } + + d >>= 1; + + if((res = s_mp_sqr(&x)) != MP_OKAY) + goto CLEANUP; + if((res = s_mp_reduce(&x, m, &mu)) != MP_OKAY) + goto CLEANUP; + } + + s_mp_exch(&s, c); + + CLEANUP: + mp_clear(&mu); + MU: + mp_clear(&x); + X: + mp_clear(&s); + + return res; + +} /* end mp_exptmod() */ + +#endif + +/* }}} */ + +/* {{{ mp_exptmod_d(a, d, m, c) */ + +mp_err mp_exptmod_d(mp_int *a, mp_digit d, mp_int *m, mp_int *c) +{ + mp_int s, x; + mp_err res; + + ARGCHK(a != NULL && c != NULL, MP_BADARG); + + if((res = mp_init(&s)) != MP_OKAY) + return res; + if((res = mp_init_copy(&x, a)) != MP_OKAY) + goto X; + + mp_set(&s, 1); + + while(d != 0) { + if(d & 1) { + if((res = s_mp_mul(&s, &x)) != MP_OKAY || + (res = mp_mod(&s, m, &s)) != MP_OKAY) + goto CLEANUP; + } + + d /= 2; + + if((res = s_mp_sqr(&x)) != MP_OKAY || + (res = mp_mod(&x, m, &x)) != MP_OKAY) + goto CLEANUP; + } + + s_mp_exch(&s, c); + +CLEANUP: + mp_clear(&x); +X: + mp_clear(&s); + + return res; + +} /* end mp_exptmod_d() */ + +/* }}} */ +#endif /* if MP_MODARITH */ + +/* }}} */ + +/*------------------------------------------------------------------------*/ +/* {{{ Comparison functions */ + +/* {{{ mp_cmp_z(a) */ + +/* + mp_cmp_z(a) + + Compare a <=> 0. Returns <0 if a<0, 0 if a=0, >0 if a>0. + */ + +int mp_cmp_z(mp_int *a) +{ + if(SIGN(a) == MP_NEG) + return MP_LT; + else if(USED(a) == 1 && DIGIT(a, 0) == 0) + return MP_EQ; + else + return MP_GT; + +} /* end mp_cmp_z() */ + +/* }}} */ + +/* {{{ mp_cmp_d(a, d) */ + +/* + mp_cmp_d(a, d) + + Compare a <=> d. Returns <0 if a0 if a>d + */ + +int mp_cmp_d(mp_int *a, mp_digit d) +{ + ARGCHK(a != NULL, MP_EQ); + + if(SIGN(a) == MP_NEG) + return MP_LT; + + return s_mp_cmp_d(a, d); + +} /* end mp_cmp_d() */ + +/* }}} */ + +/* {{{ mp_cmp(a, b) */ + +int mp_cmp(mp_int *a, mp_int *b) +{ + ARGCHK(a != NULL && b != NULL, MP_EQ); + + if(SIGN(a) == SIGN(b)) { + int mag; + + if((mag = s_mp_cmp(a, b)) == MP_EQ) + return MP_EQ; + + if(SIGN(a) == MP_ZPOS) + return mag; + else + return -mag; + + } else if(SIGN(a) == MP_ZPOS) { + return MP_GT; + } else { + return MP_LT; + } + +} /* end mp_cmp() */ + +/* }}} */ + +/* {{{ mp_cmp_mag(a, b) */ + +/* + mp_cmp_mag(a, b) + + Compares |a| <=> |b|, and returns an appropriate comparison result + */ + +int mp_cmp_mag(mp_int *a, mp_int *b) +{ + ARGCHK(a != NULL && b != NULL, MP_EQ); + + return s_mp_cmp(a, b); + +} /* end mp_cmp_mag() */ + +/* }}} */ + +/* {{{ mp_cmp_int(a, z) */ + +/* + This just converts z to an mp_int, and uses the existing comparison + routines. This is sort of inefficient, but it's not clear to me how + frequently this wil get used anyway. For small positive constants, + you can always use mp_cmp_d(), and for zero, there is mp_cmp_z(). + */ +int mp_cmp_int(mp_int *a, long z) +{ + mp_int tmp; + int out; + + ARGCHK(a != NULL, MP_EQ); + + mp_init(&tmp); mp_set_int(&tmp, z); + out = mp_cmp(a, &tmp); + mp_clear(&tmp); + + return out; + +} /* end mp_cmp_int() */ + +/* }}} */ + +/* {{{ mp_isodd(a) */ + +/* + mp_isodd(a) + + Returns a true (non-zero) value if a is odd, false (zero) otherwise. + */ +int mp_isodd(mp_int *a) +{ + ARGCHK(a != NULL, 0); + + return (DIGIT(a, 0) & 1); + +} /* end mp_isodd() */ + +/* }}} */ + +/* {{{ mp_iseven(a) */ + +int mp_iseven(mp_int *a) +{ + return !mp_isodd(a); + +} /* end mp_iseven() */ + +/* }}} */ + +/* }}} */ + +/*------------------------------------------------------------------------*/ +/* {{{ Number theoretic functions */ + +#if MP_NUMTH +/* {{{ mp_gcd(a, b, c) */ + +/* + Like the old mp_gcd() function, except computes the GCD using the + binary algorithm due to Josef Stein in 1961 (via Knuth). + */ +mp_err mp_gcd(mp_int *a, mp_int *b, mp_int *c) +{ + mp_err res; + mp_int u, v, t; + mp_size k = 0; + + ARGCHK(a != NULL && b != NULL && c != NULL, MP_BADARG); + + if(mp_cmp_z(a) == MP_EQ && mp_cmp_z(b) == MP_EQ) + return MP_RANGE; + if(mp_cmp_z(a) == MP_EQ) { + return mp_copy(b, c); + } else if(mp_cmp_z(b) == MP_EQ) { + return mp_copy(a, c); + } + + if((res = mp_init(&t)) != MP_OKAY) + return res; + if((res = mp_init_copy(&u, a)) != MP_OKAY) + goto U; + if((res = mp_init_copy(&v, b)) != MP_OKAY) + goto V; + + SIGN(&u) = MP_ZPOS; + SIGN(&v) = MP_ZPOS; + + /* Divide out common factors of 2 until at least 1 of a, b is even */ + while(mp_iseven(&u) && mp_iseven(&v)) { + s_mp_div_2(&u); + s_mp_div_2(&v); + ++k; + } + + /* Initialize t */ + if(mp_isodd(&u)) { + if((res = mp_copy(&v, &t)) != MP_OKAY) + goto CLEANUP; + + /* t = -v */ + if(SIGN(&v) == MP_ZPOS) + SIGN(&t) = MP_NEG; + else + SIGN(&t) = MP_ZPOS; + + } else { + if((res = mp_copy(&u, &t)) != MP_OKAY) + goto CLEANUP; + + } + + for(;;) { + while(mp_iseven(&t)) { + s_mp_div_2(&t); + } + + if(mp_cmp_z(&t) == MP_GT) { + if((res = mp_copy(&t, &u)) != MP_OKAY) + goto CLEANUP; + + } else { + if((res = mp_copy(&t, &v)) != MP_OKAY) + goto CLEANUP; + + /* v = -t */ + if(SIGN(&t) == MP_ZPOS) + SIGN(&v) = MP_NEG; + else + SIGN(&v) = MP_ZPOS; + } + + if((res = mp_sub(&u, &v, &t)) != MP_OKAY) + goto CLEANUP; + + if(s_mp_cmp_d(&t, 0) == MP_EQ) + break; + } + + s_mp_2expt(&v, (mp_digit)k); /* v = 2^k */ + res = mp_mul(&u, &v, c); /* c = u * v */ + + CLEANUP: + mp_clear(&v); + V: + mp_clear(&u); + U: + mp_clear(&t); + + return res; + +} /* end mp_bgcd() */ + +/* }}} */ + +/* {{{ mp_lcm(a, b, c) */ + +/* We compute the least common multiple using the rule: + + ab = [a, b](a, b) + + ... by computing the product, and dividing out the gcd. + */ + +mp_err mp_lcm(mp_int *a, mp_int *b, mp_int *c) +{ + mp_int gcd, prod; + mp_err res; + + ARGCHK(a != NULL && b != NULL && c != NULL, MP_BADARG); + + /* Set up temporaries */ + if((res = mp_init(&gcd)) != MP_OKAY) + return res; + if((res = mp_init(&prod)) != MP_OKAY) + goto GCD; + + if((res = mp_mul(a, b, &prod)) != MP_OKAY) + goto CLEANUP; + if((res = mp_gcd(a, b, &gcd)) != MP_OKAY) + goto CLEANUP; + + res = mp_div(&prod, &gcd, c, NULL); + + CLEANUP: + mp_clear(&prod); + GCD: + mp_clear(&gcd); + + return res; + +} /* end mp_lcm() */ + +/* }}} */ + +/* {{{ mp_xgcd(a, b, g, x, y) */ + +/* + mp_xgcd(a, b, g, x, y) + + Compute g = (a, b) and values x and y satisfying Bezout's identity + (that is, ax + by = g). This uses the extended binary GCD algorithm + based on the Stein algorithm used for mp_gcd() + */ + +mp_err mp_xgcd(mp_int *a, mp_int *b, mp_int *g, mp_int *x, mp_int *y) +{ + mp_int gx, xc, yc, u, v, A, B, C, D; + mp_int *clean[9]; + mp_err res; + int last = -1; + + if(mp_cmp_z(b) == 0) + return MP_RANGE; + + /* Initialize all these variables we need */ + if((res = mp_init(&u)) != MP_OKAY) goto CLEANUP; + clean[++last] = &u; + if((res = mp_init(&v)) != MP_OKAY) goto CLEANUP; + clean[++last] = &v; + if((res = mp_init(&gx)) != MP_OKAY) goto CLEANUP; + clean[++last] = &gx; + if((res = mp_init(&A)) != MP_OKAY) goto CLEANUP; + clean[++last] = &A; + if((res = mp_init(&B)) != MP_OKAY) goto CLEANUP; + clean[++last] = &B; + if((res = mp_init(&C)) != MP_OKAY) goto CLEANUP; + clean[++last] = &C; + if((res = mp_init(&D)) != MP_OKAY) goto CLEANUP; + clean[++last] = &D; + if((res = mp_init_copy(&xc, a)) != MP_OKAY) goto CLEANUP; + clean[++last] = &xc; + mp_abs(&xc, &xc); + if((res = mp_init_copy(&yc, b)) != MP_OKAY) goto CLEANUP; + clean[++last] = &yc; + mp_abs(&yc, &yc); + + mp_set(&gx, 1); + + /* Divide by two until at least one of them is even */ + while(mp_iseven(&xc) && mp_iseven(&yc)) { + s_mp_div_2(&xc); + s_mp_div_2(&yc); + if((res = s_mp_mul_2(&gx)) != MP_OKAY) + goto CLEANUP; + } + + mp_copy(&xc, &u); + mp_copy(&yc, &v); + mp_set(&A, 1); mp_set(&D, 1); + + /* Loop through binary GCD algorithm */ + for(;;) { + while(mp_iseven(&u)) { + s_mp_div_2(&u); + + if(mp_iseven(&A) && mp_iseven(&B)) { + s_mp_div_2(&A); s_mp_div_2(&B); + } else { + if((res = mp_add(&A, &yc, &A)) != MP_OKAY) goto CLEANUP; + s_mp_div_2(&A); + if((res = mp_sub(&B, &xc, &B)) != MP_OKAY) goto CLEANUP; + s_mp_div_2(&B); + } + } + + while(mp_iseven(&v)) { + s_mp_div_2(&v); + + if(mp_iseven(&C) && mp_iseven(&D)) { + s_mp_div_2(&C); s_mp_div_2(&D); + } else { + if((res = mp_add(&C, &yc, &C)) != MP_OKAY) goto CLEANUP; + s_mp_div_2(&C); + if((res = mp_sub(&D, &xc, &D)) != MP_OKAY) goto CLEANUP; + s_mp_div_2(&D); + } + } + + if(mp_cmp(&u, &v) >= 0) { + if((res = mp_sub(&u, &v, &u)) != MP_OKAY) goto CLEANUP; + if((res = mp_sub(&A, &C, &A)) != MP_OKAY) goto CLEANUP; + if((res = mp_sub(&B, &D, &B)) != MP_OKAY) goto CLEANUP; + + } else { + if((res = mp_sub(&v, &u, &v)) != MP_OKAY) goto CLEANUP; + if((res = mp_sub(&C, &A, &C)) != MP_OKAY) goto CLEANUP; + if((res = mp_sub(&D, &B, &D)) != MP_OKAY) goto CLEANUP; + + } + + /* If we're done, copy results to output */ + if(mp_cmp_z(&u) == 0) { + if(x) + if((res = mp_copy(&C, x)) != MP_OKAY) goto CLEANUP; + + if(y) + if((res = mp_copy(&D, y)) != MP_OKAY) goto CLEANUP; + + if(g) + if((res = mp_mul(&gx, &v, g)) != MP_OKAY) goto CLEANUP; + + break; + } + } + + CLEANUP: + while(last >= 0) + mp_clear(clean[last--]); + + return res; + +} /* end mp_xgcd() */ + +/* }}} */ + +/* {{{ mp_invmod(a, m, c) */ + +/* + mp_invmod(a, m, c) + + Compute c = a^-1 (mod m), if there is an inverse for a (mod m). + This is equivalent to the question of whether (a, m) = 1. If not, + MP_UNDEF is returned, and there is no inverse. + */ + +mp_err mp_invmod(mp_int *a, mp_int *m, mp_int *c) +{ + mp_int g, x; + mp_err res; + + ARGCHK(a && m && c, MP_BADARG); + + if(mp_cmp_z(a) == 0 || mp_cmp_z(m) == 0) + return MP_RANGE; + + if((res = mp_init(&g)) != MP_OKAY) + return res; + if((res = mp_init(&x)) != MP_OKAY) + goto X; + + if((res = mp_xgcd(a, m, &g, &x, NULL)) != MP_OKAY) + goto CLEANUP; + + if(mp_cmp_d(&g, 1) != MP_EQ) { + res = MP_UNDEF; + goto CLEANUP; + } + + res = mp_mod(&x, m, c); + SIGN(c) = SIGN(a); + +CLEANUP: + mp_clear(&x); +X: + mp_clear(&g); + + return res; + +} /* end mp_invmod() */ + +/* }}} */ +#endif /* if MP_NUMTH */ + +/* }}} */ + +/*------------------------------------------------------------------------*/ +/* {{{ mp_print(mp, ofp) */ + +#if MP_IOFUNC +/* + mp_print(mp, ofp) + + Print a textual representation of the given mp_int on the output + stream 'ofp'. Output is generated using the internal radix. + */ + +void mp_print(mp_int *mp, FILE *ofp) +{ + int ix; + + if(mp == NULL || ofp == NULL) + return; + + fputc((SIGN(mp) == MP_NEG) ? '-' : '+', ofp); + + for(ix = USED(mp) - 1; ix >= 0; ix--) { + fprintf(ofp, DIGIT_FMT, DIGIT(mp, ix)); + } + +} /* end mp_print() */ + +#endif /* if MP_IOFUNC */ + +/* }}} */ + +/*------------------------------------------------------------------------*/ +/* {{{ More I/O Functions */ + +/* {{{ mp_read_signed_bin(mp, str, len) */ + +/* + mp_read_signed_bin(mp, str, len) + + Read in a raw value (base 256) into the given mp_int + */ + +mp_err mp_read_signed_bin(mp_int *mp, unsigned char *str, int len) +{ + mp_err res; + + ARGCHK(mp != NULL && str != NULL && len > 0, MP_BADARG); + + if((res = mp_read_unsigned_bin(mp, str + 1, len - 1)) == MP_OKAY) { + /* Get sign from first byte */ + if(str[0]) + SIGN(mp) = MP_NEG; + else + SIGN(mp) = MP_ZPOS; + } + + return res; + +} /* end mp_read_signed_bin() */ + +/* }}} */ + +/* {{{ mp_signed_bin_size(mp) */ + +int mp_signed_bin_size(mp_int *mp) +{ + ARGCHK(mp != NULL, 0); + + return mp_unsigned_bin_size(mp) + 1; + +} /* end mp_signed_bin_size() */ + +/* }}} */ + +/* {{{ mp_to_signed_bin(mp, str) */ + +mp_err mp_to_signed_bin(mp_int *mp, unsigned char *str) +{ + ARGCHK(mp != NULL && str != NULL, MP_BADARG); + + /* Caller responsible for allocating enough memory (use mp_raw_size(mp)) */ + str[0] = (char)SIGN(mp); + + return mp_to_unsigned_bin(mp, str + 1); + +} /* end mp_to_signed_bin() */ + +/* }}} */ + +/* {{{ mp_read_unsigned_bin(mp, str, len) */ + +/* + mp_read_unsigned_bin(mp, str, len) + + Read in an unsigned value (base 256) into the given mp_int + */ + +mp_err mp_read_unsigned_bin(mp_int *mp, unsigned char *str, int len) +{ + int ix; + mp_err res; + + ARGCHK(mp != NULL && str != NULL && len > 0, MP_BADARG); + + mp_zero(mp); + + for(ix = 0; ix < len; ix++) { + if((res = s_mp_mul_2d(mp, CHAR_BIT)) != MP_OKAY) + return res; + + if((res = mp_add_d(mp, str[ix], mp)) != MP_OKAY) + return res; + } + + return MP_OKAY; + +} /* end mp_read_unsigned_bin() */ + +/* }}} */ + +/* {{{ mp_unsigned_bin_size(mp) */ + +int mp_unsigned_bin_size(mp_int *mp) +{ + mp_digit topdig; + int count; + + ARGCHK(mp != NULL, 0); + + /* Special case for the value zero */ + if(USED(mp) == 1 && DIGIT(mp, 0) == 0) + return 1; + + count = (USED(mp) - 1) * sizeof(mp_digit); + topdig = DIGIT(mp, USED(mp) - 1); + + while(topdig != 0) { + ++count; + topdig >>= CHAR_BIT; + } + + return count; + +} /* end mp_unsigned_bin_size() */ + +/* }}} */ + +/* {{{ mp_to_unsigned_bin(mp, str) */ + +mp_err mp_to_unsigned_bin(mp_int *mp, unsigned char *str) +{ + mp_digit *dp, *end, d; + unsigned char *spos; + + ARGCHK(mp != NULL && str != NULL, MP_BADARG); + + dp = DIGITS(mp); + end = dp + USED(mp) - 1; + spos = str; + + /* Special case for zero, quick test */ + if(dp == end && *dp == 0) { + *str = '\0'; + return MP_OKAY; + } + + /* Generate digits in reverse order */ + while(dp < end) { + int ix; + + d = *dp; + for(ix = 0; ix < (int)sizeof(mp_digit); ++ix) { + *spos = d & UCHAR_MAX; + d >>= CHAR_BIT; + ++spos; + } + + ++dp; + } + + /* Now handle last digit specially, high order zeroes are not written */ + d = *end; + while(d != 0) { + *spos = d & UCHAR_MAX; + d >>= CHAR_BIT; + ++spos; + } + + /* Reverse everything to get digits in the correct order */ + while(--spos > str) { + unsigned char t = *str; + *str = *spos; + *spos = t; + + ++str; + } + + return MP_OKAY; + +} /* end mp_to_unsigned_bin() */ + +/* }}} */ + +/* {{{ mp_count_bits(mp) */ + +int mp_count_bits(mp_int *mp) +{ + int len; + mp_digit d; + + ARGCHK(mp != NULL, MP_BADARG); + + len = DIGIT_BIT * (USED(mp) - 1); + d = DIGIT(mp, USED(mp) - 1); + + while(d != 0) { + ++len; + d >>= 1; + } + + return len; + +} /* end mp_count_bits() */ + +/* }}} */ + +/* {{{ mp_read_radix(mp, str, radix) */ + +/* + mp_read_radix(mp, str, radix) + + Read an integer from the given string, and set mp to the resulting + value. The input is presumed to be in base 10. Leading non-digit + characters are ignored, and the function reads until a non-digit + character or the end of the string. + */ + +mp_err mp_read_radix(mp_int *mp, unsigned char *str, int radix) +{ + int ix = 0, val = 0; + mp_err res; + mp_sign sig = MP_ZPOS; + + ARGCHK(mp != NULL && str != NULL && radix >= 2 && radix <= MAX_RADIX, + MP_BADARG); + + mp_zero(mp); + + /* Skip leading non-digit characters until a digit or '-' or '+' */ + while(str[ix] && + (s_mp_tovalue(str[ix], radix) < 0) && + str[ix] != '-' && + str[ix] != '+') { + ++ix; + } + + if(str[ix] == '-') { + sig = MP_NEG; + ++ix; + } else if(str[ix] == '+') { + sig = MP_ZPOS; /* this is the default anyway... */ + ++ix; + } + + while((val = s_mp_tovalue(str[ix], radix)) >= 0) { + if((res = s_mp_mul_d(mp, (mp_digit)radix)) != MP_OKAY) + return res; + if((res = s_mp_add_d(mp, (mp_digit)val)) != MP_OKAY) + return res; + ++ix; + } + + if(s_mp_cmp_d(mp, 0) == MP_EQ) + SIGN(mp) = MP_ZPOS; + else + SIGN(mp) = sig; + + return MP_OKAY; + +} /* end mp_read_radix() */ + +/* }}} */ + +/* {{{ mp_radix_size(mp, radix) */ + +int mp_radix_size(mp_int *mp, int radix) +{ + int len; + ARGCHK(mp != NULL, 0); + + len = s_mp_outlen(mp_count_bits(mp), radix) + 1; /* for NUL terminator */ + + if(mp_cmp_z(mp) < 0) + ++len; /* for sign */ + + return len; + +} /* end mp_radix_size() */ + +/* }}} */ + +/* {{{ mp_value_radix_size(num, qty, radix) */ + +/* num = number of digits + qty = number of bits per digit + radix = target base + + Return the number of digits in the specified radix that would be + needed to express 'num' digits of 'qty' bits each. + */ +int mp_value_radix_size(int num, int qty, int radix) +{ + ARGCHK(num >= 0 && qty > 0 && radix >= 2 && radix <= MAX_RADIX, 0); + + return s_mp_outlen(num * qty, radix); + +} /* end mp_value_radix_size() */ + +/* }}} */ + +/* {{{ mp_toradix(mp, str, radix) */ + +mp_err mp_toradix(mp_int *mp, unsigned char *str, int radix) +{ + int ix, pos = 0; + + ARGCHK(mp != NULL && str != NULL, MP_BADARG); + ARGCHK(radix > 1 && radix <= MAX_RADIX, MP_RANGE); + + if(mp_cmp_z(mp) == MP_EQ) { + str[0] = '0'; + str[1] = '\0'; + } else { + mp_err res; + mp_int tmp; + mp_sign sgn; + mp_digit rem, rdx = (mp_digit)radix; + char ch; + + if((res = mp_init_copy(&tmp, mp)) != MP_OKAY) + return res; + + /* Save sign for later, and take absolute value */ + sgn = SIGN(&tmp); SIGN(&tmp) = MP_ZPOS; + + /* Generate output digits in reverse order */ + while(mp_cmp_z(&tmp) != 0) { + if((res = s_mp_div_d(&tmp, rdx, &rem)) != MP_OKAY) { + mp_clear(&tmp); + return res; + } + + /* Generate digits, use capital letters */ + ch = s_mp_todigit(rem, radix, 0); + + str[pos++] = ch; + } + + /* Add - sign if original value was negative */ + if(sgn == MP_NEG) + str[pos++] = '-'; + + /* Add trailing NUL to end the string */ + str[pos--] = '\0'; + + /* Reverse the digits and sign indicator */ + ix = 0; + while(ix < pos) { + char tmp = str[ix]; + + str[ix] = str[pos]; + str[pos] = tmp; + ++ix; + --pos; + } + + mp_clear(&tmp); + } + + return MP_OKAY; + +} /* end mp_toradix() */ + +/* }}} */ + +/* {{{ mp_char2value(ch, r) */ + +int mp_char2value(char ch, int r) +{ + return s_mp_tovalue(ch, r); + +} /* end mp_tovalue() */ + +/* }}} */ + +/* }}} */ + +/* {{{ mp_strerror(ec) */ + +/* + mp_strerror(ec) + + Return a string describing the meaning of error code 'ec'. The + string returned is allocated in static memory, so the caller should + not attempt to modify or free the memory associated with this + string. + */ +const char *mp_strerror(mp_err ec) +{ + int aec = (ec < 0) ? -ec : ec; + + /* Code values are negative, so the senses of these comparisons + are accurate */ + if(ec < MP_LAST_CODE || ec > MP_OKAY) { + return mp_err_string[0]; /* unknown error code */ + } else { + return mp_err_string[aec + 1]; + } + +} /* end mp_strerror() */ + +/* }}} */ + +/*========================================================================*/ +/*------------------------------------------------------------------------*/ +/* Static function definitions (internal use only) */ + +/* {{{ Memory management */ + +/* {{{ s_mp_grow(mp, min) */ + +/* Make sure there are at least 'min' digits allocated to mp */ +static mp_err s_mp_grow(mp_int *mp, mp_size min) +{ + if(min > ALLOC(mp)) { + mp_digit *tmp; + + /* Set min to next nearest default precision block size */ + min = ((min + (s_mp_defprec - 1)) / s_mp_defprec) * s_mp_defprec; + + if((tmp = s_mp_alloc(min, sizeof(mp_digit))) == NULL) + return MP_MEM; + + s_mp_copy(DIGITS(mp), tmp, USED(mp)); + +#if MP_CRYPTO + s_mp_setz(DIGITS(mp), ALLOC(mp)); +#endif + s_mp_free(DIGITS(mp)); + DIGITS(mp) = tmp; + ALLOC(mp) = min; + } + + return MP_OKAY; + +} /* end s_mp_grow() */ + +/* }}} */ + +/* {{{ s_mp_pad(mp, min) */ + +/* Make sure the used size of mp is at least 'min', growing if needed */ +static mp_err s_mp_pad(mp_int *mp, mp_size min) +{ + if(min > USED(mp)) { + mp_err res; + + /* Make sure there is room to increase precision */ + if(min > ALLOC(mp) && (res = s_mp_grow(mp, min)) != MP_OKAY) + return res; + + /* Increase precision; should already be 0-filled */ + USED(mp) = min; + } + + return MP_OKAY; + +} /* end s_mp_pad() */ + +/* }}} */ + +/* {{{ s_mp_setz(dp, count) */ + +#if MP_MACRO == 0 +/* Set 'count' digits pointed to by dp to be zeroes */ +void s_mp_setz(mp_digit *dp, mp_size count) +{ +#if MP_MEMSET == 0 + int ix; + + for(ix = 0; ix < count; ix++) + dp[ix] = 0; +#else + memset(dp, 0, count * sizeof(mp_digit)); +#endif + +} /* end s_mp_setz() */ +#endif + +/* }}} */ + +/* {{{ s_mp_copy(sp, dp, count) */ + +#if MP_MACRO == 0 +/* Copy 'count' digits from sp to dp */ +void s_mp_copy(mp_digit *sp, mp_digit *dp, mp_size count) +{ +#if MP_MEMCPY == 0 + int ix; + + for(ix = 0; ix < count; ix++) + dp[ix] = sp[ix]; +#else + memcpy(dp, sp, count * sizeof(mp_digit)); +#endif + +} /* end s_mp_copy() */ +#endif + +/* }}} */ + +/* {{{ s_mp_alloc(nb, ni) */ + +#if MP_MACRO == 0 +/* Allocate ni records of nb bytes each, and return a pointer to that */ +void *s_mp_alloc(size_t nb, size_t ni) +{ + return XCALLOC(nb, ni); + +} /* end s_mp_alloc() */ +#endif + +/* }}} */ + +/* {{{ s_mp_free(ptr) */ + +#if MP_MACRO == 0 +/* Free the memory pointed to by ptr */ +void s_mp_free(void *ptr) +{ + if(ptr) + XFREE(ptr); + +} /* end s_mp_free() */ +#endif + +/* }}} */ + +/* {{{ s_mp_clamp(mp) */ + +/* Remove leading zeroes from the given value */ +void s_mp_clamp(mp_int *mp) +{ + mp_size du = USED(mp); + mp_digit *zp = DIGITS(mp) + du - 1; + + while(du > 1 && !*zp--) + --du; + + USED(mp) = du; + +} /* end s_mp_clamp() */ + + +/* }}} */ + +/* {{{ s_mp_exch(a, b) */ + +/* Exchange the data for a and b; (b, a) = (a, b) */ +void s_mp_exch(mp_int *a, mp_int *b) +{ + mp_int tmp; + + tmp = *a; + *a = *b; + *b = tmp; + +} /* end s_mp_exch() */ + +/* }}} */ + +/* }}} */ + +/* {{{ Arithmetic helpers */ + +/* {{{ s_mp_lshd(mp, p) */ + +/* + Shift mp leftward by p digits, growing if needed, and zero-filling + the in-shifted digits at the right end. This is a convenient + alternative to multiplication by powers of the radix + */ + +static mp_err s_mp_lshd(mp_int *mp, mp_size p) +{ + mp_err res; + mp_size pos; + mp_digit *dp; + int ix; + + if(p == 0) + return MP_OKAY; + + if((res = s_mp_pad(mp, USED(mp) + p)) != MP_OKAY) + return res; + + pos = USED(mp) - 1; + dp = DIGITS(mp); + + /* Shift all the significant figures over as needed */ + for(ix = pos - p; ix >= 0; ix--) + dp[ix + p] = dp[ix]; + + /* Fill the bottom digits with zeroes */ + for(ix = 0; ix < (int)p; ix++) + dp[ix] = 0; + + return MP_OKAY; + +} /* end s_mp_lshd() */ + +/* }}} */ + +/* {{{ s_mp_rshd(mp, p) */ + +/* + Shift mp rightward by p digits. Maintains the invariant that + digits above the precision are all zero. Digits shifted off the + end are lost. Cannot fail. + */ + +void s_mp_rshd(mp_int *mp, mp_size p) +{ + mp_size ix; + mp_digit *dp; + + if(p == 0) + return; + + /* Shortcut when all digits are to be shifted off */ + if(p >= USED(mp)) { + s_mp_setz(DIGITS(mp), ALLOC(mp)); + USED(mp) = 1; + SIGN(mp) = MP_ZPOS; + return; + } + + /* Shift all the significant figures over as needed */ + dp = DIGITS(mp); + for(ix = p; ix < USED(mp); ix++) + dp[ix - p] = dp[ix]; + + + /* Fill the top digits with zeroes */ + + ix -= p; + while(ix < USED(mp)) + dp[ix++] = 0; + + /* Strip off any leading zeroes */ + s_mp_clamp(mp); + +} /* end s_mp_rshd() */ + +/* }}} */ + +/* {{{ s_mp_div_2(mp) */ + +/* Divide by two -- take advantage of radix properties to do it fast */ +void s_mp_div_2(mp_int *mp) +{ + s_mp_div_2d(mp, 1); + +} /* end s_mp_div_2() */ + +/* }}} */ + +/* {{{ s_mp_mul_2(mp) */ + +static mp_err s_mp_mul_2(mp_int *mp) +{ + int ix; + mp_digit kin = 0, kout, *dp = DIGITS(mp); + mp_err res; + + /* Shift digits leftward by 1 bit */ + for(ix = 0; ix < (int)USED(mp); ix++) { + kout = (dp[ix] >> (DIGIT_BIT - 1)) & 1; + dp[ix] = (dp[ix] << 1) | kin; + + kin = kout; + } + + /* Deal with rollover from last digit */ + if(kin) { + if(ix >= (int)ALLOC(mp)) { + if((res = s_mp_grow(mp, ALLOC(mp) + 1)) != MP_OKAY) + return res; + dp = DIGITS(mp); + } + + dp[ix] = kin; + USED(mp) += 1; + } + + return MP_OKAY; + +} /* end s_mp_mul_2() */ + +/* }}} */ + +/* {{{ s_mp_mod_2d(mp, d) */ + +/* + Remainder the integer by 2^d, where d is a number of bits. This + amounts to a bitwise AND of the value, and does not require the full + division code + */ +void s_mp_mod_2d(mp_int *mp, mp_digit d) +{ + unsigned int ndig = (d / DIGIT_BIT), nbit = (d % DIGIT_BIT); + unsigned int ix; + mp_digit dmask, *dp = DIGITS(mp); + + if(ndig >= USED(mp)) + return; + + /* Flush all the bits above 2^d in its digit */ + dmask = (1 << nbit) - 1; + dp[ndig] &= dmask; + + /* Flush all digits above the one with 2^d in it */ + for(ix = ndig + 1; ix < USED(mp); ix++) + dp[ix] = 0; + + s_mp_clamp(mp); +} /* end s_mp_mod_2d() */ + +/* }}} */ + +/* {{{ s_mp_mul_2d(mp, d) */ + +/* + Multiply by the integer 2^d, where d is a number of bits. This + amounts to a bitwise shift of the value, and does not require the + full multiplication code. + */ +static mp_err s_mp_mul_2d(mp_int *mp, mp_digit d) +{ + mp_err res; + mp_digit save, next, mask, *dp; + mp_size used; + int ix; + + if((res = s_mp_lshd(mp, d / DIGIT_BIT)) != MP_OKAY) + return res; + + dp = DIGITS(mp); used = USED(mp); + d %= DIGIT_BIT; + + mask = (1 << d) - 1; + + /* If the shift requires another digit, make sure we've got one to + work with */ + if((dp[used - 1] >> (DIGIT_BIT - d)) & mask) { + if((res = s_mp_grow(mp, used + 1)) != MP_OKAY) + return res; + dp = DIGITS(mp); + } + + /* Do the shifting... */ + save = 0; + for(ix = 0; ix < (int)used; ix++) { + next = (dp[ix] >> (DIGIT_BIT - d)) & mask; + dp[ix] = (dp[ix] << d) | save; + save = next; + } + + /* If, at this point, we have a nonzero carryout into the next + digit, we'll increase the size by one digit, and store it... + */ + if(save) { + dp[used] = save; + USED(mp) += 1; + } + + s_mp_clamp(mp); + return MP_OKAY; + +} /* end s_mp_mul_2d() */ + +/* }}} */ + +/* {{{ s_mp_div_2d(mp, d) */ + +/* + Divide the integer by 2^d, where d is a number of bits. This + amounts to a bitwise shift of the value, and does not require the + full division code (used in Barrett reduction, see below) + */ +void s_mp_div_2d(mp_int *mp, mp_digit d) +{ + int ix; + mp_digit save, next, mask, *dp = DIGITS(mp); + + s_mp_rshd(mp, d / DIGIT_BIT); + d %= DIGIT_BIT; + + mask = (1 << d) - 1; + + save = 0; + for(ix = USED(mp) - 1; ix >= 0; ix--) { + next = dp[ix] & mask; + dp[ix] = (dp[ix] >> d) | (save << (DIGIT_BIT - d)); + save = next; + } + + s_mp_clamp(mp); + +} /* end s_mp_div_2d() */ + +/* }}} */ + +/* {{{ s_mp_norm(a, b) */ + +/* + s_mp_norm(a, b) + + Normalize a and b for division, where b is the divisor. In order + that we might make good guesses for quotient digits, we want the + leading digit of b to be at least half the radix, which we + accomplish by multiplying a and b by a constant. This constant is + returned (so that it can be divided back out of the remainder at the + end of the division process). + + We multiply by the smallest power of 2 that gives us a leading digit + at least half the radix. By choosing a power of 2, we simplify the + multiplication and division steps to simple shifts. + */ +mp_digit s_mp_norm(mp_int *a, mp_int *b) +{ + mp_digit t, d = 0; + + t = DIGIT(b, USED(b) - 1); + while(t < (RADIX / 2)) { + t <<= 1; + ++d; + } + + if(d != 0) { + s_mp_mul_2d(a, d); + s_mp_mul_2d(b, d); + } + + return d; + +} /* end s_mp_norm() */ + +/* }}} */ + +/* }}} */ + +/* {{{ Primitive digit arithmetic */ + +/* {{{ s_mp_add_d(mp, d) */ + +/* Add d to |mp| in place */ +static mp_err s_mp_add_d(mp_int *mp, mp_digit d) /* unsigned digit addition */ +{ + mp_word w, k = 0; + mp_size ix = 1, used = USED(mp); + mp_digit *dp = DIGITS(mp); + + w = dp[0] + d; + dp[0] = ACCUM(w); + k = CARRYOUT(w); + + while(ix < used && k) { + w = dp[ix] + k; + dp[ix] = ACCUM(w); + k = CARRYOUT(w); + ++ix; + } + + if(k != 0) { + mp_err res; + + if((res = s_mp_pad(mp, USED(mp) + 1)) != MP_OKAY) + return res; + + DIGIT(mp, ix) = k; + } + + return MP_OKAY; + +} /* end s_mp_add_d() */ + +/* }}} */ + +/* {{{ s_mp_sub_d(mp, d) */ + +/* Subtract d from |mp| in place, assumes |mp| > d */ +static mp_err s_mp_sub_d(mp_int *mp, mp_digit d) /* unsigned digit subtract */ +{ + mp_word w, b = 0; + mp_size ix = 1, used = USED(mp); + mp_digit *dp = DIGITS(mp); + + /* Compute initial subtraction */ + w = (RADIX + dp[0]) - d; + b = CARRYOUT(w) ? 0 : 1; + dp[0] = ACCUM(w); + + /* Propagate borrows leftward */ + while(b && ix < used) { + w = (RADIX + dp[ix]) - b; + b = CARRYOUT(w) ? 0 : 1; + dp[ix] = ACCUM(w); + ++ix; + } + + /* Remove leading zeroes */ + s_mp_clamp(mp); + + /* If we have a borrow out, it's a violation of the input invariant */ + if(b) + return MP_RANGE; + else + return MP_OKAY; + +} /* end s_mp_sub_d() */ + +/* }}} */ + +/* {{{ s_mp_mul_d(a, d) */ + +/* Compute a = a * d, single digit multiplication */ +static mp_err s_mp_mul_d(mp_int *a, mp_digit d) +{ + mp_word w, k = 0; + mp_size ix, max; + mp_err res; + mp_digit *dp = DIGITS(a); + + /* + Single-digit multiplication will increase the precision of the + output by at most one digit. However, we can detect when this + will happen -- if the high-order digit of a, times d, gives a + two-digit result, then the precision of the result will increase; + otherwise it won't. We use this fact to avoid calling s_mp_pad() + unless absolutely necessary. + */ + max = USED(a); + w = dp[max - 1] * d; + if(CARRYOUT(w) != 0) { + if((res = s_mp_pad(a, max + 1)) != MP_OKAY) + return res; + dp = DIGITS(a); + } + + for(ix = 0; ix < max; ix++) { + w = (dp[ix] * d) + k; + dp[ix] = ACCUM(w); + k = CARRYOUT(w); + } + + /* If there is a precision increase, take care of it here; the above + test guarantees we have enough storage to do this safely. + */ + if(k) { + dp[max] = k; + USED(a) = max + 1; + } + + s_mp_clamp(a); + + return MP_OKAY; + +} /* end s_mp_mul_d() */ + +/* }}} */ + +/* {{{ s_mp_div_d(mp, d, r) */ + +/* + s_mp_div_d(mp, d, r) + + Compute the quotient mp = mp / d and remainder r = mp mod d, for a + single digit d. If r is null, the remainder will be discarded. + */ + +static mp_err s_mp_div_d(mp_int *mp, mp_digit d, mp_digit *r) +{ + mp_word w = 0, t; + mp_int quot; + mp_err res; + mp_digit *dp = DIGITS(mp), *qp; + int ix; + + if(d == 0) + return MP_RANGE; + + /* Make room for the quotient */ + if((res = mp_init_size(", USED(mp))) != MP_OKAY) + return res; + + USED(") = USED(mp); /* so clamping will work below */ + qp = DIGITS("); + + /* Divide without subtraction */ + for(ix = USED(mp) - 1; ix >= 0; ix--) { + w = (w << DIGIT_BIT) | dp[ix]; + + if(w >= d) { + t = w / d; + w = w % d; + } else { + t = 0; + } + + qp[ix] = t; + } + + /* Deliver the remainder, if desired */ + if(r) + *r = w; + + s_mp_clamp("); + mp_exch(", mp); + mp_clear("); + + return MP_OKAY; + +} /* end s_mp_div_d() */ + +/* }}} */ + +/* }}} */ + +/* {{{ Primitive full arithmetic */ + +/* {{{ s_mp_add(a, b) */ + +/* Compute a = |a| + |b| */ +static mp_err s_mp_add(mp_int *a, mp_int *b) /* magnitude addition */ +{ + mp_word w = 0; + mp_digit *pa, *pb; + mp_size ix, used = USED(b); + mp_err res; + + /* Make sure a has enough precision for the output value */ + if((used > USED(a)) && (res = s_mp_pad(a, used)) != MP_OKAY) + return res; + + /* + Add up all digits up to the precision of b. If b had initially + the same precision as a, or greater, we took care of it by the + padding step above, so there is no problem. If b had initially + less precision, we'll have to make sure the carry out is duly + propagated upward among the higher-order digits of the sum. + */ + pa = DIGITS(a); + pb = DIGITS(b); + for(ix = 0; ix < used; ++ix) { + w += *pa + *pb++; + *pa++ = ACCUM(w); + w = CARRYOUT(w); + } + + /* If we run out of 'b' digits before we're actually done, make + sure the carries get propagated upward... + */ + used = USED(a); + while(w && ix < used) { + w += *pa; + *pa++ = ACCUM(w); + w = CARRYOUT(w); + ++ix; + } + + /* If there's an overall carry out, increase precision and include + it. We could have done this initially, but why touch the memory + allocator unless we're sure we have to? + */ + if(w) { + if((res = s_mp_pad(a, used + 1)) != MP_OKAY) + return res; + + DIGIT(a, ix) = w; /* pa may not be valid after s_mp_pad() call */ + } + + return MP_OKAY; + +} /* end s_mp_add() */ + +/* }}} */ + +/* {{{ s_mp_sub(a, b) */ + +/* Compute a = |a| - |b|, assumes |a| >= |b| */ +static mp_err s_mp_sub(mp_int *a, mp_int *b) /* magnitude subtract */ +{ + mp_word w = 0; + mp_digit *pa, *pb; + mp_size ix, used = USED(b); + + /* + Subtract and propagate borrow. Up to the precision of b, this + accounts for the digits of b; after that, we just make sure the + carries get to the right place. This saves having to pad b out to + the precision of a just to make the loops work right... + */ + pa = DIGITS(a); + pb = DIGITS(b); + + for(ix = 0; ix < used; ++ix) { + w = (RADIX + *pa) - w - *pb++; + *pa++ = ACCUM(w); + w = CARRYOUT(w) ? 0 : 1; + } + + used = USED(a); + while(ix < used) { + w = RADIX + *pa - w; + *pa++ = ACCUM(w); + w = CARRYOUT(w) ? 0 : 1; + ++ix; + } + + /* Clobber any leading zeroes we created */ + s_mp_clamp(a); + + /* + If there was a borrow out, then |b| > |a| in violation + of our input invariant. We've already done the work, + but we'll at least complain about it... + */ + if(w) + return MP_RANGE; + else + return MP_OKAY; + +} /* end s_mp_sub() */ + +/* }}} */ + +/* {{{ s_mp_mul(a, b) */ + +/* Compute a = |a| * |b| */ +static mp_err s_mp_mul(mp_int *a, mp_int *b) +{ + mp_word w, k = 0; + mp_int tmp; + mp_err res; + mp_size ix, jx, ua = USED(a), ub = USED(b); + mp_digit *pa, *pb, *pt, *pbt; + + if((res = mp_init_size(&tmp, ua + ub)) != MP_OKAY) + return res; + + /* This has the effect of left-padding with zeroes... */ + USED(&tmp) = ua + ub; + + /* We're going to need the base value each iteration */ + pbt = DIGITS(&tmp); + + /* Outer loop: Digits of b */ + + pb = DIGITS(b); + for(ix = 0; ix < ub; ++ix, ++pb) { + if(*pb == 0) + continue; + + /* Inner product: Digits of a */ + pa = DIGITS(a); + for(jx = 0; jx < ua; ++jx, ++pa) { + pt = pbt + ix + jx; + w = *pb * *pa + k + *pt; + *pt = ACCUM(w); + k = CARRYOUT(w); + } + + pbt[ix + jx] = k; + k = 0; + } + + s_mp_clamp(&tmp); + s_mp_exch(&tmp, a); + + mp_clear(&tmp); + + return MP_OKAY; + +} /* end s_mp_mul() */ + +/* Compute a = |a| * |b| max of digs digits */ +static mp_err s_mp_mul_dig(mp_int *a, mp_int *b, int digs) +{ + mp_word w, k = 0; + mp_int tmp; + mp_err res; + mp_size ix, jx, ua = USED(a), ub = USED(b); + mp_digit *pa, *pb, *pt, *pbt; + + if((res = mp_init_size(&tmp, digs+1)) != MP_OKAY) + return res; + + /* This has the effect of left-padding with zeroes... */ + USED(&tmp) = digs+1; + + /* We're going to need the base value each iteration */ + pbt = DIGITS(&tmp); + + /* Outer loop: Digits of b */ + + ub = MIN(digs, (int)ub); + ua = MIN(digs, (int)ua); + + pb = DIGITS(b); + for(ix = 0; ix < ub; ++ix, ++pb) { + if(*pb == 0) + continue; + + /* Inner product: Digits of a */ + pa = DIGITS(a); + for(jx = 0; jx < ua; ++jx, ++pa) { + if ((int)(ix+jx) > digs) { break; } + pt = pbt + ix + jx; + w = *pb * *pa + k + *pt; + *pt = ACCUM(w); + k = CARRYOUT(w); + } + if ((int)(ix + jx) < digs) { + pbt[ix + jx] = k; + } + k = 0; + } + + USED(&tmp) = digs; + s_mp_clamp(&tmp); + s_mp_exch(&tmp, a); + + mp_clear(&tmp); + + return MP_OKAY; + +} /* end s_mp_mul() */ + +/* }}} */ + +/* {{{ s_mp_kmul(a, b, out, len) */ + +#if 0 +void s_mp_kmul(mp_digit *a, mp_digit *b, mp_digit *out, mp_size len) +{ + mp_word w, k = 0; + mp_size ix, jx; + mp_digit *pa, *pt; + + for(ix = 0; ix < len; ++ix, ++b) { + if(*b == 0) + continue; + + pa = a; + for(jx = 0; jx < len; ++jx, ++pa) { + pt = out + ix + jx; + w = *b * *pa + k + *pt; + *pt = ACCUM(w); + k = CARRYOUT(w); + } + + out[ix + jx] = k; + k = 0; + } + +} /* end s_mp_kmul() */ +#endif + +/* }}} */ + +/* {{{ s_mp_sqr(a) */ + +/* + Computes the square of a, in place. This can be done more + efficiently than a general multiplication, because many of the + computation steps are redundant when squaring. The inner product + step is a bit more complicated, but we save a fair number of + iterations of the multiplication loop. + */ +#if MP_SQUARE +static mp_err s_mp_sqr(mp_int *a) +{ + mp_word w, k = 0; + mp_int tmp; + mp_err res; + mp_size ix, jx, kx, used = USED(a); + mp_digit *pa1, *pa2, *pt, *pbt; + + if((res = mp_init_size(&tmp, 2 * used)) != MP_OKAY) + return res; + + /* Left-pad with zeroes */ + USED(&tmp) = 2 * used; + + /* We need the base value each time through the loop */ + pbt = DIGITS(&tmp); + + pa1 = DIGITS(a); + for(ix = 0; ix < used; ++ix, ++pa1) { + if(*pa1 == 0) + continue; + + w = DIGIT(&tmp, ix + ix) + (*pa1 * *pa1); + + pbt[ix + ix] = ACCUM(w); + k = CARRYOUT(w); + + /* + The inner product is computed as: + + (C, S) = t[i,j] + 2 a[i] a[j] + C + + This can overflow what can be represented in an mp_word, and + since C arithmetic does not provide any way to check for + overflow, we have to check explicitly for overflow conditions + before they happen. + */ + for(jx = ix + 1, pa2 = DIGITS(a) + jx; jx < used; ++jx, ++pa2) { + mp_word u = 0, v; + + /* Store this in a temporary to avoid indirections later */ + pt = pbt + ix + jx; + + /* Compute the multiplicative step */ + w = *pa1 * *pa2; + + /* If w is more than half MP_WORD_MAX, the doubling will + overflow, and we need to record a carry out into the next + word */ + u = (w >> (MP_WORD_BIT - 1)) & 1; + + /* Double what we've got, overflow will be ignored as defined + for C arithmetic (we've already noted if it is to occur) + */ + w *= 2; + + /* Compute the additive step */ + v = *pt + k; + + /* If we do not already have an overflow carry, check to see + if the addition will cause one, and set the carry out if so + */ + u |= ((MP_WORD_MAX - v) < w); + + /* Add in the rest, again ignoring overflow */ + w += v; + + /* Set the i,j digit of the output */ + *pt = ACCUM(w); + + /* Save carry information for the next iteration of the loop. + This is why k must be an mp_word, instead of an mp_digit */ + k = CARRYOUT(w) | (u << DIGIT_BIT); + + } /* for(jx ...) */ + + /* Set the last digit in the cycle and reset the carry */ + k = DIGIT(&tmp, ix + jx) + k; + pbt[ix + jx] = ACCUM(k); + k = CARRYOUT(k); + + /* If we are carrying out, propagate the carry to the next digit + in the output. This may cascade, so we have to be somewhat + circumspect -- but we will have enough precision in the output + that we won't overflow + */ + kx = 1; + while(k) { + k = pbt[ix + jx + kx] + 1; + pbt[ix + jx + kx] = ACCUM(k); + k = CARRYOUT(k); + ++kx; + } + } /* for(ix ...) */ + + s_mp_clamp(&tmp); + s_mp_exch(&tmp, a); + + mp_clear(&tmp); + + return MP_OKAY; + +} /* end s_mp_sqr() */ +#endif + +/* }}} */ + +/* {{{ s_mp_div(a, b) */ + +/* + s_mp_div(a, b) + + Compute a = a / b and b = a mod b. Assumes b > a. + */ + +static mp_err s_mp_div(mp_int *a, mp_int *b) +{ + mp_int quot, rem, t; + mp_word q; + mp_err res; + mp_digit d; + int ix; + + if(mp_cmp_z(b) == 0) + return MP_RANGE; + + /* Shortcut if b is power of two */ + if((ix = s_mp_ispow2(b)) >= 0) { + mp_copy(a, b); /* need this for remainder */ + s_mp_div_2d(a, (mp_digit)ix); + s_mp_mod_2d(b, (mp_digit)ix); + + return MP_OKAY; + } + + /* Allocate space to store the quotient */ + if((res = mp_init_size(", USED(a))) != MP_OKAY) + return res; + + /* A working temporary for division */ + if((res = mp_init_size(&t, USED(a))) != MP_OKAY) + goto T; + + /* Allocate space for the remainder */ + if((res = mp_init_size(&rem, USED(a))) != MP_OKAY) + goto REM; + + /* Normalize to optimize guessing */ + d = s_mp_norm(a, b); + + /* Perform the division itself...woo! */ + ix = USED(a) - 1; + + while(ix >= 0) { + /* Find a partial substring of a which is at least b */ + while(s_mp_cmp(&rem, b) < 0 && ix >= 0) { + if((res = s_mp_lshd(&rem, 1)) != MP_OKAY) + goto CLEANUP; + + if((res = s_mp_lshd(", 1)) != MP_OKAY) + goto CLEANUP; + + DIGIT(&rem, 0) = DIGIT(a, ix); + s_mp_clamp(&rem); + --ix; + } + + /* If we didn't find one, we're finished dividing */ + if(s_mp_cmp(&rem, b) < 0) + break; + + /* Compute a guess for the next quotient digit */ + q = DIGIT(&rem, USED(&rem) - 1); + if(q <= DIGIT(b, USED(b) - 1) && USED(&rem) > 1) + q = (q << DIGIT_BIT) | DIGIT(&rem, USED(&rem) - 2); + + q /= DIGIT(b, USED(b) - 1); + + /* The guess can be as much as RADIX + 1 */ + if(q >= RADIX) + q = RADIX - 1; + + /* See what that multiplies out to */ + mp_copy(b, &t); + if((res = s_mp_mul_d(&t, (mp_digit)q)) != MP_OKAY) + goto CLEANUP; + + /* + If it's too big, back it off. We should not have to do this + more than once, or, in rare cases, twice. Knuth describes a + method by which this could be reduced to a maximum of once, but + I didn't implement that here. + */ + while(s_mp_cmp(&t, &rem) > 0) { + --q; + s_mp_sub(&t, b); + } + + /* At this point, q should be the right next digit */ + if((res = s_mp_sub(&rem, &t)) != MP_OKAY) + goto CLEANUP; + + /* + Include the digit in the quotient. We allocated enough memory + for any quotient we could ever possibly get, so we should not + have to check for failures here + */ + DIGIT(", 0) = q; + } + + /* Denormalize remainder */ + if(d != 0) + s_mp_div_2d(&rem, d); + + s_mp_clamp("); + s_mp_clamp(&rem); + + /* Copy quotient back to output */ + s_mp_exch(", a); + + /* Copy remainder back to output */ + s_mp_exch(&rem, b); + +CLEANUP: + mp_clear(&rem); +REM: + mp_clear(&t); +T: + mp_clear("); + + return res; + +} /* end s_mp_div() */ + +/* }}} */ + +/* {{{ s_mp_2expt(a, k) */ + +static mp_err s_mp_2expt(mp_int *a, mp_digit k) +{ + mp_err res; + mp_size dig, bit; + + dig = k / DIGIT_BIT; + bit = k % DIGIT_BIT; + + mp_zero(a); + if((res = s_mp_pad(a, dig + 1)) != MP_OKAY) + return res; + + DIGIT(a, dig) |= (1 << bit); + + return MP_OKAY; + +} /* end s_mp_2expt() */ + +/* }}} */ + +/* {{{ s_mp_reduce(x, m, mu) */ + +/* + Compute Barrett reduction, x (mod m), given a precomputed value for + mu = b^2k / m, where b = RADIX and k = #digits(m). This should be + faster than straight division, when many reductions by the same + value of m are required (such as in modular exponentiation). This + can nearly halve the time required to do modular exponentiation, + as compared to using the full integer divide to reduce. + + This algorithm was derived from the _Handbook of Applied + Cryptography_ by Menezes, Oorschot and VanStone, Ch. 14, + pp. 603-604. + */ + +static mp_err s_mp_reduce(mp_int *x, mp_int *m, mp_int *mu) +{ + mp_int q; + mp_err res; + mp_size um = USED(m); + + if((res = mp_init_copy(&q, x)) != MP_OKAY) + return res; + + s_mp_rshd(&q, um - 1); /* q1 = x / b^(k-1) */ + s_mp_mul(&q, mu); /* q2 = q1 * mu */ + s_mp_rshd(&q, um + 1); /* q3 = q2 / b^(k+1) */ + + /* x = x mod b^(k+1), quick (no division) */ + s_mp_mod_2d(x, (mp_digit)(DIGIT_BIT * (um + 1))); + + /* q = q * m mod b^(k+1), quick (no division) */ + s_mp_mul_dig(&q, m, um + 1); +// s_mp_mod_2d(&q, (mp_digit)(DIGIT_BIT * (um + 1))); + + /* x = x - q */ + if((res = mp_sub(x, &q, x)) != MP_OKAY) + goto CLEANUP; + + /* If x < 0, add b^(k+1) to it */ + if(mp_cmp_z(x) < 0) { + mp_set(&q, 1); + if((res = s_mp_lshd(&q, um + 1)) != MP_OKAY) + goto CLEANUP; + if((res = mp_add(x, &q, x)) != MP_OKAY) + goto CLEANUP; + } + + /* Back off if it's too big */ + while(mp_cmp(x, m) >= 0) { + if((res = s_mp_sub(x, m)) != MP_OKAY) + break; + } + + CLEANUP: + mp_clear(&q); + + return res; + +} /* end s_mp_reduce() */ + +/* }}} */ + +/* }}} */ + +/* {{{ Primitive comparisons */ + +/* {{{ s_mp_cmp(a, b) */ + +/* Compare |a| <=> |b|, return 0 if equal, <0 if a0 if a>b */ +static int s_mp_cmp(mp_int *a, mp_int *b) +{ + mp_size ua = USED(a), ub = USED(b); + + if(ua > ub) + return MP_GT; + else if(ua < ub) + return MP_LT; + else { + int ix = ua - 1; + mp_digit *ap = DIGITS(a) + ix, *bp = DIGITS(b) + ix; + + while(ix >= 0) { + if(*ap > *bp) + return MP_GT; + else if(*ap < *bp) + return MP_LT; + + --ap; --bp; --ix; + } + + return MP_EQ; + } + +} /* end s_mp_cmp() */ + +/* }}} */ + +/* {{{ s_mp_cmp_d(a, d) */ + +/* Compare |a| <=> d, return 0 if equal, <0 if a0 if a>d */ +static int s_mp_cmp_d(mp_int *a, mp_digit d) +{ + mp_size ua = USED(a); + mp_digit *ap = DIGITS(a); + + if(ua > 1) + return MP_GT; + + if(*ap < d) + return MP_LT; + else if(*ap > d) + return MP_GT; + else + return MP_EQ; + +} /* end s_mp_cmp_d() */ + +/* }}} */ + +/* {{{ s_mp_ispow2(v) */ + +/* + Returns -1 if the value is not a power of two; otherwise, it returns + k such that v = 2^k, i.e. lg(v). + */ +static int s_mp_ispow2(mp_int *v) +{ + mp_digit d, *dp; + mp_size uv = USED(v); + int extra = 0, ix; + + d = DIGIT(v, uv - 1); /* most significant digit of v */ + + while(d && ((d & 1) == 0)) { + d >>= 1; + ++extra; + } + + if(d == 1) { + ix = uv - 2; + dp = DIGITS(v) + ix; + + while(ix >= 0) { + if(*dp) + return -1; /* not a power of two */ + + --dp; --ix; + } + + return ((uv - 1) * DIGIT_BIT) + extra; + } + + return -1; + +} /* end s_mp_ispow2() */ + +/* }}} */ + +/* {{{ s_mp_ispow2d(d) */ + +static int s_mp_ispow2d(mp_digit d) +{ + int pow = 0; + + while((d & 1) == 0) { + ++pow; d >>= 1; + } + + if(d == 1) + return pow; + + return -1; + +} /* end s_mp_ispow2d() */ + +/* }}} */ + +/* }}} */ + +/* {{{ Primitive I/O helpers */ + +/* {{{ s_mp_tovalue(ch, r) */ + +/* + Convert the given character to its digit value, in the given radix. + If the given character is not understood in the given radix, -1 is + returned. Otherwise the digit's numeric value is returned. + + The results will be odd if you use a radix < 2 or > 62, you are + expected to know what you're up to. + */ +static int s_mp_tovalue(char ch, int r) +{ + int val, xch; + + if(r > 36) + xch = ch; + else + xch = toupper(ch); + + if(isdigit(xch)) + val = xch - '0'; + else if(isupper(xch)) + val = xch - 'A' + 10; + else if(islower(xch)) + val = xch - 'a' + 36; + else if(xch == '+') + val = 62; + else if(xch == '/') + val = 63; + else + return -1; + + if(val < 0 || val >= r) + return -1; + + return val; + +} /* end s_mp_tovalue() */ + +/* }}} */ + +/* {{{ s_mp_todigit(val, r, low) */ + +/* + Convert val to a radix-r digit, if possible. If val is out of range + for r, returns zero. Otherwise, returns an ASCII character denoting + the value in the given radix. + + The results may be odd if you use a radix < 2 or > 64, you are + expected to know what you're doing. + */ + +char s_mp_todigit(int val, int r, int low) +{ + char ch; + + if(val < 0 || val >= r) + return 0; + + ch = s_dmap_1[val]; + + if(r <= 36 && low) + ch = tolower(ch); + + return ch; + +} /* end s_mp_todigit() */ + +/* }}} */ + +/* {{{ s_mp_outlen(bits, radix) */ + +/* + Return an estimate for how long a string is needed to hold a radix + r representation of a number with 'bits' significant bits. + + Does not include space for a sign or a NUL terminator. + */ +static int s_mp_outlen(int bits, int r) +{ + return (int)((double)bits * LOG_V_2(r)); + +} /* end s_mp_outlen() */ + +/* }}} */ + +/* }}} */ + +#endif /* MPI */ + +/*------------------------------------------------------------------------*/ +/* HERE THERE BE DRAGONS */ + + diff --git a/mycrypt.h b/mycrypt.h index dc6a107..e96c9e9 100644 --- a/mycrypt.h +++ b/mycrypt.h @@ -8,13 +8,18 @@ #include #include +/* if there is a custom definition header file use it */ +#ifdef HAVE_CUSTOM + #include "mycrypt_custom.h" +#endif + #ifdef __cplusplus extern "C" { #endif /* version */ -#define CRYPT 0x0079 -#define SCRYPT "0.79" +#define CRYPT 0x0080 +#define SCRYPT "0.80" /* max size of either a cipher/hash block or symmetric key [largest of the two] */ #define MAXBLOCKSIZE 128 diff --git a/mycrypt_cipher.h b/mycrypt_cipher.h index 81ce762..800b702 100644 --- a/mycrypt_cipher.h +++ b/mycrypt_cipher.h @@ -181,7 +181,7 @@ typedef struct Symmetric_CTR { extern struct _cipher_descriptor { char *name; unsigned char ID; - unsigned long min_key_length, max_key_length, block_length, default_rounds; + int min_key_length, max_key_length, block_length, default_rounds; int (*setup)(const unsigned char *key, int keylength, int num_rounds, symmetric_key *skey); void (*ecb_encrypt)(const unsigned char *pt, unsigned char *ct, symmetric_key *key); void (*ecb_decrypt)(const unsigned char *ct, unsigned char *pt, symmetric_key *key); diff --git a/mycrypt_macros.h b/mycrypt_macros.h index cda6b99..8824504 100644 --- a/mycrypt_macros.h +++ b/mycrypt_macros.h @@ -183,8 +183,8 @@ extern char *crypt_error; #define BSWAP(x) ( ((x>>24)&0x000000FFUL) | ((x<<24)&0xFF000000UL) | \ ((x>>8)&0x0000FF00UL) | ((x<<8)&0x00FF0000UL) ) -#define ROL(x, y) ( (((x)<<((y)&31)) | (((x)&0xFFFFFFFFUL)>>(32-((y)&31)))) & 0xFFFFFFFFUL) -#define ROR(x, y) ( ((((x)&0xFFFFFFFFUL)>>((y)&31)) | ((x)<<(32-((y)&31)))) & 0xFFFFFFFFUL) +#define ROL(x, y) ( (((unsigned long)(x)<<(unsigned long)((y)&31)) | (((unsigned long)(x)&0xFFFFFFFFUL)>>(unsigned long)(32-((y)&31)))) & 0xFFFFFFFFUL) +#define ROR(x, y) ( ((((unsigned long)(x)&0xFFFFFFFFUL)>>(unsigned long)((y)&31)) | ((unsigned long)(x)<<(unsigned long)(32-((y)&31)))) & 0xFFFFFFFFUL) #define ROL64(x, y) \ ( (((x)<<((ulong64)(y)&63)) | \ diff --git a/mycrypt_misc.h b/mycrypt_misc.h index 1c759f6..952ee62 100644 --- a/mycrypt_misc.h +++ b/mycrypt_misc.h @@ -8,7 +8,7 @@ extern int base64_decode(const unsigned char *in, unsigned long len, #endif /* ---- MEM routines ---- */ -extern void zeromem(void *dst, unsigned long len); +extern void zeromem(void *dst, size_t len); extern void burn_stack(unsigned long len); /* ch1-01-1*/ diff --git a/mycrypt_pk.h b/mycrypt_pk.h index f570741..7c3e055 100644 --- a/mycrypt_pk.h +++ b/mycrypt_pk.h @@ -154,23 +154,3 @@ extern int ecc_verify_hash(const unsigned char *sig, unsigned long siglen, const unsigned char *hash, unsigned long hashlen, int *stat, ecc_key *key); #endif - -#ifdef MDSA - -typedef struct { - int type, idx; - mp_int x, y; -} dsa_key; - -extern int dsa_test(void); - -extern int dsa_make_key(prng_state *prng, int wprng, int keysize, dsa_key *key); -extern void dsa_free(dsa_key *key); - -extern int dsa_export(unsigned char *out, unsigned long *outlen, int type, dsa_key *key); -extern int dsa_import(const unsigned char *in, unsigned long inlen, dsa_key *key); - - - -#endif - diff --git a/noekeon.c b/noekeon.c index ac44e6f..52b5d32 100644 --- a/noekeon.c +++ b/noekeon.c @@ -16,11 +16,11 @@ const struct _cipher_descriptor noekeon_desc = }; static const unsigned long RC[] = { - 0x00000080, 0x0000001b, 0x00000036, 0x0000006c, - 0x000000d8, 0x000000ab, 0x0000004d, 0x0000009a, - 0x0000002f, 0x0000005e, 0x000000bc, 0x00000063, - 0x000000c6, 0x00000097, 0x00000035, 0x0000006a, - 0x000000d4 + 0x00000080UL, 0x0000001bUL, 0x00000036UL, 0x0000006cUL, + 0x000000d8UL, 0x000000abUL, 0x0000004dUL, 0x0000009aUL, + 0x0000002fUL, 0x0000005eUL, 0x000000bcUL, 0x00000063UL, + 0x000000c6UL, 0x00000097UL, 0x00000035UL, 0x0000006aUL, + 0x000000d4UL }; static const unsigned long zero[] = { 0, 0, 0, 0 }; @@ -178,17 +178,17 @@ int noekeon_test(void) { 0x57, 0x9a, 0x6c, 0xe8, 0x91, 0x16, 0x52, 0x53, 0x32, 0x00, 0xca, 0x0a, 0x17, 0x5d, 0x28, 0x0e }; unsigned char tmp[2][16]; - int x, errno; + int err; symmetric_key skey; - if ((errno = noekeon_setup(key, 16, 0, &skey)) != CRYPT_OK) { - return errno; + if ((err = noekeon_setup(key, 16, 0, &skey)) != CRYPT_OK) { + return err; } noekeon_ecb_encrypt(pt, tmp[0], &skey); noekeon_ecb_decrypt(tmp[0], tmp[1], &skey); - if (memcmp(tmp[0], ct, 16) || memcmp(tmp[1], pt, 16)) { + if (memcmp(tmp[0], ct, 16) != 0 || memcmp(tmp[1], pt, 16) != 0) { return CRYPT_FAIL_TESTVECTOR; } diff --git a/ofb.c b/ofb.c index adef476..38609d0 100644 --- a/ofb.c +++ b/ofb.c @@ -5,14 +5,14 @@ int ofb_start(int cipher, const unsigned char *IV, const unsigned char *key, int keylen, int num_rounds, symmetric_OFB *ofb) { - int x, errno; + int x, err; _ARGCHK(IV != NULL); _ARGCHK(key != NULL); _ARGCHK(ofb != NULL); - if ((errno = cipher_is_valid(cipher)) != CRYPT_OK) { - return errno; + if ((err = cipher_is_valid(cipher)) != CRYPT_OK) { + return err; } /* copy details */ @@ -29,14 +29,14 @@ int ofb_start(int cipher, const unsigned char *IV, const unsigned char *key, int ofb_encrypt(const unsigned char *pt, unsigned char *ct, unsigned long len, symmetric_OFB *ofb) { - int errno; + int err; _ARGCHK(pt != NULL); _ARGCHK(ct != NULL); _ARGCHK(ofb != NULL); - if ((errno = cipher_is_valid(ofb->cipher)) != CRYPT_OK) { - return errno; + if ((err = cipher_is_valid(ofb->cipher)) != CRYPT_OK) { + return err; } - while (len--) { + while (len-- > 0) { if (ofb->padlen == ofb->blocklen) { cipher_descriptor[ofb->cipher].ecb_encrypt(ofb->IV, ofb->IV, &ofb->key); ofb->padlen = 0; diff --git a/packet.c b/packet.c index 84df77e..44da445 100644 --- a/packet.c +++ b/packet.c @@ -7,12 +7,12 @@ void packet_store_header(unsigned char *dst, int section, int subsection) _ARGCHK(dst != NULL); /* store version number */ - dst[0] = CRYPT&255; - dst[1] = (CRYPT>>8)&255; + dst[0] = (unsigned char)(CRYPT&255); + dst[1] = (unsigned char)((CRYPT>>8)&255); /* store section and subsection */ - dst[2] = section & 255; - dst[3] = subsection & 255; + dst[2] = (unsigned char)(section & 255); + dst[3] = (unsigned char)(subsection & 255); } @@ -23,13 +23,13 @@ int packet_valid_header(unsigned char *src, int section, int subsection) _ARGCHK(src != NULL); /* check version */ - ver = ((unsigned long)src[0]) | ((unsigned long)src[1] << 8); + ver = ((unsigned long)src[0]) | ((unsigned long)src[1] << 8U); if (CRYPT < ver) { return CRYPT_INVALID_PACKET; } /* check section and subsection */ - if (section != src[2] || subsection != src[3]) { + if (section != (int)src[2] || subsection != (int)src[3]) { return CRYPT_INVALID_PACKET; } diff --git a/prime.c b/prime.c index f8c8a12..9697585 100644 --- a/prime.c +++ b/prime.c @@ -91,7 +91,7 @@ int is_prime(mp_int *N, int *result) /* find s such that N-1 = (2^s)r */ s = 0; - while (mp_iseven(&r)) { + while (mp_iseven(&r) != 0) { ++s; if (mp_div_2(&r, &r) != MP_OKAY) { goto error; @@ -166,7 +166,7 @@ static int next_prime(mp_int *N, mp_digit step) loop: /* while one of the residues is zero keep looping */ dist = step; - for (x = 0; (dist < 65000) && (x < (long)UPPER_LIMIT); x++) { + for (x = 0; (dist < (MP_DIGIT_MAX-step-1)) && (x < (long)UPPER_LIMIT); x++) { j = (long)residues[x] + (long)dist + total_dist; if (j % (long)prime_tab[x] == 0) { dist += step; x = -1; @@ -233,7 +233,7 @@ done: int rand_prime(mp_int *N, long len, prng_state *prng, int wprng) { unsigned char buf[260]; - int errno, step, ormask; + int err, step, ormask; _ARGCHK(N != NULL); @@ -253,25 +253,25 @@ int rand_prime(mp_int *N, long len, prng_state *prng, int wprng) } /* valid PRNG? */ - if ((errno = prng_is_valid(wprng)) != CRYPT_OK) { - return errno; + if ((err = prng_is_valid(wprng)) != CRYPT_OK) { + return err; } /* read the prng */ - if (prng_descriptor[wprng].read(buf+2, len, prng) != (unsigned long)len) { + if (prng_descriptor[wprng].read(buf+2, (unsigned long)len, prng) != (unsigned long)len) { return CRYPT_ERROR_READPRNG; } /* set sign byte to zero */ - buf[0] = 0; + buf[0] = (unsigned char)0; /* Set the top byte to 0x01 which makes the number a len*8 bit number */ - buf[1] = 0x01; + buf[1] = (unsigned char)0x01; /* set the LSB to the desired settings * (1 for any prime, 3 for primes congruent to 3 mod 4) */ - buf[len+1] |= ormask; + buf[len+1] |= (unsigned char)ormask; /* read the number in */ if (mp_read_raw(N, buf, 2+len) != MP_OKAY) { @@ -279,8 +279,8 @@ int rand_prime(mp_int *N, long len, prng_state *prng, int wprng) } /* add the step size to it while N is not prime */ - if ((errno = next_prime(N, step)) != CRYPT_OK) { - return errno; + if ((err = next_prime(N, step)) != CRYPT_OK) { + return err; } #ifdef CLEAN_STACK @@ -292,5 +292,3 @@ int rand_prime(mp_int *N, long len, prng_state *prng, int wprng) #endif - - diff --git a/rc2.c b/rc2.c index 70494b2..869376f 100644 --- a/rc2.c +++ b/rc2.c @@ -66,7 +66,7 @@ int rc2_setup(const unsigned char *key, int keylen, int rounds, symmetric_key *s return CRYPT_INVALID_KEYSIZE; } - if (rounds && rounds != 16) { + if (rounds != 0 && rounds != 16) { return CRYPT_INVALID_ROUNDS; } @@ -77,24 +77,24 @@ int rc2_setup(const unsigned char *key, int keylen, int rounds, symmetric_key *s /* Phase 1: Expand input key to 128 bytes */ if (keylen < 128) { for (i = keylen; i < 128; i++) { - tmp[i] = permute[(tmp[i - 1] + tmp[i - keylen]) & 255]; + tmp[i] = permute[(int)((tmp[i - 1] + tmp[i - keylen]) & 255)]; } } /* Phase 2 - reduce effective key size to "bits" */ bits = keylen*8; - T8 = (bits+7)>>3; - TM = (255 >> (7 & -bits)); - tmp[128 - T8] = permute[tmp[128 - T8] & TM]; + T8 = (unsigned)(bits+7)>>3; + TM = (255 >> (unsigned)(7 & -bits)); + tmp[128 - T8] = permute[(int)(tmp[128 - T8] & TM)]; for (i = 127 - T8; i >= 0; i--) { - tmp[i] = permute[tmp[i + 1] ^ tmp[i + T8]]; + tmp[i] = permute[(int)(tmp[i + 1] ^ tmp[i + T8])]; } /* Phase 3 - copy to xkey in little-endian order */ i = 63; do { xkey[i] = (unsigned)tmp[2*i] + ((unsigned)tmp[2*i+1] << 8); - } while (i--); + } while (i-- > 0); #ifdef CLEAN_STACK zeromem(tmp, sizeof(tmp)); @@ -258,20 +258,20 @@ int rc2_test(void) { 0x22, 0x69, 0x55, 0x2a, 0xb0, 0xf8, 0x5c, 0xa6 } } }; - int x, errno; + int x, err; symmetric_key skey; unsigned char buf[2][8]; for (x = 0; x < (int)(sizeof(tests) / sizeof(tests[0])); x++) { zeromem(buf, sizeof(buf)); - if ((errno = rc2_setup(tests[x].key, tests[x].keylen, 0, &skey)) != CRYPT_OK) { - return errno; + if ((err = rc2_setup(tests[x].key, tests[x].keylen, 0, &skey)) != CRYPT_OK) { + return err; } rc2_ecb_encrypt(tests[x].pt, buf[0], &skey); rc2_ecb_decrypt(buf[0], buf[1], &skey); - if (memcmp(buf[0], tests[x].ct, 8) || memcmp(buf[1], tests[x].pt, 8)) { + if (memcmp(buf[0], tests[x].ct, 8) != 0 || memcmp(buf[1], tests[x].pt, 8) != 0) { return CRYPT_FAIL_TESTVECTOR; } } diff --git a/rc5.c b/rc5.c index 82866d3..ad2777c 100644 --- a/rc5.c +++ b/rc5.c @@ -42,19 +42,19 @@ int rc5_setup(const unsigned char *key, int keylen, int num_rounds, symmetric_ke /* copy the key into the L array */ for (A = i = j = 0; i < (unsigned long)keylen; ) { A = (A << 8) | ((unsigned long)(key[i++] & 255)); - if (!(i & 3)) { + if ((i & 3) == 0) { L[j++] = BSWAP(A); A = 0; } } - if (keylen & 3) { - A <<= (8 * (4 - (keylen&3))); + if ((keylen & 3) != 0) { + A <<= (unsigned long)((8 * (4 - (keylen&3)))); L[j++] = BSWAP(A); } /* setup the S array */ - t = 2 * (num_rounds + 1); + t = (unsigned long)(2 * (num_rounds + 1)); S[0] = 0xB7E15163UL; for (i = 1; i < t; i++) S[i] = S[i - 1] + 0x9E3779B9UL; @@ -175,13 +175,13 @@ int rc5_test(void) } }; unsigned char buf[2][8]; - int x, errno; + int x, err; symmetric_key key; for (x = 0; x < (int)(sizeof(tests) / sizeof(tests[0])); x++) { /* setup key */ - if ((errno = rc5_setup(tests[x].key, 16, 12, &key)) != CRYPT_OK) { - return errno; + if ((err = rc5_setup(tests[x].key, 16, 12, &key)) != CRYPT_OK) { + return err; } /* encrypt and decrypt */ @@ -189,7 +189,7 @@ int rc5_test(void) rc5_ecb_decrypt(buf[0], buf[1], &key); /* compare */ - if (memcmp(buf[0], tests[x].ct, 8) || memcmp(buf[1], tests[x].pt, 8)) { + if (memcmp(buf[0], tests[x].ct, 8) != 0 || memcmp(buf[1], tests[x].pt, 8) != 0) { return CRYPT_FAIL_TESTVECTOR; } } diff --git a/rc6.c b/rc6.c index 14fb74b..fa647ea 100644 --- a/rc6.c +++ b/rc6.c @@ -195,13 +195,13 @@ int rc6_test(void) } }; unsigned char buf[2][16]; - int x, errno; + int x, err; symmetric_key key; for (x = 0; x < (int)(sizeof(tests) / sizeof(tests[0])); x++) { /* setup key */ - if ((errno = rc6_setup(tests[x].key, tests[x].keylen, 0, &key)) != CRYPT_OK) { - return errno; + if ((err = rc6_setup(tests[x].key, tests[x].keylen, 0, &key)) != CRYPT_OK) { + return err; } /* encrypt and decrypt */ diff --git a/rsa.c b/rsa.c index 8a6a3e5..1c6b7ef 100644 --- a/rsa.c +++ b/rsa.c @@ -5,7 +5,7 @@ int rsa_make_key(prng_state *prng, int wprng, int size, long e, rsa_key *key) { mp_int p, q, tmp1, tmp2, tmp3; - int res, errno; + int res, err; _ARGCHK(key != NULL); @@ -13,12 +13,12 @@ int rsa_make_key(prng_state *prng, int wprng, int size, long e, rsa_key *key) return CRYPT_INVALID_KEYSIZE; } - if ((e < 3) || (!(e & 1))) { + if ((e < 3) || ((e & 1) == 0)) { return CRYPT_INVALID_ARG; } - if ((errno = prng_is_valid(wprng)) != CRYPT_OK) { - return errno; + if ((err = prng_is_valid(wprng)) != CRYPT_OK) { + return err; } if (mp_init_multi(&p, &q, &tmp1, &tmp2, &tmp3, NULL) != MP_OKAY) { @@ -53,9 +53,9 @@ int rsa_make_key(prng_state *prng, int wprng, int size, long e, rsa_key *key) goto error; } - mp_set_int(&key->e, e); /* key->e = e */ - if (mp_invmod(&key->e, &tmp1, &key->d) != MP_OKAY) goto error2; /* key->d = 1/e mod lcm(p-1,q-1) */ - if (mp_mul(&p, &q, &key->N) != MP_OKAY) goto error2; /* key->N = pq */ + if (mp_set_int(&key->e, e) != MP_OKAY) { goto error2; } /* key->e = e */ + if (mp_invmod(&key->e, &tmp1, &key->d) != MP_OKAY) { goto error2; } /* key->d = 1/e mod lcm(p-1,q-1) */ + if (mp_mul(&p, &q, &key->N) != MP_OKAY) { goto error2; } /* key->N = pq */ /* optimize for CRT now */ /* find d mod q-1 and d mod p-1 */ @@ -125,7 +125,7 @@ int rsa_exptmod(const unsigned char *in, unsigned long inlen, /* init and copy into tmp */ if (mp_init_multi(&tmp, &tmpa, &tmpb, NULL) != MP_OKAY) { goto error; } - if (mp_read_unsigned_bin(&tmp, (unsigned char *)in, inlen) != MP_OKAY) { goto error; } + if (mp_read_unsigned_bin(&tmp, (unsigned char *)in, (int)inlen) != MP_OKAY) { goto error; } /* sanity check on the input */ if (mp_cmp(&key->N, &tmp) == MP_LT) { @@ -151,7 +151,7 @@ int rsa_exptmod(const unsigned char *in, unsigned long inlen, } /* read it back */ - x = mp_raw_size(&tmp)-1; + x = (unsigned long)mp_unsigned_bin_size(&tmp); if (x > *outlen) { res = CRYPT_BUFFER_OVERFLOW; goto done; @@ -159,7 +159,7 @@ int rsa_exptmod(const unsigned char *in, unsigned long inlen, *outlen = x; /* convert it */ - mp_to_unsigned_bin(&tmp, out); + (void)mp_to_unsigned_bin(&tmp, out); /* clean up and return */ res = CRYPT_OK; @@ -190,11 +190,11 @@ int rsa_signpad(const unsigned char *in, unsigned long inlen, } for (y = x = 0; x < inlen; x++) - out[y++] = 0xFF; + out[y++] = (unsigned char)0xFF; for (x = 0; x < inlen; x++) out[y++] = in[x]; for (x = 0; x < inlen; x++) - out[y++] = 0xFF; + out[y++] = (unsigned char)0xFF; *outlen = 3 * inlen; return CRYPT_OK; } @@ -205,7 +205,7 @@ int rsa_pad(const unsigned char *in, unsigned long inlen, { unsigned char buf[1536]; unsigned long x; - int errno; + int err; _ARGCHK(in != NULL); _ARGCHK(out != NULL); @@ -217,8 +217,8 @@ int rsa_pad(const unsigned char *in, unsigned long inlen, } /* get random padding required */ - if ((errno = prng_is_valid(wprng)) != CRYPT_OK) { - return errno; + if ((err = prng_is_valid(wprng)) != CRYPT_OK) { + return err; } /* check inlen */ @@ -249,8 +249,7 @@ int rsa_pad(const unsigned char *in, unsigned long inlen, } /* last and first bytes are 0xFF */ - out[0] = 0xFF; - out[inlen+inlen+inlen-1] = 0xFF; + out[0] = out[inlen+inlen+inlen-1] = (unsigned char)0xFF; /* clear up and return */ #ifdef CLEAN_STACK @@ -275,7 +274,7 @@ int rsa_signdepad(const unsigned char *in, unsigned long inlen, /* check padding bytes */ for (x = 0; x < inlen/3; x++) { - if (in[x] != 0xFF || in[x+(inlen/3)+(inlen/3)] != 0xFF) { + if (in[x] != (unsigned char)0xFF || in[x+(inlen/3)+(inlen/3)] != (unsigned char)0xFF) { return CRYPT_INVALID_PACKET; } } @@ -305,10 +304,10 @@ int rsa_depad(const unsigned char *in, unsigned long inlen, #define OUTPUT_BIGNUM(num, buf2, y, z) \ { \ - z = mp_unsigned_bin_size(num); \ + z = (unsigned long)mp_unsigned_bin_size(num); \ STORE32L(z, buf2+y); \ y += 4; \ - mp_to_unsigned_bin(num, buf2+y); \ + (void)mp_to_unsigned_bin(num, buf2+y); \ y += z; \ } @@ -317,7 +316,7 @@ int rsa_depad(const unsigned char *in, unsigned long inlen, { \ /* load value */ \ if (y + 4 > inlen) { \ - errno = CRYPT_INVALID_PACKET; \ + err = CRYPT_INVALID_PACKET; \ goto error2; \ } \ LOAD32L(x, in+y); \ @@ -325,19 +324,19 @@ int rsa_depad(const unsigned char *in, unsigned long inlen, \ /* sanity check... */ \ if (y+x > inlen) { \ - errno = CRYPT_INVALID_PACKET; \ + err = CRYPT_INVALID_PACKET; \ goto error2; \ } \ \ /* load it */ \ - if (mp_read_unsigned_bin(num, (unsigned char *)in+y, x) != MP_OKAY) {\ - errno = CRYPT_MEM; \ + if (mp_read_unsigned_bin(num, (unsigned char *)in+y, (int)x) != MP_OKAY) {\ + err = CRYPT_MEM; \ goto error2; \ } \ y += x; \ \ if (mp_shrink(num) != MP_OKAY) { \ - errno = CRYPT_MEM; \ + err = CRYPT_MEM; \ goto error2; \ } \ } @@ -391,7 +390,7 @@ int rsa_export(unsigned char *out, unsigned long *outlen, int type, rsa_key *key packet_store_header(buf2, PACKET_SECT_RSA, PACKET_SUB_KEY); /* copy to the user buffer */ - memcpy(out, buf2, y); + memcpy(out, buf2, (size_t)y); *outlen = y; /* clear stack and return */ @@ -404,14 +403,14 @@ int rsa_export(unsigned char *out, unsigned long *outlen, int type, rsa_key *key int rsa_import(const unsigned char *in, unsigned long inlen, rsa_key *key) { unsigned long x, y; - int errno; + int err; _ARGCHK(in != NULL); _ARGCHK(key != NULL); /* test packet header */ - if ((errno = packet_valid_header((unsigned char *)in, PACKET_SECT_RSA, PACKET_SUB_KEY)) != CRYPT_OK) { - return errno; + if ((err = packet_valid_header((unsigned char *)in, PACKET_SECT_RSA, PACKET_SUB_KEY)) != CRYPT_OK) { + return err; } if (inlen < 1+PACKET_SIZE) { @@ -426,7 +425,7 @@ int rsa_import(const unsigned char *in, unsigned long inlen, rsa_key *key) /* get key type */ y = PACKET_SIZE; - key->type = in[y++]; + key->type = (int)in[y++]; /* load the modulus */ INPUT_BIGNUM(&key->N, in, x, y); @@ -461,7 +460,7 @@ int rsa_import(const unsigned char *in, unsigned long inlen, rsa_key *key) error2: mp_clear_multi(&key->d, &key->e, &key->N, &key->dQ, &key->dP, &key->pQ, &key->qP, &key->p, &key->q, NULL); - return errno; + return err; } #include "rsa_sys.c" diff --git a/rsa_sys.c b/rsa_sys.c index 479cfca..9a12db9 100644 --- a/rsa_sys.c +++ b/rsa_sys.c @@ -7,7 +7,7 @@ int rsa_encrypt_key(const unsigned char *inkey, unsigned long inlen, { unsigned char rsa_in[4096], rsa_out[4096]; unsigned long x, y, rsa_size; - int errno; + int err; _ARGCHK(inkey != NULL); _ARGCHK(outkey != NULL); @@ -15,19 +15,19 @@ int rsa_encrypt_key(const unsigned char *inkey, unsigned long inlen, _ARGCHK(key != NULL); /* are the parameters valid? */ - if ((errno = prng_is_valid(wprng)) != CRYPT_OK) { - return errno; + if ((err = prng_is_valid(wprng)) != CRYPT_OK) { + return err; } /* rsa_pad the symmetric key */ - y = sizeof(rsa_in); - if ((errno = rsa_pad(inkey, inlen, rsa_in, &y, wprng, prng)) != CRYPT_OK) { + y = (unsigned long)sizeof(rsa_in); + if ((err = rsa_pad(inkey, inlen, rsa_in, &y, wprng, prng)) != CRYPT_OK) { return CRYPT_ERROR; } /* rsa encrypt it */ - rsa_size = sizeof(rsa_out); - if ((errno = rsa_exptmod(rsa_in, y, rsa_out, &rsa_size, PK_PUBLIC, key)) != CRYPT_OK) { + rsa_size = (unsigned long)sizeof(rsa_out); + if ((err = rsa_exptmod(rsa_in, y, rsa_out, &rsa_size, PK_PUBLIC, key)) != CRYPT_OK) { return CRYPT_ERROR; } @@ -66,7 +66,7 @@ int rsa_decrypt_key(const unsigned char *in, unsigned long inlen, { unsigned char sym_key[MAXBLOCKSIZE], rsa_in[4096], rsa_out[4096]; unsigned long x, y, z, i, rsa_size; - int errno; + int err; _ARGCHK(in != NULL); _ARGCHK(outkey != NULL); @@ -85,8 +85,8 @@ int rsa_decrypt_key(const unsigned char *in, unsigned long inlen, } /* check the header */ - if ((errno = packet_valid_header((unsigned char *)in, PACKET_SECT_RSA, PACKET_SUB_ENC_KEY)) != CRYPT_OK) { - return errno; + if ((err = packet_valid_header((unsigned char *)in, PACKET_SECT_RSA, PACKET_SUB_ENC_KEY)) != CRYPT_OK) { + return err; } /* grab length of the rsa key */ @@ -105,15 +105,15 @@ int rsa_decrypt_key(const unsigned char *in, unsigned long inlen, } /* decrypt it */ - x = sizeof(rsa_out); - if ((errno = rsa_exptmod(rsa_in, rsa_size, rsa_out, &x, PK_PRIVATE, key)) != CRYPT_OK) { - return errno; + x = (unsigned long)sizeof(rsa_out); + if ((err = rsa_exptmod(rsa_in, rsa_size, rsa_out, &x, PK_PRIVATE, key)) != CRYPT_OK) { + return err; } /* depad it */ - z = sizeof(sym_key); - if ((errno = rsa_depad(rsa_out, x, sym_key, &z)) != CRYPT_OK) { - return errno; + z = (unsigned long)sizeof(sym_key); + if ((err = rsa_depad(rsa_out, x, sym_key, &z)) != CRYPT_OK) { + return err; } /* check size */ @@ -141,7 +141,7 @@ int rsa_sign_hash(const unsigned char *in, unsigned long inlen, { unsigned long rsa_size, x, y; unsigned char rsa_in[4096], rsa_out[4096]; - int errno; + int err; _ARGCHK(in != NULL); _ARGCHK(out != NULL); @@ -154,15 +154,15 @@ int rsa_sign_hash(const unsigned char *in, unsigned long inlen, } /* pad it */ - x = sizeof(rsa_out); - if ((errno = rsa_signpad(in, inlen, rsa_out, &x)) != CRYPT_OK) { - return errno; + x = (unsigned long)sizeof(rsa_out); + if ((err = rsa_signpad(in, inlen, rsa_out, &x)) != CRYPT_OK) { + return err; } /* sign it */ - rsa_size = sizeof(rsa_in); - if ((errno = rsa_exptmod(rsa_out, x, rsa_in, &rsa_size, PK_PRIVATE, key)) != CRYPT_OK) { - return errno; + rsa_size = (unsigned long)sizeof(rsa_in); + if ((err = rsa_exptmod(rsa_out, x, rsa_in, &rsa_size, PK_PRIVATE, key)) != CRYPT_OK) { + return err; } /* check size */ @@ -199,7 +199,7 @@ int rsa_verify_hash(const unsigned char *sig, unsigned long siglen, { unsigned long rsa_size, x, y, z; unsigned char rsa_in[4096], rsa_out[4096]; - int errno; + int err; _ARGCHK(sig != NULL); _ARGCHK(md != NULL); @@ -216,8 +216,8 @@ int rsa_verify_hash(const unsigned char *sig, unsigned long siglen, } /* verify header */ - if ((errno = packet_valid_header((unsigned char *)sig, PACKET_SECT_RSA, PACKET_SUB_SIGNED)) != CRYPT_OK) { - return errno; + if ((err = packet_valid_header((unsigned char *)sig, PACKET_SECT_RSA, PACKET_SUB_SIGNED)) != CRYPT_OK) { + return err; } /* get the len */ @@ -236,19 +236,19 @@ int rsa_verify_hash(const unsigned char *sig, unsigned long siglen, } /* exptmod it */ - x = sizeof(rsa_in); - if ((errno = rsa_exptmod(rsa_in, rsa_size, rsa_out, &x, PK_PUBLIC, key)) != CRYPT_OK) { - return errno; + x = (unsigned long)sizeof(rsa_in); + if ((err = rsa_exptmod(rsa_in, rsa_size, rsa_out, &x, PK_PUBLIC, key)) != CRYPT_OK) { + return err; } /* depad it */ - z = sizeof(rsa_in); - if ((errno = rsa_signdepad(rsa_out, x, rsa_in, &z)) != CRYPT_OK) { - return errno; + z = (unsigned long)sizeof(rsa_in); + if ((err = rsa_signdepad(rsa_out, x, rsa_in, &z)) != CRYPT_OK) { + return err; } /* check? */ - if (!memcmp(rsa_in, md, z)) { + if (memcmp(rsa_in, md, (size_t)z) == 0) { *stat = 1; } diff --git a/safer.c b/safer.c index ef831f3..9a06d46 100644 --- a/safer.c +++ b/safer.c @@ -98,32 +98,35 @@ static void Safer_Expand_Userkey(const unsigned char *userkey_1, if (SAFER_MAX_NOF_ROUNDS < nof_rounds) nof_rounds = SAFER_MAX_NOF_ROUNDS; *key++ = (unsigned char)nof_rounds; - ka[SAFER_BLOCK_LEN] = 0; - kb[SAFER_BLOCK_LEN] = 0; - for (j = 0; j < SAFER_BLOCK_LEN; j++) - { - ka[SAFER_BLOCK_LEN] ^= ka[j] = ROL8(userkey_1[j], 5); - kb[SAFER_BLOCK_LEN] ^= kb[j] = *key++ = userkey_2[j]; + ka[SAFER_BLOCK_LEN] = (unsigned char)0; + kb[SAFER_BLOCK_LEN] = (unsigned char)0; + for (j = 0; j < SAFER_BLOCK_LEN; j++) { + ka[j] = ROL8(userkey_1[j], 5); + ka[SAFER_BLOCK_LEN] ^= ka[j]; + kb[j] = *key++ = userkey_2[j]; + kb[SAFER_BLOCK_LEN] ^= kb[j]; } - for (i = 1; i <= nof_rounds; i++) - { - for (j = 0; j < SAFER_BLOCK_LEN + 1; j++) - { + for (i = 1; i <= nof_rounds; i++) { + for (j = 0; j < SAFER_BLOCK_LEN + 1; j++) { ka[j] = ROL8(ka[j], 6); kb[j] = ROL8(kb[j], 6); } - for (j = 0; j < SAFER_BLOCK_LEN; j++) - if (strengthened) + for (j = 0; j < SAFER_BLOCK_LEN; j++) { + if (strengthened) { *key++ = (ka[(j + 2 * i - 1) % (SAFER_BLOCK_LEN + 1)] - + safer_ebox[safer_ebox[18 * i + j + 1]]) & 0xFF; - else - *key++ = (ka[j] + safer_ebox[safer_ebox[18 * i + j + 1]]) & 0xFF; - for (j = 0; j < SAFER_BLOCK_LEN; j++) - if (strengthened) + + safer_ebox[(int)safer_ebox[(int)((18 * i + j + 1)&0xFF)]]) & 0xFF; + } else { + *key++ = (ka[j] + safer_ebox[(int)safer_ebox[(int)((18 * i + j + 1)&0xFF)]]) & 0xFF; + } + } + for (j = 0; j < SAFER_BLOCK_LEN; j++) { + if (strengthened) { *key++ = (kb[(j + 2 * i) % (SAFER_BLOCK_LEN + 1)] - + safer_ebox[safer_ebox[18 * i + j + 10]]) & 0xFF; - else - *key++ = (kb[j] + safer_ebox[safer_ebox[18 * i + j + 10]]) & 0xFF; + + safer_ebox[(int)safer_ebox[(int)((18 * i + j + 10)&0xFF)]]) & 0xFF; + } else { + *key++ = (kb[j] + safer_ebox[(int)safer_ebox[(int)((18 * i + j + 10)&0xFF)]]) & 0xFF; + } + } } #ifdef CLEAN_STACK @@ -149,7 +152,7 @@ int safer_k64_setup(const unsigned char *key, int keylen, int numrounds, symmetr _ARGCHK(key != NULL); _ARGCHK(skey != NULL); - if (numrounds && (numrounds < 6 || numrounds > SAFER_MAX_NOF_ROUNDS)) { + if (numrounds != 0 && (numrounds < 6 || numrounds > SAFER_MAX_NOF_ROUNDS)) { return CRYPT_INVALID_ROUNDS; } @@ -157,7 +160,7 @@ int safer_k64_setup(const unsigned char *key, int keylen, int numrounds, symmetr return CRYPT_INVALID_KEYSIZE; } - Safer_Expand_Userkey(key, key, numrounds?numrounds:SAFER_K64_DEFAULT_NOF_ROUNDS, 0, skey->safer.key); + Safer_Expand_Userkey(key, key, (unsigned int)(numrounds != 0 ?numrounds:SAFER_K64_DEFAULT_NOF_ROUNDS), 0, skey->safer.key); return CRYPT_OK; } @@ -166,7 +169,7 @@ int safer_sk64_setup(const unsigned char *key, int keylen, int numrounds, symmet _ARGCHK(key != NULL); _ARGCHK(skey != NULL); - if (numrounds && (numrounds < 6 || numrounds > SAFER_MAX_NOF_ROUNDS)) { + if (numrounds != 0 && (numrounds < 6 || numrounds > SAFER_MAX_NOF_ROUNDS)) { return CRYPT_INVALID_ROUNDS; } @@ -174,7 +177,7 @@ int safer_sk64_setup(const unsigned char *key, int keylen, int numrounds, symmet return CRYPT_INVALID_KEYSIZE; } - Safer_Expand_Userkey(key, key, numrounds?numrounds:SAFER_SK64_DEFAULT_NOF_ROUNDS, 1, skey->safer.key); + Safer_Expand_Userkey(key, key, (unsigned int)(numrounds != 0 ?numrounds:SAFER_SK64_DEFAULT_NOF_ROUNDS), 1, skey->safer.key); return CRYPT_OK; } @@ -183,7 +186,7 @@ int safer_k128_setup(const unsigned char *key, int keylen, int numrounds, symmet _ARGCHK(key != NULL); _ARGCHK(skey != NULL); - if (numrounds && (numrounds < 6 || numrounds > SAFER_MAX_NOF_ROUNDS)) { + if (numrounds != 0 && (numrounds < 6 || numrounds > SAFER_MAX_NOF_ROUNDS)) { return CRYPT_INVALID_ROUNDS; } @@ -191,7 +194,7 @@ int safer_k128_setup(const unsigned char *key, int keylen, int numrounds, symmet return CRYPT_INVALID_KEYSIZE; } - Safer_Expand_Userkey(key, key+8, numrounds?numrounds:SAFER_K128_DEFAULT_NOF_ROUNDS, 0, skey->safer.key); + Safer_Expand_Userkey(key, key+8, (unsigned int)(numrounds != 0 ?numrounds:SAFER_K128_DEFAULT_NOF_ROUNDS), 0, skey->safer.key); return CRYPT_OK; } @@ -200,7 +203,7 @@ int safer_sk128_setup(const unsigned char *key, int keylen, int numrounds, symme _ARGCHK(key != NULL); _ARGCHK(skey != NULL); - if (numrounds && (numrounds < 6 || numrounds > SAFER_MAX_NOF_ROUNDS)) { + if (numrounds != 0 && (numrounds < 6 || numrounds > SAFER_MAX_NOF_ROUNDS)) { return CRYPT_INVALID_ROUNDS; } @@ -208,7 +211,7 @@ int safer_sk128_setup(const unsigned char *key, int keylen, int numrounds, symme return CRYPT_INVALID_KEYSIZE; } - Safer_Expand_Userkey(key, key+8, numrounds?numrounds:SAFER_SK128_DEFAULT_NOF_ROUNDS, 1, skey->safer.key); + Safer_Expand_Userkey(key, key+8, (unsigned int)(numrounds != 0?numrounds:SAFER_SK128_DEFAULT_NOF_ROUNDS), 1, skey->safer.key); return CRYPT_OK; } @@ -233,7 +236,7 @@ void safer_ecb_encrypt(const unsigned char *block_in, a = block_in[0]; b = block_in[1]; c = block_in[2]; d = block_in[3]; e = block_in[4]; f = block_in[5]; g = block_in[6]; h = block_in[7]; if (SAFER_MAX_NOF_ROUNDS < (round = *key)) round = SAFER_MAX_NOF_ROUNDS; - while(round--) + while(round-- > 0) { a ^= *++key; b += *++key; c += *++key; d ^= *++key; e ^= *++key; f += *++key; g += *++key; h ^= *++key; @@ -347,16 +350,16 @@ int safer_k64_test(void) symmetric_key skey; unsigned char buf[2][8]; - int errno; + int err; /* test K64 */ - if ((errno = safer_k64_setup(k64_key, 8, 6, &skey)) != CRYPT_OK) { - return errno; + if ((err = safer_k64_setup(k64_key, 8, 6, &skey)) != CRYPT_OK) { + return err; } safer_ecb_encrypt(k64_pt, buf[0], &skey); safer_ecb_decrypt(buf[0], buf[1], &skey); - if (memcmp(buf[0], k64_ct, 8) || memcmp(buf[1], k64_pt, 8)) { + if (memcmp(buf[0], k64_ct, 8) != 0 || memcmp(buf[1], k64_pt, 8) != 0) { return CRYPT_FAIL_TESTVECTOR; } @@ -372,17 +375,17 @@ int safer_sk64_test(void) symmetric_key skey; unsigned char buf[2][8]; - int errno; + int err; /* test SK64 */ - if ((errno = safer_sk64_setup(sk64_key, 8, 6, &skey)) != CRYPT_OK) { - return errno; + if ((err = safer_sk64_setup(sk64_key, 8, 6, &skey)) != CRYPT_OK) { + return err; } safer_ecb_encrypt(sk64_pt, buf[0], &skey); safer_ecb_decrypt(buf[0], buf[1], &skey); - if (memcmp(buf[0], sk64_ct, 8) || memcmp(buf[1], sk64_pt, 8)) { + if (memcmp(buf[0], sk64_ct, 8) != 0 || memcmp(buf[1], sk64_pt, 8) != 0) { return CRYPT_FAIL_TESTVECTOR; } @@ -398,16 +401,16 @@ int safer_sk128_test(void) symmetric_key skey; unsigned char buf[2][8]; - int errno; + int err; /* test SK128 */ - if ((errno = safer_sk128_setup(sk128_key, 16, 0, &skey)) != CRYPT_OK) { - return errno; + if ((err = safer_sk128_setup(sk128_key, 16, 0, &skey)) != CRYPT_OK) { + return err; } safer_ecb_encrypt(sk128_pt, buf[0], &skey); safer_ecb_decrypt(buf[0], buf[1], &skey); - if (memcmp(buf[0], sk128_ct, 8) || memcmp(buf[1], sk128_pt, 8)) { + if (memcmp(buf[0], sk128_ct, 8) != 0 || memcmp(buf[1], sk128_pt, 8) != 0) { return CRYPT_FAIL_TESTVECTOR; } diff --git a/serpent.c b/serpent.c index b3f8ef7..235ea11 100644 --- a/serpent.c +++ b/serpent.c @@ -430,9 +430,9 @@ int serpent_setup(const unsigned char *key, int keylen, int num_rounds, symmetri } if (x < 32) { - buf[x++] = 0x01; + buf[x++] = (unsigned char)0x01; while (x < 32) { - buf[x++] = 0; + buf[x++] = (unsigned char)0; } } @@ -661,13 +661,13 @@ int serpent_test(void) }; unsigned char buf[2][16]; - int x, errno; + int x, err; symmetric_key key; for (x = 0; x < (int)(sizeof(tests) / sizeof(tests[0])); x++) { /* setup key */ - if ((errno = serpent_setup(tests[x].key, tests[x].keylen, 0, &key))!= CRYPT_OK) { - return errno; + if ((err = serpent_setup(tests[x].key, tests[x].keylen, 0, &key))!= CRYPT_OK) { + return err; } /* encrypt and decrypt */ @@ -675,7 +675,7 @@ int serpent_test(void) serpent_ecb_decrypt(buf[0], buf[1], &key); /* compare */ - if (memcmp(buf[0], tests[x].ct, 16) || memcmp(buf[1], tests[x].pt, 16)) { + if (memcmp(buf[0], tests[x].ct, 16) != 0 || memcmp(buf[1], tests[x].pt, 16) != 0) { return CRYPT_FAIL_TESTVECTOR; } } diff --git a/sha1.c b/sha1.c index 2ad6505..23f88aa 100644 --- a/sha1.c +++ b/sha1.c @@ -123,9 +123,9 @@ void sha1_process(hash_state * md, const unsigned char *buf, unsigned long len) _ARGCHK(md != NULL); _ARGCHK(buf != NULL); - while (len) { + while (len > 0) { n = MIN(len, (64 - md->sha1.curlen)); - memcpy(md->sha1.buf + md->sha1.curlen, buf, n); + memcpy(md->sha1.buf + md->sha1.curlen, buf, (size_t)n); md->sha1.curlen += n; buf += n; len -= n; @@ -150,7 +150,7 @@ void sha1_done(hash_state * md, unsigned char *hash) md->sha1.length += md->sha1.curlen * 8; /* append the '1' bit */ - md->sha1.buf[md->sha1.curlen++] = 0x80; + md->sha1.buf[md->sha1.curlen++] = (unsigned char)0x80; /* if the length is currently above 56 bytes we append zeros * then compress. Then we can fall back to padding zeros and length @@ -158,7 +158,7 @@ void sha1_done(hash_state * md, unsigned char *hash) */ if (md->sha1.curlen > 56) { while (md->sha1.curlen < 64) { - md->sha1.buf[md->sha1.curlen++] = 0; + md->sha1.buf[md->sha1.curlen++] = (unsigned char)0; } sha1_compress(md); md->sha1.curlen = 0; @@ -166,7 +166,7 @@ void sha1_done(hash_state * md, unsigned char *hash) /* pad upto 56 bytes of zeroes */ while (md->sha1.curlen < 56) { - md->sha1.buf[md->sha1.curlen++] = 0; + md->sha1.buf[md->sha1.curlen++] = (unsigned char)0; } /* store length */ @@ -185,7 +185,7 @@ void sha1_done(hash_state * md, unsigned char *hash) int sha1_test(void) { static const struct { - unsigned char *msg; + char *msg; unsigned char hash[20]; } tests[] = { { "abc", @@ -206,9 +206,9 @@ int sha1_test(void) for (i = 0; i < (int)(sizeof(tests) / sizeof(tests[0])); i++) { sha1_init(&md); - sha1_process(&md, tests[i].msg, strlen(tests[i].msg)); + sha1_process(&md, (unsigned char*)tests[i].msg, (unsigned long)strlen(tests[i].msg)); sha1_done(&md, tmp); - if (memcmp(tmp, tests[i].hash, 20)) { + if (memcmp(tmp, tests[i].hash, 20) != 0) { return CRYPT_FAIL_TESTVECTOR; } } diff --git a/sha256.c b/sha256.c index d36cff8..1b702e4 100644 --- a/sha256.c +++ b/sha256.c @@ -118,9 +118,9 @@ void sha256_process(hash_state * md, const unsigned char *buf, unsigned long len _ARGCHK(md != NULL); _ARGCHK(buf != NULL); - while (len) { + while (len > 0) { n = MIN(len, (64 - md->sha256.curlen)); - memcpy(md->sha256.buf + md->sha256.curlen, buf, n); + memcpy(md->sha256.buf + md->sha256.curlen, buf, (size_t)n); md->sha256.curlen += n; buf += n; len -= n; @@ -145,7 +145,7 @@ void sha256_done(hash_state * md, unsigned char *hash) md->sha256.length += md->sha256.curlen * 8; /* append the '1' bit */ - md->sha256.buf[md->sha256.curlen++] = 0x80; + md->sha256.buf[md->sha256.curlen++] = (unsigned char)0x80; /* if the length is currently above 56 bytes we append zeros * then compress. Then we can fall back to padding zeros and length @@ -153,7 +153,7 @@ void sha256_done(hash_state * md, unsigned char *hash) */ if (md->sha256.curlen > 56) { while (md->sha256.curlen < 64) { - md->sha256.buf[md->sha256.curlen++] = 0; + md->sha256.buf[md->sha256.curlen++] = (unsigned char)0; } sha256_compress(md); md->sha256.curlen = 0; @@ -161,7 +161,7 @@ void sha256_done(hash_state * md, unsigned char *hash) /* pad upto 56 bytes of zeroes */ while (md->sha256.curlen < 56) { - md->sha256.buf[md->sha256.curlen++] = 0; + md->sha256.buf[md->sha256.curlen++] = (unsigned char)0; } /* store length */ @@ -180,7 +180,7 @@ void sha256_done(hash_state * md, unsigned char *hash) int sha256_test(void) { static const struct { - unsigned char *msg; + char *msg; unsigned char hash[32]; } tests[] = { { "abc", @@ -203,9 +203,9 @@ int sha256_test(void) for (i = 0; i < (int)(sizeof(tests) / sizeof(tests[0])); i++) { sha256_init(&md); - sha256_process(&md, tests[i].msg, strlen(tests[i].msg)); + sha256_process(&md, (unsigned char*)tests[i].msg, (unsigned long)strlen(tests[i].msg)); sha256_done(&md, tmp); - if (memcmp(tmp, tests[i].hash, 32)) { + if (memcmp(tmp, tests[i].hash, 32) != 0) { return CRYPT_FAIL_TESTVECTOR; } } diff --git a/sha384.c b/sha384.c index 72835e9..dcd9bb2 100644 --- a/sha384.c +++ b/sha384.c @@ -52,7 +52,7 @@ void sha384_done(hash_state * md, unsigned char *hash) int sha384_test(void) { static const struct { - unsigned char *msg; + char *msg; unsigned char hash[48]; } tests[] = { { "abc", @@ -79,9 +79,9 @@ int sha384_test(void) for (i = 0; i < (int)(sizeof(tests) / sizeof(tests[0])); i++) { sha384_init(&md); - sha384_process(&md, tests[i].msg, strlen(tests[i].msg)); + sha384_process(&md, (unsigned char*)tests[i].msg, (unsigned long)strlen(tests[i].msg)); sha384_done(&md, tmp); - if (memcmp(tmp, tests[i].hash, 48)) { + if (memcmp(tmp, tests[i].hash, 48) != 0) { return CRYPT_FAIL_TESTVECTOR; } } diff --git a/sha512.c b/sha512.c index bbc4d94..732b799 100644 --- a/sha512.c +++ b/sha512.c @@ -145,9 +145,9 @@ void sha512_process(hash_state * md, const unsigned char *buf, unsigned long len unsigned long n; _ARGCHK(md != NULL); _ARGCHK(buf != NULL); - while (len) { + while (len > 0) { n = MIN(len, (128 - md->sha512.curlen)); - memcpy(md->sha512.buf + md->sha512.curlen, buf, n); + memcpy(md->sha512.buf + md->sha512.curlen, buf, (size_t)n); md->sha512.curlen += n; buf += n; len -= n; @@ -172,7 +172,7 @@ void sha512_done(hash_state * md, unsigned char *hash) md->sha512.length += md->sha512.curlen * CONST64(8); /* append the '1' bit */ - md->sha512.buf[md->sha512.curlen++] = 0x80; + md->sha512.buf[md->sha512.curlen++] = (unsigned char)0x80; /* if the length is currently above 112 bytes we append zeros * then compress. Then we can fall back to padding zeros and length @@ -180,7 +180,7 @@ void sha512_done(hash_state * md, unsigned char *hash) */ if (md->sha512.curlen > 112) { while (md->sha512.curlen < 128) { - md->sha512.buf[md->sha512.curlen++] = 0; + md->sha512.buf[md->sha512.curlen++] = (unsigned char)0; } sha512_compress(md); md->sha512.curlen = 0; @@ -191,7 +191,7 @@ void sha512_done(hash_state * md, unsigned char *hash) * > 2^64 bits of data... :-) */ while (md->sha512.curlen < 120) { - md->sha512.buf[md->sha512.curlen++] = 0; + md->sha512.buf[md->sha512.curlen++] = (unsigned char)0; } /* store length */ @@ -210,7 +210,7 @@ void sha512_done(hash_state * md, unsigned char *hash) int sha512_test(void) { static const struct { - unsigned char *msg; + char *msg; unsigned char hash[64]; } tests[] = { { "abc", @@ -241,9 +241,9 @@ int sha512_test(void) for (i = 0; i < (int)(sizeof(tests) / sizeof(tests[0])); i++) { sha512_init(&md); - sha512_process(&md, tests[i].msg, strlen(tests[i].msg)); + sha512_process(&md, (unsigned char *)tests[i].msg, (unsigned long)strlen(tests[i].msg)); sha512_done(&md, tmp); - if (memcmp(tmp, tests[i].hash, 64)) { + if (memcmp(tmp, tests[i].hash, 64) != 0) { return CRYPT_FAIL_TESTVECTOR; } } diff --git a/tiger.c b/tiger.c index 8c95253..5dcd13b 100644 --- a/tiger.c +++ b/tiger.c @@ -629,9 +629,9 @@ void tiger_process(hash_state * md, const unsigned char *buf, unsigned long len) unsigned long n; _ARGCHK(md != NULL); _ARGCHK(buf != NULL); - while (len) { + while (len > 0) { n = MIN(len, (64 - md->tiger.curlen)); - memcpy(md->tiger.buf + md->tiger.curlen, buf, n); + memcpy(md->tiger.buf + md->tiger.curlen, buf, (size_t)n); md->tiger.curlen += n; buf += n; len -= n; @@ -654,14 +654,14 @@ void tiger_done(hash_state * md, unsigned char *hash) md->tiger.length += md->tiger.curlen * 8; /* append the '1' bit */ - md->tiger.buf[md->tiger.curlen++] = 0x01; + md->tiger.buf[md->tiger.curlen++] = (unsigned char)0x01; /* if the length is currently above 56 bytes we append zeros * then compress. Then we can fall back to padding zeros and length * encoding like normal. */ if (md->tiger.curlen > 56) { while (md->tiger.curlen < 64) { - md->tiger.buf[md->tiger.curlen++] = 0; + md->tiger.buf[md->tiger.curlen++] = (unsigned char)0; } tiger_compress(md); md->tiger.curlen = 0; @@ -669,7 +669,7 @@ void tiger_done(hash_state * md, unsigned char *hash) /* pad upto 56 bytes of zeroes */ while (md->tiger.curlen < 56) { - md->tiger.buf[md->tiger.curlen++] = 0; + md->tiger.buf[md->tiger.curlen++] = (unsigned char)0; } /* store length */ @@ -688,7 +688,7 @@ void tiger_done(hash_state * md, unsigned char *hash) int tiger_test(void) { static const struct { - unsigned char *msg; + char *msg; unsigned char hash[24]; } tests[] = { { "", @@ -724,9 +724,9 @@ int tiger_test(void) for (i = 0; i < (int)(sizeof(tests) / sizeof(tests[0])); i++) { tiger_init(&md); - tiger_process(&md, tests[i].msg, strlen(tests[i].msg)); + tiger_process(&md, (unsigned char *)tests[i].msg, (unsigned long)strlen(tests[i].msg)); tiger_done(&md, tmp); - if (memcmp(tmp, tests[i].hash, 24)) { + if (memcmp(tmp, tests[i].hash, 24) != 0) { return CRYPT_FAIL_TESTVECTOR; } } diff --git a/twofish.c b/twofish.c index e43eef9..35e76d0 100644 --- a/twofish.c +++ b/twofish.c @@ -181,14 +181,14 @@ static const unsigned char qbox[2][4][16] = { #ifdef CLEAN_STACK static unsigned long _sbox(int i, unsigned long x) #else -unsigned long sbox(int i, unsigned long x) +static unsigned long sbox(int i, unsigned long x) #endif { unsigned char a0,b0,a1,b1,a2,b2,a3,b3,a4,b4,y; /* a0,b0 = [x/16], x mod 16 */ - a0 = (x>>4)&15; - b0 = (x)&15; + a0 = (unsigned char)((x>>4)&15); + b0 = (unsigned char)((x)&15); /* a1 = a0 ^ b0 */ a1 = a0 ^ b0; @@ -197,8 +197,8 @@ unsigned long sbox(int i, unsigned long x) b1 = (a0 ^ ((b0<<3)|(b0>>1)) ^ (a0<<3)) & 15; /* a2,b2 = t0[a1], t1[b1] */ - a2 = qbox[i][0][a1]; - b2 = qbox[i][1][b1]; + a2 = qbox[i][0][(int)a1]; + b2 = qbox[i][1][(int)b1]; /* a3 = a2 ^ b2 */ a3 = a2 ^ b2; @@ -207,8 +207,8 @@ unsigned long sbox(int i, unsigned long x) b3 = (a2 ^ ((b2<<3)|(b2>>1)) ^ (a2<<3)) & 15; /* a4,b4 = t2[a3], t3[b3] */ - a4 = qbox[i][2][a3]; - b4 = qbox[i][3][b3]; + a4 = qbox[i][2][(int)a3]; + b4 = qbox[i][3][(int)b3]; /* y = 16b4 + a4 */ y = (b4 << 4) + a4; @@ -233,12 +233,12 @@ static unsigned long sbox(int i, unsigned long x) static unsigned long gf_mult(unsigned long a, unsigned long b, unsigned long p) { unsigned long result = 0; - while (a) { - if (a&1) + while (a > 0) { + if ((a & 1) == 1) result ^= b; a >>= 1; b <<= 1; - if (b & 0x100) + if ((b & 0x100) == 0x100) b ^= p; } return result & 255; @@ -252,7 +252,7 @@ static void mds_mult(const unsigned char *in, unsigned char *out) unsigned char tmp[4]; for (x = 0; x < 4; x++) { - tmp[x] = 0; + tmp[x] = (unsigned char)0; for (y = 0; y < 4; y++) tmp[x] ^= gf_mult(in[y], MDS[x][y], MDS_POLY); } @@ -334,20 +334,20 @@ static void h_func(const unsigned char *in, unsigned char *out, unsigned char *M switch (k) { case 4: - y[0] = sbox(1, y[0]) ^ M[4 * (6 + offset) + 0]; - y[1] = sbox(0, y[1]) ^ M[4 * (6 + offset) + 1]; - y[2] = sbox(0, y[2]) ^ M[4 * (6 + offset) + 2]; - y[3] = sbox(1, y[3]) ^ M[4 * (6 + offset) + 3]; + y[0] = (unsigned char)(sbox(1, (unsigned long)y[0]) ^ M[4 * (6 + offset) + 0]); + y[1] = (unsigned char)(sbox(0, (unsigned long)y[1]) ^ M[4 * (6 + offset) + 1]); + y[2] = (unsigned char)(sbox(0, (unsigned long)y[2]) ^ M[4 * (6 + offset) + 2]); + y[3] = (unsigned char)(sbox(1, (unsigned long)y[3]) ^ M[4 * (6 + offset) + 3]); case 3: - y[0] = sbox(1, y[0]) ^ M[4 * (4 + offset) + 0]; - y[1] = sbox(1, y[1]) ^ M[4 * (4 + offset) + 1]; - y[2] = sbox(0, y[2]) ^ M[4 * (4 + offset) + 2]; - y[3] = sbox(0, y[3]) ^ M[4 * (4 + offset) + 3]; + y[0] = (unsigned char)(sbox(1, (unsigned long)y[0]) ^ M[4 * (4 + offset) + 0]); + y[1] = (unsigned char)(sbox(1, (unsigned long)y[1]) ^ M[4 * (4 + offset) + 1]); + y[2] = (unsigned char)(sbox(0, (unsigned long)y[2]) ^ M[4 * (4 + offset) + 2]); + y[3] = (unsigned char)(sbox(0, (unsigned long)y[3]) ^ M[4 * (4 + offset) + 3]); case 2: - y[0] = sbox(1, sbox(0, sbox(0, y[0]) ^ M[4 * (2 + offset) + 0]) ^ M[4 * (0 + offset) + 0]); - y[1] = sbox(0, sbox(0, sbox(1, y[1]) ^ M[4 * (2 + offset) + 1]) ^ M[4 * (0 + offset) + 1]); - y[2] = sbox(1, sbox(1, sbox(0, y[2]) ^ M[4 * (2 + offset) + 2]) ^ M[4 * (0 + offset) + 2]); - y[3] = sbox(0, sbox(1, sbox(1, y[3]) ^ M[4 * (2 + offset) + 3]) ^ M[4 * (0 + offset) + 3]); + y[0] = (unsigned char)(sbox(1, sbox(0, sbox(0, (unsigned long)y[0]) ^ M[4 * (2 + offset) + 0]) ^ M[4 * (0 + offset) + 0])); + y[1] = (unsigned char)(sbox(0, sbox(0, sbox(1, (unsigned long)y[1]) ^ M[4 * (2 + offset) + 1]) ^ M[4 * (0 + offset) + 1])); + y[2] = (unsigned char)(sbox(1, sbox(1, sbox(0, (unsigned long)y[2]) ^ M[4 * (2 + offset) + 2]) ^ M[4 * (0 + offset) + 2])); + y[3] = (unsigned char)(sbox(0, sbox(1, sbox(1, (unsigned long)y[3]) ^ M[4 * (2 + offset) + 3]) ^ M[4 * (0 + offset) + 3])); } mds_mult(y, out); } @@ -408,7 +408,8 @@ int twofish_setup(const unsigned char *key, int keylen, int num_rounds, symmetri #endif { #ifndef TWOFISH_SMALL - int g, z, i; + unsigned long g; + int z, i; unsigned char S[4*4]; #endif int k, x, y, start; @@ -453,7 +454,7 @@ int twofish_setup(const unsigned char *key, int keylen, int num_rounds, symmetri /* B = ROL(h(p * (2x + 1), Mo), 8) */ for (y = 0; y < 4; y++) - tmp[y] = x+x+1; + tmp[y] = (unsigned char)(x+x+1); h_func(tmp, tmp2, M, k, 1); LOAD32L(B, tmp2); B = ROL(B, 8); @@ -479,7 +480,7 @@ int twofish_setup(const unsigned char *key, int keylen, int num_rounds, symmetri z = start; /* do unkeyed substitution */ - g = sbox(qord[y][z++], x); + g = sbox((int)qord[y][z++], x); /* first subkey */ i = 0; @@ -487,11 +488,11 @@ int twofish_setup(const unsigned char *key, int keylen, int num_rounds, symmetri /* do key mixing+sbox until z==5 */ while (z != 5) { g = g ^ S[4*i++ + y]; - g = sbox(qord[y][z++], g); + g = sbox((int)qord[y][z++], g); } /* multiply g by a column of the MDS */ - skey->twofish.S[y][x] = mds_column_mult(g, y); + skey->twofish.S[y][x] = mds_column_mult((unsigned char)g, y); } } #else @@ -661,15 +662,15 @@ int twofish_test(void) symmetric_key key; unsigned char tmp[2][16]; - int errno, i; + int err, i; for (i = 0; i < (int)(sizeof(tests)/sizeof(tests[0])); i++) { - if ((errno = twofish_setup(tests[i].key, tests[i].keylen, 0, &key)) != CRYPT_OK) { - return errno; + if ((err = twofish_setup(tests[i].key, tests[i].keylen, 0, &key)) != CRYPT_OK) { + return err; } twofish_ecb_encrypt(tests[i].pt, tmp[0], &key); twofish_ecb_decrypt(tmp[0], tmp[1], &key); - if (memcmp(tmp[0], tests[i].ct, 16) || memcmp(tmp[1], tests[i].pt, 16)) { + if (memcmp(tmp[0], tests[i].ct, 16) != 0 || memcmp(tmp[1], tests[i].pt, 16) != 0) { return CRYPT_FAIL_TESTVECTOR; } } diff --git a/xtea.c b/xtea.c index 969b650..21b0840 100644 --- a/xtea.c +++ b/xtea.c @@ -116,15 +116,15 @@ int xtea_test(void) { 0x75, 0xd7, 0xc5, 0xbf, 0xcf, 0x58, 0xc9, 0x3f }; unsigned char tmp[2][8]; symmetric_key skey; - int errno; + int err; - if ((errno = xtea_setup(key, 16, 0, &skey)) != CRYPT_OK) { - return errno; + if ((err = xtea_setup(key, 16, 0, &skey)) != CRYPT_OK) { + return err; } xtea_ecb_encrypt(pt, tmp[0], &skey); xtea_ecb_decrypt(tmp[0], tmp[1], &skey); - if (memcmp(tmp[0], ct, 8) || memcmp(tmp[1], pt, 8)) { + if (memcmp(tmp[0], ct, 8) != 0 || memcmp(tmp[1], pt, 8) != 0) { return CRYPT_FAIL_TESTVECTOR; } diff --git a/yarrow.c b/yarrow.c index 91db606..8827c38 100644 --- a/yarrow.c +++ b/yarrow.c @@ -13,7 +13,7 @@ const struct _prng_descriptor yarrow_desc = int yarrow_start(prng_state *prng) { - int errno; + int err; _ARGCHK(prng != NULL); @@ -45,8 +45,8 @@ int yarrow_start(prng_state *prng) #elif #error YARROW needs at least one CIPHER #endif - if ((errno = cipher_is_valid(prng->yarrow.cipher)) != CRYPT_OK) { - return errno; + if ((err = cipher_is_valid(prng->yarrow.cipher)) != CRYPT_OK) { + return err; } #ifdef SHA256 @@ -68,8 +68,8 @@ int yarrow_start(prng_state *prng) #else #error YARROW needs at least one HASH #endif - if ((errno = hash_is_valid(prng->yarrow.hash)) != CRYPT_OK) { - return errno; + if ((err = hash_is_valid(prng->yarrow.hash)) != CRYPT_OK) { + return err; } /* zero the memory used */ @@ -81,13 +81,13 @@ int yarrow_start(prng_state *prng) int yarrow_add_entropy(const unsigned char *buf, unsigned long len, prng_state *prng) { hash_state md; - int errno; + int err; _ARGCHK(buf != NULL); _ARGCHK(prng != NULL); - if ((errno = hash_is_valid(prng->yarrow.hash)) != CRYPT_OK) { - return errno; + if ((err = hash_is_valid(prng->yarrow.hash)) != CRYPT_OK) { + return err; } /* start the hash */ @@ -107,26 +107,26 @@ int yarrow_add_entropy(const unsigned char *buf, unsigned long len, prng_state * int yarrow_ready(prng_state *prng) { - int ks, errno; + int ks, err; _ARGCHK(prng != NULL); - if ((errno = hash_is_valid(prng->yarrow.hash)) != CRYPT_OK) { - return errno; + if ((err = hash_is_valid(prng->yarrow.hash)) != CRYPT_OK) { + return err; } - if ((errno = cipher_is_valid(prng->yarrow.cipher)) != CRYPT_OK) { - return errno; + if ((err = cipher_is_valid(prng->yarrow.cipher)) != CRYPT_OK) { + return err; } /* setup CTR mode using the "pool" as the key */ - ks = hash_descriptor[prng->yarrow.hash].hashsize; - if ((errno = cipher_descriptor[prng->yarrow.cipher].keysize(&ks)) != CRYPT_OK) { - return errno; + ks = (int)hash_descriptor[prng->yarrow.hash].hashsize; + if ((err = cipher_descriptor[prng->yarrow.cipher].keysize(&ks)) != CRYPT_OK) { + return err; } - if ((errno = ctr_start(prng->yarrow.cipher, prng->yarrow.pool, prng->yarrow.pool, ks, 0, &prng->yarrow.ctr)) != CRYPT_OK) { - return errno; + if ((err = ctr_start(prng->yarrow.cipher, prng->yarrow.pool, prng->yarrow.pool, ks, 0, &prng->yarrow.ctr)) != CRYPT_OK) { + return err; } return CRYPT_OK; }