strerror.o utimes.o mktemp.o setitimer.o strpbrk.o \
writev.o
-SUBDIRS = bsd cylink dnssafe dst include inet irs isc nameser resolv
-
-OBJS= prand_conf.@O@
-
-SRCS= prand_conf.c
+SUBDIRS = bsd dst include inet irs isc nameser resolv
@BIND9_MAKE_RULES@
-all depend: prand_conf.h
-
-prand_conf.h: prand_conf
- ./prand_conf > $@
-
-prand_conf: ${OBJS}
- ${CC} -o $@ ${OBJS}
+all depend:
esyscmd([sed "s/^/# /" COPYRIGHT])dnl
AC_DIVERT_POP()dnl
-AC_REVISION($Revision: 1.6 $)
+AC_REVISION($Revision: 1.7 $)
AC_INIT(resolv/herror.c)
AC_PREREQ(2.13)
AC_SUBST(WANT_IRS_NISGR_OBJS)
AC_SUBST(WANT_IRS_NISPW_OBJS)
-#
-# was --with-openssl specified?
-#
-AC_MSG_CHECKING(for compatible OpenSSL library)
-AC_ARG_WITH(openssl,
-[ --with-openssl=PATH Specify path for system-supplied openssl
- (rather than using bind-9 internal openssl)],
- use_openssl="$withval", use_openssl="no")
-
-#
-# If the user didn't specify where openssl is, and we didn't find or it
-# is incompatible with our code, use our internal one.
-#
-# XXX This appears to assume that the user specified path is correct,
-# and does no checking.
-#
-
-case "$use_openssl" in
- no)
- DST_PRIVATEOPENSSL='-DDST_USE_PRIVATE_OPENSSL'
- dst_privateopenssl='openssl'
- DST_OPENSSL_INC='-I${srcdir}/../openssl/include'
- DST_OPENSSL_LIB=''
- DST_OPENSSL_OBJS='${OPENSSLOBJS}'
- AC_MSG_RESULT(using private library)
- openssl_makefiles="lib/dns/sec/openssl/Makefile \
- lib/dns/sec/openssl/include/Makefile \
- lib/dns/sec/openssl/include/openssl/Makefile"
-
- ;;
- yes)
- AC_MSG_ERROR([--with-openssl must specify a path])
- ;;
- *)
- DST_PRIVATEOPENSSL=''
- dst_privateopenssl=''
- DST_OPENSSL_INC="-I$use_openssl/include"
- DNS_OPENSSL_LIBS="-L$use_openssl/lib -lcrypto"
- DST_OPENSSL_LIB=''
- AC_MSG_RESULT(using openssl from $use_openssl/lib and $use_openssl/include)
- openssl_makefiles=""
- ;;
-esac
-
-AC_SUBST(DST_PRIVATEOPENSSL)
-AC_SUBST(dst_privateopenssl)
-AC_SUBST(DST_OPENSSL_INC)
-AC_SUBST(DST_OPENSSL_LIB)
-AC_SUBST(DST_OPENSSL_OBJS)
-
-#
-# This would include the system openssl path (and linker options to use
-# it as needed) if it is found.
-#
-
-AC_SUBST(DNS_OPENSSL_LIBS)
-
-#
-# was --with-gssapi specified?
-#
-#AC_MSG_CHECKING(for GSSAPI library)
-#AC_ARG_WITH(gssapi,
-#[ --with-gssapi=PATH Specify path for system-supplied GSSAPI],
-# use_gssapi="$withval", use_gssapi="no")
-#
-#case "$use_gssapi" in
-# no)
-# USE_GSSAPI=''
-# DST_GSSAPI_INC=''
-# DNS_GSSAPI_LIBS=''
-# AC_MSG_RESULT(not specified)
-# ;;
-# yes)
-# AC_MSG_ERROR([--with-gssapi must specify a path])
-# ;;
-# *)
-# USE_GSSAPI='-DGSSAPI'
-# DST_GSSAPI_INC="-I$use_gssapi/include"
-# DNS_GSSAPI_LIBS="-L$use_gssapi/lib -lgssapi_krb5"
-# AC_MSG_RESULT(using gssapi from $use_gssapi/lib and $use_gssapi/include)
-# ;;
-#esac
-
-USE_GSSAPI=''
-DST_GSSAPI_INC=''
-DNS_GSSAPI_LIBS=''
-
-AC_SUBST(USE_GSSAPI)
-AC_SUBST(DST_GSSAPI_INC)
-AC_SUBST(DNS_GSSAPI_LIBS)
-
#
# was --with-randomdev specified?
#
make/includes
Makefile
bsd/Makefile
- cylink/Makefile
- dnssafe/Makefile
dst/Makefile
include/Makefile
inet/Makefile
+++ /dev/null
-OBJS= bn.@O@ bn00.@O@ lbn00.@O@ lbnmem.@O@ legal.@O@ \
- bits.@O@ dss.@O@ math.@O@ ctk_prime.@O@ rand.@O@ sha.@O@ swap.@O@
-
-SRCS= bn.c bn00.c lbn00.c lbnmem.c legal.c \
- bits.c dss.c math.c ctk_prime.c rand.c sha.c swap.c
-
-TARGETS= ${OBJS}
-
-CINCLUDES= -I.. -I../include
-CWARNINGS= -Werror
-
-@BIND9_MAKE_RULES@
+++ /dev/null
-/*
- * Cylink Corporation © 1998
- *
- * This software is licensed by Cylink to the Internet Software Consortium to
- * promote implementation of royalty free public key cryptography within IETF
- * standards. Cylink wishes to expressly thank the contributions of Dr.
- * Martin Hellman, Whitfield Diffie, Ralph Merkle and Stanford University for
- * their contributions to Internet Security. In accordance with the terms of
- * this license, ISC is authorized to distribute and sublicense this software
- * for the practice of IETF standards.
- *
- * The software includes BigNum, written by Colin Plumb and licensed by Philip
- * R. Zimmermann for royalty free use and distribution with Cylink's
- * software. Use of BigNum as a stand alone product or component is
- * specifically prohibited.
- *
- * Disclaimer of All Warranties. THIS SOFTWARE IS BEING PROVIDED "AS IS",
- * WITHOUT ANY EXPRESSED OR IMPLIED WARRANTY OF ANY KIND WHATSOEVER. IN
- * PARTICULAR, WITHOUT LIMITATION ON THE GENERALITY OF THE FOREGOING, CYLINK
- * MAKES NO REPRESENTATION OF THIS SOFTWARE OR ITS FITNESS FOR ANY PARTICULAR
- * PURPOSE.
- *
- * Cylink or its representatives shall not be liable for tort, indirect,
- * special or consequential damages such as loss of profits or loss of
- * goodwill from the use or inability to use the software for any purpose or
- * for any reason whatsoever.
- *
- * EXPORT LAW: Export of the Foundations Suite may be subject to compliance
- * with the rules and regulations promulgated from time to time by the Bureau
- * of Export Administration, United States Department of Commerce, which
- * restrict the export and re-export of certain products and technical data.
- * If the export of the Foundations Suite is controlled under such rules and
- * regulations, then the Foundations Suite shall not be exported or
- * re-exported, directly or indirectly, (a) without all export or re-export
- * licenses and governmental approvals required by any applicable laws, or (b)
- * in violation of any applicable prohibition against the export or re-export
- * of any part of the Foundations Suite. All export licenses for software
- * containing the Foundations Suite are the sole responsibility of the licensee.
- */
-
-/****************************************************************************
-* FILENAME: bit.c PRODUCT NAME: CRYPTOGRAPHIC TOOLKIT
-*
-* FILE STATUS:
-*
-* DESCRIPTION: Bit Utility Functions
-*
-* PUBLIC FUNCTIONS:
-*
-*
-* PRIVATE FUNCTIONS:
-*
-* REVISION HISTORY:
-*
-*
-****************************************************************************/
-
-/****************************************************************************
-* INCLUDE FILES
-****************************************************************************/
-/* bn files */
-#include "port_before.h"
-#include <sys/types.h>
-#include "bn.h"
-/* system files */
-#ifdef VXD
-#include <vtoolsc.h>
-#else
-#include <stdlib.h>
-#include <string.h>
-#endif
-/* program files */
-#include "cylink.h"
-#include "ctk_endian.h"
-#include "c_asm.h"
-#include "port_after.h"
-
-
-/****************************************************************************
-* NAME: void RShiftL( ord *X,
-* u_int32_t len_X,
-* u_int32_t n_bit )
-*
-* DESCRIPTION: Shift array to the right by n_bit.
-*
-* INPUTS:
-* PARAMETERS:
-* ord *X Pointer to array
-* u_int32_t len_X Length of array
-* u_int32_t n_bit Number of bits
-* OUTPUT:
-* PARAMETERS:
-* ord *X Pointer to array
-*
-* RETURN:
-*
-* REVISION HISTORY:
-*
-* 24 Sep 94 KPZ Initial release
-* 14 Oct 94 GKL Second version (big endian support)
-*
-****************************************************************************/
-
-void RShiftL_big( ord *X,
- u_int32_t len_X,
- u_int32_t n_bit )
-{
-
-struct BigNum dest;
-bnInit();
-bnBegin(&dest);
-
-dest.ptr = X;
-dest.size = len_X;
-dest.allocated = len_X;
-
-bnRShift(&dest,n_bit);
-
-}
-
-/****************************************************************************
-* NAME: void LShiftL( ord *X,
-* u_int32_t len_X,
-* u_int32_t n_bit )
-*
-* DESCRIPTION: Shifts array to the left by n_bit.
-*
-* INPUTS:
-* PARAMETERS:
-* ord *X Pointer to array
-* u_int32_t len_X Length of array
-* u_int32_t n_bit Number of bits
-* OUTPUT:
-* PARAMETERS:
-* ord *X Pointer to array
-*
-* RETURN:
-*
-* REVISION HISTORY:
-*
-* 24 Sep 94 KPZ Initial release
-* 14 Oct 94 GKL Second version (big endian support)
-*
-****************************************************************************/
-
-void LShiftL_big( ord *X,
- u_int32_t len_X,
- u_int32_t n_bit )
-{
-struct BigNum dest;
-bnInit();
-bnBegin(&dest);
-
-dest.ptr = X;
-dest.size = len_X;
-dest.allocated = len_X;
-
-bnLShift(&dest,n_bit);
-}
-
-/************9****************************************************************
-* NAME: int RShiftMostBit( ord *a,
-* u_int32_t len )
-*
-* DESCRIPTION: Find a least significant non zero bit
-* and sfift array to the right
-*
-* INPUTS:
-* PARAMETERS:
-* ord *a Pointer to array
-* u_int32_t len Number of elements in number
-* OUTPUT:
-*
-* RETURN:
-* Number of shifted bits
-*
-* REVISION HISTORY:
-*
-*
-* 24 Sep 94 KPZ Initial release
-* 14 Oct 94 GKL Second version (big endian support)
-*
-****************************************************************************/
-
-int RShiftMostBit( ord *a,
- u_int32_t len )
-{
-
-struct BigNum n;
-bnInit();
-bnBegin(&n);
-
-n.size = len;
-n.ptr = a;
-n.allocated = len;
-
-return (bnMakeOdd(&n));
-
-}
-
-
-/****************************************************************************
-* NAME: void ByteLong (uchar *X, u_int32_t X_bytes,
-* u_int32_t *Y )
-*
-*
-* DESCRIPTION: Transfer bytes to u_int32_t.
-*
-* INPUTS:
-* PARAMETERS:
-* uchar *X Pointer to byte array
-* u_int32_t X_bytes Number of bytes in array
-* OUTPUT:
-* PARAMETERS:
-* u_int32_t *Y Pointer to long arrray
-*
-* RETURN:
-*
-*
-* REVISION HISTORY:
-*
-* 24 Sep 94 KPZ Initial release
-* 14 Oct 94 GKL Second version (big endian support)
-*
-****************************************************************************/
-
-void ByteLong( uchar *X,
- u_int32_t X_bytes,
- u_int32_t *Y )
-{
- u_int32_t i, j; /* counters */
- for ( i = 0, j = 0; j < X_bytes; i++, j += 4)
- {
- Y[i] = ( (u_int32_t)X[j] ) | ( ((u_int32_t)X[j+1]) << 8 ) |
- ( ((u_int32_t)X[j+2]) << 16 ) | ( ((u_int32_t)X[j+3]) << 24 );
- }
-}
-
-/****************************************************************************
-* NAME: void ByteOrd (uchar *X, u_int32_t X_bytes,
-* ord *Y )
-*
-*
-* DESCRIPTION: Transfer bytes to ord.
-*
-* INPUTS:
-* PARAMETERS:
-* uchar *X Pointer to byte array
-* u_int32_t X_bytes Number of bytes in array
-* OUTPUT:
-* PARAMETERS:
-* ord *Y Pointer to long array
-*
-* RETURN:
-*
-*
-* REVISION HISTORY:
-*
-* 24 Sep 94 KPZ Initial release
-* 14 Oct 94 GKL Second version (big endian support)
-*
-****************************************************************************/
-
-void ByteOrd( uchar *X,
- u_int32_t X_bytes,
- ord *Y )
-{
- u_int32_t i, j; /* counters */
- for ( i = 0, j = 0; j < X_bytes; i++, j += sizeof(ord))
- {
- Y[i] = ( (ord)X[j] ) | ( ((ord)X[j+1]) << 8 )
-#ifdef ORD_32
- | ( ((ord)X[j+2]) << 16 ) | ( ((ord)X[j+3]) << 24 )
-#endif
- ;
- }
-}
-
-/****************************************************************************
-* NAME: void OrdByte (ord *X, u_int32_t X_bytes,
-* uchar *Y )
-*
-*
-* DESCRIPTION: Transfer ord to bytes.
-*
-* INPUTS:
-* PARAMETERS:
-* ord *X Pointer to ord array
-* u_int32_t X_bytes Number of bytes in array
-* OUTPUT:
-* PARAMETERS:
-* uchar *Y Pointer to byte array
-*
-* RETURN:
-*
-*
-* REVISION HISTORY:
-*
-* 24 Sep 94 KPZ Initial release
-* 14 Oct 94 GKL Second version (big endian support)
-*
-****************************************************************************/
-
-void OrdByte( ord *X,
- u_int32_t X_bytes,
- uchar *Y )
-{
- u_int32_t i, j; /* counters */
- for ( i=0, j=0; j < X_bytes; i++, j += sizeof(ord))
- {
- Y[j] = (uchar ) ( X[i] & 0xff );
- Y[j+1] = (uchar)( (X[i] >> 8) & 0xff );
-#ifdef ORD_32
- Y[j+2] = (uchar)( (X[i] >> 16) & 0xff );
- Y[j+3] = (uchar)( (X[i] >> 24) & 0xff );
-#endif
- }
-}
-
-/****************************************************************************
-* NAME: void LongByte( u_int32_t *X,
-* u_int32_t X_bytes,
-* uchar *Y )
-*
-* DESCRIPTION: Transfer u_int32_t to bytes.
-*
-* INPUTS:
-* PARAMETERS:
-* u_int32_t *X Pointer to long array
-* u_int32_t X_bytes Number of longs in array
-* OUTPUT:
-* PARAMETERS:
-* uchar *Y Pointer to bytes array
-*
-* RETURN:
-*
-*
-* REVISION HISTORY:
-*
-* 24 Sep 94 KPZ Initial release
-* 14 Oct 94 GKL Second version (big endian support)
-*
-****************************************************************************/
-
-void LongByte( u_int32_t *X,
- u_int32_t X_bytes,
- uchar *Y )
-{
- u_int32_t i, j; /* counters */
- for ( i=0, j=0; j < X_bytes; i++, j += 4)
- {
- Y[j] = (uchar ) ( X[i] & 0xff );
- Y[j+1] = (uchar)( (X[i] >> 8) & 0xff );
- Y[j+2] = (uchar)( (X[i] >> 16) & 0xff );
- Y[j+3] = (uchar)( (X[i] >> 24) & 0xff );
- }
-}
-
-
+++ /dev/null
-/*
- * Cylink Corporation © 1998
- *
- * This software is licensed by Cylink to the Internet Software Consortium to
- * promote implementation of royalty free public key cryptography within IETF
- * standards. Cylink wishes to expressly thank the contributions of Dr.
- * Martin Hellman, Whitfield Diffie, Ralph Merkle and Stanford University for
- * their contributions to Internet Security. In accordance with the terms of
- * this license, ISC is authorized to distribute and sublicense this software
- * for the practice of IETF standards.
- *
- * The software includes BigNum, written by Colin Plumb and licensed by Philip
- * R. Zimmermann for royalty free use and distribution with Cylink's
- * software. Use of BigNum as a stand alone product or component is
- * specifically prohibited.
- *
- * Disclaimer of All Warranties. THIS SOFTWARE IS BEING PROVIDED "AS IS",
- * WITHOUT ANY EXPRESSED OR IMPLIED WARRANTY OF ANY KIND WHATSOEVER. IN
- * PARTICULAR, WITHOUT LIMITATION ON THE GENERALITY OF THE FOREGOING, CYLINK
- * MAKES NO REPRESENTATION OF THIS SOFTWARE OR ITS FITNESS FOR ANY PARTICULAR
- * PURPOSE.
- *
- * Cylink or its representatives shall not be liable for tort, indirect,
- * special or consequential damages such as loss of profits or loss of
- * goodwill from the use or inability to use the software for any purpose or
- * for any reason whatsoever.
- *
- * EXPORT LAW: Export of the Foundations Suite may be subject to compliance
- * with the rules and regulations promulgated from time to time by the Bureau
- * of Export Administration, United States Department of Commerce, which
- * restrict the export and re-export of certain products and technical data.
- * If the export of the Foundations Suite is controlled under such rules and
- * regulations, then the Foundations Suite shall not be exported or
- * re-exported, directly or indirectly, (a) without all export or re-export
- * licenses and governmental approvals required by any applicable laws, or (b)
- * in violation of any applicable prohibition against the export or re-export
- * of any part of the Foundations Suite. All export licenses for software
- * containing the Foundations Suite are the sole responsibility of the licensee.
- */
-
-/*
- * bn.c - the high-level bignum interface
- *
- * Copyright (c) 1995 Colin Plumb. All rights reserved.
- * For licensing and other legal details, see the file legal.c.
- */
-
-#include "port_before.h"
-#include "bn.h"
-#include "port_after.h"
-
-/* Functions */
-void
-bnBegin(struct BigNum *bn)
-{
- static int bninit = 0;
-
- if (!bninit) {
- bnInit();
- bninit = 1;
- }
-
- bn->ptr = 0;
- bn->size = 0;
- bn->allocated = 0;
-}
-
-void
-bnSwap(struct BigNum *a, struct BigNum *b)
-{
- void *p;
- unsigned t;
-
- p = a->ptr;
- a->ptr = b->ptr;
- b->ptr = p;
-
- t = a->size;
- a->size = b->size;
- b->size = t;
-
- t = a->allocated;
- a->allocated = b->allocated;
- b->allocated = t;
-}
-
-void (*bnEnd)(struct BigNum *bn);
-int (*bnPrealloc)(struct BigNum *bn, unsigned bits);
-int (*bnCopy)(struct BigNum *dest, struct BigNum const *src);
-void (*bnNorm)(struct BigNum *bn);
-void (*bnExtractBigBytes)(struct BigNum const *bn, unsigned char *dest,
- unsigned lsbyte, unsigned len);
-int (*bnInsertBigBytes)(struct BigNum *bn, unsigned char const *src,
- unsigned lsbyte, unsigned len);
-void (*bnExtractLittleBytes)(struct BigNum const *bn, unsigned char *dest,
- unsigned lsbyte, unsigned len);
-int (*bnInsertLittleBytes)(struct BigNum *bn, unsigned char const *src,
- unsigned lsbyte, unsigned len);
-unsigned (*bnLSWord)(struct BigNum const *src);
-unsigned (*bnBits)(struct BigNum const *src);
-int (*bnAdd)(struct BigNum *dest, struct BigNum const *src);
-int (*bnSub)(struct BigNum *dest, struct BigNum const *src);
-int (*bnCmpQ)(struct BigNum const *a, unsigned b);
-int (*bnSetQ)(struct BigNum *dest, unsigned src);
-int (*bnAddQ)(struct BigNum *dest, unsigned src);
-int (*bnSubQ)(struct BigNum *dest, unsigned src);
-int (*bnCmp)(struct BigNum const *a, struct BigNum const *b);
-int (*bnSquare)(struct BigNum *dest, struct BigNum const *src);
-int (*bnMul)(struct BigNum *dest, struct BigNum const *a,
- struct BigNum const *b);
-int (*bnMulQ)(struct BigNum *dest, struct BigNum const *a, unsigned b);
-int (*bnDivMod)(struct BigNum *q, struct BigNum *r, struct BigNum const *n,
- struct BigNum const *d);
-int (*bnMod)(struct BigNum *dest, struct BigNum const *src,
- struct BigNum const *d);
-unsigned (*bnModQ)(struct BigNum const *src, unsigned d);
-int (*bnExpMod)(struct BigNum *result, struct BigNum const *n,
- struct BigNum const *exp, struct BigNum const *mod);
-int (*bnDoubleExpMod)(struct BigNum *dest,
- struct BigNum const *n1, struct BigNum const *e1,
- struct BigNum const *n2, struct BigNum const *e2,
- struct BigNum const *mod);
-int (*bnTwoExpMod)(struct BigNum *n, struct BigNum const *exp,
- struct BigNum const *mod);
-int (*bnGcd)(struct BigNum *dest, struct BigNum const *a,
- struct BigNum const *b);
-int (*bnInv)(struct BigNum *dest, struct BigNum const *src,
- struct BigNum const *mod);
-int (*bnLShift)(struct BigNum *dest, unsigned amt);
-void (*bnRShift)(struct BigNum *dest, unsigned amt);
-unsigned (*bnMakeOdd)(struct BigNum *n);
+++ /dev/null
-/*
- * Cylink Corporation © 1998
- *
- * This software is licensed by Cylink to the Internet Software Consortium to
- * promote implementation of royalty free public key cryptography within IETF
- * standards. Cylink wishes to expressly thank the contributions of Dr.
- * Martin Hellman, Whitfield Diffie, Ralph Merkle and Stanford University for
- * their contributions to Internet Security. In accordance with the terms of
- * this license, ISC is authorized to distribute and sublicense this software
- * for the practice of IETF standards.
- *
- * The software includes BigNum, written by Colin Plumb and licensed by Philip
- * R. Zimmermann for royalty free use and distribution with Cylink's
- * software. Use of BigNum as a stand alone product or component is
- * specifically prohibited.
- *
- * Disclaimer of All Warranties. THIS SOFTWARE IS BEING PROVIDED "AS IS",
- * WITHOUT ANY EXPRESSED OR IMPLIED WARRANTY OF ANY KIND WHATSOEVER. IN
- * PARTICULAR, WITHOUT LIMITATION ON THE GENERALITY OF THE FOREGOING, CYLINK
- * MAKES NO REPRESENTATION OF THIS SOFTWARE OR ITS FITNESS FOR ANY PARTICULAR
- * PURPOSE.
- *
- * Cylink or its representatives shall not be liable for tort, indirect,
- * special or consequential damages such as loss of profits or loss of
- * goodwill from the use or inability to use the software for any purpose or
- * for any reason whatsoever.
- *
- * EXPORT LAW: Export of the Foundations Suite may be subject to compliance
- * with the rules and regulations promulgated from time to time by the Bureau
- * of Export Administration, United States Department of Commerce, which
- * restrict the export and re-export of certain products and technical data.
- * If the export of the Foundations Suite is controlled under such rules and
- * regulations, then the Foundations Suite shall not be exported or
- * re-exported, directly or indirectly, (a) without all export or re-export
- * licenses and governmental approvals required by any applicable laws, or (b)
- * in violation of any applicable prohibition against the export or re-export
- * of any part of the Foundations Suite. All export licenses for software
- * containing the Foundations Suite are the sole responsibility of the licensee.
- */
-
-/*
- * bn.h - the interface to the bignum routines.
- * All functions which return ints can potentially allocate memory
- * and return -1 if they are unable to. All "const" arguments
- * are unmodified.
- *
- * This is not particularly asymmetric, as some operations are of the
- * form a = b @ c, while others do a @= b. In general, outputs may not
- * point to the same struct BigNums as inputs, except as specified
- * below. This relationship is referred to as "being the same as".
- * This is not numerical equivalence.
- *
- * The "Q" operations take "unsigned" inputs. Higher values of the
- * extra input may work on some implementations, but 65535 is the
- * highest portable value. Just because UNSIGNED_MAX is larger than
- * that, or you know that the word size of the library is larger than that,
- * that, does *not* mean it's allowed.
- */
-#ifndef BN_H
-#define BN_H
-
-struct BigNum {
- void *ptr;
- unsigned size; /* Note: in (variable-sized) words */
- unsigned allocated;
-};
-
-/* Functions */
-
-/*
- * You usually never have to call this function explicitly, as
- * bnBegin() takes care of it. If the program jumps to address 0,
- * this function has bot been called.
- */
-void bnInit(void);
-
-/*
- * This initializes an empty struct BigNum to a zero value.
- * Do not use this on a BigNum which has had a value stored in it!
- */
-void bnBegin(struct BigNum *bn);
-
-/* Swap two BigNums. Cheap. */
-void bnSwap(struct BigNum *a, struct BigNum *b);
-
-/* Reset an initialized bigNum to empty, pending deallocation. */
-extern void (*bnEnd)(struct BigNum *bn);
-
-/*
- * If you know you'll need space in the number soon, you can use this function
- * to ensure that there is room for at least "bits" bits. Optional.
- * Returns <0 on out of memory, but the value is unaffected.
- */
-extern int (*bnPrealloc)(struct BigNum *bn, unsigned bits);
-
-/* Hopefully obvious. dest = src. dest may be the same as src. */
-extern int (*bnCopy)(struct BigNum *dest, struct BigNum const *src);
-
-/*
- * Mostly done automatically, but this removes leading zero words from
- * the internal representation of the BigNum. Use is unclear.
- */
-extern void (*bnNorm)(struct BigNum *bn);
-
-/*
- * Move bytes between the given buffer and the given BigNum encoded in
- * base 256. I.e. after either of these, the buffer will be equal to
- * (bn / 256^lsbyte) % 256^len. The difference is which is altered to
- * match the other!
- */
-extern void (*bnExtractBigBytes)(struct BigNum const *bn,
- unsigned char *dest, unsigned lsbyte, unsigned len);
-extern int (*bnInsertBigBytes)(struct BigNum *bn, unsigned char const *src,
- unsigned lsbyte, unsigned len);
-
-/* The same, but the buffer is little-endian. */
-extern void (*bnExtractLittleBytes)(struct BigNum const *bn,
- unsigned char *dest, unsigned lsbyte, unsigned len);
-extern int (*bnInsertLittleBytes)(struct BigNum *bn, unsigned char const *src,
- unsigned lsbyte, unsigned len);
-
-/* Return the least-significant bits (at least 16) of the BigNum */
-extern unsigned (*bnLSWord)(struct BigNum const *src);
-
-/*
- * Return the number of significant bits in the BigNum.
- * 0 or 1+floor(log2(src))
- */
-extern unsigned (*bnBits)(struct BigNum const *src);
-
-/*
- * dest += src. dest and src may be the same. Guaranteed not to
- * allocate memory unnecessarily, so if you're sure bnBits(dest)
- * won't change, you don't need to check the return value.
- */
-extern int (*bnAdd)(struct BigNum *dest, struct BigNum const *src);
-
-/*
- * dest -= src. dest and src may be the same, but bnSetQ(dest, 0) is faster.
- * if dest < src, returns +1 and sets dest = src-dest.
- */
-extern int (*bnSub)(struct BigNum *dest, struct BigNum const *src);
-
-/* Return sign (-1, 0, +1) of a-b. a <=> b --> bnCmpQ(a, b) <=> 0 */
-extern int (*bnCmpQ)(struct BigNum const *a, unsigned b);
-
-/* dest = src, where 0 <= src < 2^16. */
-extern int (*bnSetQ)(struct BigNum *dest, unsigned src);
-
-/* dest += src, where 0 <= src < 2^16 */
-extern int (*bnAddQ)(struct BigNum *dest, unsigned src);
-
-/* dest -= src, where 0 <= src < 2^16 */
-extern int (*bnSubQ)(struct BigNum *dest, unsigned src);
-
-/* Return sign (-1, 0, +1) of a-b. a <=> b --> bnCmp(a, b) <=> 0 */
-extern int (*bnCmp)(struct BigNum const *a, struct BigNum const *b);
-
-/* dest = src^2. dest may be the same as src, but it costs time. */
-extern int (*bnSquare)(struct BigNum *dest, struct BigNum const *src);
-
-/* dest = a * b. dest may be the same as a or b, but it costs time. */
-extern int (*bnMul)(struct BigNum *dest, struct BigNum const *a,
- struct BigNum const *b);
-
-/* dest = a * b, where 0 <= b < 2^16. dest and a may be the same. */
-extern int (*bnMulQ)(struct BigNum *dest, struct BigNum const *a, unsigned b);
-
-/*
- * q = n/d, r = n%d. r may be the same as n, but not d,
- * and q may not be the same as n or d.
- * re-entrancy issue: this temporarily modifies d, but restores
- * it for return.
- */
-extern int (*bnDivMod)(struct BigNum *q, struct BigNum *r,
- struct BigNum const *n, struct BigNum const *d);
-/*
- * dest = src % d. dest and src may be the same, but not dest and d.
- * re-entrancy issue: this temporarily modifies d, but restores
- * it for return.
- */
-extern int (*bnMod)(struct BigNum *dest, struct BigNum const *src,
- struct BigNum const *d);
-
-/* return src % d, where 0 <= d < 2^16. */
-extern unsigned int (*bnModQ)(struct BigNum const *src, unsigned d);
-
-/* n = n^exp, modulo "mod" "mod" *must* be odd */
-extern int (*bnExpMod)(struct BigNum *result, struct BigNum const *n,
- struct BigNum const *exp, struct BigNum const *mod);
-
-/*
- * dest = n1^e1 * n2^e2, modulo "mod". "mod" *must* be odd.
- * dest may be the same as n1 or n2.
- */
-extern int (*bnDoubleExpMod)(struct BigNum *dest,
- struct BigNum const *n1, struct BigNum const *e1,
- struct BigNum const *n2, struct BigNum const *e2,
- struct BigNum const *mod);
-
-/* n = 2^exp, modulo "mod" "mod" *must* be odd */
-extern int (*bnTwoExpMod)(struct BigNum *n, struct BigNum const *exp,
- struct BigNum const *mod);
-
-/* dest = gcd(a, b). The inputs may overlap arbitrarily. */
-extern int (*bnGcd)(struct BigNum *dest, struct BigNum const *a,
- struct BigNum const *b);
-
-/* dest = src^-1, modulo "mod". dest may be the same as src. */
-extern int (*bnInv)(struct BigNum *dest, struct BigNum const *src,
- struct BigNum const *mod);
-
-/* Shift dest left "amt" places */
-extern int (*bnLShift)(struct BigNum *dest, unsigned amt);
-/* Shift dest right "amt" places, discarding low-order bits */
-extern void (*bnRShift)(struct BigNum *dest, unsigned amt);
-
-/* For the largest 2^k that divides n, divide n by it and return k. */
-extern unsigned (*bnMakeOdd)(struct BigNum *n);
-
-#endif/* !BN_H */
+++ /dev/null
-/*
- * Cylink Corporation © 1998
- *
- * This software is licensed by Cylink to the Internet Software Consortium to
- * promote implementation of royalty free public key cryptography within IETF
- * standards. Cylink wishes to expressly thank the contributions of Dr.
- * Martin Hellman, Whitfield Diffie, Ralph Merkle and Stanford University for
- * their contributions to Internet Security. In accordance with the terms of
- * this license, ISC is authorized to distribute and sublicense this software
- * for the practice of IETF standards.
- *
- * The software includes BigNum, written by Colin Plumb and licensed by Philip
- * R. Zimmermann for royalty free use and distribution with Cylink's
- * software. Use of BigNum as a stand alone product or component is
- * specifically prohibited.
- *
- * Disclaimer of All Warranties. THIS SOFTWARE IS BEING PROVIDED "AS IS",
- * WITHOUT ANY EXPRESSED OR IMPLIED WARRANTY OF ANY KIND WHATSOEVER. IN
- * PARTICULAR, WITHOUT LIMITATION ON THE GENERALITY OF THE FOREGOING, CYLINK
- * MAKES NO REPRESENTATION OF THIS SOFTWARE OR ITS FITNESS FOR ANY PARTICULAR
- * PURPOSE.
- *
- * Cylink or its representatives shall not be liable for tort, indirect,
- * special or consequential damages such as loss of profits or loss of
- * goodwill from the use or inability to use the software for any purpose or
- * for any reason whatsoever.
- *
- * EXPORT LAW: Export of the Foundations Suite may be subject to compliance
- * with the rules and regulations promulgated from time to time by the Bureau
- * of Export Administration, United States Department of Commerce, which
- * restrict the export and re-export of certain products and technical data.
- * If the export of the Foundations Suite is controlled under such rules and
- * regulations, then the Foundations Suite shall not be exported or
- * re-exported, directly or indirectly, (a) without all export or re-export
- * licenses and governmental approvals required by any applicable laws, or (b)
- * in violation of any applicable prohibition against the export or re-export
- * of any part of the Foundations Suite. All export licenses for software
- * containing the Foundations Suite are the sole responsibility of the licensee.
- */
-
-/*
- * bn00.c - auto-size-detecting bn??.c file.
- *
- * Written in 1995 by Colin Plumb.
- */
-
-#include "port_before.h"
-#include "bnsize00.h"
-
-#if BNSIZE64
-
-/* Include all of the C source file by reference */
-#include "bn64.c"
-#include "bninit64.c"
-
-#elif BNSIZE32
-
-/* Include all of the C source file by reference */
-#include "bn32.c"
-#include "bninit32.c"
-
-#else /* BNSIZE16 */
-
-/* Include all of the C source file by reference */
-#include "bn16.c"
-#include "bninit16.c"
-
-#endif
+++ /dev/null
-/*
- * Cylink Corporation © 1998
- *
- * This software is licensed by Cylink to the Internet Software Consortium to
- * promote implementation of royalty free public key cryptography within IETF
- * standards. Cylink wishes to expressly thank the contributions of Dr.
- * Martin Hellman, Whitfield Diffie, Ralph Merkle and Stanford University for
- * their contributions to Internet Security. In accordance with the terms of
- * this license, ISC is authorized to distribute and sublicense this software
- * for the practice of IETF standards.
- *
- * The software includes BigNum, written by Colin Plumb and licensed by Philip
- * R. Zimmermann for royalty free use and distribution with Cylink's
- * software. Use of BigNum as a stand alone product or component is
- * specifically prohibited.
- *
- * Disclaimer of All Warranties. THIS SOFTWARE IS BEING PROVIDED "AS IS",
- * WITHOUT ANY EXPRESSED OR IMPLIED WARRANTY OF ANY KIND WHATSOEVER. IN
- * PARTICULAR, WITHOUT LIMITATION ON THE GENERALITY OF THE FOREGOING, CYLINK
- * MAKES NO REPRESENTATION OF THIS SOFTWARE OR ITS FITNESS FOR ANY PARTICULAR
- * PURPOSE.
- *
- * Cylink or its representatives shall not be liable for tort, indirect,
- * special or consequential damages such as loss of profits or loss of
- * goodwill from the use or inability to use the software for any purpose or
- * for any reason whatsoever.
- *
- * EXPORT LAW: Export of the Foundations Suite may be subject to compliance
- * with the rules and regulations promulgated from time to time by the Bureau
- * of Export Administration, United States Department of Commerce, which
- * restrict the export and re-export of certain products and technical data.
- * If the export of the Foundations Suite is controlled under such rules and
- * regulations, then the Foundations Suite shall not be exported or
- * re-exported, directly or indirectly, (a) without all export or re-export
- * licenses and governmental approvals required by any applicable laws, or (b)
- * in violation of any applicable prohibition against the export or re-export
- * of any part of the Foundations Suite. All export licenses for software
- * containing the Foundations Suite are the sole responsibility of the licensee.
- */
-
-/*
- * bn16.c - the high-level bignum interface
- *
- * Like lbn16.c, this reserves the string "16" for textual replacement.
- * The string must not appear anywhere unless it is intended to be replaced
- * to generate other bignum interface functions.
- *
- * Copyright (c) 1995 Colin Plumb. All rights reserved.
- * For licensing and other legal details, see the file legal.c.
- */
-
-#ifndef HAVE_CONFIG_H
-#define HAVE_CONFIG_H 0
-#endif
-#if HAVE_CONFIG_H
-#include "config.h"
-#endif
-
-/*
- * Some compilers complain about #if FOO if FOO isn't defined,
- * so do the ANSI-mandated thing explicitly...
- */
-#ifndef NO_ASSERT_H
-#define NO_ASSERT_H 0
-#endif
-#ifndef NO_STRING_H
-#define NO_STRING_H 0
-#endif
-#ifndef HAVE_STRINGS_H
-#define HAVE_STRINGS_H 0
-#endif
-#ifndef NEED_MEMORY_H
-#define NEED_MEMORY_H 0
-#endif
-
-#if !NO_ASSERT_H
-#include <assert.h>
-#else
-#define assert(x) (void)0
-#endif
-
-#if !NO_STRING_H
-#include <string.h> /* for memmove() in bnMakeOdd */
-#elif HAVE_STRINGS_H
-#include <strings.h>
-#endif
-#if NEED_MEMORY_H
-#include <memory.h>
-#endif
-
-/*
- * This was useful during debugging, so it's left in here.
- * You can ignore it. DBMALLOC is generally undefined.
- */
-#ifndef DBMALLOC
-#define DBAMLLOC 0
-#endif
-#if DBMALLOC
-#include "../dbmalloc/malloc.h"
-#define MALLOCDB malloc_chain_check(1)
-#else
-#define MALLOCDB (void)0
-#endif
-
-#include "lbn.h"
-#include "lbn16.h"
-#include "lbnmem.h"
-#include "bn16.h"
-#include "bn.h"
-
-/* Work-arounds for some particularly broken systems */
-#include "kludge.h" /* For memmove() */
-#include <port_after.h>
-
-/* Functions */
-void
-bnInit_16(void)
-{
- bnEnd = bnEnd_16;
- bnPrealloc = bnPrealloc_16;
- bnCopy = bnCopy_16;
- bnNorm = bnNorm_16;
- bnExtractBigBytes = bnExtractBigBytes_16;
- bnInsertBigBytes = bnInsertBigBytes_16;
- bnExtractLittleBytes = bnExtractLittleBytes_16;
- bnInsertLittleBytes = bnInsertLittleBytes_16;
- bnLSWord = bnLSWord_16;
- bnBits = bnBits_16;
- bnAdd = bnAdd_16;
- bnSub = bnSub_16;
- bnCmpQ = bnCmpQ_16;
- bnSetQ = bnSetQ_16;
- bnAddQ = bnAddQ_16;
- bnSubQ = bnSubQ_16;
- bnCmp = bnCmp_16;
- bnSquare = bnSquare_16;
- bnMul = bnMul_16;
- bnMulQ = bnMulQ_16;
- bnDivMod = bnDivMod_16;
- bnMod = bnMod_16;
- bnModQ = bnModQ_16;
- bnExpMod = bnExpMod_16;
- bnDoubleExpMod = bnDoubleExpMod_16;
- bnTwoExpMod = bnTwoExpMod_16;
- bnGcd = bnGcd_16;
- bnInv = bnInv_16;
- bnLShift = bnLShift_16;
- bnRShift = bnRShift_16;
- bnMakeOdd = bnMakeOdd_16;
-}
-
-void
-bnEnd_16(struct BigNum *bn)
-{
- if (bn->ptr) {
- LBNFREE((BNWORD16 *)bn->ptr, bn->allocated);
- bn->ptr = 0;
- }
- bn->size = 0;
- bn->allocated = 0;
-
- MALLOCDB;
-}
-
-/* Internal function. It operates in words. */
-static int
-bnResize_16(struct BigNum *bn, unsigned len)
-{
- void *p;
-
- /* Round size up: most mallocs impose 8-byte granularity anyway */
- len = (len + (8/sizeof(BNWORD16) - 1)) & ~(8/sizeof(BNWORD16) - 1);
- p = LBNREALLOC((BNWORD16 *)bn->ptr, bn->allocated, len);
- if (!p)
- return -1;
- bn->ptr = p;
- bn->allocated = len;
-
- MALLOCDB;
-
- return 0;
-}
-
-#define bnSizeCheck(bn, size) \
- if (bn->allocated < size && bnResize_16(bn, size) < 0) \
- return -1
-
-int
-bnPrealloc_16(struct BigNum *bn, unsigned bits)
-{
- bits = (bits + 16-1)/16;
- bnSizeCheck(bn, bits);
- MALLOCDB;
- return 0;
-}
-
-int
-bnCopy_16(struct BigNum *dest, struct BigNum const *src)
-{
- bnSizeCheck(dest, src->size);
- dest->size = src->size;
- lbnCopy_16((BNWORD16 *)dest->ptr, (BNWORD16 *)src->ptr, src->size);
- MALLOCDB;
- return 0;
-}
-
-void
-bnNorm_16(struct BigNum *bn)
-{
- bn->size = lbnNorm_16((BNWORD16 *)bn->ptr, bn->size);
-}
-
-/*
- * Convert a bignum to big-endian bytes. Returns, in big-endian form, a
- * substring of the bignum starting from lsbyte and "len" bytes long.
- * Unused high-order (leading) bytes are filled with 0.
- */
-void
-bnExtractBigBytes_16(struct BigNum const *bn, unsigned char *dest,
- unsigned lsbyte, unsigned len)
-{
- unsigned s = bn->size * (16 / 8);
-
- /* Fill unused leading bytes with 0 */
- while (s < lsbyte+len) {
- *dest++ = 0;
- len--;
- }
-
- if (len)
- lbnExtractBigBytes_16((BNWORD16 *)bn->ptr, dest, lsbyte, len);
- MALLOCDB;
-}
-
-int
-bnInsertBigBytes_16(struct BigNum *bn, unsigned char const *src,
- unsigned lsbyte, unsigned len)
-{
- unsigned s = bn->size;
- unsigned words = (len+lsbyte+sizeof(BNWORD16)-1) / sizeof(BNWORD16);
-
- /* Pad with zeros as required */
- bnSizeCheck(bn, words);
-
- if (s < words) {
- lbnZero_16((BNWORD16 *)bn->ptr BIGLITTLE(-s,+s), words-s);
- s = words;
- }
-
- lbnInsertBigBytes_16((BNWORD16 *)bn->ptr, src, lsbyte, len);
-
- bn->size = lbnNorm_16((BNWORD16 *)bn->ptr, s);
-
- MALLOCDB;
- return 0;
-}
-
-
-/*
- * Convert a bignum to little-endian bytes. Returns, in little-endian form, a
- * substring of the bignum starting from lsbyte and "len" bytes long.
- * Unused high-order (trailing) bytes are filled with 0.
- */
-void
-bnExtractLittleBytes_16(struct BigNum const *bn, unsigned char *dest,
- unsigned lsbyte, unsigned len)
-{
- unsigned s = bn->size * (16 / 8);
-
- /* Fill unused leading bytes with 0 */
- while (s < lsbyte+len)
- dest[--len] = 0;
-
- if (len)
- lbnExtractLittleBytes_16((BNWORD16 *)bn->ptr, dest,
- lsbyte, len);
- MALLOCDB;
-}
-
-int
-bnInsertLittleBytes_16(struct BigNum *bn, unsigned char const *src,
- unsigned lsbyte, unsigned len)
-{
- unsigned s = bn->size;
- unsigned words = (len+lsbyte+sizeof(BNWORD16)-1) / sizeof(BNWORD16);
-
- /* Pad with zeros as required */
- bnSizeCheck(bn, words);
-
- if (s < words) {
- lbnZero_16((BNWORD16 *)bn->ptr BIGLITTLE(-s,+s), words-s);
- s = words;
- }
-
- lbnInsertLittleBytes_16((BNWORD16 *)bn->ptr, src, lsbyte, len);
-
- bn->size = lbnNorm_16((BNWORD16 *)bn->ptr, s);
-
- MALLOCDB;
- return 0;
-}
-
-/* Return the least-significant word of the input. */
-unsigned
-bnLSWord_16(struct BigNum const *src)
-{
- return src->size ? (unsigned)((BNWORD16 *)src->ptr)[BIGLITTLE(-1,0)]: 0;
-}
-
-unsigned
-bnBits_16(struct BigNum const *src)
-{
- return lbnBits_16((BNWORD16 *)src->ptr, src->size);
-}
-
-int
-bnAdd_16(struct BigNum *dest, struct BigNum const *src)
-{
- unsigned s = src->size, d = dest->size;
- BNWORD16 t;
-
- if (!s)
- return 0;
-
- bnSizeCheck(dest, s);
-
- if (d < s) {
- lbnZero_16((BNWORD16 *)dest->ptr BIGLITTLE(-d,+d), s-d);
- dest->size = d = s;
- MALLOCDB;
- }
- t = lbnAddN_16((BNWORD16 *)dest->ptr, (BNWORD16 *)src->ptr, s);
- MALLOCDB;
- if (t) {
- if (d > s) {
- t = lbnAdd1_16((BNWORD16 *)dest->ptr BIGLITTLE(-s,+s),
- d-s, t);
- MALLOCDB;
- }
- if (t) {
- bnSizeCheck(dest, d+1);
- ((BNWORD16 *)dest->ptr)[BIGLITTLE(-1-d,d)] = t;
- dest->size = d+1;
- }
- }
- return 0;
-}
-
-/*
- * dest -= src.
- * If dest goes negative, this produces the absolute value of
- * the difference (the negative of the true value) and returns 1.
- * Otherwise, it returls 0.
- */
-int
-bnSub_16(struct BigNum *dest, struct BigNum const *src)
-{
- unsigned s = src->size, d = dest->size;
- BNWORD16 t;
-
- if (d < s && d < (s = lbnNorm_16((BNWORD16 *)src->ptr, s))) {
- bnSizeCheck(dest, s);
- lbnZero_16((BNWORD16 *)dest->ptr BIGLITTLE(-d,+d), s-d);
- dest->size = d = s;
- MALLOCDB;
- }
- if (!s)
- return 0;
- t = lbnSubN_16((BNWORD16 *)dest->ptr, (BNWORD16 *)src->ptr, s);
- MALLOCDB;
- if (t) {
- if (d > s) {
- t = lbnSub1_16((BNWORD16 *)dest->ptr BIGLITTLE(-s,+s),
- d-s, t);
- MALLOCDB;
- }
- if (t) {
- lbnNeg_16((BNWORD16 *)dest->ptr, d);
- dest->size = lbnNorm_16((BNWORD16 *)dest->ptr,
- dest->size);
- MALLOCDB;
- return 1;
- }
- }
- dest->size = lbnNorm_16((BNWORD16 *)dest->ptr, dest->size);
- return 0;
-}
-
-/*
- * Compare the BigNum to the given value, which must be < 65536.
- * Returns -1. 0 or 1 if a<b, a == b or a>b.
- * a <=> b --> bnCmpQ(a,b) <=> 0
- */
-int
-bnCmpQ_16(struct BigNum const *a, unsigned b)
-{
- unsigned t;
- BNWORD16 v;
-
- t = lbnNorm_16((BNWORD16 *)a->ptr, a->size);
- /* If a is more than one word long or zero, it's easy... */
- if (t != 1)
- return (t > 1) ? 1 : (b ? -1 : 0);
- v = (unsigned)((BNWORD16 *)a->ptr)[BIGLITTLE(-1,0)];
- return (v > b) ? 1 : ((v < b) ? -1 : 0);
-}
-
-int
-bnSetQ_16(struct BigNum *dest, unsigned src)
-{
- if (src) {
- bnSizeCheck(dest, 1);
-
- ((BNWORD16 *)dest->ptr)[BIGLITTLE(-1,0)] = (BNWORD16)src;
- dest->size = 1;
- } else {
- dest->size = 0;
- }
- return 0;
-}
-
-int
-bnAddQ_16(struct BigNum *dest, unsigned src)
-{
- BNWORD16 t;
-
- if (!dest->size)
- return bnSetQ(dest, src);
-
- t = lbnAdd1_16((BNWORD16 *)dest->ptr, dest->size, (BNWORD16)src);
- MALLOCDB;
- if (t) {
- src = dest->size;
- bnSizeCheck(dest, src+1);
- ((BNWORD16 *)dest->ptr)[BIGLITTLE(-1-src,src)] = t;
- dest->size = src+1;
- }
- return 0;
-}
-
-/*
- * Return value as for bnSub: 1 if subtract underflowed, in which
- * case the return is the negative of the computed value.
- */
-int
-bnSubQ_16(struct BigNum *dest, unsigned src)
-{
- BNWORD16 t;
-
- if (!dest->size)
- return bnSetQ(dest, src) < 0 ? -1 : (src != 0);
-
- t = lbnSub1_16((BNWORD16 *)dest->ptr, dest->size, (BNWORD16)src);
- MALLOCDB;
- if (t) {
- /* Underflow. <= 1 word, so do it simply. */
- lbnNeg_16((BNWORD16 *)dest->ptr, 1);
- dest->size = 1;
- return 1;
- }
-/* Try to normalize? Needing this is going to be very rare. */
-/* dest->size = lbnNorm_16((BNWORD16 *)dest->ptr, dest->size); */
- return 0;
-}
-
-/*
- * Compare two BigNums. Returns -1. 0 or 1 if a<b, a == b or a>b.
- * a <=> b --> bnCmp(a,b) <=> 0
- */
-int
-bnCmp_16(struct BigNum const *a, struct BigNum const *b)
-{
- unsigned s, t;
-
- s = lbnNorm_16((BNWORD16 *)a->ptr, a->size);
- t = lbnNorm_16((BNWORD16 *)b->ptr, b->size);
-
- if (s != t)
- return s > t ? 1 : -1;
- return lbnCmp_16((BNWORD16 *)a->ptr, (BNWORD16 *)b->ptr, s);
-}
-
-int
-bnSquare_16(struct BigNum *dest, struct BigNum const *src)
-{
- unsigned s;
- BNWORD16 *srcbuf;
-
- s = lbnNorm_16((BNWORD16 *)src->ptr, src->size);
- if (!s) {
- dest->size = 0;
- return 0;
- }
- bnSizeCheck(dest, 2*s);
-
- if (src == dest) {
- LBNALLOC(srcbuf, s);
- if (!srcbuf)
- return -1;
- lbnCopy_16(srcbuf, (BNWORD16 *)src->ptr, s);
- lbnSquare_16((BNWORD16 *)dest->ptr, (BNWORD16 *)srcbuf, s);
- LBNFREE(srcbuf, s);
- } else {
- lbnSquare_16((BNWORD16 *)dest->ptr, (BNWORD16 *)src->ptr, s);
- }
-
- dest->size = lbnNorm_16((BNWORD16 *)dest->ptr, 2*s);
- MALLOCDB;
- return 0;
-}
-
-int
-bnMul_16(struct BigNum *dest, struct BigNum const *a, struct BigNum const *b)
-{
- unsigned s, t;
- BNWORD16 *srcbuf;
-
- s = lbnNorm_16((BNWORD16 *)a->ptr, a->size);
- t = lbnNorm_16((BNWORD16 *)b->ptr, b->size);
-
- if (!s || !t) {
- dest->size = 0;
- return 0;
- }
-
- if (a == b)
- return bnSquare_16(dest, a);
-
- bnSizeCheck(dest, s+t);
-
- if (dest == a) {
- LBNALLOC(srcbuf, s);
- if (!srcbuf)
- return -1;
- lbnCopy_16(srcbuf, (BNWORD16 *)a->ptr, s);
- lbnMul_16((BNWORD16 *)dest->ptr, srcbuf, s,
- (BNWORD16 *)b->ptr, t);
- LBNFREE(srcbuf, s);
- } else if (dest == b) {
- LBNALLOC(srcbuf, t);
- if (!srcbuf)
- return -1;
- lbnCopy_16(srcbuf, (BNWORD16 *)b->ptr, t);
- lbnMul_16((BNWORD16 *)dest->ptr, (BNWORD16 *)a->ptr, s,
- srcbuf, t);
- LBNFREE(srcbuf, t);
- } else {
- lbnMul_16((BNWORD16 *)dest->ptr, (BNWORD16 *)a->ptr, s,
- (BNWORD16 *)b->ptr, t);
- }
- dest->size = lbnNorm_16((BNWORD16 *)dest->ptr, s+t);
- MALLOCDB;
- return 0;
-}
-
-int
-bnMulQ_16(struct BigNum *dest, struct BigNum const *a, unsigned b)
-{
- unsigned s;
-
- s = lbnNorm_16((BNWORD16 *)a->ptr, a->size);
- if (!s || !b) {
- dest->size = 0;
- return 0;
- }
- if (b == 1)
- return bnCopy_16(dest, a);
- bnSizeCheck(dest, s+1);
- lbnMulN1_16((BNWORD16 *)dest->ptr, (BNWORD16 *)a->ptr, s, (BNWORD16)b);
- dest->size = lbnNorm_16((BNWORD16 *)dest->ptr, s+1);
- MALLOCDB;
- return 0;
-}
-
-int
-bnDivMod_16(struct BigNum *q, struct BigNum *r, struct BigNum const *n,
- struct BigNum const *d)
-{
- unsigned dsize, nsize;
- BNWORD16 qhigh;
-
- dsize = lbnNorm_16((BNWORD16 *)d->ptr, d->size);
- nsize = lbnNorm_16((BNWORD16 *)n->ptr, n->size);
-
- if (nsize < dsize) {
- q->size = 0; /* No quotient */
- r->size = nsize;
- return 0; /* Success */
- }
-
- bnSizeCheck(q, nsize-dsize);
-
- if (r != n) { /* You are allowed to reduce in place */
- bnSizeCheck(r, nsize);
- lbnCopy_16((BNWORD16 *)r->ptr, (BNWORD16 *)n->ptr, nsize);
- }
-
- qhigh = lbnDiv_16((BNWORD16 *)q->ptr, (BNWORD16 *)r->ptr, nsize,
- (BNWORD16 *)d->ptr, dsize);
- nsize -= dsize;
- if (qhigh) {
- bnSizeCheck(q, nsize+1);
- *((BNWORD16 *)q->ptr BIGLITTLE(-nsize-1,+nsize)) = qhigh;
- q->size = nsize+1;
- } else {
- q->size = lbnNorm_16((BNWORD16 *)q->ptr, nsize);
- }
- r->size = lbnNorm_16((BNWORD16 *)r->ptr, dsize);
- MALLOCDB;
- return 0;
-}
-
-int
-bnMod_16(struct BigNum *dest, struct BigNum const *src, struct BigNum const *d)
-{
- unsigned dsize, nsize;
-
- nsize = lbnNorm_16((BNWORD16 *)src->ptr, src->size);
- dsize = lbnNorm_16((BNWORD16 *)d->ptr, d->size);
-
-
- if (dest != src) {
- bnSizeCheck(dest, nsize);
- lbnCopy_16((BNWORD16 *)dest->ptr, (BNWORD16 *)src->ptr, nsize);
- }
-
- if (nsize < dsize) {
- dest->size = nsize; /* No quotient */
- return 0;
- }
-
- (void)lbnDiv_16((BNWORD16 *)dest->ptr BIGLITTLE(-dsize,+dsize),
- (BNWORD16 *)dest->ptr, nsize,
- (BNWORD16 *)d->ptr, dsize);
- dest->size = lbnNorm_16((BNWORD16 *)dest->ptr, dsize);
- MALLOCDB;
- return 0;
-}
-
-unsigned
-bnModQ_16(struct BigNum const *src, unsigned d)
-{
- unsigned s;
-
- s = lbnNorm_16((BNWORD16 *)src->ptr, src->size);
- if (!s)
- return 0;
-
- return lbnModQ_16((BNWORD16 *)src->ptr, s, d);
-}
-
-int
-bnExpMod_16(struct BigNum *dest, struct BigNum const *n,
- struct BigNum const *exp, struct BigNum const *mod)
-{
- unsigned nsize, esize, msize;
-
- nsize = lbnNorm_16((BNWORD16 *)n->ptr, n->size);
- esize = lbnNorm_16((BNWORD16 *)exp->ptr, exp->size);
- msize = lbnNorm_16((BNWORD16 *)mod->ptr, mod->size);
-
- if (!msize || (((BNWORD16 *)mod->ptr)[BIGLITTLE(-1,0)] & 1) == 0)
- return -1; /* Illegal modulus! */
-
- bnSizeCheck(dest, msize);
-
- /* Special-case base of 2 */
- if (nsize == 1 && ((BNWORD16 *)n->ptr)[BIGLITTLE(-1,0)] == 2) {
- if (lbnTwoExpMod_16((BNWORD16 *)dest->ptr,
- (BNWORD16 *)exp->ptr, esize,
- (BNWORD16 *)mod->ptr, msize) < 0)
- return -1;
- } else {
- if (lbnExpMod_16((BNWORD16 *)dest->ptr,
- (BNWORD16 *)n->ptr, nsize,
- (BNWORD16 *)exp->ptr, esize,
- (BNWORD16 *)mod->ptr, msize) < 0)
- return -1;
- }
-
- dest->size = lbnNorm_16((BNWORD16 *)dest->ptr, msize);
- MALLOCDB;
- return 0;
-}
-
-int
-bnDoubleExpMod_16(struct BigNum *dest,
- struct BigNum const *n1, struct BigNum const *e1,
- struct BigNum const *n2, struct BigNum const *e2,
- struct BigNum const *mod)
-{
- unsigned n1size, e1size, n2size, e2size, msize;
-
- n1size = lbnNorm_16((BNWORD16 *)n1->ptr, n1->size);
- e1size = lbnNorm_16((BNWORD16 *)e1->ptr, e1->size);
- n2size = lbnNorm_16((BNWORD16 *)n2->ptr, n2->size);
- e2size = lbnNorm_16((BNWORD16 *)e2->ptr, e2->size);
- msize = lbnNorm_16((BNWORD16 *)mod->ptr, mod->size);
-
- if (!msize || (((BNWORD16 *)mod->ptr)[BIGLITTLE(-1,0)] & 1) == 0)
- return -1; /* Illegal modulus! */
-
- bnSizeCheck(dest, msize);
-
- if (lbnDoubleExpMod_16((BNWORD16 *)dest->ptr,
- (BNWORD16 *)n1->ptr, n1size, (BNWORD16 *)e1->ptr, e1size,
- (BNWORD16 *)n2->ptr, n2size, (BNWORD16 *)e2->ptr, e2size,
- (BNWORD16 *)mod->ptr, msize) < 0)
- return -1;
-
- dest->size = lbnNorm_16((BNWORD16 *)dest->ptr, msize);
- MALLOCDB;
- return 0;
-}
-
-int
-bnTwoExpMod_16(struct BigNum *n, struct BigNum const *exp,
- struct BigNum const *mod)
-{
- unsigned esize, msize;
-
- esize = lbnNorm_16((BNWORD16 *)exp->ptr, exp->size);
- msize = lbnNorm_16((BNWORD16 *)mod->ptr, mod->size);
-
- if (!msize || (((BNWORD16 *)mod->ptr)[BIGLITTLE(-1,0)] & 1) == 0)
- return -1; /* Illegal modulus! */
-
- bnSizeCheck(n, msize);
-
- if (lbnTwoExpMod_16((BNWORD16 *)n->ptr, (BNWORD16 *)exp->ptr, esize,
- (BNWORD16 *)mod->ptr, msize) < 0)
- return -1;
-
- n->size = lbnNorm_16((BNWORD16 *)n->ptr, msize);
- MALLOCDB;
- return 0;
-}
-
-int
-bnGcd_16(struct BigNum *dest, struct BigNum const *a, struct BigNum const *b)
-{
- BNWORD16 *tmp;
- unsigned asize, bsize;
- int i;
-
- /* Kind of silly, but we might as well permit it... */
- if (a == b)
- return dest == a ? 0 : bnCopy(dest, a);
-
- /* Ensure a is not the same as "dest" */
- if (a == dest) {
- a = b;
- b = dest;
- }
-
- asize = lbnNorm_16((BNWORD16 *)a->ptr, a->size);
- bsize = lbnNorm_16((BNWORD16 *)b->ptr, b->size);
-
- bnSizeCheck(dest, bsize+1);
-
- /* Copy a to tmp */
- LBNALLOC(tmp, asize+1);
- if (!tmp)
- return -1;
- lbnCopy_16(tmp, (BNWORD16 *)a->ptr, asize);
-
- /* Copy b to dest,if necessary */
- if (dest != b)
- lbnCopy_16((BNWORD16 *)dest->ptr,
- (BNWORD16 *)b->ptr, bsize);
- if (bsize > asize || (bsize == asize &&
- lbnCmp_16((BNWORD16 *)b->ptr, (BNWORD16 *)a->ptr, asize) > 0))
- {
- i = lbnGcd_16((BNWORD16 *)dest->ptr, bsize, tmp, asize);
- if (i >= 0) {
- dest->size = (unsigned)i;
- } else {
- lbnCopy_16((BNWORD16 *)dest->ptr, tmp,
- (unsigned)-i);
- dest->size = (unsigned)-i;
- }
- } else {
- i = lbnGcd_16(tmp, asize, (BNWORD16 *)dest->ptr, bsize);
- if (i <= 0) {
- dest->size = (unsigned)-i;
- } else {
- lbnCopy_16((BNWORD16 *)dest->ptr, tmp,
- (unsigned)i);
- dest->size = (unsigned)i;
- }
- }
- LBNFREE(tmp, asize+1);
- MALLOCDB;
- return 0;
-}
-
-int
-bnInv_16(struct BigNum *dest, struct BigNum const *src,
- struct BigNum const *mod)
-{
- unsigned s, m;
- int i;
-
- s = lbnNorm_16((BNWORD16 *)src->ptr, src->size);
- m = lbnNorm_16((BNWORD16 *)mod->ptr, mod->size);
-
- /* lbnInv_16 requires that the input be less than the modulus */
- if (m < s ||
- (m==s && lbnCmp_16((BNWORD16 *)src->ptr, (BNWORD16 *)mod->ptr, s)))
- {
- bnSizeCheck(dest, s + (m==s));
- if (dest != src)
- lbnCopy_16((BNWORD16 *)dest->ptr,
- (BNWORD16 *)src->ptr, s);
- /* Pre-reduce modulo the modulus */
- (void)lbnDiv_16((BNWORD16 *)dest->ptr BIGLITTLE(-m,+m),
- (BNWORD16 *)dest->ptr, s,
- (BNWORD16 *)mod->ptr, m);
- s = lbnNorm_16((BNWORD16 *)dest->ptr, m);
- MALLOCDB;
- } else {
- bnSizeCheck(dest, m+1);
- if (dest != src)
- lbnCopy_16((BNWORD16 *)dest->ptr,
- (BNWORD16 *)src->ptr, s);
- }
-
- i = lbnInv_16((BNWORD16 *)dest->ptr, s, (BNWORD16 *)mod->ptr, m);
- if (i == 0)
- dest->size = lbnNorm_16((BNWORD16 *)dest->ptr, m);
-
- MALLOCDB;
- return i;
-}
-
-/*
- * Shift a bignum left the appropriate number of bits,
- * multiplying by 2^amt.
- */
-int
-bnLShift_16(struct BigNum *dest, unsigned amt)
-{
- unsigned s = dest->size;
- BNWORD16 carry;
-
- if (amt % 16) {
- carry = lbnLshift_16(dest->ptr, s, amt % 16);
- if (carry) {
- s++;
- bnSizeCheck(dest, s);
- ((BNWORD16 *)dest->ptr)[BIGLITTLE(-s,s-1)] = carry;
- }
- }
-
- amt /= 16;
- if (amt) {
- bnSizeCheck(dest, s+amt);
- memmove((BNWORD16 *)dest->ptr BIGLITTLE(-s-amt, +amt),
- (BNWORD16 *)dest->ptr BIG(-s),
- s * sizeof(BNWORD16));
- lbnZero_16((BNWORD16 *)dest->ptr, amt);
- s += amt;
- }
- dest->size = s;
- MALLOCDB;
- return 0;
-}
-
-/*
- * Shift a bignum right the appropriate number of bits,
- * dividing by 2^amt.
- */
-void bnRShift_16(struct BigNum *dest, unsigned amt)
-{
- unsigned s = dest->size;
-
- if (amt >= 16) {
- memmove(
- (BNWORD16 *)dest->ptr BIG(-s+amt/16),
- (BNWORD16 *)dest->ptr BIGLITTLE(-s, +amt/16),
- s-amt/16 * sizeof(BNWORD16));
- s -= amt/16;
- amt %= 16;
- }
-
- if (amt)
- (void)lbnRshift_16(dest->ptr, s, amt);
-
- dest->size = lbnNorm_16(dest->ptr, s);
- MALLOCDB;
-}
-
-/*
- * Shift a bignum right until it is odd, and return the number of
- * bits shifted. n = d * 2^s. Replaces n with d and returns s.
- * Returns 0 when given 0. (Another valid answer is infinity.)
- */
-unsigned
-bnMakeOdd_16(struct BigNum *n)
-{
- unsigned size;
- unsigned s; /* shift amount */
- BNWORD16 *p;
- BNWORD16 t;
-
- p = (BNWORD16 *)n->ptr;
- size = lbnNorm_16(p, n->size);
- if (!size)
- return 0;
-
- t = BIGLITTLE(p[-1],p[0]);
- s = 0;
-
- /* See how many words we have to shift */
- if (!t) {
- /* Shift by words */
- do {
-
- s++;
- BIGLITTLE(--p,p++);
- } while ((t = BIGLITTLE(p[-1],p[0])) == 0);
- size -= s;
- s *= 16;
- memmove((BNWORD16 *)n->ptr BIG(-size), p BIG(-size),
- size * sizeof(BNWORD16));
- p = (BNWORD16 *)n->ptr;
- MALLOCDB;
- }
-
- assert(t);
-
- /* Now count the bits */
- while ((t & 1) == 0) {
- t >>= 1;
- s++;
- }
-
- /* Shift the bits */
- if (s & (16-1)) {
- lbnRshift_16(p, size, s & (16-1));
- /* Renormalize */
- if (BIGLITTLE(*(p-size),*(p+(size-1))) == 0)
- --size;
- }
- n->size = size;
-
- MALLOCDB;
- return s;
-}
+++ /dev/null
-/*
- * Cylink Corporation © 1998
- *
- * This software is licensed by Cylink to the Internet Software Consortium to
- * promote implementation of royalty free public key cryptography within IETF
- * standards. Cylink wishes to expressly thank the contributions of Dr.
- * Martin Hellman, Whitfield Diffie, Ralph Merkle and Stanford University for
- * their contributions to Internet Security. In accordance with the terms of
- * this license, ISC is authorized to distribute and sublicense this software
- * for the practice of IETF standards.
- *
- * The software includes BigNum, written by Colin Plumb and licensed by Philip
- * R. Zimmermann for royalty free use and distribution with Cylink's
- * software. Use of BigNum as a stand alone product or component is
- * specifically prohibited.
- *
- * Disclaimer of All Warranties. THIS SOFTWARE IS BEING PROVIDED "AS IS",
- * WITHOUT ANY EXPRESSED OR IMPLIED WARRANTY OF ANY KIND WHATSOEVER. IN
- * PARTICULAR, WITHOUT LIMITATION ON THE GENERALITY OF THE FOREGOING, CYLINK
- * MAKES NO REPRESENTATION OF THIS SOFTWARE OR ITS FITNESS FOR ANY PARTICULAR
- * PURPOSE.
- *
- * Cylink or its representatives shall not be liable for tort, indirect,
- * special or consequential damages such as loss of profits or loss of
- * goodwill from the use or inability to use the software for any purpose or
- * for any reason whatsoever.
- *
- * EXPORT LAW: Export of the Foundations Suite may be subject to compliance
- * with the rules and regulations promulgated from time to time by the Bureau
- * of Export Administration, United States Department of Commerce, which
- * restrict the export and re-export of certain products and technical data.
- * If the export of the Foundations Suite is controlled under such rules and
- * regulations, then the Foundations Suite shall not be exported or
- * re-exported, directly or indirectly, (a) without all export or re-export
- * licenses and governmental approvals required by any applicable laws, or (b)
- * in violation of any applicable prohibition against the export or re-export
- * of any part of the Foundations Suite. All export licenses for software
- * containing the Foundations Suite are the sole responsibility of the licensee.
- */
-
-/*
- * bn16.h - interface to 16-bit bignum routines.
- */
-struct BigNum;
-
-void bnInit_16(void);
-void bnEnd_16(struct BigNum *bn);
-int bnPrealloc_16(struct BigNum *bn, unsigned bits);
-int bnCopy_16(struct BigNum *dest, struct BigNum const *src);
-int bnSwap_16(struct BigNum *a, struct BigNum *b);
-void bnNorm_16(struct BigNum *bn);
-void bnExtractBigBytes_16(struct BigNum const *bn, unsigned char *dest,
- unsigned lsbyte, unsigned dlen);
-int bnInsertBigBytes_16(struct BigNum *bn, unsigned char const *src,
- unsigned lsbyte, unsigned len);
-void bnExtractLittleBytes_16(struct BigNum const *bn, unsigned char *dest,
- unsigned lsbyte, unsigned dlen);
-int bnInsertLittleBytes_16(struct BigNum *bn, unsigned char const *src,
- unsigned lsbyte, unsigned len);
-unsigned bnLSWord_16(struct BigNum const *src);
-unsigned bnBits_16(struct BigNum const *src);
-int bnAdd_16(struct BigNum *dest, struct BigNum const *src);
-int bnSub_16(struct BigNum *dest, struct BigNum const *src);
-int bnCmpQ_16(struct BigNum const *a, unsigned b);
-int bnSetQ_16(struct BigNum *dest, unsigned src);
-int bnAddQ_16(struct BigNum *dest, unsigned src);
-int bnSubQ_16(struct BigNum *dest, unsigned src);
-int bnCmp_16(struct BigNum const *a, struct BigNum const *b);
-int bnSquare_16(struct BigNum *dest, struct BigNum const *src);
-int bnMul_16(struct BigNum *dest, struct BigNum const *a,
- struct BigNum const *b);
-int bnMulQ_16(struct BigNum *dest, struct BigNum const *a, unsigned b);
-int bnDivMod_16(struct BigNum *q, struct BigNum *r, struct BigNum const *n,
- struct BigNum const *d);
-int bnMod_16(struct BigNum *dest, struct BigNum const *src,
- struct BigNum const *d);
-unsigned bnModQ_16(struct BigNum const *src, unsigned d);
-int bnExpMod_16(struct BigNum *dest, struct BigNum const *n,
- struct BigNum const *exp, struct BigNum const *mod);
-int bnDoubleExpMod_16(struct BigNum *dest,
- struct BigNum const *n1, struct BigNum const *e1,
- struct BigNum const *n2, struct BigNum const *e2,
- struct BigNum const *mod);
-int bnTwoExpMod_16(struct BigNum *n, struct BigNum const *exp,
- struct BigNum const *mod);
-int bnGcd_16(struct BigNum *dest, struct BigNum const *a,
- struct BigNum const *b);
-int bnInv_16(struct BigNum *dest, struct BigNum const *src,
- struct BigNum const *mod);
-int bnLShift_16(struct BigNum *dest, unsigned amt);
-void bnRShift_16(struct BigNum *dest, unsigned amt);
-unsigned bnMakeOdd_16(struct BigNum *n);
+++ /dev/null
-/*
- * Cylink Corporation © 1998
- *
- * This software is licensed by Cylink to the Internet Software Consortium to
- * promote implementation of royalty free public key cryptography within IETF
- * standards. Cylink wishes to expressly thank the contributions of Dr.
- * Martin Hellman, Whitfield Diffie, Ralph Merkle and Stanford University for
- * their contributions to Internet Security. In accordance with the terms of
- * this license, ISC is authorized to distribute and sublicense this software
- * for the practice of IETF standards.
- *
- * The software includes BigNum, written by Colin Plumb and licensed by Philip
- * R. Zimmermann for royalty free use and distribution with Cylink's
- * software. Use of BigNum as a stand alone product or component is
- * specifically prohibited.
- *
- * Disclaimer of All Warranties. THIS SOFTWARE IS BEING PROVIDED "AS IS",
- * WITHOUT ANY EXPRESSED OR IMPLIED WARRANTY OF ANY KIND WHATSOEVER. IN
- * PARTICULAR, WITHOUT LIMITATION ON THE GENERALITY OF THE FOREGOING, CYLINK
- * MAKES NO REPRESENTATION OF THIS SOFTWARE OR ITS FITNESS FOR ANY PARTICULAR
- * PURPOSE.
- *
- * Cylink or its representatives shall not be liable for tort, indirect,
- * special or consequential damages such as loss of profits or loss of
- * goodwill from the use or inability to use the software for any purpose or
- * for any reason whatsoever.
- *
- * EXPORT LAW: Export of the Foundations Suite may be subject to compliance
- * with the rules and regulations promulgated from time to time by the Bureau
- * of Export Administration, United States Department of Commerce, which
- * restrict the export and re-export of certain products and technical data.
- * If the export of the Foundations Suite is controlled under such rules and
- * regulations, then the Foundations Suite shall not be exported or
- * re-exported, directly or indirectly, (a) without all export or re-export
- * licenses and governmental approvals required by any applicable laws, or (b)
- * in violation of any applicable prohibition against the export or re-export
- * of any part of the Foundations Suite. All export licenses for software
- * containing the Foundations Suite are the sole responsibility of the licensee.
- */
-
-/*
- * bn32.c - the high-level bignum interface
- *
- * Like lbn32.c, this reserves the string "32" for textual replacement.
- * The string must not appear anywhere unless it is intended to be replaced
- * to generate other bignum interface functions.
- *
- * Copyright (c) 1995 Colin Plumb. All rights reserved.
- * For licensing and other legal details, see the file legal.c.
- */
-
-#ifndef HAVE_CONFIG_H
-#define HAVE_CONFIG_H 0
-#endif
-#if HAVE_CONFIG_H
-#include "config.h"
-#endif
-
-/*
- * Some compilers complain about #if FOO if FOO isn't defined,
- * so do the ANSI-mandated thing explicitly...
- */
-#ifndef NO_ASSERT_H
-#define NO_ASSERT_H 0
-#endif
-#ifndef NO_STRING_H
-#define NO_STRING_H 0
-#endif
-#ifndef HAVE_STRINGS_H
-#define HAVE_STRINGS_H 0
-#endif
-#ifndef NEED_MEMORY_H
-#define NEED_MEMORY_H 0
-#endif
-
-#if !NO_ASSERT_H
-#include <assert.h>
-#else
-#define assert(x) (void)0
-#endif
-
-#if !NO_STRING_H
-#include <string.h> /* for memmove() in bnMakeOdd */
-#elif HAVE_STRINGS_H
-#include <strings.h>
-#endif
-#if NEED_MEMORY_H
-#include <memory.h>
-#endif
-
-/*
- * This was useful during debugging, so it's left in here.
- * You can ignore it. DBMALLOC is generally undefined.
- */
-#ifndef DBMALLOC
-#define DBAMLLOC 0
-#endif
-#if DBMALLOC
-#include "../dbmalloc/malloc.h"
-#define MALLOCDB malloc_chain_check(1)
-#else
-#define MALLOCDB (void)0
-#endif
-
-#include "lbn.h"
-#include "lbn32.h"
-#include "lbnmem.h"
-#include "bn32.h"
-#include "bn.h"
-
-/* Work-arounds for some particularly broken systems */
-#include "kludge.h" /* For memmove() */
-#include <port_after.h>
-
-/* Functions */
-void
-bnInit_32(void)
-{
- bnEnd = bnEnd_32;
- bnPrealloc = bnPrealloc_32;
- bnCopy = bnCopy_32;
- bnNorm = bnNorm_32;
- bnExtractBigBytes = bnExtractBigBytes_32;
- bnInsertBigBytes = bnInsertBigBytes_32;
- bnExtractLittleBytes = bnExtractLittleBytes_32;
- bnInsertLittleBytes = bnInsertLittleBytes_32;
- bnLSWord = bnLSWord_32;
- bnBits = bnBits_32;
- bnAdd = bnAdd_32;
- bnSub = bnSub_32;
- bnCmpQ = bnCmpQ_32;
- bnSetQ = bnSetQ_32;
- bnAddQ = bnAddQ_32;
- bnSubQ = bnSubQ_32;
- bnCmp = bnCmp_32;
- bnSquare = bnSquare_32;
- bnMul = bnMul_32;
- bnMulQ = bnMulQ_32;
- bnDivMod = bnDivMod_32;
- bnMod = bnMod_32;
- bnModQ = bnModQ_32;
- bnExpMod = bnExpMod_32;
- bnDoubleExpMod = bnDoubleExpMod_32;
- bnTwoExpMod = bnTwoExpMod_32;
- bnGcd = bnGcd_32;
- bnInv = bnInv_32;
- bnLShift = bnLShift_32;
- bnRShift = bnRShift_32;
- bnMakeOdd = bnMakeOdd_32;
-}
-
-void
-bnEnd_32(struct BigNum *bn)
-{
- if (bn->ptr) {
- LBNFREE((BNWORD32 *)bn->ptr, bn->allocated);
- bn->ptr = 0;
- }
- bn->size = 0;
- bn->allocated = 0;
-
- MALLOCDB;
-}
-
-/* Internal function. It operates in words. */
-static int
-bnResize_32(struct BigNum *bn, unsigned len)
-{
- void *p;
-
- /* Round size up: most mallocs impose 8-byte granularity anyway */
- len = (len + (8/sizeof(BNWORD32) - 1)) & ~(8/sizeof(BNWORD32) - 1);
- p = LBNREALLOC((BNWORD32 *)bn->ptr, bn->allocated, len);
- if (!p)
- return -1;
- bn->ptr = p;
- bn->allocated = len;
-
- MALLOCDB;
-
- return 0;
-}
-
-#define bnSizeCheck(bn, size) \
- if (bn->allocated < size && bnResize_32(bn, size) < 0) \
- return -1
-
-int
-bnPrealloc_32(struct BigNum *bn, unsigned bits)
-{
- bits = (bits + 32-1)/32;
- bnSizeCheck(bn, bits);
- MALLOCDB;
- return 0;
-}
-
-int
-bnCopy_32(struct BigNum *dest, struct BigNum const *src)
-{
- bnSizeCheck(dest, src->size);
- dest->size = src->size;
- lbnCopy_32((BNWORD32 *)dest->ptr, (BNWORD32 *)src->ptr, src->size);
- MALLOCDB;
- return 0;
-}
-
-void
-bnNorm_32(struct BigNum *bn)
-{
- bn->size = lbnNorm_32((BNWORD32 *)bn->ptr, bn->size);
-}
-
-/*
- * Convert a bignum to big-endian bytes. Returns, in big-endian form, a
- * substring of the bignum starting from lsbyte and "len" bytes long.
- * Unused high-order (leading) bytes are filled with 0.
- */
-void
-bnExtractBigBytes_32(struct BigNum const *bn, unsigned char *dest,
- unsigned lsbyte, unsigned len)
-{
- unsigned s = bn->size * (32 / 8);
-
- /* Fill unused leading bytes with 0 */
- while (s < lsbyte+len) {
- *dest++ = 0;
- len--;
- }
-
- if (len)
- lbnExtractBigBytes_32((BNWORD32 *)bn->ptr, dest, lsbyte, len);
- MALLOCDB;
-}
-
-int
-bnInsertBigBytes_32(struct BigNum *bn, unsigned char const *src,
- unsigned lsbyte, unsigned len)
-{
- unsigned s = bn->size;
- unsigned words = (len+lsbyte+sizeof(BNWORD32)-1) / sizeof(BNWORD32);
-
- /* Pad with zeros as required */
- bnSizeCheck(bn, words);
-
- if (s < words) {
- lbnZero_32((BNWORD32 *)bn->ptr BIGLITTLE(-s,+s), words-s);
- s = words;
- }
-
- lbnInsertBigBytes_32((BNWORD32 *)bn->ptr, src, lsbyte, len);
-
- bn->size = lbnNorm_32((BNWORD32 *)bn->ptr, s);
-
- MALLOCDB;
- return 0;
-}
-
-
-/*
- * Convert a bignum to little-endian bytes. Returns, in little-endian form, a
- * substring of the bignum starting from lsbyte and "len" bytes long.
- * Unused high-order (trailing) bytes are filled with 0.
- */
-void
-bnExtractLittleBytes_32(struct BigNum const *bn, unsigned char *dest,
- unsigned lsbyte, unsigned len)
-{
- unsigned s = bn->size * (32 / 8);
-
- /* Fill unused leading bytes with 0 */
- while (s < lsbyte+len)
- dest[--len] = 0;
-
- if (len)
- lbnExtractLittleBytes_32((BNWORD32 *)bn->ptr, dest,
- lsbyte, len);
- MALLOCDB;
-}
-
-int
-bnInsertLittleBytes_32(struct BigNum *bn, unsigned char const *src,
- unsigned lsbyte, unsigned len)
-{
- unsigned s = bn->size;
- unsigned words = (len+lsbyte+sizeof(BNWORD32)-1) / sizeof(BNWORD32);
-
- /* Pad with zeros as required */
- bnSizeCheck(bn, words);
-
- if (s < words) {
- lbnZero_32((BNWORD32 *)bn->ptr BIGLITTLE(-s,+s), words-s);
- s = words;
- }
-
- lbnInsertLittleBytes_32((BNWORD32 *)bn->ptr, src, lsbyte, len);
-
- bn->size = lbnNorm_32((BNWORD32 *)bn->ptr, s);
-
- MALLOCDB;
- return 0;
-}
-
-/* Return the least-significant word of the input. */
-unsigned
-bnLSWord_32(struct BigNum const *src)
-{
- return src->size ? (unsigned)((BNWORD32 *)src->ptr)[BIGLITTLE(-1,0)]: 0;
-}
-
-unsigned
-bnBits_32(struct BigNum const *src)
-{
- return lbnBits_32((BNWORD32 *)src->ptr, src->size);
-}
-
-int
-bnAdd_32(struct BigNum *dest, struct BigNum const *src)
-{
- unsigned s = src->size, d = dest->size;
- BNWORD32 t;
-
- if (!s)
- return 0;
-
- bnSizeCheck(dest, s);
-
- if (d < s) {
- lbnZero_32((BNWORD32 *)dest->ptr BIGLITTLE(-d,+d), s-d);
- dest->size = d = s;
- MALLOCDB;
- }
- t = lbnAddN_32((BNWORD32 *)dest->ptr, (BNWORD32 *)src->ptr, s);
- MALLOCDB;
- if (t) {
- if (d > s) {
- t = lbnAdd1_32((BNWORD32 *)dest->ptr BIGLITTLE(-s,+s),
- d-s, t);
- MALLOCDB;
- }
- if (t) {
- bnSizeCheck(dest, d+1);
- ((BNWORD32 *)dest->ptr)[BIGLITTLE(-1-d,d)] = t;
- dest->size = d+1;
- }
- }
- return 0;
-}
-
-/*
- * dest -= src.
- * If dest goes negative, this produces the absolute value of
- * the difference (the negative of the true value) and returns 1.
- * Otherwise, it returls 0.
- */
-int
-bnSub_32(struct BigNum *dest, struct BigNum const *src)
-{
- unsigned s = src->size, d = dest->size;
- BNWORD32 t;
-
- if (d < s && d < (s = lbnNorm_32((BNWORD32 *)src->ptr, s))) {
- bnSizeCheck(dest, s);
- lbnZero_32((BNWORD32 *)dest->ptr BIGLITTLE(-d,+d), s-d);
- dest->size = d = s;
- MALLOCDB;
- }
- if (!s)
- return 0;
- t = lbnSubN_32((BNWORD32 *)dest->ptr, (BNWORD32 *)src->ptr, s);
- MALLOCDB;
- if (t) {
- if (d > s) {
- t = lbnSub1_32((BNWORD32 *)dest->ptr BIGLITTLE(-s,+s),
- d-s, t);
- MALLOCDB;
- }
- if (t) {
- lbnNeg_32((BNWORD32 *)dest->ptr, d);
- dest->size = lbnNorm_32((BNWORD32 *)dest->ptr,
- dest->size);
- MALLOCDB;
- return 1;
- }
- }
- dest->size = lbnNorm_32((BNWORD32 *)dest->ptr, dest->size);
- return 0;
-}
-
-/*
- * Compare the BigNum to the given value, which must be < 65536.
- * Returns -1. 0 or 1 if a<b, a == b or a>b.
- * a <=> b --> bnCmpQ(a,b) <=> 0
- */
-int
-bnCmpQ_32(struct BigNum const *a, unsigned b)
-{
- unsigned t;
- BNWORD32 v;
-
- t = lbnNorm_32((BNWORD32 *)a->ptr, a->size);
- /* If a is more than one word long or zero, it's easy... */
- if (t != 1)
- return (t > 1) ? 1 : (b ? -1 : 0);
- v = (unsigned)((BNWORD32 *)a->ptr)[BIGLITTLE(-1,0)];
- return (v > b) ? 1 : ((v < b) ? -1 : 0);
-}
-
-int
-bnSetQ_32(struct BigNum *dest, unsigned src)
-{
- if (src) {
- bnSizeCheck(dest, 1);
-
- ((BNWORD32 *)dest->ptr)[BIGLITTLE(-1,0)] = (BNWORD32)src;
- dest->size = 1;
- } else {
- dest->size = 0;
- }
- return 0;
-}
-
-int
-bnAddQ_32(struct BigNum *dest, unsigned src)
-{
- BNWORD32 t;
-
- if (!dest->size)
- return bnSetQ(dest, src);
-
- t = lbnAdd1_32((BNWORD32 *)dest->ptr, dest->size, (BNWORD32)src);
- MALLOCDB;
- if (t) {
- src = dest->size;
- bnSizeCheck(dest, src+1);
- ((BNWORD32 *)dest->ptr)[BIGLITTLE(-1-src,src)] = t;
- dest->size = src+1;
- }
- return 0;
-}
-
-/*
- * Return value as for bnSub: 1 if subtract underflowed, in which
- * case the return is the negative of the computed value.
- */
-int
-bnSubQ_32(struct BigNum *dest, unsigned src)
-{
- BNWORD32 t;
-
- if (!dest->size)
- return bnSetQ(dest, src) < 0 ? -1 : (src != 0);
-
- t = lbnSub1_32((BNWORD32 *)dest->ptr, dest->size, src);
- MALLOCDB;
- if (t) {
- /* Underflow. <= 1 word, so do it simply. */
- lbnNeg_32((BNWORD32 *)dest->ptr, 1);
- dest->size = 1;
- return 1;
- }
-/* Try to normalize? Needing this is going to be very rare. */
-/* dest->size = lbnNorm_32((BNWORD32 *)dest->ptr, dest->size); */
- return 0;
-}
-
-/*
- * Compare two BigNums. Returns -1. 0 or 1 if a<b, a == b or a>b.
- * a <=> b --> bnCmp(a,b) <=> 0
- */
-int
-bnCmp_32(struct BigNum const *a, struct BigNum const *b)
-{
- unsigned s, t;
-
- s = lbnNorm_32((BNWORD32 *)a->ptr, a->size);
- t = lbnNorm_32((BNWORD32 *)b->ptr, b->size);
-
- if (s != t)
- return s > t ? 1 : -1;
- return lbnCmp_32((BNWORD32 *)a->ptr, (BNWORD32 *)b->ptr, s);
-}
-
-int
-bnSquare_32(struct BigNum *dest, struct BigNum const *src)
-{
- unsigned s;
- BNWORD32 *srcbuf;
-
- s = lbnNorm_32((BNWORD32 *)src->ptr, src->size);
- if (!s) {
- dest->size = 0;
- return 0;
- }
- bnSizeCheck(dest, 2*s);
-
- if (src == dest) {
- LBNALLOC(srcbuf, s);
- if (!srcbuf)
- return -1;
- lbnCopy_32(srcbuf, (BNWORD32 *)src->ptr, s);
- lbnSquare_32((BNWORD32 *)dest->ptr, (BNWORD32 *)srcbuf, s);
- LBNFREE(srcbuf, s);
- } else {
- lbnSquare_32((BNWORD32 *)dest->ptr, (BNWORD32 *)src->ptr, s);
- }
-
- dest->size = lbnNorm_32((BNWORD32 *)dest->ptr, 2*s);
- MALLOCDB;
- return 0;
-}
-
-int
-bnMul_32(struct BigNum *dest, struct BigNum const *a, struct BigNum const *b)
-{
- unsigned s, t;
- BNWORD32 *srcbuf;
-
- s = lbnNorm_32((BNWORD32 *)a->ptr, a->size);
- t = lbnNorm_32((BNWORD32 *)b->ptr, b->size);
-
- if (!s || !t) {
- dest->size = 0;
- return 0;
- }
-
- if (a == b)
- return bnSquare_32(dest, a);
-
- bnSizeCheck(dest, s+t);
-
- if (dest == a) {
- LBNALLOC(srcbuf, s);
- if (!srcbuf)
- return -1;
- lbnCopy_32(srcbuf, (BNWORD32 *)a->ptr, s);
- lbnMul_32((BNWORD32 *)dest->ptr, srcbuf, s,
- (BNWORD32 *)b->ptr, t);
- LBNFREE(srcbuf, s);
- } else if (dest == b) {
- LBNALLOC(srcbuf, t);
- if (!srcbuf)
- return -1;
- lbnCopy_32(srcbuf, (BNWORD32 *)b->ptr, t);
- lbnMul_32((BNWORD32 *)dest->ptr, (BNWORD32 *)a->ptr, s,
- srcbuf, t);
- LBNFREE(srcbuf, t);
- } else {
- lbnMul_32((BNWORD32 *)dest->ptr, (BNWORD32 *)a->ptr, s,
- (BNWORD32 *)b->ptr, t);
- }
- dest->size = lbnNorm_32((BNWORD32 *)dest->ptr, s+t);
- MALLOCDB;
- return 0;
-}
-
-int
-bnMulQ_32(struct BigNum *dest, struct BigNum const *a, unsigned b)
-{
- unsigned s;
-
- s = lbnNorm_32((BNWORD32 *)a->ptr, a->size);
- if (!s || !b) {
- dest->size = 0;
- return 0;
- }
- if (b == 1)
- return bnCopy_32(dest, a);
- bnSizeCheck(dest, s+1);
- lbnMulN1_32((BNWORD32 *)dest->ptr, (BNWORD32 *)a->ptr, s, b);
- dest->size = lbnNorm_32((BNWORD32 *)dest->ptr, s+1);
- MALLOCDB;
- return 0;
-}
-
-int
-bnDivMod_32(struct BigNum *q, struct BigNum *r, struct BigNum const *n,
- struct BigNum const *d)
-{
- unsigned dsize, nsize;
- BNWORD32 qhigh;
-
- dsize = lbnNorm_32((BNWORD32 *)d->ptr, d->size);
- nsize = lbnNorm_32((BNWORD32 *)n->ptr, n->size);
-
- if (nsize < dsize) {
- q->size = 0; /* No quotient */
- r->size = nsize;
- return 0; /* Success */
- }
-
- bnSizeCheck(q, nsize-dsize);
-
- if (r != n) { /* You are allowed to reduce in place */
- bnSizeCheck(r, nsize);
- lbnCopy_32((BNWORD32 *)r->ptr, (BNWORD32 *)n->ptr, nsize);
- }
-
- qhigh = lbnDiv_32((BNWORD32 *)q->ptr, (BNWORD32 *)r->ptr, nsize,
- (BNWORD32 *)d->ptr, dsize);
- nsize -= dsize;
- if (qhigh) {
- bnSizeCheck(q, nsize+1);
- *((BNWORD32 *)q->ptr BIGLITTLE(-nsize-1,+nsize)) = qhigh;
- q->size = nsize+1;
- } else {
- q->size = lbnNorm_32((BNWORD32 *)q->ptr, nsize);
- }
- r->size = lbnNorm_32((BNWORD32 *)r->ptr, dsize);
- MALLOCDB;
- return 0;
-}
-
-int
-bnMod_32(struct BigNum *dest, struct BigNum const *src, struct BigNum const *d)
-{
- unsigned dsize, nsize;
-
- nsize = lbnNorm_32((BNWORD32 *)src->ptr, src->size);
- dsize = lbnNorm_32((BNWORD32 *)d->ptr, d->size);
-
-
- if (dest != src) {
- bnSizeCheck(dest, nsize);
- lbnCopy_32((BNWORD32 *)dest->ptr, (BNWORD32 *)src->ptr, nsize);
- }
-
- if (nsize < dsize) {
- dest->size = nsize; /* No quotient */
- return 0;
- }
-
- (void)lbnDiv_32((BNWORD32 *)dest->ptr BIGLITTLE(-dsize,+dsize),
- (BNWORD32 *)dest->ptr, nsize,
- (BNWORD32 *)d->ptr, dsize);
- dest->size = lbnNorm_32((BNWORD32 *)dest->ptr, dsize);
- MALLOCDB;
- return 0;
-}
-
-unsigned
-bnModQ_32(struct BigNum const *src, unsigned d)
-{
- unsigned s;
-
- s = lbnNorm_32((BNWORD32 *)src->ptr, src->size);
- if (!s)
- return 0;
-
- return lbnModQ_32((BNWORD32 *)src->ptr, s, d);
-}
-
-int
-bnExpMod_32(struct BigNum *dest, struct BigNum const *n,
- struct BigNum const *exp, struct BigNum const *mod)
-{
- unsigned nsize, esize, msize;
-
- nsize = lbnNorm_32((BNWORD32 *)n->ptr, n->size);
- esize = lbnNorm_32((BNWORD32 *)exp->ptr, exp->size);
- msize = lbnNorm_32((BNWORD32 *)mod->ptr, mod->size);
-
- if (!msize || (((BNWORD32 *)mod->ptr)[BIGLITTLE(-1,0)] & 1) == 0)
- return -1; /* Illegal modulus! */
-
- bnSizeCheck(dest, msize);
-
- /* Special-case base of 2 */
- if (nsize == 1 && ((BNWORD32 *)n->ptr)[BIGLITTLE(-1,0)] == 2) {
- if (lbnTwoExpMod_32((BNWORD32 *)dest->ptr,
- (BNWORD32 *)exp->ptr, esize,
- (BNWORD32 *)mod->ptr, msize) < 0)
- return -1;
- } else {
- if (lbnExpMod_32((BNWORD32 *)dest->ptr,
- (BNWORD32 *)n->ptr, nsize,
- (BNWORD32 *)exp->ptr, esize,
- (BNWORD32 *)mod->ptr, msize) < 0)
- return -1;
- }
-
- dest->size = lbnNorm_32((BNWORD32 *)dest->ptr, msize);
- MALLOCDB;
- return 0;
-}
-
-int
-bnDoubleExpMod_32(struct BigNum *dest,
- struct BigNum const *n1, struct BigNum const *e1,
- struct BigNum const *n2, struct BigNum const *e2,
- struct BigNum const *mod)
-{
- unsigned n1size, e1size, n2size, e2size, msize;
-
- n1size = lbnNorm_32((BNWORD32 *)n1->ptr, n1->size);
- e1size = lbnNorm_32((BNWORD32 *)e1->ptr, e1->size);
- n2size = lbnNorm_32((BNWORD32 *)n2->ptr, n2->size);
- e2size = lbnNorm_32((BNWORD32 *)e2->ptr, e2->size);
- msize = lbnNorm_32((BNWORD32 *)mod->ptr, mod->size);
-
- if (!msize || (((BNWORD32 *)mod->ptr)[BIGLITTLE(-1,0)] & 1) == 0)
- return -1; /* Illegal modulus! */
-
- bnSizeCheck(dest, msize);
-
- if (lbnDoubleExpMod_32((BNWORD32 *)dest->ptr,
- (BNWORD32 *)n1->ptr, n1size, (BNWORD32 *)e1->ptr, e1size,
- (BNWORD32 *)n2->ptr, n2size, (BNWORD32 *)e2->ptr, e2size,
- (BNWORD32 *)mod->ptr, msize) < 0)
- return -1;
-
- dest->size = lbnNorm_32((BNWORD32 *)dest->ptr, msize);
- MALLOCDB;
- return 0;
-}
-
-int
-bnTwoExpMod_32(struct BigNum *n, struct BigNum const *exp,
- struct BigNum const *mod)
-{
- unsigned esize, msize;
-
- esize = lbnNorm_32((BNWORD32 *)exp->ptr, exp->size);
- msize = lbnNorm_32((BNWORD32 *)mod->ptr, mod->size);
-
- if (!msize || (((BNWORD32 *)mod->ptr)[BIGLITTLE(-1,0)] & 1) == 0)
- return -1; /* Illegal modulus! */
-
- bnSizeCheck(n, msize);
-
- if (lbnTwoExpMod_32((BNWORD32 *)n->ptr, (BNWORD32 *)exp->ptr, esize,
- (BNWORD32 *)mod->ptr, msize) < 0)
- return -1;
-
- n->size = lbnNorm_32((BNWORD32 *)n->ptr, msize);
- MALLOCDB;
- return 0;
-}
-
-int
-bnGcd_32(struct BigNum *dest, struct BigNum const *a, struct BigNum const *b)
-{
- BNWORD32 *tmp;
- unsigned asize, bsize;
- int i;
-
- /* Kind of silly, but we might as well permit it... */
- if (a == b)
- return dest == a ? 0 : bnCopy(dest, a);
-
- /* Ensure a is not the same as "dest" */
- if (a == dest) {
- a = b;
- b = dest;
- }
-
- asize = lbnNorm_32((BNWORD32 *)a->ptr, a->size);
- bsize = lbnNorm_32((BNWORD32 *)b->ptr, b->size);
-
- bnSizeCheck(dest, bsize+1);
-
- /* Copy a to tmp */
- LBNALLOC(tmp, asize+1);
- if (!tmp)
- return -1;
- lbnCopy_32(tmp, (BNWORD32 *)a->ptr, asize);
-
- /* Copy b to dest,if necessary */
- if (dest != b)
- lbnCopy_32((BNWORD32 *)dest->ptr,
- (BNWORD32 *)b->ptr, bsize);
- if (bsize > asize || (bsize == asize &&
- lbnCmp_32((BNWORD32 *)b->ptr, (BNWORD32 *)a->ptr, asize) > 0))
- {
- i = lbnGcd_32((BNWORD32 *)dest->ptr, bsize, tmp, asize);
- if (i >= 0) {
- dest->size = (unsigned)i;
- } else {
- lbnCopy_32((BNWORD32 *)dest->ptr, tmp,
- (unsigned)-i);
- dest->size = (unsigned)-i;
- }
- } else {
- i = lbnGcd_32(tmp, asize, (BNWORD32 *)dest->ptr, bsize);
- if (i <= 0) {
- dest->size = (unsigned)-i;
- } else {
- lbnCopy_32((BNWORD32 *)dest->ptr, tmp,
- (unsigned)i);
- dest->size = (unsigned)i;
- }
- }
- LBNFREE(tmp, asize+1);
- MALLOCDB;
- return 0;
-}
-
-int
-bnInv_32(struct BigNum *dest, struct BigNum const *src,
- struct BigNum const *mod)
-{
- unsigned s, m;
- int i;
-
- s = lbnNorm_32((BNWORD32 *)src->ptr, src->size);
- m = lbnNorm_32((BNWORD32 *)mod->ptr, mod->size);
-
- /* lbnInv_32 requires that the input be less than the modulus */
- if (m < s ||
- (m==s && lbnCmp_32((BNWORD32 *)src->ptr, (BNWORD32 *)mod->ptr, s)))
- {
- bnSizeCheck(dest, s + (m==s));
- if (dest != src)
- lbnCopy_32((BNWORD32 *)dest->ptr,
- (BNWORD32 *)src->ptr, s);
- /* Pre-reduce modulo the modulus */
- (void)lbnDiv_32((BNWORD32 *)dest->ptr BIGLITTLE(-m,+m),
- (BNWORD32 *)dest->ptr, s,
- (BNWORD32 *)mod->ptr, m);
- s = lbnNorm_32((BNWORD32 *)dest->ptr, m);
- MALLOCDB;
- } else {
- bnSizeCheck(dest, m+1);
- if (dest != src)
- lbnCopy_32((BNWORD32 *)dest->ptr,
- (BNWORD32 *)src->ptr, s);
- }
-
- i = lbnInv_32((BNWORD32 *)dest->ptr, s, (BNWORD32 *)mod->ptr, m);
- if (i == 0)
- dest->size = lbnNorm_32((BNWORD32 *)dest->ptr, m);
-
- MALLOCDB;
- return i;
-}
-
-/*
- * Shift a bignum left the appropriate number of bits,
- * multiplying by 2^amt.
- */
-int
-bnLShift_32(struct BigNum *dest, unsigned amt)
-{
- unsigned s = dest->size;
- BNWORD32 carry;
-
- if (amt % 32) {
- carry = lbnLshift_32(dest->ptr, s, amt % 32);
- if (carry) {
- s++;
- bnSizeCheck(dest, s);
- ((BNWORD32 *)dest->ptr)[BIGLITTLE(-s,s-1)] = carry;
- }
- }
-
- amt /= 32;
- if (amt) {
- bnSizeCheck(dest, s+amt);
- memmove((BNWORD32 *)dest->ptr BIGLITTLE(-s-amt, +amt),
- (BNWORD32 *)dest->ptr BIG(-s),
- s * sizeof(BNWORD32));
- lbnZero_32((BNWORD32 *)dest->ptr, amt);
- s += amt;
- }
- dest->size = s;
- MALLOCDB;
- return 0;
-}
-
-/*
- * Shift a bignum right the appropriate number of bits,
- * dividing by 2^amt.
- */
-void bnRShift_32(struct BigNum *dest, unsigned amt)
-{
- unsigned s = dest->size;
-
- if (amt >= 32) {
- memmove(
- (BNWORD32 *)dest->ptr BIG(-s+amt/32),
- (BNWORD32 *)dest->ptr BIGLITTLE(-s, +amt/32),
- s-amt/32 * sizeof(BNWORD32));
- s -= amt/32;
- amt %= 32;
- }
-
- if (amt)
- (void)lbnRshift_32(dest->ptr, s, amt);
-
- dest->size = lbnNorm_32(dest->ptr, s);
- MALLOCDB;
-}
-
-/*
- * Shift a bignum right until it is odd, and return the number of
- * bits shifted. n = d * 2^s. Replaces n with d and returns s.
- * Returns 0 when given 0. (Another valid answer is infinity.)
- */
-unsigned
-bnMakeOdd_32(struct BigNum *n)
-{
- unsigned size;
- unsigned s; /* shift amount */
- BNWORD32 *p;
- BNWORD32 t;
-
- p = (BNWORD32 *)n->ptr;
- size = lbnNorm_32(p, n->size);
- if (!size)
- return 0;
-
- t = BIGLITTLE(p[-1],p[0]);
- s = 0;
-
- /* See how many words we have to shift */
- if (!t) {
- /* Shift by words */
- do {
-
- s++;
- BIGLITTLE(--p,p++);
- } while ((t = BIGLITTLE(p[-1],p[0])) == 0);
- size -= s;
- s *= 32;
- memmove((BNWORD32 *)n->ptr BIG(-size), p BIG(-size),
- size * sizeof(BNWORD32));
- p = (BNWORD32 *)n->ptr;
- MALLOCDB;
- }
-
- assert(t);
-
- /* Now count the bits */
- while ((t & 1) == 0) {
- t >>= 1;
- s++;
- }
-
- /* Shift the bits */
- if (s & (32-1)) {
- lbnRshift_32(p, size, s & (32-1));
- /* Renormalize */
- if (BIGLITTLE(*(p-size),*(p+(size-1))) == 0)
- --size;
- }
- n->size = size;
-
- MALLOCDB;
- return s;
-}
+++ /dev/null
-/*
- * Cylink Corporation © 1998
- *
- * This software is licensed by Cylink to the Internet Software Consortium to
- * promote implementation of royalty free public key cryptography within IETF
- * standards. Cylink wishes to expressly thank the contributions of Dr.
- * Martin Hellman, Whitfield Diffie, Ralph Merkle and Stanford University for
- * their contributions to Internet Security. In accordance with the terms of
- * this license, ISC is authorized to distribute and sublicense this software
- * for the practice of IETF standards.
- *
- * The software includes BigNum, written by Colin Plumb and licensed by Philip
- * R. Zimmermann for royalty free use and distribution with Cylink's
- * software. Use of BigNum as a stand alone product or component is
- * specifically prohibited.
- *
- * Disclaimer of All Warranties. THIS SOFTWARE IS BEING PROVIDED "AS IS",
- * WITHOUT ANY EXPRESSED OR IMPLIED WARRANTY OF ANY KIND WHATSOEVER. IN
- * PARTICULAR, WITHOUT LIMITATION ON THE GENERALITY OF THE FOREGOING, CYLINK
- * MAKES NO REPRESENTATION OF THIS SOFTWARE OR ITS FITNESS FOR ANY PARTICULAR
- * PURPOSE.
- *
- * Cylink or its representatives shall not be liable for tort, indirect,
- * special or consequential damages such as loss of profits or loss of
- * goodwill from the use or inability to use the software for any purpose or
- * for any reason whatsoever.
- *
- * EXPORT LAW: Export of the Foundations Suite may be subject to compliance
- * with the rules and regulations promulgated from time to time by the Bureau
- * of Export Administration, United States Department of Commerce, which
- * restrict the export and re-export of certain products and technical data.
- * If the export of the Foundations Suite is controlled under such rules and
- * regulations, then the Foundations Suite shall not be exported or
- * re-exported, directly or indirectly, (a) without all export or re-export
- * licenses and governmental approvals required by any applicable laws, or (b)
- * in violation of any applicable prohibition against the export or re-export
- * of any part of the Foundations Suite. All export licenses for software
- * containing the Foundations Suite are the sole responsibility of the licensee.
- */
-
-/*
- * bn32.h - interface to 32-bit bignum routines.
- */
-struct BigNum;
-
-void bnInit_32(void);
-void bnEnd_32(struct BigNum *bn);
-int bnPrealloc_32(struct BigNum *bn, unsigned bits);
-int bnCopy_32(struct BigNum *dest, struct BigNum const *src);
-int bnSwap_32(struct BigNum *a, struct BigNum *b);
-void bnNorm_32(struct BigNum *bn);
-void bnExtractBigBytes_32(struct BigNum const *bn, unsigned char *dest,
- unsigned lsbyte, unsigned dlen);
-int bnInsertBigBytes_32(struct BigNum *bn, unsigned char const *src,
- unsigned lsbyte, unsigned len);
-void bnExtractLittleBytes_32(struct BigNum const *bn, unsigned char *dest,
- unsigned lsbyte, unsigned dlen);
-int bnInsertLittleBytes_32(struct BigNum *bn, unsigned char const *src,
- unsigned lsbyte, unsigned len);
-unsigned bnLSWord_32(struct BigNum const *src);
-unsigned bnBits_32(struct BigNum const *src);
-int bnAdd_32(struct BigNum *dest, struct BigNum const *src);
-int bnSub_32(struct BigNum *dest, struct BigNum const *src);
-int bnCmpQ_32(struct BigNum const *a, unsigned b);
-int bnSetQ_32(struct BigNum *dest, unsigned src);
-int bnAddQ_32(struct BigNum *dest, unsigned src);
-int bnSubQ_32(struct BigNum *dest, unsigned src);
-int bnCmp_32(struct BigNum const *a, struct BigNum const *b);
-int bnSquare_32(struct BigNum *dest, struct BigNum const *src);
-int bnMul_32(struct BigNum *dest, struct BigNum const *a,
- struct BigNum const *b);
-int bnMulQ_32(struct BigNum *dest, struct BigNum const *a, unsigned b);
-int bnDivMod_32(struct BigNum *q, struct BigNum *r, struct BigNum const *n,
- struct BigNum const *d);
-int bnMod_32(struct BigNum *dest, struct BigNum const *src,
- struct BigNum const *d);
-unsigned bnModQ_32(struct BigNum const *src, unsigned d);
-int bnExpMod_32(struct BigNum *dest, struct BigNum const *n,
- struct BigNum const *exp, struct BigNum const *mod);
-int bnDoubleExpMod_32(struct BigNum *dest,
- struct BigNum const *n1, struct BigNum const *e1,
- struct BigNum const *n2, struct BigNum const *e2,
- struct BigNum const *mod);
-int bnTwoExpMod_32(struct BigNum *n, struct BigNum const *exp,
- struct BigNum const *mod);
-int bnGcd_32(struct BigNum *dest, struct BigNum const *a,
- struct BigNum const *b);
-int bnInv_32(struct BigNum *dest, struct BigNum const *src,
- struct BigNum const *mod);
-int bnLShift_32(struct BigNum *dest, unsigned amt);
-void bnRShift_32(struct BigNum *dest, unsigned amt);
-unsigned bnMakeOdd_32(struct BigNum *n);
+++ /dev/null
-/*
- * Cylink Corporation © 1998
- *
- * This software is licensed by Cylink to the Internet Software Consortium to
- * promote implementation of royalty free public key cryptography within IETF
- * standards. Cylink wishes to expressly thank the contributions of Dr.
- * Martin Hellman, Whitfield Diffie, Ralph Merkle and Stanford University for
- * their contributions to Internet Security. In accordance with the terms of
- * this license, ISC is authorized to distribute and sublicense this software
- * for the practice of IETF standards.
- *
- * The software includes BigNum, written by Colin Plumb and licensed by Philip
- * R. Zimmermann for royalty free use and distribution with Cylink's
- * software. Use of BigNum as a stand alone product or component is
- * specifically prohibited.
- *
- * Disclaimer of All Warranties. THIS SOFTWARE IS BEING PROVIDED "AS IS",
- * WITHOUT ANY EXPRESSED OR IMPLIED WARRANTY OF ANY KIND WHATSOEVER. IN
- * PARTICULAR, WITHOUT LIMITATION ON THE GENERALITY OF THE FOREGOING, CYLINK
- * MAKES NO REPRESENTATION OF THIS SOFTWARE OR ITS FITNESS FOR ANY PARTICULAR
- * PURPOSE.
- *
- * Cylink or its representatives shall not be liable for tort, indirect,
- * special or consequential damages such as loss of profits or loss of
- * goodwill from the use or inability to use the software for any purpose or
- * for any reason whatsoever.
- *
- * EXPORT LAW: Export of the Foundations Suite may be subject to compliance
- * with the rules and regulations promulgated from time to time by the Bureau
- * of Export Administration, United States Department of Commerce, which
- * restrict the export and re-export of certain products and technical data.
- * If the export of the Foundations Suite is controlled under such rules and
- * regulations, then the Foundations Suite shall not be exported or
- * re-exported, directly or indirectly, (a) without all export or re-export
- * licenses and governmental approvals required by any applicable laws, or (b)
- * in violation of any applicable prohibition against the export or re-export
- * of any part of the Foundations Suite. All export licenses for software
- * containing the Foundations Suite are the sole responsibility of the licensee.
- */
-
-/*
- * bn68000.c - bnInit() for Motorola 680x0 family, 16 or 32-bit.
- *
- * Written in 1995 by Colin Plumb.
- */
-
-#include "lbn.h"
-#include "bn16.h"
-#include "bn32.h"
-
-#ifndef BNINCLUDE
-#error You must define BNINCLUDE to lbn68000.h to use assembly primitives.
-#endif
-
-void
-bnInit(void)
-{
- if (is68020())
- bnInit_32();
- else
- bnInit_16();
-}
+++ /dev/null
-/*
- * Cylink Corporation © 1998
- *
- * This software is licensed by Cylink to the Internet Software Consortium to
- * promote implementation of royalty free public key cryptography within IETF
- * standards. Cylink wishes to expressly thank the contributions of Dr.
- * Martin Hellman, Whitfield Diffie, Ralph Merkle and Stanford University for
- * their contributions to Internet Security. In accordance with the terms of
- * this license, ISC is authorized to distribute and sublicense this software
- * for the practice of IETF standards.
- *
- * The software includes BigNum, written by Colin Plumb and licensed by Philip
- * R. Zimmermann for royalty free use and distribution with Cylink's
- * software. Use of BigNum as a stand alone product or component is
- * specifically prohibited.
- *
- * Disclaimer of All Warranties. THIS SOFTWARE IS BEING PROVIDED "AS IS",
- * WITHOUT ANY EXPRESSED OR IMPLIED WARRANTY OF ANY KIND WHATSOEVER. IN
- * PARTICULAR, WITHOUT LIMITATION ON THE GENERALITY OF THE FOREGOING, CYLINK
- * MAKES NO REPRESENTATION OF THIS SOFTWARE OR ITS FITNESS FOR ANY PARTICULAR
- * PURPOSE.
- *
- * Cylink or its representatives shall not be liable for tort, indirect,
- * special or consequential damages such as loss of profits or loss of
- * goodwill from the use or inability to use the software for any purpose or
- * for any reason whatsoever.
- *
- * EXPORT LAW: Export of the Foundations Suite may be subject to compliance
- * with the rules and regulations promulgated from time to time by the Bureau
- * of Export Administration, United States Department of Commerce, which
- * restrict the export and re-export of certain products and technical data.
- * If the export of the Foundations Suite is controlled under such rules and
- * regulations, then the Foundations Suite shall not be exported or
- * re-exported, directly or indirectly, (a) without all export or re-export
- * licenses and governmental approvals required by any applicable laws, or (b)
- * in violation of any applicable prohibition against the export or re-export
- * of any part of the Foundations Suite. All export licenses for software
- * containing the Foundations Suite are the sole responsibility of the licensee.
- */
-
-/*
- * bn8086.c - bnInit() for Intel x86 family in 16-bit mode.
- *
- * Written in 1995 by Colin Plumb.
- */
-
-#include "lbn.h"
-#include "bn16.h"
-#include "bn32.h"
-
-#ifndef BNINCLUDE
-#error You must define BNINCLUDE to lbn8086.h to use assembly primitives.
-#endif
-
-void
-bnInit(void)
-{
-/* if (not386())
- bnInit_16();
- else */
- bnInit_32();
-}
+++ /dev/null
-/*
- * Cylink Corporation © 1998
- *
- * This software is licensed by Cylink to the Internet Software Consortium to
- * promote implementation of royalty free public key cryptography within IETF
- * standards. Cylink wishes to expressly thank the contributions of Dr.
- * Martin Hellman, Whitfield Diffie, Ralph Merkle and Stanford University for
- * their contributions to Internet Security. In accordance with the terms of
- * this license, ISC is authorized to distribute and sublicense this software
- * for the practice of IETF standards.
- *
- * The software includes BigNum, written by Colin Plumb and licensed by Philip
- * R. Zimmermann for royalty free use and distribution with Cylink's
- * software. Use of BigNum as a stand alone product or component is
- * specifically prohibited.
- *
- * Disclaimer of All Warranties. THIS SOFTWARE IS BEING PROVIDED "AS IS",
- * WITHOUT ANY EXPRESSED OR IMPLIED WARRANTY OF ANY KIND WHATSOEVER. IN
- * PARTICULAR, WITHOUT LIMITATION ON THE GENERALITY OF THE FOREGOING, CYLINK
- * MAKES NO REPRESENTATION OF THIS SOFTWARE OR ITS FITNESS FOR ANY PARTICULAR
- * PURPOSE.
- *
- * Cylink or its representatives shall not be liable for tort, indirect,
- * special or consequential damages such as loss of profits or loss of
- * goodwill from the use or inability to use the software for any purpose or
- * for any reason whatsoever.
- *
- * EXPORT LAW: Export of the Foundations Suite may be subject to compliance
- * with the rules and regulations promulgated from time to time by the Bureau
- * of Export Administration, United States Department of Commerce, which
- * restrict the export and re-export of certain products and technical data.
- * If the export of the Foundations Suite is controlled under such rules and
- * regulations, then the Foundations Suite shall not be exported or
- * re-exported, directly or indirectly, (a) without all export or re-export
- * licenses and governmental approvals required by any applicable laws, or (b)
- * in violation of any applicable prohibition against the export or re-export
- * of any part of the Foundations Suite. All export licenses for software
- * containing the Foundations Suite are the sole responsibility of the licensee.
- */
-
-/*
- * bninit16.c - Provide an init function that sets things up for 16-bit
- * operation. This is a seaparate tiny file so you can compile two bn
- * packages into the library and write a custom init routine.
- *
- * Written in 1995 by Colin Plumb.
- */
-
-#include "bn.h"
-#include "bn16.h"
-
-void
-bnInit(void)
-{
- bnInit_16();
-}
+++ /dev/null
-/*
- * Cylink Corporation © 1998
- *
- * This software is licensed by Cylink to the Internet Software Consortium to
- * promote implementation of royalty free public key cryptography within IETF
- * standards. Cylink wishes to expressly thank the contributions of Dr.
- * Martin Hellman, Whitfield Diffie, Ralph Merkle and Stanford University for
- * their contributions to Internet Security. In accordance with the terms of
- * this license, ISC is authorized to distribute and sublicense this software
- * for the practice of IETF standards.
- *
- * The software includes BigNum, written by Colin Plumb and licensed by Philip
- * R. Zimmermann for royalty free use and distribution with Cylink's
- * software. Use of BigNum as a stand alone product or component is
- * specifically prohibited.
- *
- * Disclaimer of All Warranties. THIS SOFTWARE IS BEING PROVIDED "AS IS",
- * WITHOUT ANY EXPRESSED OR IMPLIED WARRANTY OF ANY KIND WHATSOEVER. IN
- * PARTICULAR, WITHOUT LIMITATION ON THE GENERALITY OF THE FOREGOING, CYLINK
- * MAKES NO REPRESENTATION OF THIS SOFTWARE OR ITS FITNESS FOR ANY PARTICULAR
- * PURPOSE.
- *
- * Cylink or its representatives shall not be liable for tort, indirect,
- * special or consequential damages such as loss of profits or loss of
- * goodwill from the use or inability to use the software for any purpose or
- * for any reason whatsoever.
- *
- * EXPORT LAW: Export of the Foundations Suite may be subject to compliance
- * with the rules and regulations promulgated from time to time by the Bureau
- * of Export Administration, United States Department of Commerce, which
- * restrict the export and re-export of certain products and technical data.
- * If the export of the Foundations Suite is controlled under such rules and
- * regulations, then the Foundations Suite shall not be exported or
- * re-exported, directly or indirectly, (a) without all export or re-export
- * licenses and governmental approvals required by any applicable laws, or (b)
- * in violation of any applicable prohibition against the export or re-export
- * of any part of the Foundations Suite. All export licenses for software
- * containing the Foundations Suite are the sole responsibility of the licensee.
- */
-
-/*
- * bninit32.c - Provide an init function that sets things up for 32-bit
- * operation. This is a seaparate tiny file so you can compile two bn
- * packages into the library and write a custom init routine.
- *
- * Written in 1995 by Colin Plumb.
- */
-
-#include "bn.h"
-#include "bn32.h"
-
-void
-bnInit(void)
-{
- bnInit_32();
-}
+++ /dev/null
-/*
- * Cylink Corporation © 1998
- *
- * This software is licensed by Cylink to the Internet Software Consortium to
- * promote implementation of royalty free public key cryptography within IETF
- * standards. Cylink wishes to expressly thank the contributions of Dr.
- * Martin Hellman, Whitfield Diffie, Ralph Merkle and Stanford University for
- * their contributions to Internet Security. In accordance with the terms of
- * this license, ISC is authorized to distribute and sublicense this software
- * for the practice of IETF standards.
- *
- * The software includes BigNum, written by Colin Plumb and licensed by Philip
- * R. Zimmermann for royalty free use and distribution with Cylink's
- * software. Use of BigNum as a stand alone product or component is
- * specifically prohibited.
- *
- * Disclaimer of All Warranties. THIS SOFTWARE IS BEING PROVIDED "AS IS",
- * WITHOUT ANY EXPRESSED OR IMPLIED WARRANTY OF ANY KIND WHATSOEVER. IN
- * PARTICULAR, WITHOUT LIMITATION ON THE GENERALITY OF THE FOREGOING, CYLINK
- * MAKES NO REPRESENTATION OF THIS SOFTWARE OR ITS FITNESS FOR ANY PARTICULAR
- * PURPOSE.
- *
- * Cylink or its representatives shall not be liable for tort, indirect,
- * special or consequential damages such as loss of profits or loss of
- * goodwill from the use or inability to use the software for any purpose or
- * for any reason whatsoever.
- *
- * EXPORT LAW: Export of the Foundations Suite may be subject to compliance
- * with the rules and regulations promulgated from time to time by the Bureau
- * of Export Administration, United States Department of Commerce, which
- * restrict the export and re-export of certain products and technical data.
- * If the export of the Foundations Suite is controlled under such rules and
- * regulations, then the Foundations Suite shall not be exported or
- * re-exported, directly or indirectly, (a) without all export or re-export
- * licenses and governmental approvals required by any applicable laws, or (b)
- * in violation of any applicable prohibition against the export or re-export
- * of any part of the Foundations Suite. All export licenses for software
- * containing the Foundations Suite are the sole responsibility of the licensee.
- */
-
-/*
- * bnsize00.h - pick the correct machine word size to use.
- *
- * Copyright (c) 1995 Colin Plumb. All rights reserved.
- * For licensing and other legal details, see the file legal.c.
- */
-#include "lbn.h" /* Get basic information */
-
-#if !BNSIZE64 && !BNSIZE32 && !BNSIZE16 && defined(BNWORD64)
-# if defined(BNWORD128) || (defined(lbnMulAdd1_64) && defined(lbnMulSub1_64))
-# define BNSIZE64 1
-# elif defined(mul64_ppmm) || defined(mul64_ppmma) || defined(mul64_ppmmaa)
-# define BNSIZE64 1
-# endif
-#endif
-
-#if !BNSIZE64 && !BNSIZE32 && !BNSIZE16 && defined(BNWORD32)
-# if defined(BNWORD64) || (defined(lbnMulAdd1_32) && defined(lbnMulSub1_32))
-# define BNSIZE32 1
-# elif defined(mul32_ppmm) || defined(mul32_ppmma) || defined(mul32_ppmmaa)
-# define BNSIZE32 1
-# endif
-#endif
-
-#if !BNSIZE64 && !BNSIZE32 && !BNSIZE16 && defined(BNWORD16)
-# if defined(BNWORD32) || (defined(lbnMulAdd1_16) && defined(lbnMulSub1_16))
-# define BNSIZE16 1
-# elif defined(mul16_ppmm) || defined(mul16_ppmma) || defined(mul16_ppmmaa)
-# define BNSIZE16 1
-# endif
-#endif
-
-#if !BNSIZE64 && !BNSIZE32 && !BNSIZE16
-#error Unable to find a viable word size to compile bignum library.
-#endif
+++ /dev/null
-/*
- * Cylink Corporation © 1998
- *
- * This software is licensed by Cylink to the Internet Software Consortium to
- * promote implementation of royalty free public key cryptography within IETF
- * standards. Cylink wishes to expressly thank the contributions of Dr.
- * Martin Hellman, Whitfield Diffie, Ralph Merkle and Stanford University for
- * their contributions to Internet Security. In accordance with the terms of
- * this license, ISC is authorized to distribute and sublicense this software
- * for the practice of IETF standards.
- *
- * The software includes BigNum, written by Colin Plumb and licensed by Philip
- * R. Zimmermann for royalty free use and distribution with Cylink's
- * software. Use of BigNum as a stand alone product or component is
- * specifically prohibited.
- *
- * Disclaimer of All Warranties. THIS SOFTWARE IS BEING PROVIDED "AS IS",
- * WITHOUT ANY EXPRESSED OR IMPLIED WARRANTY OF ANY KIND WHATSOEVER. IN
- * PARTICULAR, WITHOUT LIMITATION ON THE GENERALITY OF THE FOREGOING, CYLINK
- * MAKES NO REPRESENTATION OF THIS SOFTWARE OR ITS FITNESS FOR ANY PARTICULAR
- * PURPOSE.
- *
- * Cylink or its representatives shall not be liable for tort, indirect,
- * special or consequential damages such as loss of profits or loss of
- * goodwill from the use or inability to use the software for any purpose or
- * for any reason whatsoever.
- *
- * EXPORT LAW: Export of the Foundations Suite may be subject to compliance
- * with the rules and regulations promulgated from time to time by the Bureau
- * of Export Administration, United States Department of Commerce, which
- * restrict the export and re-export of certain products and technical data.
- * If the export of the Foundations Suite is controlled under such rules and
- * regulations, then the Foundations Suite shall not be exported or
- * re-exported, directly or indirectly, (a) without all export or re-export
- * licenses and governmental approvals required by any applicable laws, or (b)
- * in violation of any applicable prohibition against the export or re-export
- * of any part of the Foundations Suite. All export licenses for software
- * containing the Foundations Suite are the sole responsibility of the licensee.
- */
-
-/****************************************************************************
-* FILENAME: c_asm.h PRODUCT NAME: CRYPTOGRAPHIC TOOLKIT
-*
-* FILE STATUS:
-*
-* DESCRIPTION: C / ASM Header File
-*
-* USAGE: File should be included to use Toolkit Functions
-*
-*
-* Copyright (c) Cylink Corporation 1994. All rights reserved.
-*
-* REVISION HISTORY:
-*
-* 14 Oct 94 GKL For Second version (big endian support)
-* 26 Oct 94 GKL (alignment for big endian support )
-*
-****************************************************************************/
-#if !defined( C_ASM_H )
-#define C_ASM_H
-
-#include <sys/types.h>
-#include "cylink.h"
-#include "ctk_endian.h"
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-
- int Sum_big (ord *X,
- ord *Y,
- ord *Z,
- int len_X );
- int Sum (ord *X, ord *Y, ushort len_X );
- int Sub_big (ord *X,
- ord *Y,
- ord *Z,
- int len_X );
-/*
- void Mul_big( ord *X, ord *Y,ord *XY,
- ushort lx, ushort ly,
- ushort elements_in_X,
- ushort elements_in_Y);*/
- void Mul_big( ord *X, ord *Y,ord *XY,
- ushort lx, ushort ly);
-
- void PReLo_big( ord *X, ord *P,
- ushort len_X, ushort el);
-
- void Div_big( ord *X, ord *P,
- ushort len_X, ushort el,
- ord *div);
-
-int LeftMostBit_big ( ord X );
-int LeftMostEl_big( ord *X, ushort len_X );
-void RShiftL_big( ord *X, u_int32_t len_X, u_int32_t n_bit );
-void LShiftL_big( ord *X, u_int32_t len_X, u_int32_t n_bit );
-int RShiftMostBit(ord *a, u_int32_t len);
-void ByteLong(uchar *X, u_int32_t X_bytes, u_int32_t *Y);
-void ByteOrd(uchar *X, u_int32_t X_bytes, ord *Y);
-void OrdByte(ord *X, u_int32_t X_bytes, uchar *Y);
-void LongByte(u_int32_t *X, u_int32_t X_bytes, uchar *Y);
-int BitValue_big( ord *X, ushort n_bits );
-int BitsValue_big( ord *X, ushort n_bits, ushort bit_count );
-void ByteSwap32_big( uchar *X, ushort X_len );
-void Complement_big( ord *X, ushort X_longs);
-void Diagonal_big (ord *X, ushort X_len, ord *X2);
-void Square_big( ord *X, ushort X_len, ord *X2);
-void Mul_big_1( ord X, ord *Y, ord *XY, ushort ly );
-int Sum_Q(ord *X, ushort src, ushort len_X );
-
-
-
-/* In-place DES encryption */
- void DES_encrypt(uchar *keybuf, uchar *block);
-
-/* In-place DES decryption */
- void DES_decrypt(uchar *keybuf, uchar *block);
-
-/* In-place KAPPA encryption */
- void KAPPA_encrypt(uchar *a, uchar *k, ushort r);
-
-/* In-place KAPPA decryption */
- void KAPPA_decrypt(uchar *a, uchar *k, ushort r);
-
-#ifdef __cplusplus
-}
-#endif
-
-
-#endif /*C_ASM_H*/
-
+++ /dev/null
-/*
- * Cylink Corporation © 1998
- *
- * This software is licensed by Cylink to the Internet Software Consortium to
- * promote implementation of royalty free public key cryptography within IETF
- * standards. Cylink wishes to expressly thank the contributions of Dr.
- * Martin Hellman, Whitfield Diffie, Ralph Merkle and Stanford University for
- * their contributions to Internet Security. In accordance with the terms of
- * this license, ISC is authorized to distribute and sublicense this software
- * for the practice of IETF standards.
- *
- * The software includes BigNum, written by Colin Plumb and licensed by Philip
- * R. Zimmermann for royalty free use and distribution with Cylink's
- * software. Use of BigNum as a stand alone product or component is
- * specifically prohibited.
- *
- * Disclaimer of All Warranties. THIS SOFTWARE IS BEING PROVIDED "AS IS",
- * WITHOUT ANY EXPRESSED OR IMPLIED WARRANTY OF ANY KIND WHATSOEVER. IN
- * PARTICULAR, WITHOUT LIMITATION ON THE GENERALITY OF THE FOREGOING, CYLINK
- * MAKES NO REPRESENTATION OF THIS SOFTWARE OR ITS FITNESS FOR ANY PARTICULAR
- * PURPOSE.
- *
- * Cylink or its representatives shall not be liable for tort, indirect,
- * special or consequential damages such as loss of profits or loss of
- * goodwill from the use or inability to use the software for any purpose or
- * for any reason whatsoever.
- *
- * EXPORT LAW: Export of the Foundations Suite may be subject to compliance
- * with the rules and regulations promulgated from time to time by the Bureau
- * of Export Administration, United States Department of Commerce, which
- * restrict the export and re-export of certain products and technical data.
- * If the export of the Foundations Suite is controlled under such rules and
- * regulations, then the Foundations Suite shall not be exported or
- * re-exported, directly or indirectly, (a) without all export or re-export
- * licenses and governmental approvals required by any applicable laws, or (b)
- * in violation of any applicable prohibition against the export or re-export
- * of any part of the Foundations Suite. All export licenses for software
- * containing the Foundations Suite are the sole responsibility of the licensee.
- */
-
-/****************************************************************************
-* FILENAME: cencrint.h PRODUCT NAME: CRYPTOGRAPHIC TOOLKIT
-*
-* FILE STATUS:
-*
-* DESCRIPTION: Cryptographic Toolkit Internal Functions Header File
-*
-* USAGE: File should be included to use Toolkit Functions
-*
-*
-* Copyright (c) Cylink Corporation 1994. All rights reserved.
-*
-* REVISION HISTORY:
-*
-* 23 Aug 94 KPZ Initial release
-* 24 Sep 94 KPZ Added prototypes of internal functions
-* 14 Oct 94 GKL Second version (big endian support)
-* 08 Dec 94 GKL Added YIELD_context to Expo, VerPrime and GenPrime
-*
-****************************************************************************/
-
-#ifndef CENCRINT_H /* Prevent multiple inclusions of same header file */
-#define CENCRINT_H
-
-/****************************************************************************
-* INCLUDE FILES
-****************************************************************************/
-
-/* system files */
-#include <sys/types.h>
-#include "cylink.h"
-#include "ctk_endian.h"
-#include "toolkit.h"
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/* Compute a modulo */
- int PartReduct( u_int16_t X_bytes, ord *X,
- u_int16_t P_bytes, ord *P,
- ord *Z );
-
-/* Compute a modulo product */
- int Mul( u_int16_t X_bytes, ord *X,
- u_int16_t Y_bytes, ord *Y,
- u_int16_t P_bytes, ord *P,
- ord *Z );
-/*Compute a modulo squaring*/
-int Mul_Squr( u_int16_t X_bytes, ord *X,
- u_int16_t P_bytes, ord *P,
- ord *Z );
-int Square( u_int16_t X_bytes,
- ord *X,
- u_int16_t P_bytes,
- ord *P,
- ord *Z );
-
-/*Compare two array*/
-int Comp_Mont ( ord *X, ord *P, u_int16_t P_longs );
-/*Compute invers element*/
-ord Inv_Mont ( ord x );
-/*Modulo by the Mongomery*/
-void PartReduct_Mont( ord *X, u_int16_t P_bytes, ord *P, ord inv );
-/*Computes squaring by the Mongomery modulo*/
-int Mul_Squr_Mont(ord *X, u_int16_t P_bytes,
- ord *P, ord *Z,
- ord inv );
-/*Computes multiply by the montgomery modulo*/
-int Mul_Mont( ord *X, ord *Y,
- u_int16_t P_bytes, ord *P,
- ord *Z, ord inv );
-
-/* Compute a modulo exponent */
- int Expo( u_int16_t X_bytes, ord *X,
- u_int16_t Y_bytes, ord *Y,
- u_int16_t P_bytes, ord *P,
- ord *Z );
- /*Compute double exponent */
- int DoubleExpo( u_int16_t X1_bytes,ord *X1,
- u_int16_t Y1_bytes,ord *Y1,
- u_int16_t X2_bytes,ord *X2,
- u_int16_t Y2_bytes,ord *Y2,
- u_int16_t P_bytes,ord *P,
- ord *Z);
-/* Compute a modulo inverse element */
- int Inverse( u_int16_t X_bytes, ord *X,
- u_int16_t P_bytes, ord *P,
- ord *Z );
-
-/* Verify Pseudo Prime number */
- int VerPrime( u_int16_t P_bytes, ord *P,
- u_int16_t k, ord *RVAL,
- YIELD_context *yield_cont ); /*TKL00601*/
-
-/* Generate Random Pseudo Prime number */
- int GenPrime( u_int16_t P_bytes, ord *P,
- u_int16_t k, ord *RVAL,
- YIELD_context *yield_cont ); /*TKL00601*/
-
-/* Transfer bytes to u_int32_t */
- void ByteLong( uchar *X,
- u_int16_t X_bytes,
- u_int32_t *Y );
-
-/* Transfer u_int32_t to bytes */
- void LongByte( u_int32_t *X,
- u_int16_t X_bytes,
- uchar *Y );
-
-/* Transfer bytes to ord */
- void ByteOrd( uchar *X,
- u_int16_t X_bytes,
- ord *Y );
-
-/* Transfer ord to bytes */
- void OrdByte( ord *X,
- u_int16_t X_bytes,
- uchar *Y );
-
-/* Find the left most non zero bit */
- int LeftMostBit ( ord X );
-
-/* Find the left most element */
- int LeftMostEl( ord *X,
- u_int16_t len_X );
-
-/* Shift array to rigth by n_bit */
- void RShiftL( ord *X,
- u_int16_t len_X,
- u_int16_t n_bit );
-
-/* Shifts array to left by n_bit */
- void LShiftL( ord *X,
- u_int16_t len_X,
- u_int16_t n_bit );
-
-/* Find the value of bit */
- int BitValue( ord *X,
- u_int16_t n_bits );
-
-/* Perform byte reversal on an array of ordinar type (longword or shortword) */
- void ByteSwap( uchar *X,
- u_int16_t X_len );
-
-/* Perform byte reversal on an array from LSB to MSB */
- void BigSwap( uchar *X,
- u_int16_t X_len );
-
-/* Perform byte reversal on an array of longword */
- void ByteSwap32( uchar *X,
- u_int16_t X_len );
-
-/* Perform short reversal on an array of longword */
- void WordSwap( uchar *X,
- u_int16_t X_len );
-
-/* Perform SHS transformation */
- void shaTransform( u_int32_t *state,
- const uchar *block );
-
-/* Compute modulo addition
- int Add( ord *X,
- ord *Y,
- u_int16_t P_len,
- ord *P,
- ord *Z );
- */
- int Add( ord *X,
- ord *Y,
- u_int16_t P_len,
- ord *P );
-/* Initialize Secure Hash Function for generate
- random number for DSS */
- void SHAInitK( SHA_context *hash_context );
-
-/* Set parity bits */
- void SetKeyParity( uchar *key );
-
-/* Find a least significant non zero bit
- and sfift array to right */
- int RShiftMostBit( ord *a, u_int16_t len );
-
-/*Compute great common divisor */
- int SteinGCD( ord *m, ord *b, u_int16_t len );
-
-/* Compute a modulo and divisor */
- int DivRem( u_int16_t X_bytes, ord *X,
- u_int16_t P_bytes, ord *P,
- ord *Z, ord *D );
-
-/* Generate random number */
-int MyGenRand( u_int16_t A_bytes, ord *A,
- ord *RVAL);
-
-/* Compute a Secure Hash Function */
-int MySHA( uchar *message,
- u_int16_t message_bytes,
- uchar *hash_result );
-
-/* Finalize Secure Hash Function */
- int MySHAFinal( SHA_context *hash_context,
- uchar *hash_result );
-
- void shaTransform_new( u_int32_t *state,
- uchar *block );
-
-
-#ifdef __cplusplus
-}
-#endif
-
-
-#endif /* CENCRINT_H */
-
+++ /dev/null
-/*
- * Cylink Corporation © 1998
- *
- * This software is licensed by Cylink to the Internet Software Consortium to
- * promote implementation of royalty free public key cryptography within IETF
- * standards. Cylink wishes to expressly thank the contributions of Dr.
- * Martin Hellman, Whitfield Diffie, Ralph Merkle and Stanford University for
- * their contributions to Internet Security. In accordance with the terms of
- * this license, ISC is authorized to distribute and sublicense this software
- * for the practice of IETF standards.
- *
- * The software includes BigNum, written by Colin Plumb and licensed by Philip
- * R. Zimmermann for royalty free use and distribution with Cylink's
- * software. Use of BigNum as a stand alone product or component is
- * specifically prohibited.
- *
- * Disclaimer of All Warranties. THIS SOFTWARE IS BEING PROVIDED "AS IS",
- * WITHOUT ANY EXPRESSED OR IMPLIED WARRANTY OF ANY KIND WHATSOEVER. IN
- * PARTICULAR, WITHOUT LIMITATION ON THE GENERALITY OF THE FOREGOING, CYLINK
- * MAKES NO REPRESENTATION OF THIS SOFTWARE OR ITS FITNESS FOR ANY PARTICULAR
- * PURPOSE.
- *
- * Cylink or its representatives shall not be liable for tort, indirect,
- * special or consequential damages such as loss of profits or loss of
- * goodwill from the use or inability to use the software for any purpose or
- * for any reason whatsoever.
- *
- * EXPORT LAW: Export of the Foundations Suite may be subject to compliance
- * with the rules and regulations promulgated from time to time by the Bureau
- * of Export Administration, United States Department of Commerce, which
- * restrict the export and re-export of certain products and technical data.
- * If the export of the Foundations Suite is controlled under such rules and
- * regulations, then the Foundations Suite shall not be exported or
- * re-exported, directly or indirectly, (a) without all export or re-export
- * licenses and governmental approvals required by any applicable laws, or (b)
- * in violation of any applicable prohibition against the export or re-export
- * of any part of the Foundations Suite. All export licenses for software
- * containing the Foundations Suite are the sole responsibility of the licensee.
- */
-
-/**********************************************************************\
-* FILENAME: ctk_endian.h PRODUCT NAME:
-*
-* DESCRIPTION: header file of defines
-*
-* USAGE: Platform-dependend compilation modes header
-*
-*
-* Copyright (c) Cylink Corporation 1994. All rights reserved.
-*
-* REVISION HISTORY:
-*
-\**********************************************************************/
-
-#ifndef CTK_ENDIAN_H /* Prevent multiple inclusions of same header file */
-#define CTK_ENDIAN_H
-
-#include <sys/types.h>
-#include <ctype.h>
-#include <arpa/nameser_compat.h>
-#include "lbn.h"
-
-#if (defined(BIG_ENDIAN) || defined(_BIG_ENDIAN)) && !(defined(LITTLE_ENDIAN) || defined(_LITTLE_ENDIAN))
-# undef BIG_ENDIAN
-# undef _BIG_ENDIAN
-# define BIG_ENDIAN 4321
-# define LITTLE_ENDIAN 1234
-# define BYTE_ORDER BIG_ENDIAN
-
-#elif !(defined(BIG_ENDIAN) || defined(_BIG_ENDIAN)) && (defined(LITTLE_ENDIAN) || defined(_LITTLE_ENDIAN))
-# undef LITTLE_ENDIAN
-# undef _LITTLE_ENDIAN
-# define BIG_ENDIAN 4321
-# define LITTLE_ENDIAN 1234
-# define BYTE_ORDER LITTLE_ENDIAN
-#endif
-
-#if !defined(BYTE_ORDER) || \
- (BYTE_ORDER != BIG_ENDIAN && BYTE_ORDER != LITTLE_ENDIAN)
- /* you must determine what the correct bit order is for
- * your compiler - the next line is an intentional error
- * which will force your compiles to bomb until you fix
- * the above macros.
- */
-# if !defined(CTK_LITTLE_ENDIAN) && !defined(CTK_BIG_ENDIAN)
-# error "Undefined or invalid BYTE_ORDER";
-# endif
-#endif
-
-#if !defined(CTK_BIG_ENDIAN) && !defined(CTK_LITTLE_ENDIAN)
-# ifdef BYTE_ORDER
-# if (BYTE_ORDER == LITTLE_ENDIAN)
-# define CTK_LITTLE_ENDIAN
-# elif (BYTE_ORDER == BIG_ENDIAN)
-# define CTK_BIG_ENDIAN
-# else
-# error CAN NOT determine ENDIAN with BYTE_ORDER
-# endif
-# elif defined(_LITTLE_ENDIAN)
-# define CTK_LITTLE_ENDIAN
-# elif defined(_BIG_ENDIAN)
-# define CTK_BIG_ENDIAN
-# else
-# error CAN NOT determine ENDIAN
-# endif
-#endif
-
-#if !defined(CTK_BIG_ENDIAN) && !defined(CTK_LITTLE_ENDIAN)
-# error NO CTK_???_ENDIAN defined
-#endif
-
-#if defined( CTK_LITTLE_ENDIAN ) && defined( CTK_BIG_ENDIAN )
-# error Use only one define CPU type CTK_LITTLE or BIG ENDIAN.
-#endif
-
-#if !defined( ORD_32 ) && !defined( ORD_16 )
-# ifdef BNSIZE64
-# error BNSIZE64 do not know how to do this
-# elif defined(BNSIZE32)
-# define ORD_32
-# elif defined(BNSIZE16)
-# define ORD_16
-# elif !defined( UINT_MAX) /* No <limits.h> */
-# define ORD_16 /* default */
-# else
-# if ULONG_MAX == 0xffffffff
-# define ORD_16
-# else
-# define ORD_32
-# endif
-# endif
-#endif
-
-#if !defined( ORD_32 ) && !defined( ORD_16 )
-#error Not defined basic word type ORD_32 or ORD_16.
-#endif
-
-#if defined( ORD_32 ) && defined( ORD_16 )
-#error Use only one define basic word type ORD_32 or ORD_16.
-#endif
-
-
-#ifdef ORD_16
-/* typedef unsigned short ord; deleted by ogud@tis.com 1998/9/14 */
-typedef u_int16_t ord;
-#define BITS_COUNT 16
-#define MAXDIGIT (ord)(0xFFFF)
-#endif
-
-#ifdef ORD_32
-/* typedef unsigned long ord; deleted by ogud@tis.com 1998/9/14 */
-typedef u_int32_t ord;
-#define BITS_COUNT 32
-#define MAXDIGIT (ord)(0xFFFFFFFF)
-#endif /* ORD_32 */
-
-
-
-#define CALLOC(var,type,len) \
- var=(type *)calloc(len,1); \
- if (var==NULL) \
- status=ERR_ALLOC
-#ifdef CTK_BIG_ENDIAN
-#define ALIGN_CALLOC(i,o,l) \
- CALLOC(o,ord,l)
-#define ALIGN_CALLOC_COPY(i,o,l) \
- CALLOC(o,ord,l); \
- if (o) ByteOrd(i,l,o)
-#define ALIGN_CALLOC_MOVE(i,o,l) \
- CALLOC(o,ord,l); \
- if (o) memcpy(o,i,l)
-#define ALIGN_FREE(o) \
- free ( o )
-#define ALIGN_COPY_FREE(o,i,l) \
- if ((o) && (status==SUCCESS)) \
- OrdByte(o,l,i); \
- free (o)
-#define ALIGN_MOVE_FREE(o,i,l) \
- if ((o) && (status==SUCCESS)) \
- memcpy(i,o,l); \
- memset(o,0,l); \
- free (o)
-#else
-#define ALIGN_CALLOC(i,o,l) o=(ord *)i
-#define ALIGN_CALLOC_COPY(i,o,l) o=(ord *)i
-#define ALIGN_CALLOC_MOVE(i,o,l) o=(ord *)i
-#define ALIGN_FREE(o) ;
-#define ALIGN_COPY_FREE(o,i,l) ;
-#define ALIGN_MOVE_FREE(o,i,l) ;
-#endif
-#define DSS_P_ALIGN_CALLOC_COPY(i,o,l) \
- if (i) \
- { ALIGN_CALLOC_COPY(i,o,l);} \
- else \
- o = &DSS_P_NUMBERS[DSS_NUM_INDEX[(l-DSS_LENGTH_MIN)/LENGTH_STEP]]
-
-#define DSS_G_ALIGN_CALLOC_COPY(i,o,l) \
- if (i) \
- { ALIGN_CALLOC_COPY(i,o,l);} \
- else \
- o = &DSS_G_NUMBERS[DSS_NUM_INDEX[(l-DSS_LENGTH_MIN)/LENGTH_STEP]]
-
-#define DSS_Q_ALIGN_CALLOC_COPY(i,o,l) \
- if (i) \
- { ALIGN_CALLOC_COPY(i,o,l);} \
- else \
- o = DSS_Q_NUMBER
-
-#define DSS_ALIGN_FREE(o,i) \
- if (i) \
- { ALIGN_FREE(o);}
-#endif /* CTK_ENDIAN_H */
+++ /dev/null
-/*
- * Cylink Corporation © 1998
- *
- * This software is licensed by Cylink to the Internet Software Consortium to
- * promote implementation of royalty free public key cryptography within IETF
- * standards. Cylink wishes to expressly thank the contributions of Dr.
- * Martin Hellman, Whitfield Diffie, Ralph Merkle and Stanford University for
- * their contributions to Internet Security. In accordance with the terms of
- * this license, ISC is authorized to distribute and sublicense this software
- * for the practice of IETF standards.
- *
- * The software includes BigNum, written by Colin Plumb and licensed by Philip
- * R. Zimmermann for royalty free use and distribution with Cylink's
- * software. Use of BigNum as a stand alone product or component is
- * specifically prohibited.
- *
- * Disclaimer of All Warranties. THIS SOFTWARE IS BEING PROVIDED "AS IS",
- * WITHOUT ANY EXPRESSED OR IMPLIED WARRANTY OF ANY KIND WHATSOEVER. IN
- * PARTICULAR, WITHOUT LIMITATION ON THE GENERALITY OF THE FOREGOING, CYLINK
- * MAKES NO REPRESENTATION OF THIS SOFTWARE OR ITS FITNESS FOR ANY PARTICULAR
- * PURPOSE.
- *
- * Cylink or its representatives shall not be liable for tort, indirect,
- * special or consequential damages such as loss of profits or loss of
- * goodwill from the use or inability to use the software for any purpose or
- * for any reason whatsoever.
- *
- * EXPORT LAW: Export of the Foundations Suite may be subject to compliance
- * with the rules and regulations promulgated from time to time by the Bureau
- * of Export Administration, United States Department of Commerce, which
- * restrict the export and re-export of certain products and technical data.
- * If the export of the Foundations Suite is controlled under such rules and
- * regulations, then the Foundations Suite shall not be exported or
- * re-exported, directly or indirectly, (a) without all export or re-export
- * licenses and governmental approvals required by any applicable laws, or (b)
- * in violation of any applicable prohibition against the export or re-export
- * of any part of the Foundations Suite. All export licenses for software
- * containing the Foundations Suite are the sole responsibility of the licensee.
- */
-
-/****************************************************************************
-* FILENAME: prime.c PRODUCT NAME: CRYPTOGRAPHIC TOOLKIT
-*
-* FILE STATUS:
-*
-* DESCRIPTION: Cryptographic Toolkit Internal Functions File
-* Prime Number functions
-* PRIVATE FUNCTIONS:
-*
-* int VerPrime( u_int16_t P_bytes, ord *P,
-* u_int16_t k, ord *RVAL,
-* YIELD_context *yield_cont )
-* int GenPrime( u_int16_t P_bytes, ord *P,
-* u_int16_t k, ord *RVAL,
-* YIELD_context *yield_cont )
-* Copyright (c) Cylink Corporation 1996. All rights reserved.
-*
-* REVISION HISTORY:
-*
-*
-****************************************************************************/
-
-/****************************************************************************
-* INCLUDE FILES
-****************************************************************************/
-
-#include "port_before.h"
-#include <sys/types.h>
-#include "cylink.h"
-#include "ctk_endian.h"
-
-/* system files */
-#ifdef VXD
-#include <vtoolsc.h>
-#else
-#include <stdlib.h>
-#include <string.h>
-#include <stdio.h>
-#endif
-
-/* program files */
-#include "cylink.h"
-#include "ctk_endian.h"
-#include "toolkit.h"
-#include "cencrint.h"
-#include "port_after.h"
-
-/****************************************************************************
-* PRIVATE FUNCTIONS DEFINITIONS
-****************************************************************************/
-/****************************************************************************
-* NAME: int VerPrime( u_int16_t P_bytes,
-* ord *P,
-* u_int16_t k,
-* ord *RVAL,
-* YIELD_context *yield_cont )
-*
-* DESCRIPTION: Verify Pseudo Prime number
-*
-* INPUTS:
-* PARAMETERS:
-* u_int16_t P_bytes Number of bytes in array
-* u_int16_t k Number of testing
-* ord *RVAL Pointer to random number generator value
-* YIELD_context *yield_cont Pointer to yield_cont structure (NULL if not used)
-* OUTPUT:
-* PARAMETERS:
-* ord *P Pointer to prime number
-* ord *RVAL Pointer to updated value
-*
-* RETURN:
-* SUCCESS No errors
-* ERR_INPUT_LEN Invalid length for input data(zero bytes)
-* ERR_PRIME Number is not prime
-* REVISION HISTORY:
-*
-* 24 Sep 94 KPZ Initial release
-* 14 Oct 94 GKL Second version (big endian support)
-* 08 Dec 94 GKL Added YIELD_context
-*
-****************************************************************************/
-
- int VerPrime( u_int16_t P_bytes,
- ord *P,
- u_int16_t k,
- ord *RVAL,
- YIELD_context *yield_cont ) /*TKL00601*/
-
-{
- int status = SUCCESS; /*function return status*/
- ord *b, *n, *c, *pp; /*pointers to working buffers */
- ord *m, *buf, *P_buf;
- u_int16_t max_bytes; /*number of maximum bytes*/
- u_int16_t P_longs; /*number of longs in Y*/
- u_int16_t i, j, s, k_b; /*counters*/
- u_int16_t exit ; /*flag for exit*/
-/* product of prime numbers from 3 to 379 (512-bit number) */
-#ifdef ORD_32
- ord b1[DSS_LENGTH_MIN/sizeof(ord)]={
- 0x2e30c48fL, 0x0decece9L, 0xbada8f98L, 0x9f7ecb29L,
- 0xa4a11de4L, 0x6ef04659L, 0xcbc38405L, 0x233db117L,
- 0x03e81187L, 0xc1b631a2L, 0x238bfb99L, 0x077ec3baL,
- 0xc5d5f09fL, 0xb0813c28L, 0x7646fa6eL, 0x106aa9fbL };
-#else
- ord b1[DSS_LENGTH_MIN/sizeof(ord)]={
- 0xc48f, 0x2e30, 0xece9, 0x0dec, 0x8f98, 0xbada, 0xcb29, 0x9f7e,
- 0x1de4, 0xa4a1, 0x4659, 0x6ef0, 0x8405, 0xcbc3, 0xb117, 0x233d,
- 0x1187, 0x03e8, 0x31a2, 0xc1b6, 0xfb99, 0x238b, 0xc3ba, 0x077e,
- 0xf09f, 0xc5d5, 0x3c28, 0xb081, 0xfa6e, 0x7646, 0xa9fb, 0x106a };
-#endif
- if ( P_bytes % sizeof(ord) != 0 ) /* not multiple 4 (32 bit) */
- {
- status = ERR_INPUT_LEN; /* invalid length for input data */
- return status;
- }
- if ( P_bytes <= DSS_LENGTH_MIN )
- {
- max_bytes = DSS_LENGTH_MIN;
- }
- else
- {
- max_bytes = P_bytes;
- }
- buf = (ord *)calloc( max_bytes / sizeof(ord), sizeof(ord) );
- P_buf = (ord *)calloc( max_bytes / sizeof(ord), sizeof(ord));
- if( !buf || !P_buf )
- {
- if ( buf )
- free( buf );
- if( P_buf )
- free( P_buf );
- return ERR_ALLOC;
- }
- memcpy( buf, b1, DSS_LENGTH_MIN );
- memcpy( P_buf, P, P_bytes );
-
- if ( (P_buf[0] & 0x1) == 0 )
- {
-#ifdef DEBUG1
- printf ("\n P is not pseudoprime");
-#endif
- status = ERR_PRIME;
- free ( buf );
- free( P_buf );
- return status;
- }
- P_longs = (u_int16_t) (P_bytes / sizeof(ord));
- b = (ord *)calloc( P_longs, sizeof(ord) );
- m = (ord *)malloc( P_longs * sizeof(ord) );
- n = (ord *)calloc( P_longs, sizeof(ord) );
- c = (ord *)calloc( P_longs, sizeof(ord) );
- pp = (ord *)malloc( P_longs * sizeof(ord) );
- if( !b || !m || !n || !c || !pp )
- {
- if( b )
- free( b );
- if( m )
- free( m );
- if( n )
- free( n );
- if( c )
- free( c );
- if( pp )
- free ( pp );
- }
- memcpy( m, P, P_bytes );
- memcpy( pp, P, P_bytes );
- /* Compute great common divisor(gcd) */
- if ( SteinGCD( P_buf, buf, (u_int16_t)(max_bytes / sizeof(ord)) ) == 0 )
- {
- pp[0] = pp[0] - 1; /* Initialized work buffer */
- m[0] = m[0] - 1;
- s = (u_int16_t) RShiftMostBit( m, (u_int16_t)(P_bytes / sizeof(ord)) ); /* Right shift by number of*/
- exit = 0; /* zero bits at rigth */
- k_b = 0;
- while( k_b != k )
- {
- MyGenRand( 4, b, RVAL ); /* generate random number */
- if ( SteinGCD( P_buf, b , (u_int16_t)(P_bytes / sizeof(ord)) ) ) /* check gcd */
- {
-#ifdef DEBUG1
- printf ("\n P is not pseudoprime");
-#endif
- status = ERR_PRIME;
- break;
- }
- k_b++; /* increment counter */
- if ( ( status = Expo ( 4, b, P_bytes, m,
- P_bytes, P, c ) ) != SUCCESS ) /* c=b^m mod(P) */ /*TKL00601*/
- {
- free( b );
- free( m );
- free( n );
- free( c );
- free( pp );
- free (buf );
- free( P_buf );
- return status;
- }
- if ( c[0] == 1 ) /* if c==1 number is pseudo prime */
- {
- for ( i = 1; i < P_bytes / sizeof(ord); i++ )
- {
- if ( c[i] != 0 )
- {
- break;
- }
- }
- if ( i == P_bytes / sizeof(ord) )
- {
- if (yield_cont) /*TKL00601*/
-#ifdef VXD
- if ( VXD_Yield (yield_cont->yield_proc) )
-#else
- if ( yield_cont->yield_proc(0xFFFF) )
-#endif
-
- {
- status = ERR_CANCEL;
- free( b );
- free( m );
- free( n );
- free( c );
- free( pp );
- free( P_buf );
- free (buf );
- return status;
- }
-#ifdef DEBUG1
- printf ("\n P is a pseudoprime %d",k_b);
-#endif
- if ( k_b == k )
- {
- break;
- }
- }
- }
- else
- {
- for ( j = 1; j <= s; j++ )
- {
- for ( i = 0; i < P_bytes / sizeof(ord); i++ ) /* if c==pp number is pseudo prime */
- {
- if ( c[i] != pp[i] )
- {
- break;
- }
- }
- if ( i == P_bytes / sizeof(ord) )
- {
- if (yield_cont) /*TKL00601*/
-#ifdef VXD
- if ( VXD_Yield (yield_cont->yield_proc) )
-#else
- if ( yield_cont->yield_proc(0xFFFF) )
-#endif
-
- {
- status = ERR_CANCEL;
- free( b );
- free( m );
- free( n );
- free( c );
- free( pp );
- free( P_buf );
- free (buf );
- return status;
- }
-#ifdef DEBUG1
- printf ("\n P is a pseudoprime %d",k_b);
-#endif
- break;
- }
- if ( j == s )
- {
-#ifdef DEBUG1
- printf ("\n P is not pseudoprime");
-#endif
- status = ERR_PRIME;
- exit = 1;
- break;
- }
- else
- {
- if ( (status = Square(P_bytes, c, /*P_bytes,
- c,*/ P_bytes, P, c) )
- != SUCCESS ) /* c=c^2mod(p) */
- {
- free( b );
- free( m );
- free( n );
- free( c );
- free( pp );
- free( P_buf );
- free (buf );
- return status;
- }
- }
- }
- }
- if ( exit == 1 ) /* Exit */
- {
- break;
- }
- }
- }
- else
- {
- if (yield_cont) /*TKL00601*/
-#ifdef VXD
- if ( VXD_Yield (yield_cont->yield_proc) )
-#else
- if ( yield_cont->yield_proc(0xFFFF) )
-#endif
-
- {
- status = ERR_CANCEL;
- free( b );
- free( m );
- free( n );
- free( c );
- free( pp );
- free( P_buf );
- free (buf );
- return status;
- }
-#ifdef DEBUG1
- printf ("\n P is not pseudoprime");
-#endif
- status = ERR_PRIME;
- }
- free( b );
- free( m );
- free( n );
- free( c );
- free( pp );
- free( P_buf );
- free (buf );
- return status;
-}
-
-/****************************************************************************
-* NAME: int GenPrime( u_int16_t P_bytes,
-* ord *P,
-* u_int16_t k,
-* ord *RVAL,
-* YIELD_context *yield_cont )
-*
-* DESCRIPTION: Generate Random Pseudo Prime number
-*
-* INPUTS:
-* PARAMETERS:
-* u_int16_t P_bytes Number of bytes in array
-* u_int16_t k Number of testing
-* ord *RVAL Pointer to random number generator value
-* YIELD_context *yield_cont Pointer to yield_cont structure (NULL if not used)
-* OUTPUT:
-* PARAMETERS:
-* ord *P Pointer to prime number
-* ord *RVAL Pointer to updated value
-*
-* RETURN:
-* SUCCESS No errors
-* ERR_INPUT_LEN Invalid length for input data(zero bytes)
-* ERR_PRIME Number is not prime
-* REVISION HISTORY:
-*
-* 24 Sep 94 KPZ Initial release
-* 14 Oct 94 GKL Second version (big endian support)
-* 08 Dec 94 GKL Added YIELD_context
-*
-****************************************************************************/
-
- int GenPrime( u_int16_t P_bytes,
- ord *P,
- u_int16_t k,
- ord *RVAL,
- YIELD_context *yield_cont ) /*TKL00601*/
-{
- int status = SUCCESS; /* function return status */
- if ( P_bytes % sizeof(ord) != 0 ) /* not multiple 4 (32 bit) */
- {
- status = ERR_INPUT_LEN; /* invalid length for input data */
- return status;
- }
- do
- {
- MyGenRand( P_bytes, P, RVAL ); /* generate random number */
- P[0] |= 1;
- P[(P_bytes/sizeof(ord))-1] |= ((ord)1 << (BITS_COUNT-1));
- status = VerPrime( P_bytes, P, k, RVAL, yield_cont); /*TKL00601*/
- } while ((status != SUCCESS) && (status != ERR_CANCEL)); /*TKL00601*/
- return status;
-}
-
+++ /dev/null
-/*
- * Cylink Corporation © 1998
- *
- * This software is licensed by Cylink to the Internet Software Consortium to
- * promote implementation of royalty free public key cryptography within IETF
- * standards. Cylink wishes to expressly thank the contributions of Dr.
- * Martin Hellman, Whitfield Diffie, Ralph Merkle and Stanford University for
- * their contributions to Internet Security. In accordance with the terms of
- * this license, ISC is authorized to distribute and sublicense this software
- * for the practice of IETF standards.
- *
- * The software includes BigNum, written by Colin Plumb and licensed by Philip
- * R. Zimmermann for royalty free use and distribution with Cylink's
- * software. Use of BigNum as a stand alone product or component is
- * specifically prohibited.
- *
- * Disclaimer of All Warranties. THIS SOFTWARE IS BEING PROVIDED "AS IS",
- * WITHOUT ANY EXPRESSED OR IMPLIED WARRANTY OF ANY KIND WHATSOEVER. IN
- * PARTICULAR, WITHOUT LIMITATION ON THE GENERALITY OF THE FOREGOING, CYLINK
- * MAKES NO REPRESENTATION OF THIS SOFTWARE OR ITS FITNESS FOR ANY PARTICULAR
- * PURPOSE.
- *
- * Cylink or its representatives shall not be liable for tort, indirect,
- * special or consequential damages such as loss of profits or loss of
- * goodwill from the use or inability to use the software for any purpose or
- * for any reason whatsoever.
- *
- * EXPORT LAW: Export of the Foundations Suite may be subject to compliance
- * with the rules and regulations promulgated from time to time by the Bureau
- * of Export Administration, United States Department of Commerce, which
- * restrict the export and re-export of certain products and technical data.
- * If the export of the Foundations Suite is controlled under such rules and
- * regulations, then the Foundations Suite shall not be exported or
- * re-exported, directly or indirectly, (a) without all export or re-export
- * licenses and governmental approvals required by any applicable laws, or (b)
- * in violation of any applicable prohibition against the export or re-export
- * of any part of the Foundations Suite. All export licenses for software
- * containing the Foundations Suite are the sole responsibility of the licensee.
- */
-
-/**********************************************************************\
-* FILENAME: cylink.h PRODUCT NAME:
-*
-* DESCRIPTION: Company standard include file
-*
-* USAGE: File should be #included
-*
-*
-* Copyright (c) Cylink Corporation 1994. All rights reserved.
-*
-* REVISION HISTORY:
-*
-\**********************************************************************/
-
-#ifndef CYLINK_H /* Prevent multiple inclusions of same header file */
-#define CYLINK_H
-
-#include <sys/param.h>
-#if (!defined(BSD)) || (BSD < 199306)
-# include <sys/bitypes.h>
-#else
-# include <sys/types.h>
-#endif
-
-#if ! ( defined(__alpha) && defined(__osf__) ) /* in sys/types.h */
-#if !defined(_H_INTTYPES) && !defined (_H_TYPES) /* AIX puts this in inttypes.h */
-typedef unsigned char uchar;
-#endif /* _H_INTTYPES */
-#endif
-
-typedef u_int16_t USHORT;
-typedef u_int32_t ULONG;
-
-#define FALSE 0
-#define TRUE 1
-
-/*-- ANSI-recommended NULL Pointer definition --*/
-#ifndef NULL
-edefine NULL (void *) 0
-#endif
-
-#endif /* CYLINK_H */
+++ /dev/null
-/*
- * Cylink Corporation © 1998
- *
- * This software is licensed by Cylink to the Internet Software Consortium to
- * promote implementation of royalty free public key cryptography within IETF
- * standards. Cylink wishes to expressly thank the contributions of Dr.
- * Martin Hellman, Whitfield Diffie, Ralph Merkle and Stanford University for
- * their contributions to Internet Security. In accordance with the terms of
- * this license, ISC is authorized to distribute and sublicense this software
- * for the practice of IETF standards.
- *
- * The software includes BigNum, written by Colin Plumb and licensed by Philip
- * R. Zimmermann for royalty free use and distribution with Cylink's
- * software. Use of BigNum as a stand alone product or component is
- * specifically prohibited.
- *
- * Disclaimer of All Warranties. THIS SOFTWARE IS BEING PROVIDED "AS IS",
- * WITHOUT ANY EXPRESSED OR IMPLIED WARRANTY OF ANY KIND WHATSOEVER. IN
- * PARTICULAR, WITHOUT LIMITATION ON THE GENERALITY OF THE FOREGOING, CYLINK
- * MAKES NO REPRESENTATION OF THIS SOFTWARE OR ITS FITNESS FOR ANY PARTICULAR
- * PURPOSE.
- *
- * Cylink or its representatives shall not be liable for tort, indirect,
- * special or consequential damages such as loss of profits or loss of
- * goodwill from the use or inability to use the software for any purpose or
- * for any reason whatsoever.
- *
- * EXPORT LAW: Export of the Foundations Suite may be subject to compliance
- * with the rules and regulations promulgated from time to time by the Bureau
- * of Export Administration, United States Department of Commerce, which
- * restrict the export and re-export of certain products and technical data.
- * If the export of the Foundations Suite is controlled under such rules and
- * regulations, then the Foundations Suite shall not be exported or
- * re-exported, directly or indirectly, (a) without all export or re-export
- * licenses and governmental approvals required by any applicable laws, or (b)
- * in violation of any applicable prohibition against the export or re-export
- * of any part of the Foundations Suite. All export licenses for software
- * containing the Foundations Suite are the sole responsibility of the licensee.
- */
-
-/****************************************************************************
-* FILENAME: dss.c PRODUCT NAME: CRYPTOGRAPHIC TOOLKIT
-*
-* FILE STATUS:
-*
-* DESCRIPTION: Cryptographic Toolkit Functions File
-* Digital Signature Algorithms
-* PUBLIC FUNCTIONS:
-* uchar *RVAL )
-* int GenDSSKey( u_int16_t dss_p_bytes, uchar *dss_p,
-* uchar *dss_q, uchar *dss_g,
-* uchar *dss_x, uchar *dss_y,
-* uchar *XKEY )
-*
-* int GenDSSNumber( uchar *dss_k, uchar dss_q,
-* uchar *KKEY )
-* int GenDSSParameters( u_int16_t dss_p_bytes, uchar *dss_p,
-* uchar *dss_q, uchar *dss_g,
-* uchar *RVAL );
-*
-* Copyright (c) Cylink Corporation 1996. All rights reserved.
-*
-* REVISION HISTORY:
-*
-*
-****************************************************************************/
-
-/****************************************************************************
-* INCLUDE FILES
-****************************************************************************/
-
-#include "port_before.h"
-#include <sys/types.h>
-#include "cylink.h"
-#include "ctk_endian.h"
-
-/* system files */
-#ifdef VXD
-#include <vtoolsc.h>
-#else
-#include <stdlib.h>
-#include <string.h>
-#endif
-
-/* program files */
-#ifdef VXD
-#include "tkvxd.h"
-#endif
-#include "toolkit.h"
-#include "cencrint.h"
-#define INITIALIZ_PQG /*TKL01101*/
-#include "dssnum.h" /*TKL01101*/
-#include "sha.h"
-#include "port_after.h"
-
-#define BEGIN_PROCESSING do {
-#define END_PROCESSING } while (0);
-#define ERROR_BREAK break
-#define CONTINUE continue
-
-#define BEGIN_LOOP do {
-#define END_LOOP } while (1);
-#define BREAK break
-
-
-extern u_int16_t DataOrder;
-
-/****************************************************************************
-* NAME: int GenDSSSignature( u_int16_t dss_p_bytes,
-* uchar *dss_p,
-* uchar *dss_q,
-* uchar *dss_g,
-* uchar *dss_x,
-* uchar *dss_k,
-* uchar *r,
-* uchar *s,
-* uchar *hash_result)
-*
-* DESCRIPTION: Compute a DSS Signature
-*
-* INPUTS:
-* PARAMETERS:
-* u_int16_t dss_p_bytes Length of dss_p
-* uchar *dss_p Pointer to p prime
-* uchar *dss_q Pointer to q prime
-* uchar *dss_g Pointer to g
-* uchar *dss_x Pointer to secret number
-* uchar *dss_k Pointer to random secret number
-* uchar *hash_result Pointer to message hashing result
-*
-*
-* OUTPUT:
-* PARAMETERS:
-* uchar *r Pointer to r part of signature
-* uchar *s Pointer to s part of signature
-*
-* RETURN:
-* E_SUCCESS No errors
-* E_DSS_LEN Invalid length for dss_p
-* ERR_ALLOC Insufficient memory
-*
-* REVISION HISTORY:
-*
-* 24 Sep 94 KPZ Initial release
-* 14 Oct 94 GKL Second version (big endian support)
-* 26 Oct 94 GKL (alignment for big endian support & ERR_ALLOC)
-* 08 Dec 94 GKL Changed Expo call
-*
-****************************************************************************/
-
-int GenDSSSignature( u_int16_t dss_p_bytes,
- uchar *dss_p,
- uchar *dss_q,
- uchar *dss_g,
- uchar *dss_x,
- uchar *dss_k,
- uchar *r,
- uchar *s,
- uchar *hash_result)
-
-{
- int status = SUCCESS; /* function return status */
- ord r_temp[DSS_LENGTH_MAX]; /* r intermidiate value */
- ord k_inverse[SHA_LENGTH+1];
- ord temp[SHA_LENGTH+1]; /* intermidiate values */
- ord *dss_p_a;
- ord *dss_g_a;
- ord *dss_q_a;
- ord *dss_x_a;
- ord *dss_k_a;
- ord *hash_result_a;
- ord *r_a;
- ord *s_a;
-
- if ( (dss_p_bytes < DSS_LENGTH_MIN) || /* less than minimal */
- (dss_p_bytes > DSS_LENGTH_MAX) ) /* more than maximal */
- {
- status = ERR_DSS_LEN; /* invalid length for dss_p */
- return status;
- }
- if ( dss_p_bytes & 0x07 ) /* not multiple 8 (64 bit)*/
- {
- status = ERR_DSS_LEN; /* invalid length for dss_p */
- return status;
- }
-
- if (DataOrder)
- {
- if (dss_p)
- BigSwap(dss_p, dss_p_bytes);
- if (dss_q)
- BigSwap(dss_q, SHA_LENGTH);
- if (dss_g)
- BigSwap(dss_g, dss_p_bytes);
- BigSwap(dss_x, SHA_LENGTH);
- BigSwap(dss_k, SHA_LENGTH);
- BigSwap(hash_result, SHA_LENGTH);
- }
-
- DSS_G_ALIGN_CALLOC_COPY(dss_g, dss_g_a, dss_p_bytes); /*TKL01101*/
- DSS_P_ALIGN_CALLOC_COPY(dss_p, dss_p_a, dss_p_bytes); /*TKL01101*/
- DSS_Q_ALIGN_CALLOC_COPY(dss_q, dss_q_a, SHA_LENGTH); /*TKL01101*/
-
- ALIGN_CALLOC_COPY(dss_x, dss_x_a, SHA_LENGTH);
- ALIGN_CALLOC_COPY(dss_k, dss_k_a, SHA_LENGTH);
- ALIGN_CALLOC_COPY(hash_result, hash_result_a, SHA_LENGTH);
- ALIGN_CALLOC(r, r_a, SHA_LENGTH);
- ALIGN_CALLOC(s, s_a, SHA_LENGTH);
- if ( status != SUCCESS )
- {
- if( dss_p_a )
- DSS_ALIGN_FREE(dss_p_a,dss_p);
- if( dss_g_a )
- DSS_ALIGN_FREE(dss_g_a,dss_g);
- if( dss_q_a )
- DSS_ALIGN_FREE(dss_q_a,dss_q);
- if( dss_x_a )
- {
- memset ( dss_x_a , 0 , SHA_LENGTH );
- ALIGN_FREE(dss_x_a);
- }
- if( dss_k_a )
- {
- ALIGN_FREE(dss_k_a);
- }
- if( hash_result_a )
- {
- ALIGN_FREE(hash_result_a);
- }
- if( r_a )
- {
- ALIGN_COPY_FREE(r_a,r,SHA_LENGTH);
- }
- if( s_a )
- {
- ALIGN_COPY_FREE(s_a,s,SHA_LENGTH);
- }
- if (DataOrder)
- {
- if (dss_p)
- BigSwap(dss_p, dss_p_bytes);
- if (dss_q)
- BigSwap(dss_q, SHA_LENGTH);
- if (dss_g)
- BigSwap(dss_g, dss_p_bytes);
- BigSwap(dss_x, SHA_LENGTH);
- BigSwap(dss_k, SHA_LENGTH);
- BigSwap(hash_result, SHA_LENGTH);
- }
- return status; /* ERR_ALLOC insufficient memory */
- }
-
-/* Compute DSS r value */
- BEGIN_PROCESSING
- if (( status = Expo ( dss_p_bytes,
- dss_g_a,
- SHA_LENGTH, /* r_temp=(dss_g^dss_k)mod(dss_p)*/
- dss_k_a,
- dss_p_bytes,
- dss_p_a,
- r_temp )) != SUCCESS )
- {
- ERROR_BREAK;
- }
- if (( status = PartReduct ( dss_p_bytes,
- r_temp,
- SHA_LENGTH, /* r=(r_temp)mod(dss_q) */
- dss_q_a,
- r_a )) != SUCCESS )
- {
- ERROR_BREAK;
- }
-/* Compute k modulo inverse value */
- if (( status = Inverse( SHA_LENGTH, /* k_inverse=dss_k^(-1)mod(dss_q)*/
- dss_k_a,
- SHA_LENGTH,
- dss_q_a,
- k_inverse )) != SUCCESS )
- {
- ERROR_BREAK;
- }
-/* Compute DSS s value */
- if (( status = Mul ( SHA_LENGTH, /* temp=(dss_x*r)mod(dss_q) */
- dss_x_a,
- SHA_LENGTH,
- r_a,
- SHA_LENGTH,
- dss_q_a,
- temp )) != SUCCESS )
- {
- ERROR_BREAK;
- }
-
- /* Add( temp, hash_result_a,
- SHA_LENGTH, dss_q_a, temp ); temp=(temp+hash_result)mod(dss_q)*/
-
- Add( temp, hash_result_a,
- SHA_LENGTH, dss_q_a );
- if (( status = Mul ( SHA_LENGTH, /* s=(temp*k_inverse)mod(dss_q) */
- temp,
- SHA_LENGTH,
- k_inverse,
- SHA_LENGTH,
- dss_q_a,
- s_a )) != SUCCESS )
- {
- ERROR_BREAK;
- }
- END_PROCESSING
-
- DSS_ALIGN_FREE(dss_p_a,dss_p); /*TKL01101*/
- DSS_ALIGN_FREE(dss_g_a,dss_g); /*TKL01101*/
- DSS_ALIGN_FREE(dss_q_a,dss_q); /*TKL01101*/
- ALIGN_FREE(dss_x_a);
- ALIGN_FREE(dss_k_a);
- ALIGN_FREE(hash_result_a);
- ALIGN_COPY_FREE(r_a,r,SHA_LENGTH);
- ALIGN_COPY_FREE(s_a,s,SHA_LENGTH);
-
- if (DataOrder)
- {
- if (dss_p)
- BigSwap(dss_p, dss_p_bytes);
- if (dss_q)
- BigSwap(dss_q, SHA_LENGTH);
- if (dss_g)
- BigSwap(dss_g, dss_p_bytes);
- BigSwap(dss_x, SHA_LENGTH);
- BigSwap(dss_k, SHA_LENGTH);
- BigSwap(hash_result, SHA_LENGTH);
- BigSwap(r, SHA_LENGTH);
- BigSwap(s, SHA_LENGTH);
- }
-
- return status;
-}
-
-/****************************************************************************
-* NAME: int VerDSSSignature( u_int16_t dss_p_bytes,
-* uchar *dss_p,
-* uchar *dss_q,
-* uchar *dss_g,
-* uchar *dss_y,
-* uchar *r,
-* uchar *s,
-* uchar *hash_result)
-*
-* DESCRIPTION: Verify a DSS Signature
-*
-* INPUTS:
-* PARAMETERS:
-* u_int16_t dss_p_bytes Length of dss_p
-* uchar *dss_p Pointer to p prime
-* uchar *dss_q Pointer to q prime
-* uchar *dss_g Pointer to g
-* uchar *dss_y Pointer to public number
-* uchar *hash_result Pointer to message hashing result
-* OUTPUT:
-* PARAMETERS:
-*
-* RETURN:
-* SUCCESS No errors
-* ERR_SIGNATURE Signature is not valid
-* ERR_DSS_LEN Invalid length for dss_p
-* ERR_ALLOC Insufficient memory
-*
-* REVISION HISTORY:
-*
-* 24 Sep 94 KPZ Initial release
-* 14 Oct 94 GKL Second version (big endian support)
-* 26 Oct 94 GKL (alignment for big endian support & ERR_ALLOC)
-* 08 Dec 94 GKL Changed Expo call
-* 21 Aug 96 AAB DoubleExpo call
-****************************************************************************/
-
-int VerDSSSignature( u_int16_t dss_p_bytes,
- uchar *dss_p,
- uchar *dss_q,
- uchar *dss_g,
- uchar *dss_y,
- uchar *r,
- uchar *s,
- uchar *hash_result)
-{
- int status = SUCCESS; /* function return status */
- ord w[(SHA_LENGTH / sizeof(ord)) + 1];
- ord u1[SHA_LENGTH / sizeof(ord)];
- ord u2[SHA_LENGTH / sizeof(ord)];
- ord *v;
- ord *dss_p_a;
- ord *dss_g_a;
- ord *dss_q_a;
- ord *dss_y_a;
- ord *hash_result_a;
- ord *r_a;
- ord *s_a;
- if ( (dss_p_bytes < DSS_LENGTH_MIN) || /* less than minimal */
- (dss_p_bytes > DSS_LENGTH_MAX) ) /* more than maximal */
- {
- status = ERR_DSS_LEN; /* invalid length for dss_p */
- return status;
- }
- if ( dss_p_bytes & 0x07 ) /* not multiple 8 (64 bit)*/
- {
- status = ERR_DSS_LEN; /* invalid length for dss_p */
- return status;
- }
-
- if (DataOrder)
- {
- if (dss_p)
- BigSwap(dss_p, dss_p_bytes);
- if (dss_q)
- BigSwap(dss_q, SHA_LENGTH);
- if (dss_g)
- BigSwap(dss_g, dss_p_bytes);
- BigSwap(dss_y, dss_p_bytes);
- BigSwap(hash_result, SHA_LENGTH);
- BigSwap(r, SHA_LENGTH);
- BigSwap(s, SHA_LENGTH);
- }
-
- DSS_P_ALIGN_CALLOC_COPY(dss_p, dss_p_a, dss_p_bytes); /*TKL01101*/
- DSS_Q_ALIGN_CALLOC_COPY(dss_q, dss_q_a, SHA_LENGTH); /*TKL01101*/
- DSS_G_ALIGN_CALLOC_COPY(dss_g, dss_g_a, dss_p_bytes); /*TKL01101*/
-
- ALIGN_CALLOC_COPY(dss_y, dss_y_a, dss_p_bytes);
- ALIGN_CALLOC_COPY(hash_result, hash_result_a, SHA_LENGTH);
- ALIGN_CALLOC_COPY(r, r_a, SHA_LENGTH);
- ALIGN_CALLOC_COPY(s, s_a, SHA_LENGTH);
- CALLOC(v,ord,dss_p_bytes);
-
- if ( status != SUCCESS )
- {
- if( dss_p_a )
- {
- DSS_ALIGN_FREE(dss_p_a,dss_p);
- }
- if( dss_g_a )
- {
- DSS_ALIGN_FREE(dss_g_a,dss_g);
- }
- if ( dss_q_a )
- {
- DSS_ALIGN_FREE(dss_q_a,dss_q);
- }
- if( dss_y_a )
- {
- ALIGN_FREE(dss_y_a);
- }
- if( hash_result_a )
- {
- ALIGN_FREE(hash_result_a);
- }
- if( r_a )
- {
- ALIGN_FREE(r_a);
- }
- if( s_a )
- {
- ALIGN_FREE(s_a);
- }
- if( v )
- {
- free ( v );
- }
- if (DataOrder)
- {
- if (dss_p)
- BigSwap(dss_p, dss_p_bytes);
- if (dss_q)
- BigSwap(dss_q, SHA_LENGTH);
- if (dss_g)
- BigSwap(dss_g, dss_p_bytes);
- BigSwap(dss_y, dss_p_bytes);
- BigSwap(hash_result, SHA_LENGTH);
- BigSwap(r, SHA_LENGTH);
- BigSwap(s, SHA_LENGTH);
- }
-
- return status; /* ERR_ALLOC insufficient memory */
- }
-
- BEGIN_PROCESSING
- if (( status = Inverse( SHA_LENGTH, /* w=dss_k^(-1)mod(dss_q)*/
- s_a,
- SHA_LENGTH,
- dss_q_a,
- w )) !=SUCCESS )
- {
- ERROR_BREAK;
- }
- if (( status = Mul ( SHA_LENGTH, /* u1=(hash_result_*w)mod(dss_q) */
- hash_result_a,
- SHA_LENGTH,
- w,
- SHA_LENGTH,
- dss_q_a,
- u1 )) != SUCCESS )
- {
- ERROR_BREAK;
- }
- if (( status = Mul ( SHA_LENGTH, /* u2=(r*w)mod(dss_q) */
- r_a,
- SHA_LENGTH,
- w,
- SHA_LENGTH,
- dss_q_a,
- u2 )) != SUCCESS )
- {
- ERROR_BREAK;
- }
- /* v = dss_g_a^u1*dss_y_a^u2 moddss_p_a */
- if((status = DoubleExpo( dss_p_bytes, dss_g_a,
- SHA_LENGTH, u1,
- dss_p_bytes, dss_y_a,
- SHA_LENGTH, u2,
- dss_p_bytes, dss_p_a, v)) != SUCCESS )
- {
-
- ERROR_BREAK;
- }
- if (( status = PartReduct ( dss_p_bytes, /*v = v mod(dss_q)*/
- v,
- SHA_LENGTH,
- dss_q_a,
- v )) != SUCCESS )
- {
- ERROR_BREAK;
- }
-
- if (( status = memcmp( r_a, v, SHA_LENGTH)) != 0) /*if v=r sign valid */
- {
- status = ERR_SIGNATURE; /* signature is not valid */
- ERROR_BREAK;
- }
- END_PROCESSING
- free ( v );
- DSS_ALIGN_FREE(dss_p_a,dss_p); /*TKL01101*/
- DSS_ALIGN_FREE(dss_g_a,dss_g); /*TKL01101*/
- DSS_ALIGN_FREE(dss_q_a,dss_q); /*TKL01101*/
- ALIGN_FREE(dss_y_a);
- ALIGN_FREE(hash_result_a);
- ALIGN_FREE(r_a);
- ALIGN_FREE(s_a);
-
- if (DataOrder)
- {
- if (dss_p)
- BigSwap(dss_p, dss_p_bytes);
- if (dss_q)
- BigSwap(dss_q, SHA_LENGTH);
- if (dss_g)
- BigSwap(dss_g, dss_p_bytes);
- BigSwap(dss_y, dss_p_bytes);
- BigSwap(hash_result, SHA_LENGTH);
- BigSwap(r, SHA_LENGTH);
- BigSwap(s, SHA_LENGTH);
- }
-
- return status;
-}
-
-
-/****************************************************************************
-* NAME: int GenDSSKey( u_int16_t dss_p_bytes,
-* uchar *dss_p,
-* uchar *dss_q,
-* uchar *dss_g,
-* uchar *dss_x,
-* uchar *dss_y,
-* uchar *XKEY )
-*
-*
-* DESCRIPTION: Compute DSS public/secret number pair.
-*
-* INPUTS:
-* PARAMETERS:
-* u_int16_t dss_p_bytes Length of modulo
-* uchar *dss_p Pointer to modulo
-* uchar *dss_q Pointer to modulo
-* uchar *dss_g Pointer to public key
-* uchar *XKEY Pointer to user supplied random number
-*
-*
-* OUTPUT:
-* PARAMETERS:
-* uchar *dss_x Pointer to secret key
-* uchar *dss_y Pointer to public key
-* uchar *XKEY Pointer to updated number
-*
-* RETURN:
-* SUCCESS No errors
-* ERR_INPUT_LEN Invalid length for input data
-* ERR_DATA Generic data error
-* ERR_ALLOC Insufficient memory
-* REVISION HISTORY:
-*
-* 24 Sep 94 KPZ Initial release
-* 14 Oct 94 GKL Second version (big endian support)
-* 26 Oct 94 GKL (alignment for big endian support & ERR_ALLOC)
-* 08 Dec 94 GKL Changed Expo call
-*
-****************************************************************************/
-
-int GenDSSKey( u_int16_t dss_p_bytes,
- uchar *dss_p,
- uchar *dss_q,
- uchar *dss_g,
- uchar *dss_x,
- uchar *dss_y,
- uchar *XKEY )
-{
-
- int status = SUCCESS; /* function return status */
- SHA_context hash_context; /* SHA context structure */
- uchar M[DSS_LENGTH_MIN]; /* message block */
- ord *dss_p_a;
- ord *dss_q_a;
- ord *dss_g_a;
- ord *dss_x_a;
- ord *dss_y_a;
- ord *XKEY_a;
- if ( (dss_p_bytes < DSS_LENGTH_MIN) || /* less than minimal */
- (dss_p_bytes > DSS_LENGTH_MAX) ) /* more than maximal */
- {
- status = ERR_DSS_LEN; /* invalid length for dss_p */
- return status;
- }
- if ( dss_p_bytes & 0x07 ) /* not multiple 8 (64 bit)*/
- {
- status = ERR_DSS_LEN; /* invalid length for dss_p */
- return status;
- }
- if (DataOrder)
- {
- if (dss_p)
- BigSwap(dss_p, dss_p_bytes);
- if (dss_q)
- BigSwap(dss_q, SHA_LENGTH);
- if (dss_g)
- BigSwap(dss_g, dss_p_bytes);
- }
-
- DSS_P_ALIGN_CALLOC_COPY(dss_p, dss_p_a, dss_p_bytes); /*TKL01101*/
- DSS_G_ALIGN_CALLOC_COPY(dss_g, dss_g_a, dss_p_bytes); /*TKL01101*/
- DSS_Q_ALIGN_CALLOC_COPY(dss_q, dss_q_a, SHA_LENGTH); /*TKL01101*/
- ALIGN_CALLOC(dss_x, dss_x_a, SHA_LENGTH);
- ALIGN_CALLOC(dss_y, dss_y_a, dss_p_bytes);
- if ( status != SUCCESS )
- {
- if( dss_p_a )
- DSS_ALIGN_FREE(dss_p_a,dss_p);
- if( dss_g_a )
- DSS_ALIGN_FREE(dss_g_a,dss_g);
- if( dss_q_a )
- DSS_ALIGN_FREE(dss_q_a,dss_q);
- if( dss_x_a )
- {
- memset(dss_x_a, 0, SHA_LENGTH );
- ALIGN_COPY_FREE(dss_x_a,dss_x,SHA_LENGTH);
- }
- if( dss_y_a )
- {
- ALIGN_COPY_FREE(dss_y_a,dss_y,dss_p_bytes);
- }
-
- if (DataOrder)
- {
- if (dss_p)
- BigSwap(dss_p, dss_p_bytes);
- if (dss_q)
- BigSwap(dss_q, SHA_LENGTH);
- if (dss_g)
- BigSwap(dss_g, dss_p_bytes);
- }
- return status; /* ERR_ALLOC insufficient memory */
- }
-
- BEGIN_PROCESSING
- SHAInit ( &hash_context );
- memcpy( M, XKEY, SHA_LENGTH);
- memset( M + SHA_LENGTH, 0, DSS_LENGTH_MIN - SHA_LENGTH );
- if ( (status = SHAUpdate( &hash_context, M, DSS_LENGTH_MIN ))
- != SUCCESS )
- {
- ERROR_BREAK;
- }
- if ( (status = MySHAFinal (&hash_context, (uchar *)dss_x_a)) != SUCCESS )
- {
- ERROR_BREAK;
- }
- if (( status = PartReduct ( SHA_LENGTH, /* dss_x = dss_x mod(dss_q)*/
- dss_x_a,
- SHA_LENGTH,
- dss_q_a,
- dss_x_a )) != SUCCESS )
- {
- ERROR_BREAK;
- }
-
- BigSwap(XKEY, SHA_LENGTH);
- ALIGN_CALLOC_COPY(XKEY, XKEY_a, SHA_LENGTH);
- if ( status != SUCCESS )
- {
- if( XKEY_a )
- {
- ALIGN_COPY_FREE(XKEY_a,XKEY,SHA_LENGTH);
- BigSwap(XKEY, SHA_LENGTH);
- return status; /* ERR_ALLOC insufficient memory */
- }
- }
-
- Sum_Q((ord*)XKEY_a, 1, SHA_LENGTH / sizeof (ord) );
-
- Sum_big( XKEY_a, dss_x_a, /* XKEY=XKEY+dss_x */
- XKEY_a, SHA_LENGTH / sizeof(ord) );
-
- ALIGN_COPY_FREE(XKEY_a,XKEY,SHA_LENGTH);
- BigSwap(XKEY, SHA_LENGTH);
-
- if (( status = Expo ( dss_p_bytes, /*dss_y = g^dss_x mod(dss_p)*/
- dss_g_a,
- SHA_LENGTH,
- dss_x_a,
- dss_p_bytes,
- dss_p_a,
- dss_y_a)) != SUCCESS ) /*TKL00601*/
- {
- ERROR_BREAK;
- }
- END_PROCESSING
-
- DSS_ALIGN_FREE(dss_p_a,dss_p); /*TKL01101*/
- DSS_ALIGN_FREE(dss_g_a,dss_g); /*TKL01101*/
- DSS_ALIGN_FREE(dss_q_a,dss_q); /*TKL01101*/
- ALIGN_COPY_FREE(dss_x_a,dss_x,SHA_LENGTH);
- ALIGN_COPY_FREE(dss_y_a,dss_y,dss_p_bytes);
- if (DataOrder)
- {
- if (dss_p)
- BigSwap(dss_p, dss_p_bytes);
- if (dss_q)
- BigSwap(dss_q, SHA_LENGTH);
- if (dss_g)
- BigSwap(dss_g, dss_p_bytes);
- BigSwap(dss_x, SHA_LENGTH);
- BigSwap(dss_y, dss_p_bytes);
- }
-
- return status;
-}
-
-
-
-/****************************************************************************
-* NAME: int GenDSSNumber( uchar *dss_k,
-* uchar *dss_q,
-* uchar *KKEY )
-*
-* DESCRIPTION: Generate secret number
-*
-* INPUTS:
-* PARAMETERS:
-* uchar *KKEY Pointer to input random number
-* uchar *dss_q Pointer to modulo
-*
-*
-* OUTPUT:
-* PARAMETERS:
-* uchar *dss_x Pointer to secret number
-* uchar *KKEY Pointer to updated KKEY
-*
-* RETURN:
-* SUCCESS No errors
-* ERR_DATA Generic data error
-* ERR_ALLOC Insufficient memory
-* REVISION HISTORY:
-*
-* 24 Sep 94 KPZ Initial release
-* 14 Oct 94 GKL Second version (big endian support)
-* 26 Oct 94 GKL (alignment for big endian support & ERR_ALLOC)
-*
-****************************************************************************/
-
-int GenDSSNumber( uchar *dss_k,
- uchar *dss_q,
- uchar *KKEY )
-{
-
- int status = SUCCESS; /* function return status */
- ord *dss_k_a;
- ord *dss_q_a;
- ord *KKEY_a;
- SHA_context hash_context; /* SHA context structure*/
- uchar M[DSS_LENGTH_MIN]; /* message block */
-
- if (DataOrder)
- {
- if (dss_q)
- BigSwap(dss_q, SHA_LENGTH);
- }
-
- DSS_Q_ALIGN_CALLOC_COPY(dss_q, dss_q_a, SHA_LENGTH); /*TKL01101*/
- ALIGN_CALLOC(dss_k, dss_k_a, SHA_LENGTH);
- if ( status != SUCCESS )
- {
- if( dss_q_a )
- DSS_ALIGN_FREE(dss_q_a,dss_q);
- if( dss_k_a )
- {
- ALIGN_COPY_FREE(dss_k_a,dss_k,SHA_LENGTH);
- }
- if (DataOrder)
- {
- if (dss_q)
- BigSwap(dss_q, SHA_LENGTH);
- }
- return status; /* ERR_ALLOC insufficient memory */
- }
-
- BEGIN_PROCESSING
- SHAInitK ( &hash_context );
- memcpy( M, KKEY, SHA_LENGTH);
- memset( M + SHA_LENGTH, 0, DSS_LENGTH_MIN - SHA_LENGTH );
- if ( (status = SHAUpdate( &hash_context, M, DSS_LENGTH_MIN ))
- != SUCCESS )
- {
- ERROR_BREAK;
- }
- if ( (status = MySHAFinal (&hash_context, (uchar *)dss_k_a)) != SUCCESS )
- {
- ERROR_BREAK;
- }
- if (( status = PartReduct ( SHA_LENGTH, /* dss_k = dss_k mod(dss_q)*/
- dss_k_a,
- SHA_LENGTH,
- dss_q_a,
- dss_k_a )) != SUCCESS )
- {
- ERROR_BREAK;
- }
- BigSwap(KKEY, SHA_LENGTH);
- ALIGN_CALLOC_COPY(KKEY, KKEY_a, SHA_LENGTH );
- if ( status != SUCCESS )
- {
- if ( KKEY_a )
- {
- ALIGN_COPY_FREE(KKEY_a,KKEY,SHA_LENGTH);
- BigSwap(KKEY, SHA_LENGTH);
- }
- return status; /* ERR_ALLOC insufficient memory */
- }
-
- Sum_Q( KKEY_a, 1, SHA_LENGTH / sizeof(ord));
-
- Sum_big( KKEY_a, dss_k_a, /* KKEY=KKEY+dss_k*/
- KKEY_a, SHA_LENGTH / sizeof(ord) );
-
- ALIGN_COPY_FREE(KKEY_a,KKEY,SHA_LENGTH);
- BigSwap(KKEY, SHA_LENGTH);
-
- END_PROCESSING
-
- DSS_ALIGN_FREE(dss_q_a,dss_q); /*TKL01101*/
-
- ALIGN_COPY_FREE(dss_k_a,dss_k,SHA_LENGTH);
- if (DataOrder)
- {
- if (dss_q)
- BigSwap(dss_q, SHA_LENGTH);
- BigSwap(dss_k, SHA_LENGTH);
- }
-
- return status;
-}
-
-
-/****************************************************************************
-* NAME: int GenDSSParameters( u_int16_t dss_p_bytes,
-* uchar *dss_p,
-* uchar *dss_q,
-* uchar *dss_g,
-* uchar *RVAL,
-* YIELD_context *yield_cont )
-*
-* DESCRIPTION: Generate DSS Common Parameters
-*
-* INPUTS:
-* PARAMETERS:
-* u_int16_t dss_p_bytes Number of bytes in dss_p
-* uchar *RVAL Pointer to user supplied random number
-* YIELD_context *yield_cont Pointer to yield_cont structure (NULL if not used)
-* OUTPUT:
-* PARAMETERS:
-* uchar *dss_p Pointer to N-byte prime number
-* uchar *dss_q Pointer to SHA_LENGTH prime number
-* uchar *dss_g Pointer to N-byte number
-* RETURN:
-* SUCCESS No errors
-* ERR_INPUT_LEN Invalid length for input data(zero bytes)
-* ERR_DSS_LEN; Invalid length for dss_p
-* ERR_ALLOC Insufficient memory
-* REVISION HISTORY:
-*
-* 24 Sep 94 KPZ Initial release
-* 14 Oct 94 GKL Second version (big endian support)
-* 26 Oct 94 GKL (alignment for big endian support & ERR_ALLOC)
-* 08 Dec 94 GKL Added YIELD_context
-*
-****************************************************************************/
-
- int GenDSSParameters( u_int16_t dss_p_bytes,
- uchar *dss_p,
- uchar *dss_q,
- uchar *dss_g,
- uchar *RVAL,
- YIELD_context *yield_cont ) /*TKL00701*/
-{
- int status = SUCCESS; /* function return status */
- ord seed[SHA_LENGTH / sizeof (ord)];
- ord u[SHA_LENGTH / sizeof (ord)]; /* work buffers */
- ord u1[SHA_LENGTH / sizeof (ord)];
- ord *dss_p_a;
- ord *dss_q_a;
- ord *dss_g_a;
- ord *RVAL_a;
- ord ofone[SHA_LENGTH / sizeof(ord)];
- ord dss_q2[SHA_LENGTH / sizeof(ord) + 1]; /* dss_q2 = 2 * q */
- ord v[SHA_LENGTH / sizeof(ord)];
- ord *w, *c, *c1, *one, *e; /* Pointers to work buffers */
- u_int16_t i, n, count, offset, k; /* counters */
- u_int16_t dss_p_longs; /* number of longs */
- if ( dss_p_bytes == 0 ) /* invalid length for input data (zero bytes) */
- {
- status = ERR_INPUT_LEN;
- return status;
- }
- if ( (dss_p_bytes < DSS_LENGTH_MIN) || /* less than minimal */
- (dss_p_bytes > DSS_LENGTH_MAX) ) /* more than maximal */
- {
- status = ERR_DSS_LEN; /* invalid length for dss_p */
- return status;
- }
- if ( dss_p_bytes & 0x07 ) /* not multiple 4 (64 bit)*/
- {
- status = ERR_DSS_LEN; /* invalid length for dss_p */
- return status;
- }
-
- n = (u_int16_t) (dss_p_bytes / SHA_LENGTH); /* SHA passes count */
- dss_p_longs = (u_int16_t) (dss_p_bytes / sizeof(ord)); /* number of long in dss_p */
- CALLOC(w, ord, (n + 1) * SHA_LENGTH);
- CALLOC(c, ord, dss_p_bytes);
- CALLOC(c1, ord, dss_p_bytes);
- CALLOC(one, ord, dss_p_bytes);
- CALLOC(e,ord, dss_p_bytes - SHA_LENGTH + sizeof(ord));
- ALIGN_CALLOC_MOVE(RVAL, RVAL_a, SHA_LENGTH);
- ALIGN_CALLOC(dss_p, dss_p_a, dss_p_bytes);
- ALIGN_CALLOC(dss_q, dss_q_a, SHA_LENGTH);
- ALIGN_CALLOC(dss_g, dss_g_a, dss_p_bytes);
- if ( status != SUCCESS )
- {
- if( e )
- free ( e );
- if( one )
- free ( one );
- if( c )
- free ( c );
- if( w )
- free ( w );
- if( c1 )
- free ( c1 );
- if( dss_p_a )
- {
- ALIGN_COPY_FREE(dss_p_a, dss_p, dss_p_bytes);
- }
- if( dss_q_a )
- {
- ALIGN_COPY_FREE(dss_q_a, dss_q, SHA_LENGTH);
- }
- if( dss_g_a )
- {
- ALIGN_COPY_FREE(dss_g_a, dss_g, dss_p_bytes);
- }
- if( RVAL_a )
- {
- ALIGN_MOVE_FREE(RVAL_a, RVAL, SHA_LENGTH);
- }
- return status; /* ERR_ALLOC insufficient memory */
- }
- one[0] = 1;
- BEGIN_PROCESSING /* Generate DSS Common Parameters */
-
- BEGIN_LOOP /* Generate prime & dss_p */ /*TKL00501*/
- /* generate prime number of length 160-bit */
- do
- {
- MyGenRand( SHA_LENGTH, seed, RVAL_a); /* generate random number */
- /* compute message digest from seed */
- if ( (status = MySHA((uchar *)seed, SHA_LENGTH, (uchar *)u)) != SUCCESS )
- {
- break; /* error */
- }
- memcpy(ofone, seed,SHA_LENGTH);
- Sum_Q( ofone, 1, SHA_LENGTH / sizeof(ord) );
- /* compute message digest from seed */
- if ( (status = MySHA( (uchar *)ofone, SHA_LENGTH,(uchar *)dss_q_a)) != SUCCESS )
- {
- break; /* error */
- }
-
- for ( i = 0; i < (SHA_LENGTH / sizeof(ord)); i++ ) /* dss_q = dss_q ^ u */
- {
- dss_q_a[i] = dss_q_a[i] ^ u[i];
- }
- /* set least and most significant bits */
- dss_q_a[SHA_LENGTH / sizeof(ord) - 1] |= ((ord)1 << (BITS_COUNT-1));
- dss_q_a[0] |= 0x01;
- } while ( VerPrime( SHA_LENGTH, dss_q_a, TEST_COUNT, RVAL_a, yield_cont) /*TKL00701*/
- != SUCCESS ); /* perform a robust primality test */
- if (status != SUCCESS )
- {
- ERROR_BREAK;
- }
- /* dss_q2 = 2 * dss_q */
- memcpy( dss_q2, dss_q_a, SHA_LENGTH );
- dss_q2[SHA_LENGTH / sizeof(ord)] = 0;
- LShiftL_big( dss_q2, SHA_LENGTH / sizeof(ord) +1, 1 );
- count = 0;
- offset = 2;
- memset( ofone, 0, SHA_LENGTH );
- do /* find dss_p */
- {
- /* generate random number by dss_p bytes */
- for ( k = 0; k <= n; k++ )
- {
- ofone[0] = offset + k;
- /* v = ofone + seed */
- Sum_big( seed, ofone, v, SHA_LENGTH / sizeof(ord) );
- if ( (status = MySHA ( (uchar *)v, SHA_LENGTH,
- (uchar *)( w + (SHA_LENGTH / sizeof(ord)) * k )))
- != SUCCESS ) /* compute message digest */
- {
- break; /* error */
- }
- }
- if (status != SUCCESS )
- {
- break; /* error */
- }
- /* set most significant bit */
- w[dss_p_longs - 1] |= ((ord)1 << (BITS_COUNT-1));
- memcpy( c, w, dss_p_bytes);
- /* c1 = c mod(dss_q2) */
- if( (status = PartReduct( dss_p_bytes, c,
- SHA_LENGTH + sizeof(ord),
- dss_q2, c1)) != SUCCESS )
- {
- break; /* error */
- }
- /* c1 = c1 - 1*/
- Sub_big( c1, one, c1, dss_p_longs );
- /* dss_p = w - c1 */
- Sub_big( w, c1, dss_p_a, dss_p_longs );
- if ( dss_p_a[dss_p_bytes / sizeof(ord) - 1] >= (ord)((ord)1 << (BITS_COUNT-1)) )
- {
- if ( VerPrime ( dss_p_bytes, dss_p_a, TEST_COUNT, RVAL_a, yield_cont) /*TKL00701*/
- == SUCCESS ) /* perform a robust primality test */
- {
- break;
- }
- }
- count++;
- offset = (u_int16_t) (offset + n + 1);
- } while ( count < 4096);
- if (status != SUCCESS )
- {
- ERROR_BREAK;
- }
- if (count != 4096) /*TKL00501*/
- {
- BREAK; /*TKL00501*/
- }
- END_LOOP /* Generate dss_p */ /*TKL00501*/
-
- if (status != SUCCESS )
- {
- ERROR_BREAK;
- }
- dss_p_a[0] -= 1; /* dss_p = dss_p - 1 */
- if ( (status= DivRem (dss_p_bytes, dss_p_a, SHA_LENGTH, dss_q_a, u1,
- e )) != SUCCESS ) /* e = dss_p / dss_q */
- {
- ERROR_BREAK;
- }
- dss_p_a[0] += 1; /* dss_p = dss_p + 1 */
-
- BEGIN_LOOP /* Generate dss_g */ /*TKL00501*/
- MyGenRand( SHA_LENGTH, u, RVAL_a ); /*generate random number*/
- u[SHA_LENGTH / sizeof(ord) - 1] &= ~((ord)1 << (BITS_COUNT-1)); /* u < dss_q */
- if ( (status = Expo( SHA_LENGTH, u, (u_int16_t)(dss_p_bytes - SHA_LENGTH +
- sizeof(ord)), e, dss_p_bytes, dss_p_a, dss_g_a ))
- != SUCCESS ) /* dss_g = e ^ u mod(dss_p) */
- {
- ERROR_BREAK;
- }
- if ( dss_g_a[0] == 1 ) /* check dss_g == 1 */
- {
- for ( i = 1; i < (dss_p_bytes / sizeof(ord)); i++ )
- {
- if ( dss_g_a[i] != 0 )
- {
- break;
- }
- }
- if ( i == (dss_p_bytes / sizeof(ord)) )
- {
- CONTINUE;
- }
- }
- BREAK; /*TKL00501*/
- END_LOOP /* Generate dss_g */ /*TKL00501*/
- END_PROCESSING /* Generate DSS Common Parameters */
- free ( e );
- free ( one );
- free ( c );
- free ( w );
- free ( c1 );
- ALIGN_COPY_FREE(dss_p_a, dss_p, dss_p_bytes);
- ALIGN_COPY_FREE(dss_q_a, dss_q, SHA_LENGTH);
- ALIGN_COPY_FREE(dss_g_a, dss_g, dss_p_bytes);
- ALIGN_MOVE_FREE(RVAL_a, RVAL, SHA_LENGTH);
- if (DataOrder)
- {
- BigSwap(dss_p, dss_p_bytes);
- BigSwap(dss_q, SHA_LENGTH);
- BigSwap(dss_g, dss_p_bytes);
- }
- return status;
-}
-
-
-/****************************************************************************
-* NAME: int GetDSSPQG(u_int16_t dss_p_bytes,
-* uchar *dss_p,
-* uchar *dss_q,
-* uchar *dss_g)
-*
-* DESCRIPTION: Copy Cylink DSS P,Q,G numbers to *dss_p,*dss_q,*dss_g
-*
-* INPUTS:
-* PARAMETERS:
-* u_int16_t dss_p_bytes Number of bytes in dss_p
-* uchar *dss_p Pointer to N-byte buffer
-* uchar *dss_q Pointer to SHA_LENGTH-byte buffer
-* uchar *dss_g Pointer to N-byte buffer
-* OUTPUT:
-* RETURN:
-* SUCCESS No errors
-* ERR_DSS_LEN; Invalid length for dss_p
-* REVISION HISTORY:
-*
-* 22 Apr 95 GKL Initial release LOG TKL01201
-*
-****************************************************************************/
-int GetDSSPQG(u_int16_t dss_p_bytes,
- uchar *dss_p,
- uchar *dss_q,
- uchar *dss_g)
-{
- int status = SUCCESS; /* function return status */
- ord *dss_p_a;
- ord *dss_g_a;
-
- if ( (dss_p_bytes < DSS_LENGTH_MIN) || /* less than minimal */
- (dss_p_bytes > DSS_LENGTH_MAX) ) /* more than maximal */
- {
- status = ERR_DSS_LEN; /* invalid length for dss_p */
- return status;
- }
- if ( dss_p_bytes & 0x07 ) /* not multiple 8 (64 bit)*/
- {
- status = ERR_DSS_LEN; /* invalid length for dss_p */
- return status;
- }
- dss_p_a = &DSS_P_NUMBERS[DSS_NUM_INDEX[(dss_p_bytes-DSS_LENGTH_MIN)/LENGTH_STEP]];
- dss_g_a = &DSS_G_NUMBERS[DSS_NUM_INDEX[(dss_p_bytes-DSS_LENGTH_MIN)/LENGTH_STEP]];
- OrdByte(dss_p_a,dss_p_bytes,dss_p);
- OrdByte(dss_g_a,dss_p_bytes,dss_g);
- OrdByte(DSS_Q_NUMBER,SHA_LENGTH,dss_q);
- if (DataOrder)
- {
- BigSwap(dss_p, dss_p_bytes);
- BigSwap(dss_q, SHA_LENGTH);
- BigSwap(dss_g, dss_p_bytes);
- }
-
- return status;
-}
-
-
+++ /dev/null
-/*
- * Cylink Corporation © 1998
- *
- * This software is licensed by Cylink to the Internet Software Consortium to
- * promote implementation of royalty free public key cryptography within IETF
- * standards. Cylink wishes to expressly thank the contributions of Dr.
- * Martin Hellman, Whitfield Diffie, Ralph Merkle and Stanford University for
- * their contributions to Internet Security. In accordance with the terms of
- * this license, ISC is authorized to distribute and sublicense this software
- * for the practice of IETF standards.
- *
- * The software includes BigNum, written by Colin Plumb and licensed by Philip
- * R. Zimmermann for royalty free use and distribution with Cylink's
- * software. Use of BigNum as a stand alone product or component is
- * specifically prohibited.
- *
- * Disclaimer of All Warranties. THIS SOFTWARE IS BEING PROVIDED "AS IS",
- * WITHOUT ANY EXPRESSED OR IMPLIED WARRANTY OF ANY KIND WHATSOEVER. IN
- * PARTICULAR, WITHOUT LIMITATION ON THE GENERALITY OF THE FOREGOING, CYLINK
- * MAKES NO REPRESENTATION OF THIS SOFTWARE OR ITS FITNESS FOR ANY PARTICULAR
- * PURPOSE.
- *
- * Cylink or its representatives shall not be liable for tort, indirect,
- * special or consequential damages such as loss of profits or loss of
- * goodwill from the use or inability to use the software for any purpose or
- * for any reason whatsoever.
- *
- * EXPORT LAW: Export of the Foundations Suite may be subject to compliance
- * with the rules and regulations promulgated from time to time by the Bureau
- * of Export Administration, United States Department of Commerce, which
- * restrict the export and re-export of certain products and technical data.
- * If the export of the Foundations Suite is controlled under such rules and
- * regulations, then the Foundations Suite shall not be exported or
- * re-exported, directly or indirectly, (a) without all export or re-export
- * licenses and governmental approvals required by any applicable laws, or (b)
- * in violation of any applicable prohibition against the export or re-export
- * of any part of the Foundations Suite. All export licenses for software
- * containing the Foundations Suite are the sole responsibility of the licensee.
- */
-
-/**********************************************************************\
-* FILENAME: DSSNum.h PRODUCT NAME: CRYPTOGRAPHIC TOOLKIT
-*
-* DESCRIPTION: Standard Cylink DSS numbers (P Q G) support.
-*
-* USAGE: File should be included to get access to
-* Cylink DSS numbers
-*
-*
-* Copyright (c) Cylink Corporation 1995. All rights reserved.
-*
-* REVISION HISTORY:
-* 10 APR 95 GKL Initial release
-*
-\**********************************************************************/
-#ifndef DSSNUMBER_H /* Prevent multiple inclusions */
-#define DSSNUMBER_H
-
-#include "ctk_endian.h"
-
-#define LENGTH_MULT_TO_64
-
-#define F0 0
-#define F1 (F0 + 1)
-#define F2 (F1 + 2)
-#define F3 (F2 + 3)
-#define F4 (F3 + 4)
-#define F5 (F4 + 5)
-#define F6 (F5 + 6)
-#define F7 (F6 + 7)
-#define F8 (F7 + 8)
-#define F9 (F8 + 9)
-#define F10 (F9 + 10)
-#define F11 (F10 + 11)
-#define F12 (F11 + 12)
-#define F13 (F12 + 13)
-#define F14 (F13 + 14)
-#define F15 (F14 + 15)
-
-
-#ifdef LENGTH_MULT_TO_64
-#define LENGTH_STEP 8U
-#define LAST_F F8
-#endif
-
-#ifdef LENGTH_MULT_TO_32
-#define LENGTH_STEP 4U
-#define LAST_F (F15 + 16)
-#endif
-
-
-#define DSS_LENS_NUMBER (int) (1 + ( DSS_LENGTH_MAX - DSS_LENGTH_MIN )/LENGTH_STEP)
-
-#define DSS_LAST_INDEX (DSS_LENGTH_MIN*DSS_LENS_NUMBER + LENGTH_STEP*LAST_F)/sizeof(ord)
-
-#ifndef INITIALIZ_PQG
-
-extern ushort DSS_NUM_INDEX[ DSS_LENS_NUMBER ];
-extern ord DSS_Q_NUMBER[SHA_LENGTH/sizeof(ord)];
-extern ord DSS_P_NUMBERS[DSS_LAST_INDEX];
-extern ord DSS_G_NUMBERS[DSS_LAST_INDEX];
-
-#else
-ushort DSS_NUM_INDEX[ DSS_LENS_NUMBER ] =
-{
- (DSS_LENGTH_MIN*0 + LENGTH_STEP*0 )/sizeof(ord),
- (DSS_LENGTH_MIN*1 + LENGTH_STEP*F0 )/sizeof(ord),
- (DSS_LENGTH_MIN*2 + LENGTH_STEP*F1 )/sizeof(ord),
- (DSS_LENGTH_MIN*3 + LENGTH_STEP*F2 )/sizeof(ord),
- (DSS_LENGTH_MIN*4 + LENGTH_STEP*F3 )/sizeof(ord),
- (DSS_LENGTH_MIN*5 + LENGTH_STEP*F4 )/sizeof(ord),
- (DSS_LENGTH_MIN*6 + LENGTH_STEP*F5 )/sizeof(ord),
- (DSS_LENGTH_MIN*7 + LENGTH_STEP*F6 )/sizeof(ord),
- (DSS_LENGTH_MIN*8 + LENGTH_STEP*F7 )/sizeof(ord)
-#ifdef LENGTH_MULT_TO_32
- ,
- (DSS_LENGTH_MIN*9 + LENGTH_STEP*F8 )/sizeof(ord),
- (DSS_LENGTH_MIN*10 + LENGTH_STEP*F9 )/sizeof(ord),
- (DSS_LENGTH_MIN*11 + LENGTH_STEP*F10)/sizeof(ord),
- (DSS_LENGTH_MIN*12 + LENGTH_STEP*F11)/sizeof(ord),
- (DSS_LENGTH_MIN*13 + LENGTH_STEP*F12)/sizeof(ord),
- (DSS_LENGTH_MIN*14 + LENGTH_STEP*F13)/sizeof(ord),
- (DSS_LENGTH_MIN*15 + LENGTH_STEP*F14)/sizeof(ord),
- (DSS_LENGTH_MIN*16 + LENGTH_STEP*F15)/sizeof(ord)
-#endif
-};
-
-ord DSS_Q_NUMBER[SHA_LENGTH/sizeof(ord)] =
-#ifdef ORD_16
- {
- 0x8fb7, 0x81f0, 0x6b9e, 0x122a, 0x4dc4, 0x03ca, 0xc896, 0x8d0e, 0xbe3b, 0xed4b
- };
-#else
- {
- 0x81f08fb7L, 0x122a6b9eL, 0x03ca4dc4L, 0x8d0ec896L, 0xed4bbe3bL
- };
-#endif
-
-
-ord DSS_P_NUMBERS[DSS_LAST_INDEX] =
-#ifdef ORD_16
- {
- /* dss_p length = 512*/
- 0x92b7, 0xbd96, 0x9aab, 0x584c, 0xd617, 0xf2f0, 0xda85, 0xd370,
- 0xcc82, 0x273e, 0x6b04, 0xc171, 0x5c32, 0xd3ff, 0x352e, 0xf2f8,
- 0x4fc2, 0x20bc, 0xbdec, 0xe96e, 0x3503, 0x4d89, 0xe92d, 0xeb7d,
- 0x9c1a, 0x7852, 0xfe2a, 0x0a25, 0x4446, 0xce18, 0x7829, 0x95d8,
-#ifdef LENGTH_MULT_TO_32
- /* dss_p length = 544*/
- 0x12db, 0x0d31, 0x9950, 0x16c9, 0x3045, 0x0acb, 0x3c46, 0x3c5c,
- 0x6c94, 0x2458, 0x0736, 0x13da, 0xa0af, 0x790f, 0xb177, 0xa6ae,
- 0xd111, 0x2bda, 0x697c, 0x49a2, 0xe3e5, 0x6f27, 0x02f5, 0x9bc9,
- 0xd4da, 0x7d9b, 0x89c6, 0x63bc, 0x0b6d, 0xfe2d, 0xc7a1, 0x435f,
- 0x7fad, 0x9e40,
-#endif
- /* dss_p length = 576*/
- 0x626b, 0x41b5, 0xd218, 0x25bf, 0x1825, 0x42b3, 0x9eb0, 0xc244,
- 0x96ce, 0x22ac, 0x3ac6, 0x713f, 0x321d, 0x398c, 0x3022, 0xbc49,
- 0xdd03, 0x52d5, 0x29f8, 0x2a57, 0x8fa1, 0x2173, 0xee7d, 0xb90d,
- 0xcc64, 0x5fae, 0xaa81, 0xe3d0, 0x648f, 0xfa6e, 0xdc6c, 0x039f,
- 0x2cd6, 0xc552, 0xe2dc, 0xebec,
-#ifdef LENGTH_MULT_TO_32
- /* dss_p length = 608*/
- 0x35f5, 0xb2af, 0x27d0, 0x398b, 0x493d, 0x6f2e, 0xbe27, 0xe5b5,
- 0x972c, 0x3470, 0x9638, 0xe90e, 0xf7b7, 0x98ad, 0xd091, 0xb4ca,
- 0x3f43, 0x5f58, 0xb6c5, 0xd014, 0x25ee, 0x414d, 0xe2c1, 0x6fd6,
- 0xd737, 0x9be6, 0x66ca, 0xe241, 0x1897, 0xf740, 0xe5df, 0xceb0,
- 0xdb38, 0xabc8, 0x8af8, 0xc58b, 0xc6a0, 0x9a04,
-#endif
- /* dss_p length = 640*/
- 0x4095, 0xf6bf, 0x7568, 0x4032, 0x5c0f, 0x64f2, 0x5aae, 0xb099,
- 0x346f, 0x0e81, 0x357a, 0x7aeb, 0x0291, 0xfd0a, 0x8d54, 0xce80,
- 0x0c05, 0xbea3, 0x889f, 0x8a1b, 0xf1c1, 0x6049, 0x214a, 0x8ec3,
- 0xb926, 0xdde1, 0x61b4, 0x384e, 0x404b, 0xb6d7, 0x2e2d, 0x4584,
- 0xae6a, 0xcc7a, 0x7bfa, 0x9eb0, 0x3a26, 0x3904, 0x8cac, 0xc036,
-#ifdef LENGTH_MULT_TO_32
- /* dss_p length = 672*/
- 0x0abb, 0xaea3, 0xc749, 0x757c, 0x3035, 0x29d0, 0x46bd, 0xd56c,
- 0xf49d, 0xa355, 0x1297, 0x8dcb, 0x9802, 0xc58c, 0xf1ec, 0x8aac,
- 0x55dd, 0xb107, 0x0140, 0x26d1, 0x8a5d, 0x8a90, 0xf33e, 0xde0b,
- 0xb844, 0xb429, 0x4db2, 0x9806, 0xf629, 0x4c3b, 0xcd76, 0x2f23,
- 0x6c68, 0x7bf4, 0x2a7e, 0xd982, 0xc89f, 0x16a2, 0xfe84, 0x953c,
- 0x3e4a, 0x8de8,
-#endif
- /* dss_p length = 704*/
- 0x0113, 0x1535, 0xca0b, 0x8faf, 0xa327, 0x989c, 0x12c8, 0xe512,
- 0x796f, 0x1229, 0x12bf, 0x62c8, 0xa50a, 0x2b99, 0xc93b, 0x450c,
- 0x71ad, 0x0826, 0xf4c6, 0x3913, 0x9b6e, 0x96da, 0xa08d, 0xbc5e,
- 0xd4d3, 0x7b26, 0xf9fd, 0xdd76, 0x4e82, 0x2f06, 0x1f96, 0xbf47,
- 0xcadf, 0x3610, 0x917b, 0x4e94, 0xe2e8, 0x0eaf, 0x1cb9, 0x6b90,
- 0xb917, 0x6d6f, 0x92b9, 0xb329,
-#ifdef LENGTH_MULT_TO_32
- /* dss_p length = 736*/
- 0x6dad, 0xd878, 0xc913, 0xe61e, 0x87d9, 0xe275, 0xad24, 0xf090,
- 0xe12b, 0xfdfe, 0x39a3, 0xc9a1, 0x8330, 0x138a, 0x4bed, 0xc319,
- 0x8094, 0x88ba, 0x4b80, 0x1325, 0x7852, 0x67e2, 0x715e, 0x7313,
- 0x3b4e, 0x7727, 0x9870, 0x5c6e, 0xe0ce, 0xc67a, 0xd057, 0xf3c5,
- 0x55ea, 0x98ba, 0x6ea0, 0xaee7, 0x31e8, 0x3cd6, 0x0e28, 0x42d1,
- 0x8946, 0xc395, 0x34fc, 0x1b9d, 0x19d1, 0x86f9,
-#endif
- /* dss_p length = 768*/
- 0xe293, 0xea08, 0xcdd0, 0xf668, 0x8b2a, 0x06db, 0x7c71, 0xadb2,
- 0x943d, 0x6721, 0x54f5, 0xbc44, 0xf7ca, 0x3345, 0x1bf6, 0x0b90,
- 0xb475, 0xd3c4, 0xbdb6, 0x7caa, 0xa45f, 0xe9b4, 0x6e0e, 0x0c1a,
- 0xb5c3, 0x9760, 0x851a, 0x53af, 0x96b7, 0x4979, 0xf162, 0xe951,
- 0x6a54, 0xd020, 0x9ded, 0xdecb, 0xfc81, 0x7d74, 0x5e92, 0x2aee,
- 0x0946, 0x0eb5, 0x3700, 0x9bce, 0x845a, 0xa7a3, 0x157a, 0x8618,
-#ifdef LENGTH_MULT_TO_32
- /* dss_p length = 800*/
- 0xb0a1, 0xac27, 0xec4e, 0xf623, 0x55e2, 0x2cb6, 0x288b, 0x4b28,
- 0xd74e, 0xbbe6, 0xfdf7, 0xaecd, 0x5758, 0xe251, 0x9074, 0x1aee,
- 0xe6ed, 0x4d5e, 0x01d9, 0x529e, 0xf736, 0x0091, 0x0212, 0xc725,
- 0x60ce, 0x966f, 0x851d, 0x5c4b, 0x80de, 0x34df, 0x1c88, 0x0636,
- 0xbb71, 0x32ce, 0x45cb, 0x86da, 0x4d0e, 0x13e0, 0x7d7d, 0x544b,
- 0x1272, 0x747f, 0xd6a7, 0xfa3b, 0xcb86, 0x6b43, 0x66f5, 0xd012,
- 0xfe7a, 0xa0cb,
-#endif
- /* dss_p length = 832*/
- 0xed2d, 0x84dd, 0xf274, 0xdd8f, 0xcd5f, 0x7928, 0xbfc6, 0xa522,
- 0xe4e4, 0x50f0, 0xcddf, 0x5842, 0xbb29, 0x7c4d, 0xeef4, 0x6946,
- 0x87f6, 0xe486, 0x61b5, 0xc1b6, 0xadef, 0x575a, 0x360f, 0x724f,
- 0xcb29, 0x591b, 0x9a4c, 0xf7bc, 0x309e, 0xa348, 0x0ff5, 0x94f3,
- 0x932f, 0x9dc6, 0x992c, 0xc6d7, 0x12f6, 0xc2d7, 0x38aa, 0x8c01,
- 0x5dca, 0x74f4, 0xfcfd, 0x4cf4, 0x588a, 0x7837, 0x097e, 0xd2e2,
- 0x6eac, 0x8869, 0xe92f, 0xec62,
-#ifdef LENGTH_MULT_TO_32
- /* dss_p length = 864*/
- 0x7c21, 0x931e, 0x553d, 0x00f2, 0xa860, 0x940f, 0x411e, 0x7d20,
- 0xb168, 0x52a3, 0x69ee, 0x166e, 0xb9e6, 0x1b23, 0xd5e0, 0xef64,
- 0x2850, 0x724c, 0xc1fe, 0xea73, 0xda8c, 0xe342, 0x1d7b, 0xd256,
- 0x359b, 0x180f, 0xd7f5, 0xca77, 0x06ac, 0x2162, 0xa977, 0x78bb,
- 0x5018, 0x5de2, 0x6061, 0xe217, 0x4d42, 0xfed1, 0x3929, 0xd50f,
- 0xc946, 0x2433, 0x15f8, 0x361b, 0xbf51, 0x3ff0, 0x3efa, 0x3157,
- 0x7350, 0x53a0, 0xd1a4, 0x261b, 0xde5b, 0x9236,
-#endif
- /* dss_p length = 896*/
- 0x8e21, 0x0364, 0x86d2, 0xe58c, 0x2274, 0x780a, 0x9ffc, 0x4951,
- 0x3f99, 0xbc96, 0x9e60, 0x5a7e, 0x010a, 0x23d4, 0x54d1, 0x48e9,
- 0xfd6b, 0x979c, 0x5202, 0x8af3, 0x5d87, 0xfe8f, 0x3e3c, 0x1e0c,
- 0xe294, 0xcc52, 0xa8d6, 0x480e, 0xa898, 0xd4ce, 0x5949, 0xd341,
- 0xe325, 0xf41b, 0x72d6, 0x6a90, 0x7a8b, 0x6f14, 0x3e2b, 0x6636,
- 0x3748, 0x4eea, 0xa590, 0x03e4, 0x0524, 0x9c32, 0xeb53, 0x02af,
- 0xca71, 0x6792, 0xd673, 0xedf8, 0x6448, 0x59c3, 0x7319, 0x883f,
-#ifdef LENGTH_MULT_TO_32
- /* dss_p length = 928*/
- 0xc17d, 0xa4e8, 0xea08, 0x8ff8, 0x2cb0, 0x73f5, 0xd7ba, 0xc027,
- 0xb9c8, 0x989d, 0xe5fe, 0xe3a1, 0xf324, 0x39d3, 0xf142, 0x5ba8,
- 0xe6cb, 0x3708, 0xa0b7, 0xed9a, 0xb6b3, 0xe314, 0xf80a, 0x6778,
- 0x4d27, 0x7107, 0x6ee8, 0xb9c2, 0xc6af, 0xab70, 0x53be, 0xc445,
- 0x7926, 0x34bb, 0x5191, 0xe11d, 0x67f1, 0xcc3a, 0x5354, 0xd34d,
- 0xa1ac, 0x08ba, 0x32d4, 0x068a, 0x7c3b, 0x415f, 0xbce0, 0xb549,
- 0x0ecf, 0x538f, 0xb5d0, 0x22a3, 0x1d47, 0xe837, 0x14c0, 0x69dd,
- 0xa02d, 0xce91,
-#endif
- /* dss_p length = 960*/
- 0x1ff3, 0xf77e, 0xae7a, 0x5a28, 0x43b1, 0xe187, 0x2e04, 0xb3ea,
- 0x7394, 0xa3e8, 0x4985, 0xc9bc, 0x7b7d, 0x1e1c, 0xd99c, 0x55f8,
- 0x447b, 0x5704, 0xd758, 0xbed1, 0xe698, 0x2a5e, 0x5c19, 0xc206,
- 0x6d38, 0x1f88, 0x2ea4, 0x5f15, 0xebfd, 0xd716, 0x8a2a, 0xf960,
- 0x83ac, 0xc493, 0xb966, 0x8f13, 0x4778, 0x9682, 0x4712, 0x84cd,
- 0xbb4e, 0xe567, 0x644f, 0x0780, 0x133d, 0x0b0a, 0xe42e, 0x06e8,
- 0xa4cc, 0x3131, 0x39d9, 0xfaf8, 0x12a3, 0x5550, 0x43b1, 0xb8a9,
- 0xb0eb, 0x0fad, 0x986f, 0xd427,
-#ifdef LENGTH_MULT_TO_32
- /* dss_p length = 992*/
- 0xbcfd, 0x363f, 0x050a, 0x18f0, 0x78d8, 0xcac9, 0x423a, 0xf31e,
- 0x198f, 0xd0c3, 0xb319, 0x5d1b, 0x917a, 0xc0b0, 0x8d1b, 0x6b91,
- 0xea69, 0xa9d1, 0x02ce, 0x5345, 0x2c80, 0x6992, 0x4dad, 0x7a28,
- 0xbb75, 0xd46d, 0x0faa, 0x5612, 0x6878, 0x8a0e, 0x63b4, 0x46ab,
- 0xaca0, 0x5381, 0xb90a, 0x3e70, 0x19c4, 0xb639, 0xf778, 0xe751,
- 0x5974, 0xb726, 0x589f, 0x8679, 0xeb04, 0xc0b5, 0xdffd, 0x2b32,
- 0x4b51, 0xc632, 0xd8c6, 0x9501, 0x4f94, 0x2026, 0x253a, 0x0d27,
- 0x07bb, 0x0838, 0x2725, 0xa3eb, 0x3c4e, 0x89b6,
-#endif
- /* dss_p length = 1024*/
- 0xa141, 0xecf7, 0xc6d6, 0x867d, 0xefa3, 0x1cdd, 0x6c9d, 0x6ca5,
- 0x2e2f, 0x68af, 0x90e1, 0x1d3e, 0xd75f, 0x0c2a, 0x844b, 0x36c7,
- 0x3420, 0xfd1a, 0xb9ee, 0xf6e5, 0x5fde, 0xc8ed, 0x0c90, 0xd353,
- 0x6faa, 0x80a4, 0x5bbd, 0xa59d, 0x9e72, 0x3223, 0x8f59, 0xf33d,
- 0x10eb, 0xeccd, 0x184e, 0x3e2a, 0x4c07, 0x564b, 0x4c0a, 0x3263,
- 0xc535, 0x8aeb, 0xf982, 0x2be2, 0xe475, 0x9b87, 0xcca0, 0x4d08,
- 0x3adf, 0x0484, 0xd528, 0x7acd, 0x304d, 0x55a0, 0x70ae, 0x8298,
- 0x6a7a, 0x2298, 0x15c0, 0x7a86, 0x7fc5, 0x654a, 0x14ad, 0xd0aa
- };
-#else
- {
-/* dss_p length = 512*/
- 0xbd9692b7L, 0x584c9aabL, 0xf2f0d617L, 0xd370da85L,
- 0x273ecc82L, 0xc1716b04L, 0xd3ff5c32L, 0xf2f8352eL,
- 0x20bc4fc2L, 0xe96ebdecL, 0x4d893503L, 0xeb7de92dL,
- 0x78529c1aL, 0x0a25fe2aL, 0xce184446L, 0x95d87829L,
-#ifdef LENGTH_MULT_TO_32
- /* dss_p length = 544*/
- 0x0d3112dbL, 0x16c99950L, 0x0acb3045L, 0x3c5c3c46L,
- 0x24586c94L, 0x13da0736L, 0x790fa0afL, 0xa6aeb177L,
- 0x2bdad111L, 0x49a2697cL, 0x6f27e3e5L, 0x9bc902f5L,
- 0x7d9bd4daL, 0x63bc89c6L, 0xfe2d0b6dL, 0x435fc7a1L,
- 0x9e407fadL,
-#endif
- /* dss_p length = 576*/
- 0x41b5626bL, 0x25bfd218L, 0x42b31825L, 0xc2449eb0L,
- 0x22ac96ceL, 0x713f3ac6L, 0x398c321dL, 0xbc493022L,
- 0x52d5dd03L, 0x2a5729f8L, 0x21738fa1L, 0xb90dee7dL,
- 0x5faecc64L, 0xe3d0aa81L, 0xfa6e648fL, 0x039fdc6cL,
- 0xc5522cd6L, 0xebece2dcL,
-#ifdef LENGTH_MULT_TO_32
- /* dss_p length = 608*/
- 0xb2af35f5L, 0x398b27d0L, 0x6f2e493dL, 0xe5b5be27L,
- 0x3470972cL, 0xe90e9638L, 0x98adf7b7L, 0xb4cad091L,
- 0x5f583f43L, 0xd014b6c5L, 0x414d25eeL, 0x6fd6e2c1L,
- 0x9be6d737L, 0xe24166caL, 0xf7401897L, 0xceb0e5dfL,
- 0xabc8db38L, 0xc58b8af8L, 0x9a04c6a0L,
-#endif
- /* dss_p length = 640*/
- 0xf6bf4095L, 0x40327568L, 0x64f25c0fL, 0xb0995aaeL,
- 0x0e81346fL, 0x7aeb357aL, 0xfd0a0291L, 0xce808d54L,
- 0xbea30c05L, 0x8a1b889fL, 0x6049f1c1L, 0x8ec3214aL,
- 0xdde1b926L, 0x384e61b4L, 0xb6d7404bL, 0x45842e2dL,
- 0xcc7aae6aL, 0x9eb07bfaL, 0x39043a26L, 0xc0368cacL,
-#ifdef LENGTH_MULT_TO_32
- /* dss_p length = 672*/
- 0xaea30abbL, 0x757cc749L, 0x29d03035L, 0xd56c46bdL,
- 0xa355f49dL, 0x8dcb1297L, 0xc58c9802L, 0x8aacf1ecL,
- 0xb10755ddL, 0x26d10140L, 0x8a908a5dL, 0xde0bf33eL,
- 0xb429b844L, 0x98064db2L, 0x4c3bf629L, 0x2f23cd76L,
- 0x7bf46c68L, 0xd9822a7eL, 0x16a2c89fL, 0x953cfe84L,
- 0x8de83e4aL,
-#endif
- /* dss_p length = 704*/
- 0x15350113L, 0x8fafca0bL, 0x989ca327L, 0xe51212c8L,
- 0x1229796fL, 0x62c812bfL, 0x2b99a50aL, 0x450cc93bL,
- 0x082671adL, 0x3913f4c6L, 0x96da9b6eL, 0xbc5ea08dL,
- 0x7b26d4d3L, 0xdd76f9fdL, 0x2f064e82L, 0xbf471f96L,
- 0x3610cadfL, 0x4e94917bL, 0x0eafe2e8L, 0x6b901cb9L,
- 0x6d6fb917L, 0xb32992b9L,
-#ifdef LENGTH_MULT_TO_32
- /* dss_p length = 736*/
- 0xd8786dadL, 0xe61ec913L, 0xe27587d9L, 0xf090ad24L,
- 0xfdfee12bL, 0xc9a139a3L, 0x138a8330L, 0xc3194bedL,
- 0x88ba8094L, 0x13254b80L, 0x67e27852L, 0x7313715eL,
- 0x77273b4eL, 0x5c6e9870L, 0xc67ae0ceL, 0xf3c5d057L,
- 0x98ba55eaL, 0xaee76ea0L, 0x3cd631e8L, 0x42d10e28L,
- 0xc3958946L, 0x1b9d34fcL, 0x86f919d1L,
-#endif
- /* dss_p length = 768*/
- 0xea08e293L, 0xf668cdd0L, 0x06db8b2aL, 0xadb27c71L,
- 0x6721943dL, 0xbc4454f5L, 0x3345f7caL, 0x0b901bf6L,
- 0xd3c4b475L, 0x7caabdb6L, 0xe9b4a45fL, 0x0c1a6e0eL,
- 0x9760b5c3L, 0x53af851aL, 0x497996b7L, 0xe951f162L,
- 0xd0206a54L, 0xdecb9dedL, 0x7d74fc81L, 0x2aee5e92L,
- 0x0eb50946L, 0x9bce3700L, 0xa7a3845aL, 0x8618157aL,
-#ifdef LENGTH_MULT_TO_32
- /* dss_p length = 800*/
- 0xac27b0a1L, 0xf623ec4eL, 0x2cb655e2L, 0x4b28288bL,
- 0xbbe6d74eL, 0xaecdfdf7L, 0xe2515758L, 0x1aee9074L,
- 0x4d5ee6edL, 0x529e01d9L, 0x0091f736L, 0xc7250212L,
- 0x966f60ceL, 0x5c4b851dL, 0x34df80deL, 0x06361c88L,
- 0x32cebb71L, 0x86da45cbL, 0x13e04d0eL, 0x544b7d7dL,
- 0x747f1272L, 0xfa3bd6a7L, 0x6b43cb86L, 0xd01266f5L,
- 0xa0cbfe7aL,
-#endif
- /* dss_p length = 832*/
- 0x84dded2dL, 0xdd8ff274L, 0x7928cd5fL, 0xa522bfc6L,
- 0x50f0e4e4L, 0x5842cddfL, 0x7c4dbb29L, 0x6946eef4L,
- 0xe48687f6L, 0xc1b661b5L, 0x575aadefL, 0x724f360fL,
- 0x591bcb29L, 0xf7bc9a4cL, 0xa348309eL, 0x94f30ff5L,
- 0x9dc6932fL, 0xc6d7992cL, 0xc2d712f6L, 0x8c0138aaL,
- 0x74f45dcaL, 0x4cf4fcfdL, 0x7837588aL, 0xd2e2097eL,
- 0x88696eacL, 0xec62e92fL,
-#ifdef LENGTH_MULT_TO_32
- /* dss_p length = 864*/
- 0x931e7c21L, 0x00f2553dL, 0x940fa860L, 0x7d20411eL,
- 0x52a3b168L, 0x166e69eeL, 0x1b23b9e6L, 0xef64d5e0L,
- 0x724c2850L, 0xea73c1feL, 0xe342da8cL, 0xd2561d7bL,
- 0x180f359bL, 0xca77d7f5L, 0x216206acL, 0x78bba977L,
- 0x5de25018L, 0xe2176061L, 0xfed14d42L, 0xd50f3929L,
- 0x2433c946L, 0x361b15f8L, 0x3ff0bf51L, 0x31573efaL,
- 0x53a07350L, 0x261bd1a4L, 0x9236de5bL,
-#endif
- /* dss_p length = 896*/
- 0x03648e21L, 0xe58c86d2L, 0x780a2274L, 0x49519ffcL,
- 0xbc963f99L, 0x5a7e9e60L, 0x23d4010aL, 0x48e954d1L,
- 0x979cfd6bL, 0x8af35202L, 0xfe8f5d87L, 0x1e0c3e3cL,
- 0xcc52e294L, 0x480ea8d6L, 0xd4cea898L, 0xd3415949L,
- 0xf41be325L, 0x6a9072d6L, 0x6f147a8bL, 0x66363e2bL,
- 0x4eea3748L, 0x03e4a590L, 0x9c320524L, 0x02afeb53L,
- 0x6792ca71L, 0xedf8d673L, 0x59c36448L, 0x883f7319L,
-#ifdef LENGTH_MULT_TO_32
- /* dss_p length = 928*/
- 0xa4e8c17dL, 0x8ff8ea08L, 0x73f52cb0L, 0xc027d7baL,
- 0x989db9c8L, 0xe3a1e5feL, 0x39d3f324L, 0x5ba8f142L,
- 0x3708e6cbL, 0xed9aa0b7L, 0xe314b6b3L, 0x6778f80aL,
- 0x71074d27L, 0xb9c26ee8L, 0xab70c6afL, 0xc44553beL,
- 0x34bb7926L, 0xe11d5191L, 0xcc3a67f1L, 0xd34d5354L,
- 0x08baa1acL, 0x068a32d4L, 0x415f7c3bL, 0xb549bce0L,
- 0x538f0ecfL, 0x22a3b5d0L, 0xe8371d47L, 0x69dd14c0L,
- 0xce91a02dL,
-#endif
- /* dss_p length = 960*/
- 0xf77e1ff3L, 0x5a28ae7aL, 0xe18743b1L, 0xb3ea2e04L,
- 0xa3e87394L, 0xc9bc4985L, 0x1e1c7b7dL, 0x55f8d99cL,
- 0x5704447bL, 0xbed1d758L, 0x2a5ee698L, 0xc2065c19L,
- 0x1f886d38L, 0x5f152ea4L, 0xd716ebfdL, 0xf9608a2aL,
- 0xc49383acL, 0x8f13b966L, 0x96824778L, 0x84cd4712L,
- 0xe567bb4eL, 0x0780644fL, 0x0b0a133dL, 0x06e8e42eL,
- 0x3131a4ccL, 0xfaf839d9L, 0x555012a3L, 0xb8a943b1L,
- 0x0fadb0ebL, 0xd427986fL,
-#ifdef LENGTH_MULT_TO_32
- /* dss_p length = 992*/
- 0x363fbcfdL, 0x18f0050aL, 0xcac978d8L, 0xf31e423aL,
- 0xd0c3198fL, 0x5d1bb319L, 0xc0b0917aL, 0x6b918d1bL,
- 0xa9d1ea69L, 0x534502ceL, 0x69922c80L, 0x7a284dadL,
- 0xd46dbb75L, 0x56120faaL, 0x8a0e6878L, 0x46ab63b4L,
- 0x5381aca0L, 0x3e70b90aL, 0xb63919c4L, 0xe751f778L,
- 0xb7265974L, 0x8679589fL, 0xc0b5eb04L, 0x2b32dffdL,
- 0xc6324b51L, 0x9501d8c6L, 0x20264f94L, 0x0d27253aL,
- 0x083807bbL, 0xa3eb2725L, 0x89b63c4eL,
-#endif
- /* dss_p length = 1024*/
- 0xecf7a141L, 0x867dc6d6L, 0x1cddefa3L, 0x6ca56c9dL,
- 0x68af2e2fL, 0x1d3e90e1L, 0x0c2ad75fL, 0x36c7844bL,
- 0xfd1a3420L, 0xf6e5b9eeL, 0xc8ed5fdeL, 0xd3530c90L,
- 0x80a46faaL, 0xa59d5bbdL, 0x32239e72L, 0xf33d8f59L,
- 0xeccd10ebL, 0x3e2a184eL, 0x564b4c07L, 0x32634c0aL,
- 0x8aebc535L, 0x2be2f982L, 0x9b87e475L, 0x4d08cca0L,
- 0x04843adfL, 0x7acdd528L, 0x55a0304dL, 0x829870aeL,
- 0x22986a7aL, 0x7a8615c0L, 0x654a7fc5L, 0xd0aa14adL
- };
-#endif
-
-ord DSS_G_NUMBERS[DSS_LAST_INDEX] =
-#ifdef ORD_16
- {
- /* dss_g length = 512*/
- 0x8b1a, 0xedfe, 0xef16, 0xdb26, 0xeae0, 0x1f1d, 0xaf3a, 0x3e30,
- 0x2bd6, 0x25ec, 0xa451, 0x6255, 0xbc75, 0x499c, 0x4071, 0x5da2,
- 0x1149, 0xc7fc, 0x1402, 0x9b69, 0xc168, 0xb0ea, 0xaf92, 0x6a33,
- 0xf45f, 0xd93a, 0x75a6, 0x263c, 0xb820, 0x7eb1, 0x5f5b, 0x4bd7,
-#ifdef LENGTH_MULT_TO_32
- /* dss_g length = 544*/
- 0x2772, 0xe0e6, 0xce97, 0x605b, 0x4aa8, 0x2586, 0x095a, 0xb83f,
- 0x8b01, 0xfe53, 0x9250, 0x74ef, 0x74d4, 0xd9fa, 0xb78b, 0xa714,
- 0x106f, 0x03a6, 0xb406, 0xc549, 0xc44d, 0xd559, 0x8100, 0xfef4,
- 0x34a4, 0x1f4c, 0x3c6b, 0x4ae0, 0xe770, 0x158b, 0x3f8d, 0xf73d,
- 0x0cc5, 0x61b7,
-#endif
- /* dss_g length = 576*/
- 0x3dde, 0x64fd, 0x2b69, 0x03c3, 0xad1d, 0x1751, 0x11dc, 0xfe67,
- 0x6379, 0x76de, 0xe333, 0x3b8f, 0x242f, 0x27d8, 0x5f33, 0x3597,
- 0xb98c, 0x11dc, 0x718c, 0xe3b5, 0xa3d4, 0x58f2, 0x71fa, 0x2675,
- 0x49f9, 0xf2c7, 0x510e, 0xa4e1, 0xeca4, 0x7c64, 0x243b, 0x78fc,
- 0x2ce2, 0x7017, 0x0095, 0x23b6,
-#ifdef LENGTH_MULT_TO_32
- /* dss_g length = 608*/
- 0xdad8, 0x1e27, 0x41f5, 0xd536, 0x528f, 0x7047, 0x028a, 0x56f5,
- 0xe55f, 0xe20d, 0x612c, 0x520f, 0xebfd, 0x8c86, 0x0924, 0x562a,
- 0x2185, 0xe5ac, 0xa113, 0x4b8c, 0x87da, 0xfa4c, 0x8788, 0x9d8d,
- 0x41c0, 0x9d25, 0x9c77, 0xff33, 0x6861, 0xd10a, 0xc734, 0x8454,
- 0xf803, 0x55ce, 0xfeac, 0x6580, 0x6cd2, 0x482b,
-#endif
- /* dss_g length = 640*/
- 0x4ff7, 0x2829, 0x8ab0, 0xa0bd, 0x7b1c, 0xf544, 0xe633, 0x6e7b,
- 0x9824, 0x494a, 0xfb7f, 0xc8ad, 0x45b6, 0x956e, 0x0574, 0x5b0d,
- 0xd40c, 0xf807, 0x7372, 0x56fd, 0xdd12, 0x8960, 0x255c, 0x019e,
- 0xfc39, 0x06b3, 0x9f8e, 0x4cd9, 0xe714, 0x77f6, 0x76f7, 0xb573,
- 0x010e, 0x9b52, 0x04d2, 0xe269, 0xd4bb, 0xbdec, 0x089d, 0x7f88,
-#ifdef LENGTH_MULT_TO_32
- /* dss_g length = 672*/
- 0x3d36, 0xb22d, 0x2144, 0xfda0, 0x1d4a, 0xc144, 0xef8f, 0x70e8,
- 0xfd0f, 0xcbf9, 0x7433, 0xbf29, 0x1657, 0x757b, 0x011d, 0x5c7e,
- 0xa0d3, 0xec5a, 0xd45d, 0xacd6, 0x136a, 0x9454, 0x61fd, 0xc3f6,
- 0x3758, 0x5c89, 0xe4df, 0xd3c9, 0x6f99, 0xa113, 0x0992, 0x16b2,
- 0xf92f, 0xfb67, 0x3f34, 0x57e6, 0xb224, 0xdfd1, 0x43c4, 0x639a,
- 0xccf5, 0x86c4,
-#endif
- /* dss_g length = 704*/
- 0x1621, 0x8313, 0x216e, 0xcb3b, 0xde00, 0xa11b, 0xf27f, 0xd5d4,
- 0x6d2e, 0xc870, 0x1c47, 0x2e21, 0x780b, 0x1db6, 0x8adf, 0xe5c6,
- 0x837d, 0x7dba, 0x9c8c, 0x28b5, 0xd309, 0xf3fa, 0x6c65, 0xe37f,
- 0x6a1e, 0x2601, 0xbb92, 0x56aa, 0x9c0e, 0x9db1, 0xb782, 0x642b,
- 0x6cc9, 0xb9fb, 0x6a3c, 0x97b9, 0xf1a8, 0xd8a2, 0xfe6b, 0xcb93,
- 0x59ee, 0x32a4, 0x0aa1, 0x58ad,
-#ifdef LENGTH_MULT_TO_32
- /* dss_g length = 736*/
- 0x648c, 0xa15c, 0x27b2, 0x8137, 0xefb3, 0x0e81, 0x258e, 0xabe0,
- 0x9f2f, 0x6c67, 0xbed6, 0xd201, 0x3647, 0xbe9a, 0x0091, 0xba9a,
- 0x4df1, 0xdc8c, 0x5b15, 0x5a37, 0xb5b1, 0x50f8, 0xdfe6, 0x081b,
- 0x48d7, 0xd40b, 0x7c51, 0x0417, 0x97c7, 0x2565, 0xf960, 0x89b2,
- 0xa1f0, 0x7aac, 0xed6f, 0x20fe, 0x1d98, 0x0eee, 0x48b8, 0xb062,
- 0x70e7, 0xa3f3, 0xbe3f, 0x9183, 0x76ae, 0x6cbc,
-#endif
- /* dss_g length = 768*/
- 0x6216, 0x4b90, 0xc254, 0x7ab6, 0x7a04, 0xf90f, 0x42dd, 0x58c7,
- 0xd015, 0x904d, 0xfbf7, 0x624a, 0x5010, 0x627f, 0x696c, 0x1a32,
- 0xe0bc, 0xcdfd, 0xe32f, 0xb081, 0x1377, 0x1913, 0x5f96, 0x86c6,
- 0x864a, 0x8429, 0x4bb9, 0xd0c6, 0x3361, 0xbc7d, 0xbd8d, 0xa3b2,
- 0x47d5, 0x5086, 0xed0b, 0x3bb6, 0xdba6, 0x6f2c, 0x707a, 0x434b,
- 0xd4cc, 0x7b10, 0x8ef0, 0x3466, 0x4737, 0x8f27, 0x3399, 0x3716,
-#ifdef LENGTH_MULT_TO_32
- /* dss_g length = 800*/
- 0x99a7, 0xa90c, 0xdf8e, 0xba50, 0x83b5, 0x7ea0, 0x1d8a, 0xe5bb,
- 0x34c9, 0x8c4d, 0xb151, 0x3aba, 0xee2f, 0x76c8, 0xeebf, 0x3db9,
- 0xc1e0, 0x2b9a, 0x774f, 0xb476, 0x9b93, 0x53b5, 0xc008, 0xed2c,
- 0x0ad4, 0x8af4, 0xc0e6, 0x0e98, 0x2d7b, 0xdb37, 0x7b59, 0x8a31,
- 0x0667, 0x1225, 0xb882, 0x0355, 0x58ba, 0xf079, 0x80d7, 0x8033,
- 0x54bc, 0xf9cd, 0x461e, 0xc70a, 0x9170, 0x1dba, 0xc447, 0xd3e5,
- 0xaf18, 0x04c4,
-#endif
- /* dss_g length = 832*/
- 0xd1b5, 0x3d20, 0xfbdb, 0xa0b6, 0x0505, 0x4e88, 0xa781, 0x7c65,
- 0xd381, 0x5b6e, 0xfd1e, 0xbb71, 0xe085, 0x855d, 0x6d0b, 0x650a,
- 0xa248, 0x82d0, 0xd4dd, 0x7ea0, 0x16d1, 0x6937, 0x2cc2, 0x2dec,
- 0x5e07, 0x97b4, 0x0c5a, 0xcf21, 0x0299, 0x9b96, 0x4acf, 0xc732,
- 0xfbcf, 0xeefb, 0x0032, 0x40bb, 0xc86e, 0xeacb, 0xae2b, 0x8adb,
- 0x39aa, 0xbb47, 0xaf3a, 0xfd36, 0xf859, 0x97fc, 0x5535, 0x0d3d,
- 0x627a, 0x3f62, 0x1f90, 0x5490,
-#ifdef LENGTH_MULT_TO_32
- /* dss_g length = 864*/
- 0xbf83, 0x8b52, 0xc2b1, 0x0808, 0x4a3e, 0x6ccb, 0x8aa8, 0xcfdd,
- 0xb046, 0x4948, 0xcdf4, 0x9881, 0x13d8, 0x85b0, 0xa22a, 0x3786,
- 0xe9db, 0xcb8a, 0x89ad, 0x5e27, 0xd925, 0x1fcb, 0x3855, 0x4afd,
- 0x7f67, 0x83be, 0xb092, 0xe061, 0x6703, 0xf21f, 0x403e, 0x4c6a,
- 0xa8bd, 0x536a, 0x89b6, 0xb25e, 0xe165, 0xd259, 0xb765, 0xd7f3,
- 0xc474, 0xd8bc, 0x617d, 0x1a0a, 0xa054, 0x8c28, 0x9fb0, 0x9595,
- 0x6f2d, 0x6254, 0xe1c2, 0xb450, 0xef81, 0x277f,
-#endif
- /* dss_g length = 896*/
- 0x7490, 0x2aea, 0xd005, 0xa3cc, 0x9211, 0x235a, 0x7b6d, 0xacec,
- 0xfca5, 0x5407, 0x8515, 0x5bc1, 0x8b2a, 0x9388, 0x8ff9, 0xed56,
- 0xf4e9, 0xf31e, 0x7e05, 0x172a, 0x6e2a, 0x8165, 0x7a24, 0x975b,
- 0x1f6e, 0xd4d1, 0x8232, 0xd6ff, 0x2363, 0x4072, 0xa1f1, 0xd18b,
- 0xe574, 0xb032, 0xc330, 0x81b6, 0x6033, 0x07d5, 0x5107, 0xb7cc,
- 0x2c10, 0xbd8e, 0xc6a3, 0xe731, 0xfcd6, 0xe567, 0x3440, 0xbcde,
- 0x1976, 0xdbb3, 0xd15a, 0x4e39, 0xc282, 0x4b0b, 0x82b3, 0x286b,
-#ifdef LENGTH_MULT_TO_32
- /* dss_g length = 928*/
- 0x9f66, 0xd0e5, 0xd7d2, 0xe875, 0x0707, 0x2dca, 0xa5a2, 0x266d,
- 0x80c2, 0x6d20, 0x69b3, 0x759c, 0x497f, 0x74b4, 0x0f56, 0x4b63,
- 0xa294, 0x4995, 0x3eda, 0xf5c4, 0x7951, 0x3a3d, 0x22e9, 0x617f,
- 0x1906, 0xd45d, 0x047f, 0x2726, 0x27be, 0x660e, 0xc1d3, 0xa588,
- 0xceb2, 0xe300, 0xca06, 0x8620, 0x1110, 0x76ae, 0xf7b8, 0xe368,
- 0x89a7, 0x2ded, 0x2756, 0x3ed6, 0x5449, 0x4bd8, 0xb73d, 0xb406,
- 0x25ec, 0x32f7, 0x989c, 0x6623, 0x6b1f, 0xf7f0, 0x4807, 0x0954,
- 0x51e6, 0x97d0,
-#endif
- /* dss_g length = 960*/
- 0x4118, 0xe87c, 0x809a, 0x1287, 0x2a0f, 0x51d6, 0x7fc8, 0xdad8,
- 0x8dc6, 0xddce, 0xd27c, 0x898a, 0x96a9, 0xaee1, 0xe44c, 0xd322,
- 0x9d58, 0x3a34, 0xcebd, 0x322a, 0x5b48, 0x9c21, 0x6d04, 0x2d77,
- 0x41f1, 0x5123, 0xaa5f, 0x2192, 0x8175, 0x5cac, 0xf547, 0xdc08,
- 0xb0d9, 0x4f11, 0x85c9, 0xb5bf, 0x7147, 0x9fbf, 0x3c20, 0x7f7a,
- 0xdd8a, 0xa163, 0x0ae4, 0xfcb2, 0x8251, 0x8162, 0xb96e, 0x84f9,
- 0xd652, 0x94ba, 0xbb90, 0x9559, 0xac51, 0x6418, 0xdb54, 0x4739,
- 0x3ec0, 0x9b7c, 0xae96, 0x3e14,
-#ifdef LENGTH_MULT_TO_32
- /* dss_g length = 992*/
- 0x4eff, 0x399a, 0x5da9, 0x1e5a, 0x9040, 0x4bad, 0xc85d, 0x5b9a,
- 0x825b, 0x5464, 0x7538, 0xe2ea, 0xb957, 0x5def, 0xbfa6, 0x4916,
- 0x89be, 0x93fe, 0xe5da, 0x919f, 0x791c, 0xe7a8, 0xef86, 0xc186,
- 0xbf63, 0xa881, 0x1e38, 0x9abe, 0x8b58, 0x70b4, 0x9dfd, 0x0719,
- 0x85e5, 0xc60a, 0xab36, 0xe07d, 0x0c49, 0xd6fe, 0xfdb4, 0x6619,
- 0xe55d, 0x997e, 0x5f38, 0x824f, 0x47ff, 0xf800, 0xb137, 0x839d,
- 0x2dae, 0xe0db, 0x2a74, 0x2f58, 0x6fb3, 0x1bab, 0x62ed, 0x0e02,
- 0xbef2, 0xd7f1, 0xe566, 0xa9ae, 0xbc35, 0x6357,
-#endif
- /* dss_g length = 1024*/
- 0x914d, 0x76b2, 0xfee4, 0x9cf7, 0xa136, 0x07a1, 0x3808, 0x1857,
- 0x8f96, 0x870c, 0x1f3c, 0x59f2, 0x6f01, 0x4d4d, 0x580e, 0xafc6,
- 0x99af, 0xff1b, 0xc019, 0x6c1f, 0xe449, 0x1698, 0x4787, 0x0aa2,
- 0x6e68, 0x768d, 0x5ff0, 0x27dc, 0xca9e, 0x630f, 0x01ae, 0x9981,
- 0x688d, 0xf278, 0x7f3d, 0x17ad, 0x48aa, 0x65d6, 0x181f, 0x1802,
- 0x647c, 0x9ef5, 0x7081, 0x5843, 0x1f0d, 0x9364, 0xebe9, 0x6330,
- 0x033a, 0x5d2a, 0xb68a, 0x5639, 0xfa7c, 0xd77e, 0x4bdc, 0x4a62,
- 0x5c6d, 0xfed5, 0xa8aa, 0x5eff, 0x1138, 0xae4a, 0xe993, 0x3a73
- };
-#else
- {
- /* dss_g length = 512*/
- 0xedfe8b1aL, 0xdb26ef16L, 0x1f1deae0L, 0x3e30af3aL,
- 0x25ec2bd6L, 0x6255a451L, 0x499cbc75L, 0x5da24071L,
- 0xc7fc1149L, 0x9b691402L, 0xb0eac168L, 0x6a33af92L,
- 0xd93af45fL, 0x263c75a6L, 0x7eb1b820L, 0x4bd75f5bL,
-#ifdef LENGTH_MULT_TO_32
- /* dss_g length = 544*/
- 0xe0e62772L, 0x605bce97L, 0x25864aa8L, 0xb83f095aL,
- 0xfe538b01L, 0x74ef9250L, 0xd9fa74d4L, 0xa714b78bL,
- 0x03a6106fL, 0xc549b406L, 0xd559c44dL, 0xfef48100L,
- 0x1f4c34a4L, 0x4ae03c6bL, 0x158be770L, 0xf73d3f8dL,
- 0x61b70cc5L,
-#endif
- /* dss_g length = 576*/
- 0x64fd3ddeL, 0x03c32b69L, 0x1751ad1dL, 0xfe6711dcL,
- 0x76de6379L, 0x3b8fe333L, 0x27d8242fL, 0x35975f33L,
- 0x11dcb98cL, 0xe3b5718cL, 0x58f2a3d4L, 0x267571faL,
- 0xf2c749f9L, 0xa4e1510eL, 0x7c64eca4L, 0x78fc243bL,
- 0x70172ce2L, 0x23b60095L,
-#ifdef LENGTH_MULT_TO_32
- /* dss_g length = 608*/
- 0x1e27dad8L, 0xd53641f5L, 0x7047528fL, 0x56f5028aL,
- 0xe20de55fL, 0x520f612cL, 0x8c86ebfdL, 0x562a0924L,
- 0xe5ac2185L, 0x4b8ca113L, 0xfa4c87daL, 0x9d8d8788L,
- 0x9d2541c0L, 0xff339c77L, 0xd10a6861L, 0x8454c734L,
- 0x55cef803L, 0x6580feacL, 0x482b6cd2L,
-#endif
- /* dss_g length = 640*/
- 0x28294ff7L, 0xa0bd8ab0L, 0xf5447b1cL, 0x6e7be633L,
- 0x494a9824L, 0xc8adfb7fL, 0x956e45b6L, 0x5b0d0574L,
- 0xf807d40cL, 0x56fd7372L, 0x8960dd12L, 0x019e255cL,
- 0x06b3fc39L, 0x4cd99f8eL, 0x77f6e714L, 0xb57376f7L,
- 0x9b52010eL, 0xe26904d2L, 0xbdecd4bbL, 0x7f88089dL,
-#ifdef LENGTH_MULT_TO_32
- /* dss_g length = 672*/
- 0xb22d3d36L, 0xfda02144L, 0xc1441d4aL, 0x70e8ef8fL,
- 0xcbf9fd0fL, 0xbf297433L, 0x757b1657L, 0x5c7e011dL,
- 0xec5aa0d3L, 0xacd6d45dL, 0x9454136aL, 0xc3f661fdL,
- 0x5c893758L, 0xd3c9e4dfL, 0xa1136f99L, 0x16b20992L,
- 0xfb67f92fL, 0x57e63f34L, 0xdfd1b224L, 0x639a43c4L,
- 0x86c4ccf5L,
-#endif
- /* dss_g length = 704*/
- 0x83131621L, 0xcb3b216eL, 0xa11bde00L, 0xd5d4f27fL,
- 0xc8706d2eL, 0x2e211c47L, 0x1db6780bL, 0xe5c68adfL,
- 0x7dba837dL, 0x28b59c8cL, 0xf3fad309L, 0xe37f6c65L,
- 0x26016a1eL, 0x56aabb92L, 0x9db19c0eL, 0x642bb782L,
- 0xb9fb6cc9L, 0x97b96a3cL, 0xd8a2f1a8L, 0xcb93fe6bL,
- 0x32a459eeL, 0x58ad0aa1L,
-#ifdef LENGTH_MULT_TO_32
- /* dss_g length = 736*/
- 0xa15c648cL, 0x813727b2L, 0x0e81efb3L, 0xabe0258eL,
- 0x6c679f2fL, 0xd201bed6L, 0xbe9a3647L, 0xba9a0091L,
- 0xdc8c4df1L, 0x5a375b15L, 0x50f8b5b1L, 0x081bdfe6L,
- 0xd40b48d7L, 0x04177c51L, 0x256597c7L, 0x89b2f960L,
- 0x7aaca1f0L, 0x20feed6fL, 0x0eee1d98L, 0xb06248b8L,
- 0xa3f370e7L, 0x9183be3fL, 0x6cbc76aeL,
-#endif
- /* dss_g length = 768*/
- 0x4b906216L, 0x7ab6c254L, 0xf90f7a04L, 0x58c742ddL,
- 0x904dd015L, 0x624afbf7L, 0x627f5010L, 0x1a32696cL,
- 0xcdfde0bcL, 0xb081e32fL, 0x19131377L, 0x86c65f96L,
- 0x8429864aL, 0xd0c64bb9L, 0xbc7d3361L, 0xa3b2bd8dL,
- 0x508647d5L, 0x3bb6ed0bL, 0x6f2cdba6L, 0x434b707aL,
- 0x7b10d4ccL, 0x34668ef0L, 0x8f274737L, 0x37163399L,
-#ifdef LENGTH_MULT_TO_32
- /* dss_g length = 800*/
- 0xa90c99a7L, 0xba50df8eL, 0x7ea083b5L, 0xe5bb1d8aL,
- 0x8c4d34c9L, 0x3abab151L, 0x76c8ee2fL, 0x3db9eebfL,
- 0x2b9ac1e0L, 0xb476774fL, 0x53b59b93L, 0xed2cc008L,
- 0x8af40ad4L, 0x0e98c0e6L, 0xdb372d7bL, 0x8a317b59L,
- 0x12250667L, 0x0355b882L, 0xf07958baL, 0x803380d7L,
- 0xf9cd54bcL, 0xc70a461eL, 0x1dba9170L, 0xd3e5c447L,
- 0x04c4af18L,
-#endif
- /* dss_g length = 832*/
- 0x3d20d1b5L, 0xa0b6fbdbL, 0x4e880505L, 0x7c65a781L,
- 0x5b6ed381L, 0xbb71fd1eL, 0x855de085L, 0x650a6d0bL,
- 0x82d0a248L, 0x7ea0d4ddL, 0x693716d1L, 0x2dec2cc2L,
- 0x97b45e07L, 0xcf210c5aL, 0x9b960299L, 0xc7324acfL,
- 0xeefbfbcfL, 0x40bb0032L, 0xeacbc86eL, 0x8adbae2bL,
- 0xbb4739aaL, 0xfd36af3aL, 0x97fcf859L, 0x0d3d5535L,
- 0x3f62627aL, 0x54901f90L,
-#ifdef LENGTH_MULT_TO_32
- /* dss_g length = 864*/
- 0x8b52bf83L, 0x0808c2b1L, 0x6ccb4a3eL, 0xcfdd8aa8L,
- 0x4948b046L, 0x9881cdf4L, 0x85b013d8L, 0x3786a22aL,
- 0xcb8ae9dbL, 0x5e2789adL, 0x1fcbd925L, 0x4afd3855L,
- 0x83be7f67L, 0xe061b092L, 0xf21f6703L, 0x4c6a403eL,
- 0x536aa8bdL, 0xb25e89b6L, 0xd259e165L, 0xd7f3b765L,
- 0xd8bcc474L, 0x1a0a617dL, 0x8c28a054L, 0x95959fb0L,
- 0x62546f2dL, 0xb450e1c2L, 0x277fef81L,
-#endif
- /* dss_g length = 896*/
- 0x2aea7490L, 0xa3ccd005L, 0x235a9211L, 0xacec7b6dL,
- 0x5407fca5L, 0x5bc18515L, 0x93888b2aL, 0xed568ff9L,
- 0xf31ef4e9L, 0x172a7e05L, 0x81656e2aL, 0x975b7a24L,
- 0xd4d11f6eL, 0xd6ff8232L, 0x40722363L, 0xd18ba1f1L,
- 0xb032e574L, 0x81b6c330L, 0x07d56033L, 0xb7cc5107L,
- 0xbd8e2c10L, 0xe731c6a3L, 0xe567fcd6L, 0xbcde3440L,
- 0xdbb31976L, 0x4e39d15aL, 0x4b0bc282L, 0x286b82b3L,
-#ifdef LENGTH_MULT_TO_32
- /* dss_g length = 928*/
- 0xd0e59f66L, 0xe875d7d2L, 0x2dca0707L, 0x266da5a2L,
- 0x6d2080c2L, 0x759c69b3L, 0x74b4497fL, 0x4b630f56L,
- 0x4995a294L, 0xf5c43edaL, 0x3a3d7951L, 0x617f22e9L,
- 0xd45d1906L, 0x2726047fL, 0x660e27beL, 0xa588c1d3L,
- 0xe300ceb2L, 0x8620ca06L, 0x76ae1110L, 0xe368f7b8L,
- 0x2ded89a7L, 0x3ed62756L, 0x4bd85449L, 0xb406b73dL,
- 0x32f725ecL, 0x6623989cL, 0xf7f06b1fL, 0x09544807L,
- 0x97d051e6L,
-#endif
- /* dss_g length = 960*/
- 0xe87c4118L, 0x1287809aL, 0x51d62a0fL, 0xdad87fc8L,
- 0xddce8dc6L, 0x898ad27cL, 0xaee196a9L, 0xd322e44cL,
- 0x3a349d58L, 0x322acebdL, 0x9c215b48L, 0x2d776d04L,
- 0x512341f1L, 0x2192aa5fL, 0x5cac8175L, 0xdc08f547L,
- 0x4f11b0d9L, 0xb5bf85c9L, 0x9fbf7147L, 0x7f7a3c20L,
- 0xa163dd8aL, 0xfcb20ae4L, 0x81628251L, 0x84f9b96eL,
- 0x94bad652L, 0x9559bb90L, 0x6418ac51L, 0x4739db54L,
- 0x9b7c3ec0L, 0x3e14ae96L,
-#ifdef LENGTH_MULT_TO_32
- /* dss_g length = 992*/
- 0x399a4effL, 0x1e5a5da9L, 0x4bad9040L, 0x5b9ac85dL,
- 0x5464825bL, 0xe2ea7538L, 0x5defb957L, 0x4916bfa6L,
- 0x93fe89beL, 0x919fe5daL, 0xe7a8791cL, 0xc186ef86L,
- 0xa881bf63L, 0x9abe1e38L, 0x70b48b58L, 0x07199dfdL,
- 0xc60a85e5L, 0xe07dab36L, 0xd6fe0c49L, 0x6619fdb4L,
- 0x997ee55dL, 0x824f5f38L, 0xf80047ffL, 0x839db137L,
- 0xe0db2daeL, 0x2f582a74L, 0x1bab6fb3L, 0x0e0262edL,
- 0xd7f1bef2L, 0xa9aee566L, 0x6357bc35L,
-#endif
- /* dss_g length = 1024*/
- 0x76b2914dL, 0x9cf7fee4L, 0x07a1a136L, 0x18573808L,
- 0x870c8f96L, 0x59f21f3cL, 0x4d4d6f01L, 0xafc6580eL,
- 0xff1b99afL, 0x6c1fc019L, 0x1698e449L, 0x0aa24787L,
- 0x768d6e68L, 0x27dc5ff0L, 0x630fca9eL, 0x998101aeL,
- 0xf278688dL, 0x17ad7f3dL, 0x65d648aaL, 0x1802181fL,
- 0x9ef5647cL, 0x58437081L, 0x93641f0dL, 0x6330ebe9L,
- 0x5d2a033aL, 0x5639b68aL, 0xd77efa7cL, 0x4a624bdcL,
- 0xfed55c6dL, 0x5effa8aaL, 0xae4a1138L, 0x3a73e993L
- };
-#endif
-
-#endif /*INITIALIZ_PQG*/
-
-#endif /*DSSNUMBER_H*/
+++ /dev/null
-void RShiftL_big(ord *X, u_int32_t len_X, u_int32_t n_bit);
-void LShiftL_big(ord *X, u_int32_t len_X, u_int32_t n_bit);
-int RShiftMostBit(ord *a, u_int32_t len);
-void ByteLong(uchar *X, u_int32_t X_bytes, u_int32_t *Y);
-void ByteOrd(uchar *X, u_int32_t X_bytes, ord *Y);
-void OrdByte(ord *X, u_int32_t X_bytes, uchar *Y);
-void LongByte(u_int32_t *X, u_int32_t X_bytes, uchar *Y);
+++ /dev/null
-#ifndef KLUDGE_H
-#define KLUDGE_H
-
-/*
- * Cylink Corporation © 1998
- *
- * This software is licensed by Cylink to the Internet Software Consortium to
- * promote implementation of royalty free public key cryptography within IETF
- * standards. Cylink wishes to expressly thank the contributions of Dr.
- * Martin Hellman, Whitfield Diffie, Ralph Merkle and Stanford University for
- * their contributions to Internet Security. In accordance with the terms of
- * this license, ISC is authorized to distribute and sublicense this software
- * for the practice of IETF standards.
- *
- * The software includes BigNum, written by Colin Plumb and licensed by Philip
- * R. Zimmermann for royalty free use and distribution with Cylink's
- * software. Use of BigNum as a stand alone product or component is
- * specifically prohibited.
- *
- * Disclaimer of All Warranties. THIS SOFTWARE IS BEING PROVIDED "AS IS",
- * WITHOUT ANY EXPRESSED OR IMPLIED WARRANTY OF ANY KIND WHATSOEVER. IN
- * PARTICULAR, WITHOUT LIMITATION ON THE GENERALITY OF THE FOREGOING, CYLINK
- * MAKES NO REPRESENTATION OF THIS SOFTWARE OR ITS FITNESS FOR ANY PARTICULAR
- * PURPOSE.
- *
- * Cylink or its representatives shall not be liable for tort, indirect,
- * special or consequential damages such as loss of profits or loss of
- * goodwill from the use or inability to use the software for any purpose or
- * for any reason whatsoever.
- *
- * EXPORT LAW: Export of the Foundations Suite may be subject to compliance
- * with the rules and regulations promulgated from time to time by the Bureau
- * of Export Administration, United States Department of Commerce, which
- * restrict the export and re-export of certain products and technical data.
- * If the export of the Foundations Suite is controlled under such rules and
- * regulations, then the Foundations Suite shall not be exported or
- * re-exported, directly or indirectly, (a) without all export or re-export
- * licenses and governmental approvals required by any applicable laws, or (b)
- * in violation of any applicable prohibition against the export or re-export
- * of any part of the Foundations Suite. All export licenses for software
- * containing the Foundations Suite are the sole responsibility of the licensee.
- */
-
-/*
- * Kludges for not-quite-ANSI systems.
- * This should always be the last file included, because it may
- * mess up some system header files.
- */
-
-/*
- * Some compilers complain about #if FOO if FOO isn't defined,
- * so do the ANSI-mandated thing explicitly...
- */
-#ifndef ASSERT_NEEDS_STDIO
-#define ASSERT_NEEDS_STDIO 0
-#endif
-#ifndef ASSERT_NEEDS_STDLIB
-#define ASSERT_NEEDS_STDLIB 0
-#endif
-#ifndef NO_STDLIB_H
-#define NO_STDLIB_H 0
-#endif
-
-/* SunOS 4.1.x <assert.h> needs "stderr" defined, and "exit" declared... */
-#ifdef assert
-#if ASSERT_NEEDS_STDIO
-#include <stdio.h>
-#endif
-#if ASSERT_NEEDS_STDLIB
-#if !NO_STDLIB_H
-#include <stdlib.h>
-#endif
-#endif
-#endif
-
-#ifndef NO_MEMMOVE
-#define NO_MEMMOVE 0
-#endif
-#if NO_MEMMOVE /* memove() not in libraries */
-#define memmove(dest,src,len) bcopy(src,dest,len)
-#endif
-
-#ifndef NO_MEMCPY
-#define NO_MEMCPY 0
-#endif
-#if NO_MEMCPY /* memcpy() not in libraries */
-#define memcpy(dest,src,len) bcopy(src,dest,len)
-#endif
-
-#ifndef MEM_PROTOS_BROKEN
-#define MEM_PROTOS_BROKEN 0
-#endif
-#if MEM_PROTOS_BROKEN
-#define memcpy(d,s,l) memcpy((void *)(d), (void const *)(s), l)
-#define memmove(d,s,l) memmove((void *)(d), (void const *)(s), l)
-#define memcmp(d,s,l) memcmp((void const *)(d), (void const *)(s), l)
-#define memset(d,v,l) memset((void *)(d), v, l)
-#endif
-
-/*
- * If there are no prototypes for the stdio functions, use these to
- * reduce compiler warnings. Uses EOF as a giveaway to indicate
- * that <stdio.h> was #included.
- */
-#ifndef NO_STDIO_PROTOS
-#define NO_STDIO_PROTOS 0
-#endif
-#if NO_STDIO_PROTOS /* Missing prototypes for "simple" functions */
-#ifdef EOF
-#ifdef __cplusplus
-extern "C" {
-#endif
-int (puts)(char const *);
-int (fputs)(char const *, FILE *);
-int (fflush)(FILE *);
-int (printf)(char const *, ...);
-int (fprintf)(FILE *, char const *, ...);
-/* If we have a sufficiently old-fashioned stdio, it probably uses these... */
-int (_flsbuf)(int, FILE *);
-int (_filbuf)(FILE *);
-#ifdef __cplusplus
-}
-#endif
-#endif /* EOF */
-#endif /* NO_STDIO_PROTOS */
-
-/*
- * Borland C seems to think that it's a bad idea to decleare a
- * structure tag and not declare the contents. I happen to think
- * it's a *good* idea to use such "opaque" structures wherever
- * possible. So shut up.
- */
-#ifdef __BORLANDC__
-#pragma warn -stu
-#ifndef MSDOS
-#define MSDOS 1
-#endif
-#endif
-
-/* Turn off warning about negation of unsigned values */
-#ifdef _MSC_VER
-#pragma warning(disable:4146)
-#endif
-
-/* Cope with people forgetting to define the OS, if possible... */
-
-#ifndef MSDOS
-#ifdef __MSDOS
-#define MSDOS 1
-#endif
-#endif
-#ifndef MSDOS
-#ifdef __MSDOS__
-#define MSDOS 1
-#endif
-#endif
-
-#endif /* KLUDGE_H */
+++ /dev/null
-/*
- * Cylink Corporation © 1998
- *
- * This software is licensed by Cylink to the Internet Software Consortium to
- * promote implementation of royalty free public key cryptography within IETF
- * standards. Cylink wishes to expressly thank the contributions of Dr.
- * Martin Hellman, Whitfield Diffie, Ralph Merkle and Stanford University for
- * their contributions to Internet Security. In accordance with the terms of
- * this license, ISC is authorized to distribute and sublicense this software
- * for the practice of IETF standards.
- *
- * The software includes BigNum, written by Colin Plumb and licensed by Philip
- * R. Zimmermann for royalty free use and distribution with Cylink's
- * software. Use of BigNum as a stand alone product or component is
- * specifically prohibited.
- *
- * Disclaimer of All Warranties. THIS SOFTWARE IS BEING PROVIDED "AS IS",
- * WITHOUT ANY EXPRESSED OR IMPLIED WARRANTY OF ANY KIND WHATSOEVER. IN
- * PARTICULAR, WITHOUT LIMITATION ON THE GENERALITY OF THE FOREGOING, CYLINK
- * MAKES NO REPRESENTATION OF THIS SOFTWARE OR ITS FITNESS FOR ANY PARTICULAR
- * PURPOSE.
- *
- * Cylink or its representatives shall not be liable for tort, indirect,
- * special or consequential damages such as loss of profits or loss of
- * goodwill from the use or inability to use the software for any purpose or
- * for any reason whatsoever.
- *
- * EXPORT LAW: Export of the Foundations Suite may be subject to compliance
- * with the rules and regulations promulgated from time to time by the Bureau
- * of Export Administration, United States Department of Commerce, which
- * restrict the export and re-export of certain products and technical data.
- * If the export of the Foundations Suite is controlled under such rules and
- * regulations, then the Foundations Suite shall not be exported or
- * re-exported, directly or indirectly, (a) without all export or re-export
- * licenses and governmental approvals required by any applicable laws, or (b)
- * in violation of any applicable prohibition against the export or re-export
- * of any part of the Foundations Suite. All export licenses for software
- * containing the Foundations Suite are the sole responsibility of the licensee.
- */
-
-/*
- * lbn.h - Low-level bignum header.
- * Defines various word sizes and useful macros.
- *
- * Copyright (c) 1995 Colin Plumb. All rights reserved.
- * For licensing and other legal details, see the file legal.c.
- */
-#ifndef LBN_H
-#define LBN_H
-
-#ifndef HAVE_CONFIG_H
-#define HAVE_CONFIG_H 0
-#endif
-#if HAVE_CONFIG_H
-#include "config.h"
-#endif
-
-/*
- * Some compilers complain about #if FOO if FOO isn't defined,
- * so do the ANSI-mandated thing explicitly...
- */
-#ifndef NO_LIMITS_H
-#define NO_LIMITS_H 0
-#endif
-
-/* Make sure we have 8-bit bytes */
-#if !NO_LIMITS_H
-#include <limits.h>
-#if UCHAR_MAX != 0xff || CHAR_BIT != 8
-#error The bignum library requires 8-bit unsigned characters.
-#endif
-#endif /* !NO_LIMITS_H */
-
-#ifdef BNINCLUDE /* If this is defined as, say, foo.h */
-#define STR(x) #x /* STR(BNINCLUDE) -> "BNINCLUDE" */
-#define XSTR(x) STR(x) /* XSTR(BNINCLUDE) -> STR(foo.h) -> "foo.h" */
-#include XSTR(BNINCLUDE) /* #include "foo.h" */
-#undef XSTR
-#undef STR
-#endif
-
-/* Figure out the endianness */
-/* Error if more than one is defined */
-#if BN_BIG_ENDIAN && BN_LITTLE_ENDIAN
-#error Only one of BN_BIG_ENDIAN or BN_LITTLE_ENDIAN may be defined
-#endif
-
-/*
- * If no preference is stated, little-endian C code is slightly more
- * efficient, so prefer that. (The endianness here does NOT have to
- * match the machine's native byte sex; the library's C code will work
- * either way. The flexibility is allowed for assembly routines
- * that do care.
- */
-#if !defined(BN_BIG_ENDIAN) && !defined(BN_LITTLE_ENDIAN)
-#define BN_LITTLE_ENDIAN 1
-#endif /* !BN_BIG_ENDIAN && !BN_LITTLE_ENDIAN */
-
-/* Macros to choose between big and little endian */
-#if BN_BIG_ENDIAN
-#define BIG(b) b
-#define LITTLE(l) /*nothing*/
-#define BIGLITTLE(b,l) b
-#elif BN_LITTLE_ENDIAN
-#define BIG(b) /*nothing*/
-#define LITTLE(l) l
-#define BIGLITTLE(b,l) l
-#else
-#error One of BN_BIG_ENDIAN or BN_LITTLE_ENDIAN must be defined as 1
-#endif
-
-
-/*
- * Find a 16-bit unsigned type.
- * Unsigned short is preferred over unsigned int to make the type chosen
- * by this file more stable on platforms (such as many 68000 compilers)
- * which support both 16- and 32-bit ints.
- */
-#ifndef BNWORD16
-#ifndef USHRT_MAX /* No <limits.h> available - guess */
-typedef unsigned short bnword16;
-#define BNWORD16 bnword16
-#elif USHRT_MAX == 0xffff
-typedef unsigned short bnword16;
-#define BNWORD16 bnword16
-#elif UINT_MAX == 0xffff
-typedef unsigned bnword16;
-#define BNWORD16 bnword16
-#endif
-#endif /* BNWORD16 */
-
-/*
- * Find a 32-bit unsigned type.
- * Unsigned long is preferred over unsigned int to make the type chosen
- * by this file more stable on platforms (such as many 68000 compilers)
- * which support both 16- and 32-bit ints.
- */
-#ifndef BNWORD32
-#ifndef ULONG_MAX /* No <limits.h> available - guess */
-typedef unsigned long bnword32;
-#define BNWORD32 bnword32
-#elif ULONG_MAX == 0xfffffffful
-typedef unsigned long bnword32;
-#define BNWORD32 bnword32
-#elif UINT_MAX == 0xffffffff
-typedef unsigned bnword32;
-#define BNWORD32 bnword32
-#elif USHRT_MAX == 0xffffffff
-typedef unsigned short bnword32;
-#define BNWORD32 bnword32
-#endif
-#endif /* BNWORD16 */
-
-/*
- * Find a 64-bit unsigned type.
- * The conditions here are more complicated to avoid using numbers that
- * will choke lesser preprocessors (like 0xffffffffffffffff) unless
- * we're reasonably certain that they'll be acceptable.
- */
-#if !defined(BNWORD64) && ULONG_MAX > 0xfffffffful
-#if ULONG_MAX == 0xffffffffffffffff
-typedef unsigned long bnword64;
-#define BNWORD64 bnword64
-#endif
-#endif
-
-#if 0
-/*
- * I would test the value of unsigned long long, but some *preprocessors*
- * don't constants that long even if the compiler can accept them, so it
- * doesn't work reliably. So cross our fingers and hope that it's a 64-bit
- * type.
- *
- * GCC uses ULONG_LONG_MAX. Solaris uses ULLONG_MAX. IRIX uses ULONGLONG_MAX.
- * Are there any other names for this?
- */
-#if !defined(BNWORD64) && \
- (defined(ULONG_LONG_MAX) || defined (ULLONG_MAX) || defined(ULONGLONG_MAX))
-typedef unsigned long long bnword64;
-#define BNWORD64 bnword64
-#endif
-#endif
-
-/* We don't even try to find a 128-bit type at the moment */
-
-#endif /* !LBN_H */
+++ /dev/null
-/*
- * Cylink Corporation © 1998
- *
- * This software is licensed by Cylink to the Internet Software Consortium to
- * promote implementation of royalty free public key cryptography within IETF
- * standards. Cylink wishes to expressly thank the contributions of Dr.
- * Martin Hellman, Whitfield Diffie, Ralph Merkle and Stanford University for
- * their contributions to Internet Security. In accordance with the terms of
- * this license, ISC is authorized to distribute and sublicense this software
- * for the practice of IETF standards.
- *
- * The software includes BigNum, written by Colin Plumb and licensed by Philip
- * R. Zimmermann for royalty free use and distribution with Cylink's
- * software. Use of BigNum as a stand alone product or component is
- * specifically prohibited.
- *
- * Disclaimer of All Warranties. THIS SOFTWARE IS BEING PROVIDED "AS IS",
- * WITHOUT ANY EXPRESSED OR IMPLIED WARRANTY OF ANY KIND WHATSOEVER. IN
- * PARTICULAR, WITHOUT LIMITATION ON THE GENERALITY OF THE FOREGOING, CYLINK
- * MAKES NO REPRESENTATION OF THIS SOFTWARE OR ITS FITNESS FOR ANY PARTICULAR
- * PURPOSE.
- *
- * Cylink or its representatives shall not be liable for tort, indirect,
- * special or consequential damages such as loss of profits or loss of
- * goodwill from the use or inability to use the software for any purpose or
- * for any reason whatsoever.
- *
- * EXPORT LAW: Export of the Foundations Suite may be subject to compliance
- * with the rules and regulations promulgated from time to time by the Bureau
- * of Export Administration, United States Department of Commerce, which
- * restrict the export and re-export of certain products and technical data.
- * If the export of the Foundations Suite is controlled under such rules and
- * regulations, then the Foundations Suite shall not be exported or
- * re-exported, directly or indirectly, (a) without all export or re-export
- * licenses and governmental approvals required by any applicable laws, or (b)
- * in violation of any applicable prohibition against the export or re-export
- * of any part of the Foundations Suite. All export licenses for software
- * containing the Foundations Suite are the sole responsibility of the licensee.
- */
-
-/*
- * lbn00.c - auto-size-detecting lbn??.c file.
- *
- * Written in 1995 by Colin Plumb.
- */
-
-#include "port_before.h"
-#include "bnsize00.h"
-
-#if BNSIZE64
-
-/* Include all of the C source file by reference */
-#include "lbn64.c"
-
-#elif BNSIZE32
-
-/* Include all of the C source file by reference */
-#include "lbn32.c"
-
-#else /* BNSIZE16 */
-
-/* Include all of the C source file by reference */
-#include "lbn16.c"
-
-#endif
+++ /dev/null
-/*
- * Cylink Corporation © 1998
- *
- * This software is licensed by Cylink to the Internet Software Consortium to
- * promote implementation of royalty free public key cryptography within IETF
- * standards. Cylink wishes to expressly thank the contributions of Dr.
- * Martin Hellman, Whitfield Diffie, Ralph Merkle and Stanford University for
- * their contributions to Internet Security. In accordance with the terms of
- * this license, ISC is authorized to distribute and sublicense this software
- * for the practice of IETF standards.
- *
- * The software includes BigNum, written by Colin Plumb and licensed by Philip
- * R. Zimmermann for royalty free use and distribution with Cylink's
- * software. Use of BigNum as a stand alone product or component is
- * specifically prohibited.
- *
- * Disclaimer of All Warranties. THIS SOFTWARE IS BEING PROVIDED "AS IS",
- * WITHOUT ANY EXPRESSED OR IMPLIED WARRANTY OF ANY KIND WHATSOEVER. IN
- * PARTICULAR, WITHOUT LIMITATION ON THE GENERALITY OF THE FOREGOING, CYLINK
- * MAKES NO REPRESENTATION OF THIS SOFTWARE OR ITS FITNESS FOR ANY PARTICULAR
- * PURPOSE.
- *
- * Cylink or its representatives shall not be liable for tort, indirect,
- * special or consequential damages such as loss of profits or loss of
- * goodwill from the use or inability to use the software for any purpose or
- * for any reason whatsoever.
- *
- * EXPORT LAW: Export of the Foundations Suite may be subject to compliance
- * with the rules and regulations promulgated from time to time by the Bureau
- * of Export Administration, United States Department of Commerce, which
- * restrict the export and re-export of certain products and technical data.
- * If the export of the Foundations Suite is controlled under such rules and
- * regulations, then the Foundations Suite shall not be exported or
- * re-exported, directly or indirectly, (a) without all export or re-export
- * licenses and governmental approvals required by any applicable laws, or (b)
- * in violation of any applicable prohibition against the export or re-export
- * of any part of the Foundations Suite. All export licenses for software
- * containing the Foundations Suite are the sole responsibility of the licensee.
- */
-
-/*
- * lbn16.c - Low-level bignum routines, 16-bit version.
- *
- * Copyright (c) 1995 Colin Plumb. All rights reserved.
- * For licensing and other legal details, see the file legal.c.
- *
- * NOTE: the magic constants "16" and "32" appear in many places in this
- * file, including inside identifiers. Because it is not possible to
- * ask "#ifdef" of a macro expansion, it is not possible to use the
- * preprocessor to conditionalize these properly. Thus, this file is
- * intended to be edited with textual search and replace to produce
- * alternate word size versions. Any reference to the number of bits
- * in a word must be the string "16", and that string must not appear
- * otherwise. Any reference to twice this number must appear as "32",
- * which likewise must not appear otherwise. Is that clear?
- *
- * Remember, when doubling the bit size replace the larger number (32)
- * first, then the smaller (16). When halving the bit size, do the
- * opposite. Otherwise, things will get wierd. Also, be sure to replace
- * every instance that appears. (:%s/foo/bar/g in vi)
- *
- * These routines work with a pointer to the least-significant end of
- * an array of WORD16s. The BIG(x), LITTLE(y) and BIGLTTLE(x,y) macros
- * defined in lbn.h (which expand to x on a big-edian machine and y on a
- * little-endian machine) are used to conditionalize the code to work
- * either way. If you have no assembly primitives, it doesn't matter.
- * Note that on a big-endian machine, the least-significant-end pointer
- * is ONE PAST THE END. The bytes are ptr[-1] through ptr[-len].
- * On little-endian, they are ptr[0] through ptr[len-1]. This makes
- * perfect sense if you consider pointers to point *between* bytes rather
- * than at them.
- *
- * Because the array index values are unsigned integers, ptr[-i]
- * may not work properly, since the index -i is evaluated as an unsigned,
- * and if pointers are wider, zero-extension will produce a positive
- * number rahter than the needed negative. The expression used in this
- * code, *(ptr-i) will, however, work. (The array syntax is equivalent
- * to *(ptr+-i), which is a pretty subtle difference.)
- *
- * Many of these routines will get very unhappy if fed zero-length inputs.
- * They use assert() to enforce this. An higher layer of code must make
- * sure that these aren't called with zero-length inputs.
- *
- * Any of these routines can be replaced with more efficient versions
- * elsewhere, by just #defining their names. If one of the names
- * is #defined, the C code is not compiled in and no declaration is
- * made. Use the BNINCLUDE file to do that. Typically, you compile
- * asm subroutines with the same name and just, e.g.
- * #define lbnMulAdd1_16 lbnMulAdd1_16
- *
- * If you want to write asm routines, start with lbnMulAdd1_16().
- * This is the workhorse of modular exponentiation. lbnMulN1_16() is
- * also used a fair bit, although not as much and it's defined in terms
- * of lbnMulAdd1_16 if that has a custom version. lbnMulSub1_16 and
- * lbnDiv21_16 are used in the usual division and remainder finding.
- * (Not the Montgomery reduction used in modular exponentiation, though.)
- * Once you have lbnMulAdd1_16 defined, writing the other two should
- * be pretty easy. (Just make sure you get the sign of the subtraction
- * in lbnMulSub1_16 right - it's dest = dest - source * k.)
- *
- * The only definitions that absolutely need a double-word (BNWORD32)
- * type are lbnMulAdd1_16 and lbnMulSub1_16; if those are provided,
- * the rest follows. lbnDiv21_16, however, is a lot slower unless you
- * have them, and lbnModQ_16 takes after it. That one is used quite a
- * bit for prime sieving.
- */
-
-#ifndef HAVE_CONFIG_H
-#define HAVE_CONFIG_H 0
-#endif
-#if HAVE_CONFIG_H
-#include "config.h"
-#endif
-
-/*
- * Some compilers complain about #if FOO if FOO isn't defined,
- * so do the ANSI-mandated thing explicitly...
- */
-#ifndef NO_ASSERT_H
-#define NO_ASSERT_H 0
-#endif
-#ifndef NO_STRING_H
-#define NO_STRING_H 0
-#endif
-#ifndef HAVE_STRINGS_H
-#define HAVE_STRINGS_H 0
-#endif
-#ifndef NEED_MEMORY_H
-#define NEED_MEMORY_H 0
-#endif
-
-#if !NO_ASSERT_H
-#include <assert.h>
-#else
-#define assert(x) (void)0
-#endif
-
-#if !NO_STRING_H
-#include <string.h> /* For memcpy */
-#elif HAVE_STRINGS_H
-#include <strings.h>
-#endif
-#if NEED_MEMORY_H
-#include <memory.h>
-#endif
-
-#include "lbn.h"
-#include "lbn16.h"
-#include "lbnmem.h"
-#include "legal.h"
-
-#include "kludge.h"
-#include <port_after.h>
-
-#ifndef BNWORD16
-#error 16-bit bignum library requires a 16-bit data type
-#endif
-
-/* Make sure the copyright notice gets included */
-volatile const char * volatile const lbnCopyright_16 = bnCopyright;
-
-/*
- * Most of the multiply (and Montgomery reduce) routines use an outer
- * loop that iterates over one of the operands - a so-called operand
- * scanning approach. One big advantage of this is that the assembly
- * support routines are simpler. The loops can be rearranged to have
- * an outer loop that iterates over the product, a so-called product
- * scanning approach. This has the advantage of writing less data
- * and doing fewer adds to memory, so is supposedly faster. Some
- * code has been written using a product-scanning approach, but
- * it appears to be slower, so it is turned off by default. Some
- * experimentation would be appreciated.
- *
- * (The code is also annoying to get right and not very well commented,
- * one of my pet peeves about math libraries. I'm sorry.)
- */
-#ifndef PRODUCT_SCAN
-#define PRODUCT_SCAN 0
-#endif
-
-/*
- * Copy an array of words. <Marvin mode on> Thrilling, isn't it? </Marvin>
- * This is a good example of how the byte offsets and BIGLITTLE() macros work.
- * Another alternative would have been
- * memcpy(dest BIG(-len), src BIG(-len), len*sizeof(BNWORD16)), but I find that
- * putting operators into conditional macros is confusing.
- */
-#ifndef lbnCopy_16
-void
-lbnCopy_16(BNWORD16 *dest, BNWORD16 const *src, unsigned len)
-{
- memcpy(BIGLITTLE(dest-len,dest), BIGLITTLE(src-len,src),
- len * sizeof(*src));
-}
-#endif /* !lbnCopy_16 */
-
-/*
- * Fill n words with zero. This does it manually rather than calling
- * memset because it can assume alignment to make things faster while
- * memset can't. Note how big-endian numbers are naturally addressed
- * using predecrement, while little-endian is postincrement.
- */
-#ifndef lbnZero_16
-void
-lbnZero_16(BNWORD16 *num, unsigned len)
-{
- while (len--)
- BIGLITTLE(*--num,*num++) = 0;
-}
-#endif /* !lbnZero_16 */
-
-/*
- * Negate an array of words.
- * Negation is subtraction from zero. Negating low-order words
- * entails doing nothing until a non-zero word is hit. Once that
- * is negated, a borrow is generated and never dies until the end
- * of the number is hit. Negation with borrow, -x-1, is the same as ~x.
- * Repeat that until the end of the number.
- *
- * Doesn't return borrow out because that's pretty useless - it's
- * always set unless the input is 0, which is easy to notice in
- * normalized form.
- */
-#ifndef lbnNeg_16
-void
-lbnNeg_16(BNWORD16 *num, unsigned len)
-{
- assert(len);
-
- /* Skip low-order zero words */
- while (BIGLITTLE(*--num,*num) == 0) {
- if (!--len)
- return;
- LITTLE(num++;)
- }
- /* Negate the lowest-order non-zero word */
- *num = -*num;
- /* Complement all the higher-order words */
- while (--len) {
- BIGLITTLE(--num,++num);
- *num = ~*num;
- }
-}
-#endif /* !lbnNeg_16 */
-
-
-/*
- * lbnAdd1_16: add the single-word "carry" to the given number.
- * Used for minor increments and propagating the carry after
- * adding in a shorter bignum.
- *
- * Technique: If we have a double-width word, presumably the compiler
- * can add using its carry in inline code, so we just use a larger
- * accumulator to compute the carry from the first addition.
- * If not, it's more complex. After adding the first carry, which may
- * be > 1, compare the sum and the carry. If the sum wraps (causing a
- * carry out from the addition), the result will be less than each of the
- * inputs, since the wrap subtracts a number (2^16) which is larger than
- * the other input can possibly be. If the sum is >= the carry input,
- * return success immediately.
- * In either case, if there is a carry, enter a loop incrementing words
- * until one does not wrap. Since we are adding 1 each time, the wrap
- * will be to 0 and we can test for equality.
- */
-#ifndef lbnAdd1_16 /* If defined, it's provided as an asm subroutine */
-#ifdef BNWORD32
-BNWORD16
-lbnAdd1_16(BNWORD16 *num, unsigned len, BNWORD16 carry)
-{
- BNWORD32 t;
- assert(len > 0); /* Alternative: if (!len) return carry */
-
- t = (BNWORD32)BIGLITTLE(*--num,*num) + carry;
- BIGLITTLE(*num,*num++) = (BNWORD16)t;
- if ((t >> 16) == 0)
- return 0;
- while (--len) {
- if (++BIGLITTLE(*--num,*num++) != 0)
- return 0;
- }
- return 1;
-}
-#else /* no BNWORD32 */
-BNWORD16
-lbnAdd1_16(BNWORD16 *num, unsigned len, BNWORD16 carry)
-{
- assert(len > 0); /* Alternative: if (!len) return carry */
-
- if ((BIGLITTLE(*--num,*num++) += carry) >= carry)
- return 0;
- while (--len) {
- if (++BIGLITTLE(*--num,*num++) != 0)
- return 0;
- }
- return 1;
-}
-#endif
-#endif/* !lbnAdd1_16 */
-
-/*
- * lbnSub1_16: subtract the single-word "borrow" from the given number.
- * Used for minor decrements and propagating the borrow after
- * subtracting a shorter bignum.
- *
- * Technique: Similar to the add, above. If there is a double-length type,
- * use that to generate the first borrow.
- * If not, after subtracting the first borrow, which may be > 1, compare
- * the difference and the *negative* of the carry. If the subtract wraps
- * (causing a borrow out from the subtraction), the result will be at least
- * as large as -borrow. If the result < -borrow, then no borrow out has
- * appeared and we may return immediately, except when borrow == 0. To
- * deal with that case, use the identity that -x = ~x+1, and instead of
- * comparing < -borrow, compare for <= ~borrow.
- * Either way, if there is a borrow out, enter a loop decrementing words
- * until a non-zero word is reached.
- *
- * Note the cast of ~borrow to (BNWORD16). If the size of an int is larger
- * than BNWORD16, C rules say the number is expanded for the arithmetic, so
- * the inversion will be done on an int and the value won't be quite what
- * is expected.
- */
-#ifndef lbnSub1_16 /* If defined, it's provided as an asm subroutine */
-#ifdef BNWORD32
-BNWORD16
-lbnSub1_16(BNWORD16 *num, unsigned len, BNWORD16 borrow)
-{
- BNWORD32 t;
- assert(len > 0); /* Alternative: if (!len) return borrow */
-
- t = (BNWORD32)BIGLITTLE(*--num,*num) - borrow;
- BIGLITTLE(*num,*num++) = (BNWORD16)t;
- if ((t >> 16) == 0)
- return 0;
- while (--len) {
- if ((BIGLITTLE(*--num,*num++))-- != 0)
- return 0;
- }
- return 1;
-}
-#else /* no BNWORD32 */
-BNWORD16
-lbnSub1_16(BNWORD16 *num, unsigned len, BNWORD16 borrow)
-{
- assert(len > 0); /* Alternative: if (!len) return borrow */
-
- if ((BIGLITTLE(*--num,*num++) -= borrow) <= (BNWORD16)~borrow)
- return 0;
- while (--len) {
- if ((BIGLITTLE(*--num,*num++))-- != 0)
- return 0;
- }
- return 1;
-}
-#endif
-#endif /* !lbnSub1_16 */
-
-/*
- * lbnAddN_16: add two bignums of the same length, returning the carry (0 or 1).
- * One of the building blocks, along with lbnAdd1, of adding two bignums of
- * differing lengths.
- *
- * Technique: Maintain a word of carry. If there is no double-width type,
- * use the same technique as in lbnAdd1, above, to maintain the carry by
- * comparing the inputs. Adding the carry sources is used as an OR operator;
- * at most one of the two comparisons can possibly be true. The first can
- * only be true if carry == 1 and x, the result, is 0. In that case the
- * second can't possibly be true.
- */
-#ifndef lbnAddN_16
-#ifdef BNWORD32
-BNWORD16
-lbnAddN_16(BNWORD16 *num1, BNWORD16 const *num2, unsigned len)
-{
- BNWORD32 t;
-
- assert(len > 0);
-
- t = (BNWORD32)BIGLITTLE(*--num1,*num1) + BIGLITTLE(*--num2,*num2++);
- BIGLITTLE(*num1,*num1++) = (BNWORD16)t;
- while (--len) {
- t = (BNWORD32)BIGLITTLE(*--num1,*num1) +
- (BNWORD32)BIGLITTLE(*--num2,*num2++) + (t >> 16);
- BIGLITTLE(*num1,*num1++) = (BNWORD16)t;
- }
-
- return (BNWORD16)(t>>16);
-}
-#else /* no BNWORD32 */
-BNWORD16
-lbnAddN_16(BNWORD16 *num1, BNWORD16 const *num2, unsigned len)
-{
- BNWORD16 x, carry = 0;
-
- assert(len > 0); /* Alternative: change loop to test at start */
-
- do {
- x = BIGLITTLE(*--num2,*num2++);
- carry = (x += carry) < carry;
- carry += (BIGLITTLE(*--num1,*num1++) += x) < x;
- } while (--len);
-
- return carry;
-}
-#endif
-#endif /* !lbnAddN_16 */
-
-/*
- * lbnSubN_16: add two bignums of the same length, returning the carry (0 or 1).
- * One of the building blocks, along with subn1, of subtracting two bignums of
- * differing lengths.
- *
- * Technique: If no double-width type is availble, maintain a word of borrow.
- * First, add the borrow to the subtrahend (did you have to learn all those
- * awful words in elementary school, too?), and if it overflows, set the
- * borrow again. Then subtract the modified subtrahend from the next word
- * of input, using the same technique as in subn1, above.
- * Adding the borrows is used as an OR operator; at most one of the two
- * comparisons can possibly be true. The first can only be true if
- * borrow == 1 and x, the result, is 0. In that case the second can't
- * possibly be true.
- *
- * In the double-word case, (BNWORD16)-(t>>16) is subtracted, rather than
- * adding t>>16, because the shift would need to sign-extend and that's
- * not guaranteed to happen in ANSI C, even with signed types.
- */
-#ifndef lbnSubN_16
-#ifdef BNWORD32
-BNWORD16
-lbnSubN_16(BNWORD16 *num1, BNWORD16 const *num2, unsigned len)
-{
- BNWORD32 t;
-
- assert(len > 0);
-
- t = (BNWORD32)BIGLITTLE(*--num1,*num1) - BIGLITTLE(*--num2,*num2++);
- BIGLITTLE(*num1,*num1++) = (BNWORD16)t;
-
- while (--len) {
- t = (BNWORD32)BIGLITTLE(*--num1,*num1) -
- (BNWORD32)BIGLITTLE(*--num2,*num2++) - (BNWORD16)-(t >> 16);
- BIGLITTLE(*num1,*num1++) = (BNWORD16)t;
- }
-
- return -(BNWORD16)(t>>16);
-}
-#else
-BNWORD16
-lbnSubN_16(BNWORD16 *num1, BNWORD16 const *num2, unsigned len)
-{
- BNWORD16 x, borrow = 0;
-
- assert(len > 0); /* Alternative: change loop to test at start */
-
- do {
- x = BIGLITTLE(*--num2,*num2++);
- borrow = (x += borrow) < borrow;
- borrow += (BIGLITTLE(*--num1,*num1++) -= x) > (BNWORD16)~x;
- } while (--len);
-
- return borrow;
-}
-#endif
-#endif /* !lbnSubN_16 */
-
-#ifndef lbnCmp_16
-/*
- * lbnCmp_16: compare two bignums of equal length, returning the sign of
- * num1 - num2. (-1, 0 or +1).
- *
- * Technique: Change the little-endian pointers to big-endian pointers
- * and compare from the most-significant end until a difference if found.
- * When it is, figure out the sign of the difference and return it.
- */
-int
-lbnCmp_16(BNWORD16 const *num1, BNWORD16 const *num2, unsigned len)
-{
- BIGLITTLE(num1 -= len, num1 += len);
- BIGLITTLE(num2 -= len, num2 += len);
-
- while (len--) {
- if (BIGLITTLE(*num1++ != *num2++, *--num1 != *--num2)) {
- if (BIGLITTLE(num1[-1] < num2[-1], *num1 < *num2))
- return -1;
- else
- return 1;
- }
- }
- return 0;
-}
-#endif /* !lbnCmp_16 */
-
-/*
- * mul16_ppmmaa(ph,pl,x,y,a,b) is an optional routine that
- * computes (ph,pl) = x * y + a + b. mul16_ppmma and mul16_ppmm
- * are simpler versions. If you want to be lazy, all of these
- * can be defined in terms of the others, so here we create any
- * that have not been defined in terms of the ones that have been.
- */
-
-/* Define ones with fewer a's in terms of ones with more a's */
-#if !defined(mul16_ppmma) && defined(mul16_ppmmaa)
-#define mul16_ppmma(ph,pl,x,y,a) mul16_ppmmaa(ph,pl,x,y,a,0)
-#endif
-
-#if !defined(mul16_ppmm) && defined(mul16_ppmma)
-#define mul16_ppmm(ph,pl,x,y) mul16_ppmma(ph,pl,x,y,0)
-#endif
-
-/*
- * Use this definition to test the mul16_ppmm-based operations on machines
- * that do not provide mul16_ppmm. Change the final "0" to a "1" to
- * enable it.
- */
-#if !defined(mul16_ppmm) && defined(BNWORD32) && 0 /* Debugging */
-#define mul16_ppmm(ph,pl,x,y) \
- ({BNWORD32 _ = (BNWORD32)(x)*(y); (pl) = _; (ph) = _>>16;})
-#endif
-
-#if defined(mul16_ppmm) && !defined(mul16_ppmma)
-#define mul16_ppmma(ph,pl,x,y,a) \
- (mul16_ppmm(ph,pl,x,y), (ph) += ((pl) += (a)) < (a))
-#endif
-
-#if defined(mul16_ppmma) && !defined(mul16_ppmmaa)
-#define mul16_ppmmaa(ph,pl,x,y,a,b) \
- (mul16_ppmma(ph,pl,x,y,a), (ph) += ((pl) += (b)) < (b))
-#endif
-
-/*
- * lbnMulN1_16: Multiply an n-word input by a 1-word input and store the
- * n+1-word product. This uses either the mul16_ppmm and mul16_ppmma
- * macros, or C multiplication with the BNWORD32 type. This uses mul16_ppmma
- * if available, assuming you won't bother defining it unless you can do
- * better than the normal multiplication.
- */
-#ifndef lbnMulN1_16
-#ifdef lbnMulAdd1_16 /* If we have this asm primitive, use it. */
-void
-lbnMulN1_16(BNWORD16 *out, BNWORD16 const *in, unsigned len, BNWORD16 k)
-{
- lbnZero_16(out, len);
- BIGLITTLE(*(out-len),*(out+len)) = lbnMulAdd1_16(out, in, len, k);
-}
-#elif defined(mul16_ppmm)
-void
-lbnMulN1_16(BNWORD16 *out, BNWORD16 const *in, unsigned len, BNWORD16 k)
-{
- BNWORD16 prod, carry, carryin;
-
- assert(len > 0);
-
- BIG(--out;--in;);
- mul16_ppmm(carry, *out, *in, k);
- LITTLE(out++;in++;)
-
- while (--len) {
- BIG(--out;--in;)
- carryin = carry;
- mul16_ppmma(carry, *out, *in, k, carryin);
- LITTLE(out++;in++;)
- }
- BIGLITTLE(*--out,*out) = carry;
-}
-#elif defined(BNWORD32)
-void
-lbnMulN1_16(BNWORD16 *out, BNWORD16 const *in, unsigned len, BNWORD16 k)
-{
- BNWORD32 p;
-
- assert(len > 0);
-
- p = (BNWORD32)BIGLITTLE(*--in,*in++) * k;
- BIGLITTLE(*--out,*out++) = (BNWORD16)p;
-
- while (--len) {
- p = (BNWORD32)BIGLITTLE(*--in,*in++) * k + (BNWORD16)(p >> 16);
- BIGLITTLE(*--out,*out++) = (BNWORD16)p;
- }
- BIGLITTLE(*--out,*out) = (BNWORD16)(p >> 16);
-}
-#else
-#error No 16x16 -> 32 multiply available for 16-bit bignum package
-#endif
-#endif /* lbnMulN1_16 */
-
-/*
- * lbnMulAdd1_16: Multiply an n-word input by a 1-word input and add the
- * low n words of the product to the destination. *Returns the n+1st word
- * of the product.* (That turns out to be more convenient than adding
- * it into the destination and dealing with a possible unit carry out
- * of *that*.) This uses either the mul16_ppmma and mul16_ppmmaa macros,
- * or C multiplication with the BNWORD32 type.
- *
- * If you're going to write assembly primitives, this is the one to
- * start with. It is by far the most commonly called function.
- */
-#ifndef lbnMulAdd1_16
-#if defined(mul16_ppmm)
-BNWORD16
-lbnMulAdd1_16(BNWORD16 *out, BNWORD16 const *in, unsigned len, BNWORD16 k)
-{
- BNWORD16 prod, carry, carryin;
-
- assert(len > 0);
-
- BIG(--out;--in;);
- carryin = *out;
- mul16_ppmma(carry, *out, *in, k, carryin);
- LITTLE(out++;in++;)
-
- while (--len) {
- BIG(--out;--in;);
- carryin = carry;
- mul16_ppmmaa(carry, prod, *in, k, carryin, *out);
- *out = prod;
- LITTLE(out++;in++;)
- }
-
- return carry;
-}
-#elif defined(BNWORD32)
-BNWORD16
-lbnMulAdd1_16(BNWORD16 *out, BNWORD16 const *in, unsigned len, BNWORD16 k)
-{
- BNWORD32 p;
-
- assert(len > 0);
-
- p = (BNWORD32)BIGLITTLE(*--in,*in++) * k + BIGLITTLE(*--out,*out);
- BIGLITTLE(*out,*out++) = (BNWORD16)p;
-
- while (--len) {
- p = (BNWORD32)BIGLITTLE(*--in,*in++) * k +
- (BNWORD16)(p >> 16) + BIGLITTLE(*--out,*out);
- BIGLITTLE(*out,*out++) = (BNWORD16)p;
- }
-
- return (BNWORD16)(p >> 16);
-}
-#else
-#error No 16x16 -> 32 multiply available for 16-bit bignum package
-#endif
-#endif /* lbnMulAdd1_16 */
-
-/*
- * lbnMulSub1_16: Multiply an n-word input by a 1-word input and subtract the
- * n-word product from the destination. Returns the n+1st word of the product.
- * This uses either the mul16_ppmm and mul16_ppmma macros, or
- * C multiplication with the BNWORD32 type.
- *
- * This is rather uglier than adding, but fortunately it's only used in
- * division which is not used too heavily.
- */
-#ifndef lbnMulN1_16
-#if defined(mul16_ppmm)
-BNWORD16
-lbnMulSub1_16(BNWORD16 *out, BNWORD16 const *in, unsigned len, BNWORD16 k)
-{
- BNWORD16 prod, carry, carryin;
-
- assert(len > 0);
-
- BIG(--in;)
- mul16_ppmm(carry, prod, *in, k);
- LITTLE(in++;)
- carry += (BIGLITTLE(*--out,*out++) -= prod) > (BNWORD16)~prod;
-
- while (--len) {
- BIG(--in;);
- carryin = carry;
- mul16_ppmma(carry, prod, *in, k, carryin);
- LITTLE(in++;)
- carry += (BIGLITTLE(*--out,*out++) -= prod) > (BNWORD16)~prod;
- }
-
- return carry;
-}
-#elif defined(BNWORD32)
-BNWORD16
-lbnMulSub1_16(BNWORD16 *out, BNWORD16 const *in, unsigned len, BNWORD16 k)
-{
- BNWORD32 p;
- BNWORD16 carry, t;
-
- assert(len > 0);
-
- p = (BNWORD32)BIGLITTLE(*--in,*in++) * k;
- t = BIGLITTLE(*--out,*out);
- carry = (BNWORD16)(p>>16) + ((BIGLITTLE(*out,*out++)=t-(BNWORD16)p) > t);
-
- while (--len) {
- p = (BNWORD32)BIGLITTLE(*--in,*in++) * k + carry;
- t = BIGLITTLE(*--out,*out);
- carry = (BNWORD16)(p>>16) +
- ( (BIGLITTLE(*out,*out++)=t-(BNWORD16)p) > t );
- }
-
- return carry;
-}
-#else
-#error No 16x16 -> 32 multiply available for 16-bit bignum package
-#endif
-#endif /* !lbnMulSub1_16 */
-
-/*
- * Shift n words left "shift" bits. 0 < shift < 16. Returns the
- * carry, any bits shifted off the left-hand side (0 <= carry < 2^shift).
- */
-#ifndef lbnLshift_16
-BNWORD16
-lbnLshift_16(BNWORD16 *num, unsigned len, unsigned shift)
-{
- BNWORD16 x, carry;
-
- assert(shift > 0);
- assert(shift < 16);
-
- carry = 0;
- while (len--) {
- BIG(--num;)
- x = *num;
- *num = (x<<shift) | carry;
- LITTLE(num++;)
- carry = x >> (16-shift);
- }
- return carry;
-}
-#endif /* !lbnLshift_16 */
-
-/*
- * An optimized version of the above, for shifts of 1.
- * Some machines can use add-with-carry tricks for this.
- */
-#ifndef lbnDouble_16
-BNWORD16
-lbnDouble_16(BNWORD16 *num, unsigned len)
-{
- BNWORD16 x, carry;
-
- carry = 0;
- while (len--) {
- BIG(--num;)
- x = *num;
- *num = (x<<1) | carry;
- LITTLE(num++;)
- carry = x >> (16-1);
- }
- return carry;
-}
-#endif /* !lbnDouble_16 */
-
-/*
- * Shift n words right "shift" bits. 0 < shift < 16. Returns the
- * carry, any bits shifted off the right-hand side (0 <= carry < 2^shift).
- */
-#ifndef lbnRshift_16
-BNWORD16
-lbnRshift_16(BNWORD16 *num, unsigned len, unsigned shift)
-{
- BNWORD16 x, carry = 0;
-
- assert(shift > 0);
- assert(shift < 16);
-
- BIGLITTLE(num -= len, num += len);
-
- while (len--) {
- LITTLE(--num;)
- x = *num;
- *num = (x>>shift) | carry;
- BIG(num++;)
- carry = x << (16-shift);
- }
- return carry >> (16-shift);
-}
-#endif /* !lbnRshift_16 */
-
-/*
- * Multiply two numbers of the given lengths. prod and num2 may overlap,
- * provided that the low len1 bits of prod are free. (This corresponds
- * nicely to the place the result is returned from lbnMontReduce_16.)
- *
- * TODO: Use Karatsuba multiply. The overlap constraints may have
- * to get rewhacked.
- */
-#ifndef lbnMul_16
-void
-lbnMul_16(BNWORD16 *prod, BNWORD16 const *num1, unsigned len1,
- BNWORD16 const *num2, unsigned len2)
-{
- /* Special case of zero */
- if (!len1 || !len2) {
- lbnZero_16(prod, len1+len2);
- return;
- }
-
- /* Multiply first word */
- lbnMulN1_16(prod, num1, len1, BIGLITTLE(*--num2,*num2++));
-
- /*
- * Add in subsequent words, storing the most significant word,
- * which is new each time.
- */
- while (--len2) {
- BIGLITTLE(--prod,prod++);
- BIGLITTLE(*(prod-len1-1),*(prod+len1)) =
- lbnMulAdd1_16(prod, num1, len1, BIGLITTLE(*--num2,*num2++));
- }
-}
-#endif /* !lbnMul_16 */
-
-/*
- * lbnMulX_16 is a square multiply - both inputs are the same length.
- * It's normally just a macro wrapper around the general multiply,
- * but might be implementable in assembly more efficiently (such as
- * when product scanning).
- */
-#ifndef lbnMulX_16
-#if defined(BNWORD32) && PRODUCT_SCAN
-/*
- * Test code to see whether product scanning is any faster. It seems
- * to make the C code slower, so PRODUCT_SCAN is not defined.
- */
-static void
-lbnMulX_16(BNWORD16 *prod, BNWORD16 const *num1, BNWORD16 const *num2,
- unsigned len)
-{
- BNWORD32 x, y;
- BNWORD16 const *p1, *p2;
- unsigned carry;
- unsigned i, j;
-
- /* Special case of zero */
- if (!len)
- return;
-
- x = (BNWORD32)BIGLITTLE(num1[-1] * num2[-1], num1[0] * num2[0]);
- BIGLITTLE(*--prod, *prod++) = (BNWORD16)x;
- x >>= 16;
-
- for (i = 1; i < len; i++) {
- carry = 0;
- p1 = num1;
- p2 = BIGLITTLE(num2-i-1,num2+i+1);
- for (j = 0; j <= i; j++) {
- BIG(y = (BNWORD32)*--p1 * *p2++;)
- LITTLE(y = (BNWORD32)*p1++ * *--p2;)
- x += y;
- carry += (x < y);
- }
- BIGLITTLE(*--prod,*prod++) = (BNWORD16)x;
- x = (x >> 16) | (BNWORD32)carry << 16;
- }
- for (i = 1; i < len; i++) {
- carry = 0;
- p1 = BIGLITTLE(num1-i,num1+i);
- p2 = BIGLITTLE(num2-len,num2+len);
- for (j = i; j < len; j++) {
- BIG(y = (BNWORD32)*--p1 * *p2++;)
- LITTLE(y = (BNWORD32)*p1++ * *--p2;)
- x += y;
- carry += (x < y);
- }
- BIGLITTLE(*--prod,*prod++) = (BNWORD16)x;
- x = (x >> 16) | (BNWORD32)carry << 16;
- }
-
- BIGLITTLE(*--prod,*prod) = (BNWORD16)x;
-}
-#else /* !defined(BNWORD32) || !PRODUCT_SCAN */
-/* Default trivial macro definition */
-#define lbnMulX_16(prod, num1, num2, len) lbnMul_16(prod, num1, len, num2, len)
-#endif /* !defined(BNWORD32) || !PRODUCT_SCAN */
-#endif /* !lbmMulX_16 */
-
-#if !defined(lbnMontMul_16) && defined(BNWORD32) && PRODUCT_SCAN
-/*
- * Test code for product-scanning multiply. This seems to slow the C
- * code down rather than speed it up.
- * This does a multiply and Montgomery reduction together, using the
- * same loops. The outer loop scans across the product, twice.
- * The first pass computes the low half of the product and the
- * Montgomery multipliers. These are stored in the product array,
- * which contains no data as of yet. x and carry add up the columns
- * and propagate carries forward.
- *
- * The second half multiplies the upper half, adding in the modulus
- * times the Montgomery multipliers. The results of this multiply
- * are stored.
- */
-static void
-lbnMontMul_16(BNWORD16 *prod, BNWORD16 const *num1, BNWORD16 const *num2,
- BNWORD16 const *mod, unsigned len, BNWORD16 inv)
-{
- BNWORD32 x, y;
- BNWORD16 const *p1, *p2, *pm;
- BNWORD16 *pp;
- BNWORD16 t;
- unsigned carry;
- unsigned i, j;
-
- /* Special case of zero */
- if (!len)
- return;
-
- /*
- * This computes directly into the high half of prod, so just
- * shift the pointer and consider prod only "len" elements long
- * for the rest of the code.
- */
- BIGLITTLE(prod -= len, prod += len);
-
- /* Pass 1 - compute Montgomery multipliers */
- /* First iteration can have certain simplifications. */
- x = (BNWORD32)BIGLITTLE(num1[-1] * num2[-1], num1[0] * num2[0]);
- BIGLITTLE(prod[-1], prod[0]) = t = inv * (BNWORD16)x;
- y = (BNWORD32)t * BIGLITTLE(mod[-1],mod[0]);
- x += y;
- /* Note: GCC 2.6.3 has a bug if you try to eliminate "carry" */
- carry = (x < y);
- assert((BNWORD16)x == 0);
- x = x >> 16 | (BNWORD32)carry << 16;
-
- for (i = 1; i < len; i++) {
- carry = 0;
- p1 = num1;
- p2 = BIGLITTLE(num2-i-1,num2+i+1);
- pp = prod;
- pm = BIGLITTLE(mod-i-1,mod+i+1);
- for (j = 0; j < i; j++) {
- y = (BNWORD32)BIGLITTLE(*--p1 * *p2++, *p1++ * *--p2);
- x += y;
- carry += (x < y);
- y = (BNWORD32)BIGLITTLE(*--pp * *pm++, *pp++ * *--pm);
- x += y;
- carry += (x < y);
- }
- y = (BNWORD32)BIGLITTLE(p1[-1] * p2[0], p1[0] * p2[-1]);
- x += y;
- carry += (x < y);
- assert(BIGLITTLE(pp == prod-i, pp == prod+i));
- BIGLITTLE(pp[-1], pp[0]) = t = inv * (BNWORD16)x;
- assert(BIGLITTLE(pm == mod-1, pm == mod+1));
- y = (BNWORD32)t * BIGLITTLE(pm[0],pm[-1]);
- x += y;
- carry += (x < y);
- assert((BNWORD16)x == 0);
- x = x >> 16 | (BNWORD32)carry << 16;
- }
-
- /* Pass 2 - compute reduced product and store */
- for (i = 1; i < len; i++) {
- carry = 0;
- p1 = BIGLITTLE(num1-i,num1+i);
- p2 = BIGLITTLE(num2-len,num2+len);
- pm = BIGLITTLE(mod-i,mod+i);
- pp = BIGLITTLE(prod-len,prod+len);
- for (j = i; j < len; j++) {
- y = (BNWORD32)BIGLITTLE(*--p1 * *p2++, *p1++ * *--p2);
- x += y;
- carry += (x < y);
- y = (BNWORD32)BIGLITTLE(*--pm * *pp++, *pm++ * *--pp);
- x += y;
- carry += (x < y);
- }
- assert(BIGLITTLE(pm == mod-len, pm == mod+len));
- assert(BIGLITTLE(pp == prod-i, pp == prod+i));
- BIGLITTLE(pp[0],pp[-1]) = (BNWORD16)x;
- x = (x >> 16) | (BNWORD32)carry << 16;
- }
-
- /* Last round of second half, simplified. */
- BIGLITTLE(*(prod-len),*(prod+len-1)) = (BNWORD16)x;
- carry = (x >> 16);
-
- while (carry)
- carry -= lbnSubN_16(prod, mod, len);
- while (lbnCmp_16(prod, mod, len) >= 0)
- (void)lbnSubN_16(prod, mod, len);
-}
-/* Suppress later definition */
-#define lbnMontMul_16 lbnMontMul_16
-#endif
-
-#if !defined(lbnSquare_16) && defined(BNWORD32) && PRODUCT_SCAN
-/*
- * Trial code for product-scanning squaring. This seems to slow the C
- * code down rather than speed it up.
- */
-void
-lbnSquare_16(BNWORD16 *prod, BNWORD16 const *num, unsigned len)
-{
- BNWORD32 x, y, z;
- BNWORD16 const *p1, *p2;
- unsigned carry;
- unsigned i, j;
-
- /* Special case of zero */
- if (!len)
- return;
-
- /* Word 0 of product */
- x = (BNWORD32)BIGLITTLE(num[-1] * num[-1], num[0] * num[0]);
- BIGLITTLE(*--prod, *prod++) = (BNWORD16)x;
- x >>= 16;
-
- /* Words 1 through len-1 */
- for (i = 1; i < len; i++) {
- carry = 0;
- y = 0;
- p1 = num;
- p2 = BIGLITTLE(num-i-1,num+i+1);
- for (j = 0; j < (i+1)/2; j++) {
- BIG(z = (BNWORD32)*--p1 * *p2++;)
- LITTLE(z = (BNWORD32)*p1++ * *--p2;)
- y += z;
- carry += (y < z);
- }
- y += z = y;
- carry += carry + (y < z);
- if ((i & 1) == 0) {
- assert(BIGLITTLE(--p1 == p2, p1 == --p2));
- BIG(z = (BNWORD32)*p2 * *p2;)
- LITTLE(z = (BNWORD32)*p1 * *p1;)
- y += z;
- carry += (y < z);
- }
- x += y;
- carry += (x < y);
- BIGLITTLE(*--prod,*prod++) = (BNWORD16)x;
- x = (x >> 16) | (BNWORD32)carry << 16;
- }
- /* Words len through 2*len-2 */
- for (i = 1; i < len; i++) {
- carry = 0;
- y = 0;
- p1 = BIGLITTLE(num-i,num+i);
- p2 = BIGLITTLE(num-len,num+len);
- for (j = 0; j < (len-i)/2; j++) {
- BIG(z = (BNWORD32)*--p1 * *p2++;)
- LITTLE(z = (BNWORD32)*p1++ * *--p2;)
- y += z;
- carry += (y < z);
- }
- y += z = y;
- carry += carry + (y < z);
- if ((len-i) & 1) {
- assert(BIGLITTLE(--p1 == p2, p1 == --p2));
- BIG(z = (BNWORD32)*p2 * *p2;)
- LITTLE(z = (BNWORD32)*p1 * *p1;)
- y += z;
- carry += (y < z);
- }
- x += y;
- carry += (x < y);
- BIGLITTLE(*--prod,*prod++) = (BNWORD16)x;
- x = (x >> 16) | (BNWORD32)carry << 16;
- }
-
- /* Word 2*len-1 */
- BIGLITTLE(*--prod,*prod) = (BNWORD16)x;
-}
-/* Suppress later definition */
-#define lbnSquare_16 lbnSquare_16
-#endif
-
-/*
- * Square a number, using optimized squaring to reduce the number of
- * primitive multiples that are executed. There may not be any
- * overlap of the input and output.
- *
- * Technique: Consider the partial products in the multiplication
- * of "abcde" by itself:
- *
- * a b c d e
- * * a b c d e
- * ==================
- * ae be ce de ee
- * ad bd cd dd de
- * ac bc cc cd ce
- * ab bb bc bd be
- * aa ab ac ad ae
- *
- * Note that everything above the main diagonal:
- * ae be ce de = (abcd) * e
- * ad bd cd = (abc) * d
- * ac bc = (ab) * c
- * ab = (a) * b
- *
- * is a copy of everything below the main diagonal:
- * de
- * cd ce
- * bc bd be
- * ab ac ad ae
- *
- * Thus, the sum is 2 * (off the diagonal) + diagonal.
- *
- * This is accumulated beginning with the diagonal (which
- * consist of the squares of the digits of the input), which is then
- * divided by two, the off-diagonal added, and multiplied by two
- * again. The low bit is simply a copy of the low bit of the
- * input, so it doesn't need special care.
- *
- * TODO: Merge the shift by 1 with the squaring loop.
- * TODO: Use Karatsuba. (a*W+b)^2 = a^2 * (W^2+W) + b^2 * (W+1) - (a-b)^2 * W.
- */
-#ifndef lbnSquare_16
-void
-lbnSquare_16(BNWORD16 *prod, BNWORD16 const *num, unsigned len)
-{
- BNWORD16 t;
- BNWORD16 *prodx = prod; /* Working copy of the argument */
- BNWORD16 const *numx = num; /* Working copy of the argument */
- unsigned lenx = len; /* Working copy of the argument */
-
- if (!len)
- return;
-
- /* First, store all the squares */
- while (lenx--) {
-#ifdef mul16_ppmm
- BNWORD16 ph, pl;
- t = BIGLITTLE(*--numx,*numx++);
- mul16_ppmm(ph,pl,t,t);
- BIGLITTLE(*--prodx,*prodx++) = pl;
- BIGLITTLE(*--prodx,*prodx++) = ph;
-#elif defined(BNWORD32) /* use BNWORD32 */
- BNWORD32 p;
- t = BIGLITTLE(*--numx,*numx++);
- p = (BNWORD32)t * t;
- BIGLITTLE(*--prodx,*prodx++) = (BNWORD16)p;
- BIGLITTLE(*--prodx,*prodx++) = (BNWORD16)(p>>16);
-#else /* Use lbnMulN1_16 */
- t = BIGLITTLE(numx[-1],*numx);
- lbnMulN1_16(prodx, numx, 1, t);
- BIGLITTLE(--numx,numx++);
- BIGLITTLE(prodx -= 2, prodx += 2);
-#endif
- }
- /* Then, shift right 1 bit */
- (void)lbnRshift_16(prod, 2*len, 1);
-
- /* Then, add in the off-diagonal sums */
- lenx = len;
- numx = num;
- prodx = prod;
- while (--lenx) {
- t = BIGLITTLE(*--numx,*numx++);
- BIGLITTLE(--prodx,prodx++);
- t = lbnMulAdd1_16(prodx, numx, lenx, t);
- lbnAdd1_16(BIGLITTLE(prodx-lenx,prodx+lenx), lenx+1, t);
- BIGLITTLE(--prodx,prodx++);
- }
-
- /* Shift it back up */
- lbnDouble_16(prod, 2*len);
-
- /* And set the low bit appropriately */
- BIGLITTLE(prod[-1],prod[0]) |= BIGLITTLE(num[-1],num[0]) & 1;
-}
-#endif /* !lbnSquare_16 */
-
-/*
- * lbnNorm_16 - given a number, return a modified length such that the
- * most significant digit is non-zero. Zero-length input is okay.
- */
-#ifndef lbnNorm_16
-unsigned
-lbnNorm_16(BNWORD16 const *num, unsigned len)
-{
- BIGLITTLE(num -= len,num += len);
- while (len && BIGLITTLE(*num++,*--num) == 0)
- --len;
- return len;
-}
-#endif /* lbnNorm_16 */
-
-/*
- * lbnBits_16 - return the number of significant bits in the array.
- * It starts by normalizing the array. Zero-length input is okay.
- * Then assuming there's anything to it, it fetches the high word,
- * generates a bit length by multiplying the word length by 16, and
- * subtracts off 16/2, 16/4, 16/8, ... bits if the high bits are clear.
- */
-#ifndef lbnBits_16
-unsigned
-lbnBits_16(BNWORD16 const *num, unsigned len)
-{
- BNWORD16 t;
- unsigned i;
-
- len = lbnNorm_16(num, len);
- if (len) {
- t = BIGLITTLE(*(num-len),*(num+(len-1)));
- assert(t);
- len *= 16;
- i = 16/2;
- do {
- if (t >> i)
- t >>= i;
- else
- len -= i;
- } while ((i /= 2) != 0);
- }
- return len;
-}
-#endif /* lbnBits_16 */
-
-/*
- * If defined, use hand-rolled divide rather than compiler's native.
- * If the machine doesn't do it in line, the manual code is probably
- * faster, since it can assume normalization and the fact that the
- * quotient will fit into 16 bits, which a general 32-bit divide
- * in a compiler's run-time library can't do.
- */
-#ifndef BN_SLOW_DIVIDE_32
-/* Assume that divisors of more than thirty-two bits are slow */
-#define BN_SLOW_DIVIDE_32 (32 > 0x20)
-#endif
-
-/*
- * Return (nh<<16|nl) % d, and place the quotient digit into *q.
- * It is guaranteed that nh < d, and that d is normalized (with its high
- * bit set). If we have a double-width type, it's easy. If not, ooh,
- * yuk!
- */
-#ifndef lbnDiv21_16
-#if defined(BNWORD32) && !BN_SLOW_DIVIDE_32
-BNWORD16
-lbnDiv21_16(BNWORD16 *q, BNWORD16 nh, BNWORD16 nl, BNWORD16 d)
-{
- BNWORD32 n = (BNWORD32)nh << 16 | nl;
-
- /* Divisor must be normalized */
- assert(d >> (16-1) == 1);
-
- *q = (BNWORD16)(n / d);
- return (BNWORD16)(n % d);
-}
-#else
-/*
- * This is where it gets ugly.
- *
- * Do the division in two halves, using Algorithm D from section 4.3.1
- * of Knuth. Note Theorem B from that section, that the quotient estimate
- * is never more than the true quotient, and is never more than two
- * too low.
- *
- * The mapping onto conventional long division is (everything a half word):
- * _____________qh___ql_
- * dh dl ) nh.h nh.l nl.h nl.l
- * - (qh * d)
- * -----------
- * rrrr rrrr nl.l
- * - (ql * d)
- * -----------
- * rrrr rrrr
- *
- * The implicit 3/2-digit d*qh and d*ql subtractors are computed this way:
- * First, estimate a q digit so that nh/dh works. Subtracting qh*dh from
- * the (nh.h nh.l) list leaves a 1/2-word remainder r. Then compute the
- * low part of the subtractor, qh * dl. This also needs to be subtracted
- * from (nh.h nh.l nl.h) to get the final remainder. So we take the
- * remainder, which is (nh.h nh.l) - qh*dl, shift it and add in nl.h, and
- * try to subtract qh * dl from that. Since the remainder is 1/2-word
- * long, shifting and adding nl.h results in a single word r.
- * It is possible that the remainder we're working with, r, is less than
- * the product qh * dl, if we estimated qh too high. The estimation
- * technique can produce a qh that is too large (never too small), leading
- * to r which is too small. In that case, decrement the digit qh, add
- * shifted dh to r (to correct for that error), and subtract dl from the
- * product we're comparing r with. That's the "correct" way to do it, but
- * just adding dl to r instead of subtracting it from the product is
- * equivalent and a lot simpler. You just have to watch out for overflow.
- *
- * The process is repeated with (rrrr rrrr nl.l) for the low digit of the
- * quotient ql.
- *
- * The various uses of 16/2 for shifts are because of the note about
- * automatic editing of this file at the very top of the file.
- */
-#define highhalf(x) ( (x) >> 16/2 )
-#define lowhalf(x) ( (x) & (((BNWORD16)1 << 16/2)-1) )
-BNWORD16
-lbnDiv21_16(BNWORD16 *q, BNWORD16 nh, BNWORD16 nl, BNWORD16 d)
-{
- BNWORD16 dh = highhalf(d), dl = lowhalf(d);
- BNWORD16 qh, ql, prod, r;
-
- /* Divisor must be normalized */
- assert((d >> (16-1)) == 1);
-
- /* Do first half-word of division */
- qh = nh / dh;
- r = nh % dh;
- prod = qh * dl;
-
- /*
- * Add next half-word of numerator to remainder and correct.
- * qh may be up to two too large.
- */
- r = (r << (16/2)) | highhalf(nl);
- if (r < prod) {
- --qh; r += d;
- if (r >= d && r < prod) {
- --qh; r += d;
- }
- }
- r -= prod;
-
- /* Do second half-word of division */
- ql = r / dh;
- r = r % dh;
- prod = ql * dl;
-
- r = (r << (16/2)) | lowhalf(nl);
- if (r < prod) {
- --ql; r += d;
- if (r >= d && r < prod) {
- --ql; r += d;
- }
- }
- r -= prod;
-
- *q = (qh << (16/2)) | ql;
-
- return r;
-}
-#endif
-#endif /* lbnDiv21_16 */
-
-
-/*
- * In the division functions, the dividend and divisor are referred to
- * as "n" and "d", which stand for "numerator" and "denominator".
- *
- * The quotient is (nlen-dlen+1) digits long. It may be overlapped with
- * the high (nlen-dlen) words of the dividend, but one extra word is needed
- * on top to hold the top word.
- */
-
-/*
- * Divide an n-word number by a 1-word number, storing the remainder
- * and n-1 words of the n-word quotient. The high word is returned.
- * It IS legal for rem to point to the same address as n, and for
- * q to point one word higher.
- *
- * TODO: If BN_SLOW_DIVIDE_32, add a divnhalf_16 which uses 16-bit
- * dividends if the divisor is half that long.
- * TODO: Shift the dividend on the fly to avoid the last division and
- * instead have a remainder that needs shifting.
- * TODO: Use reciprocals rather than dividing.
- */
-#ifndef lbnDiv1_16
-BNWORD16
-lbnDiv1_16(BNWORD16 *q, BNWORD16 *rem, BNWORD16 const *n, unsigned len,
- BNWORD16 d)
-{
- unsigned shift;
- unsigned xlen;
- BNWORD16 r;
- BNWORD16 qhigh;
-
- assert(len > 0);
- assert(d);
-
- if (len == 1) {
- r = *n;
- *rem = r%d;
- return r/d;
- }
-
- shift = 0;
- r = d;
- xlen = 16/2;
- do {
- if (r >> xlen)
- r >>= xlen;
- else
- shift += xlen;
- } while ((xlen /= 2) != 0);
- assert((d >> (16-1-shift)) == 1);
- d <<= shift;
-
- BIGLITTLE(q -= len-1,q += len-1);
- BIGLITTLE(n -= len,n += len);
-
- r = BIGLITTLE(*n++,*--n);
- if (r < d) {
- qhigh = 0;
- } else {
- qhigh = r/d;
- r %= d;
- }
-
- xlen = len;
- while (--xlen)
- r = lbnDiv21_16(BIGLITTLE(q++,--q), r, BIGLITTLE(*n++,*--n), d);
-
- /*
- * Final correction for shift - shift the quotient up "shift"
- * bits, and merge in the extra bits of quotient. Then reduce
- * the final remainder mod the real d.
- */
- if (shift) {
- d >>= shift;
- qhigh = (qhigh << shift) | lbnLshift_16(q, len-1, shift);
- BIGLITTLE(q[-1],*q) |= r/d;
- r %= d;
- }
- *rem = r;
-
- return qhigh;
-}
-#endif
-
-/*
- * This function performs a "quick" modulus of a number with a divisor
- * d which is guaranteed to be at most sixteen bits, i.e. less than 65536.
- * This applies regardless of the word size the library is compiled with.
- *
- * This function is important to prime generation, for sieving.
- */
-#ifndef lbnModQ_16
-/* If there's a custom lbnMod21_16, no normalization needed */
-#ifdef lbnMod21_16
-unsigned
-lbnModQ_16(BNWORD16 const *n, unsigned len, unsigned d)
-{
- unsigned i, shift;
- BNWORD16 r;
-
- assert(len > 0);
-
- BIGLITTLE(n -= len,n += len);
-
- /* Try using a compare to avoid the first divide */
- r = BIGLITTLE(*n++,*--n);
- if (r >= d)
- r %= d;
- while (--len)
- r = lbnMod21_16(r, BIGLITTLE(*n++,*--n), d);
-
- return r;
-}
-#elif defined(BNWORD32) && !BN_SLOW_DIVIDE_32
-unsigned
-lbnModQ_16(BNWORD16 const *n, unsigned len, unsigned d)
-{
- BNWORD16 r;
-
- if (!--len)
- return BIGLITTLE(n[-1],n[0]) % d;
-
- BIGLITTLE(n -= len,n += len);
- r = BIGLITTLE(n[-1],n[0]);
-
- do {
- r = (BNWORD16)((((BNWORD32)r<<16) | BIGLITTLE(*n++,*--n)) % d);
- } while (--len);
-
- return r;
-}
-#elif 16 >= 0x20
-/*
- * If the single word size can hold 65535*65536, then this function
- * is avilable.
- */
-#ifndef highhalf
-#define highhalf(x) ( (x) >> 16/2 )
-#define lowhalf(x) ( (x) & ((1 << 16/2)-1) )
-#endif
-unsigned
-lbnModQ_16(BNWORD16 const *n, unsigned len, unsigned d)
-{
- BNWORD16 r, x;
-
- BIGLITTLE(n -= len,n += len);
-
- r = BIGLITTLE(*n++,*--n);
- while (--len) {
- x = BIGLITTLE(*n++,*--n);
- r = (r%d << 16/2) | highhalf(x);
- r = (r%d << 16/2) | lowhalf(x);
- }
-
- return r%d;
-}
-#else
-/* Default case - use lbnDiv21_16 */
-unsigned
-lbnModQ_16(BNWORD16 const *n, unsigned len, unsigned d)
-{
- unsigned i, shift;
- BNWORD16 r;
- BNWORD16 q;
-
- assert(len > 0);
-
- shift = 0;
- r = d;
- i = 16;
- while (i /= 2) {
- if (r >> i)
- r >>= i;
- else
- shift += i;
- }
- assert(d >> (16-1-shift) == 1);
- d <<= shift;
-
- BIGLITTLE(n -= len,n += len);
-
- r = BIGLITTLE(*n++,*--n);
- if (r >= d)
- r %= d;
-
- while (--len)
- r = lbnDiv21_16(&q, r, BIGLITTLE(*n++,*--n), d);
-
- /*
- * Final correction for shift - shift the quotient up "shift"
- * bits, and merge in the extra bits of quotient. Then reduce
- * the final remainder mod the real d.
- */
- if (shift)
- r %= d >> shift;
-
- return r;
-}
-#endif
-#endif /* lbnModQ_16 */
-
-/*
- * Reduce n mod d and return the quotient. That is, find:
- * q = n / d;
- * n = n % d;
- * d is altered during the execution of this subroutine by normalizing it.
- * It must already have its most significant word non-zero; it is shifted
- * so its most significant bit is non-zero.
- *
- * The quotient q is nlen-dlen+1 words long. To make it possible to
- * overlap the quptient with the input (you can store it in the high dlen
- * words), the high word of the quotient is *not* stored, but is returned.
- * (If all you want is the remainder, you don't care about it, anyway.)
- *
- * This uses algorithm D from Knuth (4.3.1), except that we do binary
- * (shift) normalization of the divisor. WARNING: This is hairy!
- *
- * This function is used for some modular reduction, but it is not used in
- * the modular exponentiation loops; they use Montgomery form and the
- * corresponding, more efficient, Montgomery reduction. This code
- * is needed for the conversion to Montgomery form, however, so it
- * has to be here and it might as well be reasonably efficient.
- *
- * The overall operation is as follows ("top" and "up" refer to the
- * most significant end of the number; "bottom" and "down", the least):
- *
- * - Shift the divisor up until the most significant bit is set.
- * - Shift the dividend up the same amount. This will produce the
- * correct quotient, and the remainder can be recovered by shifting
- * it back down the same number of bits. This may produce an overflow
- * word, but the word is always strictly less than the most significant
- * divisor word.
- * - Estimate the first quotient digit qhat:
- * - First take the top two words (one of which is the overflow) of the
- * dividend and divide by the top word of the divisor:
- * qhat = (nh,nm)/dh. This qhat is >= the correct quotient digit
- * and, since dh is normalized, it is at most two over.
- * - Second, correct by comparing the top three words. If
- * (dh,dl) * qhat > (nh,nm,ml), decrease qhat and try again.
- * The second iteration can be simpler because there can't be a third.
- * The computation can be simplified by subtracting dh*qhat from
- * both sides, suitably shifted. This reduces the left side to
- * dl*qhat. On the right, (nh,nm)-dh*qhat is simply the
- * remainder r from (nh,nm)%dh, so the right is (r,nl).
- * This produces qhat that is almost always correct and at
- * most (prob ~ 2/2^16) one too high.
- * - Subtract qhat times the divisor (suitably shifted) from the dividend.
- * If there is a borrow, qhat was wrong, so decrement it
- * and add the divisor back in (once).
- * - Store the final quotient digit qhat in the quotient array q.
- *
- * Repeat the quotient digit computation for successive digits of the
- * quotient until the whole quotient has been computed. Then shift the
- * divisor and the remainder down to correct for the normalization.
- *
- * TODO: Special case 2-word divisors.
- * TODO: Use reciprocals rather than dividing.
- */
-#ifndef divn_16
-BNWORD16
-lbnDiv_16(BNWORD16 *q, BNWORD16 *n, unsigned nlen, BNWORD16 *d, unsigned dlen)
-{
- BNWORD16 nh,nm,nl; /* Top three words of the dividend */
- BNWORD16 dh,dl; /* Top two words of the divisor */
- BNWORD16 qhat; /* Extimate of quotient word */
- BNWORD16 r; /* Remainder from quotient estimate division */
- BNWORD16 qhigh; /* High word of quotient */
- unsigned i; /* Temp */
- unsigned shift; /* Bits shifted by normalization */
- unsigned qlen = nlen-dlen; /* Size of quotient (less 1) */
-#ifdef mul16_ppmm
- BNWORD16 t16;
-#elif defined(BNWORD32)
- BNWORD32 t32;
-#else /* use lbnMulN1_16 */
- BNWORD16 t2[2];
-#define t2high BIGLITTLE(t2[0],t2[1])
-#define t2low BIGLITTLE(t2[1],t2[0])
-#endif
-
- assert(dlen);
- assert(nlen >= dlen);
-
- /*
- * Special cases for short divisors. The general case uses the
- * top top 2 digits of the divisor (d) to estimate a quotient digit,
- * so it breaks if there are fewer digits available. Thus, we need
- * special cases for a divisor of length 1. A divisor of length
- * 2 can have a *lot* of administrivia overhead removed removed,
- * so it's probably worth special-casing that case, too.
- */
- if (dlen == 1)
- return lbnDiv1_16(q, BIGLITTLE(n-1,n), n, nlen,
- BIGLITTLE(d[-1],d[0]));
-
-#if 0
- /*
- * @@@ This is not yet written... The general loop will do,
- * albeit less efficiently
- */
- if (dlen == 2) {
- /*
- * divisor two digits long:
- * use the 3/2 technique from Knuth, but we know
- * it's exact.
- */
- dh = BIGLITTLE(d[-1],d[0]);
- dl = BIGLITTLE(d[-2],d[1]);
- shift = 0;
- if ((sh & ((BNWORD16)1 << 16-1-shift)) == 0) {
- do {
- shift++;
- } while (dh & (BNWORD16)1<<16-1-shift) == 0);
- dh = dh << shift | dl >> (16-shift);
- dl <<= shift;
-
-
- }
-
-
- for (shift = 0; (dh & (BNWORD16)1 << 16-1-shift)) == 0; shift++)
- ;
- if (shift) {
- }
- dh = dh << shift | dl >> (16-shift);
- shift = 0;
- while (dh
- }
-#endif
-
- dh = BIGLITTLE(*(d-dlen),*(d+(dlen-1)));
- assert(dh);
-
- /* Normalize the divisor */
- shift = 0;
- r = dh;
- i = 16/2;
- do {
- if (r >> i)
- r >>= i;
- else
- shift += i;
- } while ((i /= 2) != 0);
-
- nh = 0;
- if (shift) {
- lbnLshift_16(d, dlen, shift);
- dh = BIGLITTLE(*(d-dlen),*(d+(dlen-1)));
- nh = lbnLshift_16(n, nlen, shift);
- }
-
- /* Assert that dh is now normalized */
- assert(dh >> (16-1));
-
- /* Also get the second-most significant word of the divisor */
- dl = BIGLITTLE(*(d-(dlen-1)),*(d+(dlen-2)));
-
- /*
- * Adjust pointers: n to point to least significant end of first
- * first subtract, and q to one the most-significant end of the
- * quotient array.
- */
- BIGLITTLE(n -= qlen,n += qlen);
- BIGLITTLE(q -= qlen,q += qlen);
-
- /* Fetch the most significant stored word of the dividend */
- nm = BIGLITTLE(*(n-dlen),*(n+(dlen-1)));
-
- /*
- * Compute the first digit of the quotient, based on the
- * first two words of the dividend (the most significant of which
- * is the overflow word h).
- */
- if (nh) {
- assert(nh < dh);
- r = lbnDiv21_16(&qhat, nh, nm, dh);
- } else if (nm >= dh) {
- qhat = nm/dh;
- r = nm % dh;
- } else { /* Quotient is zero */
- qhigh = 0;
- goto divloop;
- }
-
- /* Now get the third most significant word of the dividend */
- nl = BIGLITTLE(*(n-(dlen-1)),*(n+(dlen-2)));
-
- /*
- * Correct qhat, the estimate of quotient digit.
- * qhat can only be high, and at most two words high,
- * so the loop can be unrolled and abbreviated.
- */
-#ifdef mul16_ppmm
- mul16_ppmm(nm, t16, qhat, dl);
- if (nm > r || (nm == r && t16 > nl)) {
- /* Decrement qhat and adjust comparison parameters */
- qhat--;
- if ((r += dh) >= dh) {
- nm -= (t16 < dl);
- t16 -= dl;
- if (nm > r || (nm == r && t16 > nl))
- qhat--;
- }
- }
-#elif defined(BNWORD32)
- t32 = (BNWORD32)qhat * dl;
- if (t32 > ((BNWORD32)r << 16) + nl) {
- /* Decrement qhat and adjust comparison parameters */
- qhat--;
- if ((r += dh) > dh) {
- t32 -= dl;
- if (t32 > ((BNWORD32)r << 16) + nl)
- qhat--;
- }
- }
-#else /* Use lbnMulN1_16 */
- lbnMulN1_16(BIGLITTLE(t2+2,t2), &dl, 1, qhat);
- if (t2high > r || (t2high == r && t2low > nl)) {
- /* Decrement qhat and adjust comparison parameters */
- qhat--;
- if ((r += dh) >= dh) {
- t2high -= (t2low < dl);
- t2low -= dl;
- if (t2high > r || (t2high == r && t2low > nl))
- qhat--;
- }
- }
-#endif
-
- /* Do the multiply and subtract */
- r = lbnMulSub1_16(n, d, dlen, qhat);
- /* If there was a borrow, add back once. */
- if (r > nh) { /* Borrow? */
- (void)lbnAddN_16(n, d, dlen);
- qhat--;
- }
-
- /* Remember the first quotient digit. */
- qhigh = qhat;
-
- /* Now, the main division loop: */
-divloop:
- while (qlen--) {
-
- /* Advance n */
- nh = BIGLITTLE(*(n-dlen),*(n+(dlen-1)));
- BIGLITTLE(++n,--n);
- nm = BIGLITTLE(*(n-dlen),*(n+(dlen-1)));
-
- if (nh == dh) {
- qhat = ~(BNWORD16)0;
- /* Optimized computation of r = (nh,nm) - qhat * dh */
- r = nh + nm;
- if (r < nh)
- goto subtract;
- } else {
- assert(nh < dh);
- r = lbnDiv21_16(&qhat, nh, nm, dh);
- }
-
- nl = BIGLITTLE(*(n-(dlen-1)),*(n+(dlen-2)));
-#ifdef mul16_ppmm
- mul16_ppmm(nm, t16, qhat, dl);
- if (nm > r || (nm == r && t16 > nl)) {
- /* Decrement qhat and adjust comparison parameters */
- qhat--;
- if ((r += dh) >= dh) {
- nm -= (t16 < dl);
- t16 -= dl;
- if (nm > r || (nm == r && t16 > nl))
- qhat--;
- }
- }
-#elif defined(BNWORD32)
- t32 = (BNWORD32)qhat * dl;
- if (t32 > ((BNWORD32)r<<16) + nl) {
- /* Decrement qhat and adjust comparison parameters */
- qhat--;
- if ((r += dh) >= dh) {
- t32 -= dl;
- if (t32 > ((BNWORD32)r << 16) + nl)
- qhat--;
- }
- }
-#else /* Use lbnMulN1_16 */
- lbnMulN1_16(BIGLITTLE(t2+2,t2), &dl, 1, qhat);
- if (t2high > r || (t2high == r && t2low > nl)) {
- /* Decrement qhat and adjust comparison parameters */
- qhat--;
- if ((r += dh) >= dh) {
- t2high -= (t2low < dl);
- t2low -= dl;
- if (t2high > r || (t2high == r && t2low > nl))
- qhat--;
- }
- }
-#endif
-
- /*
- * As a point of interest, note that it is not worth checking
- * for qhat of 0 or 1 and installing special-case code. These
- * occur with probability 2^-16, so spending 1 cycle to check
- * for them is only worth it if we save more than 2^15 cycles,
- * and a multiply-and-subtract for numbers in the 1024-bit
- * range just doesn't take that long.
- */
-subtract:
- /*
- * n points to the least significant end of the substring
- * of n to be subtracted from. qhat is either exact or
- * one too large. If the subtract gets a borrow, it was
- * one too large and the divisor is added back in. It's
- * a dlen+1 word add which is guaranteed to produce a
- * carry out, so it can be done very simply.
- */
- r = lbnMulSub1_16(n, d, dlen, qhat);
- if (r > nh) { /* Borrow? */
- (void)lbnAddN_16(n, d, dlen);
- qhat--;
- }
- /* Store the quotient digit */
- BIGLITTLE(*q++,*--q) = qhat;
- }
- /* Tah dah! */
-
- if (shift) {
- lbnRshift_16(d, dlen, shift);
- lbnRshift_16(n, dlen, shift);
- }
-
- return qhigh;
-}
-#endif
-
-/*
- * Find the negative multiplicative inverse of x (x must be odd!) modulo 2^16.
- *
- * This just performs Newton's iteration until it gets the
- * inverse. The initial estimate is always correct to 3 bits, and
- * sometimes 4. The number of valid bits doubles each iteration.
- * (To prove it, assume x * y == 1 (mod 2^n), and introduce a variable
- * for the error mod 2^2n. x * y == 1 + k*2^n (mod 2^2n) and follow
- * the iteration through.)
- */
-#ifndef lbnMontInv1_16
-BNWORD16
-lbnMontInv1_16(BNWORD16 const x)
-{
- BNWORD16 y = x, z;
-
- assert(x & 1);
-
- while ((z = x*y) != 1)
- y *= 2 - z;
- return -y;
-}
-#endif /* !lbnMontInv1_16 */
-
-#if defined(BNWORD32) && PRODUCT_SCAN
-/*
- * Test code for product-scanning Montgomery reduction.
- * This seems to slow the C code down rather than speed it up.
- *
- * The first loop computes the Montgomery multipliers, storing them over
- * the low half of the number n.
- *
- * The second half multiplies the upper half, adding in the modulus
- * times the Montgomery multipliers. The results of this multiply
- * are stored.
- */
-void
-lbnMontReduce_16(BNWORD16 *n, BNWORD16 const *mod, unsigned mlen, BNWORD16 inv)
-{
- BNWORD32 x, y;
- BNWORD16 const *pm;
- BNWORD16 *pn;
- BNWORD16 t;
- unsigned carry;
- unsigned i, j;
-
- /* Special case of zero */
- if (!mlen)
- return;
-
- /* Pass 1 - compute Montgomery multipliers */
- /* First iteration can have certain simplifications. */
- t = BIGLITTLE(n[-1],n[0]);
- x = t;
- t *= inv;
- BIGLITTLE(n[-1], n[0]) = t;
- x += (BNWORD32)t * BIGLITTLE(mod[-1],mod[0]); /* Can't overflow */
- assert((BNWORD16)x == 0);
- x = x >> 16;
-
- for (i = 1; i < mlen; i++) {
- carry = 0;
- pn = n;
- pm = BIGLITTLE(mod-i-1,mod+i+1);
- for (j = 0; j < i; j++) {
- y = (BNWORD32)BIGLITTLE(*--pn * *pm++, *pn++ * *--pm);
- x += y;
- carry += (x < y);
- }
- assert(BIGLITTLE(pn == n-i, pn == n+i));
- y = t = BIGLITTLE(pn[-1], pn[0]);
- x += y;
- carry += (x < y);
- BIGLITTLE(pn[-1], pn[0]) = t = inv * (BNWORD16)x;
- assert(BIGLITTLE(pm == mod-1, pm == mod+1));
- y = (BNWORD32)t * BIGLITTLE(pm[0],pm[-1]);
- x += y;
- carry += (x < y);
- assert((BNWORD16)x == 0);
- x = x >> 16 | (BNWORD32)carry << 16;
- }
-
- BIGLITTLE(n -= mlen, n += mlen);
-
- /* Pass 2 - compute upper words and add to n */
- for (i = 1; i < mlen; i++) {
- carry = 0;
- pm = BIGLITTLE(mod-i,mod+i);
- pn = n;
- for (j = i; j < mlen; j++) {
- y = (BNWORD32)BIGLITTLE(*--pm * *pn++, *pm++ * *--pn);
- x += y;
- carry += (x < y);
- }
- assert(BIGLITTLE(pm == mod-mlen, pm == mod+mlen));
- assert(BIGLITTLE(pn == n+mlen-i, pn == n-mlen+i));
- y = t = BIGLITTLE(*(n-i),*(n+i-1));
- x += y;
- carry += (x < y);
- BIGLITTLE(*(n-i),*(n+i-1)) = (BNWORD16)x;
- x = (x >> 16) | (BNWORD32)carry << 16;
- }
-
- /* Last round of second half, simplified. */
- t = BIGLITTLE(*(n-mlen),*(n+mlen-1));
- x += t;
- BIGLITTLE(*(n-mlen),*(n+mlen-1)) = (BNWORD16)x;
- carry = (unsigned)(x >> 16);
-
- while (carry)
- carry -= lbnSubN_16(n, mod, mlen);
- while (lbnCmp_16(n, mod, mlen) >= 0)
- (void)lbnSubN_16(n, mod, mlen);
-}
-#define lbnMontReduce_16 lbnMontReduce_16
-#endif
-
-/*
- * Montgomery reduce n, modulo mod. This reduces modulo mod and divides by
- * 2^(16*mlen). Returns the result in the *top* mlen words of the argument n.
- * This is ready for another multiplication using lbnMul_16.
- *
- * Montgomery representation is a very useful way to encode numbers when
- * you're doing lots of modular reduction. What you do is pick a multiplier
- * R which is relatively prime to the modulus and very easy to divide by.
- * Since the modulus is odd, R is closen as a power of 2, so the division
- * is a shift. In fact, it's a shift of an integral number of words,
- * so the shift can be implicit - just drop the low-order words.
- *
- * Now, choose R *larger* than the modulus m, 2^(16*mlen). Then convert
- * all numbers a, b, etc. to Montgomery form M(a), M(b), etc using the
- * relationship M(a) = a*R mod m, M(b) = b*R mod m, etc. Note that:
- * - The Montgomery form of a number depends on the modulus m.
- * A fixed modulus m is assumed throughout this discussion.
- * - Since R is relaitvely prime to m, multiplication by R is invertible;
- * no information about the numbers is lost, they're just scrambled.
- * - Adding (and subtracting) numbers in this form works just as usual.
- * M(a+b) = (a+b)*R mod m = (a*R + b*R) mod m = (M(a) + M(b)) mod m
- * - Multiplying numbers in this form produces a*b*R*R. The problem
- * is to divide out the excess factor of R, modulo m as well as to
- * reduce to the given length mlen. It turns out that this can be
- * done *faster* than a normal divide, which is where the speedup
- * in Montgomery division comes from.
- *
- * Normal reduction chooses a most-significant quotient digit q and then
- * subtracts q*m from the number to be reduced. Choosing q is tricky
- * and involved (just look at lbnDiv_16 to see!) and is usually
- * imperfect, requiring a check for correction after the subtraction.
- *
- * Montgomery reduction *adds* a multiple of m to the *low-order* part
- * of the number to be reduced. This multiple is chosen to make the
- * low-order part of the number come out to zero. This can be done
- * with no trickery or error using a precomputed inverse of the modulus.
- * In this code, the "part" is one word, but any width can be used.
- *
- * Repeating this step sufficiently often results in a value which
- * is a multiple of R (a power of two, remember) but is still (since
- * the additions were to the low-order part and thus did not increase
- * the value of the number being reduced very much) still not much
- * larger than m*R. Then implicitly divide by R and subtract off
- * m until the result is in the correct range.
- *
- * Since the low-order part being cancelled is less than R, the
- * multiple of m added must have a multiplier which is at most R-1.
- * Assuming that the input is at most m*R-1, the final number is
- * at most m*(2*R-1)-1 = 2*m*R - m - 1, so subtracting m once from
- * the high-order part, equivalent to subtracting m*R from the
- * while number, produces a result which is at most m*R - m - 1,
- * which divided by R is at most m-1.
- *
- * To convert *to* Montgomery form, you need a regular remainder
- * routine, although you can just compute R*R (mod m) and do the
- * conversion using Montgomery multiplication. To convert *from*
- * Montgomery form, just Montgomery reduce the number to
- * remove the extra factor of R.
- *
- * TODO: Change to a full inverse and use Karatsuba's multiplication
- * rather than this word-at-a-time.
- */
-#ifndef lbnMontReduce_16
-void
-lbnMontReduce_16(BNWORD16 *n, BNWORD16 const *mod, unsigned const mlen,
- BNWORD16 inv)
-{
- BNWORD16 t;
- BNWORD16 c = 0;
- unsigned len = mlen;
-
- /* inv must be the negative inverse of mod's least significant word */
- assert((BNWORD16)(inv * BIGLITTLE(mod[-1],mod[0])) == (BNWORD16)-1);
-
- assert(len);
-
- do {
- t = lbnMulAdd1_16(n, mod, mlen, (BNWORD16)(inv * BIGLITTLE(n[-1],n[0])));
- c += lbnAdd1_16(BIGLITTLE(n-mlen,n+mlen), len, t);
- BIGLITTLE(--n,++n);
- } while (--len);
-
- /*
- * All that adding can cause an overflow past the modulus size,
- * but it's unusual, and never by much, so a subtraction loop
- * is the right way to deal with it.
- * This subtraction happens infrequently - I've only ever seen it
- * invoked once per reduction, and then just under 22.5% of the time.
- */
- while (c)
- c -= lbnSubN_16(n, mod, mlen);
- while (lbnCmp_16(n, mod, mlen) >= 0)
- (void)lbnSubN_16(n, mod, mlen);
-}
-#endif /* !lbnMontReduce_16 */
-
-/*
- * A couple of helpers that you might want to implement atomically
- * in asm sometime.
- */
-#ifndef lbnMontMul_16
-/*
- * Multiply "num1" by "num2", modulo "mod", all of length "len", and
- * place the result in the high half of "prod". "inv" is the inverse
- * of the least-significant word of the modulus, modulo 2^16.
- * This uses numbers in Montgomery form. Reduce using "len" and "inv".
- *
- * This is implemented as a macro to win on compilers that don't do
- * inlining, since it's so trivial.
- */
-#define lbnMontMul_16(prod, n1, n2, mod, len, inv) \
- (lbnMulX_16(prod, n1, n2, len), lbnMontReduce_16(prod, mod, len, inv))
-#endif /* !lbnMontMul_16 */
-
-#ifndef lbnMontSquare_16
-/*
- * Square "num", modulo "mod", both of length "len", and place the result
- * in the high half of "prod". "inv" is the inverse of the least-significant
- * word of the modulus, modulo 2^16.
- * This uses numbers in Montgomery form. Reduce using "len" and "inv".
- *
- * This is implemented as a macro to win on compilers that don't do
- * inlining, since it's so trivial.
- */
-#define lbnMontSquare_16(prod, n, mod, len, inv) \
- (lbnSquare_16(prod, n, len), lbnMontReduce_16(prod, mod, len, inv))
-
-#endif /* !lbnMontSquare_16 */
-
-/*
- * Convert a number to Montgomery form - requires mlen + nlen words
- * of memory in "n".
- */
-void
-lbnToMont_16(BNWORD16 *n, unsigned nlen, BNWORD16 *mod, unsigned mlen)
-{
- /* Move n up "mlen" words */
- lbnCopy_16(BIGLITTLE(n-mlen,n+mlen), n, nlen);
- lbnZero_16(n, mlen);
- /* Do the division - dump the quotient in the high-order words */
- (void)lbnDiv_16(BIGLITTLE(n-mlen,n+mlen), n, mlen+nlen, mod, mlen);
-}
-
-/*
- * Convert from Montgomery form. Montgomery reduction is all that is
- * needed.
- */
-void
-lbnFromMont_16(BNWORD16 *n, BNWORD16 *mod, unsigned len)
-{
- /* Zero the high words of n */
- lbnZero_16(BIGLITTLE(n-len,n+len), len);
- lbnMontReduce_16(n, mod, len, lbnMontInv1_16(BIGLITTLE(mod[-1],mod[0])));
- /* Move n down len words */
- lbnCopy_16(n, BIGLITTLE(n-len,n+len), len);
-}
-
-/*
- * The windowed exponentiation algorithm, precomputes a table of odd
- * powers of n up to 2^k. It takes 2^(k-1)-1 multiplies to compute
- * the table, and (e-1)/(k+1) multiplies (on average) to perform the
- * exponentiation. To minimize the sum, k must vary with e.
- * The optimal window sizes vary with the exponent length. Here are
- * some selected values and the boundary cases.
- * (An underscore _ has been inserted into some of the numbers to ensure
- * that magic strings like 16 do not appear in this table. It should be
- * ignored.)
- *
- * At e = 1 bits, k=1 (0.000000) is best.
- * At e = 2 bits, k=1 (0.500000) is best.
- * At e = 4 bits, k=1 (1.500000) is best.
- * At e = 8 bits, k=2 (3.333333) < k=1 (3.500000)
- * At e = 1_6 bits, k=2 (6.000000) is best.
- * At e = 26 bits, k=3 (9.250000) < k=2 (9.333333)
- * At e = 3_2 bits, k=3 (10.750000) is best.
- * At e = 6_4 bits, k=3 (18.750000) is best.
- * At e = 82 bits, k=4 (23.200000) < k=3 (23.250000)
- * At e = 128 bits, k=4 (3_2.400000) is best.
- * At e = 242 bits, k=5 (55.1_66667) < k=4 (55.200000)
- * At e = 256 bits, k=5 (57.500000) is best.
- * At e = 512 bits, k=5 (100.1_66667) is best.
- * At e = 674 bits, k=6 (127.142857) < k=5 (127.1_66667)
- * At e = 1024 bits, k=6 (177.142857) is best.
- * At e = 1794 bits, k=7 (287.125000) < k=6 (287.142857)
- * At e = 2048 bits, k=7 (318.875000) is best.
- * At e = 4096 bits, k=7 (574.875000) is best.
- *
- * The numbers in parentheses are the expected number of multiplications
- * needed to do the computation. The normal russian-peasant modular
- * exponentiation technique always uses (e-1)/2. For exponents as
- * small as 192 bits (below the range of current factoring algorithms),
- * half of the multiplies are eliminated, 45.2 as opposed to the naive
- * 95.5. Counting the 191 squarings as 3/4 a multiply each (squaring
- * proper is just over half of multiplying, but the Montgomery
- * reduction in each case is also a multiply), that's 143.25
- * multiplies, for totals of 188.45 vs. 238.75 - a 21% savings.
- * For larger exponents (like 512 bits), it's 483.92 vs. 639.25, a
- * 24.3% savings. It asymptotically approaches 25%.
- *
- * Given that exponents for which k>7 are useful are uncommon,
- * a fixed size table for k <= 7 is used for simplicity.
- * k = 8 is uzeful at 4610 bits, k = 9 at 11522 bits.
- *
- * The basic number of squarings needed is e-1, although a k-bit
- * window (for k > 1) can save, on average, k-2 of those, too.
- * That savings currently isn't counted here. It would drive the
- * crossover points slightly lower.
- * (Actually, this win is also reduced in the DoubleExpMod case,
- * meaning we'd have to split the tables. Except for that, the
- * multiplies by powers of the two bases are independent, so
- * the same logic applies to each as the single case.)
- *
- * Table entry i is the largest number of bits in an exponent to
- * process with a window size of i+1. So the window never goes above 7
- * bits, requiring 2^(7-1) = 0x40 precomputed multiples.
- */
-#define BNEXPMOD_MAX_WINDOW 7
-static unsigned const bnExpModThreshTable[BNEXPMOD_MAX_WINDOW] = {
- 7, 25, 81, 241, 673, 1793, (unsigned)-1
-};
-
-/*
- * Perform modular exponentiation, as fast as possible! This uses
- * Montgomery reduction, optimized squaring, and windowed exponentiation.
- * The modulus "mod" MUST be odd!
- *
- * This returns 0 on success, -1 on out of memory.
- *
- * The window algorithm:
- * The idea is to keep a running product of b1 = n^(high-order bits of exp),
- * and then keep appending exponent bits to it. The following patterns
- * apply to a 3-bit window (k = 3):
- * To append 0: square
- * To append 1: square, multiply by n^1
- * To append 10: square, multiply by n^1, square
- * To append 11: square, square, multiply by n^3
- * To append 100: square, multiply by n^1, square, square
- * To append 101: square, square, square, multiply by n^5
- * To append 110: square, square, multiply by n^3, square
- * To append 111: square, square, square, multiply by n^7
- *
- * Since each pattern involves only one multiply, the longer the pattern
- * the better, except that a 0 (no multiplies) can be appended directly.
- * We precompute a table of odd powers of n, up to 2^k, and can then
- * multiply k bits of exponent at a time. Actually, assuming random
- * exponents, there is on average one zero bit between needs to
- * multiply (1/2 of the time there's none, 1/4 of the time there's 1,
- * 1/8 of the time, there's 2, 1/16 of the time, there's 3, etc.), so
- * you have to do one multiply per k+1 bits of exponent.
- *
- * The loop walks down the exponent, squaring the result buffer as
- * it goes. There is a wbits+1 bit lookahead buffer, buf, that is
- * filled with the upcoming exponent bits. (What is read after the
- * end of the exponent is unimportant, but it is filled with zero here.)
- * When the most-significant bit of this buffer becomes set, i.e.
- * (buf & tblmask) != 0, we have to decide what pattern to multiply
- * by, and when to do it. We decide, remember to do it in future
- * after a suitable number of squarings have passed (e.g. a pattern
- * of "100" in the buffer requires that we multiply by n^1 immediately;
- * a pattern of "110" calls for multiplying by n^3 after one more
- * squaring), clear the buffer, and continue.
- *
- * When we start, there is one more optimization: the result buffer
- * is implcitly one, so squaring it or multiplying by it can be
- * optimized away. Further, if we start with a pattern like "100"
- * in the lookahead window, rather than placing n into the buffer
- * and then starting to square it, we have already computed n^2
- * to compute the odd-powers table, so we can place that into
- * the buffer and save a squaring.
- *
- * This means that if you have a k-bit window, to compute n^z,
- * where z is the high k bits of the exponent, 1/2 of the time
- * it requires no squarings. 1/4 of the time, it requires 1
- * squaring, ... 1/2^(k-1) of the time, it reqires k-2 squarings.
- * And the remaining 1/2^(k-1) of the time, the top k bits are a
- * 1 followed by k-1 0 bits, so it again only requires k-2
- * squarings, not k-1. The average of these is 1. Add that
- * to the one squaring we have to do to compute the table,
- * and you'll see that a k-bit window saves k-2 squarings
- * as well as reducing the multiplies. (It actually doesn't
- * hurt in the case k = 1, either.)
- *
- * n must have mlen words allocated. Although fewer may be in use
- * when n is passed in, all are in use on exit.
- */
-int
-lbnExpMod_16(BNWORD16 *result, BNWORD16 const *n, unsigned nlen,
- BNWORD16 const *e, unsigned elen, BNWORD16 *mod, unsigned mlen)
-{
- BNWORD16 *table[1 << (BNEXPMOD_MAX_WINDOW-1)];
- /* Table of odd powers of n */
- unsigned ebits; /* Exponent bits */
- unsigned wbits; /* Window size */
- unsigned tblmask; /* Mask of exponentiation window */
- BNWORD16 bitpos; /* Mask of current look-ahead bit */
- unsigned buf; /* Buffer of exponent bits */
- unsigned multpos; /* Where to do pending multiply */
- BNWORD16 const *mult; /* What to multiply by */
- unsigned i; /* Loop counter */
- int isone; /* Flag: accum. is implicitly one */
- BNWORD16 *a, *b; /* Working buffers/accumulators */
- BNWORD16 *t; /* Pointer into the working buffers */
- BNWORD16 inv; /* mod^-1 modulo 2^16 */
-
- assert(mlen);
- assert(nlen <= mlen);
-
- /* First, a couple of trivial cases. */
- elen = lbnNorm_16(e, elen);
- if (!elen) {
- /* x ^ 0 == 1 */
- lbnZero_16(result, mlen);
- BIGLITTLE(result[-1],result[0]) = 1;
- return 0;
- }
- ebits = lbnBits_16(e, elen);
- if (ebits == 1) {
- /* x ^ 1 == x */
- if (n != result)
- lbnCopy_16(result, n, nlen);
- if (mlen > nlen)
- lbnZero_16(BIGLITTLE(result-nlen,result+nlen),
- mlen-nlen);
- return 0;
- }
-
- /* Okay, now move the exponent pointer to the most-significant word */
- e = BIGLITTLE(e-elen, e+elen-1);
-
- /* Look up appropriate k-1 for the exponent - tblmask = 1<<(k-1) */
- wbits = 0;
- while (ebits > bnExpModThreshTable[wbits])
- wbits++;
-
- /* Allocate working storage: two product buffers and the tables. */
- LBNALLOC(a, 2*mlen);
- if (!a)
- return -1;
- LBNALLOC(b, 2*mlen);
- if (!b) {
- LBNFREE(a, 2*mlen);
- return -1;
- }
-
- /* Convert to the appropriate table size: tblmask = 1<<(k-1) */
- tblmask = 1u << wbits;
-
- /* We have the result buffer available, so use it. */
- table[0] = result;
-
- /*
- * Okay, we now have a minimal-sized table - expand it.
- * This is allowed to fail! If so, scale back the table size
- * and proceed.
- */
- for (i = 1; i < tblmask; i++) {
- LBNALLOC(t, mlen);
- if (!t) /* Out of memory! Quit the loop. */
- break;
- table[i] = t;
- }
-
- /* If we stopped, with i < tblmask, shrink the tables appropriately */
- while (tblmask > i) {
- wbits--;
- tblmask >>= 1;
- }
- /* Free up our overallocations */
- while (--i > tblmask)
- LBNFREE(table[i], mlen);
-
- /* Okay, fill in the table */
-
- /* Compute the necessary modular inverse */
- inv = lbnMontInv1_16(mod[BIGLITTLE(-1,0)]); /* LSW of modulus */
-
- /* Convert n to Montgomery form */
-
- /* Move n up "mlen" words into a */
- t = BIGLITTLE(a-mlen, a+mlen);
- lbnCopy_16(t, n, nlen);
- lbnZero_16(a, mlen);
- /* Do the division - lose the quotient into the high-order words */
- (void)lbnDiv_16(t, a, mlen+nlen, mod, mlen);
- /* Copy into first table entry */
- lbnCopy_16(table[0], a, mlen);
-
- /* Square a into b */
- lbnMontSquare_16(b, a, mod, mlen, inv);
-
- /* Use high half of b to initialize the table */
- t = BIGLITTLE(b-mlen, b+mlen);
- for (i = 1; i < tblmask; i++) {
- lbnMontMul_16(a, t, table[i-1], mod, mlen, inv);
- lbnCopy_16(table[i], BIGLITTLE(a-mlen, a+mlen), mlen);
- }
-
- /* We might use b = n^2 later... */
-
- /* Initialze the fetch pointer */
- bitpos = (BNWORD16)1 << ((ebits-1) & (16-1)); /* Initialize mask */
-
- /* This should point to the msbit of e */
- assert((*e & bitpos) != 0);
-
- /*
- * Pre-load the window. Becuase the window size is
- * never larger than the exponent size, there is no need to
- * detect running off the end of e in here.
- *
- * The read-ahead is controlled by elen and the bitpos mask.
- * Note that this is *ahead* of ebits, which tracks the
- * most significant end of the window. The purpose of this
- * initialization is to get the two wbits+1 bits apart,
- * like they should be.
- *
- * Note that bitpos and e1len together keep track of the
- * lookahead read pointer in the exponent that is used here.
- */
- buf = 0;
- for (i = 0; i <= wbits; i++) {
- buf = (buf << 1) | ((*e & bitpos) != 0);
- bitpos >>= 1;
- if (!bitpos) {
- BIGLITTLE(e++,e--);
- bitpos = (BNWORD16)1 << (16-1);
- elen--;
- }
- }
- assert(buf & tblmask);
-
- /*
- * Set the pending multiply positions to a location that will
- * never be encountered, thus ensuring that nothing will happen
- * until the need for a multiply appears and one is scheduled.
- */
- multpos = ebits; /* A NULL value */
- mult = 0; /* Force a crash if we use these */
-
- /*
- * Okay, now begins the real work. The first step is
- * slightly magic, so it's done outside the main loop,
- * but it's very similar to what's inside.
- */
- ebits--; /* Start processing the first bit... */
- isone = 1;
-
- /*
- * This is just like the multiply in the loop, except that
- * - We know the msbit of buf is set, and
- * - We have the extra value n^2 floating around.
- * So, do the usual computation, and if the result is that
- * the buffer should be multiplied by n^1 immediately
- * (which we'd normally then square), we multiply it
- * (which reduces to a copy, which reduces to setting a flag)
- * by n^2 and skip the squaring. Thus, we do the
- * multiply and the squaring in one step.
- */
- assert(buf & tblmask);
- multpos = ebits - wbits;
- while ((buf & 1) == 0) {
- buf >>= 1;
- multpos++;
- }
- /* Intermediates can wrap, but final must NOT */
- assert(multpos <= ebits);
- mult = table[buf>>1];
- buf = 0;
-
- /* Special case: use already-computed value sitting in buffer */
- if (multpos == ebits)
- isone = 0;
-
- /*
- * At this point, the buffer (which is the high half of b) holds
- * either 1 (implicitly, as the "isone" flag is set), or n^2.
- */
-
- /*
- * The main loop. The procedure is:
- * - Advance the window
- * - If the most-significant bit of the window is set,
- * schedule a multiply for the appropriate time in the
- * future (may be immediately)
- * - Perform any pending multiples
- * - Check for termination
- * - Square the buffer
- *
- * At any given time, the acumulated product is held in
- * the high half of b.
- */
- for (;;) {
- ebits--;
-
- /* Advance the window */
- assert(buf < tblmask);
- buf <<= 1;
- /*
- * This reads ahead of the current exponent position
- * (controlled by ebits), so we have to be able to read
- * past the lsb of the exponents without error.
- */
- if (elen) {
- buf |= ((*e & bitpos) != 0);
- bitpos >>= 1;
- if (!bitpos) {
- BIGLITTLE(e++,e--);
- bitpos = (BNWORD16)1 << (16-1);
- elen--;
- }
- }
-
- /* Examine the window for pending multiplies */
- if (buf & tblmask) {
- multpos = ebits - wbits;
- while ((buf & 1) == 0) {
- buf >>= 1;
- multpos++;
- }
- /* Intermediates can wrap, but final must NOT */
- assert(multpos <= ebits);
- mult = table[buf>>1];
- buf = 0;
- }
-
- /* If we have a pending multiply, do it */
- if (ebits == multpos) {
- /* Multiply by the table entry remembered previously */
- t = BIGLITTLE(b-mlen, b+mlen);
- if (isone) {
- /* Multiply by 1 is a trivial case */
- lbnCopy_16(t, mult, mlen);
- isone = 0;
- } else {
- lbnMontMul_16(a, t, mult, mod, mlen, inv);
- /* Swap a and b */
- t = a; a = b; b = t;
- }
- }
-
- /* Are we done? */
- if (!ebits)
- break;
-
- /* Square the input */
- if (!isone) {
- t = BIGLITTLE(b-mlen, b+mlen);
- lbnMontSquare_16(a, t, mod, mlen, inv);
- /* Swap a and b */
- t = a; a = b; b = t;
- }
- } /* for (;;) */
-
- assert(!isone);
- assert(!buf);
-
- /* DONE! */
-
- /* Convert result out of Montgomery form */
- t = BIGLITTLE(b-mlen, b+mlen);
- lbnCopy_16(b, t, mlen);
- lbnZero_16(t, mlen);
- lbnMontReduce_16(b, mod, mlen, inv);
- lbnCopy_16(result, t, mlen);
- /*
- * Clean up - free intermediate storage.
- * Do NOT free table[0], which is the result
- * buffer.
- */
- while (--tblmask)
- LBNFREE(table[tblmask], mlen);
- LBNFREE(b, 2*mlen);
- LBNFREE(a, 2*mlen);
-
- return 0; /* Success */
-}
-
-/*
- * Compute and return n1^e1 * n2^e2 mod "mod".
- * result may be either input buffer, or something separate.
- * It must be "mlen" words long.
- *
- * There is a current position in the exponents, which is kept in e1bits.
- * (The exponents are swapped if necessary so e1 is the longer of the two.)
- * At any given time, the value in the accumulator is
- * n1^(e1>>e1bits) * n2^(e2>>e1bits) mod "mod".
- * As e1bits is counted down, this is updated, by squaring it and doing
- * any necessary multiplies.
- * To decide on the necessary multiplies, two windows, each w1bits+1 bits
- * wide, are maintained in buf1 and buf2, which read *ahead* of the
- * e1bits position (with appropriate handling of the case when e1bits
- * drops below w1bits+1). When the most-significant bit of either window
- * becomes set, indicating that something needs to be multiplied by
- * the accumulator or it will get out of sync, the window is examined
- * to see which power of n1 or n2 to multiply by, and when (possibly
- * later, if the power is greater than 1) the multiply should take
- * place. Then the multiply and its location are remembered and the
- * window is cleared.
- *
- * If we had every power of n1 in the table, the multiply would always
- * be w1bits steps in the future. But we only keep the odd powers,
- * so instead of waiting w1bits squarings and then multiplying
- * by n1^k, we wait w1bits-k squarings and multiply by n1.
- *
- * Actually, w2bits can be less than w1bits, but the window is the same
- * size, to make it easier to keep track of where we're reading. The
- * appropriate number of low-order bits of the window are just ignored.
- */
-int
-lbnDoubleExpMod_16(BNWORD16 *result,
- BNWORD16 const *n1, unsigned n1len,
- BNWORD16 const *e1, unsigned e1len,
- BNWORD16 const *n2, unsigned n2len,
- BNWORD16 const *e2, unsigned e2len,
- BNWORD16 *mod, unsigned mlen)
-{
- BNWORD16 *table1[1 << (BNEXPMOD_MAX_WINDOW-1)];
- /* Table of odd powers of n1 */
- BNWORD16 *table2[1 << (BNEXPMOD_MAX_WINDOW-1)];
- /* Table of odd powers of n2 */
- unsigned e1bits, e2bits; /* Exponent bits */
- unsigned w1bits, w2bits; /* Window sizes */
- unsigned tblmask; /* Mask of exponentiation window */
- BNWORD16 bitpos; /* Mask of current look-ahead bit */
- unsigned buf1, buf2; /* Buffer of exponent bits */
- unsigned mult1pos, mult2pos; /* Where to do pending multiply */
- BNWORD16 const *mult1, *mult2; /* What to multiply by */
- unsigned i; /* Loop counter */
- int isone; /* Flag: accum. is implicitly one */
- BNWORD16 *a, *b; /* Working buffers/accumulators */
- const BNWORD16 *ct; /* Temp pointer */
- BNWORD16 *t; /* Pointer into the working buffers */
- BNWORD16 inv; /* mod^-1 modulo 2^16 */
-
- assert(mlen);
- assert(n1len <= mlen);
- assert(n2len <= mlen);
-
- /* First, a couple of trivial cases. */
- e1len = lbnNorm_16(e1, e1len);
- e2len = lbnNorm_16(e2, e2len);
-
- /* Ensure that the first exponent is the longer */
- e1bits = lbnBits_16(e1, e1len);
- e2bits = lbnBits_16(e2, e2len);
- if (e1bits < e2bits) {
- i = e1len; e1len = e2len; e2len = i;
- i = e1bits; e1bits = e2bits; e2bits = i;
- ct = (const BNWORD16 *)n1; n1 = n2; n2 = ct;
- ct = (const BNWORD16 *)e1; e1 = e2; e2 = ct;
- }
- assert(e1bits >= e2bits);
-
- /* Handle a trivial case */
- if (!e2len)
- return lbnExpMod_16(result, n1, n1len, e1, e1len, mod, mlen);
- assert(e2bits);
-
- /* The code below breaks if the exponents aren't at least 2 bits */
- if (e1bits == 1) {
- assert(e2bits == 1);
-
- LBNALLOC(a, n1len+n2len);
- if (!a)
- return -1;
-
- lbnMul_16(a, n1, n1len, n2, n2len);
- /* Do a direct modular reduction */
- if (n1len + n2len >= mlen)
- (void)lbnDiv_16(a+mlen, a, n1len+n2len, mod, mlen);
- lbnCopy_16(result, a, mlen);
- LBNFREE(a, n1len+n2len);
- return 0;
- }
-
- /* Okay, now move the exponent pointers to the most-significant word */
- e1 = BIGLITTLE(e1-e1len, e1+e1len-1);
- e2 = BIGLITTLE(e2-e2len, e2+e2len-1);
-
- /* Look up appropriate k-1 for the exponent - tblmask = 1<<(k-1) */
- w1bits = 0;
- while (e1bits > bnExpModThreshTable[w1bits])
- w1bits++;
- w2bits = 0;
- while (e2bits > bnExpModThreshTable[w2bits])
- w2bits++;
-
- assert(w1bits >= w2bits);
-
- /* Allocate working storage: two product buffers and the tables. */
- LBNALLOC(a, 2*mlen);
- if (!a)
- return -1;
- LBNALLOC(b, 2*mlen);
- if (!b) {
- LBNFREE(a, 2*mlen);
- return -1;
- }
-
- /* Convert to the appropriate table size: tblmask = 1<<(k-1) */
- tblmask = 1u << w1bits;
- /* Use buf2 for its size, temporarily */
- buf2 = 1u << w2bits;
-
- LBNALLOC(t, mlen);
- if (!t) {
- LBNFREE(b, 2*mlen);
- LBNFREE(a, 2*mlen);
- return -1;
- }
- table1[0] = t;
- table2[0] = result;
-
- /*
- * Okay, we now have some minimal-sized tables - expand them.
- * This is allowed to fail! If so, scale back the table sizes
- * and proceed. We allocate both tables at the same time
- * so if it fails partway through, they'll both be a reasonable
- * size rather than one huge and one tiny.
- * When i passes buf2 (the number of entries in the e2 window,
- * which may be less than the number of entries in the e1 window),
- * stop allocating e2 space.
- */
- for (i = 1; i < tblmask; i++) {
- LBNALLOC(t, mlen);
- if (!t) /* Out of memory! Quit the loop. */
- break;
- table1[i] = t;
- if (i < buf2) {
- LBNALLOC(t, mlen);
- if (!t) {
- LBNFREE(table1[i], mlen);
- break;
- }
- table2[i] = t;
- }
- }
-
- /* If we stopped, with i < tblmask, shrink the tables appropriately */
- while (tblmask > i) {
- w1bits--;
- tblmask >>= 1;
- }
- /* Free up our overallocations */
- while (--i > tblmask) {
- if (i < buf2)
- LBNFREE(table2[i], mlen);
- LBNFREE(table1[i], mlen);
- }
- /* And shrink the second window too, if needed */
- if (w2bits > w1bits) {
- w2bits = w1bits;
- buf2 = tblmask;
- }
-
- /*
- * From now on, use the w2bits variable for the difference
- * between w1bits and w2bits.
- */
- w2bits = w1bits-w2bits;
-
- /* Okay, fill in the tables */
-
- /* Compute the necessary modular inverse */
- inv = lbnMontInv1_16(mod[BIGLITTLE(-1,0)]); /* LSW of modulus */
-
- /* Convert n1 to Montgomery form */
-
- /* Move n1 up "mlen" words into a */
- t = BIGLITTLE(a-mlen, a+mlen);
- lbnCopy_16(t, n1, n1len);
- lbnZero_16(a, mlen);
- /* Do the division - lose the quotient into the high-order words */
- (void)lbnDiv_16(t, a, mlen+n1len, mod, mlen);
- /* Copy into first table entry */
- lbnCopy_16(table1[0], a, mlen);
-
- /* Square a into b */
- lbnMontSquare_16(b, a, mod, mlen, inv);
-
- /* Use high half of b to initialize the first table */
- t = BIGLITTLE(b-mlen, b+mlen);
- for (i = 1; i < tblmask; i++) {
- lbnMontMul_16(a, t, table1[i-1], mod, mlen, inv);
- lbnCopy_16(table1[i], BIGLITTLE(a-mlen, a+mlen), mlen);
- }
-
- /* Convert n2 to Montgomery form */
-
- t = BIGLITTLE(a-mlen, a+mlen);
- /* Move n2 up "mlen" words into a */
- lbnCopy_16(t, n2, n2len);
- lbnZero_16(a, mlen);
- /* Do the division - lose the quotient into the high-order words */
- (void)lbnDiv_16(t, a, mlen+n2len, mod, mlen);
- /* Copy into first table entry */
- lbnCopy_16(table2[0], a, mlen);
-
- /* Square it into a */
- lbnMontSquare_16(a, table2[0], mod, mlen, inv);
- /* Copy to b, low half */
- lbnCopy_16(b, t, mlen);
-
- /* Use b to initialize the second table */
- for (i = 1; i < buf2; i++) {
- lbnMontMul_16(a, b, table2[i-1], mod, mlen, inv);
- lbnCopy_16(table2[i], t, mlen);
- }
-
- /*
- * Okay, a recap: at this point, the low part of b holds
- * n2^2, the high part holds n1^2, and the tables are
- * initialized with the odd powers of n1 and n2 from 1
- * through 2*tblmask-1 and 2*buf2-1.
- *
- * We might use those squares in b later, or we might not.
- */
-
- /* Initialze the fetch pointer */
- bitpos = (BNWORD16)1 << ((e1bits-1) & (16-1)); /* Initialize mask */
-
- /* This should point to the msbit of e1 */
- assert((*e1 & bitpos) != 0);
-
- /*
- * Pre-load the windows. Becuase the window size is
- * never larger than the exponent size, there is no need to
- * detect running off the end of e1 in here.
- *
- * The read-ahead is controlled by e1len and the bitpos mask.
- * Note that this is *ahead* of e1bits, which tracks the
- * most significant end of the window. The purpose of this
- * initialization is to get the two w1bits+1 bits apart,
- * like they should be.
- *
- * Note that bitpos and e1len together keep track of the
- * lookahead read pointer in the exponent that is used here.
- * e2len is not decremented, it is only ever compared with
- * e1len as *that* is decremented.
- */
- buf1 = buf2 = 0;
- for (i = 0; i <= w1bits; i++) {
- buf1 = (buf1 << 1) | ((*e1 & bitpos) != 0);
- if (e1len <= e2len)
- buf2 = (buf2 << 1) | ((*e2 & bitpos) != 0);
- bitpos >>= 1;
- if (!bitpos) {
- BIGLITTLE(e1++,e1--);
- if (e1len <= e2len)
- BIGLITTLE(e2++,e2--);
- bitpos = (BNWORD16)1 << (16-1);
- e1len--;
- }
- }
- assert(buf1 & tblmask);
-
- /*
- * Set the pending multiply positions to a location that will
- * never be encountered, thus ensuring that nothing will happen
- * until the need for a multiply appears and one is scheduled.
- */
- mult1pos = mult2pos = e1bits; /* A NULL value */
- mult1 = mult2 = 0; /* Force a crash if we use these */
-
- /*
- * Okay, now begins the real work. The first step is
- * slightly magic, so it's done outside the main loop,
- * but it's very similar to what's inside.
- */
- isone = 1; /* Buffer is implicitly 1, so replace * by copy */
- e1bits--; /* Start processing the first bit... */
-
- /*
- * This is just like the multiply in the loop, except that
- * - We know the msbit of buf1 is set, and
- * - We have the extra value n1^2 floating around.
- * So, do the usual computation, and if the result is that
- * the buffer should be multiplied by n1^1 immediately
- * (which we'd normally then square), we multiply it
- * (which reduces to a copy, which reduces to setting a flag)
- * by n1^2 and skip the squaring. Thus, we do the
- * multiply and the squaring in one step.
- */
- assert(buf1 & tblmask);
- mult1pos = e1bits - w1bits;
- while ((buf1 & 1) == 0) {
- buf1 >>= 1;
- mult1pos++;
- }
- /* Intermediates can wrap, but final must NOT */
- assert(mult1pos <= e1bits);
- mult1 = table1[buf1>>1];
- buf1 = 0;
-
- /* Special case: use already-computed value sitting in buffer */
- if (mult1pos == e1bits)
- isone = 0;
-
- /*
- * The first multiply by a power of n2. Similar, but
- * we might not even want to schedule a multiply if e2 is
- * shorter than e1, and the window might be shorter so
- * we have to leave the low w2bits bits alone.
- */
- if (buf2 & tblmask) {
- /* Remember low-order bits for later */
- i = buf2 & ((1u << w2bits) - 1);
- buf2 >>= w2bits;
- mult2pos = e1bits - w1bits + w2bits;
- while ((buf2 & 1) == 0) {
- buf2 >>= 1;
- mult2pos++;
- }
- assert(mult2pos <= e1bits);
- mult2 = table2[buf2>>1];
- buf2 = i;
-
- if (mult2pos == e1bits) {
- t = BIGLITTLE(b-mlen, b+mlen);
- if (isone) {
- lbnCopy_16(t, b, mlen); /* Copy low to high */
- isone = 0;
- } else {
- lbnMontMul_16(a, t, b, mod, mlen, inv);
- t = a; a = b; b = t;
- }
- }
- }
-
- /*
- * At this point, the buffer (which is the high half of b)
- * holds either 1 (implicitly, as the "isone" flag is set),
- * n1^2, n2^2 or n1^2 * n2^2.
- */
-
- /*
- * The main loop. The procedure is:
- * - Advance the windows
- * - If the most-significant bit of a window is set,
- * schedule a multiply for the appropriate time in the
- * future (may be immediately)
- * - Perform any pending multiples
- * - Check for termination
- * - Square the buffers
- *
- * At any given time, the acumulated product is held in
- * the high half of b.
- */
- for (;;) {
- e1bits--;
-
- /* Advance the windows */
- assert(buf1 < tblmask);
- buf1 <<= 1;
- assert(buf2 < tblmask);
- buf2 <<= 1;
- /*
- * This reads ahead of the current exponent position
- * (controlled by e1bits), so we have to be able to read
- * past the lsb of the exponents without error.
- */
- if (e1len) {
- buf1 |= ((*e1 & bitpos) != 0);
- if (e1len <= e2len)
- buf2 |= ((*e2 & bitpos) != 0);
- bitpos >>= 1;
- if (!bitpos) {
- BIGLITTLE(e1++,e1--);
- if (e1len <= e2len)
- BIGLITTLE(e2++,e2--);
- bitpos = (BNWORD16)1 << (16-1);
- e1len--;
- }
- }
-
- /* Examine the first window for pending multiplies */
- if (buf1 & tblmask) {
- mult1pos = e1bits - w1bits;
- while ((buf1 & 1) == 0) {
- buf1 >>= 1;
- mult1pos++;
- }
- /* Intermediates can wrap, but final must NOT */
- assert(mult1pos <= e1bits);
- mult1 = table1[buf1>>1];
- buf1 = 0;
- }
-
- /*
- * Examine the second window for pending multiplies.
- * Window 2 can be smaller than window 1, but we
- * keep the same number of bits in buf2, so we need
- * to ignore any low-order bits in the buffer when
- * computing what to multiply by, and recompute them
- * later.
- */
- if (buf2 & tblmask) {
- /* Remember low-order bits for later */
- i = buf2 & ((1u << w2bits) - 1);
- buf2 >>= w2bits;
- mult2pos = e1bits - w1bits + w2bits;
- while ((buf2 & 1) == 0) {
- buf2 >>= 1;
- mult2pos++;
- }
- assert(mult2pos <= e1bits);
- mult2 = table2[buf2>>1];
- buf2 = i;
- }
-
-
- /* If we have a pending multiply for e1, do it */
- if (e1bits == mult1pos) {
- /* Multiply by the table entry remembered previously */
- t = BIGLITTLE(b-mlen, b+mlen);
- if (isone) {
- /* Multiply by 1 is a trivial case */
- lbnCopy_16(t, mult1, mlen);
- isone = 0;
- } else {
- lbnMontMul_16(a, t, mult1, mod, mlen, inv);
- /* Swap a and b */
- t = a; a = b; b = t;
- }
- }
-
- /* If we have a pending multiply for e2, do it */
- if (e1bits == mult2pos) {
- /* Multiply by the table entry remembered previously */
- t = BIGLITTLE(b-mlen, b+mlen);
- if (isone) {
- /* Multiply by 1 is a trivial case */
- lbnCopy_16(t, mult2, mlen);
- isone = 0;
- } else {
- lbnMontMul_16(a, t, mult2, mod, mlen, inv);
- /* Swap a and b */
- t = a; a = b; b = t;
- }
- }
-
- /* Are we done? */
- if (!e1bits)
- break;
-
- /* Square the buffer */
- if (!isone) {
- t = BIGLITTLE(b-mlen, b+mlen);
- lbnMontSquare_16(a, t, mod, mlen, inv);
- /* Swap a and b */
- t = a; a = b; b = t;
- }
- } /* for (;;) */
-
- assert(!isone);
- assert(!buf1);
- assert(!buf2);
-
- /* DONE! */
-
- /* Convert result out of Montgomery form */
- t = BIGLITTLE(b-mlen, b+mlen);
- lbnCopy_16(b, t, mlen);
- lbnZero_16(t, mlen);
- lbnMontReduce_16(b, mod, mlen, inv);
- lbnCopy_16(result, t, mlen);
-
- /* Clean up - free intermediate storage */
- buf2 = tblmask >> w2bits;
- while (--tblmask) {
- if (tblmask < buf2)
- LBNFREE(table2[tblmask], mlen);
- LBNFREE(table1[tblmask], mlen);
- }
- t = table1[0];
- LBNFREE(t, mlen);
- LBNFREE(b, 2*mlen);
- LBNFREE(a, 2*mlen);
-
- return 0; /* Success */
-}
-
-/*
- * 2^exp (mod mod). This is an optimized version for use in Fermat
- * tests. The input value of n is ignored; it is returned with
- * "mlen" words valid.
- */
-int
-lbnTwoExpMod_16(BNWORD16 *n, BNWORD16 const *exp, unsigned elen,
- BNWORD16 *mod, unsigned mlen)
-{
- unsigned e; /* Copy of high words of the exponent */
- unsigned bits; /* Assorted counter of bits */
- BNWORD16 const *bitptr;
- BNWORD16 bitword, bitpos;
- BNWORD16 *a, *b, *a1;
- BNWORD16 inv;
-
- assert(mlen);
-
- bitptr = BIGLITTLE(exp-elen, exp+elen-1);
- bitword = *bitptr;
- assert(bitword);
-
- /* Clear n for future use. */
- lbnZero_16(n, mlen);
-
- bits = lbnBits_16(exp, elen);
-
- /* First, a couple of trivial cases. */
- if (bits <= 1) {
- /* 2 ^ 0 == 1, 2 ^ 1 == 2 */
- BIGLITTLE(n[-1],n[0]) = (BNWORD16)1<<elen;
- return 0;
- }
-
- /* Set bitpos to the most significant bit */
- bitpos = (BNWORD16)1 << ((bits-1) & (16-1));
-
- /* Now, count the bits in the modulus. */
- bits = lbnBits_16(mod, mlen);
- assert(bits > 1); /* a 1-bit modulus is just stupid... */
-
- /*
- * We start with 1<<e, where "e" is as many high bits of the
- * exponent as we can manage without going over the modulus.
- * This first loop finds "e".
- */
- e = 1;
- while (elen) {
- /* Consume the first bit */
- bitpos >>= 1;
- if (!bitpos) {
- if (!--elen)
- break;
- bitword = BIGLITTLE(*++bitptr,*--bitptr);
- bitpos = (BNWORD16)1<<(16-1);
- }
- e = (e << 1) | ((bitpos & bitword) != 0);
- if (e >= bits) { /* Overflow! Back out. */
- e >>= 1;
- break;
- }
- }
- /*
- * The bit in "bitpos" being examined by the bit buffer has NOT
- * been consumed yet. This may be past the end of the exponent,
- * in which case elen == 1.
- */
-
- /* Okay, now, set bit "e" in n. n is already zero. */
- inv = (BNWORD16)1 << (e & (16-1));
- e /= 16;
- BIGLITTLE(n[-e-1],n[e]) = inv;
- /*
- * The effective length of n in words is now "e+1".
- * This is used a little bit later.
- */
-
- if (!elen)
- return 0; /* That was easy! */
-
- /*
- * We have now processed the first few bits. The next step
- * is to convert this to Montgomery form for further squaring.
- */
-
- /* Allocate working storage: two product buffers */
- LBNALLOC(a, 2*mlen);
- if (!a)
- return -1;
- LBNALLOC(b, 2*mlen);
- if (!b) {
- LBNFREE(a, 2*mlen);
- return -1;
- }
-
- /* Convert n to Montgomery form */
- inv = BIGLITTLE(mod[-1],mod[0]); /* LSW of modulus */
- assert(inv & 1); /* Modulus must be odd */
- inv = lbnMontInv1_16(inv);
- /* Move n (length e+1, remember?) up "mlen" words into b */
- /* Note that we lie about a1 for a bit - it's pointing to b */
- a1 = BIGLITTLE(b-mlen,b+mlen);
- lbnCopy_16(a1, n, e+1);
- lbnZero_16(b, mlen);
- /* Do the division - dump the quotient into the high-order words */
- (void)lbnDiv_16(a1, b, mlen+e+1, mod, mlen);
- /*
- * Now do the first squaring and modular reduction to put
- * the number up in a1 where it belongs.
- */
- lbnMontSquare_16(a, b, mod, mlen, inv);
- /* Fix up a1 to point to where it should go. */
- a1 = BIGLITTLE(a-mlen,a+mlen);
-
- /*
- * Okay, now, a1 holds the number being accumulated, and
- * b is a scratch register. Start working:
- */
- for (;;) {
- /*
- * Is the bit set? If so, double a1 as well.
- * A modular doubling like this is very cheap.
- */
- if (bitpos & bitword) {
- /*
- * Double the number. If there was a carry out OR
- * the result is greater than the modulus, subract
- * the modulus.
- */
- if (lbnDouble_16(a1, mlen) ||
- lbnCmp_16(a1, mod, mlen) > 0)
- (void)lbnSubN_16(a1, mod, mlen);
- }
-
- /* Advance to the next exponent bit */
- bitpos >>= 1;
- if (!bitpos) {
- if (!--elen)
- break; /* Done! */
- bitword = BIGLITTLE(*++bitptr,*--bitptr);
- bitpos = (BNWORD16)1<<(16-1);
- }
-
- /*
- * The elen/bitword/bitpos bit buffer is known to be
- * non-empty, i.e. there is at least one more unconsumed bit.
- * Thus, it's safe to square the number.
- */
- lbnMontSquare_16(b, a1, mod, mlen, inv);
- /* Rename result (in b) back to a (a1, really). */
- a1 = b; b = a; a = a1;
- a1 = BIGLITTLE(a-mlen,a+mlen);
- }
-
- /* DONE! Just a little bit of cleanup... */
-
- /*
- * Convert result out of Montgomery form... this is
- * just a Montgomery reduction.
- */
- lbnCopy_16(a, a1, mlen);
- lbnZero_16(a1, mlen);
- lbnMontReduce_16(a, mod, mlen, inv);
- lbnCopy_16(n, a1, mlen);
-
- /* Clean up - free intermediate storage */
- LBNFREE(b, 2*mlen);
- LBNFREE(a, 2*mlen);
-
- return 0; /* Success */
-}
-
-
-/*
- * Returns a substring of the big-endian array of bytes representation
- * of the bignum array based on two parameters, the least significant
- * byte number (0 to start with the least significant byte) and the
- * length. I.e. the number returned is a representation of
- * (bn / 2^(8*lsbyte)) % 2 ^ (8*buflen).
- *
- * It is an error if the bignum is not at least buflen + lsbyte bytes
- * long.
- *
- * This code assumes that the compiler has the minimal intelligence
- * neded to optimize divides and modulo operations on an unsigned data
- * type with a power of two.
- */
-void
-lbnExtractBigBytes_16(BNWORD16 const *n, unsigned char *buf,
- unsigned lsbyte, unsigned buflen)
-{
- BNWORD16 t = 0; /* Needed to shut up uninitialized var warnings */
- unsigned shift;
-
- lsbyte += buflen;
-
- shift = (8 * lsbyte) % 16;
- lsbyte /= (16/8); /* Convert to word offset */
- BIGLITTLE(n -= lsbyte, n += lsbyte);
-
- if (shift)
- t = BIGLITTLE(n[-1],n[0]);
-
- while (buflen--) {
- if (!shift) {
- t = BIGLITTLE(*n++,*--n);
- shift = 16;
- }
- shift -= 8;
- *buf++ = (unsigned char)(t>>shift);
- }
-}
-
-/*
- * Merge a big-endian array of bytes into a bignum array.
- * The array had better be big enough. This is
- * equivalent to extracting the entire bignum into a
- * large byte array, copying the input buffer into the
- * middle of it, and converting back to a bignum.
- *
- * The buf is "len" bytes long, and its *last* byte is at
- * position "lsbyte" from the end of the bignum.
- *
- * Note that this is a pain to get right. Fortunately, it's hardly
- * critical for efficiency.
- */
-void
-lbnInsertBigBytes_16(BNWORD16 *n, unsigned char const *buf,
- unsigned lsbyte, unsigned buflen)
-{
- BNWORD16 t = 0; /* Shut up uninitialized varibale warnings */
-
- lsbyte += buflen;
-
- BIGLITTLE(n -= lsbyte/(16/8), n += lsbyte/(16/8));
-
- /* Load up leading odd bytes */
- if (lsbyte % (16/8)) {
- t = BIGLITTLE(*--n,*n++);
- t >>= (lsbyte * 8) % 16;
- }
-
- /* The main loop - merge into t, storing at each word boundary. */
- while (buflen--) {
- t = (t << 8) | *buf++;
- if ((--lsbyte % (16/8)) == 0)
- BIGLITTLE(*n++,*--n) = t;
- }
-
- /* Merge odd bytes in t into last word */
- lsbyte = (lsbyte * 8) % 16;
- if (lsbyte) {
- t <<= lsbyte;
- t |= (((BNWORD16)1 << lsbyte) - 1) & BIGLITTLE(n[0],n[-1]);
- BIGLITTLE(n[0],n[-1]) = t;
- }
-
- return;
-}
-
-/*
- * Returns a substring of the little-endian array of bytes representation
- * of the bignum array based on two parameters, the least significant
- * byte number (0 to start with the least significant byte) and the
- * length. I.e. the number returned is a representation of
- * (bn / 2^(8*lsbyte)) % 2 ^ (8*buflen).
- *
- * It is an error if the bignum is not at least buflen + lsbyte bytes
- * long.
- *
- * This code assumes that the compiler has the minimal intelligence
- * neded to optimize divides and modulo operations on an unsigned data
- * type with a power of two.
- */
-void
-lbnExtractLittleBytes_16(BNWORD16 const *n, unsigned char *buf,
- unsigned lsbyte, unsigned buflen)
-{
- BNWORD16 t = 0; /* Needed to shut up uninitialized var warnings */
-
- BIGLITTLE(n -= lsbyte/(16/8), n += lsbyte/(16/8));
-
- if (lsbyte % (16/8)) {
- t = BIGLITTLE(*--n,*n++);
- t >>= (lsbyte % (16/8)) * 8 ;
- }
-
- while (buflen--) {
- if ((lsbyte++ % (16/8)) == 0)
- t = BIGLITTLE(*--n,*n++);
- *buf++ = (unsigned char)t;
- t >>= 8;
- }
-}
-
-/*
- * Merge a little-endian array of bytes into a bignum array.
- * The array had better be big enough. This is
- * equivalent to extracting the entire bignum into a
- * large byte array, copying the input buffer into the
- * middle of it, and converting back to a bignum.
- *
- * The buf is "len" bytes long, and its first byte is at
- * position "lsbyte" from the end of the bignum.
- *
- * Note that this is a pain to get right. Fortunately, it's hardly
- * critical for efficiency.
- */
-void
-lbnInsertLittleBytes_16(BNWORD16 *n, unsigned char const *buf,
- unsigned lsbyte, unsigned buflen)
-{
- BNWORD16 t = 0; /* Shut up uninitialized varibale warnings */
-
- /* Move to most-significant end */
- lsbyte += buflen;
- buf += buflen;
-
- BIGLITTLE(n -= lsbyte/(16/8), n += lsbyte/(16/8));
-
- /* Load up leading odd bytes */
- if (lsbyte % (16/8)) {
- t = BIGLITTLE(*--n,*n++);
- t >>= (lsbyte * 8) % 16;
- }
-
- /* The main loop - merge into t, storing at each word boundary. */
- while (buflen--) {
- t = (t << 8) | *--buf;
- if ((--lsbyte % (16/8)) == 0)
- BIGLITTLE(*n++,*--n) = t;
- }
-
- /* Merge odd bytes in t into last word */
- lsbyte = (lsbyte * 8) % 16;
- if (lsbyte) {
- t <<= lsbyte;
- t |= (((BNWORD16)1 << lsbyte) - 1) & BIGLITTLE(n[0],n[-1]);
- BIGLITTLE(n[0],n[-1]) = t;
- }
-
- return;
-}
-
-#ifdef DEADCODE /* This was a precursor to the more flexible lbnExtractBytes */
-/*
- * Convert a big-endian array of bytes to a bignum.
- * Returns the number of words in the bignum.
- * Note the expression "16/8" for the number of bytes per word.
- * This is so the word-size adjustment will work.
- */
-unsigned
-lbnFromBytes_16(BNWORD16 *a, unsigned char const *b, unsigned blen)
-{
- BNWORD16 t;
- unsigned alen = (blen + (16/8-1))/(16/8);
- BIGLITTLE(a -= alen, a += alen);
-
- while (blen) {
- t = 0;
- do {
- t = t << 8 | *b++;
- } while (--blen & (16/8-1));
- BIGLITTLE(*a++,*--a) = t;
- }
- return alen;
-}
-#endif
-
-/*
- * Computes the GCD of a and b. Modifies both arguments;
- * when it returns, one of them is the GCD and the other is trash.
- * The return value is the length of the GCD, with the sign telling
- * whether it is in a (+ve) or b (-ve). Both inputs must have
- * one extra word of precision. alen must be >= blen.
- *
- * TODO: use the binary algorithm (Knuth section 4.5.2, algorithm B).
- * This is based on taking out common powers of 2, then repeatedly:
- * gcd(2*u,v) = gcd(u,2*v) = gcd(u,v) - isolated powers of 2 can be deleted.
- * gcd(u,v) = gcd(u-v,v) - the numbers can be easily reduced.
- * It gets less reduction per step, but the steps are much faster than
- * the division case.
- */
-int
-lbnGcd_16(BNWORD16 *a, unsigned alen, BNWORD16 *b, unsigned blen)
-{
- assert(alen >= blen);
-
- while (blen != 0) {
- (void)lbnDiv_16(BIGLITTLE(a-blen,a+blen), a, alen, b, blen);
- alen = lbnNorm_16(a, blen);
- if (alen == 0)
- return -(int)blen;
- (void)lbnDiv_16(BIGLITTLE(b-alen,b+alen), b, blen, a, alen);
- blen = lbnNorm_16(b, alen);
- }
- return alen;
-}
-
-/*
- * Invert "a" modulo "mod" using the extended Euclidean algorithm.
- * Note that this only computes one of the cosequences, and uses the
- * theorem that the signs flip every step and the absolute value of
- * the cosequence values are always bounded by the modulus to avoid
- * having to work with negative numbers.
- * gcd(a,mod) had better equal 1. Returns 1 if the GCD is NOT 1.
- * a must be one word longer than "mod". It is overwritten with the
- * result.
- * TODO: Use Richard Schroeppel's *much* faster algorithm.
- */
-int
-lbnInv_16(BNWORD16 *a, unsigned alen, BNWORD16 const *mod, unsigned mlen)
-{
- BNWORD16 *b; /* Hold a copy of mod during GCD reduction */
- BNWORD16 *p; /* Temporary for products added to t0 and t1 */
- BNWORD16 *t0, *t1; /* Inverse accumulators */
- BNWORD16 cy;
- unsigned blen, t0len, t1len, plen;
-
- alen = lbnNorm_16(a, alen);
- if (!alen)
- return 1; /* No inverse */
-
- mlen = lbnNorm_16(mod, mlen);
-
- assert (alen <= mlen);
-
- /* Inverse of 1 is 1 */
- if (alen == 1 && BIGLITTLE(a[-1],a[0]) == 1) {
- lbnZero_16(BIGLITTLE(a-alen,a+alen), mlen-alen);
- return 0;
- }
-
- /* Allocate a pile of space */
- LBNALLOC(b, mlen+1);
- if (b) {
- /*
- * Although products are guaranteed to always be less than the
- * modulus, it can involve multiplying two 3-word numbers to
- * get a 5-word result, requiring a 6th word to store a 0
- * temporarily. Thus, mlen + 1.
- */
- LBNALLOC(p, mlen+1);
- if (p) {
- LBNALLOC(t0, mlen);
- if (t0) {
- LBNALLOC(t1, mlen);
- if (t1)
- goto allocated;
- LBNFREE(t0, mlen);
- }
- LBNFREE(p, mlen+1);
- }
- LBNFREE(b, mlen+1);
- }
- return -1;
-
-allocated:
-
- /* Set t0 to 1 */
- t0len = 1;
- BIGLITTLE(t0[-1],t0[0]) = 1;
-
- /* b = mod */
- lbnCopy_16(b, mod, mlen);
- /* blen = mlen (implicitly) */
-
- /* t1 = b / a; b = b % a */
- cy = lbnDiv_16(t1, b, mlen, a, alen);
- *(BIGLITTLE(t1-(mlen-alen)-1,t1+(mlen-alen))) = cy;
- t1len = lbnNorm_16(t1, mlen-alen+1);
- blen = lbnNorm_16(b, alen);
-
- /* while (b > 1) */
- while (blen > 1 || BIGLITTLE(b[-1],b[0]) != (BNWORD16)1) {
- /* q = a / b; a = a % b; */
- if (alen < blen || (alen == blen && lbnCmp_16(a, a, alen) < 0))
- assert(0);
- cy = lbnDiv_16(BIGLITTLE(a-blen,a+blen), a, alen, b, blen);
- *(BIGLITTLE(a-alen-1,a+alen)) = cy;
- plen = lbnNorm_16(BIGLITTLE(a-blen,a+blen), alen-blen+1);
- assert(plen);
- alen = lbnNorm_16(a, blen);
- if (!alen)
- goto failure; /* GCD not 1 */
-
- /* t0 += q * t1; */
- assert(plen+t1len <= mlen+1);
- lbnMul_16(p, BIGLITTLE(a-blen,a+blen), plen, t1, t1len);
- plen = lbnNorm_16(p, plen + t1len);
- assert(plen <= mlen);
- if (plen > t0len) {
- lbnZero_16(BIGLITTLE(t0-t0len,t0+t0len), plen-t0len);
- t0len = plen;
- }
- cy = lbnAddN_16(t0, p, plen);
- if (cy) {
- if (t0len > plen) {
- cy = lbnAdd1_16(BIGLITTLE(t0-plen,t0+plen),
- t0len-plen, cy);
- }
- if (cy) {
- BIGLITTLE(t0[-t0len-1],t0[t0len]) = cy;
- t0len++;
- }
- }
-
- /* if (a <= 1) return a ? t0 : FAIL; */
- if (alen <= 1 && BIGLITTLE(a[-1],a[0]) == (BNWORD16)1) {
- if (alen == 0)
- goto failure; /* FAIL */
- assert(t0len <= mlen);
- lbnCopy_16(a, t0, t0len);
- lbnZero_16(BIGLITTLE(a-t0len, a+t0len), mlen-t0len);
- goto success;
- }
-
- /* q = b / a; b = b % a; */
- if (blen < alen || (blen == alen && lbnCmp_16(b, a, alen) < 0))
- assert(0);
- cy = lbnDiv_16(BIGLITTLE(b-alen,b+alen), b, blen, a, alen);
- *(BIGLITTLE(b-blen-1,b+blen)) = cy;
- plen = lbnNorm_16(BIGLITTLE(b-alen,b+alen), blen-alen+1);
- assert(plen);
- blen = lbnNorm_16(b, alen);
- if (!blen)
- goto failure; /* GCD not 1 */
-
- /* t1 += q * t0; */
- assert(plen+t0len <= mlen+1);
- lbnMul_16(p, BIGLITTLE(b-alen,b+alen), plen, t0, t0len);
- plen = lbnNorm_16(p, plen + t0len);
- assert(plen <= mlen);
- if (plen > t1len) {
- lbnZero_16(BIGLITTLE(t1-t1len,t1+t1len), plen-t1len);
- t1len = plen;
- }
- cy = lbnAddN_16(t1, p, plen);
- if (cy) {
- if (t1len > plen) {
- cy = lbnAdd1_16(BIGLITTLE(t1-plen,t0+plen),
- t1len-plen, cy);
- }
- if (cy) {
- BIGLITTLE(t1[-t1len-1],t1[t1len]) = cy;
- t1len++;
- }
- }
- }
-
- if (!blen)
- goto failure; /* gcd(a, mod) != 1 -- FAIL */
-
- /* return mod-t1 */
- lbnCopy_16(a, mod, mlen);
- assert(t1len <= mlen);
- cy = lbnSubN_16(a, t1, t1len);
- if (cy) {
- assert(mlen > t1len);
- cy = lbnSub1_16(BIGLITTLE(a-t1len, a+t1len), mlen-t1len, cy);
- assert(!cy);
- }
-
-success:
- LBNFREE(t1, mlen);
- LBNFREE(t0, mlen);
- LBNFREE(p, mlen+1);
- LBNFREE(b, mlen+1);
-
- return 0;
-
-failure:
- LBNFREE(t1, mlen);
- LBNFREE(t0, mlen);
- LBNFREE(p, mlen+1);
- LBNFREE(b, mlen+1);
-
- return 1;
-}
+++ /dev/null
-#ifndef LBN16_H
-#define LBN16_H
-
-/*
- * Cylink Corporation © 1998
- *
- * This software is licensed by Cylink to the Internet Software Consortium to
- * promote implementation of royalty free public key cryptography within IETF
- * standards. Cylink wishes to expressly thank the contributions of Dr.
- * Martin Hellman, Whitfield Diffie, Ralph Merkle and Stanford University for
- * their contributions to Internet Security. In accordance with the terms of
- * this license, ISC is authorized to distribute and sublicense this software
- * for the practice of IETF standards.
- *
- * The software includes BigNum, written by Colin Plumb and licensed by Philip
- * R. Zimmermann for royalty free use and distribution with Cylink's
- * software. Use of BigNum as a stand alone product or component is
- * specifically prohibited.
- *
- * Disclaimer of All Warranties. THIS SOFTWARE IS BEING PROVIDED "AS IS",
- * WITHOUT ANY EXPRESSED OR IMPLIED WARRANTY OF ANY KIND WHATSOEVER. IN
- * PARTICULAR, WITHOUT LIMITATION ON THE GENERALITY OF THE FOREGOING, CYLINK
- * MAKES NO REPRESENTATION OF THIS SOFTWARE OR ITS FITNESS FOR ANY PARTICULAR
- * PURPOSE.
- *
- * Cylink or its representatives shall not be liable for tort, indirect,
- * special or consequential damages such as loss of profits or loss of
- * goodwill from the use or inability to use the software for any purpose or
- * for any reason whatsoever.
- *
- * EXPORT LAW: Export of the Foundations Suite may be subject to compliance
- * with the rules and regulations promulgated from time to time by the Bureau
- * of Export Administration, United States Department of Commerce, which
- * restrict the export and re-export of certain products and technical data.
- * If the export of the Foundations Suite is controlled under such rules and
- * regulations, then the Foundations Suite shall not be exported or
- * re-exported, directly or indirectly, (a) without all export or re-export
- * licenses and governmental approvals required by any applicable laws, or (b)
- * in violation of any applicable prohibition against the export or re-export
- * of any part of the Foundations Suite. All export licenses for software
- * containing the Foundations Suite are the sole responsibility of the licensee.
- */
-
-#include "lbn.h"
-
-#ifndef BNWORD16
-#error 16-bit bignum library requires a 16-bit data type
-#endif
-
-#ifndef lbnCopy_16
-void lbnCopy_16(BNWORD16 *dest, BNWORD16 const *src, unsigned len);
-#endif
-#ifndef lbnZero_16
-void lbnZero_16(BNWORD16 *num, unsigned len);
-#endif
-#ifndef lbnNeg_16
-void lbnNeg_16(BNWORD16 *num, unsigned len);
-#endif
-
-#ifndef lbnAdd1_16
-BNWORD16 lbnAdd1_16(BNWORD16 *num, unsigned len, BNWORD16 carry);
-#endif
-#ifndef lbnSub1_16
-BNWORD16 lbnSub1_16(BNWORD16 *num, unsigned len, BNWORD16 borrow);
-#endif
-
-#ifndef lbnAddN_16
-BNWORD16 lbnAddN_16(BNWORD16 *num1, BNWORD16 const *num2, unsigned len);
-#endif
-#ifndef lbnSubN_16
-BNWORD16 lbnSubN_16(BNWORD16 *num1, BNWORD16 const *num2, unsigned len);
-#endif
-
-#ifndef lbnCmp_16
-int lbnCmp_16(BNWORD16 const *num1, BNWORD16 const *num2, unsigned len);
-#endif
-
-#ifndef lbnMulN1_16
-void lbnMulN1_16(BNWORD16 *out, BNWORD16 const *in, unsigned len, BNWORD16 k);
-#endif
-#ifndef lbnMulAdd1_16
-BNWORD16
-lbnMulAdd1_16(BNWORD16 *out, BNWORD16 const *in, unsigned len, BNWORD16 k);
-#endif
-#ifndef lbnMulSub1_16
-BNWORD16 lbnMulSub1_16(BNWORD16 *out, BNWORD16 const *in, unsigned len, BNWORD16 k);
-#endif
-
-#ifndef lbnLshift_16
-BNWORD16 lbnLshift_16(BNWORD16 *num, unsigned len, unsigned shift);
-#endif
-#ifndef lbnDouble_16
-BNWORD16 lbnDouble_16(BNWORD16 *num, unsigned len);
-#endif
-#ifndef lbnRshift_16
-BNWORD16 lbnRshift_16(BNWORD16 *num, unsigned len, unsigned shift);
-#endif
-
-#ifndef lbnMul_16
-void lbnMul_16(BNWORD16 *prod, BNWORD16 const *num1, unsigned len1,
- BNWORD16 const *num2, unsigned len2);
-#endif
-#ifndef lbnSquare_16
-void lbnSquare_16(BNWORD16 *prod, BNWORD16 const *num, unsigned len);
-#endif
-
-#ifndef lbnNorm_16
-unsigned lbnNorm_16(BNWORD16 const *num, unsigned len);
-#endif
-#ifndef lbnBits_16
-unsigned lbnBits_16(BNWORD16 const *num, unsigned len);
-#endif
-
-#ifndef lbnExtractBigBytes_16
-void lbnExtractBigBytes_16(BNWORD16 const *bn, unsigned char *buf,
- unsigned lsbyte, unsigned buflen);
-#endif
-#ifndef lbnInsertBigytes_16
-void lbnInsertBigBytes_16(BNWORD16 *n, unsigned char const *buf,
- unsigned lsbyte, unsigned buflen);
-#endif
-#ifndef lbnExtractLittleBytes_16
-void lbnExtractLittleBytes_16(BNWORD16 const *bn, unsigned char *buf,
- unsigned lsbyte, unsigned buflen);
-#endif
-#ifndef lbnInsertLittleBytes_16
-void lbnInsertLittleBytes_16(BNWORD16 *n, unsigned char const *buf,
- unsigned lsbyte, unsigned buflen);
-#endif
-
-#ifndef lbnDiv21_16
-BNWORD16 lbnDiv21_16(BNWORD16 *q, BNWORD16 nh, BNWORD16 nl, BNWORD16 d);
-#endif
-#ifndef lbnDiv1_16
-BNWORD16 lbnDiv1_16(BNWORD16 *q, BNWORD16 *rem,
- BNWORD16 const *n, unsigned len, BNWORD16 d);
-#endif
-#ifndef lbnModQ_16
-unsigned lbnModQ_16(BNWORD16 const *n, unsigned len, unsigned d);
-#endif
-#ifndef lbnDiv_16
-BNWORD16
-lbnDiv_16(BNWORD16 *q, BNWORD16 *n, unsigned nlen, BNWORD16 *d, unsigned dlen);
-#endif
-
-#ifndef lbnMontInv1_16
-BNWORD16 lbnMontInv1_16(BNWORD16 const x);
-#endif
-#ifndef lbnMontReduce_16
-void lbnMontReduce_16(BNWORD16 *n, BNWORD16 const *mod, unsigned const mlen,
- BNWORD16 inv);
-#endif
-#ifndef lbnToMont_16
-void lbnToMont_16(BNWORD16 *n, unsigned nlen, BNWORD16 *mod, unsigned mlen);
-#endif
-#ifndef lbnFromMont_16
-void lbnFromMont_16(BNWORD16 *n, BNWORD16 *mod, unsigned len);
-#endif
-
-#ifndef lbnExpMod_16
-int lbnExpMod_16(BNWORD16 *result, BNWORD16 const *n, unsigned nlen,
- BNWORD16 const *exp, unsigned elen, BNWORD16 *mod, unsigned mlen);
-#endif
-#ifndef lbnDoubleExpMod_16
-int lbnDoubleExpMod_16(BNWORD16 *result,
- BNWORD16 const *n1, unsigned n1len, BNWORD16 const *e1, unsigned e1len,
- BNWORD16 const *n2, unsigned n2len, BNWORD16 const *e2, unsigned e2len,
- BNWORD16 *mod, unsigned mlen);
-#endif
-#ifndef lbnTwoExpMod_16
-int lbnTwoExpMod_16(BNWORD16 *n, BNWORD16 const *exp, unsigned elen,
- BNWORD16 *mod, unsigned mlen);
-#endif
-#ifndef lbnGcd_16
-int lbnGcd_16(BNWORD16 *a, unsigned alen, BNWORD16 *b, unsigned blen);
-#endif
-#ifndef lbnInv_16
-int lbnInv_16(BNWORD16 *a, unsigned alen, BNWORD16 const *mod, unsigned mlen);
-#endif
-
-#endif /* LBN16_H */
+++ /dev/null
-/*
- * Cylink Corporation © 1998
- *
- * This software is licensed by Cylink to the Internet Software Consortium to
- * promote implementation of royalty free public key cryptography within IETF
- * standards. Cylink wishes to expressly thank the contributions of Dr.
- * Martin Hellman, Whitfield Diffie, Ralph Merkle and Stanford University for
- * their contributions to Internet Security. In accordance with the terms of
- * this license, ISC is authorized to distribute and sublicense this software
- * for the practice of IETF standards.
- *
- * The software includes BigNum, written by Colin Plumb and licensed by Philip
- * R. Zimmermann for royalty free use and distribution with Cylink's
- * software. Use of BigNum as a stand alone product or component is
- * specifically prohibited.
- *
- * Disclaimer of All Warranties. THIS SOFTWARE IS BEING PROVIDED "AS IS",
- * WITHOUT ANY EXPRESSED OR IMPLIED WARRANTY OF ANY KIND WHATSOEVER. IN
- * PARTICULAR, WITHOUT LIMITATION ON THE GENERALITY OF THE FOREGOING, CYLINK
- * MAKES NO REPRESENTATION OF THIS SOFTWARE OR ITS FITNESS FOR ANY PARTICULAR
- * PURPOSE.
- *
- * Cylink or its representatives shall not be liable for tort, indirect,
- * special or consequential damages such as loss of profits or loss of
- * goodwill from the use or inability to use the software for any purpose or
- * for any reason whatsoever.
- *
- * EXPORT LAW: Export of the Foundations Suite may be subject to compliance
- * with the rules and regulations promulgated from time to time by the Bureau
- * of Export Administration, United States Department of Commerce, which
- * restrict the export and re-export of certain products and technical data.
- * If the export of the Foundations Suite is controlled under such rules and
- * regulations, then the Foundations Suite shall not be exported or
- * re-exported, directly or indirectly, (a) without all export or re-export
- * licenses and governmental approvals required by any applicable laws, or (b)
- * in violation of any applicable prohibition against the export or re-export
- * of any part of the Foundations Suite. All export licenses for software
- * containing the Foundations Suite are the sole responsibility of the licensee.
- */
-
-/*
- * lbn32.c - Low-level bignum routines, 32-bit version.
- *
- * Copyright (c) 1995 Colin Plumb. All rights reserved.
- * For licensing and other legal details, see the file legal.c.
- *
- * NOTE: the magic constants "32" and "64" appear in many places in this
- * file, including inside identifiers. Because it is not possible to
- * ask "#ifdef" of a macro expansion, it is not possible to use the
- * preprocessor to conditionalize these properly. Thus, this file is
- * intended to be edited with textual search and replace to produce
- * alternate word size versions. Any reference to the number of bits
- * in a word must be the string "32", and that string must not appear
- * otherwise. Any reference to twice this number must appear as "64",
- * which likewise must not appear otherwise. Is that clear?
- *
- * Remember, when doubling the bit size replace the larger number (64)
- * first, then the smaller (32). When halving the bit size, do the
- * opposite. Otherwise, things will get wierd. Also, be sure to replace
- * every instance that appears. (:%s/foo/bar/g in vi)
- *
- * These routines work with a pointer to the least-significant end of
- * an array of WORD32s. The BIG(x), LITTLE(y) and BIGLTTLE(x,y) macros
- * defined in lbn.h (which expand to x on a big-edian machine and y on a
- * little-endian machine) are used to conditionalize the code to work
- * either way. If you have no assembly primitives, it doesn't matter.
- * Note that on a big-endian machine, the least-significant-end pointer
- * is ONE PAST THE END. The bytes are ptr[-1] through ptr[-len].
- * On little-endian, they are ptr[0] through ptr[len-1]. This makes
- * perfect sense if you consider pointers to point *between* bytes rather
- * than at them.
- *
- * Because the array index values are unsigned integers, ptr[-i]
- * may not work properly, since the index -i is evaluated as an unsigned,
- * and if pointers are wider, zero-extension will produce a positive
- * number rahter than the needed negative. The expression used in this
- * code, *(ptr-i) will, however, work. (The array syntax is equivalent
- * to *(ptr+-i), which is a pretty subtle difference.)
- *
- * Many of these routines will get very unhappy if fed zero-length inputs.
- * They use assert() to enforce this. An higher layer of code must make
- * sure that these aren't called with zero-length inputs.
- *
- * Any of these routines can be replaced with more efficient versions
- * elsewhere, by just #defining their names. If one of the names
- * is #defined, the C code is not compiled in and no declaration is
- * made. Use the BNINCLUDE file to do that. Typically, you compile
- * asm subroutines with the same name and just, e.g.
- * #define lbnMulAdd1_32 lbnMulAdd1_32
- *
- * If you want to write asm routines, start with lbnMulAdd1_32().
- * This is the workhorse of modular exponentiation. lbnMulN1_32() is
- * also used a fair bit, although not as much and it's defined in terms
- * of lbnMulAdd1_32 if that has a custom version. lbnMulSub1_32 and
- * lbnDiv21_32 are used in the usual division and remainder finding.
- * (Not the Montgomery reduction used in modular exponentiation, though.)
- * Once you have lbnMulAdd1_32 defined, writing the other two should
- * be pretty easy. (Just make sure you get the sign of the subtraction
- * in lbnMulSub1_32 right - it's dest = dest - source * k.)
- *
- * The only definitions that absolutely need a double-word (BNWORD64)
- * type are lbnMulAdd1_32 and lbnMulSub1_32; if those are provided,
- * the rest follows. lbnDiv21_32, however, is a lot slower unless you
- * have them, and lbnModQ_32 takes after it. That one is used quite a
- * bit for prime sieving.
- */
-
-#ifndef HAVE_CONFIG_H
-#define HAVE_CONFIG_H 0
-#endif
-#if HAVE_CONFIG_H
-#include "config.h"
-#endif
-
-/*
- * Some compilers complain about #if FOO if FOO isn't defined,
- * so do the ANSI-mandated thing explicitly...
- */
-#ifndef NO_ASSERT_H
-#define NO_ASSERT_H 0
-#endif
-#ifndef NO_STRING_H
-#define NO_STRING_H 0
-#endif
-#ifndef HAVE_STRINGS_H
-#define HAVE_STRINGS_H 0
-#endif
-#ifndef NEED_MEMORY_H
-#define NEED_MEMORY_H 0
-#endif
-
-#if !NO_ASSERT_H
-#include <assert.h>
-#else
-#define assert(x) (void)0
-#endif
-
-#if !NO_STRING_H
-#include <string.h> /* For memcpy */
-#elif HAVE_STRINGS_H
-#include <strings.h>
-#endif
-#if NEED_MEMORY_H
-#include <memory.h>
-#endif
-
-#include "lbn.h"
-#include "lbn32.h"
-#include "lbnmem.h"
-#include "legal.h"
-
-#include "kludge.h"
-#include <port_after.h>
-
-#ifndef BNWORD32
-#error 32-bit bignum library requires a 32-bit data type
-#endif
-
-/* Make sure the copyright notice gets included */
-volatile const char * volatile const lbnCopyright_32 = bnCopyright;
-
-/*
- * Most of the multiply (and Montgomery reduce) routines use an outer
- * loop that iterates over one of the operands - a so-called operand
- * scanning approach. One big advantage of this is that the assembly
- * support routines are simpler. The loops can be rearranged to have
- * an outer loop that iterates over the product, a so-called product
- * scanning approach. This has the advantage of writing less data
- * and doing fewer adds to memory, so is supposedly faster. Some
- * code has been written using a product-scanning approach, but
- * it appears to be slower, so it is turned off by default. Some
- * experimentation would be appreciated.
- *
- * (The code is also annoying to get right and not very well commented,
- * one of my pet peeves about math libraries. I'm sorry.)
- */
-#ifndef PRODUCT_SCAN
-#define PRODUCT_SCAN 0
-#endif
-
-/*
- * Copy an array of words. <Marvin mode on> Thrilling, isn't it? </Marvin>
- * This is a good example of how the byte offsets and BIGLITTLE() macros work.
- * Another alternative would have been
- * memcpy(dest BIG(-len), src BIG(-len), len*sizeof(BNWORD32)), but I find that
- * putting operators into conditional macros is confusing.
- */
-#ifndef lbnCopy_32
-void
-lbnCopy_32(BNWORD32 *dest, BNWORD32 const *src, unsigned len)
-{
- memcpy(BIGLITTLE(dest-len,dest), BIGLITTLE(src-len,src),
- len * sizeof(*src));
-}
-#endif /* !lbnCopy_32 */
-
-/*
- * Fill n words with zero. This does it manually rather than calling
- * memset because it can assume alignment to make things faster while
- * memset can't. Note how big-endian numbers are naturally addressed
- * using predecrement, while little-endian is postincrement.
- */
-#ifndef lbnZero_32
-void
-lbnZero_32(BNWORD32 *num, unsigned len)
-{
- while (len--)
- BIGLITTLE(*--num,*num++) = 0;
-}
-#endif /* !lbnZero_32 */
-
-/*
- * Negate an array of words.
- * Negation is subtraction from zero. Negating low-order words
- * entails doing nothing until a non-zero word is hit. Once that
- * is negated, a borrow is generated and never dies until the end
- * of the number is hit. Negation with borrow, -x-1, is the same as ~x.
- * Repeat that until the end of the number.
- *
- * Doesn't return borrow out because that's pretty useless - it's
- * always set unless the input is 0, which is easy to notice in
- * normalized form.
- */
-#ifndef lbnNeg_32
-void
-lbnNeg_32(BNWORD32 *num, unsigned len)
-{
- assert(len);
-
- /* Skip low-order zero words */
- while (BIGLITTLE(*--num,*num) == 0) {
- if (!--len)
- return;
- LITTLE(num++;)
- }
- /* Negate the lowest-order non-zero word */
- *num = -*num;
- /* Complement all the higher-order words */
- while (--len) {
- BIGLITTLE(--num,++num);
- *num = ~*num;
- }
-}
-#endif /* !lbnNeg_32 */
-
-
-/*
- * lbnAdd1_32: add the single-word "carry" to the given number.
- * Used for minor increments and propagating the carry after
- * adding in a shorter bignum.
- *
- * Technique: If we have a double-width word, presumably the compiler
- * can add using its carry in inline code, so we just use a larger
- * accumulator to compute the carry from the first addition.
- * If not, it's more complex. After adding the first carry, which may
- * be > 1, compare the sum and the carry. If the sum wraps (causing a
- * carry out from the addition), the result will be less than each of the
- * inputs, since the wrap subtracts a number (2^32) which is larger than
- * the other input can possibly be. If the sum is >= the carry input,
- * return success immediately.
- * In either case, if there is a carry, enter a loop incrementing words
- * until one does not wrap. Since we are adding 1 each time, the wrap
- * will be to 0 and we can test for equality.
- */
-#ifndef lbnAdd1_32 /* If defined, it's provided as an asm subroutine */
-#ifdef BNWORD64
-BNWORD32
-lbnAdd1_32(BNWORD32 *num, unsigned len, BNWORD32 carry)
-{
- BNWORD64 t;
- assert(len > 0); /* Alternative: if (!len) return carry */
-
- t = (BNWORD64)BIGLITTLE(*--num,*num) + carry;
- BIGLITTLE(*num,*num++) = (BNWORD32)t;
- if ((t >> 32) == 0)
- return 0;
- while (--len) {
- if (++BIGLITTLE(*--num,*num++) != 0)
- return 0;
- }
- return 1;
-}
-#else /* no BNWORD64 */
-BNWORD32
-lbnAdd1_32(BNWORD32 *num, unsigned len, BNWORD32 carry)
-{
- assert(len > 0); /* Alternative: if (!len) return carry */
-
- if ((BIGLITTLE(*--num,*num++) += carry) >= carry)
- return 0;
- while (--len) {
- if (++BIGLITTLE(*--num,*num++) != 0)
- return 0;
- }
- return 1;
-}
-#endif
-#endif/* !lbnAdd1_32 */
-
-/*
- * lbnSub1_32: subtract the single-word "borrow" from the given number.
- * Used for minor decrements and propagating the borrow after
- * subtracting a shorter bignum.
- *
- * Technique: Similar to the add, above. If there is a double-length type,
- * use that to generate the first borrow.
- * If not, after subtracting the first borrow, which may be > 1, compare
- * the difference and the *negative* of the carry. If the subtract wraps
- * (causing a borrow out from the subtraction), the result will be at least
- * as large as -borrow. If the result < -borrow, then no borrow out has
- * appeared and we may return immediately, except when borrow == 0. To
- * deal with that case, use the identity that -x = ~x+1, and instead of
- * comparing < -borrow, compare for <= ~borrow.
- * Either way, if there is a borrow out, enter a loop decrementing words
- * until a non-zero word is reached.
- *
- * Note the cast of ~borrow to (BNWORD32). If the size of an int is larger
- * than BNWORD32, C rules say the number is expanded for the arithmetic, so
- * the inversion will be done on an int and the value won't be quite what
- * is expected.
- */
-#ifndef lbnSub1_32 /* If defined, it's provided as an asm subroutine */
-#ifdef BNWORD64
-BNWORD32
-lbnSub1_32(BNWORD32 *num, unsigned len, BNWORD32 borrow)
-{
- BNWORD64 t;
- assert(len > 0); /* Alternative: if (!len) return borrow */
-
- t = (BNWORD64)BIGLITTLE(*--num,*num) - borrow;
- BIGLITTLE(*num,*num++) = (BNWORD32)t;
- if ((t >> 32) == 0)
- return 0;
- while (--len) {
- if ((BIGLITTLE(*--num,*num++))-- != 0)
- return 0;
- }
- return 1;
-}
-#else /* no BNWORD64 */
-BNWORD32
-lbnSub1_32(BNWORD32 *num, unsigned len, BNWORD32 borrow)
-{
- assert(len > 0); /* Alternative: if (!len) return borrow */
-
- if ((BIGLITTLE(*--num,*num++) -= borrow) <= (BNWORD32)~borrow)
- return 0;
- while (--len) {
- if ((BIGLITTLE(*--num,*num++))-- != 0)
- return 0;
- }
- return 1;
-}
-#endif
-#endif /* !lbnSub1_32 */
-
-/*
- * lbnAddN_32: add two bignums of the same length, returning the carry (0 or 1).
- * One of the building blocks, along with lbnAdd1, of adding two bignums of
- * differing lengths.
- *
- * Technique: Maintain a word of carry. If there is no double-width type,
- * use the same technique as in lbnAdd1, above, to maintain the carry by
- * comparing the inputs. Adding the carry sources is used as an OR operator;
- * at most one of the two comparisons can possibly be true. The first can
- * only be true if carry == 1 and x, the result, is 0. In that case the
- * second can't possibly be true.
- */
-#ifndef lbnAddN_32
-#ifdef BNWORD64
-BNWORD32
-lbnAddN_32(BNWORD32 *num1, BNWORD32 const *num2, unsigned len)
-{
- BNWORD64 t;
-
- assert(len > 0);
-
- t = (BNWORD64)BIGLITTLE(*--num1,*num1) + BIGLITTLE(*--num2,*num2++);
- BIGLITTLE(*num1,*num1++) = (BNWORD32)t;
- while (--len) {
- t = (BNWORD64)BIGLITTLE(*--num1,*num1) +
- (BNWORD64)BIGLITTLE(*--num2,*num2++) + (t >> 32);
- BIGLITTLE(*num1,*num1++) = (BNWORD32)t;
- }
-
- return (BNWORD32)(t>>32);
-}
-#else /* no BNWORD64 */
-BNWORD32
-lbnAddN_32(BNWORD32 *num1, BNWORD32 const *num2, unsigned len)
-{
- BNWORD32 x, carry = 0;
-
- assert(len > 0); /* Alternative: change loop to test at start */
-
- do {
- x = BIGLITTLE(*--num2,*num2++);
- carry = (x += carry) < carry;
- carry += (BIGLITTLE(*--num1,*num1++) += x) < x;
- } while (--len);
-
- return carry;
-}
-#endif
-#endif /* !lbnAddN_32 */
-
-/*
- * lbnSubN_32: add two bignums of the same length, returning the carry (0 or 1).
- * One of the building blocks, along with subn1, of subtracting two bignums of
- * differing lengths.
- *
- * Technique: If no double-width type is availble, maintain a word of borrow.
- * First, add the borrow to the subtrahend (did you have to learn all those
- * awful words in elementary school, too?), and if it overflows, set the
- * borrow again. Then subtract the modified subtrahend from the next word
- * of input, using the same technique as in subn1, above.
- * Adding the borrows is used as an OR operator; at most one of the two
- * comparisons can possibly be true. The first can only be true if
- * borrow == 1 and x, the result, is 0. In that case the second can't
- * possibly be true.
- *
- * In the double-word case, (BNWORD32)-(t>>32) is subtracted, rather than
- * adding t>>32, because the shift would need to sign-extend and that's
- * not guaranteed to happen in ANSI C, even with signed types.
- */
-#ifndef lbnSubN_32
-#ifdef BNWORD64
-BNWORD32
-lbnSubN_32(BNWORD32 *num1, BNWORD32 const *num2, unsigned len)
-{
- BNWORD64 t;
-
- assert(len > 0);
-
- t = (BNWORD64)BIGLITTLE(*--num1,*num1) - BIGLITTLE(*--num2,*num2++);
- BIGLITTLE(*num1,*num1++) = (BNWORD32)t;
-
- while (--len) {
- t = (BNWORD64)BIGLITTLE(*--num1,*num1) -
- (BNWORD64)BIGLITTLE(*--num2,*num2++) - (BNWORD32)-(t >> 32);
- BIGLITTLE(*num1,*num1++) = (BNWORD32)t;
- }
-
- return -(BNWORD32)(t>>32);
-}
-#else
-BNWORD32
-lbnSubN_32(BNWORD32 *num1, BNWORD32 const *num2, unsigned len)
-{
- BNWORD32 x, borrow = 0;
-
- assert(len > 0); /* Alternative: change loop to test at start */
-
- do {
- x = BIGLITTLE(*--num2,*num2++);
- borrow = (x += borrow) < borrow;
- borrow += (BIGLITTLE(*--num1,*num1++) -= x) > (BNWORD32)~x;
- } while (--len);
-
- return borrow;
-}
-#endif
-#endif /* !lbnSubN_32 */
-
-#ifndef lbnCmp_32
-/*
- * lbnCmp_32: compare two bignums of equal length, returning the sign of
- * num1 - num2. (-1, 0 or +1).
- *
- * Technique: Change the little-endian pointers to big-endian pointers
- * and compare from the most-significant end until a difference if found.
- * When it is, figure out the sign of the difference and return it.
- */
-int
-lbnCmp_32(BNWORD32 const *num1, BNWORD32 const *num2, unsigned len)
-{
- BIGLITTLE(num1 -= len, num1 += len);
- BIGLITTLE(num2 -= len, num2 += len);
-
- while (len--) {
- if (BIGLITTLE(*num1++ != *num2++, *--num1 != *--num2)) {
- if (BIGLITTLE(num1[-1] < num2[-1], *num1 < *num2))
- return -1;
- else
- return 1;
- }
- }
- return 0;
-}
-#endif /* !lbnCmp_32 */
-
-/*
- * mul32_ppmmaa(ph,pl,x,y,a,b) is an optional routine that
- * computes (ph,pl) = x * y + a + b. mul32_ppmma and mul32_ppmm
- * are simpler versions. If you want to be lazy, all of these
- * can be defined in terms of the others, so here we create any
- * that have not been defined in terms of the ones that have been.
- */
-
-/* Define ones with fewer a's in terms of ones with more a's */
-#if !defined(mul32_ppmma) && defined(mul32_ppmmaa)
-#define mul32_ppmma(ph,pl,x,y,a) mul32_ppmmaa(ph,pl,x,y,a,0)
-#endif
-
-#if !defined(mul32_ppmm) && defined(mul32_ppmma)
-#define mul32_ppmm(ph,pl,x,y) mul32_ppmma(ph,pl,x,y,0)
-#endif
-
-/*
- * Use this definition to test the mul32_ppmm-based operations on machines
- * that do not provide mul32_ppmm. Change the final "0" to a "1" to
- * enable it.
- */
-#if !defined(mul32_ppmm) && defined(BNWORD64) && 0 /* Debugging */
-#define mul32_ppmm(ph,pl,x,y) \
- ({BNWORD64 _ = (BNWORD64)(x)*(y); (pl) = _; (ph) = _>>32;})
-#endif
-
-#if defined(mul32_ppmm) && !defined(mul32_ppmma)
-#define mul32_ppmma(ph,pl,x,y,a) \
- (mul32_ppmm(ph,pl,x,y), (ph) += ((pl) += (a)) < (a))
-#endif
-
-#if defined(mul32_ppmma) && !defined(mul32_ppmmaa)
-#define mul32_ppmmaa(ph,pl,x,y,a,b) \
- (mul32_ppmma(ph,pl,x,y,a), (ph) += ((pl) += (b)) < (b))
-#endif
-
-/*
- * lbnMulN1_32: Multiply an n-word input by a 1-word input and store the
- * n+1-word product. This uses either the mul32_ppmm and mul32_ppmma
- * macros, or C multiplication with the BNWORD64 type. This uses mul32_ppmma
- * if available, assuming you won't bother defining it unless you can do
- * better than the normal multiplication.
- */
-#ifndef lbnMulN1_32
-#ifdef lbnMulAdd1_32 /* If we have this asm primitive, use it. */
-void
-lbnMulN1_32(BNWORD32 *out, BNWORD32 const *in, unsigned len, BNWORD32 k)
-{
- lbnZero_32(out, len);
- BIGLITTLE(*(out-len),*(out+len)) = lbnMulAdd1_32(out, in, len, k);
-}
-#elif defined(mul32_ppmm)
-void
-lbnMulN1_32(BNWORD32 *out, BNWORD32 const *in, unsigned len, BNWORD32 k)
-{
- BNWORD32 prod, carry, carryin;
-
- assert(len > 0);
-
- BIG(--out;--in;);
- mul32_ppmm(carry, *out, *in, k);
- LITTLE(out++;in++;)
-
- while (--len) {
- BIG(--out;--in;)
- carryin = carry;
- mul32_ppmma(carry, *out, *in, k, carryin);
- LITTLE(out++;in++;)
- }
- BIGLITTLE(*--out,*out) = carry;
-}
-#elif defined(BNWORD64)
-void
-lbnMulN1_32(BNWORD32 *out, BNWORD32 const *in, unsigned len, BNWORD32 k)
-{
- BNWORD64 p;
-
- assert(len > 0);
-
- p = (BNWORD64)BIGLITTLE(*--in,*in++) * k;
- BIGLITTLE(*--out,*out++) = (BNWORD32)p;
-
- while (--len) {
- p = (BNWORD64)BIGLITTLE(*--in,*in++) * k + (BNWORD32)(p >> 32);
- BIGLITTLE(*--out,*out++) = (BNWORD32)p;
- }
- BIGLITTLE(*--out,*out) = (BNWORD32)(p >> 32);
-}
-#else
-#error No 32x32 -> 64 multiply available for 32-bit bignum package
-#endif
-#endif /* lbnMulN1_32 */
-
-/*
- * lbnMulAdd1_32: Multiply an n-word input by a 1-word input and add the
- * low n words of the product to the destination. *Returns the n+1st word
- * of the product.* (That turns out to be more convenient than adding
- * it into the destination and dealing with a possible unit carry out
- * of *that*.) This uses either the mul32_ppmma and mul32_ppmmaa macros,
- * or C multiplication with the BNWORD64 type.
- *
- * If you're going to write assembly primitives, this is the one to
- * start with. It is by far the most commonly called function.
- */
-#ifndef lbnMulAdd1_32
-#if defined(mul32_ppmm)
-BNWORD32
-lbnMulAdd1_32(BNWORD32 *out, BNWORD32 const *in, unsigned len, BNWORD32 k)
-{
- BNWORD32 prod, carry, carryin;
-
- assert(len > 0);
-
- BIG(--out;--in;);
- carryin = *out;
- mul32_ppmma(carry, *out, *in, k, carryin);
- LITTLE(out++;in++;)
-
- while (--len) {
- BIG(--out;--in;);
- carryin = carry;
- mul32_ppmmaa(carry, prod, *in, k, carryin, *out);
- *out = prod;
- LITTLE(out++;in++;)
- }
-
- return carry;
-}
-#elif defined(BNWORD64)
-BNWORD32
-lbnMulAdd1_32(BNWORD32 *out, BNWORD32 const *in, unsigned len, BNWORD32 k)
-{
- BNWORD64 p;
-
- assert(len > 0);
-
- p = (BNWORD64)BIGLITTLE(*--in,*in++) * k + BIGLITTLE(*--out,*out);
- BIGLITTLE(*out,*out++) = (BNWORD32)p;
-
- while (--len) {
- p = (BNWORD64)BIGLITTLE(*--in,*in++) * k +
- (BNWORD32)(p >> 32) + BIGLITTLE(*--out,*out);
- BIGLITTLE(*out,*out++) = (BNWORD32)p;
- }
-
- return (BNWORD32)(p >> 32);
-}
-#else
-#error No 32x32 -> 64 multiply available for 32-bit bignum package
-#endif
-#endif /* lbnMulAdd1_32 */
-
-/*
- * lbnMulSub1_32: Multiply an n-word input by a 1-word input and subtract the
- * n-word product from the destination. Returns the n+1st word of the product.
- * This uses either the mul32_ppmm and mul32_ppmma macros, or
- * C multiplication with the BNWORD64 type.
- *
- * This is rather uglier than adding, but fortunately it's only used in
- * division which is not used too heavily.
- */
-#ifndef lbnMulN1_32
-#if defined(mul32_ppmm)
-BNWORD32
-lbnMulSub1_32(BNWORD32 *out, BNWORD32 const *in, unsigned len, BNWORD32 k)
-{
- BNWORD32 prod, carry, carryin;
-
- assert(len > 0);
-
- BIG(--in;)
- mul32_ppmm(carry, prod, *in, k);
- LITTLE(in++;)
- carry += (BIGLITTLE(*--out,*out++) -= prod) > (BNWORD32)~prod;
-
- while (--len) {
- BIG(--in;);
- carryin = carry;
- mul32_ppmma(carry, prod, *in, k, carryin);
- LITTLE(in++;)
- carry += (BIGLITTLE(*--out,*out++) -= prod) > (BNWORD32)~prod;
- }
-
- return carry;
-}
-#elif defined(BNWORD64)
-BNWORD32
-lbnMulSub1_32(BNWORD32 *out, BNWORD32 const *in, unsigned len, BNWORD32 k)
-{
- BNWORD64 p;
- BNWORD32 carry, t;
-
- assert(len > 0);
-
- p = (BNWORD64)BIGLITTLE(*--in,*in++) * k;
- t = BIGLITTLE(*--out,*out);
- carry = (BNWORD32)(p>>32) + ((BIGLITTLE(*out,*out++)=t-(BNWORD32)p) > t);
-
- while (--len) {
- p = (BNWORD64)BIGLITTLE(*--in,*in++) * k + carry;
- t = BIGLITTLE(*--out,*out);
- carry = (BNWORD32)(p>>32) +
- ( (BIGLITTLE(*out,*out++)=t-(BNWORD32)p) > t );
- }
-
- return carry;
-}
-#else
-#error No 32x32 -> 64 multiply available for 32-bit bignum package
-#endif
-#endif /* !lbnMulSub1_32 */
-
-/*
- * Shift n words left "shift" bits. 0 < shift < 32. Returns the
- * carry, any bits shifted off the left-hand side (0 <= carry < 2^shift).
- */
-#ifndef lbnLshift_32
-BNWORD32
-lbnLshift_32(BNWORD32 *num, unsigned len, unsigned shift)
-{
- BNWORD32 x, carry;
-
- assert(shift > 0);
- assert(shift < 32);
-
- carry = 0;
- while (len--) {
- BIG(--num;)
- x = *num;
- *num = (x<<shift) | carry;
- LITTLE(num++;)
- carry = x >> (32-shift);
- }
- return carry;
-}
-#endif /* !lbnLshift_32 */
-
-/*
- * An optimized version of the above, for shifts of 1.
- * Some machines can use add-with-carry tricks for this.
- */
-#ifndef lbnDouble_32
-BNWORD32
-lbnDouble_32(BNWORD32 *num, unsigned len)
-{
- BNWORD32 x, carry;
-
- carry = 0;
- while (len--) {
- BIG(--num;)
- x = *num;
- *num = (x<<1) | carry;
- LITTLE(num++;)
- carry = x >> (32-1);
- }
- return carry;
-}
-#endif /* !lbnDouble_32 */
-
-/*
- * Shift n words right "shift" bits. 0 < shift < 32. Returns the
- * carry, any bits shifted off the right-hand side (0 <= carry < 2^shift).
- */
-#ifndef lbnRshift_32
-BNWORD32
-lbnRshift_32(BNWORD32 *num, unsigned len, unsigned shift)
-{
- BNWORD32 x, carry = 0;
-
- assert(shift > 0);
- assert(shift < 32);
-
- BIGLITTLE(num -= len, num += len);
-
- while (len--) {
- LITTLE(--num;)
- x = *num;
- *num = (x>>shift) | carry;
- BIG(num++;)
- carry = x << (32-shift);
- }
- return carry >> (32-shift);
-}
-#endif /* !lbnRshift_32 */
-
-/*
- * Multiply two numbers of the given lengths. prod and num2 may overlap,
- * provided that the low len1 bits of prod are free. (This corresponds
- * nicely to the place the result is returned from lbnMontReduce_32.)
- *
- * TODO: Use Karatsuba multiply. The overlap constraints may have
- * to get rewhacked.
- */
-#ifndef lbnMul_32
-void
-lbnMul_32(BNWORD32 *prod, BNWORD32 const *num1, unsigned len1,
- BNWORD32 const *num2, unsigned len2)
-{
- /* Special case of zero */
- if (!len1 || !len2) {
- lbnZero_32(prod, len1+len2);
- return;
- }
-
- /* Multiply first word */
- lbnMulN1_32(prod, num1, len1, BIGLITTLE(*--num2,*num2++));
-
- /*
- * Add in subsequent words, storing the most significant word,
- * which is new each time.
- */
- while (--len2) {
- BIGLITTLE(--prod,prod++);
- BIGLITTLE(*(prod-len1-1),*(prod+len1)) =
- lbnMulAdd1_32(prod, num1, len1, BIGLITTLE(*--num2,*num2++));
- }
-}
-#endif /* !lbnMul_32 */
-
-/*
- * lbnMulX_32 is a square multiply - both inputs are the same length.
- * It's normally just a macro wrapper around the general multiply,
- * but might be implementable in assembly more efficiently (such as
- * when product scanning).
- */
-#ifndef lbnMulX_32
-#if defined(BNWORD64) && PRODUCT_SCAN
-/*
- * Test code to see whether product scanning is any faster. It seems
- * to make the C code slower, so PRODUCT_SCAN is not defined.
- */
-static void
-lbnMulX_32(BNWORD32 *prod, BNWORD32 const *num1, BNWORD32 const *num2,
- unsigned len)
-{
- BNWORD64 x, y;
- BNWORD32 const *p1, *p2;
- unsigned carry;
- unsigned i, j;
-
- /* Special case of zero */
- if (!len)
- return;
-
- x = (BNWORD64)BIGLITTLE(num1[-1] * num2[-1], num1[0] * num2[0]);
- BIGLITTLE(*--prod, *prod++) = (BNWORD32)x;
- x >>= 32;
-
- for (i = 1; i < len; i++) {
- carry = 0;
- p1 = num1;
- p2 = BIGLITTLE(num2-i-1,num2+i+1);
- for (j = 0; j <= i; j++) {
- BIG(y = (BNWORD64)*--p1 * *p2++;)
- LITTLE(y = (BNWORD64)*p1++ * *--p2;)
- x += y;
- carry += (x < y);
- }
- BIGLITTLE(*--prod,*prod++) = (BNWORD32)x;
- x = (x >> 32) | (BNWORD64)carry << 32;
- }
- for (i = 1; i < len; i++) {
- carry = 0;
- p1 = BIGLITTLE(num1-i,num1+i);
- p2 = BIGLITTLE(num2-len,num2+len);
- for (j = i; j < len; j++) {
- BIG(y = (BNWORD64)*--p1 * *p2++;)
- LITTLE(y = (BNWORD64)*p1++ * *--p2;)
- x += y;
- carry += (x < y);
- }
- BIGLITTLE(*--prod,*prod++) = (BNWORD32)x;
- x = (x >> 32) | (BNWORD64)carry << 32;
- }
-
- BIGLITTLE(*--prod,*prod) = (BNWORD32)x;
-}
-#else /* !defined(BNWORD64) || !PRODUCT_SCAN */
-/* Default trivial macro definition */
-#define lbnMulX_32(prod, num1, num2, len) lbnMul_32(prod, num1, len, num2, len)
-#endif /* !defined(BNWORD64) || !PRODUCT_SCAN */
-#endif /* !lbmMulX_32 */
-
-#if !defined(lbnMontMul_32) && defined(BNWORD64) && PRODUCT_SCAN
-/*
- * Test code for product-scanning multiply. This seems to slow the C
- * code down rather than speed it up.
- * This does a multiply and Montgomery reduction together, using the
- * same loops. The outer loop scans across the product, twice.
- * The first pass computes the low half of the product and the
- * Montgomery multipliers. These are stored in the product array,
- * which contains no data as of yet. x and carry add up the columns
- * and propagate carries forward.
- *
- * The second half multiplies the upper half, adding in the modulus
- * times the Montgomery multipliers. The results of this multiply
- * are stored.
- */
-static void
-lbnMontMul_32(BNWORD32 *prod, BNWORD32 const *num1, BNWORD32 const *num2,
- BNWORD32 const *mod, unsigned len, BNWORD32 inv)
-{
- BNWORD64 x, y;
- BNWORD32 const *p1, *p2, *pm;
- BNWORD32 *pp;
- BNWORD32 t;
- unsigned carry;
- unsigned i, j;
-
- /* Special case of zero */
- if (!len)
- return;
-
- /*
- * This computes directly into the high half of prod, so just
- * shift the pointer and consider prod only "len" elements long
- * for the rest of the code.
- */
- BIGLITTLE(prod -= len, prod += len);
-
- /* Pass 1 - compute Montgomery multipliers */
- /* First iteration can have certain simplifications. */
- x = (BNWORD64)BIGLITTLE(num1[-1] * num2[-1], num1[0] * num2[0]);
- BIGLITTLE(prod[-1], prod[0]) = t = inv * (BNWORD32)x;
- y = (BNWORD64)t * BIGLITTLE(mod[-1],mod[0]);
- x += y;
- /* Note: GCC 2.6.3 has a bug if you try to eliminate "carry" */
- carry = (x < y);
- assert((BNWORD32)x == 0);
- x = x >> 32 | (BNWORD64)carry << 32;
-
- for (i = 1; i < len; i++) {
- carry = 0;
- p1 = num1;
- p2 = BIGLITTLE(num2-i-1,num2+i+1);
- pp = prod;
- pm = BIGLITTLE(mod-i-1,mod+i+1);
- for (j = 0; j < i; j++) {
- y = (BNWORD64)BIGLITTLE(*--p1 * *p2++, *p1++ * *--p2);
- x += y;
- carry += (x < y);
- y = (BNWORD64)BIGLITTLE(*--pp * *pm++, *pp++ * *--pm);
- x += y;
- carry += (x < y);
- }
- y = (BNWORD64)BIGLITTLE(p1[-1] * p2[0], p1[0] * p2[-1]);
- x += y;
- carry += (x < y);
- assert(BIGLITTLE(pp == prod-i, pp == prod+i));
- BIGLITTLE(pp[-1], pp[0]) = t = inv * (BNWORD32)x;
- assert(BIGLITTLE(pm == mod-1, pm == mod+1));
- y = (BNWORD64)t * BIGLITTLE(pm[0],pm[-1]);
- x += y;
- carry += (x < y);
- assert((BNWORD32)x == 0);
- x = x >> 32 | (BNWORD64)carry << 32;
- }
-
- /* Pass 2 - compute reduced product and store */
- for (i = 1; i < len; i++) {
- carry = 0;
- p1 = BIGLITTLE(num1-i,num1+i);
- p2 = BIGLITTLE(num2-len,num2+len);
- pm = BIGLITTLE(mod-i,mod+i);
- pp = BIGLITTLE(prod-len,prod+len);
- for (j = i; j < len; j++) {
- y = (BNWORD64)BIGLITTLE(*--p1 * *p2++, *p1++ * *--p2);
- x += y;
- carry += (x < y);
- y = (BNWORD64)BIGLITTLE(*--pm * *pp++, *pm++ * *--pp);
- x += y;
- carry += (x < y);
- }
- assert(BIGLITTLE(pm == mod-len, pm == mod+len));
- assert(BIGLITTLE(pp == prod-i, pp == prod+i));
- BIGLITTLE(pp[0],pp[-1]) = (BNWORD32)x;
- x = (x >> 32) | (BNWORD64)carry << 32;
- }
-
- /* Last round of second half, simplified. */
- BIGLITTLE(*(prod-len),*(prod+len-1)) = (BNWORD32)x;
- carry = (x >> 32);
-
- while (carry)
- carry -= lbnSubN_32(prod, mod, len);
- while (lbnCmp_32(prod, mod, len) >= 0)
- (void)lbnSubN_32(prod, mod, len);
-}
-/* Suppress later definition */
-#define lbnMontMul_32 lbnMontMul_32
-#endif
-
-#if !defined(lbnSquare_32) && defined(BNWORD64) && PRODUCT_SCAN
-/*
- * Trial code for product-scanning squaring. This seems to slow the C
- * code down rather than speed it up.
- */
-void
-lbnSquare_32(BNWORD32 *prod, BNWORD32 const *num, unsigned len)
-{
- BNWORD64 x, y, z;
- BNWORD32 const *p1, *p2;
- unsigned carry;
- unsigned i, j;
-
- /* Special case of zero */
- if (!len)
- return;
-
- /* Word 0 of product */
- x = (BNWORD64)BIGLITTLE(num[-1] * num[-1], num[0] * num[0]);
- BIGLITTLE(*--prod, *prod++) = (BNWORD32)x;
- x >>= 32;
-
- /* Words 1 through len-1 */
- for (i = 1; i < len; i++) {
- carry = 0;
- y = 0;
- p1 = num;
- p2 = BIGLITTLE(num-i-1,num+i+1);
- for (j = 0; j < (i+1)/2; j++) {
- BIG(z = (BNWORD64)*--p1 * *p2++;)
- LITTLE(z = (BNWORD64)*p1++ * *--p2;)
- y += z;
- carry += (y < z);
- }
- y += z = y;
- carry += carry + (y < z);
- if ((i & 1) == 0) {
- assert(BIGLITTLE(--p1 == p2, p1 == --p2));
- BIG(z = (BNWORD64)*p2 * *p2;)
- LITTLE(z = (BNWORD64)*p1 * *p1;)
- y += z;
- carry += (y < z);
- }
- x += y;
- carry += (x < y);
- BIGLITTLE(*--prod,*prod++) = (BNWORD32)x;
- x = (x >> 32) | (BNWORD64)carry << 32;
- }
- /* Words len through 2*len-2 */
- for (i = 1; i < len; i++) {
- carry = 0;
- y = 0;
- p1 = BIGLITTLE(num-i,num+i);
- p2 = BIGLITTLE(num-len,num+len);
- for (j = 0; j < (len-i)/2; j++) {
- BIG(z = (BNWORD64)*--p1 * *p2++;)
- LITTLE(z = (BNWORD64)*p1++ * *--p2;)
- y += z;
- carry += (y < z);
- }
- y += z = y;
- carry += carry + (y < z);
- if ((len-i) & 1) {
- assert(BIGLITTLE(--p1 == p2, p1 == --p2));
- BIG(z = (BNWORD64)*p2 * *p2;)
- LITTLE(z = (BNWORD64)*p1 * *p1;)
- y += z;
- carry += (y < z);
- }
- x += y;
- carry += (x < y);
- BIGLITTLE(*--prod,*prod++) = (BNWORD32)x;
- x = (x >> 32) | (BNWORD64)carry << 32;
- }
-
- /* Word 2*len-1 */
- BIGLITTLE(*--prod,*prod) = (BNWORD32)x;
-}
-/* Suppress later definition */
-#define lbnSquare_32 lbnSquare_32
-#endif
-
-/*
- * Square a number, using optimized squaring to reduce the number of
- * primitive multiples that are executed. There may not be any
- * overlap of the input and output.
- *
- * Technique: Consider the partial products in the multiplication
- * of "abcde" by itself:
- *
- * a b c d e
- * * a b c d e
- * ==================
- * ae be ce de ee
- * ad bd cd dd de
- * ac bc cc cd ce
- * ab bb bc bd be
- * aa ab ac ad ae
- *
- * Note that everything above the main diagonal:
- * ae be ce de = (abcd) * e
- * ad bd cd = (abc) * d
- * ac bc = (ab) * c
- * ab = (a) * b
- *
- * is a copy of everything below the main diagonal:
- * de
- * cd ce
- * bc bd be
- * ab ac ad ae
- *
- * Thus, the sum is 2 * (off the diagonal) + diagonal.
- *
- * This is accumulated beginning with the diagonal (which
- * consist of the squares of the digits of the input), which is then
- * divided by two, the off-diagonal added, and multiplied by two
- * again. The low bit is simply a copy of the low bit of the
- * input, so it doesn't need special care.
- *
- * TODO: Merge the shift by 1 with the squaring loop.
- * TODO: Use Karatsuba. (a*W+b)^2 = a^2 * (W^2+W) + b^2 * (W+1) - (a-b)^2 * W.
- */
-#ifndef lbnSquare_32
-void
-lbnSquare_32(BNWORD32 *prod, BNWORD32 const *num, unsigned len)
-{
- BNWORD32 t;
- BNWORD32 *prodx = prod; /* Working copy of the argument */
- BNWORD32 const *numx = num; /* Working copy of the argument */
- unsigned lenx = len; /* Working copy of the argument */
-
- if (!len)
- return;
-
- /* First, store all the squares */
- while (lenx--) {
-#ifdef mul32_ppmm
- BNWORD32 ph, pl;
- t = BIGLITTLE(*--numx,*numx++);
- mul32_ppmm(ph,pl,t,t);
- BIGLITTLE(*--prodx,*prodx++) = pl;
- BIGLITTLE(*--prodx,*prodx++) = ph;
-#elif defined(BNWORD64) /* use BNWORD64 */
- BNWORD64 p;
- t = BIGLITTLE(*--numx,*numx++);
- p = (BNWORD64)t * t;
- BIGLITTLE(*--prodx,*prodx++) = (BNWORD32)p;
- BIGLITTLE(*--prodx,*prodx++) = (BNWORD32)(p>>32);
-#else /* Use lbnMulN1_32 */
- t = BIGLITTLE(numx[-1],*numx);
- lbnMulN1_32(prodx, numx, 1, t);
- BIGLITTLE(--numx,numx++);
- BIGLITTLE(prodx -= 2, prodx += 2);
-#endif
- }
- /* Then, shift right 1 bit */
- (void)lbnRshift_32(prod, 2*len, 1);
-
- /* Then, add in the off-diagonal sums */
- lenx = len;
- numx = num;
- prodx = prod;
- while (--lenx) {
- t = BIGLITTLE(*--numx,*numx++);
- BIGLITTLE(--prodx,prodx++);
- t = lbnMulAdd1_32(prodx, numx, lenx, t);
- lbnAdd1_32(BIGLITTLE(prodx-lenx,prodx+lenx), lenx+1, t);
- BIGLITTLE(--prodx,prodx++);
- }
-
- /* Shift it back up */
- lbnDouble_32(prod, 2*len);
-
- /* And set the low bit appropriately */
- BIGLITTLE(prod[-1],prod[0]) |= BIGLITTLE(num[-1],num[0]) & 1;
-}
-#endif /* !lbnSquare_32 */
-
-/*
- * lbnNorm_32 - given a number, return a modified length such that the
- * most significant digit is non-zero. Zero-length input is okay.
- */
-#ifndef lbnNorm_32
-unsigned
-lbnNorm_32(BNWORD32 const *num, unsigned len)
-{
- BIGLITTLE(num -= len,num += len);
- while (len && BIGLITTLE(*num++,*--num) == 0)
- --len;
- return len;
-}
-#endif /* lbnNorm_32 */
-
-/*
- * lbnBits_32 - return the number of significant bits in the array.
- * It starts by normalizing the array. Zero-length input is okay.
- * Then assuming there's anything to it, it fetches the high word,
- * generates a bit length by multiplying the word length by 32, and
- * subtracts off 32/2, 32/4, 32/8, ... bits if the high bits are clear.
- */
-#ifndef lbnBits_32
-unsigned
-lbnBits_32(BNWORD32 const *num, unsigned len)
-{
- BNWORD32 t;
- unsigned i;
-
- len = lbnNorm_32(num, len);
- if (len) {
- t = BIGLITTLE(*(num-len),*(num+(len-1)));
- assert(t);
- len *= 32;
- i = 32/2;
- do {
- if (t >> i)
- t >>= i;
- else
- len -= i;
- } while ((i /= 2) != 0);
- }
- return len;
-}
-#endif /* lbnBits_32 */
-
-/*
- * If defined, use hand-rolled divide rather than compiler's native.
- * If the machine doesn't do it in line, the manual code is probably
- * faster, since it can assume normalization and the fact that the
- * quotient will fit into 32 bits, which a general 64-bit divide
- * in a compiler's run-time library can't do.
- */
-#ifndef BN_SLOW_DIVIDE_64
-/* Assume that divisors of more than thirty-two bits are slow */
-#define BN_SLOW_DIVIDE_64 (64 > 0x20)
-#endif
-
-/*
- * Return (nh<<32|nl) % d, and place the quotient digit into *q.
- * It is guaranteed that nh < d, and that d is normalized (with its high
- * bit set). If we have a double-width type, it's easy. If not, ooh,
- * yuk!
- */
-#ifndef lbnDiv21_32
-#if defined(BNWORD64) && !BN_SLOW_DIVIDE_64
-BNWORD32
-lbnDiv21_32(BNWORD32 *q, BNWORD32 nh, BNWORD32 nl, BNWORD32 d)
-{
- BNWORD64 n = (BNWORD64)nh << 32 | nl;
-
- /* Divisor must be normalized */
- assert(d >> (32-1) == 1);
-
- *q = n / d;
- return n % d;
-}
-#else
-/*
- * This is where it gets ugly.
- *
- * Do the division in two halves, using Algorithm D from section 4.3.1
- * of Knuth. Note Theorem B from that section, that the quotient estimate
- * is never more than the true quotient, and is never more than two
- * too low.
- *
- * The mapping onto conventional long division is (everything a half word):
- * _____________qh___ql_
- * dh dl ) nh.h nh.l nl.h nl.l
- * - (qh * d)
- * -----------
- * rrrr rrrr nl.l
- * - (ql * d)
- * -----------
- * rrrr rrrr
- *
- * The implicit 3/2-digit d*qh and d*ql subtractors are computed this way:
- * First, estimate a q digit so that nh/dh works. Subtracting qh*dh from
- * the (nh.h nh.l) list leaves a 1/2-word remainder r. Then compute the
- * low part of the subtractor, qh * dl. This also needs to be subtracted
- * from (nh.h nh.l nl.h) to get the final remainder. So we take the
- * remainder, which is (nh.h nh.l) - qh*dl, shift it and add in nl.h, and
- * try to subtract qh * dl from that. Since the remainder is 1/2-word
- * long, shifting and adding nl.h results in a single word r.
- * It is possible that the remainder we're working with, r, is less than
- * the product qh * dl, if we estimated qh too high. The estimation
- * technique can produce a qh that is too large (never too small), leading
- * to r which is too small. In that case, decrement the digit qh, add
- * shifted dh to r (to correct for that error), and subtract dl from the
- * product we're comparing r with. That's the "correct" way to do it, but
- * just adding dl to r instead of subtracting it from the product is
- * equivalent and a lot simpler. You just have to watch out for overflow.
- *
- * The process is repeated with (rrrr rrrr nl.l) for the low digit of the
- * quotient ql.
- *
- * The various uses of 32/2 for shifts are because of the note about
- * automatic editing of this file at the very top of the file.
- */
-#define highhalf(x) ( (x) >> 32/2 )
-#define lowhalf(x) ( (x) & (((BNWORD32)1 << 32/2)-1) )
-BNWORD32
-lbnDiv21_32(BNWORD32 *q, BNWORD32 nh, BNWORD32 nl, BNWORD32 d)
-{
- BNWORD32 dh = highhalf(d), dl = lowhalf(d);
- BNWORD32 qh, ql, prod, r;
-
- /* Divisor must be normalized */
- assert((d >> (32-1)) == 1);
-
- /* Do first half-word of division */
- qh = nh / dh;
- r = nh % dh;
- prod = qh * dl;
-
- /*
- * Add next half-word of numerator to remainder and correct.
- * qh may be up to two too large.
- */
- r = (r << (32/2)) | highhalf(nl);
- if (r < prod) {
- --qh; r += d;
- if (r >= d && r < prod) {
- --qh; r += d;
- }
- }
- r -= prod;
-
- /* Do second half-word of division */
- ql = r / dh;
- r = r % dh;
- prod = ql * dl;
-
- r = (r << (32/2)) | lowhalf(nl);
- if (r < prod) {
- --ql; r += d;
- if (r >= d && r < prod) {
- --ql; r += d;
- }
- }
- r -= prod;
-
- *q = (qh << (32/2)) | ql;
-
- return r;
-}
-#endif
-#endif /* lbnDiv21_32 */
-
-
-/*
- * In the division functions, the dividend and divisor are referred to
- * as "n" and "d", which stand for "numerator" and "denominator".
- *
- * The quotient is (nlen-dlen+1) digits long. It may be overlapped with
- * the high (nlen-dlen) words of the dividend, but one extra word is needed
- * on top to hold the top word.
- */
-
-/*
- * Divide an n-word number by a 1-word number, storing the remainder
- * and n-1 words of the n-word quotient. The high word is returned.
- * It IS legal for rem to point to the same address as n, and for
- * q to point one word higher.
- *
- * TODO: If BN_SLOW_DIVIDE_64, add a divnhalf_32 which uses 32-bit
- * dividends if the divisor is half that long.
- * TODO: Shift the dividend on the fly to avoid the last division and
- * instead have a remainder that needs shifting.
- * TODO: Use reciprocals rather than dividing.
- */
-#ifndef lbnDiv1_32
-BNWORD32
-lbnDiv1_32(BNWORD32 *q, BNWORD32 *rem, BNWORD32 const *n, unsigned len,
- BNWORD32 d)
-{
- unsigned shift;
- unsigned xlen;
- BNWORD32 r;
- BNWORD32 qhigh;
-
- assert(len > 0);
- assert(d);
-
- if (len == 1) {
- r = *n;
- *rem = r%d;
- return r/d;
- }
-
- shift = 0;
- r = d;
- xlen = 32/2;
- do {
- if (r >> xlen)
- r >>= xlen;
- else
- shift += xlen;
- } while ((xlen /= 2) != 0);
- assert((d >> (32-1-shift)) == 1);
- d <<= shift;
-
- BIGLITTLE(q -= len-1,q += len-1);
- BIGLITTLE(n -= len,n += len);
-
- r = BIGLITTLE(*n++,*--n);
- if (r < d) {
- qhigh = 0;
- } else {
- qhigh = r/d;
- r %= d;
- }
-
- xlen = len;
- while (--xlen)
- r = lbnDiv21_32(BIGLITTLE(q++,--q), r, BIGLITTLE(*n++,*--n), d);
-
- /*
- * Final correction for shift - shift the quotient up "shift"
- * bits, and merge in the extra bits of quotient. Then reduce
- * the final remainder mod the real d.
- */
- if (shift) {
- d >>= shift;
- qhigh = (qhigh << shift) | lbnLshift_32(q, len-1, shift);
- BIGLITTLE(q[-1],*q) |= r/d;
- r %= d;
- }
- *rem = r;
-
- return qhigh;
-}
-#endif
-
-/*
- * This function performs a "quick" modulus of a number with a divisor
- * d which is guaranteed to be at most sixteen bits, i.e. less than 65536.
- * This applies regardless of the word size the library is compiled with.
- *
- * This function is important to prime generation, for sieving.
- */
-#ifndef lbnModQ_32
-/* If there's a custom lbnMod21_32, no normalization needed */
-#ifdef lbnMod21_32
-unsigned
-lbnModQ_32(BNWORD32 const *n, unsigned len, unsigned d)
-{
- unsigned i, shift;
- BNWORD32 r;
-
- assert(len > 0);
-
- BIGLITTLE(n -= len,n += len);
-
- /* Try using a compare to avoid the first divide */
- r = BIGLITTLE(*n++,*--n);
- if (r >= d)
- r %= d;
- while (--len)
- r = lbnMod21_32(r, BIGLITTLE(*n++,*--n), d);
-
- return r;
-}
-#elif defined(BNWORD64) && !BN_SLOW_DIVIDE_64
-unsigned
-lbnModQ_32(BNWORD32 const *n, unsigned len, unsigned d)
-{
- BNWORD32 r;
-
- if (!--len)
- return BIGLITTLE(n[-1],n[0]) % d;
-
- BIGLITTLE(n -= len,n += len);
- r = BIGLITTLE(n[-1],n[0]);
-
- do {
- r = (BNWORD32)((((BNWORD64)r<<32) | BIGLITTLE(*n++,*--n)) % d);
- } while (--len);
-
- return r;
-}
-#elif 32 >= 0x20
-/*
- * If the single word size can hold 65535*65536, then this function
- * is avilable.
- */
-#ifndef highhalf
-#define highhalf(x) ( (x) >> 32/2 )
-#define lowhalf(x) ( (x) & ((1 << 32/2)-1) )
-#endif
-unsigned
-lbnModQ_32(BNWORD32 const *n, unsigned len, unsigned d)
-{
- BNWORD32 r, x;
-
- BIGLITTLE(n -= len,n += len);
-
- r = BIGLITTLE(*n++,*--n);
- while (--len) {
- x = BIGLITTLE(*n++,*--n);
- r = (r%d << 32/2) | highhalf(x);
- r = (r%d << 32/2) | lowhalf(x);
- }
-
- return r%d;
-}
-#else
-/* Default case - use lbnDiv21_32 */
-unsigned
-lbnModQ_32(BNWORD32 const *n, unsigned len, unsigned d)
-{
- unsigned i, shift;
- BNWORD32 r;
- BNWORD32 q;
-
- assert(len > 0);
-
- shift = 0;
- r = d;
- i = 32;
- while (i /= 2) {
- if (r >> i)
- r >>= i;
- else
- shift += i;
- }
- assert(d >> (32-1-shift) == 1);
- d <<= shift;
-
- BIGLITTLE(n -= len,n += len);
-
- r = BIGLITTLE(*n++,*--n);
- if (r >= d)
- r %= d;
-
- while (--len)
- r = lbnDiv21_32(&q, r, BIGLITTLE(*n++,*--n), d);
-
- /*
- * Final correction for shift - shift the quotient up "shift"
- * bits, and merge in the extra bits of quotient. Then reduce
- * the final remainder mod the real d.
- */
- if (shift)
- r %= d >> shift;
-
- return r;
-}
-#endif
-#endif /* lbnModQ_32 */
-
-/*
- * Reduce n mod d and return the quotient. That is, find:
- * q = n / d;
- * n = n % d;
- * d is altered during the execution of this subroutine by normalizing it.
- * It must already have its most significant word non-zero; it is shifted
- * so its most significant bit is non-zero.
- *
- * The quotient q is nlen-dlen+1 words long. To make it possible to
- * overlap the quptient with the input (you can store it in the high dlen
- * words), the high word of the quotient is *not* stored, but is returned.
- * (If all you want is the remainder, you don't care about it, anyway.)
- *
- * This uses algorithm D from Knuth (4.3.1), except that we do binary
- * (shift) normalization of the divisor. WARNING: This is hairy!
- *
- * This function is used for some modular reduction, but it is not used in
- * the modular exponentiation loops; they use Montgomery form and the
- * corresponding, more efficient, Montgomery reduction. This code
- * is needed for the conversion to Montgomery form, however, so it
- * has to be here and it might as well be reasonably efficient.
- *
- * The overall operation is as follows ("top" and "up" refer to the
- * most significant end of the number; "bottom" and "down", the least):
- *
- * - Shift the divisor up until the most significant bit is set.
- * - Shift the dividend up the same amount. This will produce the
- * correct quotient, and the remainder can be recovered by shifting
- * it back down the same number of bits. This may produce an overflow
- * word, but the word is always strictly less than the most significant
- * divisor word.
- * - Estimate the first quotient digit qhat:
- * - First take the top two words (one of which is the overflow) of the
- * dividend and divide by the top word of the divisor:
- * qhat = (nh,nm)/dh. This qhat is >= the correct quotient digit
- * and, since dh is normalized, it is at most two over.
- * - Second, correct by comparing the top three words. If
- * (dh,dl) * qhat > (nh,nm,ml), decrease qhat and try again.
- * The second iteration can be simpler because there can't be a third.
- * The computation can be simplified by subtracting dh*qhat from
- * both sides, suitably shifted. This reduces the left side to
- * dl*qhat. On the right, (nh,nm)-dh*qhat is simply the
- * remainder r from (nh,nm)%dh, so the right is (r,nl).
- * This produces qhat that is almost always correct and at
- * most (prob ~ 2/2^32) one too high.
- * - Subtract qhat times the divisor (suitably shifted) from the dividend.
- * If there is a borrow, qhat was wrong, so decrement it
- * and add the divisor back in (once).
- * - Store the final quotient digit qhat in the quotient array q.
- *
- * Repeat the quotient digit computation for successive digits of the
- * quotient until the whole quotient has been computed. Then shift the
- * divisor and the remainder down to correct for the normalization.
- *
- * TODO: Special case 2-word divisors.
- * TODO: Use reciprocals rather than dividing.
- */
-#ifndef divn_32
-BNWORD32
-lbnDiv_32(BNWORD32 *q, BNWORD32 *n, unsigned nlen, BNWORD32 *d, unsigned dlen)
-{
- BNWORD32 nh,nm,nl; /* Top three words of the dividend */
- BNWORD32 dh,dl; /* Top two words of the divisor */
- BNWORD32 qhat; /* Extimate of quotient word */
- BNWORD32 r; /* Remainder from quotient estimate division */
- BNWORD32 qhigh; /* High word of quotient */
- unsigned i; /* Temp */
- unsigned shift; /* Bits shifted by normalization */
- unsigned qlen = nlen-dlen; /* Size of quotient (less 1) */
-#ifdef mul32_ppmm
- BNWORD32 t32;
-#elif defined(BNWORD64)
- BNWORD64 t64;
-#else /* use lbnMulN1_32 */
- BNWORD32 t2[2];
-#define t2high BIGLITTLE(t2[0],t2[1])
-#define t2low BIGLITTLE(t2[1],t2[0])
-#endif
-
- assert(dlen);
- assert(nlen >= dlen);
-
- /*
- * Special cases for short divisors. The general case uses the
- * top top 2 digits of the divisor (d) to estimate a quotient digit,
- * so it breaks if there are fewer digits available. Thus, we need
- * special cases for a divisor of length 1. A divisor of length
- * 2 can have a *lot* of administrivia overhead removed removed,
- * so it's probably worth special-casing that case, too.
- */
- if (dlen == 1)
- return lbnDiv1_32(q, BIGLITTLE(n-1,n), n, nlen,
- BIGLITTLE(d[-1],d[0]));
-
-#if 0
- /*
- * @@@ This is not yet written... The general loop will do,
- * albeit less efficiently
- */
- if (dlen == 2) {
- /*
- * divisor two digits long:
- * use the 3/2 technique from Knuth, but we know
- * it's exact.
- */
- dh = BIGLITTLE(d[-1],d[0]);
- dl = BIGLITTLE(d[-2],d[1]);
- shift = 0;
- if ((sh & ((BNWORD32)1 << 32-1-shift)) == 0) {
- do {
- shift++;
- } while (dh & (BNWORD32)1<<32-1-shift) == 0);
- dh = dh << shift | dl >> (32-shift);
- dl <<= shift;
-
-
- }
-
-
- for (shift = 0; (dh & (BNWORD32)1 << 32-1-shift)) == 0; shift++)
- ;
- if (shift) {
- }
- dh = dh << shift | dl >> (32-shift);
- shift = 0;
- while (dh
- }
-#endif
-
- dh = BIGLITTLE(*(d-dlen),*(d+(dlen-1)));
- assert(dh);
-
- /* Normalize the divisor */
- shift = 0;
- r = dh;
- i = 32/2;
- do {
- if (r >> i)
- r >>= i;
- else
- shift += i;
- } while ((i /= 2) != 0);
-
- nh = 0;
- if (shift) {
- lbnLshift_32(d, dlen, shift);
- dh = BIGLITTLE(*(d-dlen),*(d+(dlen-1)));
- nh = lbnLshift_32(n, nlen, shift);
- }
-
- /* Assert that dh is now normalized */
- assert(dh >> (32-1));
-
- /* Also get the second-most significant word of the divisor */
- dl = BIGLITTLE(*(d-(dlen-1)),*(d+(dlen-2)));
-
- /*
- * Adjust pointers: n to point to least significant end of first
- * first subtract, and q to one the most-significant end of the
- * quotient array.
- */
- BIGLITTLE(n -= qlen,n += qlen);
- BIGLITTLE(q -= qlen,q += qlen);
-
- /* Fetch the most significant stored word of the dividend */
- nm = BIGLITTLE(*(n-dlen),*(n+(dlen-1)));
-
- /*
- * Compute the first digit of the quotient, based on the
- * first two words of the dividend (the most significant of which
- * is the overflow word h).
- */
- if (nh) {
- assert(nh < dh);
- r = lbnDiv21_32(&qhat, nh, nm, dh);
- } else if (nm >= dh) {
- qhat = nm/dh;
- r = nm % dh;
- } else { /* Quotient is zero */
- qhigh = 0;
- goto divloop;
- }
-
- /* Now get the third most significant word of the dividend */
- nl = BIGLITTLE(*(n-(dlen-1)),*(n+(dlen-2)));
-
- /*
- * Correct qhat, the estimate of quotient digit.
- * qhat can only be high, and at most two words high,
- * so the loop can be unrolled and abbreviated.
- */
-#ifdef mul32_ppmm
- mul32_ppmm(nm, t32, qhat, dl);
- if (nm > r || (nm == r && t32 > nl)) {
- /* Decrement qhat and adjust comparison parameters */
- qhat--;
- if ((r += dh) >= dh) {
- nm -= (t32 < dl);
- t32 -= dl;
- if (nm > r || (nm == r && t32 > nl))
- qhat--;
- }
- }
-#elif defined(BNWORD64)
- t64 = (BNWORD64)qhat * dl;
- if (t64 > ((BNWORD64)r << 32) + nl) {
- /* Decrement qhat and adjust comparison parameters */
- qhat--;
- if ((r += dh) > dh) {
- t64 -= dl;
- if (t64 > ((BNWORD64)r << 32) + nl)
- qhat--;
- }
- }
-#else /* Use lbnMulN1_32 */
- lbnMulN1_32(BIGLITTLE(t2+2,t2), &dl, 1, qhat);
- if (t2high > r || (t2high == r && t2low > nl)) {
- /* Decrement qhat and adjust comparison parameters */
- qhat--;
- if ((r += dh) >= dh) {
- t2high -= (t2low < dl);
- t2low -= dl;
- if (t2high > r || (t2high == r && t2low > nl))
- qhat--;
- }
- }
-#endif
-
- /* Do the multiply and subtract */
- r = lbnMulSub1_32(n, d, dlen, qhat);
- /* If there was a borrow, add back once. */
- if (r > nh) { /* Borrow? */
- (void)lbnAddN_32(n, d, dlen);
- qhat--;
- }
-
- /* Remember the first quotient digit. */
- qhigh = qhat;
-
- /* Now, the main division loop: */
-divloop:
- while (qlen--) {
-
- /* Advance n */
- nh = BIGLITTLE(*(n-dlen),*(n+(dlen-1)));
- BIGLITTLE(++n,--n);
- nm = BIGLITTLE(*(n-dlen),*(n+(dlen-1)));
-
- if (nh == dh) {
- qhat = ~(BNWORD32)0;
- /* Optimized computation of r = (nh,nm) - qhat * dh */
- r = nh + nm;
- if (r < nh)
- goto subtract;
- } else {
- assert(nh < dh);
- r = lbnDiv21_32(&qhat, nh, nm, dh);
- }
-
- nl = BIGLITTLE(*(n-(dlen-1)),*(n+(dlen-2)));
-#ifdef mul32_ppmm
- mul32_ppmm(nm, t32, qhat, dl);
- if (nm > r || (nm == r && t32 > nl)) {
- /* Decrement qhat and adjust comparison parameters */
- qhat--;
- if ((r += dh) >= dh) {
- nm -= (t32 < dl);
- t32 -= dl;
- if (nm > r || (nm == r && t32 > nl))
- qhat--;
- }
- }
-#elif defined(BNWORD64)
- t64 = (BNWORD64)qhat * dl;
- if (t64 > ((BNWORD64)r<<32) + nl) {
- /* Decrement qhat and adjust comparison parameters */
- qhat--;
- if ((r += dh) >= dh) {
- t64 -= dl;
- if (t64 > ((BNWORD64)r << 32) + nl)
- qhat--;
- }
- }
-#else /* Use lbnMulN1_32 */
- lbnMulN1_32(BIGLITTLE(t2+2,t2), &dl, 1, qhat);
- if (t2high > r || (t2high == r && t2low > nl)) {
- /* Decrement qhat and adjust comparison parameters */
- qhat--;
- if ((r += dh) >= dh) {
- t2high -= (t2low < dl);
- t2low -= dl;
- if (t2high > r || (t2high == r && t2low > nl))
- qhat--;
- }
- }
-#endif
-
- /*
- * As a point of interest, note that it is not worth checking
- * for qhat of 0 or 1 and installing special-case code. These
- * occur with probability 2^-32, so spending 1 cycle to check
- * for them is only worth it if we save more than 2^15 cycles,
- * and a multiply-and-subtract for numbers in the 1024-bit
- * range just doesn't take that long.
- */
-subtract:
- /*
- * n points to the least significant end of the substring
- * of n to be subtracted from. qhat is either exact or
- * one too large. If the subtract gets a borrow, it was
- * one too large and the divisor is added back in. It's
- * a dlen+1 word add which is guaranteed to produce a
- * carry out, so it can be done very simply.
- */
- r = lbnMulSub1_32(n, d, dlen, qhat);
- if (r > nh) { /* Borrow? */
- (void)lbnAddN_32(n, d, dlen);
- qhat--;
- }
- /* Store the quotient digit */
- BIGLITTLE(*q++,*--q) = qhat;
- }
- /* Tah dah! */
-
- if (shift) {
- lbnRshift_32(d, dlen, shift);
- lbnRshift_32(n, dlen, shift);
- }
-
- return qhigh;
-}
-#endif
-
-/*
- * Find the negative multiplicative inverse of x (x must be odd!) modulo 2^32.
- *
- * This just performs Newton's iteration until it gets the
- * inverse. The initial estimate is always correct to 3 bits, and
- * sometimes 4. The number of valid bits doubles each iteration.
- * (To prove it, assume x * y == 1 (mod 2^n), and introduce a variable
- * for the error mod 2^2n. x * y == 1 + k*2^n (mod 2^2n) and follow
- * the iteration through.)
- */
-#ifndef lbnMontInv1_32
-BNWORD32
-lbnMontInv1_32(BNWORD32 const x)
-{
- BNWORD32 y = x, z;
-
- assert(x & 1);
-
- while ((z = x*y) != 1)
- y *= 2 - z;
- return -y;
-}
-#endif /* !lbnMontInv1_32 */
-
-#if defined(BNWORD64) && PRODUCT_SCAN
-/*
- * Test code for product-scanning Montgomery reduction.
- * This seems to slow the C code down rather than speed it up.
- *
- * The first loop computes the Montgomery multipliers, storing them over
- * the low half of the number n.
- *
- * The second half multiplies the upper half, adding in the modulus
- * times the Montgomery multipliers. The results of this multiply
- * are stored.
- */
-void
-lbnMontReduce_32(BNWORD32 *n, BNWORD32 const *mod, unsigned mlen, BNWORD32 inv)
-{
- BNWORD64 x, y;
- BNWORD32 const *pm;
- BNWORD32 *pn;
- BNWORD32 t;
- unsigned carry;
- unsigned i, j;
-
- /* Special case of zero */
- if (!mlen)
- return;
-
- /* Pass 1 - compute Montgomery multipliers */
- /* First iteration can have certain simplifications. */
- t = BIGLITTLE(n[-1],n[0]);
- x = t;
- t *= inv;
- BIGLITTLE(n[-1], n[0]) = t;
- x += (BNWORD64)t * BIGLITTLE(mod[-1],mod[0]); /* Can't overflow */
- assert((BNWORD32)x == 0);
- x = x >> 32;
-
- for (i = 1; i < mlen; i++) {
- carry = 0;
- pn = n;
- pm = BIGLITTLE(mod-i-1,mod+i+1);
- for (j = 0; j < i; j++) {
- y = (BNWORD64)BIGLITTLE(*--pn * *pm++, *pn++ * *--pm);
- x += y;
- carry += (x < y);
- }
- assert(BIGLITTLE(pn == n-i, pn == n+i));
- y = t = BIGLITTLE(pn[-1], pn[0]);
- x += y;
- carry += (x < y);
- BIGLITTLE(pn[-1], pn[0]) = t = inv * (BNWORD32)x;
- assert(BIGLITTLE(pm == mod-1, pm == mod+1));
- y = (BNWORD64)t * BIGLITTLE(pm[0],pm[-1]);
- x += y;
- carry += (x < y);
- assert((BNWORD32)x == 0);
- x = x >> 32 | (BNWORD64)carry << 32;
- }
-
- BIGLITTLE(n -= mlen, n += mlen);
-
- /* Pass 2 - compute upper words and add to n */
- for (i = 1; i < mlen; i++) {
- carry = 0;
- pm = BIGLITTLE(mod-i,mod+i);
- pn = n;
- for (j = i; j < mlen; j++) {
- y = (BNWORD64)BIGLITTLE(*--pm * *pn++, *pm++ * *--pn);
- x += y;
- carry += (x < y);
- }
- assert(BIGLITTLE(pm == mod-mlen, pm == mod+mlen));
- assert(BIGLITTLE(pn == n+mlen-i, pn == n-mlen+i));
- y = t = BIGLITTLE(*(n-i),*(n+i-1));
- x += y;
- carry += (x < y);
- BIGLITTLE(*(n-i),*(n+i-1)) = (BNWORD32)x;
- x = (x >> 32) | (BNWORD64)carry << 32;
- }
-
- /* Last round of second half, simplified. */
- t = BIGLITTLE(*(n-mlen),*(n+mlen-1));
- x += t;
- BIGLITTLE(*(n-mlen),*(n+mlen-1)) = (BNWORD32)x;
- carry = (unsigned)(x >> 32);
-
- while (carry)
- carry -= lbnSubN_32(n, mod, mlen);
- while (lbnCmp_32(n, mod, mlen) >= 0)
- (void)lbnSubN_32(n, mod, mlen);
-}
-#define lbnMontReduce_32 lbnMontReduce_32
-#endif
-
-/*
- * Montgomery reduce n, modulo mod. This reduces modulo mod and divides by
- * 2^(32*mlen). Returns the result in the *top* mlen words of the argument n.
- * This is ready for another multiplication using lbnMul_32.
- *
- * Montgomery representation is a very useful way to encode numbers when
- * you're doing lots of modular reduction. What you do is pick a multiplier
- * R which is relatively prime to the modulus and very easy to divide by.
- * Since the modulus is odd, R is closen as a power of 2, so the division
- * is a shift. In fact, it's a shift of an integral number of words,
- * so the shift can be implicit - just drop the low-order words.
- *
- * Now, choose R *larger* than the modulus m, 2^(32*mlen). Then convert
- * all numbers a, b, etc. to Montgomery form M(a), M(b), etc using the
- * relationship M(a) = a*R mod m, M(b) = b*R mod m, etc. Note that:
- * - The Montgomery form of a number depends on the modulus m.
- * A fixed modulus m is assumed throughout this discussion.
- * - Since R is relaitvely prime to m, multiplication by R is invertible;
- * no information about the numbers is lost, they're just scrambled.
- * - Adding (and subtracting) numbers in this form works just as usual.
- * M(a+b) = (a+b)*R mod m = (a*R + b*R) mod m = (M(a) + M(b)) mod m
- * - Multiplying numbers in this form produces a*b*R*R. The problem
- * is to divide out the excess factor of R, modulo m as well as to
- * reduce to the given length mlen. It turns out that this can be
- * done *faster* than a normal divide, which is where the speedup
- * in Montgomery division comes from.
- *
- * Normal reduction chooses a most-significant quotient digit q and then
- * subtracts q*m from the number to be reduced. Choosing q is tricky
- * and involved (just look at lbnDiv_32 to see!) and is usually
- * imperfect, requiring a check for correction after the subtraction.
- *
- * Montgomery reduction *adds* a multiple of m to the *low-order* part
- * of the number to be reduced. This multiple is chosen to make the
- * low-order part of the number come out to zero. This can be done
- * with no trickery or error using a precomputed inverse of the modulus.
- * In this code, the "part" is one word, but any width can be used.
- *
- * Repeating this step sufficiently often results in a value which
- * is a multiple of R (a power of two, remember) but is still (since
- * the additions were to the low-order part and thus did not increase
- * the value of the number being reduced very much) still not much
- * larger than m*R. Then implicitly divide by R and subtract off
- * m until the result is in the correct range.
- *
- * Since the low-order part being cancelled is less than R, the
- * multiple of m added must have a multiplier which is at most R-1.
- * Assuming that the input is at most m*R-1, the final number is
- * at most m*(2*R-1)-1 = 2*m*R - m - 1, so subtracting m once from
- * the high-order part, equivalent to subtracting m*R from the
- * while number, produces a result which is at most m*R - m - 1,
- * which divided by R is at most m-1.
- *
- * To convert *to* Montgomery form, you need a regular remainder
- * routine, although you can just compute R*R (mod m) and do the
- * conversion using Montgomery multiplication. To convert *from*
- * Montgomery form, just Montgomery reduce the number to
- * remove the extra factor of R.
- *
- * TODO: Change to a full inverse and use Karatsuba's multiplication
- * rather than this word-at-a-time.
- */
-#ifndef lbnMontReduce_32
-void
-lbnMontReduce_32(BNWORD32 *n, BNWORD32 const *mod, unsigned const mlen,
- BNWORD32 inv)
-{
- BNWORD32 t;
- BNWORD32 c = 0;
- unsigned len = mlen;
-
- /* inv must be the negative inverse of mod's least significant word */
- assert((BNWORD32)(inv * BIGLITTLE(mod[-1],mod[0])) == (BNWORD32)-1);
-
- assert(len);
-
- do {
- t = lbnMulAdd1_32(n, mod, mlen, inv * BIGLITTLE(n[-1],n[0]));
- c += lbnAdd1_32(BIGLITTLE(n-mlen,n+mlen), len, t);
- BIGLITTLE(--n,++n);
- } while (--len);
-
- /*
- * All that adding can cause an overflow past the modulus size,
- * but it's unusual, and never by much, so a subtraction loop
- * is the right way to deal with it.
- * This subtraction happens infrequently - I've only ever seen it
- * invoked once per reduction, and then just under 22.5% of the time.
- */
- while (c)
- c -= lbnSubN_32(n, mod, mlen);
- while (lbnCmp_32(n, mod, mlen) >= 0)
- (void)lbnSubN_32(n, mod, mlen);
-}
-#endif /* !lbnMontReduce_32 */
-
-/*
- * A couple of helpers that you might want to implement atomically
- * in asm sometime.
- */
-#ifndef lbnMontMul_32
-/*
- * Multiply "num1" by "num2", modulo "mod", all of length "len", and
- * place the result in the high half of "prod". "inv" is the inverse
- * of the least-significant word of the modulus, modulo 2^32.
- * This uses numbers in Montgomery form. Reduce using "len" and "inv".
- *
- * This is implemented as a macro to win on compilers that don't do
- * inlining, since it's so trivial.
- */
-#define lbnMontMul_32(prod, n1, n2, mod, len, inv) \
- (lbnMulX_32(prod, n1, n2, len), lbnMontReduce_32(prod, mod, len, inv))
-#endif /* !lbnMontMul_32 */
-
-#ifndef lbnMontSquare_32
-/*
- * Square "num", modulo "mod", both of length "len", and place the result
- * in the high half of "prod". "inv" is the inverse of the least-significant
- * word of the modulus, modulo 2^32.
- * This uses numbers in Montgomery form. Reduce using "len" and "inv".
- *
- * This is implemented as a macro to win on compilers that don't do
- * inlining, since it's so trivial.
- */
-#define lbnMontSquare_32(prod, n, mod, len, inv) \
- (lbnSquare_32(prod, n, len), lbnMontReduce_32(prod, mod, len, inv))
-
-#endif /* !lbnMontSquare_32 */
-
-/*
- * Convert a number to Montgomery form - requires mlen + nlen words
- * of memory in "n".
- */
-void
-lbnToMont_32(BNWORD32 *n, unsigned nlen, BNWORD32 *mod, unsigned mlen)
-{
- /* Move n up "mlen" words */
- lbnCopy_32(BIGLITTLE(n-mlen,n+mlen), n, nlen);
- lbnZero_32(n, mlen);
- /* Do the division - dump the quotient in the high-order words */
- (void)lbnDiv_32(BIGLITTLE(n-mlen,n+mlen), n, mlen+nlen, mod, mlen);
-}
-
-/*
- * Convert from Montgomery form. Montgomery reduction is all that is
- * needed.
- */
-void
-lbnFromMont_32(BNWORD32 *n, BNWORD32 *mod, unsigned len)
-{
- /* Zero the high words of n */
- lbnZero_32(BIGLITTLE(n-len,n+len), len);
- lbnMontReduce_32(n, mod, len, lbnMontInv1_32(BIGLITTLE(mod[-1],mod[0])));
- /* Move n down len words */
- lbnCopy_32(n, BIGLITTLE(n-len,n+len), len);
-}
-
-/*
- * The windowed exponentiation algorithm, precomputes a table of odd
- * powers of n up to 2^k. It takes 2^(k-1)-1 multiplies to compute
- * the table, and (e-1)/(k+1) multiplies (on average) to perform the
- * exponentiation. To minimize the sum, k must vary with e.
- * The optimal window sizes vary with the exponent length. Here are
- * some selected values and the boundary cases.
- * (An underscore _ has been inserted into some of the numbers to ensure
- * that magic strings like 32 do not appear in this table. It should be
- * ignored.)
- *
- * At e = 1 bits, k=1 (0.000000) is best.
- * At e = 2 bits, k=1 (0.500000) is best.
- * At e = 4 bits, k=1 (1.500000) is best.
- * At e = 8 bits, k=2 (3.333333) < k=1 (3.500000)
- * At e = 1_6 bits, k=2 (6.000000) is best.
- * At e = 26 bits, k=3 (9.250000) < k=2 (9.333333)
- * At e = 3_2 bits, k=3 (10.750000) is best.
- * At e = 6_4 bits, k=3 (18.750000) is best.
- * At e = 82 bits, k=4 (23.200000) < k=3 (23.250000)
- * At e = 128 bits, k=4 (3_2.400000) is best.
- * At e = 242 bits, k=5 (55.1_66667) < k=4 (55.200000)
- * At e = 256 bits, k=5 (57.500000) is best.
- * At e = 512 bits, k=5 (100.1_66667) is best.
- * At e = 674 bits, k=6 (127.142857) < k=5 (127.1_66667)
- * At e = 1024 bits, k=6 (177.142857) is best.
- * At e = 1794 bits, k=7 (287.125000) < k=6 (287.142857)
- * At e = 2048 bits, k=7 (318.875000) is best.
- * At e = 4096 bits, k=7 (574.875000) is best.
- *
- * The numbers in parentheses are the expected number of multiplications
- * needed to do the computation. The normal russian-peasant modular
- * exponentiation technique always uses (e-1)/2. For exponents as
- * small as 192 bits (below the range of current factoring algorithms),
- * half of the multiplies are eliminated, 45.2 as opposed to the naive
- * 95.5. Counting the 191 squarings as 3/4 a multiply each (squaring
- * proper is just over half of multiplying, but the Montgomery
- * reduction in each case is also a multiply), that's 143.25
- * multiplies, for totals of 188.45 vs. 238.75 - a 21% savings.
- * For larger exponents (like 512 bits), it's 483.92 vs. 639.25, a
- * 24.3% savings. It asymptotically approaches 25%.
- *
- * Given that exponents for which k>7 are useful are uncommon,
- * a fixed size table for k <= 7 is used for simplicity.
- * k = 8 is uzeful at 4610 bits, k = 9 at 11522 bits.
- *
- * The basic number of squarings needed is e-1, although a k-bit
- * window (for k > 1) can save, on average, k-2 of those, too.
- * That savings currently isn't counted here. It would drive the
- * crossover points slightly lower.
- * (Actually, this win is also reduced in the DoubleExpMod case,
- * meaning we'd have to split the tables. Except for that, the
- * multiplies by powers of the two bases are independent, so
- * the same logic applies to each as the single case.)
- *
- * Table entry i is the largest number of bits in an exponent to
- * process with a window size of i+1. So the window never goes above 7
- * bits, requiring 2^(7-1) = 0x40 precomputed multiples.
- */
-#define BNEXPMOD_MAX_WINDOW 7
-static unsigned const bnExpModThreshTable[BNEXPMOD_MAX_WINDOW] = {
- 7, 25, 81, 241, 673, 1793, (unsigned)-1
-};
-
-/*
- * Perform modular exponentiation, as fast as possible! This uses
- * Montgomery reduction, optimized squaring, and windowed exponentiation.
- * The modulus "mod" MUST be odd!
- *
- * This returns 0 on success, -1 on out of memory.
- *
- * The window algorithm:
- * The idea is to keep a running product of b1 = n^(high-order bits of exp),
- * and then keep appending exponent bits to it. The following patterns
- * apply to a 3-bit window (k = 3):
- * To append 0: square
- * To append 1: square, multiply by n^1
- * To append 10: square, multiply by n^1, square
- * To append 11: square, square, multiply by n^3
- * To append 100: square, multiply by n^1, square, square
- * To append 101: square, square, square, multiply by n^5
- * To append 110: square, square, multiply by n^3, square
- * To append 111: square, square, square, multiply by n^7
- *
- * Since each pattern involves only one multiply, the longer the pattern
- * the better, except that a 0 (no multiplies) can be appended directly.
- * We precompute a table of odd powers of n, up to 2^k, and can then
- * multiply k bits of exponent at a time. Actually, assuming random
- * exponents, there is on average one zero bit between needs to
- * multiply (1/2 of the time there's none, 1/4 of the time there's 1,
- * 1/8 of the time, there's 2, 1/32 of the time, there's 3, etc.), so
- * you have to do one multiply per k+1 bits of exponent.
- *
- * The loop walks down the exponent, squaring the result buffer as
- * it goes. There is a wbits+1 bit lookahead buffer, buf, that is
- * filled with the upcoming exponent bits. (What is read after the
- * end of the exponent is unimportant, but it is filled with zero here.)
- * When the most-significant bit of this buffer becomes set, i.e.
- * (buf & tblmask) != 0, we have to decide what pattern to multiply
- * by, and when to do it. We decide, remember to do it in future
- * after a suitable number of squarings have passed (e.g. a pattern
- * of "100" in the buffer requires that we multiply by n^1 immediately;
- * a pattern of "110" calls for multiplying by n^3 after one more
- * squaring), clear the buffer, and continue.
- *
- * When we start, there is one more optimization: the result buffer
- * is implcitly one, so squaring it or multiplying by it can be
- * optimized away. Further, if we start with a pattern like "100"
- * in the lookahead window, rather than placing n into the buffer
- * and then starting to square it, we have already computed n^2
- * to compute the odd-powers table, so we can place that into
- * the buffer and save a squaring.
- *
- * This means that if you have a k-bit window, to compute n^z,
- * where z is the high k bits of the exponent, 1/2 of the time
- * it requires no squarings. 1/4 of the time, it requires 1
- * squaring, ... 1/2^(k-1) of the time, it reqires k-2 squarings.
- * And the remaining 1/2^(k-1) of the time, the top k bits are a
- * 1 followed by k-1 0 bits, so it again only requires k-2
- * squarings, not k-1. The average of these is 1. Add that
- * to the one squaring we have to do to compute the table,
- * and you'll see that a k-bit window saves k-2 squarings
- * as well as reducing the multiplies. (It actually doesn't
- * hurt in the case k = 1, either.)
- *
- * n must have mlen words allocated. Although fewer may be in use
- * when n is passed in, all are in use on exit.
- */
-int
-lbnExpMod_32(BNWORD32 *result, BNWORD32 const *n, unsigned nlen,
- BNWORD32 const *e, unsigned elen, BNWORD32 *mod, unsigned mlen)
-{
- BNWORD32 *table[1 << (BNEXPMOD_MAX_WINDOW-1)];
- /* Table of odd powers of n */
- unsigned ebits; /* Exponent bits */
- unsigned wbits; /* Window size */
- unsigned tblmask; /* Mask of exponentiation window */
- BNWORD32 bitpos; /* Mask of current look-ahead bit */
- unsigned buf; /* Buffer of exponent bits */
- unsigned multpos; /* Where to do pending multiply */
- BNWORD32 const *mult; /* What to multiply by */
- unsigned i; /* Loop counter */
- int isone; /* Flag: accum. is implicitly one */
- BNWORD32 *a, *b; /* Working buffers/accumulators */
- BNWORD32 *t; /* Pointer into the working buffers */
- BNWORD32 inv; /* mod^-1 modulo 2^32 */
-
- assert(mlen);
- assert(nlen <= mlen);
-
- /* First, a couple of trivial cases. */
- elen = lbnNorm_32(e, elen);
- if (!elen) {
- /* x ^ 0 == 1 */
- lbnZero_32(result, mlen);
- BIGLITTLE(result[-1],result[0]) = 1;
- return 0;
- }
- ebits = lbnBits_32(e, elen);
- if (ebits == 1) {
- /* x ^ 1 == x */
- if (n != result)
- lbnCopy_32(result, n, nlen);
- if (mlen > nlen)
- lbnZero_32(BIGLITTLE(result-nlen,result+nlen),
- mlen-nlen);
- return 0;
- }
-
- /* Okay, now move the exponent pointer to the most-significant word */
- e = BIGLITTLE(e-elen, e+elen-1);
-
- /* Look up appropriate k-1 for the exponent - tblmask = 1<<(k-1) */
- wbits = 0;
- while (ebits > bnExpModThreshTable[wbits])
- wbits++;
-
- /* Allocate working storage: two product buffers and the tables. */
- LBNALLOC(a, 2*mlen);
- if (!a)
- return -1;
- LBNALLOC(b, 2*mlen);
- if (!b) {
- LBNFREE(a, 2*mlen);
- return -1;
- }
-
- /* Convert to the appropriate table size: tblmask = 1<<(k-1) */
- tblmask = 1u << wbits;
-
- /* We have the result buffer available, so use it. */
- table[0] = result;
-
- /*
- * Okay, we now have a minimal-sized table - expand it.
- * This is allowed to fail! If so, scale back the table size
- * and proceed.
- */
- for (i = 1; i < tblmask; i++) {
- LBNALLOC(t, mlen);
- if (!t) /* Out of memory! Quit the loop. */
- break;
- table[i] = t;
- }
-
- /* If we stopped, with i < tblmask, shrink the tables appropriately */
- while (tblmask > i) {
- wbits--;
- tblmask >>= 1;
- }
- /* Free up our overallocations */
- while (--i > tblmask)
- LBNFREE(table[i], mlen);
-
- /* Okay, fill in the table */
-
- /* Compute the necessary modular inverse */
- inv = lbnMontInv1_32(mod[BIGLITTLE(-1,0)]); /* LSW of modulus */
-
- /* Convert n to Montgomery form */
-
- /* Move n up "mlen" words into a */
- t = BIGLITTLE(a-mlen, a+mlen);
- lbnCopy_32(t, n, nlen);
- lbnZero_32(a, mlen);
- /* Do the division - lose the quotient into the high-order words */
- (void)lbnDiv_32(t, a, mlen+nlen, mod, mlen);
- /* Copy into first table entry */
- lbnCopy_32(table[0], a, mlen);
-
- /* Square a into b */
- lbnMontSquare_32(b, a, mod, mlen, inv);
-
- /* Use high half of b to initialize the table */
- t = BIGLITTLE(b-mlen, b+mlen);
- for (i = 1; i < tblmask; i++) {
- lbnMontMul_32(a, t, table[i-1], mod, mlen, inv);
- lbnCopy_32(table[i], BIGLITTLE(a-mlen, a+mlen), mlen);
- }
-
- /* We might use b = n^2 later... */
-
- /* Initialze the fetch pointer */
- bitpos = (BNWORD32)1 << ((ebits-1) & (32-1)); /* Initialize mask */
-
- /* This should point to the msbit of e */
- assert((*e & bitpos) != 0);
-
- /*
- * Pre-load the window. Becuase the window size is
- * never larger than the exponent size, there is no need to
- * detect running off the end of e in here.
- *
- * The read-ahead is controlled by elen and the bitpos mask.
- * Note that this is *ahead* of ebits, which tracks the
- * most significant end of the window. The purpose of this
- * initialization is to get the two wbits+1 bits apart,
- * like they should be.
- *
- * Note that bitpos and e1len together keep track of the
- * lookahead read pointer in the exponent that is used here.
- */
- buf = 0;
- for (i = 0; i <= wbits; i++) {
- buf = (buf << 1) | ((*e & bitpos) != 0);
- bitpos >>= 1;
- if (!bitpos) {
- BIGLITTLE(e++,e--);
- bitpos = (BNWORD32)1 << (32-1);
- elen--;
- }
- }
- assert(buf & tblmask);
-
- /*
- * Set the pending multiply positions to a location that will
- * never be encountered, thus ensuring that nothing will happen
- * until the need for a multiply appears and one is scheduled.
- */
- multpos = ebits; /* A NULL value */
- mult = 0; /* Force a crash if we use these */
-
- /*
- * Okay, now begins the real work. The first step is
- * slightly magic, so it's done outside the main loop,
- * but it's very similar to what's inside.
- */
- ebits--; /* Start processing the first bit... */
- isone = 1;
-
- /*
- * This is just like the multiply in the loop, except that
- * - We know the msbit of buf is set, and
- * - We have the extra value n^2 floating around.
- * So, do the usual computation, and if the result is that
- * the buffer should be multiplied by n^1 immediately
- * (which we'd normally then square), we multiply it
- * (which reduces to a copy, which reduces to setting a flag)
- * by n^2 and skip the squaring. Thus, we do the
- * multiply and the squaring in one step.
- */
- assert(buf & tblmask);
- multpos = ebits - wbits;
- while ((buf & 1) == 0) {
- buf >>= 1;
- multpos++;
- }
- /* Intermediates can wrap, but final must NOT */
- assert(multpos <= ebits);
- mult = table[buf>>1];
- buf = 0;
-
- /* Special case: use already-computed value sitting in buffer */
- if (multpos == ebits)
- isone = 0;
-
- /*
- * At this point, the buffer (which is the high half of b) holds
- * either 1 (implicitly, as the "isone" flag is set), or n^2.
- */
-
- /*
- * The main loop. The procedure is:
- * - Advance the window
- * - If the most-significant bit of the window is set,
- * schedule a multiply for the appropriate time in the
- * future (may be immediately)
- * - Perform any pending multiples
- * - Check for termination
- * - Square the buffer
- *
- * At any given time, the acumulated product is held in
- * the high half of b.
- */
- for (;;) {
- ebits--;
-
- /* Advance the window */
- assert(buf < tblmask);
- buf <<= 1;
- /*
- * This reads ahead of the current exponent position
- * (controlled by ebits), so we have to be able to read
- * past the lsb of the exponents without error.
- */
- if (elen) {
- buf |= ((*e & bitpos) != 0);
- bitpos >>= 1;
- if (!bitpos) {
- BIGLITTLE(e++,e--);
- bitpos = (BNWORD32)1 << (32-1);
- elen--;
- }
- }
-
- /* Examine the window for pending multiplies */
- if (buf & tblmask) {
- multpos = ebits - wbits;
- while ((buf & 1) == 0) {
- buf >>= 1;
- multpos++;
- }
- /* Intermediates can wrap, but final must NOT */
- assert(multpos <= ebits);
- mult = table[buf>>1];
- buf = 0;
- }
-
- /* If we have a pending multiply, do it */
- if (ebits == multpos) {
- /* Multiply by the table entry remembered previously */
- t = BIGLITTLE(b-mlen, b+mlen);
- if (isone) {
- /* Multiply by 1 is a trivial case */
- lbnCopy_32(t, mult, mlen);
- isone = 0;
- } else {
- lbnMontMul_32(a, t, mult, mod, mlen, inv);
- /* Swap a and b */
- t = a; a = b; b = t;
- }
- }
-
- /* Are we done? */
- if (!ebits)
- break;
-
- /* Square the input */
- if (!isone) {
- t = BIGLITTLE(b-mlen, b+mlen);
- lbnMontSquare_32(a, t, mod, mlen, inv);
- /* Swap a and b */
- t = a; a = b; b = t;
- }
- } /* for (;;) */
-
- assert(!isone);
- assert(!buf);
-
- /* DONE! */
-
- /* Convert result out of Montgomery form */
- t = BIGLITTLE(b-mlen, b+mlen);
- lbnCopy_32(b, t, mlen);
- lbnZero_32(t, mlen);
- lbnMontReduce_32(b, mod, mlen, inv);
- lbnCopy_32(result, t, mlen);
- /*
- * Clean up - free intermediate storage.
- * Do NOT free table[0], which is the result
- * buffer.
- */
- while (--tblmask)
- LBNFREE(table[tblmask], mlen);
- LBNFREE(b, 2*mlen);
- LBNFREE(a, 2*mlen);
-
- return 0; /* Success */
-}
-
-/*
- * Compute and return n1^e1 * n2^e2 mod "mod".
- * result may be either input buffer, or something separate.
- * It must be "mlen" words long.
- *
- * There is a current position in the exponents, which is kept in e1bits.
- * (The exponents are swapped if necessary so e1 is the longer of the two.)
- * At any given time, the value in the accumulator is
- * n1^(e1>>e1bits) * n2^(e2>>e1bits) mod "mod".
- * As e1bits is counted down, this is updated, by squaring it and doing
- * any necessary multiplies.
- * To decide on the necessary multiplies, two windows, each w1bits+1 bits
- * wide, are maintained in buf1 and buf2, which read *ahead* of the
- * e1bits position (with appropriate handling of the case when e1bits
- * drops below w1bits+1). When the most-significant bit of either window
- * becomes set, indicating that something needs to be multiplied by
- * the accumulator or it will get out of sync, the window is examined
- * to see which power of n1 or n2 to multiply by, and when (possibly
- * later, if the power is greater than 1) the multiply should take
- * place. Then the multiply and its location are remembered and the
- * window is cleared.
- *
- * If we had every power of n1 in the table, the multiply would always
- * be w1bits steps in the future. But we only keep the odd powers,
- * so instead of waiting w1bits squarings and then multiplying
- * by n1^k, we wait w1bits-k squarings and multiply by n1.
- *
- * Actually, w2bits can be less than w1bits, but the window is the same
- * size, to make it easier to keep track of where we're reading. The
- * appropriate number of low-order bits of the window are just ignored.
- */
-int
-lbnDoubleExpMod_32(BNWORD32 *result,
- BNWORD32 const *n1, unsigned n1len,
- BNWORD32 const *e1, unsigned e1len,
- BNWORD32 const *n2, unsigned n2len,
- BNWORD32 const *e2, unsigned e2len,
- BNWORD32 *mod, unsigned mlen)
-{
- BNWORD32 *table1[1 << (BNEXPMOD_MAX_WINDOW-1)];
- /* Table of odd powers of n1 */
- BNWORD32 *table2[1 << (BNEXPMOD_MAX_WINDOW-1)];
- /* Table of odd powers of n2 */
- unsigned e1bits, e2bits; /* Exponent bits */
- unsigned w1bits, w2bits; /* Window sizes */
- unsigned tblmask; /* Mask of exponentiation window */
- BNWORD32 bitpos; /* Mask of current look-ahead bit */
- unsigned buf1, buf2; /* Buffer of exponent bits */
- unsigned mult1pos, mult2pos; /* Where to do pending multiply */
- BNWORD32 const *mult1, *mult2; /* What to multiply by */
- unsigned i; /* Loop counter */
- int isone; /* Flag: accum. is implicitly one */
- BNWORD32 *a, *b; /* Working buffers/accumulators */
- BNWORD32 *t; /* Pointer into the working buffers */
- BNWORD32 inv; /* mod^-1 modulo 2^32 */
-
- assert(mlen);
- assert(n1len <= mlen);
- assert(n2len <= mlen);
-
- /* First, a couple of trivial cases. */
- e1len = lbnNorm_32(e1, e1len);
- e2len = lbnNorm_32(e2, e2len);
-
- /* Ensure that the first exponent is the longer */
- e1bits = lbnBits_32(e1, e1len);
- e2bits = lbnBits_32(e2, e2len);
- if (e1bits < e2bits) {
- i = e1len; e1len = e2len; e2len = i;
- i = e1bits; e1bits = e2bits; e2bits = i;
- t = (BNWORD32 *)n1; n1 = n2; n2 = t;
- t = (BNWORD32 *)e1; e1 = e2; e2 = t;
- }
- assert(e1bits >= e2bits);
-
- /* Handle a trivial case */
- if (!e2len)
- return lbnExpMod_32(result, n1, n1len, e1, e1len, mod, mlen);
- assert(e2bits);
-
- /* The code below breaks if the exponents aren't at least 2 bits */
- if (e1bits == 1) {
- assert(e2bits == 1);
-
- LBNALLOC(a, n1len+n2len);
- if (!a)
- return -1;
-
- lbnMul_32(a, n1, n1len, n2, n2len);
- /* Do a direct modular reduction */
- if (n1len + n2len >= mlen)
- (void)lbnDiv_32(a+mlen, a, n1len+n2len, mod, mlen);
- lbnCopy_32(result, a, mlen);
- LBNFREE(a, n1len+n2len);
- return 0;
- }
-
- /* Okay, now move the exponent pointers to the most-significant word */
- e1 = BIGLITTLE(e1-e1len, e1+e1len-1);
- e2 = BIGLITTLE(e2-e2len, e2+e2len-1);
-
- /* Look up appropriate k-1 for the exponent - tblmask = 1<<(k-1) */
- w1bits = 0;
- while (e1bits > bnExpModThreshTable[w1bits])
- w1bits++;
- w2bits = 0;
- while (e2bits > bnExpModThreshTable[w2bits])
- w2bits++;
-
- assert(w1bits >= w2bits);
-
- /* Allocate working storage: two product buffers and the tables. */
- LBNALLOC(a, 2*mlen);
- if (!a)
- return -1;
- LBNALLOC(b, 2*mlen);
- if (!b) {
- LBNFREE(a, 2*mlen);
- return -1;
- }
-
- /* Convert to the appropriate table size: tblmask = 1<<(k-1) */
- tblmask = 1u << w1bits;
- /* Use buf2 for its size, temporarily */
- buf2 = 1u << w2bits;
-
- LBNALLOC(t, mlen);
- if (!t) {
- LBNFREE(b, 2*mlen);
- LBNFREE(a, 2*mlen);
- return -1;
- }
- table1[0] = t;
- table2[0] = result;
-
- /*
- * Okay, we now have some minimal-sized tables - expand them.
- * This is allowed to fail! If so, scale back the table sizes
- * and proceed. We allocate both tables at the same time
- * so if it fails partway through, they'll both be a reasonable
- * size rather than one huge and one tiny.
- * When i passes buf2 (the number of entries in the e2 window,
- * which may be less than the number of entries in the e1 window),
- * stop allocating e2 space.
- */
- for (i = 1; i < tblmask; i++) {
- LBNALLOC(t, mlen);
- if (!t) /* Out of memory! Quit the loop. */
- break;
- table1[i] = t;
- if (i < buf2) {
- LBNALLOC(t, mlen);
- if (!t) {
- LBNFREE(table1[i], mlen);
- break;
- }
- table2[i] = t;
- }
- }
-
- /* If we stopped, with i < tblmask, shrink the tables appropriately */
- while (tblmask > i) {
- w1bits--;
- tblmask >>= 1;
- }
- /* Free up our overallocations */
- while (--i > tblmask) {
- if (i < buf2)
- LBNFREE(table2[i], mlen);
- LBNFREE(table1[i], mlen);
- }
- /* And shrink the second window too, if needed */
- if (w2bits > w1bits) {
- w2bits = w1bits;
- buf2 = tblmask;
- }
-
- /*
- * From now on, use the w2bits variable for the difference
- * between w1bits and w2bits.
- */
- w2bits = w1bits-w2bits;
-
- /* Okay, fill in the tables */
-
- /* Compute the necessary modular inverse */
- inv = lbnMontInv1_32(mod[BIGLITTLE(-1,0)]); /* LSW of modulus */
-
- /* Convert n1 to Montgomery form */
-
- /* Move n1 up "mlen" words into a */
- t = BIGLITTLE(a-mlen, a+mlen);
- lbnCopy_32(t, n1, n1len);
- lbnZero_32(a, mlen);
- /* Do the division - lose the quotient into the high-order words */
- (void)lbnDiv_32(t, a, mlen+n1len, mod, mlen);
- /* Copy into first table entry */
- lbnCopy_32(table1[0], a, mlen);
-
- /* Square a into b */
- lbnMontSquare_32(b, a, mod, mlen, inv);
-
- /* Use high half of b to initialize the first table */
- t = BIGLITTLE(b-mlen, b+mlen);
- for (i = 1; i < tblmask; i++) {
- lbnMontMul_32(a, t, table1[i-1], mod, mlen, inv);
- lbnCopy_32(table1[i], BIGLITTLE(a-mlen, a+mlen), mlen);
- }
-
- /* Convert n2 to Montgomery form */
-
- t = BIGLITTLE(a-mlen, a+mlen);
- /* Move n2 up "mlen" words into a */
- lbnCopy_32(t, n2, n2len);
- lbnZero_32(a, mlen);
- /* Do the division - lose the quotient into the high-order words */
- (void)lbnDiv_32(t, a, mlen+n2len, mod, mlen);
- /* Copy into first table entry */
- lbnCopy_32(table2[0], a, mlen);
-
- /* Square it into a */
- lbnMontSquare_32(a, table2[0], mod, mlen, inv);
- /* Copy to b, low half */
- lbnCopy_32(b, t, mlen);
-
- /* Use b to initialize the second table */
- for (i = 1; i < buf2; i++) {
- lbnMontMul_32(a, b, table2[i-1], mod, mlen, inv);
- lbnCopy_32(table2[i], t, mlen);
- }
-
- /*
- * Okay, a recap: at this point, the low part of b holds
- * n2^2, the high part holds n1^2, and the tables are
- * initialized with the odd powers of n1 and n2 from 1
- * through 2*tblmask-1 and 2*buf2-1.
- *
- * We might use those squares in b later, or we might not.
- */
-
- /* Initialze the fetch pointer */
- bitpos = (BNWORD32)1 << ((e1bits-1) & (32-1)); /* Initialize mask */
-
- /* This should point to the msbit of e1 */
- assert((*e1 & bitpos) != 0);
-
- /*
- * Pre-load the windows. Becuase the window size is
- * never larger than the exponent size, there is no need to
- * detect running off the end of e1 in here.
- *
- * The read-ahead is controlled by e1len and the bitpos mask.
- * Note that this is *ahead* of e1bits, which tracks the
- * most significant end of the window. The purpose of this
- * initialization is to get the two w1bits+1 bits apart,
- * like they should be.
- *
- * Note that bitpos and e1len together keep track of the
- * lookahead read pointer in the exponent that is used here.
- * e2len is not decremented, it is only ever compared with
- * e1len as *that* is decremented.
- */
- buf1 = buf2 = 0;
- for (i = 0; i <= w1bits; i++) {
- buf1 = (buf1 << 1) | ((*e1 & bitpos) != 0);
- if (e1len <= e2len)
- buf2 = (buf2 << 1) | ((*e2 & bitpos) != 0);
- bitpos >>= 1;
- if (!bitpos) {
- BIGLITTLE(e1++,e1--);
- if (e1len <= e2len)
- BIGLITTLE(e2++,e2--);
- bitpos = (BNWORD32)1 << (32-1);
- e1len--;
- }
- }
- assert(buf1 & tblmask);
-
- /*
- * Set the pending multiply positions to a location that will
- * never be encountered, thus ensuring that nothing will happen
- * until the need for a multiply appears and one is scheduled.
- */
- mult1pos = mult2pos = e1bits; /* A NULL value */
- mult1 = mult2 = 0; /* Force a crash if we use these */
-
- /*
- * Okay, now begins the real work. The first step is
- * slightly magic, so it's done outside the main loop,
- * but it's very similar to what's inside.
- */
- isone = 1; /* Buffer is implicitly 1, so replace * by copy */
- e1bits--; /* Start processing the first bit... */
-
- /*
- * This is just like the multiply in the loop, except that
- * - We know the msbit of buf1 is set, and
- * - We have the extra value n1^2 floating around.
- * So, do the usual computation, and if the result is that
- * the buffer should be multiplied by n1^1 immediately
- * (which we'd normally then square), we multiply it
- * (which reduces to a copy, which reduces to setting a flag)
- * by n1^2 and skip the squaring. Thus, we do the
- * multiply and the squaring in one step.
- */
- assert(buf1 & tblmask);
- mult1pos = e1bits - w1bits;
- while ((buf1 & 1) == 0) {
- buf1 >>= 1;
- mult1pos++;
- }
- /* Intermediates can wrap, but final must NOT */
- assert(mult1pos <= e1bits);
- mult1 = table1[buf1>>1];
- buf1 = 0;
-
- /* Special case: use already-computed value sitting in buffer */
- if (mult1pos == e1bits)
- isone = 0;
-
- /*
- * The first multiply by a power of n2. Similar, but
- * we might not even want to schedule a multiply if e2 is
- * shorter than e1, and the window might be shorter so
- * we have to leave the low w2bits bits alone.
- */
- if (buf2 & tblmask) {
- /* Remember low-order bits for later */
- i = buf2 & ((1u << w2bits) - 1);
- buf2 >>= w2bits;
- mult2pos = e1bits - w1bits + w2bits;
- while ((buf2 & 1) == 0) {
- buf2 >>= 1;
- mult2pos++;
- }
- assert(mult2pos <= e1bits);
- mult2 = table2[buf2>>1];
- buf2 = i;
-
- if (mult2pos == e1bits) {
- t = BIGLITTLE(b-mlen, b+mlen);
- if (isone) {
- lbnCopy_32(t, b, mlen); /* Copy low to high */
- isone = 0;
- } else {
- lbnMontMul_32(a, t, b, mod, mlen, inv);
- t = a; a = b; b = t;
- }
- }
- }
-
- /*
- * At this point, the buffer (which is the high half of b)
- * holds either 1 (implicitly, as the "isone" flag is set),
- * n1^2, n2^2 or n1^2 * n2^2.
- */
-
- /*
- * The main loop. The procedure is:
- * - Advance the windows
- * - If the most-significant bit of a window is set,
- * schedule a multiply for the appropriate time in the
- * future (may be immediately)
- * - Perform any pending multiples
- * - Check for termination
- * - Square the buffers
- *
- * At any given time, the acumulated product is held in
- * the high half of b.
- */
- for (;;) {
- e1bits--;
-
- /* Advance the windows */
- assert(buf1 < tblmask);
- buf1 <<= 1;
- assert(buf2 < tblmask);
- buf2 <<= 1;
- /*
- * This reads ahead of the current exponent position
- * (controlled by e1bits), so we have to be able to read
- * past the lsb of the exponents without error.
- */
- if (e1len) {
- buf1 |= ((*e1 & bitpos) != 0);
- if (e1len <= e2len)
- buf2 |= ((*e2 & bitpos) != 0);
- bitpos >>= 1;
- if (!bitpos) {
- BIGLITTLE(e1++,e1--);
- if (e1len <= e2len)
- BIGLITTLE(e2++,e2--);
- bitpos = (BNWORD32)1 << (32-1);
- e1len--;
- }
- }
-
- /* Examine the first window for pending multiplies */
- if (buf1 & tblmask) {
- mult1pos = e1bits - w1bits;
- while ((buf1 & 1) == 0) {
- buf1 >>= 1;
- mult1pos++;
- }
- /* Intermediates can wrap, but final must NOT */
- assert(mult1pos <= e1bits);
- mult1 = table1[buf1>>1];
- buf1 = 0;
- }
-
- /*
- * Examine the second window for pending multiplies.
- * Window 2 can be smaller than window 1, but we
- * keep the same number of bits in buf2, so we need
- * to ignore any low-order bits in the buffer when
- * computing what to multiply by, and recompute them
- * later.
- */
- if (buf2 & tblmask) {
- /* Remember low-order bits for later */
- i = buf2 & ((1u << w2bits) - 1);
- buf2 >>= w2bits;
- mult2pos = e1bits - w1bits + w2bits;
- while ((buf2 & 1) == 0) {
- buf2 >>= 1;
- mult2pos++;
- }
- assert(mult2pos <= e1bits);
- mult2 = table2[buf2>>1];
- buf2 = i;
- }
-
-
- /* If we have a pending multiply for e1, do it */
- if (e1bits == mult1pos) {
- /* Multiply by the table entry remembered previously */
- t = BIGLITTLE(b-mlen, b+mlen);
- if (isone) {
- /* Multiply by 1 is a trivial case */
- lbnCopy_32(t, mult1, mlen);
- isone = 0;
- } else {
- lbnMontMul_32(a, t, mult1, mod, mlen, inv);
- /* Swap a and b */
- t = a; a = b; b = t;
- }
- }
-
- /* If we have a pending multiply for e2, do it */
- if (e1bits == mult2pos) {
- /* Multiply by the table entry remembered previously */
- t = BIGLITTLE(b-mlen, b+mlen);
- if (isone) {
- /* Multiply by 1 is a trivial case */
- lbnCopy_32(t, mult2, mlen);
- isone = 0;
- } else {
- lbnMontMul_32(a, t, mult2, mod, mlen, inv);
- /* Swap a and b */
- t = a; a = b; b = t;
- }
- }
-
- /* Are we done? */
- if (!e1bits)
- break;
-
- /* Square the buffer */
- if (!isone) {
- t = BIGLITTLE(b-mlen, b+mlen);
- lbnMontSquare_32(a, t, mod, mlen, inv);
- /* Swap a and b */
- t = a; a = b; b = t;
- }
- } /* for (;;) */
-
- assert(!isone);
- assert(!buf1);
- assert(!buf2);
-
- /* DONE! */
-
- /* Convert result out of Montgomery form */
- t = BIGLITTLE(b-mlen, b+mlen);
- lbnCopy_32(b, t, mlen);
- lbnZero_32(t, mlen);
- lbnMontReduce_32(b, mod, mlen, inv);
- lbnCopy_32(result, t, mlen);
-
- /* Clean up - free intermediate storage */
- buf2 = tblmask >> w2bits;
- while (--tblmask) {
- if (tblmask < buf2)
- LBNFREE(table2[tblmask], mlen);
- LBNFREE(table1[tblmask], mlen);
- }
- t = table1[0];
- LBNFREE(t, mlen);
- LBNFREE(b, 2*mlen);
- LBNFREE(a, 2*mlen);
-
- return 0; /* Success */
-}
-
-/*
- * 2^exp (mod mod). This is an optimized version for use in Fermat
- * tests. The input value of n is ignored; it is returned with
- * "mlen" words valid.
- */
-int
-lbnTwoExpMod_32(BNWORD32 *n, BNWORD32 const *exp, unsigned elen,
- BNWORD32 *mod, unsigned mlen)
-{
- unsigned e; /* Copy of high words of the exponent */
- unsigned bits; /* Assorted counter of bits */
- BNWORD32 const *bitptr;
- BNWORD32 bitword, bitpos;
- BNWORD32 *a, *b, *a1;
- BNWORD32 inv;
-
- assert(mlen);
-
- bitptr = BIGLITTLE(exp-elen, exp+elen-1);
- bitword = *bitptr;
- assert(bitword);
-
- /* Clear n for future use. */
- lbnZero_32(n, mlen);
-
- bits = lbnBits_32(exp, elen);
-
- /* First, a couple of trivial cases. */
- if (bits <= 1) {
- /* 2 ^ 0 == 1, 2 ^ 1 == 2 */
- BIGLITTLE(n[-1],n[0]) = (BNWORD32)1<<elen;
- return 0;
- }
-
- /* Set bitpos to the most significant bit */
- bitpos = (BNWORD32)1 << ((bits-1) & (32-1));
-
- /* Now, count the bits in the modulus. */
- bits = lbnBits_32(mod, mlen);
- assert(bits > 1); /* a 1-bit modulus is just stupid... */
-
- /*
- * We start with 1<<e, where "e" is as many high bits of the
- * exponent as we can manage without going over the modulus.
- * This first loop finds "e".
- */
- e = 1;
- while (elen) {
- /* Consume the first bit */
- bitpos >>= 1;
- if (!bitpos) {
- if (!--elen)
- break;
- bitword = BIGLITTLE(*++bitptr,*--bitptr);
- bitpos = (BNWORD32)1<<(32-1);
- }
- e = (e << 1) | ((bitpos & bitword) != 0);
- if (e >= bits) { /* Overflow! Back out. */
- e >>= 1;
- break;
- }
- }
- /*
- * The bit in "bitpos" being examined by the bit buffer has NOT
- * been consumed yet. This may be past the end of the exponent,
- * in which case elen == 1.
- */
-
- /* Okay, now, set bit "e" in n. n is already zero. */
- inv = (BNWORD32)1 << (e & (32-1));
- e /= 32;
- BIGLITTLE(n[-e-1],n[e]) = inv;
- /*
- * The effective length of n in words is now "e+1".
- * This is used a little bit later.
- */
-
- if (!elen)
- return 0; /* That was easy! */
-
- /*
- * We have now processed the first few bits. The next step
- * is to convert this to Montgomery form for further squaring.
- */
-
- /* Allocate working storage: two product buffers */
- LBNALLOC(a, 2*mlen);
- if (!a)
- return -1;
- LBNALLOC(b, 2*mlen);
- if (!b) {
- LBNFREE(a, 2*mlen);
- return -1;
- }
-
- /* Convert n to Montgomery form */
- inv = BIGLITTLE(mod[-1],mod[0]); /* LSW of modulus */
- assert(inv & 1); /* Modulus must be odd */
- inv = lbnMontInv1_32(inv);
- /* Move n (length e+1, remember?) up "mlen" words into b */
- /* Note that we lie about a1 for a bit - it's pointing to b */
- a1 = BIGLITTLE(b-mlen,b+mlen);
- lbnCopy_32(a1, n, e+1);
- lbnZero_32(b, mlen);
- /* Do the division - dump the quotient into the high-order words */
- (void)lbnDiv_32(a1, b, mlen+e+1, mod, mlen);
- /*
- * Now do the first squaring and modular reduction to put
- * the number up in a1 where it belongs.
- */
- lbnMontSquare_32(a, b, mod, mlen, inv);
- /* Fix up a1 to point to where it should go. */
- a1 = BIGLITTLE(a-mlen,a+mlen);
-
- /*
- * Okay, now, a1 holds the number being accumulated, and
- * b is a scratch register. Start working:
- */
- for (;;) {
- /*
- * Is the bit set? If so, double a1 as well.
- * A modular doubling like this is very cheap.
- */
- if (bitpos & bitword) {
- /*
- * Double the number. If there was a carry out OR
- * the result is greater than the modulus, subract
- * the modulus.
- */
- if (lbnDouble_32(a1, mlen) ||
- lbnCmp_32(a1, mod, mlen) > 0)
- (void)lbnSubN_32(a1, mod, mlen);
- }
-
- /* Advance to the next exponent bit */
- bitpos >>= 1;
- if (!bitpos) {
- if (!--elen)
- break; /* Done! */
- bitword = BIGLITTLE(*++bitptr,*--bitptr);
- bitpos = (BNWORD32)1<<(32-1);
- }
-
- /*
- * The elen/bitword/bitpos bit buffer is known to be
- * non-empty, i.e. there is at least one more unconsumed bit.
- * Thus, it's safe to square the number.
- */
- lbnMontSquare_32(b, a1, mod, mlen, inv);
- /* Rename result (in b) back to a (a1, really). */
- a1 = b; b = a; a = a1;
- a1 = BIGLITTLE(a-mlen,a+mlen);
- }
-
- /* DONE! Just a little bit of cleanup... */
-
- /*
- * Convert result out of Montgomery form... this is
- * just a Montgomery reduction.
- */
- lbnCopy_32(a, a1, mlen);
- lbnZero_32(a1, mlen);
- lbnMontReduce_32(a, mod, mlen, inv);
- lbnCopy_32(n, a1, mlen);
-
- /* Clean up - free intermediate storage */
- LBNFREE(b, 2*mlen);
- LBNFREE(a, 2*mlen);
-
- return 0; /* Success */
-}
-
-
-/*
- * Returns a substring of the big-endian array of bytes representation
- * of the bignum array based on two parameters, the least significant
- * byte number (0 to start with the least significant byte) and the
- * length. I.e. the number returned is a representation of
- * (bn / 2^(8*lsbyte)) % 2 ^ (8*buflen).
- *
- * It is an error if the bignum is not at least buflen + lsbyte bytes
- * long.
- *
- * This code assumes that the compiler has the minimal intelligence
- * neded to optimize divides and modulo operations on an unsigned data
- * type with a power of two.
- */
-void
-lbnExtractBigBytes_32(BNWORD32 const *n, unsigned char *buf,
- unsigned lsbyte, unsigned buflen)
-{
- BNWORD32 t = 0; /* Needed to shut up uninitialized var warnings */
- unsigned shift;
-
- lsbyte += buflen;
-
- shift = (8 * lsbyte) % 32;
- lsbyte /= (32/8); /* Convert to word offset */
- BIGLITTLE(n -= lsbyte, n += lsbyte);
-
- if (shift)
- t = BIGLITTLE(n[-1],n[0]);
-
- while (buflen--) {
- if (!shift) {
- t = BIGLITTLE(*n++,*--n);
- shift = 32;
- }
- shift -= 8;
- *buf++ = (unsigned char)(t>>shift);
- }
-}
-
-/*
- * Merge a big-endian array of bytes into a bignum array.
- * The array had better be big enough. This is
- * equivalent to extracting the entire bignum into a
- * large byte array, copying the input buffer into the
- * middle of it, and converting back to a bignum.
- *
- * The buf is "len" bytes long, and its *last* byte is at
- * position "lsbyte" from the end of the bignum.
- *
- * Note that this is a pain to get right. Fortunately, it's hardly
- * critical for efficiency.
- */
-void
-lbnInsertBigBytes_32(BNWORD32 *n, unsigned char const *buf,
- unsigned lsbyte, unsigned buflen)
-{
- BNWORD32 t = 0; /* Shut up uninitialized varibale warnings */
-
- lsbyte += buflen;
-
- BIGLITTLE(n -= lsbyte/(32/8), n += lsbyte/(32/8));
-
- /* Load up leading odd bytes */
- if (lsbyte % (32/8)) {
- t = BIGLITTLE(*--n,*n++);
- t >>= (lsbyte * 8) % 32;
- }
-
- /* The main loop - merge into t, storing at each word boundary. */
- while (buflen--) {
- t = (t << 8) | *buf++;
- if ((--lsbyte % (32/8)) == 0)
- BIGLITTLE(*n++,*--n) = t;
- }
-
- /* Merge odd bytes in t into last word */
- lsbyte = (lsbyte * 8) % 32;
- if (lsbyte) {
- t <<= lsbyte;
- t |= (((BNWORD32)1 << lsbyte) - 1) & BIGLITTLE(n[0],n[-1]);
- BIGLITTLE(n[0],n[-1]) = t;
- }
-
- return;
-}
-
-/*
- * Returns a substring of the little-endian array of bytes representation
- * of the bignum array based on two parameters, the least significant
- * byte number (0 to start with the least significant byte) and the
- * length. I.e. the number returned is a representation of
- * (bn / 2^(8*lsbyte)) % 2 ^ (8*buflen).
- *
- * It is an error if the bignum is not at least buflen + lsbyte bytes
- * long.
- *
- * This code assumes that the compiler has the minimal intelligence
- * neded to optimize divides and modulo operations on an unsigned data
- * type with a power of two.
- */
-void
-lbnExtractLittleBytes_32(BNWORD32 const *n, unsigned char *buf,
- unsigned lsbyte, unsigned buflen)
-{
- BNWORD32 t = 0; /* Needed to shut up uninitialized var warnings */
-
- BIGLITTLE(n -= lsbyte/(32/8), n += lsbyte/(32/8));
-
- if (lsbyte % (32/8)) {
- t = BIGLITTLE(*--n,*n++);
- t >>= (lsbyte % (32/8)) * 8 ;
- }
-
- while (buflen--) {
- if ((lsbyte++ % (32/8)) == 0)
- t = BIGLITTLE(*--n,*n++);
- *buf++ = (unsigned char)t;
- t >>= 8;
- }
-}
-
-/*
- * Merge a little-endian array of bytes into a bignum array.
- * The array had better be big enough. This is
- * equivalent to extracting the entire bignum into a
- * large byte array, copying the input buffer into the
- * middle of it, and converting back to a bignum.
- *
- * The buf is "len" bytes long, and its first byte is at
- * position "lsbyte" from the end of the bignum.
- *
- * Note that this is a pain to get right. Fortunately, it's hardly
- * critical for efficiency.
- */
-void
-lbnInsertLittleBytes_32(BNWORD32 *n, unsigned char const *buf,
- unsigned lsbyte, unsigned buflen)
-{
- BNWORD32 t = 0; /* Shut up uninitialized varibale warnings */
-
- /* Move to most-significant end */
- lsbyte += buflen;
- buf += buflen;
-
- BIGLITTLE(n -= lsbyte/(32/8), n += lsbyte/(32/8));
-
- /* Load up leading odd bytes */
- if (lsbyte % (32/8)) {
- t = BIGLITTLE(*--n,*n++);
- t >>= (lsbyte * 8) % 32;
- }
-
- /* The main loop - merge into t, storing at each word boundary. */
- while (buflen--) {
- t = (t << 8) | *--buf;
- if ((--lsbyte % (32/8)) == 0)
- BIGLITTLE(*n++,*--n) = t;
- }
-
- /* Merge odd bytes in t into last word */
- lsbyte = (lsbyte * 8) % 32;
- if (lsbyte) {
- t <<= lsbyte;
- t |= (((BNWORD32)1 << lsbyte) - 1) & BIGLITTLE(n[0],n[-1]);
- BIGLITTLE(n[0],n[-1]) = t;
- }
-
- return;
-}
-
-#ifdef DEADCODE /* This was a precursor to the more flexible lbnExtractBytes */
-/*
- * Convert a big-endian array of bytes to a bignum.
- * Returns the number of words in the bignum.
- * Note the expression "32/8" for the number of bytes per word.
- * This is so the word-size adjustment will work.
- */
-unsigned
-lbnFromBytes_32(BNWORD32 *a, unsigned char const *b, unsigned blen)
-{
- BNWORD32 t;
- unsigned alen = (blen + (32/8-1))/(32/8);
- BIGLITTLE(a -= alen, a += alen);
-
- while (blen) {
- t = 0;
- do {
- t = t << 8 | *b++;
- } while (--blen & (32/8-1));
- BIGLITTLE(*a++,*--a) = t;
- }
- return alen;
-}
-#endif
-
-/*
- * Computes the GCD of a and b. Modifies both arguments;
- * when it returns, one of them is the GCD and the other is trash.
- * The return value is the length of the GCD, with the sign telling
- * whether it is in a (+ve) or b (-ve). Both inputs must have
- * one extra word of precision. alen must be >= blen.
- *
- * TODO: use the binary algorithm (Knuth section 4.5.2, algorithm B).
- * This is based on taking out common powers of 2, then repeatedly:
- * gcd(2*u,v) = gcd(u,2*v) = gcd(u,v) - isolated powers of 2 can be deleted.
- * gcd(u,v) = gcd(u-v,v) - the numbers can be easily reduced.
- * It gets less reduction per step, but the steps are much faster than
- * the division case.
- */
-int
-lbnGcd_32(BNWORD32 *a, unsigned alen, BNWORD32 *b, unsigned blen)
-{
- assert(alen >= blen);
-
- while (blen != 0) {
- (void)lbnDiv_32(BIGLITTLE(a-blen,a+blen), a, alen, b, blen);
- alen = lbnNorm_32(a, blen);
- if (alen == 0)
- return -(int)blen;
- (void)lbnDiv_32(BIGLITTLE(b-alen,b+alen), b, blen, a, alen);
- blen = lbnNorm_32(b, alen);
- }
- return alen;
-}
-
-/*
- * Invert "a" modulo "mod" using the extended Euclidean algorithm.
- * Note that this only computes one of the cosequences, and uses the
- * theorem that the signs flip every step and the absolute value of
- * the cosequence values are always bounded by the modulus to avoid
- * having to work with negative numbers.
- * gcd(a,mod) had better equal 1. Returns 1 if the GCD is NOT 1.
- * a must be one word longer than "mod". It is overwritten with the
- * result.
- * TODO: Use Richard Schroeppel's *much* faster algorithm.
- */
-int
-lbnInv_32(BNWORD32 *a, unsigned alen, BNWORD32 const *mod, unsigned mlen)
-{
- BNWORD32 *b; /* Hold a copy of mod during GCD reduction */
- BNWORD32 *p; /* Temporary for products added to t0 and t1 */
- BNWORD32 *t0, *t1; /* Inverse accumulators */
- BNWORD32 cy;
- unsigned blen, t0len, t1len, plen;
-
- alen = lbnNorm_32(a, alen);
- if (!alen)
- return 1; /* No inverse */
-
- mlen = lbnNorm_32(mod, mlen);
-
- assert (alen <= mlen);
-
- /* Inverse of 1 is 1 */
- if (alen == 1 && BIGLITTLE(a[-1],a[0]) == 1) {
- lbnZero_32(BIGLITTLE(a-alen,a+alen), mlen-alen);
- return 0;
- }
-
- /* Allocate a pile of space */
- LBNALLOC(b, mlen+1);
- if (b) {
- /*
- * Although products are guaranteed to always be less than the
- * modulus, it can involve multiplying two 3-word numbers to
- * get a 5-word result, requiring a 6th word to store a 0
- * temporarily. Thus, mlen + 1.
- */
- LBNALLOC(p, mlen+1);
- if (p) {
- LBNALLOC(t0, mlen);
- if (t0) {
- LBNALLOC(t1, mlen);
- if (t1)
- goto allocated;
- LBNFREE(t0, mlen);
- }
- LBNFREE(p, mlen+1);
- }
- LBNFREE(b, mlen+1);
- }
- return -1;
-
-allocated:
-
- /* Set t0 to 1 */
- t0len = 1;
- BIGLITTLE(t0[-1],t0[0]) = 1;
-
- /* b = mod */
- lbnCopy_32(b, mod, mlen);
- /* blen = mlen (implicitly) */
-
- /* t1 = b / a; b = b % a */
- cy = lbnDiv_32(t1, b, mlen, a, alen);
- *(BIGLITTLE(t1-(mlen-alen)-1,t1+(mlen-alen))) = cy;
- t1len = lbnNorm_32(t1, mlen-alen+1);
- blen = lbnNorm_32(b, alen);
-
- /* while (b > 1) */
- while (blen > 1 || BIGLITTLE(b[-1],b[0]) != (BNWORD32)1) {
- /* q = a / b; a = a % b; */
- if (alen < blen || (alen == blen && lbnCmp_32(a, a, alen) < 0))
- assert(0);
- cy = lbnDiv_32(BIGLITTLE(a-blen,a+blen), a, alen, b, blen);
- *(BIGLITTLE(a-alen-1,a+alen)) = cy;
- plen = lbnNorm_32(BIGLITTLE(a-blen,a+blen), alen-blen+1);
- assert(plen);
- alen = lbnNorm_32(a, blen);
- if (!alen)
- goto failure; /* GCD not 1 */
-
- /* t0 += q * t1; */
- assert(plen+t1len <= mlen+1);
- lbnMul_32(p, BIGLITTLE(a-blen,a+blen), plen, t1, t1len);
- plen = lbnNorm_32(p, plen + t1len);
- assert(plen <= mlen);
- if (plen > t0len) {
- lbnZero_32(BIGLITTLE(t0-t0len,t0+t0len), plen-t0len);
- t0len = plen;
- }
- cy = lbnAddN_32(t0, p, plen);
- if (cy) {
- if (t0len > plen) {
- cy = lbnAdd1_32(BIGLITTLE(t0-plen,t0+plen),
- t0len-plen, cy);
- }
- if (cy) {
- BIGLITTLE(t0[-t0len-1],t0[t0len]) = cy;
- t0len++;
- }
- }
-
- /* if (a <= 1) return a ? t0 : FAIL; */
- if (alen <= 1 && BIGLITTLE(a[-1],a[0]) == (BNWORD32)1) {
- if (alen == 0)
- goto failure; /* FAIL */
- assert(t0len <= mlen);
- lbnCopy_32(a, t0, t0len);
- lbnZero_32(BIGLITTLE(a-t0len, a+t0len), mlen-t0len);
- goto success;
- }
-
- /* q = b / a; b = b % a; */
- if (blen < alen || (blen == alen && lbnCmp_32(b, a, alen) < 0))
- assert(0);
- cy = lbnDiv_32(BIGLITTLE(b-alen,b+alen), b, blen, a, alen);
- *(BIGLITTLE(b-blen-1,b+blen)) = cy;
- plen = lbnNorm_32(BIGLITTLE(b-alen,b+alen), blen-alen+1);
- assert(plen);
- blen = lbnNorm_32(b, alen);
- if (!blen)
- goto failure; /* GCD not 1 */
-
- /* t1 += q * t0; */
- assert(plen+t0len <= mlen+1);
- lbnMul_32(p, BIGLITTLE(b-alen,b+alen), plen, t0, t0len);
- plen = lbnNorm_32(p, plen + t0len);
- assert(plen <= mlen);
- if (plen > t1len) {
- lbnZero_32(BIGLITTLE(t1-t1len,t1+t1len), plen-t1len);
- t1len = plen;
- }
- cy = lbnAddN_32(t1, p, plen);
- if (cy) {
- if (t1len > plen) {
- cy = lbnAdd1_32(BIGLITTLE(t1-plen,t0+plen),
- t1len-plen, cy);
- }
- if (cy) {
- BIGLITTLE(t1[-t1len-1],t1[t1len]) = cy;
- t1len++;
- }
- }
- }
-
- if (!blen)
- goto failure; /* gcd(a, mod) != 1 -- FAIL */
-
- /* return mod-t1 */
- lbnCopy_32(a, mod, mlen);
- assert(t1len <= mlen);
- cy = lbnSubN_32(a, t1, t1len);
- if (cy) {
- assert(mlen > t1len);
- cy = lbnSub1_32(BIGLITTLE(a-t1len, a+t1len), mlen-t1len, cy);
- assert(!cy);
- }
-
-success:
- LBNFREE(t1, mlen);
- LBNFREE(t0, mlen);
- LBNFREE(p, mlen+1);
- LBNFREE(b, mlen+1);
-
- return 0;
-
-failure:
- LBNFREE(t1, mlen);
- LBNFREE(t0, mlen);
- LBNFREE(p, mlen+1);
- LBNFREE(b, mlen+1);
-
- return 1;
-}
+++ /dev/null
-#ifndef LBN32_H
-#define LBN32_H
-
-/*
- * Cylink Corporation © 1998
- *
- * This software is licensed by Cylink to the Internet Software Consortium to
- * promote implementation of royalty free public key cryptography within IETF
- * standards. Cylink wishes to expressly thank the contributions of Dr.
- * Martin Hellman, Whitfield Diffie, Ralph Merkle and Stanford University for
- * their contributions to Internet Security. In accordance with the terms of
- * this license, ISC is authorized to distribute and sublicense this software
- * for the practice of IETF standards.
- *
- * The software includes BigNum, written by Colin Plumb and licensed by Philip
- * R. Zimmermann for royalty free use and distribution with Cylink's
- * software. Use of BigNum as a stand alone product or component is
- * specifically prohibited.
- *
- * Disclaimer of All Warranties. THIS SOFTWARE IS BEING PROVIDED "AS IS",
- * WITHOUT ANY EXPRESSED OR IMPLIED WARRANTY OF ANY KIND WHATSOEVER. IN
- * PARTICULAR, WITHOUT LIMITATION ON THE GENERALITY OF THE FOREGOING, CYLINK
- * MAKES NO REPRESENTATION OF THIS SOFTWARE OR ITS FITNESS FOR ANY PARTICULAR
- * PURPOSE.
- *
- * Cylink or its representatives shall not be liable for tort, indirect,
- * special or consequential damages such as loss of profits or loss of
- * goodwill from the use or inability to use the software for any purpose or
- * for any reason whatsoever.
- *
- * EXPORT LAW: Export of the Foundations Suite may be subject to compliance
- * with the rules and regulations promulgated from time to time by the Bureau
- * of Export Administration, United States Department of Commerce, which
- * restrict the export and re-export of certain products and technical data.
- * If the export of the Foundations Suite is controlled under such rules and
- * regulations, then the Foundations Suite shall not be exported or
- * re-exported, directly or indirectly, (a) without all export or re-export
- * licenses and governmental approvals required by any applicable laws, or (b)
- * in violation of any applicable prohibition against the export or re-export
- * of any part of the Foundations Suite. All export licenses for software
- * containing the Foundations Suite are the sole responsibility of the licensee.
- */
-
-#include "lbn.h"
-
-#ifndef BNWORD32
-#error 32-bit bignum library requires a 32-bit data type
-#endif
-
-#ifndef lbnCopy_32
-void lbnCopy_32(BNWORD32 *dest, BNWORD32 const *src, unsigned len);
-#endif
-#ifndef lbnZero_32
-void lbnZero_32(BNWORD32 *num, unsigned len);
-#endif
-#ifndef lbnNeg_32
-void lbnNeg_32(BNWORD32 *num, unsigned len);
-#endif
-
-#ifndef lbnAdd1_32
-BNWORD32 lbnAdd1_32(BNWORD32 *num, unsigned len, BNWORD32 carry);
-#endif
-#ifndef lbnSub1_32
-BNWORD32 lbnSub1_32(BNWORD32 *num, unsigned len, BNWORD32 borrow);
-#endif
-
-#ifndef lbnAddN_32
-BNWORD32 lbnAddN_32(BNWORD32 *num1, BNWORD32 const *num2, unsigned len);
-#endif
-#ifndef lbnSubN_32
-BNWORD32 lbnSubN_32(BNWORD32 *num1, BNWORD32 const *num2, unsigned len);
-#endif
-
-#ifndef lbnCmp_32
-int lbnCmp_32(BNWORD32 const *num1, BNWORD32 const *num2, unsigned len);
-#endif
-
-#ifndef lbnMulN1_32
-void lbnMulN1_32(BNWORD32 *out, BNWORD32 const *in, unsigned len, BNWORD32 k);
-#endif
-#ifndef lbnMulAdd1_32
-BNWORD32
-lbnMulAdd1_32(BNWORD32 *out, BNWORD32 const *in, unsigned len, BNWORD32 k);
-#endif
-#ifndef lbnMulSub1_32
-BNWORD32 lbnMulSub1_32(BNWORD32 *out, BNWORD32 const *in, unsigned len, BNWORD32 k);
-#endif
-
-#ifndef lbnLshift_32
-BNWORD32 lbnLshift_32(BNWORD32 *num, unsigned len, unsigned shift);
-#endif
-#ifndef lbnDouble_32
-BNWORD32 lbnDouble_32(BNWORD32 *num, unsigned len);
-#endif
-#ifndef lbnRshift_32
-BNWORD32 lbnRshift_32(BNWORD32 *num, unsigned len, unsigned shift);
-#endif
-
-#ifndef lbnMul_32
-void lbnMul_32(BNWORD32 *prod, BNWORD32 const *num1, unsigned len1,
- BNWORD32 const *num2, unsigned len2);
-#endif
-#ifndef lbnSquare_32
-void lbnSquare_32(BNWORD32 *prod, BNWORD32 const *num, unsigned len);
-#endif
-
-#ifndef lbnNorm_32
-unsigned lbnNorm_32(BNWORD32 const *num, unsigned len);
-#endif
-#ifndef lbnBits_32
-unsigned lbnBits_32(BNWORD32 const *num, unsigned len);
-#endif
-
-#ifndef lbnExtractBigBytes_32
-void lbnExtractBigBytes_32(BNWORD32 const *bn, unsigned char *buf,
- unsigned lsbyte, unsigned buflen);
-#endif
-#ifndef lbnInsertBigytes_32
-void lbnInsertBigBytes_32(BNWORD32 *n, unsigned char const *buf,
- unsigned lsbyte, unsigned buflen);
-#endif
-#ifndef lbnExtractLittleBytes_32
-void lbnExtractLittleBytes_32(BNWORD32 const *bn, unsigned char *buf,
- unsigned lsbyte, unsigned buflen);
-#endif
-#ifndef lbnInsertLittleBytes_32
-void lbnInsertLittleBytes_32(BNWORD32 *n, unsigned char const *buf,
- unsigned lsbyte, unsigned buflen);
-#endif
-
-#ifndef lbnDiv21_32
-BNWORD32 lbnDiv21_32(BNWORD32 *q, BNWORD32 nh, BNWORD32 nl, BNWORD32 d);
-#endif
-#ifndef lbnDiv1_32
-BNWORD32 lbnDiv1_32(BNWORD32 *q, BNWORD32 *rem,
- BNWORD32 const *n, unsigned len, BNWORD32 d);
-#endif
-#ifndef lbnModQ_32
-unsigned lbnModQ_32(BNWORD32 const *n, unsigned len, unsigned d);
-#endif
-#ifndef lbnDiv_32
-BNWORD32
-lbnDiv_32(BNWORD32 *q, BNWORD32 *n, unsigned nlen, BNWORD32 *d, unsigned dlen);
-#endif
-
-#ifndef lbnMontInv1_32
-BNWORD32 lbnMontInv1_32(BNWORD32 const x);
-#endif
-#ifndef lbnMontReduce_32
-void lbnMontReduce_32(BNWORD32 *n, BNWORD32 const *mod, unsigned const mlen,
- BNWORD32 inv);
-#endif
-#ifndef lbnToMont_32
-void lbnToMont_32(BNWORD32 *n, unsigned nlen, BNWORD32 *mod, unsigned mlen);
-#endif
-#ifndef lbnFromMont_32
-void lbnFromMont_32(BNWORD32 *n, BNWORD32 *mod, unsigned len);
-#endif
-
-#ifndef lbnExpMod_32
-int lbnExpMod_32(BNWORD32 *result, BNWORD32 const *n, unsigned nlen,
- BNWORD32 const *exp, unsigned elen, BNWORD32 *mod, unsigned mlen);
-#endif
-#ifndef lbnDoubleExpMod_32
-int lbnDoubleExpMod_32(BNWORD32 *result,
- BNWORD32 const *n1, unsigned n1len, BNWORD32 const *e1, unsigned e1len,
- BNWORD32 const *n2, unsigned n2len, BNWORD32 const *e2, unsigned e2len,
- BNWORD32 *mod, unsigned mlen);
-#endif
-#ifndef lbnTwoExpMod_32
-int lbnTwoExpMod_32(BNWORD32 *n, BNWORD32 const *exp, unsigned elen,
- BNWORD32 *mod, unsigned mlen);
-#endif
-#ifndef lbnGcd_32
-int lbnGcd_32(BNWORD32 *a, unsigned alen, BNWORD32 *b, unsigned blen);
-#endif
-#ifndef lbnInv_32
-int lbnInv_32(BNWORD32 *a, unsigned alen, BNWORD32 const *mod, unsigned mlen);
-#endif
-
-#endif /* LBN32_H */
+++ /dev/null
-/*
- * Cylink Corporation © 1998
- *
- * This software is licensed by Cylink to the Internet Software Consortium to
- * promote implementation of royalty free public key cryptography within IETF
- * standards. Cylink wishes to expressly thank the contributions of Dr.
- * Martin Hellman, Whitfield Diffie, Ralph Merkle and Stanford University for
- * their contributions to Internet Security. In accordance with the terms of
- * this license, ISC is authorized to distribute and sublicense this software
- * for the practice of IETF standards.
- *
- * The software includes BigNum, written by Colin Plumb and licensed by Philip
- * R. Zimmermann for royalty free use and distribution with Cylink's
- * software. Use of BigNum as a stand alone product or component is
- * specifically prohibited.
- *
- * Disclaimer of All Warranties. THIS SOFTWARE IS BEING PROVIDED "AS IS",
- * WITHOUT ANY EXPRESSED OR IMPLIED WARRANTY OF ANY KIND WHATSOEVER. IN
- * PARTICULAR, WITHOUT LIMITATION ON THE GENERALITY OF THE FOREGOING, CYLINK
- * MAKES NO REPRESENTATION OF THIS SOFTWARE OR ITS FITNESS FOR ANY PARTICULAR
- * PURPOSE.
- *
- * Cylink or its representatives shall not be liable for tort, indirect,
- * special or consequential damages such as loss of profits or loss of
- * goodwill from the use or inability to use the software for any purpose or
- * for any reason whatsoever.
- *
- * EXPORT LAW: Export of the Foundations Suite may be subject to compliance
- * with the rules and regulations promulgated from time to time by the Bureau
- * of Export Administration, United States Department of Commerce, which
- * restrict the export and re-export of certain products and technical data.
- * If the export of the Foundations Suite is controlled under such rules and
- * regulations, then the Foundations Suite shall not be exported or
- * re-exported, directly or indirectly, (a) without all export or re-export
- * licenses and governmental approvals required by any applicable laws, or (b)
- * in violation of any applicable prohibition against the export or re-export
- * of any part of the Foundations Suite. All export licenses for software
- * containing the Foundations Suite are the sole responsibility of the licensee.
- */
-
-/*
- * lbn68000.c - 16-bit bignum primitives for the 68000 (or 68010) processors.
- *
- * Copyright (c) 1995 Colin Plumb. All rights reserved.
- * For licensing and other legal details, see the file legal.c.
- *
- * This was written for Metrowerks C, and while it should be reasonably
- * portable, NOTE that Metrowerks lets a callee trash a0, a1, d0, d1, and d2.
- * Some 680x0 compilers make d2 callee-save, so instructions to save it
- * will have to be added.
- *
- * This code supports 16 or 32-bit ints, based on UINT_MAX.
- * Regardless of UINT_MAX, only bignums up to 64K words (1 million bits)
- * are supported. (68k hackers will recognize this as a consequence of
- * using dbra.)
- *
- * These primitives use little-endian word order.
- * (The order of bytes within words is irrelevant to this issue.)
- */
-
-#include <limits.h>
-
-#include "lbn.h" /* Should include lbn68000.h */
-
-/*
- * The Metrowerks C compiler (1.2.2) produces bad 68k code for the
- * following input, which happens to be the inner loop of lbnSub1,
- * so a few less than critical routines have been recoded in assembly
- * to avoid the bug. (Optimizer on or off does not matter.)
- *
- * unsigned
- * decrement(unsigned *num, unsigned len)
- * {
- * do {
- * if ((*num++)-- != 0)
- * return 0;
- * } while (--len);
- * return 1;
- * }
- */
-asm BNWORD16
-lbnSub1_16(BNWORD16 *num, unsigned len, BNWORD16 borrow)
-{
- movea.l 4(sp),a0 /* num */
-#if UINT_MAX == 0xffff
- move.w 10(sp),d0 /* borrow */
-#else
- move.w 12(sp),d0 /* borrow */
-#endif
- sub.w d0,(a0)+
- bcc done
-#if UINT_MAX == 0xffff
- move.w 8(sp),d0 /* len */
-#else
- move.w 10(sp),d0 /* len */
-#endif
- subq.w #2,d0
- bcs done
-loop:
- subq.w #1,(a0)+
- dbcc d0,loop
-done:
- moveq.l #0,d0
- addx.w d0,d0
- rts
-}
-
-asm BNWORD16
-lbnAdd1_16(BNWORD16 *num, unsigned len, BNWORD16 carry)
-{
- movea.l 4(sp),a0 /* num */
-#if UINT_MAX == 0xffff
- move.w 10(sp),d0 /* carry */
-#else
- move.w 12(sp),d0 /* carry */
-#endif
- add.w d0,(a0)+
- bcc done
-#if UINT_MAX == 0xffff
- move.w 8(sp),d0 /* len */
-#else
- move.w 10(sp),d0 /* len */
-#endif
- subq.w #2,d0
- bcs done
-loop:
- addq.w #1,(a0)+
- dbcc d0,loop
-done:
- moveq.l #0,d0
- addx.w d0,d0
- rts
-}
-
-asm void
-lbnMulN1_16(BNWORD16 *out, BNWORD16 const *in, unsigned len, BNWORD16 k)
-{
- move.w d3,-(sp) /* 2 bytes of stack frame */
- move.l 2+4(sp),a1 /* out */
- move.l 2+8(sp),a0 /* in */
-#if UINT_MAX == 0xffff
- move.w 2+12(sp),d3 /* len */
- move.w 2+14(sp),d2 /* k */
-#else
- move.w 2+14(sp),d3 /* len (low 16 bits) */
- move.w 2+16(sp),d2 /* k */
-#endif
-
- move.w (a0)+,d1 /* First multiply */
- mulu.w d2,d1
- move.w d1,(a1)+
- clr.w d1
- swap d1
-
- subq.w #1,d3 /* Setup for loop unrolling */
- lsr.w #1,d3
- bcs.s m16_even
- beq.s m16_short
-
- subq.w #1,d3 /* Set up software pipeline properly */
- move.l d1,d0
-
-m16_loop:
- move.w (a0)+,d1
- mulu.w d2,d1
- add.l d0,d1
- move.w d1,(a1)+
- clr.w d1
- swap d1
-m16_even:
-
- move.w (a0)+,d0
- mulu.w d2,d0
- add.l d1,d0
- move.w d0,(a1)+
- clr.w d0
- swap d0
-
- dbra d3,m16_loop
-
- move.w d0,(a1)
- move.w (sp)+,d3
- rts
-m16_short:
- move.w d1,(a1)
- move.w (sp)+,d3
- rts
-}
-
-
-asm BNWORD16
-lbnMulAdd1_16(BNWORD16 *out, BNWORD16 const *in, unsigned len, BNWORD16 k)
-{
- move.w d4,-(sp)
- clr.w d4
- move.w d3,-(sp) /* 4 bytes of stack frame */
- move.l 4+4(sp),a1 /* out */
- move.l 4+8(sp),a0 /* in */
-#if UINT_MAX == 0xffff
- move.w 4+12(sp),d3 /* len */
- move.w 4+14(sp),d2 /* k */
-#else
- move.w 4+14(sp),d3 /* len (low 16 bits) */
- move.w 4+16(sp),d2 /* k */
-#endif
-
- move.w (a0)+,d1 /* First multiply */
- mulu.w d2,d1
- add.w d1,(a1)+
- clr.w d1
- swap d1
- addx.w d4,d1
-
- subq.w #1,d3 /* Setup for loop unrolling */
- lsr.w #1,d3
- bcs.s ma16_even
- beq.s ma16_short
-
- subq.w #1,d3 /* Set up software pipeline properly */
- move.l d1,d0
-
-ma16_loop:
- move.w (a0)+,d1
- mulu.w d2,d1
- add.l d0,d1
- add.w d1,(a1)+
- clr.w d1
- swap d1
- addx.w d4,d1
-ma16_even:
-
- move.w (a0)+,d0
- mulu.w d2,d0
- add.l d1,d0
- add.w d0,(a1)+
- clr.w d0
- swap d0
- addx.w d4,d0
-
- dbra d3,ma16_loop
-
- move.w (sp)+,d3
- move.w (sp)+,d4
- rts
-ma16_short:
- move.w (sp)+,d3
- move.l d1,d0
- move.w (sp)+,d4
- rts
-}
-
-
-
-asm BNWORD16
-lbnMulSub1_16(BNWORD16 *out, BNWORD16 const *in, unsigned len, BNWORD16 k)
-{
- move.w d4,-(sp)
- clr.w d4
- move.w d3,-(sp) /* 4 bytes of stack frame */
- move.l 4+4(sp),a1 /* out */
- move.l 4+8(sp),a0 /* in */
-#if UINT_MAX == 0xffff
- move.w 4+12(sp),d3 /* len */
- move.w 4+14(sp),d2 /* k */
-#else
- move.w 4+14(sp),d3 /* len (low 16 bits) */
- move.w 4+16(sp),d2 /* k */
-#endif
-
- move.w (a0)+,d1 /* First multiply */
- mulu.w d2,d1
- sub.w d1,(a1)+
- clr.w d1
- swap d1
- addx.w d4,d1
-
- subq.w #1,d3 /* Setup for loop unrolling */
- lsr.w #1,d3
- bcs.s ms16_even
- beq.s ms16_short
-
- subq.w #1,d3 /* Set up software pipeline properly */
- move.l d1,d0
-
-ms16_loop:
- move.w (a0)+,d1
- mulu.w d2,d1
- add.l d0,d1
- sub.w d1,(a1)+
- clr.w d1
- swap d1
- addx.w d4,d1
-ms16_even:
-
- move.w (a0)+,d0
- mulu.w d2,d0
- add.l d1,d0
- sub.w d0,(a1)+
- clr.w d0
- swap d0
- addx.w d4,d0
-
- dbra d3,ms16_loop
-
- move.w (sp)+,d3
- move.w (sp)+,d4
- rts
-ms16_short:
- move.w (sp)+,d3
- move.l d1,d0
- move.w (sp)+,d4
- rts
-}
-
-/* The generic long/short divide doesn't know that nh < d */
-asm BNWORD16
-lbnDiv21_16(BNWORD16 *q, BNWORD16 nh, BNWORD16 nl, BNWORD16 d)
-{
- move.l 8(sp),d0 /* nh *and* nl */
- divu.w 12(sp),d0
- move.l 4(sp),a0
- move.w d0,(a0)
- clr.w d0
- swap d0
- rts
-}
-
-asm unsigned
-lbnModQ_16(BNWORD16 const *n, unsigned len, BNWORD16 d)
-{
- move.l 4(sp),a0 /* n */
- moveq.l #0,d1
-#if UINT_MAX == 0xffff
- move.w 8(sp),d1 /* len */
- move.w 10(sp),d2 /* d */
-#else
- move.w 10(sp),d1 /* len (low 16 bits) */
- move.w 12(sp),d2 /* d */
-#endif
-
- add.l d1,a0
- add.l d1,a0 /* n += len */
- moveq.l #0,d0
- subq.w #1,d1
-
-mq16_loop:
- move.w -(a0),d0 /* Assemble remainder and new word */
- divu.w d2,d0 /* Put remainder in high half of d0 */
- dbra d1,mq16_loop
-
-mq16_done:
- clr.w d0
- swap d0
- rts
-}
-
-/*
- * Detect if this is a 32-bit processor (68020+ *or* CPU32).
- * Both the 68020+ and CPU32 processors (which have 32x32->64-bit
- * multiply, what the 32-bit math library wants) support scaled indexed
- * addressing. The 68000 and 68010 ignore the scale selection
- * bits, treating it as *1 all the time. So a 32-bit processor
- * will evaluate -2(a0,a0.w*2) as 1+1*2-2 = 1.
- * A 16-bit processor will compute 1+1-2 = 0.
- *
- * Thus, the return value will indicate whether the chip this is
- * running on supports 32x32->64-bit multiply (mulu.l).
- */
-asm int
-is68020(void)
-{
- machine 68020
- lea 1,a0
-#if 0
- lea -2(a0,a0.w*2),a0 /* Metrowerks won't assemble this, arrgh */
-#else
- dc.w 0x41f0, 0x82fe
-#endif
- move.l a0,d0
- rts
-}
-/*
- * Since I had to hand-assemble that fancy addressing mode, I had to study
- * up on 680x0 addressing modes.
- * A summary of 680x0 addressing modes.
- * A 68000 effective address specifies an operand on an instruction, which
- * may be a register or in memory. It is made up of a 3-bit mode and a
- * 3-bit register specifier. The meanings of the various modes are:
- *
- * 000 reg - Dn, n specified by "reg"
- * 001 reg - An, n specified by "reg"
- * 010 reg - (An)
- * 011 reg - (An)+
- * 100 reg - -(An)
- * 101 reg - d16(An), one 16-bit displacement word follows, sign-extended
- * 110 reg - Fancy addressing mode off of An, see extension word below
- * 111 000 - abs.W, one 16-bit signed absolute address follows
- * 111 001 - abs.L, one 32-bit absolute address follows
- * 111 010 - d16(PC), one 16-bit displacemnt word follows, sign-extended
- * 111 011 - Fancy addressing mode off of PC, see extension word below
- * 111 100 - #immediate, followed by 16 or 32 bits of immediate value
- * 111 101 - unused, reserved
- * 111 110 - unused, reserved
- * 111 111 - unused, reserved
- *
- * Memory references are to data space, except that PC-relative references
- * are to program space, and are read-only.
- *
- * Fancy addressing modes are followed by a 16-bit extension word, and come
- * in "brief" and "full" forms.
- * The "brief" form looks like this. Bit 8 is 0 to indicate this form:
- *
- * 1 1 1 1 1 1 1
- * 6 5 4 3 2 1 0 9 8 7 6 5 4 3 2 1 0
- * +---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+
- * |A/D| register |L/W| scale | 0 | 8-bit signed displacement |
- * +---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+
- *
- * The basic effective address specifies a 32-bit base register - A0 through
- * A7 or PC (the address of the following instruction).
- * The A/D and register fields specify an index register. A/D is 1 for
- * address registers, and 0 for data registers. L/W specifies the length
- * of the index register, 1 for 32 bits, and 0 for 16 bits (sign-extended).
- * The scale field is a left shift amount (0 to 3 bits) to apply to the
- * sign-extended index register. The final address is d8(An,Rn.X*SCALE),
- * also written (d8,An,Rn.X*SCALE). X is "W" or "L", SCALE is 1, 2, 4 or 8.
- * "*1" may be omitted, as may a d8 of 0.
- *
- * The 68000 supports this form, but only with a scale field of 0.
- * It does NOT (says the MC68030 User's Manual MC68030UM/AD, section 2.7)
- * decode the scale field and the following format bit. They are treated
- * as 0.
- * I recall (I don't have the data book handy) that the CPU32 processor
- * core used in the 683xx series processors supports variable scales,
- * but only the brief extension word form. I suspect it decodes the
- * format bit and traps if it is not zero, but I don't recall.
- *
- * The "full" form (680x0, x >= 2 processors only) looks like this:
- *
- * 1 1 1 1 1 1 1
- * 6 5 4 3 2 1 0 9 8 7 6 5 4 3 2 1 0
- * +---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+
- * |A/D| register |L/W| scale | 1 | BS| IS|BD size| 0 | P |OD size|
- * +---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+
- *
- * The first 8 bits are interpreted the same way as in the brief form,
- * except that bit 8 is set to 1 to indicate the full form.
- * BS, Base Suppress, if set, causes a value of 0 to be used in place of
- * the base register value. If this is set, the base register
- * specified is irrelevant, except that if it is the PC, the fetch is
- * still done from program space. The specifier "ZPC" can be used in
- * place of "PC" in the effective address mnemonic to represent this
- * case.
- * IS, Index Suppress, if set, causes a value of 0 to be used in place
- * of the scaled index register. In this case, the first 7 bits of the
- * extension word are irrelevant.
- * BD size specifies the base displacement size. A value of 00
- * in this field is illegal, while 01, 10 and 11 indicate that the
- * extension word is followed by 0, 1 or 2 16-bit words of base displacement
- * (zero, sign-extended to 32 bits, and most-significant word first,
- * respectively) to add to the base register value.
- * Bit 3 is unused.
- * The P bit is the pre/post indexing bit, and only applies if an outer
- * displacement is used. This is explained later.
- * OD size specifies the size of an outer displacement. In the simple
- * case, this field is set to 00 and the effective address is
- * (disp,An,Rn.X*SCALE) or (disp,PC,Rn.X*SCALE).
- * In this case the P bit must be 0. Any of those compnents may be
- * suppressed, with a BD size of 01, the BS bit, or the IS bit.
- * If the OD size is not 00, it encodes an outer displacement in the same
- * manner as the BD size, and 0, 1 or 2 16-bit words of outer displacement
- * follow the base displacement in the instruction stream. In this case,
- * this is a double-indirect addressing mode. The base, base displacement,
- * and possibly the index, specify a 32-bit memory word which holds a value
- * which is fetched, and the outer displacement and possibly the index are
- * added to produce the address of the operand.
- * If the P bit is 0, this is pre-indexed, and the index value is added
- * before the fetch of the indirect word, producing an effective address
- * of ([disp,An,Rn.X*SCALE],disp). If the P bit is 1, the post-indexed case,
- * the memory word is fectched from base+base displacement, then the index
- * and outer displacement are added to compute the address of the operand.
- * This effective address is written ([disp,An],Rn.X*SCALE,disp).
- * (In both cases, "An" may also be "PC" or "ZPC".)
- * Any of the components may be omitted. If the index is omitted (using the
- * IS bit), the P bit is irrelevant, but must be written as 0.
- * Thus, legal combinations of IS, P and OD size are:
- * 0 0 00 - (disp,An,Rn.X*SCALE), also written disp(An,Rn.X*SCALE)
- * 0 0 01 - ([disp,An,Rn.X*SCALE])
- * 0 0 10 - ([disp,An,Rn.X*SCALE],d16)
- * 0 0 11 - ([disp,An,Rn.X*SCALE],d32)
- * 0 1 01 - ([disp,An],Rn.X*SCALE)
- * 0 1 10 - ([disp,An],Rn.X*SCALE,d16)
- * 0 1 11 - ([disp,An],Rn.X*SCALE,d32)
- * 1 0 00 - (disp,An), also written disp(An)
- * 1 0 01 - ([disp,An])
- * 1 0 10 - ([disp,An],d16)
- * 1 0 11 - ([disp,An],d32)
- */
-
-/* 45678901234567890123456789012345678901234567890123456789012345678901234567 */
+++ /dev/null
-/*
- * Cylink Corporation © 1998
- *
- * This software is licensed by Cylink to the Internet Software Consortium to
- * promote implementation of royalty free public key cryptography within IETF
- * standards. Cylink wishes to expressly thank the contributions of Dr.
- * Martin Hellman, Whitfield Diffie, Ralph Merkle and Stanford University for
- * their contributions to Internet Security. In accordance with the terms of
- * this license, ISC is authorized to distribute and sublicense this software
- * for the practice of IETF standards.
- *
- * The software includes BigNum, written by Colin Plumb and licensed by Philip
- * R. Zimmermann for royalty free use and distribution with Cylink's
- * software. Use of BigNum as a stand alone product or component is
- * specifically prohibited.
- *
- * Disclaimer of All Warranties. THIS SOFTWARE IS BEING PROVIDED "AS IS",
- * WITHOUT ANY EXPRESSED OR IMPLIED WARRANTY OF ANY KIND WHATSOEVER. IN
- * PARTICULAR, WITHOUT LIMITATION ON THE GENERALITY OF THE FOREGOING, CYLINK
- * MAKES NO REPRESENTATION OF THIS SOFTWARE OR ITS FITNESS FOR ANY PARTICULAR
- * PURPOSE.
- *
- * Cylink or its representatives shall not be liable for tort, indirect,
- * special or consequential damages such as loss of profits or loss of
- * goodwill from the use or inability to use the software for any purpose or
- * for any reason whatsoever.
- *
- * EXPORT LAW: Export of the Foundations Suite may be subject to compliance
- * with the rules and regulations promulgated from time to time by the Bureau
- * of Export Administration, United States Department of Commerce, which
- * restrict the export and re-export of certain products and technical data.
- * If the export of the Foundations Suite is controlled under such rules and
- * regulations, then the Foundations Suite shall not be exported or
- * re-exported, directly or indirectly, (a) without all export or re-export
- * licenses and governmental approvals required by any applicable laws, or (b)
- * in violation of any applicable prohibition against the export or re-export
- * of any part of the Foundations Suite. All export licenses for software
- * containing the Foundations Suite are the sole responsibility of the licensee.
- */
-
-/*
- * lbn68000.h - 16-bit bignum primitives for the 68000 (or 68010) processors.
- *
- * These primitives use little-endian word order.
- * (The order of bytes within words is irrelevant.)
- */
-#define BN_LITTLE_ENDIAN 1
-
-typedef unsigned short bnword16
-#define BNWORD16 bnword16
-
-bnword16 lbnSub1_16(bnword16 *num, unsigned len, bnword16 borrow);
-bnword16 lbnAdd1_16(bnword16 *num, unsigned len, bnword16 carry);
-void lbnMulN1_16(bnword16 *out, bnword16 const *in, unsigned len, bnword16 k);
-bnword16
-lbnMulAdd1_16(bnword16 *out, bnword16 const *in, unsigned len, bnword16 k);
-bnword16
-lbnMulSub1_16(bnword16 *out, bnword16 const *in, unsigned len, bnword16 k);
-bnword16 lbnDiv21_16(bnword16 *q, bnword16 nh, bnword16 nl, bnword16 d);
-unsigned lbnModQ_16(bnword16 const *n, unsigned len, bnword16 d);
-
-int is68020(void);
-
-/* #define the values to exclude the C versions */
-#define lbnSub1_16 lbnSub1_16
-#define lbnAdd1_16 lbnAdd1_16
-#define lbnMulN1_16 lbnMulN1_16
-#define lbnMulAdd1_16 lbnMulAdd1_16
-#define lbnMulSub1_16 lbnMulSub1_16
-#define lbnDiv21_16 lbnDiv21_16
-#define lbnModQ_16 lbnModQ_16
-
-/* Also include the 68020 definitions for 16/32 bit switching versions. */
-#include <lbn68020.h>
+++ /dev/null
-/*
- * Cylink Corporation © 1998
- *
- * This software is licensed by Cylink to the Internet Software Consortium to
- * promote implementation of royalty free public key cryptography within IETF
- * standards. Cylink wishes to expressly thank the contributions of Dr.
- * Martin Hellman, Whitfield Diffie, Ralph Merkle and Stanford University for
- * their contributions to Internet Security. In accordance with the terms of
- * this license, ISC is authorized to distribute and sublicense this software
- * for the practice of IETF standards.
- *
- * The software includes BigNum, written by Colin Plumb and licensed by Philip
- * R. Zimmermann for royalty free use and distribution with Cylink's
- * software. Use of BigNum as a stand alone product or component is
- * specifically prohibited.
- *
- * Disclaimer of All Warranties. THIS SOFTWARE IS BEING PROVIDED "AS IS",
- * WITHOUT ANY EXPRESSED OR IMPLIED WARRANTY OF ANY KIND WHATSOEVER. IN
- * PARTICULAR, WITHOUT LIMITATION ON THE GENERALITY OF THE FOREGOING, CYLINK
- * MAKES NO REPRESENTATION OF THIS SOFTWARE OR ITS FITNESS FOR ANY PARTICULAR
- * PURPOSE.
- *
- * Cylink or its representatives shall not be liable for tort, indirect,
- * special or consequential damages such as loss of profits or loss of
- * goodwill from the use or inability to use the software for any purpose or
- * for any reason whatsoever.
- *
- * EXPORT LAW: Export of the Foundations Suite may be subject to compliance
- * with the rules and regulations promulgated from time to time by the Bureau
- * of Export Administration, United States Department of Commerce, which
- * restrict the export and re-export of certain products and technical data.
- * If the export of the Foundations Suite is controlled under such rules and
- * regulations, then the Foundations Suite shall not be exported or
- * re-exported, directly or indirectly, (a) without all export or re-export
- * licenses and governmental approvals required by any applicable laws, or (b)
- * in violation of any applicable prohibition against the export or re-export
- * of any part of the Foundations Suite. All export licenses for software
- * containing the Foundations Suite are the sole responsibility of the licensee.
- */
-
-/*
- * lbn68020.c - 32-bit bignum primitives for the 68020+ (0r 683xx) processors.
- *
- * Copyright (c) 1995 Colin Plumb. All rights reserved.
- * For licensing and other legal details, see the file legal.c.
- *
- * This was written for Metrowerks C, and while it should be reasonably
- * portable, NOTE that Metrowerks lets a callee trash a0, a1, d0, d1, and d2.
- * Some 680x0 compilers make d2 callee-save, so instructions to save it
- * will have to be added.
- *
- * This code supports 16 or 32-bit ints, based on UINT_MAX.
- * Regardless of UINT_MAX, only bignums up to 64K words (2 million bits)
- * are supported. (68k hackers will recognize this as a consequence of
- * using dbra.)
- *
- * These primitives use little-endian word order.
- * (The order of bytes within words is irrelevant to this issue.)
- *
- * TODO: Schedule this for the 68040's pipeline. (When I get a 68040 manual.)
- */
-
-#include <limits.h>
-
-#include "lbn.h" /* Should include lbn68020.h */
-
-/*
- * The Metrowerks C compiler (1.2.2) produces bad 68k code for the
- * following input, which happens to be the inner loop of lbnSub1,
- * so a few less than critical routines have been recoded in assembly
- * to avoid the bug. (Optimizer on or off does not matter.)
- *
- * unsigned
- * decrement(unsigned *num, unsigned len)
- * {
- * do {
- * if ((*num++)-- != 0)
- * return 0;
- * } while (--len);
- * return 1;
- * }
- */
-asm BNWORD32
-lbnSub1_32(BNWORD32 *num, unsigned len, BNWORD32 borrow)
-{
- movea.l 4(sp),a0 /* num */
-#if UINT_MAX == 0xffff
- move.l 10(sp),d0 /* borrow */
-#else
- move.l 12(sp),d0 /* borrow */
-#endif
- sub.l d0,(a0)+
- bcc done
-#if UINT_MAX == 0xffff
- move.w 8(sp),d0 /* len */
-#else
- move.w 10(sp),d0 /* len */
-#endif
- subq.w #2,d0
- bcs done
-loop:
- subq.l #1,(a0)+
- dbcc d0,loop
-done:
- moveq.l #0,d0
- addx.w d0,d0
- rts
-}
-
-asm BNWORD32
-lbnAdd1_32(BNWORD32 *num, unsigned len, BNWORD32 carry)
-{
- movea.l 4(sp),a0 /* num */
-#if UINT_MAX == 0xffff
- move.l 10(sp),d0 /* carry */
-#else
- move.l 12(sp),d0 /* carry */
-#endif
- add.l d0,(a0)+
- bcc done
-#if UINT_MAX == 0xffff
- move.w 8(sp),d0 /* len */
-#else
- move.w 10(sp),d0 /* len */
-#endif
- subq.w #2,d0
- bcs done
-loop:
- addq.l #1,(a0)+
- dbcc d0,loop
-done:
- moveq.l #0,d0
- addx.w d0,d0
- rts
-}
-
-asm void
-lbnMulN1_32(BNWORD32 *out, BNWORD32 const *in, unsigned len, BNWORD32 k)
-{
- machine 68020
-
- movem.l d3-d5,-(sp) /* 12 bytes of extra data */
- moveq.l #0,d4
- move.l 16(sp),a1 /* out */
- move.l 20(sp),a0 /* in */
-#if UINT_MAX == 0xffff
- move.w 24(sp),d5 /* len */
- move.l 26(sp),d2 /* k */
-#else
- move.w 26(sp),d5 /* len */
- move.l 28(sp),d2 /* k */
-#endif
-
- move.l (a0)+,d3 /* First multiply */
- mulu.l d2,d1:d3 /* dc.w 0x4c02, 0x3401 */
- move.l d3,(a1)+
-
- subq.w #1,d5 /* Setup for loop unrolling */
- lsr.w #1,d5
- bcs.s m32_even
- beq.s m32_short
-
- subq.w #1,d5 /* Set up software pipeline properly */
- move.l d1,d0
-
-m32_loop:
- move.l (a0)+,d3
- mulu.l d2,d1:d3 /* dc.w 0x4c02, 0x3401 */
- add.l d0,d3
- addx.l d4,d1
- move.l d3,(a1)+
-m32_even:
-
- move.l (a0)+,d3
- mulu.l d2,d0:d3 /* dc.w 0x4c02, 0x3400 */
- add.l d1,d3
- addx.l d4,d0
- move.l d3,(a1)+
-
- dbra d5,m32_loop
-
- move.l d0,(a1)
- movem.l (sp)+,d3-d5
- rts
-m32_short:
- move.l d1,(a1)
- movem.l (sp)+,d3-d5
- rts
-}
-
-
-asm BNWORD32
-lbnMulAdd1_32(BNWORD32 *out, BNWORD32 const *in, unsigned len, BNWORD32 k)
-{
- machine 68020
- movem.l d3-d5,-(sp) /* 12 bytes of extra data */
- moveq.l #0,d4
- move.l 16(sp),a1 /* out */
- move.l 20(sp),a0 /* in */
-#if UINT_MAX == 0xffff
- move.w 24(sp),d5 /* len */
- move.l 26(sp),d2 /* k */
-#else
- move.w 26(sp),d5 /* len */
- move.l 28(sp),d2 /* k */
-#endif
-
- move.l (a0)+,d3 /* First multiply */
- mulu.l d2,d1:d3 /* dc.w 0x4c02, 0x3401 */
- add.l d3,(a1)+
- addx.l d4,d1
-
- subq.w #1,d5 /* Setup for loop unrolling */
- lsr.w #1,d5
- bcs.s ma32_even
- beq.s ma32_short
-
- subq.w #1,d5 /* Set up software pipeline properly */
- move.l d1,d0
-
-ma32_loop:
- move.l (a0)+,d3
- mulu.l d2,d1:d3 /* dc.w 0x4c02, 0x3401 */
- add.l d0,d3
- addx.l d4,d1
- add.l d3,(a1)+
- addx.l d4,d1
-ma32_even:
-
- move.l (a0)+,d3
- mulu.l d2,d0:d3 /* dc.w 0x4c02, 0x3400 */
- add.l d1,d3
- addx.l d4,d0
- add.l d3,(a1)+
- addx.l d4,d0
-
- dbra d5,ma32_loop
-
- movem.l (sp)+,d3-d5
- rts
-ma32_short:
- move.l d1,d0
- movem.l (sp)+,d3-d5
- rts
-}
-
-
-asm BNWORD32
-lbnMulSub1_32(BNWORD32 *out, BNWORD32 const *in, unsigned len, BNWORD32 k)
-{
- machine 68020
- movem.l d3-d5,-(sp) /* 12 bytes of extra data */
- moveq.l #0,d4
- move.l 16(sp),a1 /* out */
- move.l 20(sp),a0 /* in */
-#if UINT_MAX == 0xffff
- move.w 24(sp),d5 /* len */
- move.l 26(sp),d2 /* k */
-#else
- move.w 26(sp),d5 /* len */
- move.l 28(sp),d2 /* k */
-#endif
-
- move.l (a0)+,d3 /* First multiply */
- mulu.l d2,d1:d3 /* dc.w 0x4c02, 0x3401 */
- sub.l d3,(a1)+
- addx.l d4,d1
-
- subq.w #1,d5 /* Setup for loop unrolling */
- lsr.w #1,d5
- bcs.s ms32_even
- beq.s ms32_short
-
- subq.w #1,d5 /* Set up software pipeline properly */
- move.l d1,d0
-
-ms32_loop:
- move.l (a0)+,d3
- mulu.l d2,d1:d3 /* dc.w 0x4c02, 0x3401 */
- add.l d0,d3
- addx.l d4,d1
- sub.l d3,(a1)+
- addx.l d4,d1
-ms32_even:
-
- move.l (a0)+,d3
- mulu.l d2,d0:d3 /* dc.w 0x4c02, 0x3400 */
- add.l d1,d3
- addx.l d4,d0
- sub.l d3,(a1)+
- addx.l d4,d0
-
- dbra d5,ms32_loop
-
- movem.l (sp)+,d3-d5
- rts
-
-ms32_short:
- move.l d1,d0
- movem.l (sp)+,d3-d5
- rts
-}
-
-
-asm BNWORD32
-lbnDiv21_32(BNWORD32 *q, BNWORD32 nh, BNWORD32 nl, BNWORD32 d)
-{
- machine 68020
- move.l 8(sp),d0
- move.l 12(sp),d1
- move.l 4(sp),a0
- divu.l 16(sp),d0:d1 /* dc.w 0x4c6f, 0x1400, 16 */
- move.l d1,(a0)
- rts
-}
-
-asm unsigned
-lbnModQ_32(BNWORD32 const *n, unsigned len, unsigned d)
-{
- machine 68020
- move.l 4(sp),a0 /* n */
- move.l d3,a1
-#if UINT_MAX == 0xffff
- moveq.l #0,d2
- move.w 8(sp),d1 /* len */
- move.w 10(sp),d2 /* d */
-#else
- move.w 10(sp),d1 /* len */
- move.l 12(sp),d2 /* d */
-#endif
- dc.w 0x41f0, 0x1cfc /* lea -4(a0,d1.L*4),a0 */
-
- /* First time, divide 32/32 - may be faster than 64/32 */
- move.l (a0),d3
- divul.l d2,d0:d3 /* dc.w 0x4c02, 0x3000 */
- subq.w #2,d1
- bmi mq32_done
-
-mq32_loop:
- move.l -(a0),d3
- divu.l d2,d0:d3 /* dc.w 0x4c02,0x3400 */
- dbra d1,mq32_loop
-
-mq32_done:
- move.l a1,d3
- rts
-}
-
-/* 45678901234567890123456789012345678901234567890123456789012345678901234567 */
+++ /dev/null
-/*
- * Cylink Corporation © 1998
- *
- * This software is licensed by Cylink to the Internet Software Consortium to
- * promote implementation of royalty free public key cryptography within IETF
- * standards. Cylink wishes to expressly thank the contributions of Dr.
- * Martin Hellman, Whitfield Diffie, Ralph Merkle and Stanford University for
- * their contributions to Internet Security. In accordance with the terms of
- * this license, ISC is authorized to distribute and sublicense this software
- * for the practice of IETF standards.
- *
- * The software includes BigNum, written by Colin Plumb and licensed by Philip
- * R. Zimmermann for royalty free use and distribution with Cylink's
- * software. Use of BigNum as a stand alone product or component is
- * specifically prohibited.
- *
- * Disclaimer of All Warranties. THIS SOFTWARE IS BEING PROVIDED "AS IS",
- * WITHOUT ANY EXPRESSED OR IMPLIED WARRANTY OF ANY KIND WHATSOEVER. IN
- * PARTICULAR, WITHOUT LIMITATION ON THE GENERALITY OF THE FOREGOING, CYLINK
- * MAKES NO REPRESENTATION OF THIS SOFTWARE OR ITS FITNESS FOR ANY PARTICULAR
- * PURPOSE.
- *
- * Cylink or its representatives shall not be liable for tort, indirect,
- * special or consequential damages such as loss of profits or loss of
- * goodwill from the use or inability to use the software for any purpose or
- * for any reason whatsoever.
- *
- * EXPORT LAW: Export of the Foundations Suite may be subject to compliance
- * with the rules and regulations promulgated from time to time by the Bureau
- * of Export Administration, United States Department of Commerce, which
- * restrict the export and re-export of certain products and technical data.
- * If the export of the Foundations Suite is controlled under such rules and
- * regulations, then the Foundations Suite shall not be exported or
- * re-exported, directly or indirectly, (a) without all export or re-export
- * licenses and governmental approvals required by any applicable laws, or (b)
- * in violation of any applicable prohibition against the export or re-export
- * of any part of the Foundations Suite. All export licenses for software
- * containing the Foundations Suite are the sole responsibility of the licensee.
- */
-
-/*
- * lbn68020.h - 32-bit bignum primitives for the 68020 (or 683xx) processors.
- *
- * These primitives use little-endian word order.
- * (The order of bytes within words is irrelevant.)
- */
-#define BN_LITTLE_ENDIAN 1
-
-typedef unsigned long bnword32
-#define BNWORD32 bnword32
-
-bnword32 lbnSub1_32(bnword32 *num, unsigned len, bnword32 borrow);
-bnword32 lbnAdd1_32(bnword32 *num, unsigned len, bnword32 carry);
-void lbnMulN1_32(bnword32 *out, bnword32 const *in, unsigned len, bnword32 k);
-bnword32
-lbnMulAdd1_32(bnword32 *out, bnword32 const *in, unsigned len, bnword32 k);
-bnword32
-lbnMulSub1_32(bnword32 *out, bnword32 const *in, unsigned len, bnword32 k);
-bnword32 lbnDiv21_32(bnword32 *q, bnword32 nh, bnword32 nl, bnword32 d);
-unsigned lbnModQ_32(bnword32 const *n, unsigned len, unsigned d);
-
-/* #define the values to exclude the C versions */
-#define lbnSub1_32 lbnSub1_32
-#define lbnAdd1_32 lbnAdd1_32
-#define lbnMulN1_32 lbnMulN1_32
-#define lbnMulAdd1_32 lbnMulAdd1_32
-#define lbnMulSub1_32 lbnMulSub1_32
-#define lbnDiv21_32 lbnDiv21_32
-#define lbnModQ_32 lbnModQ_32
+++ /dev/null
-/*
- * Cylink Corporation © 1998
- *
- * This software is licensed by Cylink to the Internet Software Consortium to
- * promote implementation of royalty free public key cryptography within IETF
- * standards. Cylink wishes to expressly thank the contributions of Dr.
- * Martin Hellman, Whitfield Diffie, Ralph Merkle and Stanford University for
- * their contributions to Internet Security. In accordance with the terms of
- * this license, ISC is authorized to distribute and sublicense this software
- * for the practice of IETF standards.
- *
- * The software includes BigNum, written by Colin Plumb and licensed by Philip
- * R. Zimmermann for royalty free use and distribution with Cylink's
- * software. Use of BigNum as a stand alone product or component is
- * specifically prohibited.
- *
- * Disclaimer of All Warranties. THIS SOFTWARE IS BEING PROVIDED "AS IS",
- * WITHOUT ANY EXPRESSED OR IMPLIED WARRANTY OF ANY KIND WHATSOEVER. IN
- * PARTICULAR, WITHOUT LIMITATION ON THE GENERALITY OF THE FOREGOING, CYLINK
- * MAKES NO REPRESENTATION OF THIS SOFTWARE OR ITS FITNESS FOR ANY PARTICULAR
- * PURPOSE.
- *
- * Cylink or its representatives shall not be liable for tort, indirect,
- * special or consequential damages such as loss of profits or loss of
- * goodwill from the use or inability to use the software for any purpose or
- * for any reason whatsoever.
- *
- * EXPORT LAW: Export of the Foundations Suite may be subject to compliance
- * with the rules and regulations promulgated from time to time by the Bureau
- * of Export Administration, United States Department of Commerce, which
- * restrict the export and re-export of certain products and technical data.
- * If the export of the Foundations Suite is controlled under such rules and
- * regulations, then the Foundations Suite shall not be exported or
- * re-exported, directly or indirectly, (a) without all export or re-export
- * licenses and governmental approvals required by any applicable laws, or (b)
- * in violation of any applicable prohibition against the export or re-export
- * of any part of the Foundations Suite. All export licenses for software
- * containing the Foundations Suite are the sole responsibility of the licensee.
- */
-
-/*
- * lbn80386.h - This file defines the interfaces to the 80386
- * assembly primitives. It is intended to be included in "lbn.h"
- * via the "#include BNINCLUDE" mechanism.
- */
-
-#define BN_LITTLE_ENDIAN 1
-
-typedef unsigned long bnword32;
-#define BNWORD32 bnword32
-
-/* MS-DOS needs the calling convention described to it. */
-#ifndef MSDOS
-#ifdef __MSDOS__
-#define MSDOS 1
-#endif
-#endif
-
-#ifdef MSDOS
-#define CDECL __cdecl
-#else
-#define CDECL /*nothing*/
-#endif
-
-#ifdef __cplusplus
-/* These assembly-language primitives use C names */
-extern "C" {
-#endif
-
-/* Function prototypes for the asm routines */
-void CDECL
-lbnMulN1_32(bnword32 *out, bnword32 const *in, unsigned len, bnword32 k);
-#define lbnMulN1_32 lbnMulN1_32
-
-bnword32 CDECL
-lbnMulAdd1_32(bnword32 *out, bnword32 const *in, unsigned len, bnword32 k);
-#define lbnMulAdd1_32 lbnMulAdd1_32
-
-bnword32 CDECL
-lbnMulSub1_32(bnword32 *out, bnword32 const *in, unsigned len, bnword32 k);
-#define lbnMulSub1_32 lbnMulSub1_32
-
-bnword32 CDECL
-lbnDiv21_32(bnword32 *q, bnword32 nh, bnword32 nl, bnword32 d);
-#define lbnDiv21_32 lbnDiv21_32
-
-unsigned CDECL
-lbnModQ_32(bnword32 const *n, unsigned len, bnword32 d);
-#define lbnModQ_32 lbnModQ_32
-
-#ifdef __cplusplus
-}
-#endif
-
-
-#if __GNUC__
-/*
- * Use the (massively cool) GNU inline-assembler extension to define
- * inline expansions for various operations.
- *
- * The massively cool part is that the assembler can have inputs
- * and outputs, and you specify the operands and which effective
- * addresses are legal and they get substituted into the code.
- * (For example, some of the code requires a zero. Rather than
- * specify an immediate constant, the expansion specifies an operand
- * of zero which can be in various places. This lets GCC use an
- * immediate zero, or a register which contains zero if it's available.)
- *
- * The syntax is asm("asm_code" : outputs : inputs : trashed)
- * %0, %1 and so on in the asm code are substituted by the operands
- * in left-to-right order (outputs, then inputs).
- * The operands contain constraint strings and values to use.
- * Outputs must be lvalues, inputs may be rvalues. In the constraints:
- * "a" means that the operand must be in eax.
- * "d" means that the operand must be in edx.
- * "g" means that the operand may be any effective address.
- * "=" means that the operand is assigned to.
- * "%" means that this operand and the following one may be
- * interchanged if desirable.
- * "bcDSmn" means that the operand must be in ebx, ecx, esi, edi, memory,
- * or an immediate constant. (This is almost the same as "g"
- * but allowing it in eax wouldn't help because x is already
- * assigned there, and it must not be in edx, since edx is
- * overwritten by the multiply before a and b are read.)
- *
- * Note that GCC uses AT&T assembler syntax, which is rather
- * different from Intel syntax. The length (b, w or l) of the
- * operation is appended to the opcode, and the *second* operand
- * is the destination, not the first. Finally, the register names
- * are all preceded with "%". (Doubled here because % is a
- * magic character.)
- */
-
-/* (ph<<32) + pl = x*y */
-#define mul32_ppmm(ph,pl,x,y) \
- __asm__("mull %3" : "=d"(ph), "=a"(pl) : "%a"(x), "g"(y))
-
-/* (ph<<32) + pl = x*y + a */
-#define mul32_ppmma(ph,pl,x,y,a) \
- __asm__("mull %3\n\t" \
- "addl %4,%%eax\n\t" \
- "adcl %5,%%edx" \
- : "=&d"(ph), "=a"(pl) \
- : "%a"(x), "g"(y), "bcDSmn"(a), "bcDSmn"(0))
-
-/* (ph<<32) + pl = x*y + a + b */
-#define mul32_ppmmaa(ph,pl,x,y,a,b) \
- __asm__("mull %3\n\t" \
- "addl %4,%%eax\n\t" \
- "adcl %6,%%edx\n\t" \
- "addl %5,%%eax\n\t" \
- "adcl %6,%%edx" \
- : "=&d"(ph), "=a"(pl) \
- : "%a"(x), "g"(y), "%bcDSmn"(a), "bcDSmn"(b), "bcDSmn"(0))
-
-/* q = ((nh<<32) + nl) / d, return remainder. nh guaranteed < d. */
-#undef lbnDiv21_32
-#define lbnDiv21_32(q,nh,nl,d) \
- ({unsigned _; \
- __asm__("divl %4" : "=d"(_), "=a"(*q) : "d"(nh), "a"(nl), "g"(d)); \
- _;})
-
-/* No quotient, just return remainder ((nh<<32) + nl) % d */
-#define lbnMod21_32(nh,nl,d) \
- ({unsigned _; \
- __asm__("divl %3" : "=d"(_) : "d"(nh), "a"(nl), "g"(d) : "ax"); \
- _;})
-
-#endif /* __GNUC__ */
+++ /dev/null
-/*
- * Cylink Corporation © 1998
- *
- * This software is licensed by Cylink to the Internet Software Consortium to
- * promote implementation of royalty free public key cryptography within IETF
- * standards. Cylink wishes to expressly thank the contributions of Dr.
- * Martin Hellman, Whitfield Diffie, Ralph Merkle and Stanford University for
- * their contributions to Internet Security. In accordance with the terms of
- * this license, ISC is authorized to distribute and sublicense this software
- * for the practice of IETF standards.
- *
- * The software includes BigNum, written by Colin Plumb and licensed by Philip
- * R. Zimmermann for royalty free use and distribution with Cylink's
- * software. Use of BigNum as a stand alone product or component is
- * specifically prohibited.
- *
- * Disclaimer of All Warranties. THIS SOFTWARE IS BEING PROVIDED "AS IS",
- * WITHOUT ANY EXPRESSED OR IMPLIED WARRANTY OF ANY KIND WHATSOEVER. IN
- * PARTICULAR, WITHOUT LIMITATION ON THE GENERALITY OF THE FOREGOING, CYLINK
- * MAKES NO REPRESENTATION OF THIS SOFTWARE OR ITS FITNESS FOR ANY PARTICULAR
- * PURPOSE.
- *
- * Cylink or its representatives shall not be liable for tort, indirect,
- * special or consequential damages such as loss of profits or loss of
- * goodwill from the use or inability to use the software for any purpose or
- * for any reason whatsoever.
- *
- * EXPORT LAW: Export of the Foundations Suite may be subject to compliance
- * with the rules and regulations promulgated from time to time by the Bureau
- * of Export Administration, United States Department of Commerce, which
- * restrict the export and re-export of certain products and technical data.
- * If the export of the Foundations Suite is controlled under such rules and
- * regulations, then the Foundations Suite shall not be exported or
- * re-exported, directly or indirectly, (a) without all export or re-export
- * licenses and governmental approvals required by any applicable laws, or (b)
- * in violation of any applicable prohibition against the export or re-export
- * of any part of the Foundations Suite. All export licenses for software
- * containing the Foundations Suite are the sole responsibility of the licensee.
- */
-
-/*
- * lbn8086.h - This file defines the interfaces to the 8086
- * assembly primitives for 16-bit MS-DOS environments.
- * It is intended to be included in "lbn.h"
- * via the "#include BNINCLUDE" mechanism.
- */
-
-#define BN_LITTLE_ENDIAN 1
-
-#ifdef __cplusplus
-/* These assembly-language primitives use C names */
-extern "C" {
-#endif
-
-/* Set up the appropriate types */
-typedef unsigned short bnword16;
-#define BNWORD16 bnword16
-typedef unsigned long bnword32;
-#define BNWORD32 bnword32
-
-void __cdecl __far
-lbnMulN1_16(bnword16 __far *out, bnword16 const __far *in,
- unsigned len, bnword16 k);
-#define lbnMulN1_16 lbnMulN1_16
-
-bnword16 __cdecl __far
-lbnMulAdd1_16(bnword16 __far *out, bnword16 const __far *in,
- unsigned len, bnword16 k);
-#define lbnMulAdd1_16 lbnMulAdd1_16
-
-bnword16 __cdecl __far
-lbnMulSub1_16(bnword16 __far *out, bnword16 const __far *in,
- unsigned len, bnword16 k);
-#define lbnMulSub1_16 lbnMulSub1_16
-
-bnword16 __cdecl __far
-lbnDiv21_16(bnword16 __far *q, bnword16 nh, bnword16 nl, bnword16 d);
-#define lbnDiv21_16 lbnDiv21_16
-
-bnword16 __cdecl __far
-lbnModQ_16(bnword16 const __far *n, unsigned len, bnword16 d);
-#define lbnModQ_16 lbnModQ_16
-
-
-
-void __cdecl __far
-lbnMulN1_32(bnword32 __far *out, bnword32 const __far *in,
- unsigned len, bnword32 k);
-#define lbnMulN1_32 lbnMulN1_32
-
-bnword32 __cdecl __far
-lbnMulAdd1_32(bnword32 __far *out, bnword32 const __far *in,
- unsigned len, bnword32 k);
-#define lbnMulAdd1_32 lbnMulAdd1_32
-
-bnword32 __cdecl __far
-lbnMulSub1_32(bnword32 __far *out, bnword32 const __far *in,
- unsigned len, bnword32 k);
-#define lbnMulSub1_32 lbnMulSub1_32
-
-bnword32 __cdecl __far
-lbnDiv21_32(bnword32 __far *q, bnword32 nh, bnword32 nl, bnword32 d);
-#define lbnDiv21_32 lbnDiv21_32
-
-bnword16 __cdecl __far
-lbnModQ_32(bnword32 const __far *n, unsigned len, bnword32 d);
-#define lbnModQ_32 lbnModQ_32
-
-int __cdecl __far not386(void);
-
-#ifdef __cplusplus
-}
-#endif
+++ /dev/null
-/*
- * Cylink Corporation © 1998
- *
- * This software is licensed by Cylink to the Internet Software Consortium to
- * promote implementation of royalty free public key cryptography within IETF
- * standards. Cylink wishes to expressly thank the contributions of Dr.
- * Martin Hellman, Whitfield Diffie, Ralph Merkle and Stanford University for
- * their contributions to Internet Security. In accordance with the terms of
- * this license, ISC is authorized to distribute and sublicense this software
- * for the practice of IETF standards.
- *
- * The software includes BigNum, written by Colin Plumb and licensed by Philip
- * R. Zimmermann for royalty free use and distribution with Cylink's
- * software. Use of BigNum as a stand alone product or component is
- * specifically prohibited.
- *
- * Disclaimer of All Warranties. THIS SOFTWARE IS BEING PROVIDED "AS IS",
- * WITHOUT ANY EXPRESSED OR IMPLIED WARRANTY OF ANY KIND WHATSOEVER. IN
- * PARTICULAR, WITHOUT LIMITATION ON THE GENERALITY OF THE FOREGOING, CYLINK
- * MAKES NO REPRESENTATION OF THIS SOFTWARE OR ITS FITNESS FOR ANY PARTICULAR
- * PURPOSE.
- *
- * Cylink or its representatives shall not be liable for tort, indirect,
- * special or consequential damages such as loss of profits or loss of
- * goodwill from the use or inability to use the software for any purpose or
- * for any reason whatsoever.
- *
- * EXPORT LAW: Export of the Foundations Suite may be subject to compliance
- * with the rules and regulations promulgated from time to time by the Bureau
- * of Export Administration, United States Department of Commerce, which
- * restrict the export and re-export of certain products and technical data.
- * If the export of the Foundations Suite is controlled under such rules and
- * regulations, then the Foundations Suite shall not be exported or
- * re-exported, directly or indirectly, (a) without all export or re-export
- * licenses and governmental approvals required by any applicable laws, or (b)
- * in violation of any applicable prohibition against the export or re-export
- * of any part of the Foundations Suite. All export licenses for software
- * containing the Foundations Suite are the sole responsibility of the licensee.
- */
-
-/*
- * lbnmem.c - low-level bignum memory handling.
- *
- * Copyright (c) 1995 Colin Plumb. All rights reserved.
- * For licensing and other legal details, see the file legal.c.
- *
- * Note that in all cases, the pointers passed around
- * are pointers to the *least* significant end of the word.
- * On big-endian machines, these are pointers to the *end*
- * of the allocated range.
- *
- * BNSECURE is a simple level of security; for more security
- * change these function to use locked unswappable memory.
- */
-
-#include "port_before.h"
-
-#ifndef HAVE_CONFIG_H
-#define HAVE_CONFIG_H 0
-#endif
-#if HAVE_CONFIG_H
-#include "config.h"
-#endif
-
-/*
- * Some compilers complain about #if FOO if FOO isn't defined,
- * so do the ANSI-mandated thing explicitly...
- */
-#ifndef NO_STDLIB_H
-#define NO_STDLIB_H 0
-#endif
-#ifndef NO_STRING_H
-#define NO_STRING_H 0
-#endif
-#ifndef HAVE_STRINGS_H
-#define HAVE_STRINGS_H 0
-#endif
-#ifndef NEED_MEMORY_H
-#define NEED_MEMORY_H 0
-#endif
-
-#if !NO_STDLIB_H
-#include <stdlib.h> /* For malloc() & co. */
-#else
-void *malloc();
-void *realloc();
-void free();
-#endif
-
-#if !NO_STRING_H
-#include <string.h> /* For memset */
-#elif HAVE_STRINGS_H
-#include <strings.h>
-#endif
-#if NEED_MEMORY_H
-#include <memory.h>
-#endif
-
-#ifndef DBMALLOC
-#define DBMALLOC 0
-#endif
-#if DBMALLOC
-/* Development debugging */
-#include "../dbmalloc/malloc.h"
-#endif
-
-#include "lbn.h"
-#include "lbnmem.h"
-
-#include "kludge.h"
-
-#ifndef lbnMemWipe
-void
-lbnMemWipe(void *ptr, unsigned bytes)
-{
- memset(ptr, 0, bytes);
-}
-#define lbnMemWipe(ptr, bytes) memset(ptr, 0, bytes)
-#endif
-
-#ifndef lbnMemAlloc
-void *
-lbnMemAlloc(unsigned bytes)
-{
- return malloc(bytes);
-}
-#define lbnMemAlloc(bytes) malloc(bytes)
-#endif
-
-#ifndef lbnMemFree
-void
-lbnMemFree(void *ptr, unsigned bytes)
-{
- lbnMemWipe(ptr, bytes);
- free(ptr);
-}
-#endif
-
-#ifndef lbnRealloc
-#if defined(lbnMemRealloc) || !BNSECURE
-void *
-lbnRealloc(void *ptr, unsigned oldbytes, unsigned newbytes)
-{
- if (ptr) {
- BIG(ptr = (char *)ptr - oldbytes;)
- if (newbytes < oldbytes)
- memmove(ptr, (char *)ptr + oldbytes-newbytes, oldbytes);
- }
-#ifdef lbnMemRealloc
- ptr = lbnMemRealloc(ptr, oldbytes, newbytes);
-#else
- ptr = realloc(ptr, newbytes);
-#endif
- if (ptr) {
- if (newbytes > oldbytes)
- memmove((char *)ptr + newbytes-oldbytes, ptr, oldbytes);
- BIG(ptr = (char *)ptr + newbytes;)
- }
-
- return ptr;
-}
-
-#else /* BNSECURE */
-
-void *
-lbnRealloc(void *oldptr, unsigned oldbytes, unsigned newbytes)
-{
- void *newptr = lbnMemAlloc(newbytes);
-
- if (!newptr)
- return newptr;
- if (!oldptr)
- return BIGLITTLE((char *)newptr+newbytes, newptr);
-
- /*
- * The following copies are a bit non-obvious in the big-endian case
- * because one of the pointers points to the *end* of allocated memory.
- */
- if (newbytes > oldbytes) { /* Copy all of old into part of new */
- BIG(newptr = (char *)newptr + newbytes;)
- BIG(oldptr = (char *)oldptr - oldbytes;)
- memcpy(BIGLITTLE((char *)newptr-oldbytes, newptr), oldptr,
- oldbytes);
- } else { /* Copy part of old into all of new */
- memcpy(newptr, BIGLITTLE((char *)oldptr-newbytes, oldptr),
- newbytes);
- BIG(newptr = (char *)newptr + newbytes;)
- BIG(oldptr = (char *)oldptr - oldbytes;)
- }
-
- lbnMemFree(oldptr, oldbytes);
- return newptr;
-}
-#endif /* BNSECURE */
-#endif /* !lbnRealloc */
+++ /dev/null
-/*
- * Cylink Corporation © 1998
- *
- * This software is licensed by Cylink to the Internet Software Consortium to
- * promote implementation of royalty free public key cryptography within IETF
- * standards. Cylink wishes to expressly thank the contributions of Dr.
- * Martin Hellman, Whitfield Diffie, Ralph Merkle and Stanford University for
- * their contributions to Internet Security. In accordance with the terms of
- * this license, ISC is authorized to distribute and sublicense this software
- * for the practice of IETF standards.
- *
- * The software includes BigNum, written by Colin Plumb and licensed by Philip
- * R. Zimmermann for royalty free use and distribution with Cylink's
- * software. Use of BigNum as a stand alone product or component is
- * specifically prohibited.
- *
- * Disclaimer of All Warranties. THIS SOFTWARE IS BEING PROVIDED "AS IS",
- * WITHOUT ANY EXPRESSED OR IMPLIED WARRANTY OF ANY KIND WHATSOEVER. IN
- * PARTICULAR, WITHOUT LIMITATION ON THE GENERALITY OF THE FOREGOING, CYLINK
- * MAKES NO REPRESENTATION OF THIS SOFTWARE OR ITS FITNESS FOR ANY PARTICULAR
- * PURPOSE.
- *
- * Cylink or its representatives shall not be liable for tort, indirect,
- * special or consequential damages such as loss of profits or loss of
- * goodwill from the use or inability to use the software for any purpose or
- * for any reason whatsoever.
- *
- * EXPORT LAW: Export of the Foundations Suite may be subject to compliance
- * with the rules and regulations promulgated from time to time by the Bureau
- * of Export Administration, United States Department of Commerce, which
- * restrict the export and re-export of certain products and technical data.
- * If the export of the Foundations Suite is controlled under such rules and
- * regulations, then the Foundations Suite shall not be exported or
- * re-exported, directly or indirectly, (a) without all export or re-export
- * licenses and governmental approvals required by any applicable laws, or (b)
- * in violation of any applicable prohibition against the export or re-export
- * of any part of the Foundations Suite. All export licenses for software
- * containing the Foundations Suite are the sole responsibility of the licensee.
- */
-
-/*
- * Operations on the usual buffers of bytes
- */
-#ifndef BNSECURE
-#define BNSECURE 1
-#endif
-
-/*
- * These operations act on buffers of memory, just like malloc & free.
- * One exception: it is not legal to pass a NULL pointer to lbnMemFree.
- */
-
-#ifndef lbnMemAlloc
-void *lbnMemAlloc(unsigned bytes);
-#endif
-
-#ifndef lbnMemFree
-void lbnMemFree(void *ptr, unsigned bytes);
-#endif
-
-/* This wipes out a buffer of bytes if necessary needed. */
-
-#ifndef lbnMemWipe
-#if BNSECURE
-void lbnMemWipe(void *ptr, unsigned bytes);
-#else
-#define lbnMemWipe(ptr, bytes) (void)(ptr,bytes)
-#endif
-#endif /* !lbnMemWipe */
-
-/*
- * lbnRealloc is NOT like realloc(); it's endian-sensitive!
- * If lbnMemRealloc is #defined, lbnRealloc will be defined in terms of it.
- * It is legal to pass a NULL pointer to lbnRealloc, although oldbytes
- * will always be sero.
- */
-#ifndef lbnRealloc
-void *lbnRealloc(void *ptr, unsigned oldbytes, unsigned newbytes);
-#endif
-
-
-/*
- * These macros are the ones actually used most often in the math library.
- * They take and return pointers to the *end* of the given buffer, and
- * take sizes in terms of words, not bytes.
- *
- * Note that LBNALLOC takes the pointer as an argument instead of returning
- * the value.
- *
- * Note also that these macros are only useable if you have included
- * lbn.h (for the BIG and BIGLITTLE macros), which this file does NOT include.
- */
-
-#define LBNALLOC(p,words) BIGLITTLE( \
- if ( ((p) = lbnMemAlloc((words)*sizeof*(p))) != 0) (p) += (words), \
- (p) = lbnMemAlloc((words) * sizeof*(p)) \
- )
-#define LBNFREE(p,words) lbnMemFree((p) BIG(-(words)), (words) * sizeof*(p))
-#define LBNREALLOC(p,old,new) \
- lbnRealloc(p, (old) * sizeof*(p), (new) * sizeof*(p))
-#define LBNWIPE(p,words) lbnMemWipe((p) BIG(-(words)), (words) * sizeof*(p))
-
+++ /dev/null
-/*
- * Cylink Corporation © 1998
- *
- * This software is licensed by Cylink to the Internet Software Consortium to
- * promote implementation of royalty free public key cryptography within IETF
- * standards. Cylink wishes to expressly thank the contributions of Dr.
- * Martin Hellman, Whitfield Diffie, Ralph Merkle and Stanford University for
- * their contributions to Internet Security. In accordance with the terms of
- * this license, ISC is authorized to distribute and sublicense this software
- * for the practice of IETF standards.
- *
- * The software includes BigNum, written by Colin Plumb and licensed by Philip
- * R. Zimmermann for royalty free use and distribution with Cylink's
- * software. Use of BigNum as a stand alone product or component is
- * specifically prohibited.
- *
- * Disclaimer of All Warranties. THIS SOFTWARE IS BEING PROVIDED "AS IS",
- * WITHOUT ANY EXPRESSED OR IMPLIED WARRANTY OF ANY KIND WHATSOEVER. IN
- * PARTICULAR, WITHOUT LIMITATION ON THE GENERALITY OF THE FOREGOING, CYLINK
- * MAKES NO REPRESENTATION OF THIS SOFTWARE OR ITS FITNESS FOR ANY PARTICULAR
- * PURPOSE.
- *
- * Cylink or its representatives shall not be liable for tort, indirect,
- * special or consequential damages such as loss of profits or loss of
- * goodwill from the use or inability to use the software for any purpose or
- * for any reason whatsoever.
- *
- * EXPORT LAW: Export of the Foundations Suite may be subject to compliance
- * with the rules and regulations promulgated from time to time by the Bureau
- * of Export Administration, United States Department of Commerce, which
- * restrict the export and re-export of certain products and technical data.
- * If the export of the Foundations Suite is controlled under such rules and
- * regulations, then the Foundations Suite shall not be exported or
- * re-exported, directly or indirectly, (a) without all export or re-export
- * licenses and governmental approvals required by any applicable laws, or (b)
- * in violation of any applicable prohibition against the export or re-export
- * of any part of the Foundations Suite. All export licenses for software
- * containing the Foundations Suite are the sole responsibility of the licensee.
- */
-
-#include "lbnppc.h"
-
-/*
- * lbnppc.c - Assembly primitives for the bignum library, PowerPC version.
- *
- * Copyright (c) 1995 Colin Plumb. All rights reserved.
- * For licensing and other legal details, see the file legal.c
- *
- * Register usage during function calls is:
- * r0 - volatile
- * r1 - stack pointer, preserved
- * r2 - TOC pointer, preserved
- * r3 - First argument and return value register
- * r4-r10 - More argument registers, volatile
- * r11-r12 - Volatile
- * r13-r31 - Preserved
- * LR, CTR, XER and MQ are all volatile.
- * LR holds return address on entry.
- *
- * On the PPC 601, unrolling the loops more doesn't seem to speed things
- * up at all. I'd be curious if other chips differed.
- */
-#if __MWERKS__ < 0x800
-
-#include "ppcasm.h" /* PowerPC assembler */
-
-/*
- * MulN1 expects (*out, *in, len, k), count >= 1
- * r3 r4 r5 r6
- */
-static const unsigned mulN1[] = {
- PPC_LWZ(7,4,0), /* Load first word of in in r7 */
- PPC_MULLW(8,7,6), /* Low half of multiply in r8 */
- PPC_MTCTR(5), /* Move len into CTR */
- PPC_ADDIC(0,0,0), /* Clear carry bit for loop */
- PPC_MULHWU(5,7,6), /* High half of multiply in r5 */
- PPC_STW(8,3,0),
- PPC_BC(18,31,7), /* Branch to Label if --ctr == 0 */
-/* Loop: */
- PPC_LWZU(7,4,4), /* r7 = *++in */
- PPC_MULLW(8,7,6), /* r8 = low word of product */
- PPC_ADDE(8,8,5), /* Add carry word r5 and bit CF to r8 */
- PPC_STWU(8,3,4), /* *++out = r8 */
- PPC_MULHWU(5,7,6), /* r5 is high word of product, for carry word */
- PPC_BC(16,31,-5), /* Branch to Loop if --ctr != 0 */
-/* Label: */
- PPC_ADDZE(5,5), /* Add carry flag to r5 */
- PPC_STW(5,3,4), /* out[1] = r5 */
- PPC_BLR()
-};
-
-/*
- * MulAdd1 expects (*out, *in, len, k), count >= 1
- * r3 r4 r5 r6
- */
-static unsigned const mulAdd1[] = {
- PPC_LWZ(7,4,0), /* Load first word of in in r7 */
- PPC_LWZ(0,3,0), /* Load first word of out into r0 */
- PPC_MULLW(8,7,6), /* Low half of multiply in r8 */
- PPC_MTCTR(5), /* Move len into CTR */
- PPC_MULHWU(5,7,6), /* High half of multiply in r5 */
- PPC_ADDC(8,8,0), /* r8 = r8 + r0 */
- PPC_STW(8,3,0), /* Store result to memory */
- PPC_BC(18,31,10), /* Branch to Label if --ctr == 0 */
-/* Loop: */
- PPC_LWZU(7,4,4), /* r7 = *++in */
- PPC_LWZU(0,3,4), /* r0 = *++out */
- PPC_MULLW(8,7,6), /* r8 = low word of product */
- PPC_ADDE(8,8,5), /* Add carry word r5 and carry bit CF to r8 */
- PPC_MULHWU(5,7,6), /* r5 is high word of product, for carry word */
- PPC_ADDZE(5,5), /* Add carry bit from low add to r5 */
- PPC_ADDC(8,8,0), /* r8 = r8 + r0 */
- PPC_STW(8,3,0), /* *out = r8 */
- PPC_BC(16,31,-8), /* Branch to Loop if --ctr != 0 */
-/* Label: */
- PPC_ADDZE(3,5), /* Add carry flag to r5 and move to r3 */
- PPC_BLR()
-};
-
-/*
- * MulSub1 expects (*out, *in, len, k), count >= 1
- * r3 r4 r5 r6
- *
- * Multiply and subtract is rather a pain. If the subtract of the
- * low word of the product from out[i] generates a borrow, we want to
- * increment the carry word (initially in the range 0..0xfffffffe).
- * However, the PPC's carry bit CF is *clear* after a subtract, so
- * we want to add (1-CF) to the carry word. This is done using two
- * instructions:
- *
- * SUBFME, subtract from minus one extended. This computes
- * rD = ~rS + 0xffffffff + CF. Since rS is from 0 to 0xfffffffe,
- * ~rS is from 1 through 0xffffffff, and the sum with 0xffffffff+CF is
- * from 0 through 0xfffffffff, setting the carry flag unconditionally, and
- * NOR, which is used as a bitwise invert NOT instruction.
- *
- * The SUBFME performs the computation rD = ~rS + 0xffffffff + CF,
- * = (-rS - 1) + (CF - 1) = -(rS - CF + 1) - 1 = ~(rS + 1-CF),
- * which is the bitwise complement of the value we want.
- * We want to add the complement of that result to the low word of the
- * product, which is just what a subtract would do, if only we could get
- * the carry flag clear. But it's always set, except for SUBFE, and the
- * operation we just performed unconditionally *sets* the carry flag. Ugh.
- * So find the complement in a separate instruction.
- */
-static unsigned const mulSub1[] = {
- PPC_LWZ(7,4,0), /* Load first word of in in r7 */
- PPC_LWZ(0,3,0), /* Load first word of out into r0 */
- PPC_MTCTR(5), /* Move len into CTR */
- PPC_MULLW(8,7,6), /* Low half of multiply in r8 */
- PPC_MULHWU(5,7,6), /* High half of multiply in r5 */
- PPC_SUBFC(8,8,0), /* r8 = r0 - r8, setting CF */
- PPC_STW(8,3,0), /* Store result to memory */
- PPC_SUBFME(5,5), /* First of two insns to add (1-CF) to r5 */
- PPC_BC(18,31,12), /* Branch to Label if --ctr == 0 */
-/* Loop: */
- PPC_LWZU(7,4,4), /* r7 = *++in */
- PPC_LWZU(0,3,4), /* r0 = *++out */
- PPC_NOR(5,5,5), /* Second of two insns to add (1-CF) to r5 */
- PPC_MULLW(8,7,6), /* r8 = low word of product */
- PPC_ADDC(8,8,5), /* Add carry word r5 to r8 */
- PPC_MULHWU(5,7,6), /* r5 is high word of product, for carry word */
- PPC_ADDZE(5,5), /* Add carry bit from low add to r5 */
- PPC_SUBFC(8,8,0), /* r8 = r0 - r8, setting CF */
- PPC_STW(8,3,0), /* *out = r8 */
- PPC_SUBFME(5,5), /* First of two insns to add (1-CF) to r5 */
- PPC_BC(16,31,-10), /* Branch to Loop if --ctr != 0 */
-/* Label: */
- PPC_NOR(3,5,5), /* Finish adding (1-CF) to r5, store in r3 */
- PPC_BLR()
-};
-
-#if 0
-/*
- * Args: BNWORD32 *n, BNWORD32 const *mod, unsigned mlen, BNWORD32 inv)
- * r3 r4 r5 r6
- * r7, r8 and r9 are the triple-width accumulator.
- * r0 and r10 are temporary registers.
- * r11 and r12 are temporary pointers into n and mod, respectively.
- * r2 (!) is another temporary register.
- */
-static unsigned const montReduce[] = {
- PPC_MTCTR(5), /* ??? */
- PPC_LWZ(7,3,0), /* Load low word of n into r7 */
- PPC_LWZ(10,4,0), /* Fetch low word of mod */
- PPC_MULLW(0,7,6), /* Invert r7 into r0 */
- PPC_STW(0,3,0), /* Store back for future use */
- PPC_MULHWU(8,10,7), /* Get high word of whatnot */
- PPC_MULLW(10,10,7), /* Get low word of it */
- PPC_ADDC(7,7,10), /* Add low word of product to r7 */
- PPC_ADDZE(8,8), /* Add carry to high word */
- PPC_
-
-
- PPC_MULHW(8,7,6),
- PPC_ADDC(7,7,0), /* Add inverse back to r7 */
- PPC_ADDZE(8,8),
- PPC_
-
- PPC_LWZU(
-/* Loop: */
- PPC_LWZU(0,11,4),
- PPC_LWZU(10,23,-4),
- PPC_MULLW(2,0,10),
- PPC_ADDC(7,7,2),
- PPC_MULHWU(0,0,10),
- PPC_ADDE(8,8,0),
- PPC_ADDZE(9,9),
- PPC_BC(16,31,-7), /* Branch to Loop if --ctr != 0 */
-
- PPC_ADDIC_(count,-1),
- PPC_LWZU(0,x,4),
- PPC_ADDC(0,7,0),
- PPC_STW(0,x,0),
- PPC_ADDZE(7,8),
- PPC_ADDZE(8,9),
- PPC_LI(9,0),
- PPC_BC(xx,2,yy),
-
-};
-#endif
-
-/*
- * Three overlapped transition vectors for three functions.
- * A PowerPC transition vector for a (potentially) inter-module
- * jump or call consists of two words, an instruction address
- * and a Table Of Contents (TOC) pointer, which is loaded into
- * r1. Since none of the routines here have global variables,
- * they don't need a TOC pointer, so the value is unimportant.
- * This array places an unintersting 32-bit value after each address.
- */
-unsigned const * const lbnPPC_tv[] = {
- mulN1,
- mulAdd1,
- mulSub1,
- 0
-};
-
-#else /* __MWERKS >= 0x800 */
-
-/*
- * MulN1 expects (*out, *in, len, k), count >= 1
- * r3 r4 r5 r6
- */
-asm void
-lbnMulN1_32(register unsigned *out, register unsigned const *in,
- register unsigned len, register unsigned k)
-{
- lwz r7,0(in) /* Load first word of in in r7 */
- mtctr len /* Move len into CTR */
- mullw r8,r7,k /* Low half of multiply in r8 */
- addic r0,r0,0 /* Clear carry bit for loop */
- mulhwu len,r7,k /* High half of multiply in len */
- stw r8,0(out) /* *out = r8 */
- mulhwu len,r7,k /* len is high word of product, for carry */
- bdz- label /* Branch to Label if --ctr == 0 */
-loop:
- lwzu r7,4(in) /* r7 = *++in */
- mullw r8,r7,k /* Low half of multiply in r8 */
- adde r8,r8,len /* Add carry word len and bit CF to r8 */
- stwu r8,4(out) /* *++out = r8 */
- mulhwu len,r7,k /* len is high word of product, for carry */
- bdnz+ loop /* Branch to Loop if --ctr != 0 */
-label:
- addze len,len /* Add carry flag to carry word */
- stw len,4(out)
- blr
-}
-
-/*
- * MulAdd1 expects (*out, *in, len, k), count >= 1
- * r3 r4 r5 r6
- */
-asm unsigned
-lbnMulAdd1_32(register unsigned *out, register unsigned const *in,
- register unsigned len, register unsigned k)
-{
- lwz r7,0(in) /* Load first word of in in r7 */
- lwz r0,0(out) /* Load first word of out into r0 */
- mullw r8,r7,k /* Low half of multiply in r8 */
- mtctr len /* Move len into CTR */
- mulhwu len,r7,k /* High half of multiply in len */
- addc r8,r8,r0 /* r8 = r8 + r0 */
- stw r8,0(out) /* Store result to memory */
- bdz- label /* Branch to Label if --ctr == 0 */
-loop:
- lwzu r7,4(in) /* r7 = *++in */
- lwzu r0,4(out) /* r0 = *++out */
- mullw r8,r7,k /* r8 = low word of product */
- adde r8,r8,len /* Add carry word len and carry bit CF to r8 */
- mulhwu len,r7,k /* len is high word of product, for carry */
- addze len,len /* Add carry bit from low add to r5 */
- addc r8,r8,r0 /* r8 = r8 + r0 */
- stw r8,0(out) /* *out = r8 */
- bdnz+ loop /* Branch to Loop if --ctr != 0 */
-label:
- addze r3,r5 /* Add carry flag to r5 and move to r3 */
- blr
-}
-
-/*
- * MulSub1 expects (*out, *in, len, k), count >= 1
- * r3 r4 r5 r6
- *
- * Multiply and subtract is rather a pain. If the subtract of the
- * low word of the product from out[i] generates a borrow, we want to
- * increment the carry word (initially in the range 0..0xfffffffe).
- * However, the PPC's carry bit CF is *clear* after a subtract, so
- * we want to add (1-CF) to the carry word. This is done using two
- * instructions:
- *
- * SUBFME, subtract from minus one extended. This computes
- * rD = ~rS + 0xffffffff + CF. Since rS is from 0 to 0xfffffffe,
- * ~rS is from 1 through 0xffffffff, and the sum with 0xffffffff+CF is
- * from 0 through 0xfffffffff, setting the carry flag unconditionally, and
- * NOR, which is used as a bitwise invert NOT instruction.
- *
- * The SUBFME performs the computation rD = ~rS + 0xffffffff + CF,
- * = (-rS - 1) + (CF - 1) = -(rS - CF + 1) - 1 = ~(rS + 1-CF),
- * which is the bitwise complement of the value we want.
- * We want to add the complement of that result to the low word of the
- * product, which is just what a subtract would do, if only we could get
- * the carry flag clear. But it's always set, except for SUBFE, and the
- * operation we just performed unconditionally *sets* the carry flag. Ugh.
- * So find the complement in a separate instruction.
- */
-asm unsigned
-lbnMulSub1_32(register unsigned *out, register unsigned const *in,
- register unsigned len, register unsigned k)
-{
- lwz r7,0(in) /* Load first word of in in r7 */
- lwz r0,0(out) /* Load first word of out into r0 */
- mtctr len /* Move len into CTR */
- mullw r8,r7,k /* Low half of multiply in r8 */
- mulhwu len,r7,k /* High half of multiply in len */
- subfc r8,r8,r0 /* r8 = r0 - r8, setting CF */
- stw r8,0(out) /* Store result to memory */
- subfme len,len /* First of two insns to add (1-CF) to len */
- bdz- label /* Branch to Label if --ctr == 0 */
-loop:
- lwzu r7,4(in) /* r7 = *++in */
- lwzu r0,4(out) /* r0 = *++out */
- nor len,len,len /* Second of two insns to add (1-CF) to len */
- mullw r8,r7,k /* r8 = low word of product */
- addc r8,r8,len /* Add carry word len to r8 */
- mulhwu len,r7,k /* len is high word of product, for carry */
- addze len,len /* Add carry bit from low add to len */
- subfc r8,r8,r0 /* r8 = r0 - r8 */
- stw r8,0(out) /* *out = r8 */
- subfme len,len /* First of two insns to add (1-CF) to len */
- bdnz+ loop /* Branch to Loop if --ctr != 0 */
-label:
- nor r3,r5,r5 /* Finish adding (1-CF) to len, store in r3 */
- blr
-}
-
-#endif /* __MWERKS >= 0x800 */
-/* 45678901234567890123456789012345678901234567890123456789012345678901234567 */
+++ /dev/null
-#ifndef LBNPPC_H
-#define LBNPPC_H
-/*
- * Cylink Corporation © 1998
- *
- * This software is licensed by Cylink to the Internet Software Consortium to
- * promote implementation of royalty free public key cryptography within IETF
- * standards. Cylink wishes to expressly thank the contributions of Dr.
- * Martin Hellman, Whitfield Diffie, Ralph Merkle and Stanford University for
- * their contributions to Internet Security. In accordance with the terms of
- * this license, ISC is authorized to distribute and sublicense this software
- * for the practice of IETF standards.
- *
- * The software includes BigNum, written by Colin Plumb and licensed by Philip
- * R. Zimmermann for royalty free use and distribution with Cylink's
- * software. Use of BigNum as a stand alone product or component is
- * specifically prohibited.
- *
- * Disclaimer of All Warranties. THIS SOFTWARE IS BEING PROVIDED "AS IS",
- * WITHOUT ANY EXPRESSED OR IMPLIED WARRANTY OF ANY KIND WHATSOEVER. IN
- * PARTICULAR, WITHOUT LIMITATION ON THE GENERALITY OF THE FOREGOING, CYLINK
- * MAKES NO REPRESENTATION OF THIS SOFTWARE OR ITS FITNESS FOR ANY PARTICULAR
- * PURPOSE.
- *
- * Cylink or its representatives shall not be liable for tort, indirect,
- * special or consequential damages such as loss of profits or loss of
- * goodwill from the use or inability to use the software for any purpose or
- * for any reason whatsoever.
- *
- * EXPORT LAW: Export of the Foundations Suite may be subject to compliance
- * with the rules and regulations promulgated from time to time by the Bureau
- * of Export Administration, United States Department of Commerce, which
- * restrict the export and re-export of certain products and technical data.
- * If the export of the Foundations Suite is controlled under such rules and
- * regulations, then the Foundations Suite shall not be exported or
- * re-exported, directly or indirectly, (a) without all export or re-export
- * licenses and governmental approvals required by any applicable laws, or (b)
- * in violation of any applicable prohibition against the export or re-export
- * of any part of the Foundations Suite. All export licenses for software
- * containing the Foundations Suite are the sole responsibility of the licensee.
- */
-
-
-/*
- * Assembly-language routines for the Power PC processor.
- * Annoyingly, the Power PC does not have 64/32->32 bit divide,
- * so the C code should be reasonably fast. But it does have
- * 32x32->64-bit multiplies, and these routines provide access
- * to that.
- *
- * In versions of CodeWarrior before 8.0, there was no PPC assembler,
- * so a kludged-up one in CPP is used. This requires casting an
- * array of unsigneds to function pointer type, and a function pointer
- * is not a pointer to the code, but rather a pointer to a (code,TOC)
- * pointer pair which we fake up.
- *
- * CodeWarrior 8.0 supports PCC assembly, which is used directly.
- */
-
-/*
- * Bignums are stored in arrays of 32-bit words, and the least
- * significant 32-bit word has the lowest address, thus "little-endian".
- * The C code is slightly more efficient this way, so unless the
- * processor cares (the PowerPC, like most RISCs, doesn't), it is
- * best to use BN_LITTLE_ENDIAN.
- * Note that this has NOTHING to do with the order of bytes within a 32-bit
- * word; the math library is insensitive to that.
- */
-#define BN_LITTLE_ENDIAN 1
-
-typedef unsigned bnword32;
-#define BNWORD32 bnword32
-
-#if __MWERKS__ < 0x800
-
-/* Shared transition vector array */
-extern unsigned const * const lbnPPC_tv[];
-
-/* A function pointer on the PowerPC is a pointer to a transition vector */
-#define lbnMulN1_32 \
-((void (*)(bnword32 *, bnword32 const *, unsigned, bnword32))(lbnPPC_tv+0))
-#define lbnMulAdd1_32 \
-((bnword32 (*)(bnword32 *, bnword32 const *, unsigned, bnword32))(lbnPPC_tv+1))
-#define lbnMulSub1_32 \
-((bnword32 (*)(bnword32 *, bnword32 const *, unsigned, bnword32))(lbnPPC_tv+2))
-
-#else /* __MWERKS__ >= 0x800 */
-
-void lbnMulN1_32(bnword32 *, bnword32 const *, unsigned, bnword32);
-#define lbnMulN1_32 lbnMulN1_32
-bnword32 lbnMulAdd1_32(bnword32 *, bnword32 const *, unsigned, bnword32);
-#define lbnMulAdd1_32 lbnMulAdd1_32
-bnword32 lbnMulSub1_32(bnword32 *, bnword32 const *, unsigned, bnword32);
-#define lbnMulSub1_32 lbnMulSub1_32
-
-#endif /* __MWERKS__ >= 0x800 */
-
-#endif /* LBNPPC_H */
+++ /dev/null
-/*
- * Cylink Corporation © 1998
- *
- * This software is licensed by Cylink to the Internet Software Consortium to
- * promote implementation of royalty free public key cryptography within IETF
- * standards. Cylink wishes to expressly thank the contributions of Dr.
- * Martin Hellman, Whitfield Diffie, Ralph Merkle and Stanford University for
- * their contributions to Internet Security. In accordance with the terms of
- * this license, ISC is authorized to distribute and sublicense this software
- * for the practice of IETF standards.
- *
- * The software includes BigNum, written by Colin Plumb and licensed by Philip
- * R. Zimmermann for royalty free use and distribution with Cylink's
- * software. Use of BigNum as a stand alone product or component is
- * specifically prohibited.
- *
- * Disclaimer of All Warranties. THIS SOFTWARE IS BEING PROVIDED "AS IS",
- * WITHOUT ANY EXPRESSED OR IMPLIED WARRANTY OF ANY KIND WHATSOEVER. IN
- * PARTICULAR, WITHOUT LIMITATION ON THE GENERALITY OF THE FOREGOING, CYLINK
- * MAKES NO REPRESENTATION OF THIS SOFTWARE OR ITS FITNESS FOR ANY PARTICULAR
- * PURPOSE.
- *
- * Cylink or its representatives shall not be liable for tort, indirect,
- * special or consequential damages such as loss of profits or loss of
- * goodwill from the use or inability to use the software for any purpose or
- * for any reason whatsoever.
- *
- * EXPORT LAW: Export of the Foundations Suite may be subject to compliance
- * with the rules and regulations promulgated from time to time by the Bureau
- * of Export Administration, United States Department of Commerce, which
- * restrict the export and re-export of certain products and technical data.
- * If the export of the Foundations Suite is controlled under such rules and
- * regulations, then the Foundations Suite shall not be exported or
- * re-exported, directly or indirectly, (a) without all export or re-export
- * licenses and governmental approvals required by any applicable laws, or (b)
- * in violation of any applicable prohibition against the export or re-export
- * of any part of the Foundations Suite. All export licenses for software
- * containing the Foundations Suite are the sole responsibility of the licensee.
- */
-
-
-/* Force inclusion of this... */
-#include "legal.h"
-volatile const char bnCopyright[] =
- "bnlib 1.0.1 Copyright (c) 1995,1996 Colin Plumb.";
+++ /dev/null
-/*
- * Cylink Corporation © 1998
- *
- * This software is licensed by Cylink to the Internet Software Consortium to
- * promote implementation of royalty free public key cryptography within IETF
- * standards. Cylink wishes to expressly thank the contributions of Dr.
- * Martin Hellman, Whitfield Diffie, Ralph Merkle and Stanford University for
- * their contributions to Internet Security. In accordance with the terms of
- * this license, ISC is authorized to distribute and sublicense this software
- * for the practice of IETF standards.
- *
- * The software includes BigNum, written by Colin Plumb and licensed by Philip
- * R. Zimmermann for royalty free use and distribution with Cylink's
- * software. Use of BigNum as a stand alone product or component is
- * specifically prohibited.
- *
- * Disclaimer of All Warranties. THIS SOFTWARE IS BEING PROVIDED "AS IS",
- * WITHOUT ANY EXPRESSED OR IMPLIED WARRANTY OF ANY KIND WHATSOEVER. IN
- * PARTICULAR, WITHOUT LIMITATION ON THE GENERALITY OF THE FOREGOING, CYLINK
- * MAKES NO REPRESENTATION OF THIS SOFTWARE OR ITS FITNESS FOR ANY PARTICULAR
- * PURPOSE.
- *
- * Cylink or its representatives shall not be liable for tort, indirect,
- * special or consequential damages such as loss of profits or loss of
- * goodwill from the use or inability to use the software for any purpose or
- * for any reason whatsoever.
- *
- * EXPORT LAW: Export of the Foundations Suite may be subject to compliance
- * with the rules and regulations promulgated from time to time by the Bureau
- * of Export Administration, United States Department of Commerce, which
- * restrict the export and re-export of certain products and technical data.
- * If the export of the Foundations Suite is controlled under such rules and
- * regulations, then the Foundations Suite shall not be exported or
- * re-exported, directly or indirectly, (a) without all export or re-export
- * licenses and governmental approvals required by any applicable laws, or (b)
- * in violation of any applicable prohibition against the export or re-export
- * of any part of the Foundations Suite. All export licenses for software
- * containing the Foundations Suite are the sole responsibility of the licensee.
- */
-
-/*
- * ANSI C standard, section 3.5.3: "An object that has volatile-qualified
- * type may be modified in ways unknown to the implementation or have
- * other unknown side effects." Yes, we can't expect a compiler to
- * understand law...
- */
-extern volatile const char bnCopyright[];
+++ /dev/null
-/*
- * Cylink Corporation © 1998
- *
- * This software is licensed by Cylink to the Internet Software Consortium to
- * promote implementation of royalty free public key cryptography within IETF
- * standards. Cylink wishes to expressly thank the contributions of Dr.
- * Martin Hellman, Whitfield Diffie, Ralph Merkle and Stanford University for
- * their contributions to Internet Security. In accordance with the terms of
- * this license, ISC is authorized to distribute and sublicense this software
- * for the practice of IETF standards.
- *
- * The software includes BigNum, written by Colin Plumb and licensed by Philip
- * R. Zimmermann for royalty free use and distribution with Cylink's
- * software. Use of BigNum as a stand alone product or component is
- * specifically prohibited.
- *
- * Disclaimer of All Warranties. THIS SOFTWARE IS BEING PROVIDED "AS IS",
- * WITHOUT ANY EXPRESSED OR IMPLIED WARRANTY OF ANY KIND WHATSOEVER. IN
- * PARTICULAR, WITHOUT LIMITATION ON THE GENERALITY OF THE FOREGOING, CYLINK
- * MAKES NO REPRESENTATION OF THIS SOFTWARE OR ITS FITNESS FOR ANY PARTICULAR
- * PURPOSE.
- *
- * Cylink or its representatives shall not be liable for tort, indirect,
- * special or consequential damages such as loss of profits or loss of
- * goodwill from the use or inability to use the software for any purpose or
- * for any reason whatsoever.
- *
- * EXPORT LAW: Export of the Foundations Suite may be subject to compliance
- * with the rules and regulations promulgated from time to time by the Bureau
- * of Export Administration, United States Department of Commerce, which
- * restrict the export and re-export of certain products and technical data.
- * If the export of the Foundations Suite is controlled under such rules and
- * regulations, then the Foundations Suite shall not be exported or
- * re-exported, directly or indirectly, (a) without all export or re-export
- * licenses and governmental approvals required by any applicable laws, or (b)
- * in violation of any applicable prohibition against the export or re-export
- * of any part of the Foundations Suite. All export licenses for software
- * containing the Foundations Suite are the sole responsibility of the licensee.
- */
-
-/****************************************************************************
-* FILENAME: math.c PRODUCT NAME: CRYPTOGRAPHIC TOOLKIT
-*
-* FILE STATUS:
-*
-* DESCRIPTION: Math Routines for the ToolKit
-*
-* PUBLIC FUNCTIONS:
-*
-* int Sum_big (ord *X,
-* ord *Y,
-* ord *Z,
-* u_int16_t len_X )
-*
-* int Sub_big (ord *X,
-* ord *Y,
-* ord *Z,
-* u_int16_t len_X )
-*
-* void Mul_big( ord *X, ord *Y,ord *XY,
-* u_int16_t lx, u_int16_t ly)
-*
-*
-* PRIVATE FUNCTIONS:
-*
-* REVISION HISTORY:
-*
-* 14 Oct 94 GKL Initial release
-* 26 Oct 94 GKL (alignment for big endian support )
-*
-****************************************************************************/
-
-/****************************************************************************
-* INCLUDE FILES
-****************************************************************************/
-/* bn files */
-#include "port_before.h"
-#include "bn.h"
-/* system files */
-#ifdef VXD
-#include <vtoolsc.h>
-#else
-#include <stdlib.h>
-#include <string.h>
-#endif
-/* program files */
-#include "cylink.h"
-#include "ctk_endian.h"
-#include "toolkit.h"
-#include "port_after.h"
-
-/****************************************************************************
-* NAME: void BigNumInit( void )
-*
-*
-* DESCRIPTION: Initialize BigNum
-*
-* INPUTS:
-* PARAMETERS:
-* OUTPUT:
-* PARAMETERS:
-*
-* RETURN:
-*
-*
-* REVISION HISTORY:
-*
-* 29 Sep 96 Initial release
-*
-****************************************************************************/
-
-void BigNumInit()
-{
-static int bignuminit = 0;
-if(!bignuminit){
- bnInit();
- bignuminit = 1;
- }
-}
-/****************************************************************************
-* NAME: int Sum_big (ord *X,
-* ord *Y,
-* ord *Z,
-* u_int16_t len_X )
-*
-* DESCRIPTION: Compute addition.
-*
-* INPUTS:
-* PARAMETERS:
-* ord *X Pointer to first array
-* ord *Y Pointer to second array
-* int len_X Number of longs in X_l
-* OUTPUT:
-* PARAMETERS:
-* ord *Z Pointer to result arrray
-*
-* RETURN:
-* Carry bit
-*
-* REVISION HISTORY:
-*
-* 24 Sep 94 KPZ Initial release
-* 14 Oct 94 GKL Second version (big endian support)
-*
-****************************************************************************/
-
- int Sum_big (ord *X,
- ord *Y,
- ord *Z,
- u_int16_t len_X )
-{
-
-struct BigNum src2,temp_bn;
-ord *temp;
-BigNumInit();
-
-/*bnInit();
-bnBegin(&src2);
-bnBegin(&temp_bn);
-*/
-temp = (ord *) malloc((len_X*sizeof(ord)) + sizeof(ord));
-temp_bn.size = len_X;
-temp_bn.ptr = temp;
-temp_bn.allocated = len_X + 1;
-
-src2.ptr = Y;
-src2.size = len_X;
-src2.allocated = len_X;
-
-memcpy(temp,X,len_X*sizeof(ord));
-bnAdd(&temp_bn,&src2);
-memcpy(Z,temp_bn.ptr,len_X*sizeof(ord));
-/*bn package increments the size of dest by 1 if the carry bit is 1*/
-free(temp);
-if (temp_bn.size > len_X)
- return 1;
-else
- return 0;
-}
-
- int Sum (ord *X, ord *Y, u_int16_t len_X )
-{
-
-struct BigNum dest,src;
-/*ord *temp;*/
-BigNumInit();
-#if 0
-bnInit();
-bnBegin(&src2);
-bnBegin(&temp_bn);
-
-temp = (ord *) malloc((len_X*sizeof(ord)) + sizeof(ord));
-temp_bn.size = len_X;
-temp_bn.ptr = temp;
-temp_bn.allocated = len_X + 1;
-#endif
-
-dest.ptr = X;
-dest.size = len_X-1;
-dest.allocated = len_X;
-
-src.ptr = Y;
-src.size = len_X;
-src.allocated = len_X;
-
-/*memcpy(temp,X,len_X*sizeof(ord));*/
-bnAdd(&dest,&src);
-/*memcpy(Z,temp_bn.ptr,len_X*sizeof(ord));*/
-/*bn package increments the size of dest by 1 if the carry bit is 1*/
-/*free(temp);*/
-if (dest.size > (u_int16_t)(len_X -1))
- return 1;
-else
- return 0;
-}
-
-
-/****************************************************************************
-* NAME: int Sum_Q(ord *X,
-* u_int16_t src,
-* u_int16_t len_X )
-* DESCRIPTION: Compute addition X += src.
-*
-* INPUTS:
-* PARAMETERS:
-* ord *X Pointer to first array
-* u_int16_t src Second operand must be <65535
-* int len_X Number of ords in X_l
-* OUTPUT:
-* PARAMETERS:
-* ord *X Pointer to result arrray
-*
-* RETURN:
-* SUCCESS or -1
-*
-* REVISION HISTORY:
-*
-* 21 Sep 96 AAB Initial release
-****************************************************************************/
- int Sum_Q(ord *X, u_int16_t src, u_int16_t len_X )
- {
- int status = SUCCESS;
- struct BigNum des;
- BigNumInit();
- /*bnInit();*/
- des.ptr = X;
- des.size = len_X;
- des.allocated = len_X;
- status = bnAddQ(&des, src);
- return status;
- }
-
-
-/****************************************************************************
-* NAME: int Sub_big (ord *X,
-* ord *Y,
-* ord *Z,
-* u_int16_t len_X )
-*
-*
-* DESCRIPTION: Compute subtraction.
-*
-* INPUTS:
-* PARAMETERS:
-* ord *X Pointer to first array
-* ord *Y Pointer to second array
-* u_int16_t len_X Number of longs in X_l
-* OUTPUT:
-* PARAMETERS:
-* ord *Z Pointer to result arrray
-*
-* RETURN:
-* Carry bit
-*
-* REVISION HISTORY:
-*
-* 24 Sep 94 KPZ Initial release
-* 14 Oct 94 GKL Second version (big endian support)
-*
-****************************************************************************/
-
-int Sub_big (ord *X,
- ord *Y,
- ord *Z,
- u_int16_t len_X )
-{
-/* carry is not returned in bn version */
-struct BigNum dest, src;
-int status;
-ord *temp;
-BigNumInit();
-/*bnInit();
-bnBegin(&dest);
-bnBegin(&src);
-*/
-src.ptr = Y;
-src.size = len_X;
-src.allocated = len_X;
-
-temp = (ord*)malloc(len_X*sizeof(ord));
-dest.ptr = temp;
-dest.size = len_X;
-dest.allocated = len_X;
-memcpy(dest.ptr,X,len_X*sizeof(ord));
-
-status = bnSub(&dest,&src);
-memcpy(Z,dest.ptr,len_X*sizeof(ord));
-free(temp);
-return status;
-}
-
-#if 0
-/****************************************************************************
-* NAME: void Mul_big( ord *X, ord *Y, ord *XY,
-* u_int16_t lx, u_int16_t ly)
-*
-*
-*
-* DESCRIPTION: Compute a product.
-*
-* INPUTS:
-* PARAMETERS:
-* ord *X Pointer to first long array
-* ord *Y Pointer to second long array
-* u_int16_t lx Leftmost non zero element of first array
-* u_int16_t ly Leftmost non zero element of second array
-* OUTPUT:
-* PARAMETERS:
-* ord *XY Pointer to result
-*
-* RETURN:
-*
-*
-* REVISION HISTORY:
-*
-* 24 Sep 94 KPZ Initial release
-* 14 Oct 94 GKL Second version (big endian support)
-* 08 Sep 95 AAB Comment out calloc and discard the elements_in_X,
-* elements_in_Y
-****************************************************************************/
-void Mul_big( ord *X, ord *Y, ord *XY,
- u_int16_t lx, u_int16_t ly )
-{
-struct BigNum dest, src1, src2;
-BigNumInit();
-/*bnInit();*/
-bnBegin(&dest);
-/*
-bnBegin(&src1);
-bnBegin(&src2);
-*/
-src1.size = lx + 1;
-src1.ptr = X;
-src1.allocated = lx + 1;
-
-src2.ptr = Y;
-src2.size = ly + 1;
-src2.allocated = ly + 1;
-
-dest.ptr = XY;
-dest.size = lx + ly + 2;
-dest.allocated = lx + ly + 2;
-
-/* Call bn routine */
-bnMul(&dest, &src1,&src2);
-}
-
-#endif
-/****************************************************************************
-* NAME: void Mul_big_1( ord X, ord *Y, ord *XY,
-* u_int16_t lx, u_int16_t ly )
-*
-*
-*
-* DESCRIPTION: Compute a product.
-*
-* INPUTS:
-* PARAMETERS:
-* ord X Number
-* ord *Y Pointer to long array
-* u_int16_t ly Leftmost non zero element of second array
-* OUTPUT:
-* PARAMETERS:
-* ord *XY Pointer to result
-*
-* RETURN:
-*
-*
-* REVISION HISTORY:
-*
-* 08 Oct 95 AAB Initial relaese
-*
-****************************************************************************/
-void Mul_big_1( ord X, ord *Y, ord *XY,
- u_int16_t ly )
-{
-struct BigNum dest, src;
-BigNumInit();
-/*bnInit();
-bnBegin(&dest);
-bnBegin(&src);
-*/
-src.ptr = Y;
-src.size = ly + 1;
-src.allocated = ly + 1;
-
-dest.ptr = XY;
-dest.size = ly + 2;
-dest.allocated = ly + 2;
-
-bnMulQ(&dest, &src, (unsigned)X);
-
-}
-
-/****************************************************************************
-* NAME: int Mul( u_int16_t X_bytes,
-* ord *X,
-* u_int16_t Y_bytes,
-* ord *Y,
-* u_int16_t P_bytes,
-* ord *P,
-* ord *Z )
-*
-* DESCRIPTION: Compute a modulo product
-*
-* INPUTS:
-* PARAMETERS:
-* ord *X Pointer to first operand
-* u_int16_t X_bytes Number of bytes in X
-* ord *Y Pointer to second operand
-* u_int16_t Y_bytes Number of bytes in Y
-* ord *P Pointer to modulo
-* u_int16_t P_bytes Number of bytes in P
-*
-* OUTPUT:
-* PARAMETERS:
-* ord *Z Pointer to result
-*
-* RETURN:
-* SUCCESS No errors
-* ERR_INPUT_LEN Invalid length for input data (zero bytes)
-*
-* REVISION HISTORY:
-*
-* 24 Sep 94 KPZ Initial release
-* 14 Oct 94 GKL Second version (big endian support)
-*
-****************************************************************************/
-
-int Mul( u_int16_t X_bytes,
- ord *X,
- u_int16_t Y_bytes,
- ord *Y,
- u_int16_t P_bytes,
- ord *P,
- ord *Z )
-
-{
- int status = SUCCESS; /*function return status*/
- u_int16_t X_longs; /*number of longs in X*/
- u_int16_t Y_longs; /*number of longs in Y*/
- ord *XY; /*pointer to product (temporary)*/
-
-
-struct BigNum dest, src1,src2, mod;
-BigNumInit();
-/*bnInit();
-bnBegin(&dest);
-bnBegin(&src1);
-bnBegin(&src2);
-bnBegin(&mod);
-*/
-
-src1.size = X_bytes/sizeof(ord);
-src1.ptr = X;
-src1.allocated = X_bytes/sizeof(ord);
-
-src2.size = Y_bytes/sizeof(ord);
-src2.ptr = Y;
-src2.allocated =Y_bytes/sizeof(ord);
-
-mod.size = P_bytes/sizeof(ord);
-mod.ptr = P;
-mod.allocated = P_bytes/sizeof(ord);
-
- if ( P_bytes == 0 || X_bytes == 0 || Y_bytes == 0 )
- {
- status = ERR_INPUT_LEN;
- return status;
- }
- if ( (X_bytes % sizeof(ord) != 0) ||
- (Y_bytes % sizeof(ord) != 0) ||
- (P_bytes % sizeof(ord) != 0) )
- {
- status = ERR_INPUT_LEN;
- return status;
- }
- X_longs = (u_int16_t) (X_bytes / sizeof(ord));
- Y_longs = (u_int16_t) (Y_bytes / sizeof(ord));
- XY = (ord *)calloc( X_longs + Y_longs, sizeof(ord) );
- if( !XY )
- {
- return ERR_ALLOC;
- }
-dest.size = X_longs + Y_longs;
-dest.ptr = XY;
-dest.allocated = X_longs + Y_longs;
-
-bnMul (&dest,&src1,&src2);
-
-status = bnMod(&dest, &dest, &mod);
-memcpy(Z, dest.ptr, P_bytes);
-free( XY );
- return status;
-}
-
-/****************************************************************************
-* NAME: int Square( u_int16_t X_bytes,
-* ord *X,
-* u_int16_t P_bytes,
-* ord *P,
-* ord *Z )
-*
-* DESCRIPTION: Compute a modulo square
-*
-* INPUTS:
-* PARAMETERS:
-* ord *X Pointer to array to be squared
-* u_int16_t X_bytes Number of bytes in X
-* ord *P Pointer to modulo
-* u_int16_t P_bytes Number of bytes in P
-*
-* OUTPUT:
-* PARAMETERS:
-* ord *Z Pointer to result
-*
-* RETURN:
-* SUCCESS No errors
-* ERR_INPUT_LEN Invalid length for input data (zero bytes)
-*
-* REVISION HISTORY:
-*
-* 1 Sep 95 AAB Initial release
-****************************************************************************/
-
-int Square( u_int16_t X_bytes,
- ord *X,
- u_int16_t P_bytes,
- ord *P,
- ord *Z )
-
-{
- int status = SUCCESS; /*function return status*/
-
-ord *XY;
-struct BigNum dest, src, mod;
-BigNumInit();
-/*bnInit();
-bnBegin(&dest);
-bnBegin(&src);
-bnBegin(&mod);
-*/
- if ( P_bytes == 0 || X_bytes == 0 )
- {
- status = ERR_INPUT_LEN;
- return status;
- }
- if ( (X_bytes % sizeof(ord) != 0) ||
- (P_bytes % sizeof(ord) != 0) )
- {
- status = ERR_INPUT_LEN;
- return status;
- }
- XY = (ord *)malloc( 2*X_bytes );
- if( !XY )
- {
- return ERR_ALLOC;
- }
-
-src.size = X_bytes/sizeof(ord);
-src.ptr = X;
-src.allocated = X_bytes/sizeof(ord);
-
-dest.size = 2*X_bytes/sizeof(ord);
-dest.ptr = XY;
-dest.allocated = 2*X_bytes/sizeof(ord);
-
-mod.size = P_bytes/sizeof(ord);
-mod.ptr = P;
-mod.allocated = P_bytes/sizeof(ord);
-
-status = bnSquare(&dest, &src);
-status = bnMod(&dest, &dest, &mod);
-memcpy(Z, dest.ptr, P_bytes);
-free(XY);
-return status;
-}
-
-
-/****************************************************************************
-* NAME: int PartReduct( u_int16_t X_bytes,
-* ord *X,
-* u_int16_t P_bytes,
-* ord *P,
-* ord *Z )
-*
-* DESCRIPTION: Compute a modulo
-*
-* INPUTS:
-* PARAMETERS:
-* ord *X Pointer to array
-* u_int16_t X_bytes Number of bytes in X
-* ord *P Pointer to modulo
-* u_int16_t P_bytes Number of bytes in P
-*
-* OUTPUT:
-* PARAMETERS:
-* ord *Z Pointer to result
-*
-* RETURN:
-* SUCCESS No errors
-* ERR_INPUT_LEN Invalid length for input data (zero bytes)
-* REVISION HISTORY:
-*
-* 24 Sep 94 KPZ Initial release
-* 14 Oct 94 GKL Second version (big endian support)
-*
-****************************************************************************/
-
-int PartReduct( u_int16_t X_bytes,
- ord *X,
- u_int16_t P_bytes,
- ord *P,
- ord *Z )
-{
- int status = SUCCESS; /*function return status */
-
-
-struct BigNum dest, /*src,*/ d;
-ord *temp;
-BigNumInit();
-/*bnInit();
-bnBegin(&dest);
-bnBegin(&src);
-bnBegin(&d);
-
-src.size = X_bytes/sizeof(ord);
-src.ptr = X;
-src.allocated = X_bytes/sizeof(ord);
-*/
-d.size = P_bytes/sizeof(ord);
-d.ptr = P;
-d.allocated = P_bytes/sizeof(ord);
-
-temp = (ord*)malloc(X_bytes);
-dest.size = X_bytes/sizeof(ord);
-dest.ptr = temp;
-dest.allocated = X_bytes/sizeof(ord);
-memcpy(dest.ptr, X, X_bytes);
-
-status = bnMod(&dest, &dest, &d);
-
-memcpy(Z, dest.ptr, P_bytes);
-free(temp);
-
-return status;
-
-}
-
-/****************************************************************************
-* NAME: int Expo( u_int16_t X_bytes,
-* ord *X,
-* u_int16_t Y_bytes,
-* ord *Y,
-* u_int16_t P_bytes,
-* ord *P,
-* ord *Z,
-* YIELD_context *yield_cont )
-*
-* DESCRIPTION: Compute a modulo exponent
-*
-* INPUTS:
-* PARAMETERS:
-* ord *X Pointer to base array
-* u_int16_t X_bytes Number of bytes in base
-* ord *Y Pointer to exponent array
-* u_int16_t Y_bytes Number of bytes in exponent
-* ord *P Pointer to modulo
-* u_int16_t P_bytes Number of bytes in P
-* YIELD_context *yield_cont Pointer to yield_cont structure (NULL if not used)
-*
-* OUTPUT:
-* PARAMETERS:
-* ord *Z Pointer to result
-*
-* RETURN:
-* SUCCESS No errors
-* ERR_INPUT_LEN Invalid length for input data(zero bytes)
-*
-* REVISION HISTORY:
-*
-* 24 Sep 94 KPZ Initial release
-* 14 Oct 94 GKL Second version (big endian support)
-* 08 Dec 94 GKL Added YIELD_context
-* 01 Sep 95 Fast exponentation algorithm
-****************************************************************************/
-
-int Expo( u_int16_t X_bytes, ord *X,
- u_int16_t Y_bytes, ord *Y,
- u_int16_t P_bytes, ord *P,
- ord *Z )
-{
-
-int status = SUCCESS; /*function return status*/
-
-struct BigNum dest, n, exp, mod;
-BigNumInit();
-#if 0
-/*bnInit();*/
-bnBegin(&dest);
-bnBegin(&n);
-bnBegin(&exp);
-bnBegin(&mod);
-#endif
-
-n.size = X_bytes/sizeof(ord);
-n.ptr = X;
-n.allocated = X_bytes/sizeof(ord);
-
-exp.ptr = Y;
-exp.size = Y_bytes/sizeof(ord);
-exp.allocated = Y_bytes/sizeof(ord);
-
-mod.ptr = P;
-mod.size = P_bytes/sizeof(ord);
-mod.allocated = P_bytes/sizeof(ord);
-
-dest.ptr = Z;
-dest.size = P_bytes/sizeof(ord);
-dest.allocated = P_bytes/sizeof(ord);
-
-/* Call bn routine */
-
-status = bnExpMod(&dest, &n,
- &exp, &mod);
-
-return status;
-}
-
-
-/****************************************************************************
-* NAME: int DoubleExpo( u_int16_t X1_bytes,
-* ord *X1,
-* u_int16_t Y1_bytes,
-* ord *Y1,
-* u_int16_t X2_bytes,
-* ord *X2,
-* u_int16_t Y2_bytes,
-* ord *Y2,
-* u_int16_t P_bytes,
-* ord *P,
-* ord *Z)
-*
-* DESCRIPTION: Compute a modulo exponent
-*
-* INPUTS:
-* PARAMETERS:
-* ord *X1 Pointer to first base array
-* u_int16_t X1_bytes Number of bytes in first base
-* ord *Y1 Pointer to first exponent array
-* u_int16_t Y1_bytes Number of bytes in first exponent
-* ord *X2 Pointer to second base array
-* u_int16_t X2_bytes Number of bytes in second base
-* ord *Y2 Pointer to second exponent array
-* u_int16_t Y2_bytes Number of bytes in second exponent ord *P Pointer to modulo
-* ord *P Pointer to modulo
-* u_int16_t P_bytes Number of bytes in
-*
-* OUTPUT:
-* PARAMETERS:
-* ord *Z Pointer to result
-*
-* RETURN:
-* SUCCESS No errors
-* ERR_INPUT_LEN Invalid length for input data(zero bytes)
-*
-* REVISION HISTORY:
-*
-* 21 Aug 96 AAB Initial release
-****************************************************************************/
-
-
-int DoubleExpo( u_int16_t X1_bytes,ord *X1,
- u_int16_t Y1_bytes,ord *Y1,
- u_int16_t X2_bytes,ord *X2,
- u_int16_t Y2_bytes,ord *Y2,
- u_int16_t P_bytes,ord *P,
- ord *Z)
-{
-int status = SUCCESS; /*function return status*/
-struct BigNum res, n1, e1, n2, e2, mod;
-BigNumInit();
-
-n1.size = X1_bytes/sizeof(ord);
-n1.ptr = X1;
-n1.allocated = X1_bytes/sizeof(ord);
-
-e1.size = Y1_bytes/sizeof(ord);
-e1.ptr = Y1;
-e1.allocated = Y1_bytes/sizeof(ord);
-
-n2.size = X2_bytes/sizeof(ord);
-n2.ptr = X2;
-n2.allocated = X2_bytes/sizeof(ord);
-
-e2.size = Y2_bytes/sizeof(ord);
-e2.ptr = Y2;
-e2.allocated = Y2_bytes/sizeof(ord);
-
-mod.ptr = P;
-mod.size = P_bytes/sizeof(ord);
-mod.allocated = P_bytes/sizeof(ord);
-
-res.ptr = Z;
-res.size = P_bytes/sizeof(ord);
-res.allocated = P_bytes/sizeof(ord);
-status = bnDoubleExpMod(&res, &n1, &e1, &n2, &e2, &mod);
-return status;
-}
-
-/****************************************************************************
-* NAME: int Inverse( u_int16_t X_bytes,
-* ord *X,
-* u_int16_t P_bytes,
-* ord *P,
-* ord *Z )
-*
-*
-*
-*
-* DESCRIPTION: Compute a modulo inverse element
-*
-* INPUTS:
-* PARAMETERS:
-* ord *X Pointer to array
-* u_int16_t X_bytes Number of bytes in array
-* ord *P Pointer to modulo
-* u_int16_t P_bytes Number of bytes in P
-*
-* OUTPUT:
-* PARAMETERS:
-* ord *Z Pointer to result
-*
-* RETURN:
-* SUCCESS No errors
-* ERR_INPUT_LEN Invalid length for input data(zero bytes)
-* ERR_INPUT_VALUE Invalid input value
-*
-* REVISION HISTORY:
-*
-* 24 Sep 94 KPZ Initial release
-* 14 Oct 94 GKL Second version (big endian support)
-* 08 Nov 94 GKL Added input parameters check
-* 01 Sep 95 Improve fuction
-****************************************************************************/
-
-int Inverse( u_int16_t X_bytes,
- ord *X,
- u_int16_t P_bytes,
- ord *P,
- ord *Z )
-{
-int status = SUCCESS; /* function return status */
-
-struct BigNum dest, src, mod;
-BigNumInit();
-/*bnInit();
-bnBegin(&dest);
-bnBegin(&src);
-bnBegin(&mod);
-*/
-src.size = X_bytes/sizeof(ord);
-src.ptr = X;
-src.allocated = X_bytes/sizeof(ord);
-
-mod.ptr = P;
-mod.size = P_bytes/sizeof(ord);
-mod.allocated = P_bytes/sizeof(ord);
-
-dest.ptr = Z;
-dest.size = (P_bytes/sizeof(ord)) ;
-dest.allocated = (P_bytes/sizeof(ord)) + 1;
-status = bnInv(&dest,&src,&mod);
-return status;
-}
-
-
-/****************************************************************************
-* NAME: void Add( ord *X,
-* ord *Y,
-* u_int16_t P_len,
-* ord *P,
-* ord *Z )
-
-*
-* DESCRIPTION: Compute modulo addition
-*
-* INPUTS:
-* PARAMETERS:
-* ord *X Pointer to first operand
-* ord *Y Pointer to second operand
-* u_int16_t P_len Length of modulo
-* ord *P Pointer to modulo
-* OUTPUT:
-* ord *Z Pointer to result
-* RETURN:
-*
-* REVISION HISTORY:
-*
-* 24 sep 94 KPZ Initial release
-* 10 Oct 94 KPZ Fixed bugs
-* 14 Oct 94 GKL Second version (big endian support)
-*
-****************************************************************************/
- /*
- int Add( ord *X,
- ord *Y,
- u_int16_t P_len,
- ord *P,
- ord *Z )
-{
- int status = SUCCESS;
- ord *temp;
- struct BigNum dest, src, mod;
-
-bnInit();
-bnBegin(&dest);
-bnBegin(&src);
-bnBegin(&mod);
-
-temp = (ord*)malloc(P_len + sizeof(ord));
-memcpy(temp, X, P_len);
-
-dest.size = P_len/sizeof(ord);
-dest.ptr = temp;
-dest.allocated = P_len/sizeof(ord) + 1;
-
-src.ptr = Y;
-src.size = P_len/sizeof(ord);
-src.allocated = P_len/sizeof(ord);
-
-mod.ptr = P;
-mod.size = P_len/sizeof(ord);
-mod.allocated = P_len/sizeof(ord);
-
-status = bnAdd(&dest,&src);
-status = bnMod(&dest,&dest,&mod);
-memcpy(Z,temp,P_len);
-free(temp);
-return status;
-}
- */
- int Add( ord *X,
- ord *Y,
- u_int16_t P_len,
- ord *P)
-{
- int status = SUCCESS;
-/* ord *temp;*/
- struct BigNum dest, src, mod;
-
-BigNumInit();
-/*bnInit();
-bnBegin(&dest);
-bnBegin(&src);
-bnBegin(&mod);
-*/
-/*
-temp = (ord*)malloc(P_len + sizeof(ord));
-memcpy(temp, X, P_len);
-*/
-dest.size = P_len/sizeof(ord);
-/*dest.ptr = temp;*/
-dest.ptr = X;
-dest.allocated = P_len/sizeof(ord) + 1;
-
-src.ptr = Y;
-src.size = P_len/sizeof(ord);
-src.allocated = P_len/sizeof(ord);
-
-mod.ptr = P;
-mod.size = P_len/sizeof(ord);
-mod.allocated = P_len/sizeof(ord);
-
-status = bnAdd(&dest,&src);
-status = bnMod(&dest,&dest,&mod);
-/*
-memcpy(Z,temp,P_len);
-free(temp);
-*/
-return status;
-}
-
-
-
-
-/****************************************************************************
-* NAME: int SteinGCD( ord *m,
-* ord *b
-* u_int16_t len )
-*
-* DESCRIPTION: Compute great common divisor
-*
-* INPUTS:
-* PARAMETERS:
-* ord *m Pointer to first number
-* ord *b Pointer to second number
-* u_int16_t len Number of elements in number
-* OUTPUT:
-*
-* RETURN:
-* TRUE if gcd != 1
-* FALSE if gcd == 1
-* REVISION HISTORY:
-*
-*
-* 24 Sep 94 KPZ Initial release
-* 14 Oct 94 GKL Second version (big endian support)
-* 01 Sep 95 AAB Speed up
-*
-****************************************************************************/
-
-
-/* test if GCD equal 1 */
-int SteinGCD ( ord *m,
- ord *n,
- u_int16_t len )
-{
-
-int status;
-struct BigNum dest, a, b;
-ord *temp;
-BigNumInit();
-/*bnInit();
-bnBegin(&dest);
-bnBegin(&a);
-bnBegin(&b);
-*/
-a.size = len;
-a.ptr = m;
-a.allocated = len;
-
-b.size = len;
-b.ptr = n;
-b.allocated = len;
-
-temp = (ord*)malloc((len+1)*sizeof(ord));
-dest.size = len;
-dest.ptr = temp;
-dest.allocated = len+1;
-
-status = bnGcd(&dest, &a, &b);
-
-if (*(ord *)(dest.ptr) == 0x01 && dest.size == 1)
- status = 0;
-else
- status = 1;
-
-free(temp);
-
-return status;
-
-}
-
-
-/****************************************************************************
-* NAME: int DivRem( u_int16_t X_bytes,
-* ord *X,
-* u_int16_t P_bytes,
-* ord *P,
-* ord *Z,
-* ord *D)
-*
-* DESCRIPTION: Compute a modulo and quotient
-*
-* INPUTS:
-* PARAMETERS:
-* ord *X Pointer to array
-* u_int16_t X_bytes Number of bytes in X
-* ord *P Pointer to modulo
-* u_int16_t P_bytes Number of bytes in P
-*
-* OUTPUT:
-* PARAMETERS:
-* ord *Z Pointer to result
-* ord *D Pointer to quotient
-* RETURN:
-* SUCCESS No errors
-* ERR_INPUT_LEN Invalid length for input data (zero bytes)
-* REVISION HISTORY:
-*
-* 24 Sep 94 KPZ Initial release
-* 10 Oct 94 KPZ Fixed bugs
-* 14 Oct 94 GKL Second version (big endian support)
-*
-****************************************************************************/
-
-int DivRem( u_int16_t X_bytes,
- ord *X,
- u_int16_t P_bytes,
- ord *P,
- ord *Z,
- ord *D)
-{
- int status = SUCCESS; /* function return status */
-
-struct BigNum q, r, /*n,*/ d;
-ord *temp;
-BigNumInit();
-/*bnInit();
-bnBegin(&q);
-bnBegin(&r);
-bnBegin(&n);
-bnBegin(&d);
-
-n.size = X_bytes/sizeof(ord);
-n.ptr = X;
-n.allocated = X_bytes/sizeof(ord);
-*/
-d.size = P_bytes/sizeof(ord);
-d.ptr = P;
-d.allocated = P_bytes/sizeof(ord);
-
-q.size = (X_bytes/sizeof(ord)) - (P_bytes/sizeof(ord)) + 1;
-q.ptr = D;
-q.allocated = (X_bytes/sizeof(ord)) - (P_bytes/sizeof(ord)) + 1;
-
-temp = (ord *)malloc(X_bytes);
-r.size = X_bytes/sizeof(ord);
-r.ptr = temp;
-r.allocated = X_bytes/sizeof(ord);
-memcpy(r.ptr, X, X_bytes);
-
-status = bnDivMod(&q, &r, &r, &d);
-
-memcpy(Z, r.ptr, P_bytes);
-free(temp);
-
-return status;
-
-}
+++ /dev/null
-#ifndef PPCASM_H
-#define PPCASM_H
-/*
- * Cylink Corporation © 1998
- *
- * This software is licensed by Cylink to the Internet Software Consortium to
- * promote implementation of royalty free public key cryptography within IETF
- * standards. Cylink wishes to expressly thank the contributions of Dr.
- * Martin Hellman, Whitfield Diffie, Ralph Merkle and Stanford University for
- * their contributions to Internet Security. In accordance with the terms of
- * this license, ISC is authorized to distribute and sublicense this software
- * for the practice of IETF standards.
- *
- * The software includes BigNum, written by Colin Plumb and licensed by Philip
- * R. Zimmermann for royalty free use and distribution with Cylink's
- * software. Use of BigNum as a stand alone product or component is
- * specifically prohibited.
- *
- * Disclaimer of All Warranties. THIS SOFTWARE IS BEING PROVIDED "AS IS",
- * WITHOUT ANY EXPRESSED OR IMPLIED WARRANTY OF ANY KIND WHATSOEVER. IN
- * PARTICULAR, WITHOUT LIMITATION ON THE GENERALITY OF THE FOREGOING, CYLINK
- * MAKES NO REPRESENTATION OF THIS SOFTWARE OR ITS FITNESS FOR ANY PARTICULAR
- * PURPOSE.
- *
- * Cylink or its representatives shall not be liable for tort, indirect,
- * special or consequential damages such as loss of profits or loss of
- * goodwill from the use or inability to use the software for any purpose or
- * for any reason whatsoever.
- *
- * EXPORT LAW: Export of the Foundations Suite may be subject to compliance
- * with the rules and regulations promulgated from time to time by the Bureau
- * of Export Administration, United States Department of Commerce, which
- * restrict the export and re-export of certain products and technical data.
- * If the export of the Foundations Suite is controlled under such rules and
- * regulations, then the Foundations Suite shall not be exported or
- * re-exported, directly or indirectly, (a) without all export or re-export
- * licenses and governmental approvals required by any applicable laws, or (b)
- * in violation of any applicable prohibition against the export or re-export
- * of any part of the Foundations Suite. All export licenses for software
- * containing the Foundations Suite are the sole responsibility of the licensee.
- */
-
-/*
- * A PowerPC assembler in the C preprocessor.
- * This assumes that ints are 32 bits, and uses them for the values.
- *
- * An assembly-language routine is simply an array of unsigned ints,
- * initialized with the macros defined here.
- *
- * In the PowerPC, a generic function pointer does *not* point to the
- * first word of code, but to a two (or possibly more) word "transition
- * vector." The first word of the TV points to the function's code.
- * The second word is the function's TOC (Table Of Contents) pointer,
- * which is loaded into r2. The function's global variables are
- * accessed via the TOC pointed to by r2. TOC pointers are changed,
- * for example, when a dynamically linked library is called, so the
- * library can have private global variables.
- *
- * Saving r2 and reloading r2 each function call is a hassle that
- * I'd really rather avoid, since a lot of useful assembly language routines
- * can be written without global variables at all, so they don't need a TOC
- * pointer. But I haven't figured out how to persuade CodeWarrior 7 to
- * generate an intra-TOC call to an array. (CodeWarrior 8 supports
- * PowerPC asm, which obviates the need to do the cast-to-function-pointer
- * trick, which obviates the need for cross-TOC calls.)
- *
- * The basic PowerPC calling conventions for integers are:
- * r0 - scratch. May be modified by function calls.
- * r1 - stack pointer. Must be preserved across function calls.
- * See IMPORTANT notes on stack frame format below.
- * This must *ALWAYS*, at every instruction boundary, be 16-byte
- * aligned and point to a valid stack frame. If a procedure
- * needs to create a stack frame, the recommended way is to do:
- * stwu r1,-frame_size(r1)
- * and on exit, recover with one of:
- * addi r1,r1,frame_size, OR
- * lwz r1,0(r1)
- * r2 - TOC pointer. Points to the current table of contents.
- * Must be preserved across function calls.
- * r3 - First argument register and return value register.
- * Arguments are passed in r3 through r10, and values returned in
- * r3 through r6, as needed. (Usually only r3 for single word.)
- * r4-r10 - More argument registers
- * r11 - Scratch, may be modified by function calls.
- * On entry to indirect function calls, this points to the
- * transition vector, and additional words may be loaded
- * at offsets from it. Some conventions use r12 instead.
- * r12 - Scratch, may be modified by function calls.
- * r13-r31 - Callee-save registers, may not be modified by function
- * calls.
- * The LR, CTR and XER may be modified by function calls, as may the MQ
- * register, on those processors for which it is implemented.
- * CR fields 0, 1, 5, 6 and 7 are scratch and may be modified by function
- * calls. CR fields 2, 3 and 4 must be preserved across function calls.
- *
- * Stack frame format - READ
- *
- * r1 points to a stack frame, which must *ALWAYS*, meaning after each and
- * every instruction, without excpetion, point to a valid 16-byte-aligned
- * stack frame, defined as follows:
- * - The 296 bytes below r1 (from -296(r1) to -1(r1)) are the so-called Red
- * Zone reserved for leaf procedures, which may use it without allocating
- * a stack frame and without decrementing r1. The size comes from the room
- * needed to store all the callee-save registers: 19 64-bit integer registers
- * and 18 64-bit floating-point registers. (18+19)*8 = 296. So any
- * procedure can save all the registers it needs to save before creating
- * a stack frame and moving r1.
- * The bytes at -297(r1) and below may be used by interrupt and exception
- * handlers *at any time*. Anything placed there may disappear before
- * the next instruction.
- * The word at 0(r1) is the previous r1, and so on in a linked list.
- * This is the minimum needed to be a valid stack frame, but some other
- * offsets from r1 are preallocated by the calling procedure for the called
- * procedure's use. These are:
- * Offset 0: Link to previous stack frame - saved r1, if the called
- * procedure alters it.
- * Offset 4: Saved CR, if the called procedure alters the callee-save
- * fields. There's no important reason to save it here,
- * but the space is reserved and you might as well use it
- * for its intended purpose unless you have good reason to
- * do otherwise. (This may help some debuggers.)
- * Offset 8: Saved LR, if the called procedure needs to save it for
- * later function return. Saving the LR here helps a debugger
- * track the chain of return addresses on the stack.
- * Note that a called procedure does not need to preserve the
- * LR for it's caller's sake, but it uually wants to preserve
- * the value for its own sake until it finishes and it's
- * time to return. At that point, this is usually loaded
- * back into the LR and the branch accomplished with BLR.
- * However, if you want to be preverse, you could load it
- * into the CTR and use BCTR instead.
- * Offset 12: Reserved to compiler. I can't find what this is for.
- * Offset 16: Reserved to compiler. I can't find what this is for.
- * Offset 20: Saved TOC pointer. In a cross-TOC call, the old TOC (r2)
- * is saved here before r2 is loaded with the new TOC value.
- * Again, it's not important to use this slot for this, but
- * you might as well.
- * Beginning at offset 24 is the argument area. This area is at least 8 words
- * (32 bytes; I don't know what happens with 64 bits) long, and may be longer,
- * up to the length of the longest argument list in a function called by
- * the function which allocated this stack frame. Generally, arguments
- * to functions are passed in registers, but if those functions notice
- * the address of the arguments being taken, the registers are stored
- * into the space reserved for them in this area and then used from memory.
- * Additional arguments that will not fit into registers are also stored
- * here. Variadic functions (like printf) generally start by saving
- * all the integer argument registers from the "..." onwards to this space.
- * For that reason, the space must be large enough to store all the argument
- * registers, even if they're never used.
- * (It could probably be safely shrunk if you're not calling any variadic
- * functions, but be careful!)
- *
- * Offsets above that are private to the calling function and shouldn't
- * be messed with. Generally, what appears there is locals, then saved
- * registers.
- *
- *
- * The floating-point instruction set isn't implemented yet (I'm too
- * lazy, as I don't need it yet), but for when it is, the register
- * usage convention is:
- * FPSCR - Scratch, except for floating point exception enable fields,
- * which should only be modified by functions defined to do so.
- * fr0 - scratch
- * fr1 - first floating point parameter and return value, scratch
- * fr2 - second floating point parameter and return value (if needed), scratch
- * fr3 - third floating point parameter and return value (if needed), scratch
- * fr4 - fourth floating point parameter and return value (if needed), scratch
- * fr5-fr13 - More floating point argument registers, scratch
- * fr14-fr31 - Callee-save registers, may not be modified across a function call
- *
- * Complex values store the real part in the lower-numberd register of a pair.
- * When mixing floating-point and integer arguments, reserve space (one register
- * for single-precision, two for double-precision values) in the integer
- * argument list for the floating-point values. Those integer registers
- * generally have undefined values, UNLESS there is no prototype for the call,
- * in which case they should contain a copy of the floating-point value's
- * bit pattern to cope with wierd software.
- * If the floating point arguments go past the end of the integer registers,
- * they are stored in the argument area as well as being passed in here.
- *
- * After the argument area comes the calling function's private storage.
- * Typically, there are locals, followed by saved GP rgisters, followed
- * by saved FP registers.
- *
- * Suggested instruction for allocating a stack frame:
- * stwu r1,-frame_size(r1)
- * Suggested instructions for deallocating a stack frame:
- * addi r1,r1,frame_size
- * or
- * lwz r1,0(r1)
- * If frame_size is too big, you'll have to load the offset into a temp
- * register, but be sure that r1 is updated atomically.
- *
- *
- * Basic PowerPC instructions look like this:
- *
- * 1 1 1 1 1 1 1 1 1 1 2 2 2 2 2 2 2 2 2 2 3 3
- * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
- * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- * | Opcode | | | | | | | | | | | | | | | | | | | | | | | | | | |
- * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- *
- * Branch instructions look like this:
- *
- * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- * | Opcode | Branch offset |A|L|
- * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- *
- * The L, or LK, or Link bit indicates that the return address for the
- * branch should be copied to the link register (LR).
- * The A, or AA, or absolute address bit, indicates that the address
- * of the current instruction (NOTE: not next instruction!) should NOT
- * be added to the branch offset; it is relative to address 0.
- *
- * Conditional branches looks like this:
- * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- * | Opcode | BO | BI | Branch offset |A|L|
- * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- *
- * The BI field specifies the condition bit of interest (from the CR).
- * The BO field specifies what's interesting. You can branch on a
- * combination of a bit of the condition register and --ctr, the CTR
- * register. Two bits encode the branch condition to use:
- * BRANCH IF
- * 00--- = Bit BI is 0
- * 01--- = Bit BI is 1
- * 1z--- = don't care about bit BI (always true)
- * AND
- * --00- = --ctr != 0
- * --01- = --ctr == 0
- * --1z- = don't decrement ctr (always true)
- * The last bit us used as a branch prediction bit. If set, it reverses
- * the usual backward-branch-taken heuristic.
- *
- * y = branch prediction bit. z = unused, must be 0
- * 0000y - branch if --ctr != 0 && BI == 0
- * don't branch if --ctr == 0 || BI != 0
- * 0001y - branch if --ctr == 0 && BI == 0
- * don't branch if --ctr != 0 || BI != 0
- * 001zy - branch if BI == 0
- * don't branch if BI != 0
- * 0100y - branch if --ctr != 0 && BI != 0
- * don't branch if --ctr == 0 || BI == 0
- * 0101y - branch if --ctr == 0 && BI != 0
- * don't branch if --ctr != 0 || BI == 0
- * 011zy - branch if BI != 0
- * don't branch if BI == 0
- * 1z00y - branch if --ctr != 0
- * don't branch if --ctr == 0
- * 1z01y - branch if --ctr == 0
- * don't branch if --ctr != 0
- * 1z1zz - branch always
- * If y is 1, the usual branch prediction (usually not taken, taken for
- * backwards branches with immediate offsets) is reversed.
- *
- * Instructions with 2 operands and a 16-bit immediate field look like this:
- * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- * | Opcode | D | A | 16-bit immediate value |
- * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- *
- * Now, there are three variations of note. In some instructions, the 16-bit
- * value is sign-extended. In others, it's zero-extended. These are noted
- * below as "simm" (signed immediate) and "uimm", respectively. Also, which
- * field is the destination and which is the source sometimes switches.
- * Sometimes it's d = a OP imm, and sometimes it's a = s OP imm. In the
- * latter cases, the "d" field is referred to as "s" ("source" instead of
- * "destination". These are logical and shift instructions. (Store also
- * refers to the s register, but that's the source of the value to be stored.)
- * The assembly mnemonics, however, always lists the destination first,
- * swapping the order in the instruction if necessary.
- * Third, quite often, if r0 is specified for the source a, then the constant
- * value 0 is used instead. Thus, r0 is of limited use - it can be used for
- * some things, but not all.
- *
- * Instructions with three register operands look like this:
- * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- * | Opcode | D | A | B | Subopcode |C|
- * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- *
- * For most of the instructions of interest the Opcode is 31 and the subopcode
- * determines what the instruction does. For a few instructions (mostly loads
- * and stores), if the A field is 0, the constant 0 is used. The "C"
- * bit (also known as the "RC" bit) controls whether or not the condition
- * codes are updated. If it is set (indicated by a "." suffix on the official
- * PowerPC opcodes, and a "_" suffix on these macros), condition code register
- * field 0 (for integer instructions; field 1 for floating point) is updated
- * to reflect the result of the operation.
- * Some arithmetic instructions use the most significant bit of the subopcode
- * field as an overflow enable bit (o suffix).
- *
- * Then there are the rotate and mask instructions, which have 5 operands, and
- * fill the subopcode field with 2 more 5-bit fields. See below for them.
- *
- * NOTE NOTE NOTE NOTE NOTE NOTE NOTE NOTE NOTE NOTE NOTE NOTE NOTE NOTE NOTE
- * These macros fully parenthesize their arguments, but are not themselves
- * fully parenthesized. They are intended to be used for initializer lists,
- * and if you want to do tricks with their numeric values, wrap them in
- * parentheses.
- */
-
-#define PPC_MAJOR(x) ((x)<<26) /* Major opcode (0..63) */
-#define PPC_MINOR(x) ((x)<<1) /* Minor opcode (0..1023) */
-#define PPC_RC 1 /* Record carry (. suffix, represented as _) */
-#define PPC_OE 1024 /* Overflow enable (o suffix) */
-#define PPC_DEST(reg) ((reg)<<21) /* Dest register field */
-#define PPC_SRCA(reg) ((reg)<<16) /* First source register field */
-#define PPC_SRCB(reg) ((reg)<<11) /* Second source register field */
-#define PPC_AA 2 /* Branch is absolute, relative to address 0 */
-#define PPC_LK 1 /* Branch with link (L suffix) */
-
-/* Unconditional branch (dest is 26 bits, +/- 2^25 bytes) */
-#define PPC_B(dest) PPC_MAJOR(18)|(((dest)<<2) & 0x03fffffc)
-#define PPC_BA(dest) PPC_B(dest)|PPC_AA
-#define PPC_BL(dest) PPC_B(dest)|PPC_LK
-#define PPC_BLA(dest) PPC_B(dest)|PPC_AA|PPC_LK
-
-/* Three-operand instructions */
-#define PPC_TYPE31(minor,d,a,b) \
- PPC_MAJOR(31)|PPC_DEST(d)|PPC_SRCA(a)|PPC_SRCB(b)|PPC_MINOR(minor)
-#define PPC_ADD(d,a,b) PPC_TYPE31(266,d,a,b)
-#define PPC_ADD_(d,a,b) PPC_TYPE31(266,d,a,b)|PPC_RC
-#define PPC_ADDO(d,a,b) PPC_TYPE31(266,d,a,b)|PPC_OE
-#define PPC_ADDO_(d,a,b) PPC_TYPE31(266,d,a,b)|PPC_OE|PPC_RC
-#define PPC_ADDC(d,a,b) PPC_TYPE31(10,d,a,b)
-#define PPC_ADDC_(d,a,b) PPC_TYPE31(10,d,a,b)|PPC_RC
-#define PPC_ADDCO(d,a,b) PPC_TYPE31(10,d,a,b)|PPC_OE
-#define PPC_ADDCO_(d,a,b) PPC_TYPE31(10,d,a,b)|PPC_OE|PPC_RC
-#define PPC_ADDE(d,a,b) PPC_TYPE31(138,d,a,b)
-#define PPC_ADDE_(d,a,b) PPC_TYPE31(138,d,a,b)|PPC_RC
-#define PPC_ADDEO(d,a,b) PPC_TYPE31(138,d,a,b)|PPC_OE
-#define PPC_ADDEO_(d,a,b) PPC_TYPE31(138,d,a,b)|PPC_OE|PPC_RC
-#define PPC_ADDME(d,a) PPC_TYPE31(234,d,a,0)
-#define PPC_ADDME_(d,a) PPC_TYPE31(234,d,a,0)|PPC_RC
-#define PPC_ADDMEO(d,a) PPC_TYPE31(234,d,a,0)|PPC_OE
-#define PPC_ADDMEO_(d,a) PPC_TYPE31(234,d,a,0)|PPC_OE|PPC_RC
-#define PPC_ADDZE(d,a) PPC_TYPE31(202,d,a,0)
-#define PPC_ADDZE_(d,a) PPC_TYPE31(202,d,a,0)|PPC_RC
-#define PPC_ADDZEO(d,a) PPC_TYPE31(202,d,a,0)|PPC_OE
-#define PPC_ADDZEO_(d,a) PPC_TYPE31(202,d,a,0)|PPC_OE|PPC_RC
-#define PPC_AND(a,s,b) PPC_TYPE31(28,s,a,b)
-#define PPC_AND_(a,s,b) PPC_TYPE31(28,s,a,b)|PPC_RC
-#define PPC_ANDC(a,s,b) PPC_TYPE31(60,s,a,b)
-#define PPC_ANDC_(a,s,b) PPC_TYPE31(60,s,a,b)|PPC_RC
-#define PPC_CMP(cr,a,b) PPC_TYPE31(0,(cr)<<2,a,b)
-#define PPC_CMPL(cr,a,b) PPC_TYPE31(32,(cr)<<2,a,b)
-#define PPC_CNTLZW(a,s) PPC_TYPE31(26,s,a,0)
-#define PPC_CNTLZW_(a,s) PPC_TYPE31(26,s,a,0)|PPC_RC
-#define PPC_DCBF(a,b) PPC_TYPE31(86,0,a,b)
-#define PPC_DCBI(a,b) PPC_TYPE31(470,0,a,b)
-#define PPC_DCBST(a,b) PPC_TYPE31(54,0,a,b)
-#define PPC_DCBT(a,b) PPC_TYPE31(278,0,a,b)
-#define PPC_DCBTST(a,b) PPC_TYPE31(246,0,a,b)
-#define PPC_DCBZ(a,b) PPC_TYPE31(1014,0,a,b)
-#define PPC_DIVW(d,a,b) PPC_TYPE31(491,d,a,b)
-#define PPC_DIVW_(d,a,b) PPC_TYPE31(491,d,a,b)|PPC_RC
-#define PPC_DIVWO(d,a,b) PPC_TYPE31(491,d,a,b)|PPC_OE
-#define PPC_DIVWO_(d,a,b) PPC_TYPE31(491,d,a,b)|PPC_OE|PPC_RC
-#define PPC_DIVWU(d,a,b) PPC_TYPE31(459,d,a,b)
-#define PPC_DIVWU_(d,a,b) PPC_TYPE31(459,d,a,b)|PPC_RC
-#define PPC_DIVWUO(d,a,b) PPC_TYPE31(459,d,a,b)|PPC_OE
-#define PPC_DIVWUO_(d,a,b) PPC_TYPE31(459,d,a,b)|PPC_OE|PPC_RC
-#define PPC_EIEIO() PPC_TYPE31(854,0,0,0)
-#define PPC_EQV(a,s,b) PPC_TYPE31(284,s,a,b)
-#define PPC_EQV_(a,s,b) PPC_TYPE31(284,s,a,b)|PPC_RC
-#define PPC_EXTSB(a,s,b) PPC_TYPE31(954,s,a,b)
-#define PPC_EXTSB_(a,s,b) PPC_TYPE31(954,s,a,b)|PPC_RC
-#define PPC_EXTSH(a,s,b) PPC_TYPE31(922,s,a,b)
-#define PPC_EXTSH_(a,s,b) PPC_TYPE31(922,s,a,b)|PPC_RC
-#define PPC_ICBI(a,b) PPC_TYPE31(982,0,a,b)
-#define PPC_ISYNC() PPC_TYPE31(150,0,0,0)
-#define PPC_LBZUX(d,a,b) PPC_TYPE31(119,d,a,b)
-#define PPC_LBZX(d,a,b) PPC_TYPE31(87,d,a,b)
-#define PPC_LHAUX(d,a,b) PPC_TYPE31(375,d,a,b)
-#define PPC_LHAX(d,a,b) PPC_TYPE31(343,d,a,b)
-#define PPC_LHBRX(d,a,b) PPC_TYPE31(790,d,a,b)
-#define PPC_LHZUX(d,a,b) PPC_TYPE31(311,d,a,b)
-#define PPC_LHZX(d,a,b) PPC_TYPE31(279,d,a,b)
-#define PPC_LSWI(d,a,nb) PPC_TYPE31(597,d,a,nb)
-#define PPC_LSWX(d,a,b) PPC_TYPE31(533,d,a,b)
-#define PPC_LSARX(d,a,b) PPC_TYPE31(20,d,a,b)
-#define PPC_LSBRX(d,a,b) PPC_TYPE31(534,d,a,b)
-#define PPC_MCRXR(crd) PPC_TYPE31(512,(crd)<<2,0,0)
-#define PPC_MFCR(d) PPC_TYPE31(19,d,0,0)
-#define PPC_MFSPR(d,spr) PPC_TYPE31(339,d,(spr)&31,(spr)>>5)
-#define PPC_MFTB(d) PPC_TYPE31(371,d,12,8)
-#define PPC_MFTBU(d) PPC_TYPE31(371,d,13,8)
-#define PPC_MTCRF(mask,s) PPC_TYPE31(144,s,0,(mask)&0xff)
-#define PPC_MTSPR(s,spr) PPC_TYPE31(467,s,(spr)&31,(spr)>>5)
-#define PPC_MULHW(d,a,b) PPC_TYPE31(75,d,a,b)
-#define PPC_MULHW_(d,a,b) PPC_TYPE31(75,d,a,b)|PPC_RC
-#define PPC_MULHWU(d,a,b) PPC_TYPE31(11,d,a,b)
-#define PPC_MULHWU_(d,a,b) PPC_TYPE31(11,d,a,b)|PPC_RC
-#define PPC_MULLW(d,a,b) PPC_TYPE31(235,d,a,b)
-#define PPC_MULLW_(d,a,b) PPC_TYPE31(235,d,a,b)|PPC_RC
-#define PPC_MULLWO(d,a,b) PPC_TYPE31(235,d,a,b)|PPC_OE
-#define PPC_MULLWO_(d,a,b) PPC_TYPE31(235,d,a,b)|PPC_OE|PPC_RC
-#define PPC_NAND(a,s,b) PPC_TYPE31(476,s,a,b)
-#define PPC_NAND_(a,s,b) PPC_TYPE31(476,s,a,b)|PPC_RC
-#define PPC_NEG(d,a) PPC_TYPE31(104,d,a,b)
-#define PPC_NEG_(d,a) PPC_TYPE31(104,d,a,b)|PPC_RC
-#define PPC_NEGO(d,a) PPC_TYPE31(104,d,a,b)|PPC_OE
-#define PPC_NEGO_(d,a) PPC_TYPE31(104,d,a,b)|PPC_OE|PPC_RC
-#define PPC_NOR(a,s,b) PPC_TYPE31(124,s,a,b)
-#define PPC_NOR_(a,s,b) PPC_TYPE31(124,s,a,b)|PPC_RC
-#define PPC_OR(a,s,b) PPC_TYPE31(444,s,a,b)
-#define PPC_OR_(a,s,b) PPC_TYPE31(444,s,a,b)|PPC_RC
-#define PPC_ORC(a,s,b) PPC_TYPE31(412,s,a,b)
-#define PPC_ORC_(a,s,b) PPC_TYPE31(412,s,a,b)|PPC_RC
-#define PPC_SLW(a,s,b) PPC_TYPE31(24,s,a,b)
-#define PPC_SLW_(a,s,b) PPC_TYPE31(24,s,a,b)|PPC_RC
-#define PPC_SRAW(a,s,b) PPC_TYPE31(792,s,a,b)
-#define PPC_SRAW_(a,s,b) PPC_TYPE31(792,s,a,b)|PPC_RC
-#define PPC_SRAWI(a,s,sh) PPC_TYPE31(824,s,a,sh)
-#define PPC_SRAWI_(a,s,sh) PPC_TYPE31(824,s,a,sh)|PPC_RC
-#define PPC_SRW(a,s,b) PPC_TYPE31(536,s,a,b)
-#define PPC_SRW_(a,s,b) PPC_TYPE31(536,s,a,b)|PPC_RC
-#define PPC_STBUX(s,a,b) PPC_TYPE31(247,s,a,b)
-#define PPC_STBX(s,a,b) PPC_TYPE31(215,s,a,b)
-#define PPC_STHBRX(s,a,b) PPC_TYPE31(918,s,a,b)
-#define PPC_STHUX(s,a,b) PPC_TYPE31(439,s,a,b)
-#define PPC_STHX(s,a,b) PPC_TYPE31(407,s,a,b)
-#define PPC_STSWI(s,a,nb) PPC_TYPE31(725,s,a,nb)
-#define PPC_STSWX(s,a,b) PPC_TYPE31(661,s,a,b)
-#define PPC_STWBRX(s,a,b) PPC_TYPE31(662,s,a,b)
-#define PPC_STWCX_(s,a,b) PPC_TYPE31(150,s,a,b)|PPC_RC
-#define PPC_STWUX(s,a,b) PPC_TYPE31(183,s,a,b)
-#define PPC_STWX(s,a,b) PPC_TYPE31(151,s,a,b)
-#define PPC_SUBF(d,a,b) PPC_TYPE31(40,d,a,b)
-#define PPC_SUBF_(d,a,b) PPC_TYPE31(40,d,a,b)|PPC_RC
-#define PPC_SUBFO(d,a,b) PPC_TYPE31(40,d,a,b)|PPC_OE
-#define PPC_SUBFO_(d,a,b) PPC_TYPE31(40,d,a,b)|PPC_OE|PPC_RC
-#define PPC_SUB(d,b,a) PPC_SUBF(d,a,b)
-#define PPC_SUB_(d,b,a) PPC_SUBF_(d,a,b)
-#define PPC_SUBO(d,b,a) PPC_SUBFO(d,a,b)
-#define PPC_SUBO_(d,b,a) PPC_SUBFO_(d,a,b)
-#define PPC_SUBFC(d,a,b) PPC_TYPE31(8,d,a,b)
-#define PPC_SUBFC_(d,a,b) PPC_TYPE31(8,d,a,b)|PPC_RC
-#define PPC_SUBFCO(d,a,b) PPC_TYPE31(8,d,a,b)|PPC_OE
-#define PPC_SUBFCO_(d,a,b) PPC_TYPE31(8,d,a,b)|PPC_OE|PPC_RC
-#define PPC_SUBFE(d,a,b) PPC_TYPE31(136,d,a,b)
-#define PPC_SUBFE_(d,a,b) PPC_TYPE31(136,d,a,b)|PPC_RC
-#define PPC_SUBFEO(d,a,b) PPC_TYPE31(136,d,a,b)|PPC_OE
-#define PPC_SUBFEO_(d,a,b) PPC_TYPE31(136,d,a,b)|PPC_OE|PPC_RC
-#define PPC_SUBFME(d,a) PPC_TYPE31(232,d,a,0)
-#define PPC_SUBFME_(d,a) PPC_TYPE31(232,d,a,0)|PPC_RC
-#define PPC_SUBFMEO(d,a) PPC_TYPE31(232,d,a,0)|PPC_OE
-#define PPC_SUBFMEO_(d,a) PPC_TYPE31(232,d,a,0)|PPC_OE|PPC_RC
-#define PPC_SUBFZE(d,a) PPC_TYPE31(200,d,a,0)
-#define PPC_SUBFZE_(d,a) PPC_TYPE31(200,d,a,0)|PPC_RC
-#define PPC_SUBFZEO(d,a) PPC_TYPE31(200,d,a,0)|PPC_OE
-#define PPC_SUBFZEO_(d,a) PPC_TYPE31(200,d,a,0)|PPC_OE|PPC_RC
-#define PPC_SYNC() PPC_TYPE31(598,0,0,0)
-#define PPC_TW(to,a,b) PPC_TYPE31(4,to,a,b)
-#define PPC_XOR(a,s,b) PPC_TYPE31(316,s,a,b)
-
-/* Immediate-operand instructions. Take a 16-bit immediate operand */
-#define PPC_IMM(major,d,a,imm) \
- PPC_MAJOR(major)|PPC_DEST(d)|PPC_SRCA(a)|((imm)&0xffff)
-/* Trap word immediate */
-#define PPV_TWI(to,a,simm) PPC_IMM(3,to,a,simm)
-/* Integer arithmetic */
-#define PPC_MULLI(d,a,simm) PPC_IMM(7,d,a,simm)
-#define PPC_SUBFIC(s,a,simm) PPC_IMM(8,s,a,simm)
-#define PPC_CMPLI(cr,a,uimm) PPC_IMM(10,(cr)<<2,a,uimm)
-#define PPC_CMPI(cr,a,simm) PPC_IMM(11,(cr)<<2,a,simm)
-#define PPC_ADDIC(d,a,simm) PPC_IMM(12,d,a,simm)
-#define PPC_ADDIC_(d,a,simm) PPC_IMM(13,d,a,simm)
-#define PPC_ADDI(d,a,simm) PPC_IMM(14,d,a,simm)
-#define PPC_ADDIS(d,a,simm) PPC_IMM(15,d,a,simm)
-
-/* Conditional branch (dest is 16 bits, +/- 2^15 bytes) */
-#define PPC_BC(bo,bi,dest) PPC_IMM(16,bo,bi,((dest)<<2)&0xfffc)
-#define PPC_BCA(bo,bi,dest) PPC_BC(bo,bi,dest)|PPC_AA
-#define PPC_BCL(bo,bi,dest) PPC_BC(bo,bi,dest)|PPC_LK
-#define PPC_BCLA(bo,bi,dest) PPC_BC(bo,bi,dest)|PPC_AA|PPC_LK
-
-/* Logical operations */
-#define PPC_ORI(a,s,uimm) PPC_IMM(24,s,a,uimm)
-#define PPC_ORIS(a,s,uimm) PPC_IMM(25,s,a,uimm)
-#define PPC_XORI(a,s,uimm) PPC_IMM(26,s,a,uimm)
-#define PPC_XORIS(a,s,uimm) PPC_IMM(27,s,a,uimm)
-#define PPC_ANDI_(a,s,uimm) PPC_IMM(28,s,a,uimm)
-#define PPC_ANDIS(a,s,uimm) PPC_IMM(29,s,a,uimm)
-
-/* Load/store */
-#define PPC_LWZ(d,a,simm) PPC_IMM(32,d,a,simm)
-#define PPC_LWZU(d,a,simm) PPC_IMM(33,d,a,simm)
-#define PPC_LBZ(d,a,simm) PPC_IMM(34,d,a,simm)
-#define PPC_LBZU(d,a,simm) PPC_IMM(35,d,a,simm)
-#define PPC_STW(s,a,simm) PPC_IMM(36,s,a,simm)
-#define PPC_STWU(s,a,simm) PPC_IMM(37,s,a,simm)
-#define PPC_STB(s,a,simm) PPC_IMM(38,s,a,simm)
-#define PPC_STBU(s,a,simm) PPC_IMM(39,s,a,simm)
-#define PPC_LHZ(d,a,simm) PPC_IMM(40,d,a,simm)
-#define PPC_LHZU(d,a,simm) PPC_IMM(41,d,a,simm)
-#define PPC_LHA(d,a,simm) PPC_IMM(42,d,a,simm)
-#define PPC_STH(s,a,simm) PPC_IMM(44,s,a,simm)
-#define PPC_STHU(s,a,simm) PPC_IMM(45,s,a,simm)
-#define PPC_LHAU(d,a,simm) PPC_IMM(43,d,a,simm)
-#define PPC_LMW(d,a,simm) PPC_IMM(46,d,a,simm)
-#define PPC_STMW(s,a,simm) PPC_IMM(47,s,a,simm)
-
-/* Major number = 19 - condition register operations. d, a and b are CR bits */
-#define PPC_TYPE19(minor,d,a,b) \
- PPC_MAJOR(19)|PPC_DEST(d)|PPC_SRCA(a)|PPC_SRCB(b)|PPC_MINOR(minor)
-#define PPC_MCRF(d,s) PPC_TYPE19(0,(d)<<2,(s)<<2,0)
-#define PPC_CRNOR(d,a,b) PPC_TYPE19(33,d,a,b)
-#define PPC_CRANDC(d,a,b) PPC_TYPE19(129,d,a,b)
-#define PPC_CRXOR(d,a,b) PPC_TYPE19(193,d,a,b)
-#define PPC_CRNAND(d,a,b) PPC_TYPE19(225,d,a,b)
-#define PPC_CRAND(d,a,b) PPC_TYPE19(257,d,a,b)
-#define PPC_CREQV(d,a,b) PPC_TYPE19(289,d,a,b)
-#define PPC_CRORC(d,a,b) PPC_TYPE19(417,d,a,b)
-#define PPC_CROR(d,a,b) PPC_TYPE19(449,d,a,b)
-
-/* Indirect conditional branch */
-#define PPC_BCLR(bo,bi) PPC_TYPE19(16,bo,bi,0)
-#define PPC_BCLRL(bo,bi) PPC_TYPE19(16,bo,bi,0)|PPC_LK
-#define PPC_BCCTR(bo,bi) PPC_TYPE19(528,bo,bi,0)
-#define PPC_BCCTRL(bo,bi) PPC_TYPE19(528,bo,bi,0)|PPC_LK
-#define PPC_BLR() PPC_BCLR(20,31)
-#define PPC_BCTR() PPC_BCCTR(20,31)
-
-/* Other */
-#define PPC_RLWIMI(a,s,sh,mb,me) \
- PPC_MAJOR(20)|PPC_DEST(s)|PPC_SRCA(A)|PPC_SRCB(sh)|(mb)<<6|(me)<<1
-#define PPC_RLWIMI_(a,s,sh,mb,me) PPC_RLWIMI(a,s,sh,mb,me)|PPC_RC
-#define PPC_RLWINM(a,s,sh,mb,me) \
- PPC_MAJOR(21)|PPC_DEST(s)|PPC_SRCA(A)|PPC_SRCB(sh)|(mb)<<6|(me)<<1
-#define PPC_RLWINM_(a,s,sh,mb,me) PPC_RLWINM(a,s,sh,mb,me)|PPC_RC
-#define PPC_RLWNM(a,s,b,mb,me) \
- PPC_MAJOR(23)|PPC_DEST(s)|PPC_SRCA(A)|PPC_SRCB(b)|(mb)<<6|(me)<<1
-#define PPC_RLWNM_(a,s,b,mb,me) PPC_RLWNM(a,s,b,mb,me)|PPC_RC
-
-#define PPC_SC() PPC_MAJOR(17)|2
-/* Major number = 63 Floating-point operations (not implemented for now) */
-
-/* Simplified Mnemonics */
-/* Fabricate immediate subtract out of add negative */
-#define PPC_SUBI(d,a,simm) PPC_ADDI(d,a,-(simm))
-#define PPC_SUBIS(d,a,simm) PPC_ADDIS(d,a,-(simm))
-#define PPC_SUBIC(d,a,simm) PPC_ADDIC(d,a,-(simm))
-#define PPC_SUBIC_(d,a,simm) PPC_ADDIC_(d,a,-(simm))
-/* Fabricate subtract out of subtract from */
-#define PPC_SUBC(d,b,a) PPC_SUBFC(d,a,b)
-#define PPC_SUBC_(d,b,a) PPC_SUBFC_(d,a,b)
-#define PPC_SUBCO(d,b,a) PPC_SUBFCO(d,a,b)
-#define PPC_SUBCO_(d,b,a) PPC_SUBFCO_(d,a,b)
-/* Messy compare bits omitted */
-/* Shift and rotate omitted */
-/* Branch coding omitted */
-#define PPC_CRSET(d) PPC_CREQV(d,d,d)
-#define PPC_CRCLR(d) PPC_CRXOR(d,d,d)
-#define PPC_CRMOVE(d,s) PPC_CROR(d,s,s)
-#define PPC_CRNOT(d,s) PPC_CRNOR(d,s,s)
-/* Trap menmonics omitted */
-/* Menmonics for user-accessible SPRs */
-#define PPC_MFXER(d) PPC_MFSPR(d,1)
-#define PPC_MFLR(d) PPC_MFSPR(d,8)
-#define PPC_MFCTR(d) PPC_MFSPR(d,9)
-#define PPC_MTXER(s) PPC_MTSPR(s,1)
-#define PPC_MTLR(s) PPC_MTSPR(s,8)
-#define PPC_MTCTR(s) PPC_MTSPR(s,9)
-/* Recommended mnemonics */
-#define PPC_NOP() PPC_ORI(0,0,0)
-#define PPC_LI(d,simm) PPC_ADDI(d,0,simm)
-#define PPC_LIS(d,simm) PPC_ADDIS(d,0,simm)
-#define PPC_LA(d,a,simm) PPC_ADDI(d,a,simm)
-#define PPC_MR(d,s) PPC_OR(d,s,s)
-#define PPC_NOT(d,s) PPC_NOR(d,s,s)
-#define PPC_MTCR(s) PPC_MTCRF(0xff,s)
-
-#endif /* PPCASM_H */
-
-/* 45678901234567890123456789012345678901234567890123456789012345678901234567 */
+++ /dev/null
-/*
- * Cylink Corporation © 1998
- *
- * This software is licensed by Cylink to the Internet Software Consortium to
- * promote implementation of royalty free public key cryptography within IETF
- * standards. Cylink wishes to expressly thank the contributions of Dr.
- * Martin Hellman, Whitfield Diffie, Ralph Merkle and Stanford University for
- * their contributions to Internet Security. In accordance with the terms of
- * this license, ISC is authorized to distribute and sublicense this software
- * for the practice of IETF standards.
- *
- * The software includes BigNum, written by Colin Plumb and licensed by Philip
- * R. Zimmermann for royalty free use and distribution with Cylink's
- * software. Use of BigNum as a stand alone product or component is
- * specifically prohibited.
- *
- * Disclaimer of All Warranties. THIS SOFTWARE IS BEING PROVIDED "AS IS",
- * WITHOUT ANY EXPRESSED OR IMPLIED WARRANTY OF ANY KIND WHATSOEVER. IN
- * PARTICULAR, WITHOUT LIMITATION ON THE GENERALITY OF THE FOREGOING, CYLINK
- * MAKES NO REPRESENTATION OF THIS SOFTWARE OR ITS FITNESS FOR ANY PARTICULAR
- * PURPOSE.
- *
- * Cylink or its representatives shall not be liable for tort, indirect,
- * special or consequential damages such as loss of profits or loss of
- * goodwill from the use or inability to use the software for any purpose or
- * for any reason whatsoever.
- *
- * EXPORT LAW: Export of the Foundations Suite may be subject to compliance
- * with the rules and regulations promulgated from time to time by the Bureau
- * of Export Administration, United States Department of Commerce, which
- * restrict the export and re-export of certain products and technical data.
- * If the export of the Foundations Suite is controlled under such rules and
- * regulations, then the Foundations Suite shall not be exported or
- * re-exported, directly or indirectly, (a) without all export or re-export
- * licenses and governmental approvals required by any applicable laws, or (b)
- * in violation of any applicable prohibition against the export or re-export
- * of any part of the Foundations Suite. All export licenses for software
- * containing the Foundations Suite are the sole responsibility of the licensee.
- */
-
-/****************************************************************************
-* FILENAME: rand.c PRODUCT NAME: CRYPTOGRAPHIC TOOLKIT
-*
-* FILE STATUS:
-*
-* DESCRIPTION: Cryptographic Toolkit Functions File
-* Random Number Generation Files
-* PUBLIC FUNCTIONS:
-* int InitRand( u_int16_t SEED_bytes, uchar *SEED,
-* uchar *RVAL )
-* int GenRand( u_int16_t A_bytes, uchar *A,
-* uchar *RVAL )
-* int MyGenRand( u_int16_t A_bytes,
-* ord *A,
-* ord *RVAL )
-
-* Copyright (c) Cylink Corporation 1994. All rights reserved.
-*
-* REVISION HISTORY:
-*
-* 24 Sep 94 KPZ Initial release
-* 10 Oct 94 KPZ Added Shamir Key Sharing functions
-* 10 Oct 94 KPZ Modified SHA functions for arbitrary message length
-* 12 Oct 94 KPZ Modified SHA functions (new standard)
-* 14 Oct 94 GKL Second version (big endian support)
-* 26 Oct 94 GKL (alignment for big endian support & ERR_ALLOC)
-*
-****************************************************************************/
-
-/****************************************************************************
-* INCLUDE FILES
-****************************************************************************/
-
-#include "port_before.h"
-
-/* system files */
-#ifdef VXD
-#include <vtoolsc.h>
-#else
-#include <stdlib.h>
-#include <string.h>
-#endif
-
-/* program files */
-#ifdef VXD
-#include "tkvxd.h"
-#endif
-#include "cylink.h"
-#include "ctk_endian.h"
-#include "toolkit.h"
-#include "cencrint.h"
-#include "sha.h"
-
-#include "port_after.h"
-extern u_int16_t DataOrder;
-/****************************************************************************
-* PUBLIC FUNCTIONS DEFINITIONS
-****************************************************************************/
-
-/****************************************************************************
-* NAME: int InitRand( u_int16_t SEED_bytes,
-* uchar *SEED,
-* uchar *RVAL)
-*
-* DESCRIPTION: Initialize Random number Generator
-*
-* INPUTS:
-* PARAMETERS:
-* u_int16_t SEED_bytes Length of SEED
-* uchar *SEED Pointer to SEED value
-*
-* OUTPUT:
-* PARAMETERS:
-* uchar *RVAL Pointer to RVAL
-*
-* RETURN:
-* SUCCESS No errors
-* ERR_INPUT_LEN Invalid length for input data
-* ERR_DATA Generic data error
-* REVISION HISTORY:
-*
-* 24 Sep 94 KPZ Initial release
-*
-****************************************************************************/
-
-int InitRand( u_int16_t SEED_bytes,
- uchar *SEED,
- uchar *RVAL )
-{
- int status = SUCCESS; /* function return status */
- if ( SEED_bytes == 0 )
- {
- status = ERR_INPUT_LEN;
- return status;
- }
- if ( SEED_bytes < SHA_LENGTH )
- {
- status = ERR_DATA;
- return status;
- }
- memcpy( RVAL, SEED, SHA_LENGTH);
- return status;
-}
-
-
-/****************************************************************************
-* NAME: int GenRand( u_int16_t A_bytes,
-* uchar *A,
-* uchar *RVAL)
-*
-* DESCRIPTION: Generate random number.
-*
-* INPUTS:
-* PARAMETERS:
-* u_int16_t A_bytes Length of A
-* uchar *A Pointer to A value
-*
-* OUTPUT:
-* PARAMETERS:
-* uchar *RVAL Pointer to RVAL
-*
-* RETURN:
-* SUCCESS No errors
-* ERR_INPUT_LEN Invalid length for input data
-* ERR_DATA Generic data error
-* ERR_ALLOC Insufficient memory
-* REVISION HISTORY:
-*
-* 24 Sep 94 KPZ Initial release
-* 14 Oct 94 GKL Second version (big endian support)
-* 26 Oct 94 GKL (alignment for big endian support & ERR_ALLOC)
-*
-****************************************************************************/
-int GenRand( u_int16_t A_bytes,
- uchar *A,
- uchar *RVAL )
-{
- int status = SUCCESS; /* function return status */
- ord *RVAL_a;
- SHA_context hash_context; /* SHA context structure */
- uchar M[DSS_LENGTH_MIN]; /* message block */
- uchar hash_result[SHA_LENGTH];
- u_int16_t i;
- u_int16_t sha_block; /* number of sha blocks */
- u_int16_t sha_rem; /* size of last block */
- if ( A_bytes == 0 )
- {
- status = ERR_INPUT_LEN;
- return status;
- }
- sha_block = (u_int16_t) (A_bytes / SHA_LENGTH); /* number of sha blocks */
- sha_rem = (u_int16_t) (A_bytes % SHA_LENGTH); /* size of last block */
- if ( sha_rem == 0 ) /* last block = SHA_LENGTH */
- {
- sha_block--;
- }
- for ( i = 0; i <= sha_block; i++)
- {
- SHAInit ( &hash_context );
- memcpy( M, RVAL, SHA_LENGTH);
- memset( M + SHA_LENGTH, 0, DSS_LENGTH_MIN - SHA_LENGTH );
- if ( (status = SHAUpdate( &hash_context, M, DSS_LENGTH_MIN ))
- != SUCCESS )
- {
- return status; /* error */
- }
- if ( (status=MySHAFinal (&hash_context, hash_result )) != SUCCESS )
- {
- return status; /* error */
- }
-
- BigSwap(RVAL, SHA_LENGTH);
- ALIGN_CALLOC_COPY(RVAL, RVAL_a, SHA_LENGTH);
- if ( status != SUCCESS )
- {
- ALIGN_COPY_FREE(RVAL_a,RVAL,SHA_LENGTH);
- BigSwap(RVAL, SHA_LENGTH);
- return status; /* ERR_ALLOC insufficient memory */
- }
- Sum_Q( RVAL_a, 1, SHA_LENGTH / sizeof(ord) );
- Sum_big( RVAL_a, /* RVAL=RVAL+hash_result*/
- (ord *)hash_result,
- RVAL_a, SHA_LENGTH / sizeof(ord) );
- ALIGN_COPY_FREE(RVAL_a,RVAL,SHA_LENGTH);
- BigSwap(RVAL, SHA_LENGTH);
-#ifdef CTK_BIG_ENDIAN
- ByteSwap(hash_result,SHA_LENGTH);
-#endif
- BigSwap(hash_result, SHA_LENGTH);
- if ( i == sha_block && sha_rem != 0 ) /* last block < SHA_LENGTH*/
- {
- memcpy( A + i * SHA_LENGTH, hash_result,
- sha_rem * sizeof (uchar));
- }
- else /* last block = SHA_LENGTH*/
- {
- memcpy( A + i * SHA_LENGTH, hash_result,
- SHA_LENGTH * sizeof (uchar));
- }
- }
- return status;
-}
-
-
-
-/****************************************************************************
-* NAME: int MyGenRand( u_int16_t A_bytes,
-* ord *A,
-* ord *RVAL)
-*
-* DESCRIPTION: Generate random number.
-*
-* INPUTS:
-* PARAMETERS:
-* u_int16_t A_bytes Length of A
-* ord *A Pointer to A value
-*
-* OUTPUT:
-* PARAMETERS:
-* ord *RVAL Pointer to RVAL
-*
-* RETURN:
-* SUCCESS No errors
-* ERR_INPUT_LEN Invalid length for input data
-* ERR_DATA Generic data error
-* REVISION HISTORY:
-*
-* 24 Sep 94 KPZ Initial release
-* 14 Oct 94 GKL Second version (big endian support)
-*
-****************************************************************************/
-int MyGenRand( u_int16_t A_bytes,
- ord *A,
- ord *RVAL )
-{
- int status = SUCCESS; /* function return status */
- SHA_context hash_context; /* SHA context structure */
- uchar M[DSS_LENGTH_MIN]; /* message block */
- uchar hash_result[SHA_LENGTH];
- u_int16_t i;
- u_int16_t sha_block; /* number of sha blocks */
- u_int16_t sha_rem; /* size of last block */
- if ( A_bytes == 0 )
- {
- status = ERR_INPUT_LEN;
- return status;
- }
- sha_block = (u_int16_t) (A_bytes / SHA_LENGTH); /* number of sha blocks */
- sha_rem = (u_int16_t) (A_bytes % SHA_LENGTH); /* size of last block */
- if ( sha_rem == 0 ) /* last block = SHA_LENGTH */
- {
- sha_block--;
- }
- for ( i = 0; i <= sha_block; i++)
- {
- SHAInit ( &hash_context );
- memcpy( M, RVAL, SHA_LENGTH);
- memset( M + SHA_LENGTH, 0, DSS_LENGTH_MIN - SHA_LENGTH );
- if ( (status = SHAUpdate( &hash_context, M, DSS_LENGTH_MIN ))
- != SUCCESS )
- {
- return status; /* error */
- }
- if ( (status=MySHAFinal (&hash_context, hash_result )) != SUCCESS )
- {
- return status; /* error */
- }
-#ifdef CTK_BIG_ENDIAN
- ByteSwap((uchar*)RVAL,SHA_LENGTH);
-#endif
- BigSwap((uchar*)RVAL, SHA_LENGTH);
- Sum_Q(RVAL, 1,SHA_LENGTH / sizeof(ord));
- Sum_big( RVAL, /* RVAL=RVAL+hash_result*/
- (ord*)hash_result,
- RVAL, SHA_LENGTH / sizeof(ord) );
- BigSwap((uchar*)RVAL, SHA_LENGTH);
-#ifdef CTK_BIG_ENDIAN
- ByteSwap((uchar*)RVAL,SHA_LENGTH);
-#endif
- if ( i == sha_block && sha_rem != 0 ) /* last block < SHA_LENGTH*/
- {
- memcpy( &A[ i*SHA_LENGTH / sizeof(ord)], hash_result,
- sha_rem * sizeof (uchar));
- }
- else /* last block = SHA_LENGTH*/
- {
- memcpy( &A[ i*SHA_LENGTH / sizeof(ord)], hash_result,
- SHA_LENGTH * sizeof (uchar));
- }
- }
- return status;
-}
-
+++ /dev/null
-/*
- * Cylink Corporation © 1998
- *
- * This software is licensed by Cylink to the Internet Software Consortium to
- * promote implementation of royalty free public key cryptography within IETF
- * standards. Cylink wishes to expressly thank the contributions of Dr.
- * Martin Hellman, Whitfield Diffie, Ralph Merkle and Stanford University for
- * their contributions to Internet Security. In accordance with the terms of
- * this license, ISC is authorized to distribute and sublicense this software
- * for the practice of IETF standards.
- *
- * The software includes BigNum, written by Colin Plumb and licensed by Philip
- * R. Zimmermann for royalty free use and distribution with Cylink's
- * software. Use of BigNum as a stand alone product or component is
- * specifically prohibited.
- *
- * Disclaimer of All Warranties. THIS SOFTWARE IS BEING PROVIDED "AS IS",
- * WITHOUT ANY EXPRESSED OR IMPLIED WARRANTY OF ANY KIND WHATSOEVER. IN
- * PARTICULAR, WITHOUT LIMITATION ON THE GENERALITY OF THE FOREGOING, CYLINK
- * MAKES NO REPRESENTATION OF THIS SOFTWARE OR ITS FITNESS FOR ANY PARTICULAR
- * PURPOSE.
- *
- * Cylink or its representatives shall not be liable for tort, indirect,
- * special or consequential damages such as loss of profits or loss of
- * goodwill from the use or inability to use the software for any purpose or
- * for any reason whatsoever.
- *
- * EXPORT LAW: Export of the Foundations Suite may be subject to compliance
- * with the rules and regulations promulgated from time to time by the Bureau
- * of Export Administration, United States Department of Commerce, which
- * restrict the export and re-export of certain products and technical data.
- * If the export of the Foundations Suite is controlled under such rules and
- * regulations, then the Foundations Suite shall not be exported or
- * re-exported, directly or indirectly, (a) without all export or re-export
- * licenses and governmental approvals required by any applicable laws, or (b)
- * in violation of any applicable prohibition against the export or re-export
- * of any part of the Foundations Suite. All export licenses for software
- * containing the Foundations Suite are the sole responsibility of the licensee.
- */
-
-/****************************************************************************
-* FILENAME: cencrint.c PRODUCT NAME: CRYPTOGRAPHIC TOOLKIT
-*
-* FILE STATUS:
-*
-* DESCRIPTION: Cryptographic Toolkit Internal Functions File
-*
-* PRIVATE FUNCTIONS:
-*
-*
-* void shaTransform( u_int32_t *state, uchar *block )
-* void SHAInitK( SHA_context *hash_context )
-* int MySHA( uchar *message, u_int16_t message_bytes,
-* uchar *hash_result )
-* int MySHAFinal( SHA_context *hash_context, uchar *hash_result )
-*
-*
-* Copyright (c) Cylink Corporation 1994. All rights reserved.
-*
-* REVISION HISTORY:
-*
-*
-* 24 Sep 94 KPZ Initial release
-* 10 Oct 94 KPZ Fixed bugs in Add(), DivRem()
-* 12 Oct 94 KPZ Modified shaTransform()
-* 14 Oct 94 GKL Second version (big endian support)
-* 26 Oct 94 GKL (alignment for big endian support & ERR_ALLOC)
-* 08 Nov 94 GKL Added input parameters check to Inverse
-* 08 Dec 94 GKL Added YIELD_context to Expo, VerPrime and GenPrime
-*
-****************************************************************************/
-
-/****************************************************************************
-* INCLUDE FILES
-****************************************************************************/
-
-#include "port_before.h"
-#include <sys/types.h>
-
-/* system files */
-#ifdef VXD
-#include <vtoolsc.h>
-#else
-#include <stdlib.h>
-#include <string.h>
-#include <stdio.h>
-#endif
-
-/* program files */
-#include "cylink.h"
-#include "ctk_endian.h"
-#include "toolkit.h"
-#include "cencrint.h"
-#include "sha.h"
-#include "port_after.h"
-extern u_int16_t DataOrder;
-
-/****************************************************************************
-* NAME: int SHA( uchar *message,
-* u_int16_t message_bytes,
-* uchar *hash_result )
-*
-* DESCRIPTION: Compute a Secure Hash Function.
-*
-* INPUTS:
-* PARAMETERS:
-* uchar *message Pointer to message
-* u_int16_t message_bytes Number of bytes in message
-* uchar *hash_result Pointer to message digest
-*
-* OUTPUT:
-* PARAMETERS:
-* uchar *hash_result Message digest
-*
-* RETURN:
-* SUCCESS No errors
-* ERR_INPUT_LEN Invalid length for input data(zero bytes)
-* REVISION HISTORY:
-*
-* 24 Sep 94 KPZ Initial release
-*
-****************************************************************************/
-
-int SHA( uchar *message,
- u_int16_t message_bytes,
- uchar *hash_result )
-{
- SHA_context hash_context; /* SHA context structure */
- int status = SUCCESS; /* function return status */
- if (message_bytes == 0 )
- {
- status = ERR_INPUT_LEN;
- return status; /* invalid length for input data */
- }
- SHAInit ( &hash_context ); /* initialize SHA */
- if ( (status = SHAUpdate( &hash_context, message, message_bytes ))
- != SUCCESS )
- {
- return status; /* error */
- }
- if ((status=SHAFinal (&hash_context, hash_result)) != SUCCESS )
- {
- return status; /* error */
- }
-
- return status;
-}
-
-/****************************************************************************
-* PRIVATE FUNCTIONS DEFINITIONS
-****************************************************************************/
-
-
-/****************************************************************************
-* NAME: void shaTransform( u_int32_t *state,
-* uchar *block )
-*
-* DESCRIPTION: Perform SHS transformation.
-*
-* INPUTS:
-* PARAMETERS:
-* SHA_context *hash_context Pointer to SHA_context structure
-* OUTPUT:
-*
-* SHA_context *hash_context Pointer to SHA_context structure
-* (updated)
-* REVISION HISTORY:
-*
-* 24 sep 94 KPZ Initial release
-* 12 Oct 94 KPZ Modified buffers copy
-* 14 Oct 94 GKL Second version (big endian support)
-* 1 Sep 95 AAB Speedup the function
-****************************************************************************/
-
- void shaTransform( u_int32_t *state,
- const uchar *block )
-{
- u_int32_t W[80];
- u_int32_t A,B,C,D,E; /*,temp;*/
- memcpy( W, block, 64); /*TKL00201*/
-#ifdef CTK_LITTLE_ENDIAN /*TKL00201*/
- ByteSwap32( (uchar *)W, 64); /*TKL00201*/
-#endif /*TKL00201*/
- /* Expand the 16 words into 80 words */
- expand(16);expand(17);expand(18);expand(19);expand(20);expand(21);
- expand(22);expand(23);expand(24);expand(25);expand(26);expand(27);
- expand(28);expand(29);expand(30);expand(31);expand(32);expand(33);
- expand(34);expand(35);expand(36);expand(37);expand(38);expand(39);
- expand(40);expand(41);expand(42);expand(43);expand(44);expand(45);
- expand(46);expand(47);expand(48);expand(49);expand(50);expand(51);
- expand(52);expand(53);expand(54);expand(55);expand(56);expand(57);
- expand(58);expand(59);expand(60);expand(61);expand(62);expand(63);
- expand(64);expand(65);expand(66);expand(67);expand(68);expand(69);
- expand(70);expand(71);expand(72);expand(73);expand(74);expand(75);
- expand(76);expand(77);expand(78);expand(79);
- /*Set up first buffer*/
- A = state[0];
- B = state[1];
- C = state[2];
- D = state[3];
- E = state[4];
-
- /* Heavy mangling, in 4 sub-rounds of 20 iterations each. */
- subRound( A, B, C, D, E, f1, k1SHA, W[ 0] );
- subRound( E, A, B, C, D, f1, k1SHA, W[ 1] );
- subRound( D, E, A, B, C, f1, k1SHA, W[ 2] );
- subRound( C, D, E, A, B, f1, k1SHA, W[ 3] );
- subRound( B, C, D, E, A, f1, k1SHA, W[ 4] );
- subRound( A, B, C, D, E, f1, k1SHA, W[ 5] );
- subRound( E, A, B, C, D, f1, k1SHA, W[ 6] );
- subRound( D, E, A, B, C, f1, k1SHA, W[ 7] );
- subRound( C, D, E, A, B, f1, k1SHA, W[ 8] );
- subRound( B, C, D, E, A, f1, k1SHA, W[ 9] );
- subRound( A, B, C, D, E, f1, k1SHA, W[10] );
- subRound( E, A, B, C, D, f1, k1SHA, W[11] );
- subRound( D, E, A, B, C, f1, k1SHA, W[12] );
- subRound( C, D, E, A, B, f1, k1SHA, W[13] );
- subRound( B, C, D, E, A, f1, k1SHA, W[14] );
- subRound( A, B, C, D, E, f1, k1SHA, W[15] );
- subRound( E, A, B, C, D, f1, k1SHA, W[16] );
- subRound( D, E, A, B, C, f1, k1SHA, W[17] );
- subRound( C, D, E, A, B, f1, k1SHA, W[18] );
- subRound( B, C, D, E, A, f1, k1SHA, W[19] );
-
- subRound( A, B, C, D, E, f2, k2SHA, W[20]);
- subRound( E, A, B, C, D, f2, k2SHA, W[21]);
- subRound( D, E, A, B, C, f2, k2SHA, W[22]);
- subRound( C, D, E, A, B, f2, k2SHA, W[23]);
- subRound( B, C, D, E, A, f2, k2SHA, W[24]);
- subRound( A, B, C, D, E, f2, k2SHA, W[25]);
- subRound( E, A, B, C, D, f2, k2SHA, W[26]);
- subRound( D, E, A, B, C, f2, k2SHA, W[27]);
- subRound( C, D, E, A, B, f2, k2SHA, W[28]);
- subRound( B, C, D, E, A, f2, k2SHA, W[29]);
- subRound( A, B, C, D, E, f2, k2SHA, W[30]);
- subRound( E, A, B, C, D, f2, k2SHA, W[31]);
- subRound( D, E, A, B, C, f2, k2SHA, W[32]);
- subRound( C, D, E, A, B, f2, k2SHA, W[33]);
- subRound( B, C, D, E, A, f2, k2SHA, W[34]);
- subRound( A, B, C, D, E, f2, k2SHA, W[35]);
- subRound( E, A, B, C, D, f2, k2SHA, W[36]);
- subRound( D, E, A, B, C, f2, k2SHA, W[37]);
- subRound( C, D, E, A, B, f2, k2SHA, W[38]);
- subRound( B, C, D, E, A, f2, k2SHA, W[39]);
-
- subRound( A, B, C, D, E, f3, k3SHA, W[40]);
- subRound( E, A, B, C, D, f3, k3SHA, W[41]);
- subRound( D, E, A, B, C, f3, k3SHA, W[42]);
- subRound( C, D, E, A, B, f3, k3SHA, W[43]);
- subRound( B, C, D, E, A, f3, k3SHA, W[44]);
- subRound( A, B, C, D, E, f3, k3SHA, W[45]);
- subRound( E, A, B, C, D, f3, k3SHA, W[46]);
- subRound( D, E, A, B, C, f3, k3SHA, W[47]);
- subRound( C, D, E, A, B, f3, k3SHA, W[48]);
- subRound( B, C, D, E, A, f3, k3SHA, W[49]);
- subRound( A, B, C, D, E, f3, k3SHA, W[50]);
- subRound( E, A, B, C, D, f3, k3SHA, W[51]);
- subRound( D, E, A, B, C, f3, k3SHA, W[52]);
- subRound( C, D, E, A, B, f3, k3SHA, W[53]);
- subRound( B, C, D, E, A, f3, k3SHA, W[54]);
- subRound( A, B, C, D, E, f3, k3SHA, W[55]);
- subRound( E, A, B, C, D, f3, k3SHA, W[56]);
- subRound( D, E, A, B, C, f3, k3SHA, W[57]);
- subRound( C, D, E, A, B, f3, k3SHA, W[58]);
- subRound( B, C, D, E, A, f3, k3SHA, W[59]);
-
- subRound( A, B, C, D, E, f4, k4SHA, W[60]);
- subRound( E, A, B, C, D, f4, k4SHA, W[61]);
- subRound( D, E, A, B, C, f4, k4SHA, W[62]);
- subRound( C, D, E, A, B, f4, k4SHA, W[63]);
- subRound( B, C, D, E, A, f4, k4SHA, W[64]);
- subRound( A, B, C, D, E, f4, k4SHA, W[65]);
- subRound( E, A, B, C, D, f4, k4SHA, W[66]);
- subRound( D, E, A, B, C, f4, k4SHA, W[67]);
- subRound( C, D, E, A, B, f4, k4SHA, W[68]);
- subRound( B, C, D, E, A, f4, k4SHA, W[69]);
- subRound( A, B, C, D, E, f4, k4SHA, W[70]);
- subRound( E, A, B, C, D, f4, k4SHA, W[71]);
- subRound( D, E, A, B, C, f4, k4SHA, W[72]);
- subRound( C, D, E, A, B, f4, k4SHA, W[73]);
- subRound( B, C, D, E, A, f4, k4SHA, W[74]);
- subRound( A, B, C, D, E, f4, k4SHA, W[75]);
- subRound( E, A, B, C, D, f4, k4SHA, W[76]);
- subRound( D, E, A, B, C, f4, k4SHA, W[77]);
- subRound( C, D, E, A, B, f4, k4SHA, W[78]);
- subRound( B, C, D, E, A, f4, k4SHA, W[79]);
-
- state[0] += A;
- state[1] += B;
- state[2] += C;
- state[3] += D;
- state[4] += E;
-
-}
-
-
-
-
-/****************************************************************************
-* NAME: void SHAInitK( SHA_context *hash_context )
-*
-* DESCRIPTION: Initialize Secure Hash Function for generate
-* random number for DSS.
-*
-* INPUTS:
-* PARAMETERS:
-* SHA_context *hash_context SHA context structure
-* OUTPUT:
-* PARAMETERS:
-* SHA_context *hash_context Initialized SHA context structure
-*
-* RETURN:
-*
-* REVISION HISTORY:
-*
-* 24 Sep 94 KPZ Initial release
-* 14 Oct 94 GKL Second version (big endian support)
-*
-****************************************************************************/
-
-void SHAInitK( SHA_context *hash_context )
-{
-/*Set up first buffer*/
- hash_context->state[0] = 0xEFCDAB89L;
- hash_context->state[1] = 0x98BADCFEL;
- hash_context->state[2] = 0x10325476L;
- hash_context->state[3] = 0xC3D2E1F0L;
- hash_context->state[4] = 0x67452301L;
-/*Initialise buffer */
- memset( hash_context->buffer, 0, sizeof(hash_context->buffer));
- memset( hash_context->count, 0, sizeof(hash_context->count));
-}
-
-
-/****************************************************************************
-* NAME: int MySHA( uchar *message,
-* u_int16_t message_bytes,
-* uchar *hash_result )
-*
-* DESCRIPTION: Compute a Secure Hash Function.
-*
-* INPUTS:
-* PARAMETERS:
-* uchar *message Pointer to message
-* u_int16_t message_bytes Number of bytes in message
-* uchar *hash_result Pointer to message digest
-*
-* OUTPUT:
-* PARAMETERS:
-* uchar *hash_result Message digest
-*
-* RETURN:
-* SUCCESS No errors
-* ERR_INPUT_LEN Invalid length for input data(zero bytes)
-* REVISION HISTORY:
-*
-* 24 Sep 94 KPZ Initial release
-*
-****************************************************************************/
-int MySHA( uchar *message,
- u_int16_t message_bytes,
- uchar *hash_result )
-{
- SHA_context hash_context; /* SHA context structure */
- int status = SUCCESS; /* function return status */
- if (message_bytes == 0 )
- {
- status = ERR_INPUT_LEN;
- return status; /* invalid length for input data */
- }
- SHAInit ( &hash_context ); /* initialize SHA */
-#ifdef CTK_BIG_ENDIAN
- ByteSwap(message,message_bytes);
-#endif
- status = SHAUpdate( &hash_context, message, message_bytes );
-#ifdef CTK_BIG_ENDIAN
- ByteSwap(message,message_bytes);
-#endif
- if ( status != SUCCESS )
- {
- return status; /* error */
- }
- if ((status=MySHAFinal (&hash_context, hash_result)) != SUCCESS )
- {
- return status; /* error */
- }
- return status;
-}
-
-/****************************************************************************
-* NAME: int MySHAFinal( SHA_context *hash_context,
-* uchar *hash_result )
-* DESCRIPTION: Finalize Secure Hash Function
-*
-* INPUTS:
-* PARAMETERS:
-* SHA_context *hash_context SHA context structure
-* uchar *hash_result Pointer to hash
-* OUTPUT:
-* PARAMETERS:
-* uchar *hash_result Final value
-* RETURN:
-* SUCCESS No errors
-* ERR_INPUT_LEN Invalid length for input data (zero bytes)
-* REVISION HISTORY:
-*
-* 24 Sep 94 KPZ Initial release
-* 10 Oct 94 KPZ Modified for arbitrary message length
-* 14 Oct 94 GKL Second version (big endian support)
-*
-****************************************************************************/
- int MySHAFinal( SHA_context *hash_context,
- uchar *hash_result )
-{
- int status = SUCCESS; /* function return status */
- uchar bits[8];
- u_int16_t index, padLen;
- u_int32_t ex;
- uchar PADDING[64] = { /* padding string */
- 0x80, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
- 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
- 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0
- };
-
- if ( hash_context->count[0] == 0 && hash_context->count[1] == 0 )
- {
- status= ERR_INPUT_LEN;
- return status;
- }
- /* Save number of bits */
- LongByte( &hash_context->count[1] , 4, bits );
- LongByte( &hash_context->count[0] , 4, bits + 4 );
- ByteSwap32( bits, 8 );
- /* Pad out to 56 mod 64.*/
- index = (u_int16_t )((hash_context->count[0] >> 3) & 0x3f);
- padLen = (u_int16_t) ((index < 56) ? (56 - index) : (120 - index));
- SHAUpdate( hash_context, PADDING, padLen );
-
- /* Append length (before padding) */
- SHAUpdate (hash_context, bits, 8);
-
- /* Set order of hash_context */
- ex = hash_context->state[0];
- hash_context->state[0] = hash_context->state[4];
- hash_context->state[4] = ex;
- ex = hash_context->state[1];
- hash_context->state[1] = hash_context->state[3];
- hash_context->state[3] = ex;
- /* Store state in digest */
- memcpy(hash_result,hash_context->state,SHA_LENGTH);
- /* Zeroize sensitive information.*/
- memset( hash_context, 0, sizeof(hash_context) );
-#if defined ( ORD_16 ) && defined( CTK_BIG_ENDIAN )
- WordSwap(hash_result,SHA_LENGTH);
-#endif
- return status;
-}
-
-
-/****************************************************************************
-* NAME: int SHAUpdate( SHA_context *hash_context,
-* uchar *message,
-* u_int16_t message_bytes )
-* DESCRIPTION: Update Secure Hash Function
-*
-* INPUTS:
-* PARAMETERS:
-* SHA_context *hash_context SHA context structure
-* uchar *message Pointer to message
-* u_int16_t message_bytes Number of bytes
-* OUTPUT:
-* PARAMETERS:
-* SHA_context *hash_context Updated SHA context structure
-*
-* RETURN:
-* SUCCESS No errors
-* ERR_INPUT_LEN Invalid length for input data (zero bytes)
-* REVISION HISTORY:
-*
-* 24 Sep 94 KPZ Initial release
-* 10 Oct 94 KPZ Modified for arbitrary message length
-*
-****************************************************************************/
-
-int SHAUpdate( SHA_context *hash_context,
- const uchar *message,
- u_int16_t message_bytes )
-
-{
- int status = SUCCESS; /* function return status */
- u_int16_t i, index, partLen;
- if ( message_bytes == 0 )
- {
- status = ERR_INPUT_LEN; /*invalid length for input data (zero bytes)*/
- return status;
- }
-
- /* Compute number of bytes mod 64 */
- index = (u_int16_t)((hash_context->count[0] >> 3) & 0x3F);
-
- /* Update number of bits */
- if ( (hash_context->count[0] += ((u_int32_t )message_bytes << 3))
- < ((u_int32_t )message_bytes << 3) )
- {
- hash_context->count[1]++;
- }
- hash_context->count[1] += ((u_int32_t )message_bytes >> 29);
-
- partLen = (u_int16_t) (64 - index);
- /* Transform as many times as possible.*/
- if ( message_bytes >= partLen )
- {
- memcpy( &hash_context->buffer[index], message, partLen );
- shaTransform( hash_context->state, hash_context->buffer );
-
- for ( i = partLen; (u_int16_t)(i + 63) < message_bytes; i += 64 )
- {
- shaTransform ( hash_context->state, &message[i] );
- }
- index = 0;
- }
- else
- {
- i = 0;
- }
- /* Buffer remaining input */
- memcpy( &hash_context->buffer[index], &message[i],
- message_bytes - i );
- return status;
-}
-
-
-/****************************************************************************
-* NAME: void SHAInit( SHA_context *hash_context )
-*
-* DESCRIPTION: Initialize Secure Hash Function
-*
-* INPUTS:
-* PARAMETERS:
-* SHA_context *hash_context SHA context structure
-* OUTPUT:
-* PARAMETERS:
-* SHA_context *hash_context Initialized SHA context structure
-*
-* RETURN:
-*
-* REVISION HISTORY:
-*
-* 24 Sep 94 KPZ Initial release
-*
-****************************************************************************/
-
-void SHAInit( SHA_context *hash_context )
-{
-/*Set up first buffer*/
- hash_context->state[0] = h0SHA;
- hash_context->state[1] = h1SHA;
- hash_context->state[2] = h2SHA;
- hash_context->state[3] = h3SHA;
- hash_context->state[4] = h4SHA;
-
-/* Initialise buffer */
- memset( hash_context->buffer, 0, sizeof(hash_context->buffer));
- /*Initialize bit count*/
- hash_context->count[0] = hash_context->count[1] = 0;
-}
-
-/****************************************************************************
-* NAME: int SHAFinal( SHA_context *hash_context,
-* uchar *hash_result )
-* DESCRIPTION: Finalize Secure Hash Function
-*
-* INPUTS:
-* PARAMETERS:
-* SHA_context *hash_context SHA context structure
-* uchar *hash_result Pointer to hash
-* OUTPUT:
-* PARAMETERS:
-* uchar *hash_result Final value
-* RETURN:
-* SUCCESS No errors
-* ERR_INPUT_LEN Invalid length for input data (zero bytes)
-* REVISION HISTORY:
-*
-* 24 Sep 94 KPZ Initial release
-* 10 Oct 94 KPZ Modified for arbitrary message length
-* 14 Oct 94 GKL Second version (big endian support)
-*
-****************************************************************************/
-
-
-int SHAFinal( SHA_context *hash_context,
- uchar *hash_result )
-{
- int status = SUCCESS; /* function return status */
- status = MySHAFinal( hash_context, hash_result );
-#ifdef CTK_BIG_ENDIAN
- if (status == SUCCESS)
- {
- ByteSwap(hash_result, SHA_LENGTH);
- }
-#endif
- if (DataOrder)
- {
- BigSwap(hash_result, SHA_LENGTH);
- }
- return status;
-}
-
-/****************************************************************************
-* NAME: int GetPasswordKeySHA( u_int16_t Password_bytes,
-* uchar *Password,
-* uchar *salt,
-* u_int16_t Count,
-* uchar *K,
-* uchar *IV )
-*
-* DESCRIPTION: Get Password-Based DES/KAPPA Key by SHA
-*
-* INPUTS:
-* PARAMETERS:
-* u_int16_t Password_bytes Number of bytes in password
-* uchar *Password Pointer to password
-* uchar *salt Pointer to salt(8-byte)
-* u_int16_t Count Number of iteration
-* OUTPUT:
-* PARAMETERS:
-* uchar *K Pointer to DES/KAPPA key
-* uchar *IV Pointer to initialization vector
-* RETURN:
-* SUCCESS No errors
-* ERR_COUNT Invalid iteration count (zero)
-* ERR_INPUT_LEN Invalid length for input data(zero bytes)
-* ERR_ALLOC Insufficient memory
-* REVISION HISTORY:
-*
-* 24 Sep 94 KPZ Initial release
-* 26 Oct 94 GKL (ERR_ALLOC)
-*
-****************************************************************************/
- int GetPasswordKeySHA( u_int16_t Password_bytes,
- uchar *Password,
- uchar *salt,
- u_int16_t Count,
- uchar *K,
- uchar *IV )
-
-{
- int status = SUCCESS; /* function return status */
- uchar digest[SHA_LENGTH];
- uchar *buf;
- if ( Count == 0 ) /* invalid iteration count (zero) */
- {
- status = ERR_COUNT;
- return status;
- }
- CALLOC(buf,uchar,Password_bytes + 8);
- if ( status != SUCCESS )
- {
- return status; /* ERR_ALLOC insufficient memory */
- }
- if ( Password_bytes != 0 ) /* if number of bytes password non equals zero */
- {
- memcpy( buf, Password, Password_bytes );
- }
- memcpy( buf + Password_bytes, salt, 8);
-/* Compute message digest */
- status = SHA( buf, (u_int16_t)(Password_bytes + 8), digest);
- if (!DataOrder)
- {
- BigSwap(digest, SHA_LENGTH);
- }
-
- if ( status != SUCCESS )
- {
- free ( buf );
- return status;
- }
- Count --; /* decrement Count */
-/* Count times compute message digest */
- while ( Count != 0 )
- {
- if ( (status = SHA( digest, SHA_LENGTH, digest)) != SUCCESS )
- {
- free ( buf );
- return status;
- }
- if (!DataOrder)
- {
- BigSwap(digest, SHA_LENGTH);
- }
- Count --;
- }
- memcpy( K, digest, 8 );
- memcpy( IV, digest + SHA_LENGTH -8, 8 );
- free ( buf );
- return status;
-}
+++ /dev/null
-/*
- * Cylink Corporation © 1998
- *
- * This software is licensed by Cylink to the Internet Software Consortium to
- * promote implementation of royalty free public key cryptography within IETF
- * standards. Cylink wishes to expressly thank the contributions of Dr.
- * Martin Hellman, Whitfield Diffie, Ralph Merkle and Stanford University for
- * their contributions to Internet Security. In accordance with the terms of
- * this license, ISC is authorized to distribute and sublicense this software
- * for the practice of IETF standards.
- *
- * The software includes BigNum, written by Colin Plumb and licensed by Philip
- * R. Zimmermann for royalty free use and distribution with Cylink's
- * software. Use of BigNum as a stand alone product or component is
- * specifically prohibited.
- *
- * Disclaimer of All Warranties. THIS SOFTWARE IS BEING PROVIDED "AS IS",
- * WITHOUT ANY EXPRESSED OR IMPLIED WARRANTY OF ANY KIND WHATSOEVER. IN
- * PARTICULAR, WITHOUT LIMITATION ON THE GENERALITY OF THE FOREGOING, CYLINK
- * MAKES NO REPRESENTATION OF THIS SOFTWARE OR ITS FITNESS FOR ANY PARTICULAR
- * PURPOSE.
- *
- * Cylink or its representatives shall not be liable for tort, indirect,
- * special or consequential damages such as loss of profits or loss of
- * goodwill from the use or inability to use the software for any purpose or
- * for any reason whatsoever.
- *
- * EXPORT LAW: Export of the Foundations Suite may be subject to compliance
- * with the rules and regulations promulgated from time to time by the Bureau
- * of Export Administration, United States Department of Commerce, which
- * restrict the export and re-export of certain products and technical data.
- * If the export of the Foundations Suite is controlled under such rules and
- * regulations, then the Foundations Suite shall not be exported or
- * re-exported, directly or indirectly, (a) without all export or re-export
- * licenses and governmental approvals required by any applicable laws, or (b)
- * in violation of any applicable prohibition against the export or re-export
- * of any part of the Foundations Suite. All export licenses for software
- * containing the Foundations Suite are the sole responsibility of the licensee.
- */
-
-/****************************************************************************
-* FILENAME: sha.h PRODUCT NAME: CRYPTOGRAPHIC TOOLKIT
-*
-* FILE STATUS:
-*
-* DESCRIPTION: Cryptographic Toolkit Internal Functions Header File
-*
-* USAGE: File should be included in Toolkit functions files
-*
-*
-* Copyright (c) Cylink Corporation 1994. All rights reserved.
-*
-* REVISION HISTORY:
-*
-* 24 Sep 94 KPZ Initial release
-*
-****************************************************************************/
-#ifndef SHA_H
-#define SHA_H
-#include "cylink.h"
-
-#define SHS_BLOCKSIZE 64
-/*
-#define FSHA(x,y,z) ( ( x & y ) | ( ~x & z ) )
-#define GSHA(x,y,z) ( x ^ y ^ z )
-#define HSHA(x,y,z) ( ( x & y ) | ( x & z ) | ( y & z ) )
-#define ISHA(x,y,z) (x ^ y ^ z)
-*/
-/*#define f1(x,y,z) ( (x & y) | (~x & z) ) // Rounds 0-19 */
-#define f1(x,y,z) ( z ^ (x & (y ^ z) ) ) /* Rounds 0-19 */
-#define f2(x,y,z) ( x ^ y ^ z ) /* Rounds 20-39 */
-/*#define f3(x,y,z) ( (x & y) | (x & z) | (y & z) ) // Rounds 40-59 */
-#define f3(x,y,z) ( (x & y) | (z & (x | y) ) ) /* Rounds 40-59 */
-#define f4(x,y,z) ( x ^ y ^ z ) /* Rounds 60-79 */
-
-
-#define RotateLeft(x,n) (( x << n )|( x >> (32-n) ) ) /*Circular left shift operation*/
-
-/*SHS Constants */
-#define k1SHA 0x5a827999L
-#define k2SHA 0x6ed9eba1L
-#define k3SHA 0x8f1bbcdcL
-#define k4SHA 0xca62c1d6L
-
-/*SHS initial value */
-#define h0SHA 0x67452301L
-#define h1SHA 0xefcdab89L
-#define h2SHA 0x98badcfeL
-#define h3SHA 0x10325476L
-#define h4SHA 0xc3d2e1f0L
-
-/*The initial expanding function*/
-#define expand(count) \
- {\
- W[count] = W[count-3] ^ W[count-8] ^ W[count-14] ^ W[count-16];\
- W[count] = RotateLeft( W[count], 1 );\
- }
-
-/*New variant */
-#define subRound(a, b, c, d, e, f, k, data) \
- ( e += RotateLeft(a,5) + f(b, c, d) + k + data, b = RotateLeft( b,30) )
-
-
-
-/*The four sub_rounds*/
-/*
-#define subR1(count) \
- {\
- temp=RotateLeft(A,5) + FSHA(B,C,D) + E +W[count] +k1SHA;\
- E = D; \
- D = C; \
- C = RotateLeft(B,30); \
- B = A; \
- A = temp; \
- }
-
-#define subR2(count) \
- {\
- temp=RotateLeft(A,5) + GSHA(B,C,D) + E +W[count] +k2SHA;\
- E = D; \
- D = C; \
- C = RotateLeft(B,30);\
- B = A; \
- A = temp; \
- }
-
-#define subR3(count) \
- {\
- temp=RotateLeft(A,5) + HSHA(B,C,D) + E +W[count] +k3SHA;\
- E = D; \
- D = C; \
- C = RotateLeft(B,30);\
- B = A; \
- A = temp; \
- }
-
-#define subR4(count) \
- {\
- temp=RotateLeft(A,5) + ISHA(B,C,D) + E + W[count] +k4SHA;\
- E = D; \
- D = C; \
- C = RotateLeft(B,30);\
- B = A; \
- A = temp; \
- }
-*/
-#endif /* SHA_H */
-
+++ /dev/null
-/*
- * Cylink Corporation © 1998
- *
- * This software is licensed by Cylink to the Internet Software Consortium to
- * promote implementation of royalty free public key cryptography within IETF
- * standards. Cylink wishes to expressly thank the contributions of Dr.
- * Martin Hellman, Whitfield Diffie, Ralph Merkle and Stanford University for
- * their contributions to Internet Security. In accordance with the terms of
- * this license, ISC is authorized to distribute and sublicense this software
- * for the practice of IETF standards.
- *
- * The software includes BigNum, written by Colin Plumb and licensed by Philip
- * R. Zimmermann for royalty free use and distribution with Cylink's
- * software. Use of BigNum as a stand alone product or component is
- * specifically prohibited.
- *
- * Disclaimer of All Warranties. THIS SOFTWARE IS BEING PROVIDED "AS IS",
- * WITHOUT ANY EXPRESSED OR IMPLIED WARRANTY OF ANY KIND WHATSOEVER. IN
- * PARTICULAR, WITHOUT LIMITATION ON THE GENERALITY OF THE FOREGOING, CYLINK
- * MAKES NO REPRESENTATION OF THIS SOFTWARE OR ITS FITNESS FOR ANY PARTICULAR
- * PURPOSE.
- *
- * Cylink or its representatives shall not be liable for tort, indirect,
- * special or consequential damages such as loss of profits or loss of
- * goodwill from the use or inability to use the software for any purpose or
- * for any reason whatsoever.
- *
- * EXPORT LAW: Export of the Foundations Suite may be subject to compliance
- * with the rules and regulations promulgated from time to time by the Bureau
- * of Export Administration, United States Department of Commerce, which
- * restrict the export and re-export of certain products and technical data.
- * If the export of the Foundations Suite is controlled under such rules and
- * regulations, then the Foundations Suite shall not be exported or
- * re-exported, directly or indirectly, (a) without all export or re-export
- * licenses and governmental approvals required by any applicable laws, or (b)
- * in violation of any applicable prohibition against the export or re-export
- * of any part of the Foundations Suite. All export licenses for software
- * containing the Foundations Suite are the sole responsibility of the licensee.
- */
-
-#include "bnsize00.h"
-
-#if BNSIZE16
-#error Using 16-bit math library
-#elif BNSIZE32
-#error Using 32-bit math library
-#elif BNSIZE64
-#error Using 64-bit math library
-#else
-#error No math library size defined
-#endif
+++ /dev/null
-/*
- * Cylink Corporation © 1998
- *
- * This software is licensed by Cylink to the Internet Software Consortium to
- * promote implementation of royalty free public key cryptography within IETF
- * standards. Cylink wishes to expressly thank the contributions of Dr.
- * Martin Hellman, Whitfield Diffie, Ralph Merkle and Stanford University for
- * their contributions to Internet Security. In accordance with the terms of
- * this license, ISC is authorized to distribute and sublicense this software
- * for the practice of IETF standards.
- *
- * The software includes BigNum, written by Colin Plumb and licensed by Philip
- * R. Zimmermann for royalty free use and distribution with Cylink's
- * software. Use of BigNum as a stand alone product or component is
- * specifically prohibited.
- *
- * Disclaimer of All Warranties. THIS SOFTWARE IS BEING PROVIDED "AS IS",
- * WITHOUT ANY EXPRESSED OR IMPLIED WARRANTY OF ANY KIND WHATSOEVER. IN
- * PARTICULAR, WITHOUT LIMITATION ON THE GENERALITY OF THE FOREGOING, CYLINK
- * MAKES NO REPRESENTATION OF THIS SOFTWARE OR ITS FITNESS FOR ANY PARTICULAR
- * PURPOSE.
- *
- * Cylink or its representatives shall not be liable for tort, indirect,
- * special or consequential damages such as loss of profits or loss of
- * goodwill from the use or inability to use the software for any purpose or
- * for any reason whatsoever.
- *
- * EXPORT LAW: Export of the Foundations Suite may be subject to compliance
- * with the rules and regulations promulgated from time to time by the Bureau
- * of Export Administration, United States Department of Commerce, which
- * restrict the export and re-export of certain products and technical data.
- * If the export of the Foundations Suite is controlled under such rules and
- * regulations, then the Foundations Suite shall not be exported or
- * re-exported, directly or indirectly, (a) without all export or re-export
- * licenses and governmental approvals required by any applicable laws, or (b)
- * in violation of any applicable prohibition against the export or re-export
- * of any part of the Foundations Suite. All export licenses for software
- * containing the Foundations Suite are the sole responsibility of the licensee.
- */
-
-
-/****************************************************************************
-* FILENAME: swap.c PRODUCT NAME: CRYPTOGRAPHIC TOOLKIT
-*
-* FILE STATUS:
-*
-* DESCRIPTION: Byte and Word Swap functions
-*
-* PUBLIC FUNCTIONS:
-*
-*
-* PRIVATE FUNCTIONS:
-*
-* REVISION HISTORY:
-*
-* 14 Oct 94 GKL Initial release
-* 26 Oct 94 GKL (alignment for big endian support )
-*
-****************************************************************************/
-
-/****************************************************************************
-* INCLUDE FILES
-****************************************************************************/
-/* system files */
-
-#include "port_before.h"
-#ifdef VXD
-#include <vtoolsc.h>
-#else
-#include <stdlib.h>
-#include <string.h>
-#endif
-/* program files */
-#include "cylink.h"
-#include "ctk_endian.h"
-#include "toolkit.h"
-#include "port_after.h"
-
-u_int16_t DataOrder = 0;
-
-/*Reset bytes in long*/
-/*extern void ByteSwap32_asm( uchar *X, u_int16_t X_len );*/ /*kz*/
-
-/****************************************************************************
-* NAME: void ByteSwap32 (uchar *array,
-* u_int16_t X_len )
-*
-* DESCRIPTION: Perform byte reversal on an array of longword.
-*
-* INPUTS:
-* PARAMETERS:
-* uchar *X Pointer to array
-* u_int16_t X_len Number of bytes
-* OUTPUT:
-* uchar *X Pointer to array
-*
-* REVISION HISTORY:
-*
-* 24 Sep 94 KPZ Initial release
-* 14 Oct 94 GKL Second version (big endian support)
-*
-****************************************************************************/
-
-
-void ByteSwap32( uchar *X, u_int16_t X_len )
-{
- u_int16_t i; /*counter*/
- uchar a; /*temporary char*/
- for ( i = 0; i < X_len; i += 4)
- {
- a = X[i];
- X[i] = X[i+3];
- X[i+3] = a;
- a = X[i+1];
- X[i+1] = X[i+2];
- X[i+2] = a;
- }
-/*#endif*/ /*kz*/
-}
-
-
-/****************************************************************************
-* NAME: void ByteSwap (uchar *array,
-* u_int16_t X_len )
-*
-* DESCRIPTION: Perform byte reversal on an array of longword or shortword.
-*
-* INPUTS:
-* PARAMETERS:
-* uchar *X Pointer to array
-* u_int16_t X_len Number of bytes
-* OUTPUT:
-* uchar *X Pointer to array
-*
-* REVISION HISTORY:
-*
-* 24 Sep 94 KPZ Initial release
-* 14 Oct 94 GKL Second version (big endian support)
-*
-****************************************************************************/
-
-void ByteSwap( uchar *X,
- u_int16_t X_len )
-{
-#ifdef ORD_16
- u_int16_t i; /*counter*/
- uchar a; /*tempriory char for revers*/
- for ( i = 0; i < X_len; i += 2)
- {
- a = X[i];
- X[i] = X[i+1];
- X[i+1] = a;
- }
-#endif
-#ifdef ORD_32
- ByteSwap32(X,X_len);
-#endif
-}
-
-/*kz longbyte deleted */
-
-/****************************************************************************
-* NAME: void WordSwap (uchar *array,
-* u_int16_t X_len )
-*
-* DESCRIPTION: Perform short reversal on an array of longword.
-*
-* INPUTS:
-* PARAMETERS:
-* uchar *X Pointer to array
-* u_int16_t X_len Number of bytes
-* OUTPUT:
-* uchar *X Pointer to array
-*
-* REVISION HISTORY:
-*
-* 14 Oct 94 GKL Initial release
-*
-****************************************************************************/
-void WordSwap( uchar *X,
- u_int16_t X_len )
-{
- u_int16_t i; /*counter*/
- u_int16_t a; /*tempriory u_int16_t*/
-
- for ( i = 0; i < X_len; i += 4)
- {
- a = *(u_int16_t*)(&X[i]);
- *(u_int16_t*)(&X[i])=*(u_int16_t*)(&X[i+2]);
- *(u_int16_t*)(&X[i+2])=a;
- }
-}
-
-void BigSwap( uchar *buffer,
- u_int16_t bufferLength)
-{
- uchar temp;
- u_int16_t i;
-
- for (i = 0; i < (u_int16_t)(bufferLength/2); i++)
- {
- temp = buffer[i];
- buffer[i] = buffer[bufferLength - 1 - i];
- buffer[bufferLength - 1 - i] = temp;
- }
-}
-
-void SetDataOrder ( u_int16_t dataOrder)
-{
- DataOrder = dataOrder;
-}
+++ /dev/null
-/*
- * Cylink Corporation © 1998
- *
- * This software is licensed by Cylink to the Internet Software Consortium to
- * promote implementation of royalty free public key cryptography within IETF
- * standards. Cylink wishes to expressly thank the contributions of Dr.
- * Martin Hellman, Whitfield Diffie, Ralph Merkle and Stanford University for
- * their contributions to Internet Security. In accordance with the terms of
- * this license, ISC is authorized to distribute and sublicense this software
- * for the practice of IETF standards.
- *
- * The software includes BigNum, written by Colin Plumb and licensed by Philip
- * R. Zimmermann for royalty free use and distribution with Cylink's
- * software. Use of BigNum as a stand alone product or component is
- * specifically prohibited.
- *
- * Disclaimer of All Warranties. THIS SOFTWARE IS BEING PROVIDED "AS IS",
- * WITHOUT ANY EXPRESSED OR IMPLIED WARRANTY OF ANY KIND WHATSOEVER. IN
- * PARTICULAR, WITHOUT LIMITATION ON THE GENERALITY OF THE FOREGOING, CYLINK
- * MAKES NO REPRESENTATION OF THIS SOFTWARE OR ITS FITNESS FOR ANY PARTICULAR
- * PURPOSE.
- *
- * Cylink or its representatives shall not be liable for tort, indirect,
- * special or consequential damages such as loss of profits or loss of
- * goodwill from the use or inability to use the software for any purpose or
- * for any reason whatsoever.
- *
- * EXPORT LAW: Export of the Foundations Suite may be subject to compliance
- * with the rules and regulations promulgated from time to time by the Bureau
- * of Export Administration, United States Department of Commerce, which
- * restrict the export and re-export of certain products and technical data.
- * If the export of the Foundations Suite is controlled under such rules and
- * regulations, then the Foundations Suite shall not be exported or
- * re-exported, directly or indirectly, (a) without all export or re-export
- * licenses and governmental approvals required by any applicable laws, or (b)
- * in violation of any applicable prohibition against the export or re-export
- * of any part of the Foundations Suite. All export licenses for software
- * containing the Foundations Suite are the sole responsibility of the licensee.
- */
-
-/****************************************************************************
-* FILENAME: toolkit.h PRODUCT NAME: CRYPTOGRAPHIC TOOLKIT
-*
-* FILE STATUS:
-*
-* DESCRIPTION: Cryptographic Toolkit Functions Header File
-*
-* USAGE: File should be included to use Toolkit Functions
-*
-*
-* Copyright (c) Cylink Corporation 1994. All rights reserved.
-*
-* REVISION HISTORY:
-*
-* 23 Aug 94 KPZ Initial release
-* 24 Sep 94 KPZ Added prototypes of Toolkit functions
-* 14 Oct 94 GKL Second version (big endian support)
-* 08 Dec 94 GKL Added YIELD_context to GenDSSParameters
-*
-****************************************************************************/
-
-#ifndef TOOLKIT_H /* Prevent multiple inclusions of same header file */
-#define TOOLKIT_H
-
-
-/* Error types */
-
-#define SUCCESS 0 /* no errors */
-#define ERR_DATA -1 /* generic data error */
-#define ERR_ALLOC -2 /* insufficient memory */
-#define ERR_INPUT_LEN -3 /* invalid length for input data (zero bytes) */
-#define ERR_DSS_LEN -4 /* invalid length for dss_p */
-#define ERR_DH_LEN -5 /* invalid length for DH_modulus */
-#define ERR_BLOCK_LEN -7 /* invalid length for input block for ECB/CBC */
-#define ERR_HASH_LEN -8 /* invalid length for hash_result */
-#define ERR_MODE -9 /* invalid value of encryption mode */
-#define ERR_NUMBER -10 /* invalid number of testings (zero) */
-#define ERR_POSITION -11 /* invalid value of triplet_position */
-#define ERR_COUNT -12 /* invalid iteration count (zero) */
-#define ERR_SIGNATURE -21 /* signature is not valid */
-#define ERR_PRIME -22 /* number is not prime */
-#define ERR_WEAK -23 /* weak key */
-#define ERR_INPUT_VALUE -24 /* invalid input value */
-/* additional error types for CEPA */
-#define ERR_KEY_LENGTH -25 /* invalid value of key length */
-#define ERR_ROUNDS -26 /* invalid value of rounds number */
-#define ERR_CANCEL -30 /* canceled by user */
-#define ERR_MODULUS_ZERO -31 /* invalid modulo */
-#define ERR_UNSUPPORTED -40 /* unsupported crypto method */
-#define ERR_OP_CODE -41 /*invalid operation code*/
-
-
-
-/* Lengths of variables */
-#define DH_LENGTH_MIN 64 /* 512-bit minimal length for DH functions */
-#define DSS_LENGTH_MIN 64 /* 512-bit minimal length for DSS functions */
-#define DSS_LENGTH_MAX 128 /* 1024-bit maximal length for DSS functions */
-#define SHA_LENGTH 20 /* 160-bit length for SHA hash result */
-
-/* Number of random bases for Miller test */
-#define TEST_COUNT 40
-
-#define LITTLE_ORDER 0
-#define BIG_ORDER 1
-
-/* Key lengths */ /* add to toolkit.h */
-#define KEY_40BIT 40 /* 40-bit key */
-#define KEY_64BIT 64 /* 64-bit key */
-#define KEY_128BIT 128 /* 128-bit key */
-#define CEPA_MAX_ROUNDS 12
-
-/* Operation codes for MultiPrecArithm() */
-#define EXPO 0x21
-#define MUL 0x22
-/*#define ADD 0x23*/
-
-/****************************************************************************
-* INCLUDE FILES
-****************************************************************************/
-
-/* system files */
-#include "cylink.h"
-#include "ctk_endian.h"
-/* callback function */
-#ifdef VXD
-typedef int (* YIELD_PROC)( void );
-#else
-typedef int (* YIELD_PROC)(int ); /*TKL00601*/
-#endif
-
-typedef struct { /*TKL00601*/
- YIELD_PROC yield_proc;
- void * handle; /* Application specific information */
-}YIELD_context;
-
-
-/* Secure Hash Algorithm structure */
-typedef struct
-{
- u_int32_t state[ 5 ]; /* state */
- u_int32_t count[ 2 ]; /* number of bits */
- uchar buffer[ 64 ]; /* input buffer */
-} SHA_context;
-
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-/* Copy Cylink DSS Common Parameters */ /*TKL01201*/
- int GetDSSPQG(u_int16_t dss_p_bytes,
- uchar *dss_p,
- uchar *dss_q,
- uchar *dss_g);
-
-/* Compute a Secure Hash Function */
- int SHA( uchar *message, u_int16_t message_bytes,
- uchar *hash_result );
-/* Initialize Secure Hash Function */
- void SHAInit( SHA_context *hash_context );
-
-/* Update Secure Hash Function */
- int SHAUpdate( SHA_context *hash_context,
- const uchar *message,
- u_int16_t message_bytes );
-/* Finalize Secure Hash Function */
- int SHAFinal( SHA_context *hash_context,
- uchar *hash_result );
-/* Compute a DSS Signature */
- int GenDSSSignature( u_int16_t dss_p_bytes, uchar *dss_p,
- uchar *dss_q, uchar *dss_g,
- uchar *dss_x, uchar *dss_k,
- uchar *r, uchar *s,
- uchar *hash_result );
-/* Verify a DSS Signature */
- int VerDSSSignature( u_int16_t dss_p_bytes, uchar *dss_p,
- uchar *dss_q, uchar *dss_g,
- uchar *dss_y, uchar *r,
- uchar *s, uchar *hash_result);
-/* Initialize Random number Generator */
- int InitRand( u_int16_t SEED_bytes, uchar *SEED,
- uchar *RVAL );
-/* Generate random number */
- int GenRand( u_int16_t A_bytes, uchar *A,
- uchar *RVAL );
-/* Compute DSS public/secret number pair */
- int GenDSSKey( u_int16_t dss_p_bytes, uchar *dss_p,
- uchar *dss_q, uchar *dss_g,
- uchar *dss_x, uchar *dss_y,
- uchar *XKEY );
-/* Generate secret number */
- int GenDSSNumber( uchar *dss_k, uchar *dss_q,
- uchar *KKEY );
-
-/* Compute a Diffie-Hellman Shared number */
- int GetDHSharedNumber( u_int16_t DH_modulus_bytes, uchar *DH_secret,
- uchar *DH_public, uchar *DH_shared,
- uchar *DH_modulus );
-/* Set Key by Diffie_Hellman shared number */
- int SetDESKAPPAKey( u_int16_t DH_modulus_bytes, uchar *DH_shared,
- uchar *K );
-/* Expand DES key */
- void DESKeyExpand( uchar *key, uchar *K1 );
-
-/* Encrypt a block of data with single DES */
- int DESEncrypt( uchar *des_iv, uchar *des_key,
- u_int16_t des_mode, uchar *input_array,
- uchar *output_array, u_int16_t input_array_bytes );
-
-/* Decrypt a block of data with single DES */
- int DESDecrypt( uchar *des_iv, uchar *des_key,
- u_int16_t des_mode, uchar *data_array,
- u_int16_t data_array_bytes );
-
-/* One-Time-Pad Signature with a Diffie-Hellman shared number */
- int DHOneTimePad( u_int16_t DH_modulus_bytes, uchar *DH_shared,
- uchar *X, uchar *Y );
-
-/* Compute a Diffie-Hellman pair */
- int GenDHPair( u_int16_t DH_modulus_bytes, uchar *DH_secret,
- uchar *DH_public, uchar *DH_base,
- uchar *DH_modulus, uchar *RVAL );
-
- int GetPasswordKeySHA( u_int16_t Password_bytes, uchar *Password,
- uchar *salt, u_int16_t Count,
- uchar *K, uchar *IV );
-
-/* Generate DSS Common Parameters */
- int GenDSSParameters( u_int16_t dss_p_bytes, uchar *dss_p,
- uchar *dss_q, uchar *dss_g,
- uchar *RVAL, YIELD_context *yield_cont ); /*TKL00701*/
-
-/* Produce a Shamir Key-Sharing Triplet for Secret Number */
-int GenShamirTriplet( u_int16_t SecretNumber_bytes, uchar *SecretNumber,
- uchar *first_value, uchar *second_value,
- uchar *third_value, uchar *RVAL );
-
-/* Reconstract a Secret Number from Shamir Key-Sharing Duplex */
-int GetNumberShamirDuplex( u_int16_t SecretNumber_bytes,
- uchar *value_A,
- u_int16_t A_position, uchar *value_B,
- u_int16_t B_position,
- uchar *SecretNumber );
-int SFDHEncrypt( u_int16_t DH_modulus_bytes,
- uchar *DH_modulus,
- uchar *DH_base,
- uchar *DH_public,
- uchar *DH_random_public,
- uchar *DH_shared,
- uchar *RVAL );
-int SFDHDecrypt( u_int16_t DH_modulus_bytes,
- uchar *DH_modulus,
- uchar *DH_secret,
- uchar *DH_random_public,
- uchar *DH_shared );
-/* Check DES key weakness */
-int CheckDESKeyWeakness( uchar *key );
-
-int SetCipherKey( u_int16_t DH_shared_bytes,
- uchar *DH_shared,
- uchar *Key,
- u_int16_t cryptoMethod );
-/* Non-Pipelined Triple DES encrypt*/
-int TDESEncrypt( uchar *des_iv,
- uchar *des_key1,uchar *des_key2, uchar *des_key3,
- u_int16_t des_mode,
- uchar *input_array,
- uchar *output_array,
- u_int16_t input_array_bytes );
-/* Non-Pipelined Triple DES decrypt*/
-int TDESDecrypt( uchar *des_iv,
- uchar *des_key1,uchar *des_key2, uchar *des_key3,
- u_int16_t des_mode,
- uchar *data_array,
- u_int16_t data_array_bytes );
-/*Pipeline Triple DES encrypt*/
-int PTDESEncrypt( uchar *iv1, uchar *iv2, uchar *iv3,
- uchar *des_key1,uchar *des_key2, uchar *des_key3,
- u_int16_t des_mode,
- uchar *input_array,
- uchar *output_array,
- u_int16_t input_array_bytes );
-/*Pipeline Triple DES decrypt*/
-int PTDESDecrypt( uchar *iv1, uchar *iv2, uchar *iv3,
- uchar *des_key1,uchar *des_key2, uchar *des_key3,
- u_int16_t des_mode,
- uchar *data_array,
- u_int16_t input_array_bytes );
- int PCBC1Encrypt( uchar *iv1, uchar *iv2, uchar *iv3,
- uchar *des_key1,uchar *des_key2, uchar *des_key3,
- uchar *msg1,uchar *msg2, uchar *msg3,
- uchar *out1,uchar *out2, uchar *out3,
- u_int16_t input_array_bytes );
- int PCBC1Decrypt( uchar *iv1, uchar *iv2, uchar *iv3,
- uchar *des_key1,uchar *des_key2, uchar *des_key3,
- uchar *out1,uchar *out2, uchar *out3,
- u_int16_t input_array_bytes );
-
-/*CEPA enc/dec */
-int CepaKeyExpand( uchar *key,
- u_int16_t key_length,
- u_int16_t number_of_rounds,
- uchar *expanded_key );
-
-int CepaCsp( u_int16_t key_length,
- uchar *csp);
-
-int CepaEncrypt( uchar *iv,
- uchar *key,
- u_int16_t mode,
- uchar *csp,
- u_int16_t r,
- uchar *input_array,
- uchar *output_array,
- u_int16_t input_array_bytes );
-
-int CepaDecrypt( uchar *iv,
- uchar *key,
- u_int16_t mode,
- uchar *csp,
- u_int16_t r,
- uchar *data_array,
- u_int16_t data_array_bytes );
-void BigNumInit(void);
-void SetDataOrder ( u_int16_t dataOrder);
-
-int GetDHSecretShared( u_int16_t DH_modulus_bytes, u_int16_t DH_secret_bytes, uchar *DH_secret,
- uchar *DH_public, uchar *DH_shared,
- uchar *DH_modulus);
-int GenDHKey( u_int16_t DH_modulus_bytes, u_int16_t DH_secret_bytes, uchar *DH_secret,
- uchar *DH_public, uchar *DH_base,
- uchar *DH_modulus, uchar *RVAL );
-int SFDHInitiate( u_int16_t DH_modulus_bytes, u_int16_t DH_secret_bytes,
- uchar *DH_modulus, uchar *DH_base,
- uchar *DH_public, uchar *DH_random_public,
- uchar *DH_shared, uchar *RVAL );
-int SFDHComplete( u_int16_t DH_modulus_bytes, u_int16_t DH_secret_bytes,
- uchar *DH_modulus,
- uchar *DH_secret, uchar *DH_random_public,
- uchar *DH_shared );
-
-int SplitKey( u_int16_t Secretnumber_bytes, uchar *SecretNumber,
- uchar *first_value, uchar *second_value,
- uchar *third_value, uchar *RVAL );
-int UnsplitKey( u_int16_t Secretnumber_bytes, uchar *value_A,
- u_int16_t A_position, uchar *value_B,
- u_int16_t B_position, uchar *SecretNumber );
-int SAFERKeyExpand( uchar *key, u_int16_t key_length,
- uchar *expanded_key );
-int SAFEREncrypt( uchar *iv, uchar *key, u_int16_t mode, u_int16_t key_length,
- uchar *input_array, uchar *output_array, u_int16_t input_array_bytes );
-int SAFERDecrypt( uchar *iv, uchar *key, u_int16_t mode, u_int16_t r_length,
- uchar *data_array, u_int16_t data_array_bytes );
-
-
- void ByteSwap( uchar *X, u_int16_t X_len);
- void ByteSwap32( uchar *X, u_int16_t X_len);
- void WordSwap( uchar *X, u_int16_t X_len);
- void BigSwap( uchar *buffer, u_int16_t bufferLength);
- int Sum_big (ord *X, ord *Y, ord *Z, u_int16_t len_X);
- int Sum_Q(ord *X, u_int16_t src, u_int16_t len_X);
- void LShiftL_big( ord *X, u_int32_t len_X, u_int32_t n_bit );
- int Sub_big (ord *X, ord *Y, ord *Z, u_int16_t len_X);
- int DivRem( u_int16_t X_bytes, ord *X, u_int16_t P_bytes, ord *P,
- ord *Z, ord *D);
- int SteinGCD (ord *m, ord *n, u_int16_t len);
- int Add( ord *X, ord *Y, u_int16_t P_len, ord *P);
- int Inverse(u_int16_t X_bytes, ord *X, u_int16_t P_bytes, ord *P,
- ord *Z);
- int DoubleExpo(u_int16_t X1_bytes, ord *X1, u_int16_t Y1_bytes,
- ord *Y1, u_int16_t X2_bytes, ord *X2,
- u_int16_t Y2_bytes, ord *Y2, u_int16_t P_bytes,
- ord *P, ord *Z);
- int Sum (ord *X, ord *Y, u_int16_t len_X);
- void Mul_big_1( ord X, ord *Y, ord *XY, u_int16_t ly);
- int Mul( u_int16_t X_bytes, ord *X, u_int16_t Y_bytes, ord *Y,
- u_int16_t P_bytes, ord *P, ord *Z );
-
- int Square(u_int16_t X_bytes, ord *X, u_int16_t P_bytes, ord *P,
- ord *Z);
-
- int PartReduct(u_int16_t X_bytes, ord *X, u_int16_t P_bytes, ord *P,
- ord *Z);
- int Expo(u_int16_t X_bytes, ord *X, u_int16_t Y_bytes, ord *Y,
- u_int16_t P_bytes, ord *P, ord *Z);
-
-
-#ifdef __cplusplus
-}
-#endif
-
-
-#endif /* TOOLKIT_H */
-
+++ /dev/null
-OBJS= ahcbcpad.@O@ ahchdig.@O@ ahchencr.@O@ ahchgen.@O@ ahchrand.@O@ \
- ahdigest.@O@ ahencryp.@O@ ahgen.@O@ ahrandom.@O@ ahrsaenc.@O@ \
- ahrsaepr.@O@ ahrsaepu.@O@ aichdig.@O@ aichenc8.@O@ aichencn.@O@ \
- aichencr.@O@ aichgen.@O@ aichrand.@O@ aimd5.@O@ aimd5ran.@O@ \
- ainfotyp.@O@ ainull.@O@ airsaepr.@O@ airsaepu.@O@ airsakgn.@O@ \
- airsaprv.@O@ airsapub.@O@ algchoic.@O@ algobj.@O@ amcrte.@O@ \
- ammd5.@O@ ammd5r.@O@ amrkg.@O@ amrsae.@O@ balg.@O@ bgclrbit.c \
- bgmdmpyx.@O@ bgmdsqx.@O@ bgmodexp.@O@ bgpegcd.@O@ big2exp.@O@ \
- bigabs.@O@ bigacc.@O@ bigarith.@O@ bigcmp.@O@ bigconst.@O@ \
- biginv.@O@ biglen.@O@ bigmodx.@O@ bigmpy.@O@ bigpdiv.@O@ \
- bigpmpy.@O@ bigpmpyh.@O@ bigpmpyl.@O@ bigpsq.@O@ bigqrx.@O@ \
- bigsmod.@O@ bigtocan.@O@ bigu.@O@ bigunexp.@O@ binfocsh.@O@ \
- bkey.@O@ bmempool.@O@ cantobig.@O@ crt2.@O@ digest.@O@ \
- digrand.@O@ encrypt.@O@ generate.@O@ intbits.@O@ intitem.@O@ \
- keyobj.@O@ ki8byte.@O@ kifulprv.@O@ kiitem.@O@ kinfotyp.@O@ \
- kipkcrpr.@O@ kirsacrt.@O@ kirsapub.@O@ md5.@O@ md5rand.@O@ \
- prime.@O@ random.@O@ rsa.@O@ rsakeygn.@O@ seccbcd.@O@ \
- seccbce.@O@ surrendr.@O@
-
-SRCS= ahcbcpad.c ahchdig.c ahchencr.c ahchgen.c ahchrand.c ahdigest.c \
- ahencryp.c ahgen.c ahrandom.c ahrsaenc.c ahrsaepr.c ahrsaepu.c \
- aichdig.c aichenc8.c aichencn.c aichencr.c aichgen.c aichrand.c \
- aimd5.c aimd5ran.c ainfotyp.c ainull.c airsaepr.c airsaepu.c \
- airsakgn.c airsaprv.c airsapub.c algchoic.c algobj.c amcrte.c \
- ammd5.c ammd5r.c amrkg.c amrsae.c balg.c bgclrbit.c bgmdmpyx.c \
- bgmdsqx.c bgmodexp.c bgpegcd.c big2exp.c bigabs.c bigacc.c \
- bigarith.c bigcmp.c bigconst.c biginv.c biglen.c bigmodx.c \
- bigmpy.c bigpdiv.c bigpmpy.c bigpmpyh.c bigpmpyl.c bigpsq.c \
- bigqrx.c bigsmod.c bigtocan.c bigu.c bigunexp.c binfocsh.c \
- bkey.c bmempool.c cantobig.c crt2.c digest.c digrand.c encrypt.c \
- generate.c intbits.c intitem.c keyobj.c ki8byte.c kifulprv.c \
- kiitem.c kinfotyp.c kipkcrpr.c kirsacrt.c kirsapub.c md5.c \
- md5rand.c prime.c random.c rsa.c rsakeygn.c seccbcd.c seccbce.c \
- surrendr.c
-
-TARGETS= ${OBJS}
-
-CINCLUDES= -I.. -I../include
-CWARNINGS= -Werror
-
-@BIND9_MAKE_RULES@
+++ /dev/null
-/* Copyright (C) RSA Data Security, Inc. created 1993, 1996. This is an
- unpublished work protected as such under copyright law. This work
- contains proprietary, confidential, and trade secret information of
- RSA Data Security, Inc. Use, disclosure or reproduction without the
- express written authorization of RSA Data Security, Inc. is
- prohibited.
- */
-
-/* Define this so that the type of the 'this' pointer in the
- virtual functions will be correct for this derived class.
- */
-struct AHSecretCBCPad;
-#define THIS_ENCRYPT_DECRYPT struct AHSecretCBCPad
-
-#include "port_before.h"
-#include "global.h"
-#include "bsafe2.h"
-#include "bkey.h"
-#include "balg.h"
-#include "ahcbcpad.h"
-#include "port_after.h"
-
-#define GENERATE_BREAK(type) { \
- status = type; \
- break; \
- }
-
-/* Inherit the base class destructor, block size,
- and decrypt init and update routines.
- */
-static AHEncryptDecryptVTable V_TABLE = {
- AHChooseEncryptDestructor, AHChooseEncryptGetBlockLen,
- AHSecretCBCPadEncryptInit, AHChooseEncryptDecryptInit,
- AHSecretCBCPadEncryptUpdate, AHChooseEncryptDecryptUpdate,
- AHSecretCBCPadEncryptFinal, AHSecretCBCPadDecryptFinal
-};
-
-AHSecretCBCPad *AHSecretCBCPadConstructor2 (handler, infoType, info)
-AHSecretCBCPad *handler;
-struct B_AlgorithmInfoType *infoType;
-POINTER info;
-{
- if (handler == (AHSecretCBCPad *)NULL_PTR) {
- /* This constructor is being used to do a new */
- if ((handler = (AHSecretCBCPad *)T_malloc (sizeof (*handler)))
- == (AHSecretCBCPad *)NULL_PTR)
- return (handler);
- }
-
- /* Construct base class with the infoType and info. */
- AHChooseEncryptConstructor2
- (&handler->chooseEncryptDecrypt, infoType, info);
-
- handler->chooseEncryptDecrypt.encryptDecrypt.vTable = &V_TABLE;
- return (handler);
-}
-
-int AHSecretCBCPadEncryptInit (handler, key, chooser, surrenderContext)
-AHSecretCBCPad *handler;
-B_Key *key;
-B_ALGORITHM_CHOOSER chooser;
-A_SURRENDER_CTX *surrenderContext;
-{
- /* For encryption, we need to track the input length */
- handler->_inputRemainder = 0;
-
- return (AHChooseEncryptEncryptInit
- (handler, key, chooser, surrenderContext));
-}
-
-int AHSecretCBCPadEncryptUpdate
- (handler, partOut, partOutLen, maxPartOutLen, partIn, partInLen,
- randomAlgorithm, surrenderContext)
-AHSecretCBCPad *handler;
-unsigned char *partOut;
-unsigned int *partOutLen;
-unsigned int maxPartOutLen;
-const unsigned char *partIn;
-unsigned int partInLen;
-B_Algorithm *randomAlgorithm;
-A_SURRENDER_CTX *surrenderContext;
-{
- /* For encryption, we need to track the input length */
- handler->_inputRemainder = (handler->_inputRemainder + partInLen) % 8;
-
- return (AHChooseEncryptEncryptUpdate
- (handler, partOut, partOutLen, maxPartOutLen, partIn, partInLen,
- randomAlgorithm, surrenderContext));
-}
-
-int AHSecretCBCPadEncryptFinal
- (handler, partOut, partOutLen, maxPartOutLen, randomAlgorithm,
- surrenderContext)
-AHSecretCBCPad *handler;
-unsigned char *partOut;
-unsigned int *partOutLen;
-unsigned int maxPartOutLen;
-B_Algorithm *randomAlgorithm;
-A_SURRENDER_CTX *surrenderContext;
-{
- int status;
- unsigned char finalBuffer[8];
- unsigned int padLen, dummyPartOutLen;
-
- padLen = 8 - handler->_inputRemainder;
- T_memset ((POINTER)finalBuffer, padLen, padLen);
-
- /* Add the pad bytes. This should force the output of the final block.
- */
- if ((status = AHChooseEncryptEncryptUpdate
- (handler, partOut, partOutLen, maxPartOutLen, finalBuffer, padLen,
- randomAlgorithm, surrenderContext)) != 0)
- return (status);
-
- /* The encrypt final operation should have no output. */
- if ((status = AHChooseEncryptEncryptFinal
- (handler, (unsigned char *)NULL_PTR, &dummyPartOutLen, 0,
- (B_Algorithm *)NULL_PTR, (A_SURRENDER_CTX *)NULL_PTR)) != 0)
- return (status);
-
- /* Restart the context. */
- handler->_inputRemainder = 0;
-
- /* No need to zeroize the finalBuffer since it only contains pad bytes. */
- return (0);
-}
-
-int AHSecretCBCPadDecryptFinal
- (handler, partOut, partOutLen, maxPartOutLen, randomAlgorithm,
- surrenderContext)
-AHSecretCBCPad *handler;
-unsigned char *partOut;
-unsigned int *partOutLen;
-unsigned int maxPartOutLen;
-B_Algorithm *randomAlgorithm;
-A_SURRENDER_CTX *surrenderContext;
-{
- int status;
- unsigned char finalBuffer[16], *padBuffer;
- unsigned int padLen, localPartOutLen, i;
-
- do {
- /* For now, the DecrypyFinal operations is set to output 16 bytes.
- */
- if ((status = AHChooseEncryptDecryptFinal
- (handler, finalBuffer, &localPartOutLen, sizeof (finalBuffer),
- randomAlgorithm, surrenderContext)) != 0)
- break;
-
- if (localPartOutLen == 8)
- padBuffer = finalBuffer;
- else if (localPartOutLen == 16)
- padBuffer = finalBuffer + 8;
- else
- GENERATE_BREAK (BE_INPUT_LEN);
-
- /* Check that padding is one 1 to eight 8's.
- */
- if ((padLen = (unsigned int)padBuffer[7]) == 0 || padLen > 8)
- GENERATE_BREAK (BE_INPUT_DATA);
- for (i = 8 - padLen; i < 8; i++) {
- if ((unsigned int)padBuffer[i] != padLen)
- GENERATE_BREAK (BE_INPUT_DATA);
- }
-
- if ((*partOutLen = localPartOutLen - padLen) > maxPartOutLen)
- GENERATE_BREAK (BE_OUTPUT_LEN);
-
- T_memcpy
- ((POINTER)partOut, (POINTER)finalBuffer, *partOutLen);
- } while (0);
-
- T_memset ((POINTER)finalBuffer, 0, sizeof (finalBuffer));
- return (status);
-}
-
+++ /dev/null
-/* Copyright (C) RSA Data Security, Inc. created 1993, 1996. This is an
- unpublished work protected as such under copyright law. This work
- contains proprietary, confidential, and trade secret information of
- RSA Data Security, Inc. Use, disclosure or reproduction without the
- express written authorization of RSA Data Security, Inc. is
- prohibited.
- */
-
-#ifndef _AHCBCPAD_H_
-#define _AHCBCPAD_H_
-
-#include "ahchencr.h"
-
-typedef struct AHSecretCBCPad {
- AHChooseEncryptDecrypt chooseEncryptDecrypt; /* base class */
-
- unsigned int _inputRemainder; /* Used for encrypt to compute pad length */
-} AHSecretCBCPad;
-
-AHSecretCBCPad *AHSecretCBCPadConstructor2 PROTO_LIST
- ((AHSecretCBCPad *, struct B_AlgorithmInfoType *, POINTER));
-
-int AHSecretCBCPadEncryptInit PROTO_LIST
- ((THIS_ENCRYPT_DECRYPT *, B_Key *, B_ALGORITHM_CHOOSER,
- A_SURRENDER_CTX *));
-int AHSecretCBCPadEncryptUpdate PROTO_LIST
- ((THIS_ENCRYPT_DECRYPT *, unsigned char *, unsigned int *,
- unsigned int, const unsigned char *, unsigned int, B_Algorithm *,
- A_SURRENDER_CTX *));
-int AHSecretCBCPadEncryptFinal PROTO_LIST
- ((THIS_ENCRYPT_DECRYPT *, unsigned char *, unsigned int *,
- unsigned int, B_Algorithm *, A_SURRENDER_CTX *));
-int AHSecretCBCPadDecryptFinal PROTO_LIST
- ((THIS_ENCRYPT_DECRYPT *, unsigned char *, unsigned int *,
- unsigned int, B_Algorithm *, A_SURRENDER_CTX *));
-
-#endif
+++ /dev/null
-/* Copyright (C) RSA Data Security, Inc. created 1993, 1996. This is an
- unpublished work protected as such under copyright law. This work
- contains proprietary, confidential, and trade secret information of
- RSA Data Security, Inc. Use, disclosure or reproduction without the
- express written authorization of RSA Data Security, Inc. is
- prohibited.
- */
-
-/* Define this so that the type of the 'this' pointer in the
- virtual functions will be correct for this derived class.
- */
-struct AHChooseDigest;
-#define THIS_DIGEST struct AHChooseDigest
-
-#include "port_before.h"
-#include "global.h"
-#include "algae.h"
-#include "bsafe2.h"
-#include "bkey.h"
-#include "balg.h"
-#include "balgmeth.h"
-#include "ahchdig.h"
-#include "amdigest.h"
-#include "port_after.h"
-
-static int InitDigestAlga PROTO_LIST
- ((AlgaChoice *, POINTER, B_ALGORITHM_METHOD *, A_SURRENDER_CTX *));
-
-static AHDigestVTable V_TABLE = {
- AHChooseDigestDestructor, AHChooseDigestInit, AHChooseDigestUpdate,
- AHChooseDigestFinal
-};
-
-AHChooseDigest *AHChooseDigestConstructor2 (handler, infoType, info)
-AHChooseDigest *handler;
-struct B_AlgorithmInfoType *infoType;
-POINTER info;
-{
- if (handler == (AHChooseDigest *)NULL_PTR) {
- /* This constructor is being used to do a new */
- if ((handler = (AHChooseDigest *)T_malloc (sizeof (*handler)))
- == (AHChooseDigest *)NULL_PTR)
- return (handler);
- }
-
- /* Construct base class */
- AHDigestConstructor (&handler->digest);
-
- ALGA_CHOICE_Constructor (&handler->algaChoice, InitDigestAlga);
- handler->algaChoice._algorithmInfoType = infoType;
- handler->algaChoice._algorithmInfo = info;
-
- handler->digest.vTable = &V_TABLE;
-
- return (handler);
-}
-
-void AHChooseDigestDestructor (handler)
-AHChooseDigest *handler;
-{
- ALGA_CHOICE_Destructor (&handler->algaChoice);
- /* There is no desructor to call for the base class. */
-}
-
-int AHChooseDigestInit (handler, key, chooser, surrenderContext)
-AHChooseDigest *handler;
-B_Key *key;
-B_ALGORITHM_CHOOSER chooser;
-A_SURRENDER_CTX *surrenderContext;
-{
- return (AlgaChoiceChoose
- (&handler->algaChoice, 0, key, chooser, surrenderContext));
-}
-
-int AHChooseDigestUpdate (handler, partIn, partInLen, surrenderContext)
-AHChooseDigest *handler;
-const unsigned char *partIn;
-unsigned int partInLen;
-A_SURRENDER_CTX *surrenderContext;
-{
- int status;
-
- if ((status = (*((A_DIGEST_ALGA *)handler->algaChoice._alga)->Update)
- (handler->algaChoice.context.z.context, partIn, partInLen,
- surrenderContext)) != 0)
- return (ConvertAlgaeError (status));
- return (0);
-}
-
-int AHChooseDigestFinal
- (handler, partOut, partOutLen, maxPartOutLen, surrenderContext)
-AHChooseDigest *handler;
-unsigned char *partOut;
-unsigned int *partOutLen;
-unsigned int maxPartOutLen;
-A_SURRENDER_CTX *surrenderContext;
-{
- int status;
-
- if ((status = (*((A_DIGEST_ALGA *)handler->algaChoice._alga)->Final)
- (handler->algaChoice.context.z.context, partOut, partOutLen,
- maxPartOutLen, surrenderContext)) != 0)
- return (ConvertAlgaeError (status));
- return (0);
-}
-
-static int InitDigestAlga
- (algaChoice, keyInfo, algorithmMethod, surrenderContext)
-AlgaChoice *algaChoice;
-POINTER keyInfo;
-B_ALGORITHM_METHOD *algorithmMethod;
-A_SURRENDER_CTX *surrenderContext;
-{
- int status;
- unsigned int contextSize;
-
-UNUSED_ARG (keyInfo)
- if ((status = (*((A_DIGEST_ALGA *)algorithmMethod->alga)->Query)
- (&contextSize, algaChoice->_algorithmInfo)) != 0)
- return (ConvertAlgaeError (status));
-
- if ((status = ResizeContextMakeNewContext
- (&algaChoice->context, contextSize)) != 0)
- return (status);
-
- if ((status = (*((A_DIGEST_ALGA *)algorithmMethod->alga)->Init)
- (algaChoice->context.z.context, algaChoice->_algorithmInfo,
- surrenderContext)) != 0)
- return (ConvertAlgaeError (status));
-
- return (0);
-}
+++ /dev/null
-/* Copyright (C) RSA Data Security, Inc. created 1993, 1996. This is an
- unpublished work protected as such under copyright law. This work
- contains proprietary, confidential, and trade secret information of
- RSA Data Security, Inc. Use, disclosure or reproduction without the
- express written authorization of RSA Data Security, Inc. is
- prohibited.
- */
-
-#ifndef _AHCHDIG_H_
-#define _AHCHDIG_H_ 1
-
-#include "ahdigest.h"
-#include "algchoic.h"
-
-typedef struct AHChooseDigest {
- AHDigest digest; /* base class */
- AlgaChoice algaChoice;
-} AHChooseDigest;
-
-AHChooseDigest *AHChooseDigestConstructor2 PROTO_LIST
- ((AHChooseDigest *, struct B_AlgorithmInfoType *, POINTER));
-void AHChooseDigestDestructor PROTO_LIST ((THIS_DIGEST *));
-
-int AHChooseDigestInit PROTO_LIST
- ((THIS_DIGEST *, B_Key *, B_ALGORITHM_CHOOSER, A_SURRENDER_CTX *));
-int AHChooseDigestUpdate PROTO_LIST
- ((THIS_DIGEST *, const unsigned char *, unsigned int, A_SURRENDER_CTX *));
-int AHChooseDigestFinal PROTO_LIST
- ((THIS_DIGEST *, unsigned char *, unsigned int *, unsigned int,
- A_SURRENDER_CTX *));
-
-#endif
+++ /dev/null
-/* Copyright (C) RSA Data Security, Inc. created 1993, 1996. This is an
- unpublished work protected as such under copyright law. This work
- contains proprietary, confidential, and trade secret information of
- RSA Data Security, Inc. Use, disclosure or reproduction without the
- express written authorization of RSA Data Security, Inc. is
- prohibited.
- */
-
-/* Define this so that the type of the 'this' pointer in the
- virtual functions will be correct for this derived class.
- */
-struct AHChooseEncryptDecrypt;
-#define THIS_ENCRYPT_DECRYPT struct AHChooseEncryptDecrypt
-
-#include "port_before.h"
-#include "global.h"
-#include "algae.h"
-#include "bsafe2.h"
-#include "bkey.h"
-#include "balg.h"
-#include "balgmeth.h"
-#include "ahchencr.h"
-#include "amencdec.h"
-#include "port_after.h"
-
-static int InitEncryptDecryptAlga PROTO_LIST
- ((AlgaChoice *, POINTER, B_ALGORITHM_METHOD *, A_SURRENDER_CTX *));
-
-static AHEncryptDecryptVTable V_TABLE = {
- AHChooseEncryptDestructor, AHChooseEncryptGetBlockLen,
- AHChooseEncryptEncryptInit, AHChooseEncryptDecryptInit,
- AHChooseEncryptEncryptUpdate, AHChooseEncryptDecryptUpdate,
- AHChooseEncryptEncryptFinal, AHChooseEncryptDecryptFinal
-};
-
-/* In C++:
-AHChooseEncryptDecrypt::AHChooseEncryptDecrypt
- (B_AlgorithmInfoType *infoType, POINTER info)
- : algaChoice (InitEncryptDecryptAlga)
-{
- algaChoice.setAlgorithmInfoType (infoType);
- algaChoice.setAlgorithmInfo (info);
-}
- */
-AHChooseEncryptDecrypt *AHChooseEncryptConstructor2 (handler, infoType, info)
-AHChooseEncryptDecrypt *handler;
-struct B_AlgorithmInfoType *infoType;
-POINTER info;
-{
- if (handler == (AHChooseEncryptDecrypt *)NULL_PTR) {
- /* This constructor is being used to do a new */
- if ((handler = (AHChooseEncryptDecrypt *)T_malloc (sizeof (*handler)))
- == (AHChooseEncryptDecrypt *)NULL_PTR)
- return (handler);
- }
-
- /* Construct base class */
- AHEncryptDecryptConstructor (&handler->encryptDecrypt);
-
- ALGA_CHOICE_Constructor (&handler->algaChoice, InitEncryptDecryptAlga);
- handler->algaChoice._algorithmInfoType = infoType;
- handler->algaChoice._algorithmInfo = info;
-
- handler->encryptDecrypt.vTable = &V_TABLE;
-
- return (handler);
-}
-
-void AHChooseEncryptDestructor (handler)
-AHChooseEncryptDecrypt *handler;
-{
- ALGA_CHOICE_Destructor (&handler->algaChoice);
- /* There is no desructor to call for the base class. */
-}
-
-int AHChooseEncryptGetBlockLen (handler, blockLen)
-AHChooseEncryptDecrypt *handler;
-unsigned int *blockLen;
-{
- int status;
-
- if ((status = (*((A_ENCRYPT_DECRYPT_ALGA *)handler->algaChoice._alga)->
- GetBlockLen)
- (handler->algaChoice.context.z.context, blockLen)) != 0)
- return (ConvertAlgaeError (status));
- return (0);
-}
-
-/* In C++:
-int AHChooseEncryptDecrypt::encryptInit
- (B_Key *key, B_ALGORITHM_CHOOSER chooser, A_SURRENDER_CTX *surrenderContext)
-{
- return (algaChoice.choose (1, key, chooser, surrenderContext));
-}
- */
-int AHChooseEncryptEncryptInit (handler, key, chooser, surrenderContext)
-AHChooseEncryptDecrypt *handler;
-B_Key *key;
-B_ALGORITHM_CHOOSER chooser;
-A_SURRENDER_CTX *surrenderContext;
-{
- return (AlgaChoiceChoose
- (&handler->algaChoice, 1, key, chooser, surrenderContext));
-}
-
-int AHChooseEncryptDecryptInit (handler, key, chooser, surrenderContext)
-AHChooseEncryptDecrypt *handler;
-B_Key *key;
-B_ALGORITHM_CHOOSER chooser;
-A_SURRENDER_CTX *surrenderContext;
-{
- return (AlgaChoiceChoose
- (&handler->algaChoice, 0, key, chooser, surrenderContext));
-}
-
-/* In C++:
-int AHChooseEncryptDecrypt::encryptUpdate
- (unsigned char *partOut, unsigned int *partOutLen,
- unsigned int maxPartOutLen, unsigned char *partIn, unsigned int partInLen,
- B_Algorithm *randomAlgorithm, A_SURRENDER_CTX *surrenderContext)
-{
- int status;
-
- if ((status = (*((A_ENCRYPT_DECRYPT_ALGA *)algaChoice.alga ()) ->Update)
- (algaChoice.context (), partOut, partOutLen, maxPartOutLen,
- partIn, partInLen, surrenderContext)) != 0)
- return (ConvertAlgaeError (status));
- return (0);
-}
- */
-int AHChooseEncryptEncryptUpdate
- (handler, partOut, partOutLen, maxPartOutLen, partIn, partInLen,
- randomAlgorithm, surrenderContext)
-AHChooseEncryptDecrypt *handler;
-unsigned char *partOut;
-unsigned int *partOutLen;
-unsigned int maxPartOutLen;
-const unsigned char *partIn;
-unsigned int partInLen;
-B_Algorithm *randomAlgorithm;
-A_SURRENDER_CTX *surrenderContext;
-{
- int status;
-
-UNUSED_ARG (randomAlgorithm)
-
- if ((status = (*((A_ENCRYPT_DECRYPT_ALGA *)handler->algaChoice._alga)->
- Update)
- (handler->algaChoice.context.z.context, partOut, partOutLen,
- maxPartOutLen, partIn, partInLen, surrenderContext)) != 0)
- return (ConvertAlgaeError (status));
- return (0);
-}
-
-int AHChooseEncryptDecryptUpdate
- (handler, partOut, partOutLen, maxPartOutLen, partIn, partInLen,
- randomAlgorithm, surrenderContext)
-AHChooseEncryptDecrypt *handler;
-unsigned char *partOut;
-unsigned int *partOutLen;
-unsigned int maxPartOutLen;
-const unsigned char *partIn;
-unsigned int partInLen;
-B_Algorithm *randomAlgorithm;
-A_SURRENDER_CTX *surrenderContext;
-{
- int status;
-
-UNUSED_ARG (randomAlgorithm)
-
- if ((status = (*((A_ENCRYPT_DECRYPT_ALGA *)handler->algaChoice._alga)->
- Update)
- (handler->algaChoice.context.z.context, partOut, partOutLen,
- maxPartOutLen, partIn, partInLen, surrenderContext)) != 0)
- return (ConvertAlgaeError (status));
- return (0);
-}
-
-int AHChooseEncryptEncryptFinal
- (handler, partOut, partOutLen, maxPartOutLen, randomAlgorithm,
- surrenderContext)
-AHChooseEncryptDecrypt *handler;
-unsigned char *partOut;
-unsigned int *partOutLen;
-unsigned int maxPartOutLen;
-B_Algorithm *randomAlgorithm;
-A_SURRENDER_CTX *surrenderContext;
-{
- int status;
-
-UNUSED_ARG (randomAlgorithm)
-
- if ((status = (*((A_ENCRYPT_DECRYPT_ALGA *)handler->algaChoice._alga)->Final)
- (handler->algaChoice.context.z.context, partOut, partOutLen,
- maxPartOutLen, surrenderContext)) != 0)
- return (ConvertAlgaeError (status));
- return (0);
-}
-
-int AHChooseEncryptDecryptFinal
- (handler, partOut, partOutLen, maxPartOutLen, randomAlgorithm,
- surrenderContext)
-AHChooseEncryptDecrypt *handler;
-unsigned char *partOut;
-unsigned int *partOutLen;
-unsigned int maxPartOutLen;
-B_Algorithm *randomAlgorithm;
-A_SURRENDER_CTX *surrenderContext;
-{
- int status;
-
-UNUSED_ARG (randomAlgorithm)
-
- if ((status = (*((A_ENCRYPT_DECRYPT_ALGA *)handler->algaChoice._alga)->Final)
- (handler->algaChoice.context.z.context, partOut, partOutLen,
- maxPartOutLen, surrenderContext)) != 0)
- return (ConvertAlgaeError (status));
- return (0);
-}
-
-/* In C++:
-static int InitEncryptDecryptAlga
- (AlgaChoice *algaChoice, POINTER keyInfo, POINTER alga,
- A_SURRENDER_CTX *surrenderContext)
-{
- int status;
- unsigned int contextSize;
-
- if ((status = (*((A_ENCRYPT_DECRYPT_ALGA *)alga)->Query)
- (&contextSize, keyInfo, algaChoice->algorithmInfo ())) != 0)
- return (ConvertAlgaeError (status));
-
- if ((status = algaChoice->makeNewContext (contextSize)) != 0)
- return (status);
-
- if ((status = (*((A_ENCRYPT_DECRYPT_ALGA *)alga)->Init)
- (algaChoice->context (), keyInfo, algaChoice->algorithmInfo (),
- surrenderContext)) != 0)
- return (ConvertAlgaeError (status));
-
- return (0);
-}
- */
-static int InitEncryptDecryptAlga
- (algaChoice, keyInfo, algorithmMethod, surrenderContext)
-AlgaChoice *algaChoice;
-POINTER keyInfo;
-B_ALGORITHM_METHOD *algorithmMethod;
-A_SURRENDER_CTX *surrenderContext;
-{
- int status;
- unsigned int contextSize;
-
- if ((status = (*((A_ENCRYPT_DECRYPT_ALGA *)algorithmMethod->alga)->Query)
- (&contextSize, keyInfo, algaChoice->_algorithmInfo)) != 0)
- return (ConvertAlgaeError (status));
-
- if ((status = ResizeContextMakeNewContext
- (&algaChoice->context, contextSize)) != 0)
- return (status);
-
- if ((status = (*((A_ENCRYPT_DECRYPT_ALGA *)algorithmMethod->alga)->Init)
- (algaChoice->context.z.context, keyInfo, algaChoice->_algorithmInfo,
- surrenderContext)) != 0)
- return (ConvertAlgaeError (status));
-
- return (0);
-}
+++ /dev/null
-/* Copyright (C) RSA Data Security, Inc. created 1993, 1996. This is an
- unpublished work protected as such under copyright law. This work
- contains proprietary, confidential, and trade secret information of
- RSA Data Security, Inc. Use, disclosure or reproduction without the
- express written authorization of RSA Data Security, Inc. is
- prohibited.
- */
-
-#ifndef _AHCHENCR_H_
-#define _AHCHENCR_H_ 1
-
-#include "ahencryp.h"
-#include "algchoic.h"
-
-/* In C++:
-class AHChooseEncryptDecrypt : public AHEncryptDecrypt {
-public:
- AHChooseEncryptDecrypt (B_AlgorithmInfoType *, POINTER);
- virtual ~AHChooseEncryptDecrypt () {};
-
- virtual int getBlockLen (unsigned int *);
- virtual int encryptInit (B_Key *, B_ALGORITHM_CHOOSER, A_SURRENDER_CTX *);
- virtual int decryptInit (B_Key *, B_ALGORITHM_CHOOSER, A_SURRENDER_CTX *);
- virtual int encryptUpdate
- (unsigned char *, unsigned int *, unsigned int, unsigned char *,
- unsigned int, B_Algorithm *, A_SURRENDER_CTX *);
- virtual int decryptUpdate
- (unsigned char *, unsigned int *, unsigned int, unsigned char *,
- unsigned int, B_Algorithm *, A_SURRENDER_CTX *);
- virtual int encryptFinal
- (unsigned char *, unsigned int *, unsigned int, B_Algorithm *,
- A_SURRENDER_CTX *);
- virtual int decryptFinal
- (unsigned char *, unsigned int *, unsigned int, B_Algorithm *,
- A_SURRENDER_CTX *);
-
-private:
- AlgaChoice algaChoice;
-};
- */
-
-typedef struct AHChooseEncryptDecrypt {
- AHEncryptDecrypt encryptDecrypt; /* base class */
- AlgaChoice algaChoice;
-} AHChooseEncryptDecrypt;
-
-AHChooseEncryptDecrypt *AHChooseEncryptConstructor2 PROTO_LIST
- ((AHChooseEncryptDecrypt *, struct B_AlgorithmInfoType *, POINTER));
-void AHChooseEncryptDestructor PROTO_LIST ((THIS_ENCRYPT_DECRYPT *));
-
-int AHChooseEncryptGetBlockLen PROTO_LIST
- ((THIS_ENCRYPT_DECRYPT *, unsigned int *));
-int AHChooseEncryptEncryptInit PROTO_LIST
- ((THIS_ENCRYPT_DECRYPT *, B_Key *, B_ALGORITHM_CHOOSER,
- A_SURRENDER_CTX *));
-int AHChooseEncryptDecryptInit PROTO_LIST
- ((THIS_ENCRYPT_DECRYPT *, B_Key *, B_ALGORITHM_CHOOSER,
- A_SURRENDER_CTX *));
-int AHChooseEncryptEncryptUpdate PROTO_LIST
- ((THIS_ENCRYPT_DECRYPT *, unsigned char *, unsigned int *,
- unsigned int, const unsigned char *, unsigned int, B_Algorithm *,
- A_SURRENDER_CTX *));
-int AHChooseEncryptDecryptUpdate PROTO_LIST
- ((THIS_ENCRYPT_DECRYPT *, unsigned char *, unsigned int *,
- unsigned int, const unsigned char *, unsigned int, B_Algorithm *,
- A_SURRENDER_CTX *));
-int AHChooseEncryptEncryptFinal PROTO_LIST
- ((THIS_ENCRYPT_DECRYPT *, unsigned char *, unsigned int *,
- unsigned int, B_Algorithm *, A_SURRENDER_CTX *));
-int AHChooseEncryptDecryptFinal PROTO_LIST
- ((THIS_ENCRYPT_DECRYPT *, unsigned char *, unsigned int *,
- unsigned int, B_Algorithm *, A_SURRENDER_CTX *));
-
-#endif
+++ /dev/null
-/* Copyright (C) RSA Data Security, Inc. created 1993, 1996. This is an
- unpublished work protected as such under copyright law. This work
- contains proprietary, confidential, and trade secret information of
- RSA Data Security, Inc. Use, disclosure or reproduction without the
- express written authorization of RSA Data Security, Inc. is
- prohibited.
- */
-
-/* Define this so that the type of the 'this' pointer in the
- virtual functions will be correct for this derived class.
- */
-struct AHChooseGenerate;
-#define THIS_GENERATE struct AHChooseGenerate
-
-/* Define this so that the type of the AlgaChoice pointer in the
- INIT_ALGA functions will be correct for this derived class.
- */
-struct GenerateAlgaChoice;
-#define THIS_ALGA_CHOICE struct GenerateAlgaChoice
-
-#include "port_before.h"
-#include "global.h"
-#include "algae.h"
-#include "bsafe2.h"
-#include "bkey.h"
-#include "balg.h"
-#include "balgmeth.h"
-#include "ahchgen.h"
-#include "amgen.h"
-#include "port_after.h"
-
-static int InitGenerateAlga PROTO_LIST
- ((GenerateAlgaChoice *, POINTER, B_ALGORITHM_METHOD *, A_SURRENDER_CTX *));
-static int GenerateResult PROTO_LIST
- ((GenerateAlgaChoice *, POINTER *, B_Algorithm *, A_SURRENDER_CTX *));
-
-static AHGenerateVTable V_TABLE = {
- AHChooseGenerateDestructor, AHChooseGenerateInit, AHChooseGenerateKeypair,
- AHChooseGenerateParameters
-};
-
-AHChooseGenerate *AHChooseGenerateConstructor2 (handler, infoType, info)
-AHChooseGenerate *handler;
-struct B_AlgorithmInfoType *infoType;
-POINTER info;
-{
- if (handler == (AHChooseGenerate *)NULL_PTR) {
- /* This constructor is being used to do a new */
- if ((handler = (AHChooseGenerate *)T_malloc (sizeof (*handler)))
- == (AHChooseGenerate *)NULL_PTR)
- return (handler);
- }
-
- /* Construct base class */
- AHGenerateConstructor (&handler->generate);
-
- ALGA_CHOICE_Constructor
- (&handler->generateAlgaChoice.algaChoice, InitGenerateAlga);
- ResizeContextConstructor (&handler->generateAlgaChoice.secondContext);
- ResizeContextConstructor (&handler->generateAlgaChoice.randomBlock);
-
- /* Set algaChoice.
- */
- handler->generateAlgaChoice.algaChoice._algorithmInfoType = infoType;
- handler->generateAlgaChoice.algaChoice._algorithmInfo = info;
-
- handler->generate.vTable = &V_TABLE;
-
- return (handler);
-}
-
-void AHChooseGenerateDestructor (handler)
-AHChooseGenerate *handler;
-{
- ResizeContextDestructor (&handler->generateAlgaChoice.secondContext);
- ResizeContextDestructor (&handler->generateAlgaChoice.randomBlock);
- ALGA_CHOICE_Destructor (&handler->generateAlgaChoice.algaChoice);
- /* There is no desructor to call for the base class. */
-}
-
-int AHChooseGenerateInit (handler, chooser, surrenderContext)
-AHChooseGenerate *handler;
-B_ALGORITHM_CHOOSER chooser;
-A_SURRENDER_CTX *surrenderContext;
-{
- return (AlgaChoiceChoose
- (&handler->generateAlgaChoice.algaChoice, 0, (B_Key *)NULL_PTR,
- chooser, surrenderContext));
-}
-
-int AHChooseGenerateKeypair
- (handler, publicKey, privateKey, randomAlgorithm, surrenderContext)
-AHChooseGenerate *handler;
-B_Key *publicKey;
-B_Key *privateKey;
-B_Algorithm *randomAlgorithm;
-A_SURRENDER_CTX *surrenderContext;
-{
- POINTER result;
- int status;
-
- if ((status = GenerateResult
- (&handler->generateAlgaChoice, &result, randomAlgorithm,
- surrenderContext)) != 0)
- return (status);
- if ((status = B_KeySetInfo
- (publicKey, handler->generateAlgaChoice._resultInfoType, result)) != 0)
- return (status);
- return (B_KeySetInfo
- (privateKey, handler->generateAlgaChoice._resultInfoType, result));
-}
-
-int AHChooseGenerateParameters
- (handler, resultAlgorithm, randomAlgorithm, surrenderContext)
-AHChooseGenerate *handler;
-B_Algorithm *resultAlgorithm;
-B_Algorithm *randomAlgorithm;
-A_SURRENDER_CTX *surrenderContext;
-{
- POINTER result;
- int status;
-
- if ((status = GenerateResult
- (&handler->generateAlgaChoice, &result, randomAlgorithm,
- surrenderContext)) != 0)
- return (status);
-
- /* Force the resultInfoType into a B_AlgorithmInfoType since it is
- supplied in the chooser as a B_KeyInfoType. */
- return (B_AlgorithmSetInfo
- (resultAlgorithm, (struct B_AlgorithmInfoType *)
- handler->generateAlgaChoice._resultInfoType, result));
-}
-
-static int InitGenerateAlga
- (generateAlgaChoice, keyInfo, algorithmMethod, surrenderContext)
-GenerateAlgaChoice *generateAlgaChoice;
-POINTER keyInfo;
-B_ALGORITHM_METHOD *algorithmMethod;
-A_SURRENDER_CTX *surrenderContext;
-{
- int status;
- unsigned int contextSize, secondContextSize;
-
-UNUSED_ARG (keyInfo)
- /* Note that this also gets the resultInfoType which will be used later
- by GenerateResult. */
- if ((status = (*((A_GENERATE_ALGA *)algorithmMethod->alga)->Query)
- (&contextSize, &secondContextSize, &generateAlgaChoice->_randomBlockLen,
- &generateAlgaChoice->_resultInfoType,
- generateAlgaChoice->algaChoice._algorithmInfo)) != 0)
- return (ConvertAlgaeError (status));
-
- /* Create the context.
- */
- if ((status = ResizeContextMakeNewContext
- (&generateAlgaChoice->algaChoice.context, contextSize)) != 0)
- return (status);
-
- /* Create the second context which is only passed during Init, but
- must persist for all operations. */
- if ((status = ResizeContextMakeNewContext
- (&generateAlgaChoice->secondContext, secondContextSize)) != 0)
- return (status);
-
- /* Create randomBlock which will be filled in during GenerateResult. */
- if ((status = ResizeContextMakeNewContext
- (&generateAlgaChoice->randomBlock, generateAlgaChoice->_randomBlockLen))
- != 0)
- return (status);
-
- if ((status = (*((A_GENERATE_ALGA *)algorithmMethod->alga)->Init)
- (generateAlgaChoice->algaChoice.context.z.context,
- generateAlgaChoice->secondContext.z.context,
- generateAlgaChoice->algaChoice._algorithmInfo, surrenderContext)) != 0)
- return (ConvertAlgaeError (status));
-
- return (0);
-}
-
-/* Call the generate procedure repeatedly with a new random block
- until it succeeds.
- */
-static int GenerateResult
- (generateAlgaChoice, result, randomAlgorithm, surrenderContext)
-GenerateAlgaChoice *generateAlgaChoice;
-POINTER *result;
-B_Algorithm *randomAlgorithm;
-A_SURRENDER_CTX *surrenderContext;
-{
- int status;
-
- /* Fill in the random block and try generating as long as the
- the generate operation returns BE_NEED_RANDOM.
- */
- while (1) {
- if ((status = B_AlgorithmGenerateRandomBytes
- (randomAlgorithm,
- (unsigned char *)generateAlgaChoice->randomBlock.z.context,
- generateAlgaChoice->_randomBlockLen, surrenderContext)) != 0)
- return (status);
-
- if ((status = (*((A_GENERATE_ALGA *)
- generateAlgaChoice->algaChoice._alga)->Generate)
- (generateAlgaChoice->algaChoice.context.z.context, result,
- (unsigned char *)generateAlgaChoice->randomBlock.z.context,
- surrenderContext)) != 0) {
- if (status != AE_NEED_RANDOM)
- return (ConvertAlgaeError (status));
-
- /* Else continue and try again */
- }
- else
- /* Success, so return */
- return (0);
- }
-}
-
+++ /dev/null
-/* Copyright (C) RSA Data Security, Inc. created 1993, 1996. This is an
- unpublished work protected as such under copyright law. This work
- contains proprietary, confidential, and trade secret information of
- RSA Data Security, Inc. Use, disclosure or reproduction without the
- express written authorization of RSA Data Security, Inc. is
- prohibited.
- */
-
-#ifndef _AHCHGEN_H_
-#define _AHCHGEN_H_ 1
-
-#include "ahgen.h"
-#include "algchoic.h"
-
-/* Make a new class derived from an AlgaChoice which records the
- result algorithm info type and needed randomBlockLen.
- */
-typedef struct GenerateAlgaChoice {
- AlgaChoice algaChoice; /* base class */
-
- struct B_KeyInfoType *_resultInfoType;
- ResizeContext secondContext; /* used for scratch */
- ResizeContext randomBlock;
- unsigned int _randomBlockLen;
-} GenerateAlgaChoice;
-
-typedef struct AHChooseGenerate {
- AHGenerate generate; /* base class */
-
- GenerateAlgaChoice generateAlgaChoice;
-} AHChooseGenerate;
-
-AHChooseGenerate *AHChooseGenerateConstructor2 PROTO_LIST
- ((AHChooseGenerate *, struct B_AlgorithmInfoType *, POINTER));
-void AHChooseGenerateDestructor PROTO_LIST ((THIS_GENERATE *));
-
-int AHChooseGenerateInit PROTO_LIST
- ((THIS_GENERATE *, B_ALGORITHM_CHOOSER, A_SURRENDER_CTX *));
-int AHChooseGenerateKeypair PROTO_LIST
- ((THIS_GENERATE *, B_Key *, B_Key *, B_Algorithm *, A_SURRENDER_CTX *));
-int AHChooseGenerateParameters PROTO_LIST
- ((THIS_GENERATE *, B_Algorithm *, B_Algorithm *, A_SURRENDER_CTX *));
-
-#endif
+++ /dev/null
-/* Copyright (C) RSA Data Security, Inc. created 1993, 1996. This is an
- unpublished work protected as such under copyright law. This work
- contains proprietary, confidential, and trade secret information of
- RSA Data Security, Inc. Use, disclosure or reproduction without the
- express written authorization of RSA Data Security, Inc. is
- prohibited.
- */
-
-/* Define this so that the type of the 'this' pointer in the
- virtual functions will be correct for this derived class.
- */
-struct AHChooseRandom;
-#define THIS_RANDOM struct AHChooseRandom
-
-#include "port_before.h"
-#include "global.h"
-#include "algae.h"
-#include "bsafe2.h"
-#include "bkey.h"
-#include "balg.h"
-#include "balgmeth.h"
-#include "ahchrand.h"
-#include "amrandom.h"
-#include "port_after.h"
-
-static int InitRandomAlga PROTO_LIST
- ((AlgaChoice *, POINTER, B_ALGORITHM_METHOD *, A_SURRENDER_CTX *));
-
-static AHRandomVTable V_TABLE = {
- AHChooseRandomDestructor, AHChooseRandomInit, AHChooseRandomUpdate,
- AHChooseRandomGenerateBytes
-};
-
-AHChooseRandom *AHChooseRandomConstructor2 (handler, infoType, info)
-AHChooseRandom *handler;
-struct B_AlgorithmInfoType *infoType;
-POINTER info;
-{
- if (handler == (AHChooseRandom *)NULL_PTR) {
- /* This constructor is being used to do a new */
- if ((handler = (AHChooseRandom *)T_malloc (sizeof (*handler)))
- == (AHChooseRandom *)NULL_PTR)
- return (handler);
- }
-
- /* Construct base class */
- AHRandomConstructor (&handler->random);
-
- ALGA_CHOICE_Constructor (&handler->algaChoice, InitRandomAlga);
- handler->algaChoice._algorithmInfoType = infoType;
- handler->algaChoice._algorithmInfo = info;
-
- handler->random.vTable = &V_TABLE;
-
- return (handler);
-}
-
-void AHChooseRandomDestructor (handler)
-AHChooseRandom *handler;
-{
- ALGA_CHOICE_Destructor (&handler->algaChoice);
- /* There is no desructor to call for the base class. */
-}
-
-int AHChooseRandomInit (handler, chooser, surrenderContext)
-AHChooseRandom *handler;
-B_ALGORITHM_CHOOSER chooser;
-A_SURRENDER_CTX *surrenderContext;
-{
- return (AlgaChoiceChoose
- (&handler->algaChoice, 0, (B_Key *)NULL_PTR, chooser,
- surrenderContext));
-}
-
-int AHChooseRandomUpdate (handler, input, inputLen, surrenderContext)
-AHChooseRandom *handler;
-unsigned char *input;
-unsigned int inputLen;
-A_SURRENDER_CTX *surrenderContext;
-{
- int status;
-
- if ((status = (*((A_RANDOM_ALGA *)handler->algaChoice._alga)->Update)
- (handler->algaChoice.context.z.context, input, inputLen,
- surrenderContext)) != 0)
- return (ConvertAlgaeError (status));
- return (0);
-}
-
-int AHChooseRandomGenerateBytes (handler, output, outputLen, surrenderContext)
-AHChooseRandom *handler;
-unsigned char *output;
-unsigned int outputLen;
-A_SURRENDER_CTX *surrenderContext;
-{
- int status;
-
- if ((status = (*((A_RANDOM_ALGA *)handler->algaChoice._alga)->Generate)
- (handler->algaChoice.context.z.context, output, outputLen,
- surrenderContext)) != 0)
- return (ConvertAlgaeError (status));
- return (0);
-}
-
-static int InitRandomAlga
- (algaChoice, keyInfo, algorithmMethod, surrenderContext)
-AlgaChoice *algaChoice;
-POINTER keyInfo;
-B_ALGORITHM_METHOD *algorithmMethod;
-A_SURRENDER_CTX *surrenderContext;
-{
- int status;
- unsigned int contextSize;
-
-UNUSED_ARG (keyInfo)
- if ((status = (*((A_RANDOM_ALGA *)algorithmMethod->alga)->Query)
- (&contextSize, algaChoice->_algorithmInfo)) != 0)
- return (ConvertAlgaeError (status));
-
- if ((status = ResizeContextMakeNewContext
- (&algaChoice->context, contextSize)) != 0)
- return (status);
-
- if ((status = (*((A_RANDOM_ALGA *)algorithmMethod->alga)->Init)
- (algaChoice->context.z.context, algaChoice->_algorithmInfo,
- surrenderContext)) != 0)
- return (ConvertAlgaeError (status));
-
- return (0);
-}
+++ /dev/null
-/* Copyright (C) RSA Data Security, Inc. created 1993, 1996. This is an
- unpublished work protected as such under copyright law. This work
- contains proprietary, confidential, and trade secret information of
- RSA Data Security, Inc. Use, disclosure or reproduction without the
- express written authorization of RSA Data Security, Inc. is
- prohibited.
- */
-
-#ifndef _AHCHRAND_H_
-#define _AHCHRAND_H_ 1
-
-#include "ahrandom.h"
-#include "algchoic.h"
-
-typedef struct AHChooseRandom {
- AHRandom random; /* base class */
- AlgaChoice algaChoice;
-} AHChooseRandom;
-
-AHChooseRandom *AHChooseRandomConstructor2 PROTO_LIST
- ((AHChooseRandom *, struct B_AlgorithmInfoType *, POINTER));
-void AHChooseRandomDestructor PROTO_LIST ((THIS_RANDOM *));
-
-int AHChooseRandomInit PROTO_LIST
- ((THIS_RANDOM *, B_ALGORITHM_CHOOSER, A_SURRENDER_CTX *));
-int AHChooseRandomUpdate PROTO_LIST
- ((THIS_RANDOM *, unsigned char *, unsigned int, A_SURRENDER_CTX *));
-int AHChooseRandomGenerateBytes PROTO_LIST
- ((THIS_RANDOM *, unsigned char *, unsigned int, A_SURRENDER_CTX *));
-
-#endif
+++ /dev/null
-/* Copyright (C) RSA Data Security, Inc. created 1990, 1996. This is an
- unpublished work protected as such under copyright law. This work
- contains proprietary, confidential, and trade secret information of
- RSA Data Security, Inc. Use, disclosure or reproduction without the
- express written authorization of RSA Data Security, Inc. is
- prohibited.
- */
-
-#include "port_before.h"
-#include "global.h"
-#include "bsafe2.h"
-#include "bkey.h"
-#include "balg.h"
-#include "ahdigest.h"
-#include "port_after.h"
-
-static void TypedAHDigestDestructor PROTO_LIST ((B_TypeCheck *));
-
-void AHDigestConstructor (handler)
-AHDigest *handler;
-{
- /* Construct base class, setting type tag. */
- B_TYPE_CHECK_Constructor
- (&handler->typeCheck, TypedAHDigestDestructor);
-
- /* Don't set vTable since this is a pure virtual base class. */
-}
-
-int B_AlgorithmDigestInit
- (algorithm, key, algorithmChooser, surrenderContext)
-B_Algorithm *algorithm;
-B_Key *key;
-B_ALGORITHM_CHOOSER algorithmChooser;
-A_SURRENDER_CTX *surrenderContext;
-{
- int status;
-
- if ((status = B_AlgorithmCheckType
- (algorithm, TypedAHDigestDestructor)) != 0)
- return (status);
-
- if ((status =
- (*((AHDigest *)algorithm->z.handler)->vTable->DigestInit)
- ((AHDigest *)algorithm->z.handler, key, algorithmChooser,
- surrenderContext)) != 0)
- return (status);
-
- algorithm->z.initFlag = 1;
- return (0);
-}
-
-int B_AlgorithmDigestUpdate (algorithm, partIn, partInLen, surrenderContext)
-B_Algorithm *algorithm;
-const unsigned char *partIn;
-unsigned int partInLen;
-A_SURRENDER_CTX *surrenderContext;
-{
- int status;
-
- if ((status = B_AlgorithmCheckTypeAndInitFlag
- (algorithm, TypedAHDigestDestructor)) != 0)
- return (status);
-
- return ((*((AHDigest *)algorithm->z.handler)->vTable->DigestUpdate)
- ((AHDigest *)algorithm->z.handler, partIn, partInLen,
- surrenderContext));
-}
-
-int B_AlgorithmDigestFinal
- (algorithm, partOut, partOutLen, maxPartOutLen, surrenderContext)
-B_Algorithm *algorithm;
-unsigned char *partOut;
-unsigned int *partOutLen;
-unsigned int maxPartOutLen;
-A_SURRENDER_CTX *surrenderContext;
-{
- int status;
-
- if ((status = B_AlgorithmCheckTypeAndInitFlag
- (algorithm, TypedAHDigestDestructor)) != 0)
- return (status);
-
- return ((*((AHDigest *)algorithm->z.handler)->vTable->DigestFinal)
- ((AHDigest *)algorithm->z.handler, partOut, partOutLen,
- maxPartOutLen, surrenderContext));
-}
-
-static void TypedAHDigestDestructor (typeCheck)
-B_TypeCheck *typeCheck;
-{
- (*((AHDigest *)typeCheck)->vTable->Destructor) ((AHDigest *)typeCheck);
-}
-
+++ /dev/null
-/* Copyright (C) RSA Data Security, Inc. created 1990, 1996. This is an
- unpublished work protected as such under copyright law. This work
- contains proprietary, confidential, and trade secret information of
- RSA Data Security, Inc. Use, disclosure or reproduction without the
- express written authorization of RSA Data Security, Inc. is
- prohibited.
- */
-
-#ifndef _AHDIGEST_H_
-#define _AHDIGEST_H_ 1
-
-#include "btypechk.h"
-
-/* Use the THIS_DIGEST macro to define the type of object in the
- virtual function prototype. It defaults to the most base class, but
- derived modules may define the macro to a more derived class before
- including this header file.
- */
-#ifndef THIS_DIGEST
-#define THIS_DIGEST struct AHDigest
-#endif
-
-struct AHDigest;
-
-typedef struct {
- void (*Destructor) PROTO_LIST ((THIS_DIGEST *));
- int (*DigestInit) PROTO_LIST
- ((THIS_DIGEST *, B_Key *, B_ALGORITHM_CHOOSER, A_SURRENDER_CTX *));
- int (*DigestUpdate) PROTO_LIST
- ((THIS_DIGEST *, const unsigned char *, unsigned int, A_SURRENDER_CTX *));
- int (*DigestFinal) PROTO_LIST
- ((THIS_DIGEST *, unsigned char *, unsigned int *, unsigned int,
- A_SURRENDER_CTX *));
-} AHDigestVTable;
-
-typedef struct AHDigest {
- B_TypeCheck typeCheck; /* inherited */
- AHDigestVTable *vTable; /* pure virtual */
-} AHDigest;
-
-/* The constructor does not set the vTable since this is a pure base class.
- */
-void AHDigestConstructor PROTO_LIST ((AHDigest *));
-/* No destructor because it is pure virtual. Also, do not call destructor
- for B_TypeCheck, since this will just re-invoke this virtual
- destructor. */
-
-#endif
+++ /dev/null
-/* Copyright (C) RSA Data Security, Inc. created 1993, 1996. This is an
- unpublished work protected as such under copyright law. This work
- contains proprietary, confidential, and trade secret information of
- RSA Data Security, Inc. Use, disclosure or reproduction without the
- express written authorization of RSA Data Security, Inc. is
- prohibited.
- */
-
-#include "port_before.h"
-#include "global.h"
-#include "bsafe2.h"
-#include "bkey.h"
-#include "balg.h"
-#include "ahencryp.h"
-#include "port_after.h"
-
-static void TypedAHEncryptDecryptDestructor PROTO_LIST ((B_TypeCheck *));
-
-void AHEncryptDecryptConstructor (handler)
-AHEncryptDecrypt *handler;
-{
- /* Construct base class, setting type tag. */
- B_TYPE_CHECK_Constructor
- (&handler->typeCheck, TypedAHEncryptDecryptDestructor);
-
- /* Don't set vTable since this is a pure virtual base class. */
-}
-
-int B_AlgorithmEncryptInit
- (algorithm, key, algorithmChooser, surrenderContext)
-B_Algorithm *algorithm;
-B_Key *key;
-B_ALGORITHM_CHOOSER algorithmChooser;
-A_SURRENDER_CTX *surrenderContext;
-{
- int status;
-
- if ((status = B_AlgorithmCheckType
- (algorithm, TypedAHEncryptDecryptDestructor)) != 0)
- return (status);
-
- if ((status =
- (*((AHEncryptDecrypt *)algorithm->z.handler)->vTable->EncryptInit)
- ((AHEncryptDecrypt *)algorithm->z.handler, key, algorithmChooser,
- surrenderContext)) != 0)
- return (status);
-
- algorithm->z.initFlag = 1;
- return (0);
-}
-
-int B_AlgorithmDecryptInit
- (algorithm, key, algorithmChooser, surrenderContext)
-B_Algorithm *algorithm;
-B_Key *key;
-B_ALGORITHM_CHOOSER algorithmChooser;
-A_SURRENDER_CTX *surrenderContext;
-{
- int status;
-
- if ((status = B_AlgorithmCheckType
- (algorithm, TypedAHEncryptDecryptDestructor)) != 0)
- return (status);
-
- if ((status =
- (*((AHEncryptDecrypt *)algorithm->z.handler)->vTable->DecryptInit)
- ((AHEncryptDecrypt *)algorithm->z.handler, key, algorithmChooser,
- surrenderContext)) != 0)
- return (status);
-
- algorithm->z.initFlag = 1;
- return (0);
-}
-
-int B_AlgorithmEncryptUpdate
- (algorithm, partOut, partOutLen, maxPartOutLen, partIn, partInLen,
- randomAlgorithm, surrenderContext)
-B_Algorithm *algorithm;
-unsigned char *partOut;
-unsigned int *partOutLen;
-unsigned int maxPartOutLen;
-unsigned char *partIn;
-unsigned int partInLen;
-B_Algorithm *randomAlgorithm;
-A_SURRENDER_CTX *surrenderContext;
-{
- int status;
-
- if ((status = B_AlgorithmCheckTypeAndInitFlag
- (algorithm, TypedAHEncryptDecryptDestructor)) != 0)
- return (status);
-
- return ((*((AHEncryptDecrypt *)algorithm->z.handler)->vTable->EncryptUpdate)
- ((AHEncryptDecrypt *)algorithm->z.handler, partOut, partOutLen,
- maxPartOutLen, partIn, partInLen, randomAlgorithm,
- surrenderContext));
-}
-
-int B_AlgorithmDecryptUpdate
- (algorithm, partOut, partOutLen, maxPartOutLen, partIn, partInLen,
- randomAlgorithm, surrenderContext)
-B_Algorithm *algorithm;
-unsigned char *partOut;
-unsigned int *partOutLen;
-unsigned int maxPartOutLen;
-const unsigned char *partIn;
-unsigned int partInLen;
-B_Algorithm *randomAlgorithm;
-A_SURRENDER_CTX *surrenderContext;
-{
- int status;
-
- if ((status = B_AlgorithmCheckTypeAndInitFlag
- (algorithm, TypedAHEncryptDecryptDestructor)) != 0)
- return (status);
-
- return ((*((AHEncryptDecrypt *)algorithm->z.handler)->vTable->DecryptUpdate)
- ((AHEncryptDecrypt *)algorithm->z.handler, partOut, partOutLen,
- maxPartOutLen, partIn, partInLen, randomAlgorithm,
- surrenderContext));
-}
-
-int B_AlgorithmEncryptFinal
- (algorithm, partOut, partOutLen, maxPartOutLen, randomAlgorithm,
- surrenderContext)
-B_Algorithm *algorithm;
-unsigned char *partOut;
-unsigned int *partOutLen;
-unsigned int maxPartOutLen;
-B_Algorithm *randomAlgorithm;
-A_SURRENDER_CTX *surrenderContext;
-{
- int status;
-
- if ((status = B_AlgorithmCheckTypeAndInitFlag
- (algorithm, TypedAHEncryptDecryptDestructor)) != 0)
- return (status);
-
- return ((*((AHEncryptDecrypt *)algorithm->z.handler)->vTable->EncryptFinal)
- ((AHEncryptDecrypt *)algorithm->z.handler, partOut, partOutLen,
- maxPartOutLen, randomAlgorithm, surrenderContext));
-}
-
-int B_AlgorithmDecryptFinal
- (algorithm, partOut, partOutLen, maxPartOutLen, randomAlgorithm,
- surrenderContext)
-B_Algorithm *algorithm;
-unsigned char *partOut;
-unsigned int *partOutLen;
-unsigned int maxPartOutLen;
-B_Algorithm *randomAlgorithm;
-A_SURRENDER_CTX *surrenderContext;
-{
- int status;
-
- if ((status = B_AlgorithmCheckTypeAndInitFlag
- (algorithm, TypedAHEncryptDecryptDestructor)) != 0)
- return (status);
-
- return ((*((AHEncryptDecrypt *)algorithm->z.handler)->vTable->DecryptFinal)
- ((AHEncryptDecrypt *)algorithm->z.handler, partOut, partOutLen,
- maxPartOutLen, randomAlgorithm, surrenderContext));
-}
-
-static void TypedAHEncryptDecryptDestructor (typeCheck)
-B_TypeCheck *typeCheck;
-{
- (*((AHEncryptDecrypt *)typeCheck)->vTable->Destructor)
- ((AHEncryptDecrypt *)typeCheck);
-}
-
+++ /dev/null
-/* Copyright (C) RSA Data Security, Inc. created 1993, 1996. This is an
- unpublished work protected as such under copyright law. This work
- contains proprietary, confidential, and trade secret information of
- RSA Data Security, Inc. Use, disclosure or reproduction without the
- express written authorization of RSA Data Security, Inc. is
- prohibited.
- */
-
-#ifndef _AHENCRYP_H_
-#define _AHENCRYP_H_ 1
-
-#include "btypechk.h"
-
-/* In C++:
-class AHEncryptDecrypt : public B_TypeCheck {
- AHEncryptDecrypt ();
- virtual ~AHEncryptDecrypt () = 0;
-
- virtual int getBlockLen (unsigned int *) = 0;
- virtual int encryptInit
- (B_Key *, B_ALGORITHM_CHOOSER, A_SURRENDER_CTX *) = 0;
- virtual int decryptInit
- (B_Key *, B_ALGORITHM_CHOOSER, A_SURRENDER_CTX *) = 0;
- virtual int encryptUpdate
- (unsigned char *, unsigned int *, unsigned int, unsigned char *,
- unsigned int, B_Algorithm *, A_SURRENDER_CTX *) = 0;
- virtual int decryptUpdate
- (unsigned char *, unsigned int *, unsigned int, unsigned char *,
- unsigned int, B_Algorithm *, A_SURRENDER_CTX *) = 0;
- virtual int encryptFinal
- (unsigned char *, unsigned int *, unsigned int, B_Algorithm *,
- A_SURRENDER_CTX *) = 0;
- virtual int decryptFinal
- (unsigned char *, unsigned int *, unsigned int, B_Algorithm *,
- A_SURRENDER_CTX *) = 0;
-};
- */
-
-/* Use the THIS_ENCRYPT_DECRYPT macro to define the type of object in the
- virtual function prototype. It defaults to the most base class, but
- derived modules may define the macro to a more derived class before
- including this header file.
- */
-#ifndef THIS_ENCRYPT_DECRYPT
-#define THIS_ENCRYPT_DECRYPT struct AHEncryptDecrypt
-#endif
-
-struct AHEncryptDecrypt;
-
-typedef struct {
- void (*Destructor) PROTO_LIST ((THIS_ENCRYPT_DECRYPT *));
- int (*GetBlockLen) PROTO_LIST ((THIS_ENCRYPT_DECRYPT *, unsigned int *));
- int (*EncryptInit) PROTO_LIST
- ((THIS_ENCRYPT_DECRYPT *, B_Key *, B_ALGORITHM_CHOOSER,
- A_SURRENDER_CTX *));
- int (*DecryptInit) PROTO_LIST
- ((THIS_ENCRYPT_DECRYPT *, B_Key *, B_ALGORITHM_CHOOSER,
- A_SURRENDER_CTX *));
- int (*EncryptUpdate) PROTO_LIST
- ((THIS_ENCRYPT_DECRYPT *, unsigned char *, unsigned int *, unsigned int,
- const unsigned char *, unsigned int, B_Algorithm *, A_SURRENDER_CTX *));
- int (*DecryptUpdate) PROTO_LIST
- ((THIS_ENCRYPT_DECRYPT *, unsigned char *, unsigned int *, unsigned int,
- const unsigned char *, unsigned int, B_Algorithm *, A_SURRENDER_CTX *));
- int (*EncryptFinal) PROTO_LIST
- ((THIS_ENCRYPT_DECRYPT *, unsigned char *, unsigned int *, unsigned int,
- B_Algorithm *, A_SURRENDER_CTX *));
- int (*DecryptFinal) PROTO_LIST
- ((THIS_ENCRYPT_DECRYPT *, unsigned char *, unsigned int *, unsigned int,
- B_Algorithm *, A_SURRENDER_CTX *));
-} AHEncryptDecryptVTable;
-
-typedef struct AHEncryptDecrypt {
- B_TypeCheck typeCheck; /* inherited */
- AHEncryptDecryptVTable *vTable; /* pure virtual */
-} AHEncryptDecrypt;
-
-/* The constructor does not set the vTable since this is a pure base class.
- */
-void AHEncryptDecryptConstructor PROTO_LIST ((AHEncryptDecrypt *));
-/* No destructor because it is pure virtual. Also, do not call destructor
- for B_TypeCheck, since this will just re-invoke this virtual
- destructor. */
-
-#endif
+++ /dev/null
-/* Copyright (C) RSA Data Security, Inc. created 1990, 1996. This is an
- unpublished work protected as such under copyright law. This work
- contains proprietary, confidential, and trade secret information of
- RSA Data Security, Inc. Use, disclosure or reproduction without the
- express written authorization of RSA Data Security, Inc. is
- prohibited.
- */
-
-#include "port_before.h"
-#include "global.h"
-#include "bsafe2.h"
-#include "bkey.h"
-#include "balg.h"
-#include "ahgen.h"
-#include "port_after.h"
-
-static void TypedAHGenerateDestructor PROTO_LIST ((B_TypeCheck *));
-
-void AHGenerateConstructor (handler)
-AHGenerate *handler;
-{
- /* Construct base class, setting type tag. */
- B_TYPE_CHECK_Constructor
- (&handler->typeCheck, TypedAHGenerateDestructor);
-
- /* Don't set vTable since this is a pure virtual base class. */
-}
-
-int B_AlgorithmGenerateInit (algorithm, algorithmChooser, surrenderContext)
-B_Algorithm *algorithm;
-B_ALGORITHM_CHOOSER algorithmChooser;
-A_SURRENDER_CTX *surrenderContext;
-{
- int status;
-
- if ((status = B_AlgorithmCheckType
- (algorithm, TypedAHGenerateDestructor)) != 0)
- return (status);
-
- if ((status =
- (*((AHGenerate *)algorithm->z.handler)->vTable->GenerateInit)
- ((AHGenerate *)algorithm->z.handler, algorithmChooser,
- surrenderContext)) != 0)
- return (status);
-
- algorithm->z.initFlag = 1;
- return (0);
-}
-
-int B_AlgorithmGenerateKeypair
- (algorithm, publicKey, privateKey, randomAlgorithm, surrenderContext)
-B_Algorithm *algorithm;
-B_Key *publicKey;
-B_Key *privateKey;
-B_Algorithm *randomAlgorithm;
-A_SURRENDER_CTX *surrenderContext;
-{
- int status;
-
- if ((status = B_AlgorithmCheckTypeAndInitFlag
- (algorithm, TypedAHGenerateDestructor)) != 0)
- return (status);
-
- return ((*((AHGenerate *)algorithm->z.handler)->vTable->GenerateKeypair)
- ((AHGenerate *)algorithm->z.handler, publicKey, privateKey,
- randomAlgorithm, surrenderContext));
-}
-
-int B_AlgorithmGenerateParameters
- (algorithm, resultAlgorithm, randomAlgorithm, surrenderContext)
-B_Algorithm *algorithm;
-B_Algorithm *resultAlgorithm;
-B_Algorithm *randomAlgorithm;
-A_SURRENDER_CTX *surrenderContext;
-{
- int status;
-
- if ((status = B_AlgorithmCheckTypeAndInitFlag
- (algorithm, TypedAHGenerateDestructor)) != 0)
- return (status);
-
- return ((*((AHGenerate *)algorithm->z.handler)->vTable->GenerateParameters)
- ((AHGenerate *)algorithm->z.handler, resultAlgorithm,
- randomAlgorithm, surrenderContext));
-}
-
-static void TypedAHGenerateDestructor (typeCheck)
-B_TypeCheck *typeCheck;
-{
- (*((AHGenerate *)typeCheck)->vTable->Destructor) ((AHGenerate *)typeCheck);
-}
-
+++ /dev/null
-/* Copyright (C) RSA Data Security, Inc. created 1990, 1996. This is an
- unpublished work protected as such under copyright law. This work
- contains proprietary, confidential, and trade secret information of
- RSA Data Security, Inc. Use, disclosure or reproduction without the
- express written authorization of RSA Data Security, Inc. is
- prohibited.
- */
-
-#ifndef _AHGEN_H_
-#define _AHGEN_H_ 1
-
-#include "btypechk.h"
-
-/* Use the THIS_GENERATE macro to define the type of object in the
- virtual function prototype. It defaults to the most base class, but
- derived modules may define the macro to a more derived class before
- including this header file.
- */
-#ifndef THIS_GENERATE
-#define THIS_GENERATE struct AHGenerate
-#endif
-
-struct AHGenerate;
-
-typedef struct {
- void (*Destructor) PROTO_LIST ((THIS_GENERATE *));
- int (*GenerateInit) PROTO_LIST
- ((THIS_GENERATE *, B_ALGORITHM_CHOOSER, A_SURRENDER_CTX *));
- int (*GenerateKeypair) PROTO_LIST
- ((THIS_GENERATE *, B_Key *, B_Key *, B_Algorithm *, A_SURRENDER_CTX *));
- int (*GenerateParameters) PROTO_LIST
- ((THIS_GENERATE *, B_Algorithm *, B_Algorithm *, A_SURRENDER_CTX *));
-} AHGenerateVTable;
-
-typedef struct AHGenerate {
- B_TypeCheck typeCheck; /* inherited */
- AHGenerateVTable *vTable; /* pure virtual */
-} AHGenerate;
-
-/* The constructor does not set the vTable since this is a pure base class.
- */
-void AHGenerateConstructor PROTO_LIST ((AHGenerate *));
-/* No destructor because it is pure virtual. Also, do not call destructor
- for B_TypeCheck, since this will just re-invoke this virtual
- destructor. */
-
-#endif
+++ /dev/null
-/* Copyright (C) RSA Data Security, Inc. created 1990, 1996. This is an
- unpublished work protected as such under copyright law. This work
- contains proprietary, confidential, and trade secret information of
- RSA Data Security, Inc. Use, disclosure or reproduction without the
- express written authorization of RSA Data Security, Inc. is
- prohibited.
- */
-
-#include "port_before.h"
-#include "global.h"
-#include "bsafe2.h"
-#include "bkey.h"
-#include "balg.h"
-#include "ahrandom.h"
-#include "port_after.h"
-
-static void TypedAHRandomDestructor PROTO_LIST ((B_TypeCheck *));
-
-void AHRandomConstructor (handler)
-AHRandom *handler;
-{
- /* Construct base class, setting type tag. */
- B_TYPE_CHECK_Constructor
- (&handler->typeCheck, TypedAHRandomDestructor);
-
- /* Don't set vTable since this is a pure virtual base class. */
-}
-
-int B_AlgorithmRandomInit (algorithm, algorithmChooser, surrenderContext)
-B_Algorithm *algorithm;
-B_ALGORITHM_CHOOSER algorithmChooser;
-A_SURRENDER_CTX *surrenderContext;
-{
- int status;
-
- if ((status = B_AlgorithmCheckType (algorithm, TypedAHRandomDestructor))
- != 0)
- return (status);
-
- if ((status =
- (*((AHRandom *)algorithm->z.handler)->vTable->RandomInit)
- ((AHRandom *)algorithm->z.handler, algorithmChooser, surrenderContext))
- != 0)
- return (status);
-
- algorithm->z.initFlag = 1;
- return (0);
-}
-
-int B_AlgorithmRandomUpdate (algorithm, input, inputLen, surrenderContext)
-B_Algorithm *algorithm;
-unsigned char *input;
-unsigned int inputLen;
-A_SURRENDER_CTX *surrenderContext;
-{
- int status;
-
- if ((status = B_AlgorithmCheckTypeAndInitFlag
- (algorithm, TypedAHRandomDestructor)) != 0)
- return (status == BE_ALGORITHM_NOT_INITIALIZED ?
- BE_RANDOM_NOT_INITIALIZED : status);
-
- return ((*((AHRandom *)algorithm->z.handler)->vTable->RandomUpdate)
- ((AHRandom *)algorithm->z.handler, input, inputLen,
- surrenderContext));
-}
-
-int B_AlgorithmGenerateRandomBytes
- (algorithm, output, outputLen, surrenderContext)
-B_Algorithm *algorithm;
-unsigned char *output;
-unsigned int outputLen;
-A_SURRENDER_CTX *surrenderContext;
-{
- int status;
-
- /* As a special case, check here for a null this pointer when the object
- is actually being used since many routines take a "dummy" null
- random algorithm.
- */
- if (algorithm == (B_Algorithm *)NULL_PTR)
- return (BE_RANDOM_OBJ);
-
- if ((status = B_AlgorithmCheckTypeAndInitFlag
- (algorithm, TypedAHRandomDestructor)) != 0)
- return (status == BE_ALGORITHM_NOT_INITIALIZED ?
- BE_RANDOM_NOT_INITIALIZED : status);
-
- return ((*((AHRandom *)algorithm->z.handler)->vTable->GenerateBytes)
- ((AHRandom *)algorithm->z.handler, output, outputLen,
- surrenderContext));
-}
-
-static void TypedAHRandomDestructor (typeCheck)
-B_TypeCheck *typeCheck;
-{
- (*((AHRandom *)typeCheck)->vTable->Destructor) ((AHRandom *)typeCheck);
-}
-
+++ /dev/null
-/* Copyright (C) RSA Data Security, Inc. created 1990, 1996. This is an
- unpublished work protected as such under copyright law. This work
- contains proprietary, confidential, and trade secret information of
- RSA Data Security, Inc. Use, disclosure or reproduction without the
- express written authorization of RSA Data Security, Inc. is
- prohibited.
- */
-
-#ifndef _AHRANDOM_H_
-#define _AHRANDOM_H_ 1
-
-#include "btypechk.h"
-
-/* Use the THIS_RANDOM macro to define the type of object in the
- virtual function prototype. It defaults to the most base class, but
- derived modules may define the macro to a more derived class before
- including this header file.
- */
-#ifndef THIS_RANDOM
-#define THIS_RANDOM struct AHRandom
-#endif
-
-struct AHRandom;
-
-typedef struct {
- void (*Destructor) PROTO_LIST ((THIS_RANDOM *));
- int (*RandomInit) PROTO_LIST
- ((THIS_RANDOM *, B_ALGORITHM_CHOOSER, A_SURRENDER_CTX *));
- int (*RandomUpdate) PROTO_LIST
- ((THIS_RANDOM *, unsigned char *, unsigned int, A_SURRENDER_CTX *));
- int (*GenerateBytes) PROTO_LIST
- ((THIS_RANDOM *, unsigned char *, unsigned int, A_SURRENDER_CTX *));
-} AHRandomVTable;
-
-typedef struct AHRandom {
- B_TypeCheck typeCheck; /* inherited */
- AHRandomVTable *vTable; /* pure virtual */
-} AHRandom;
-
-/* The constructor does not set the vTable since this is a pure base class.
- */
-void AHRandomConstructor PROTO_LIST ((AHRandom *));
-/* No destructor because it is pure virtual. Also, do not call destructor
- for B_TypeCheck, since this will just re-invoke this virtual
- destructor. */
-
-#endif
+++ /dev/null
-/* Copyright (C) RSA Data Security, Inc. created 1990, 1996. This is an
- unpublished work protected as such under copyright law. This work
- contains proprietary, confidential, and trade secret information of
- RSA Data Security, Inc. Use, disclosure or reproduction without the
- express written authorization of RSA Data Security, Inc. is
- prohibited.
- */
-
-/* Define this so that the type of the 'this' pointer in the
- virtual functions will be correct for this derived class.
- */
-struct AH_RSAEncryption;
-#define THIS_ENCRYPT_DECRYPT struct AH_RSAEncryption
-
-#include "port_before.h"
-#include "global.h"
-#include "bsafe2.h"
-#include "bkey.h"
-#include "balg.h"
-#include "ahrsaenc.h"
-#include "port_after.h"
-
-static int AH_RSAEncryptionInitHelper PROTO_LIST ((AH_RSAEncryption *, int));
-
-static AHEncryptDecryptVTable V_TABLE = {
- AH_RSAEncryptionDestructor, AH_RSAEncryptionGetBlockLen,
- AH_RSAEncryptionEncryptInit, AH_RSAEncryptionDecryptInit,
- AH_RSAEncryptionUpdate,
- AH_RSAEncryptionUpdate,
- AH_RSAEncryptionEncryptFinal, AH_RSAEncryptionDecryptFinal
-};
-
-void AH_RSAEncryptionConstructor1 (handler, infoType)
-AH_RSAEncryption *handler;
-struct B_AlgorithmInfoType *infoType;
-{
- /* Construct base class with the infoType. Assume info is NULL_PTR. */
- AHChooseEncryptConstructor2
- (&handler->chooseEncryptDecrypt, infoType, NULL_PTR);
-
- T_memset ((POINTER)&handler->z, 0, sizeof (handler->z));
- /* Set the AHEncryptDecrypt vTable, but don't set the RSAEncryption vTable
- since it is pure virtual. */
- handler->chooseEncryptDecrypt.encryptDecrypt.vTable = &V_TABLE;
-}
-
-void AH_RSAEncryptionDestructor (handler)
-AH_RSAEncryption *handler;
-{
- T_memset ((POINTER)handler->z.block, 0, handler->z.blockLen);
- T_free ((POINTER)handler->z.block);
-
- /* Call base class destructor */
- AHChooseEncryptDestructor (handler);
-}
-
-int AH_RSAEncryptionGetBlockLen (handler, blockLen)
-AH_RSAEncryption *handler;
-unsigned int *blockLen;
-{
-UNUSED_ARG (handler)
-UNUSED_ARG (blockLen)
- return (BE_NOT_SUPPORTED);
-}
-
-int AH_RSAEncryptionEncryptInit (handler, key, chooser, surrenderContext)
-AH_RSAEncryption *handler;
-B_Key *key;
-B_ALGORITHM_CHOOSER chooser;
-A_SURRENDER_CTX *surrenderContext;
-{
- int status;
-
- if ((status = AHChooseEncryptEncryptInit
- (handler, key, chooser, surrenderContext)) != 0)
- return (status);
-
- return (AH_RSAEncryptionInitHelper (handler, 1));
-}
-
-int AH_RSAEncryptionDecryptInit (handler, key, chooser, surrenderContext)
-AH_RSAEncryption *handler;
-B_Key *key;
-B_ALGORITHM_CHOOSER chooser;
-A_SURRENDER_CTX *surrenderContext;
-{
- int status;
-
- if ((status = AHChooseEncryptDecryptInit
- (handler, key, chooser, surrenderContext)) != 0)
- return (status);
-
- return (AH_RSAEncryptionInitHelper (handler, 0));
-}
-
-/* Accumulate into the z.block.
- */
-int AH_RSAEncryptionUpdate
- (handler, partOut, partOutLen, maxPartOutLen, partIn, partInLen,
- randomAlgorithm, surrenderContext)
-AH_RSAEncryption *handler;
-unsigned char *partOut;
-unsigned int *partOutLen;
-unsigned int maxPartOutLen;
-const unsigned char *partIn;
-unsigned int partInLen;
-B_Algorithm *randomAlgorithm;
-A_SURRENDER_CTX *surrenderContext;
-{
-UNUSED_ARG (partOut)
-UNUSED_ARG (maxPartOutLen)
-UNUSED_ARG (randomAlgorithm)
-UNUSED_ARG (surrenderContext)
- *partOutLen = 0;
-
- if (handler->_inputLen + partInLen > handler->_maxInputLen)
- return (BE_INPUT_LEN);
- T_memcpy
- ((POINTER)(handler->z.block + handler->_inputLen), (CPOINTER)partIn,
- partInLen);
- handler->_inputLen += partInLen;
- return (0);
-}
-
-int AH_RSAEncryptionEncryptFinal
- (handler, partOut, partOutLen, maxPartOutLen, randomAlgorithm,
- surrenderContext)
-AH_RSAEncryption *handler;
-unsigned char *partOut;
-unsigned int *partOutLen;
-unsigned int maxPartOutLen;
-B_Algorithm *randomAlgorithm;
-A_SURRENDER_CTX *surrenderContext;
-{
- int status;
- unsigned int dummyPartOutLen;
-
- /* Encode methodContext in place. */
- if ((status = (*handler->vTable->EncodeBlock)
- (handler, randomAlgorithm, surrenderContext)) != 0)
- return (status);
-
- /* This should not return BE_INPUT_DATA since it is well-formatted. */
- if ((status = AHChooseEncryptEncryptUpdate
- (handler, partOut, partOutLen, maxPartOutLen, handler->z.block,
- handler->z.blockLen, (B_Algorithm *)NULL_PTR, surrenderContext)) != 0)
- return (status);
-
- /* Expect final to return zero bytes. */
- if ((status = AHChooseEncryptEncryptFinal
- (handler, (unsigned char *)NULL_PTR, &dummyPartOutLen, 0,
- (B_Algorithm *)NULL_PTR, surrenderContext)) != 0)
- return (status);
-
- /* Restart the handle for new input. */
- handler->_inputLen = 0;
- return (0);
-}
-
-int AH_RSAEncryptionDecryptFinal
- (handler, partOut, partOutLen, maxPartOutLen, randomAlgorithm,
- surrenderContext)
-AH_RSAEncryption *handler;
-unsigned char *partOut;
-unsigned int *partOutLen;
-unsigned int maxPartOutLen;
-B_Algorithm *randomAlgorithm;
-A_SURRENDER_CTX *surrenderContext;
-{
- ITEM output;
- int status;
- unsigned int decryptedLen, dummyPartOutLen;
-
-UNUSED_ARG (randomAlgorithm)
- /* Decrypt block in place. The block lenghts are already within limits.
- */
- if ((status = AHChooseEncryptDecryptUpdate
- (handler, handler->z.block, &decryptedLen, handler->z.blockLen,
- handler->z.block, handler->_inputLen, (B_Algorithm *)NULL_PTR,
- surrenderContext)) != 0)
- return (status);
- /* Expect final to return zero bytes. */
- if ((status = AHChooseEncryptDecryptFinal
- (handler, (unsigned char *)NULL_PTR, &dummyPartOutLen, 0,
- (B_Algorithm *)NULL_PTR, surrenderContext)) != 0)
- return (status);
-
- /* Restart the handle for new input. */
- handler->_inputLen = 0;
-
- /* Now decode the block and copy the result to the partOut.
- */
- if ((status = (*handler->vTable->DecodeBlock)
- (handler, &output, decryptedLen)) != 0)
- return (status);
-
- if (output.len > handler->z.blockLen - 11)
- /* This implies that the block was encrypted with less than
- 8 bytes of padding */
- return (BE_INPUT_DATA);
-
- if ((*partOutLen = output.len) > maxPartOutLen)
- return (BE_OUTPUT_LEN);
- T_memcpy ((POINTER)partOut, (POINTER)output.data, output.len);
-
- return (0);
-}
-
-static int AH_RSAEncryptionInitHelper (handler, encryptFlag)
-AH_RSAEncryption *handler;
-int encryptFlag;
-{
- int status;
- unsigned int newBlockLen;
-
- if ((status = AHChooseEncryptGetBlockLen (handler, &newBlockLen)) != 0)
- return (status);
-
- if (newBlockLen < 12)
- /* PKCS Requires at least 12 bytes of modulus */
- return (BE_NOT_SUPPORTED);
-
- /* During encrypt, this will ensure that there are 8 bytes of padding.
- During decrypt, the DecodeBlock procedure must check that the block
- was encrypted with 8 bytes of padding.
- */
- handler->_maxInputLen = encryptFlag ? (newBlockLen - 11) : newBlockLen;
-
- handler->_inputLen = 0;
-
- /* Zeroize old block and realloc to new size.
- */
- T_memset ((POINTER)handler->z.block, 0, handler->z.blockLen);
- if ((handler->z.block = (unsigned char *)T_realloc
- ((POINTER)handler->z.block, newBlockLen))
- == (unsigned char *)NULL_PTR) {
- handler->z.blockLen = 0;
- return (BE_ALLOC);
- }
-
- handler->z.blockLen = newBlockLen;
- return (0);
-}
-
+++ /dev/null
-/* Copyright (C) RSA Data Security, Inc. created 1990, 1996. This is an
- unpublished work protected as such under copyright law. This work
- contains proprietary, confidential, and trade secret information of
- RSA Data Security, Inc. Use, disclosure or reproduction without the
- express written authorization of RSA Data Security, Inc. is
- prohibited.
- */
-
-#ifndef _AHRSAENC_H_
-#define _AHRSAENC_H_
-
-#include "ahchencr.h"
-
-struct AH_RSAEncryption;
-
-/* For EncodeBlock, the block to encode is left justified in the
- z.block with length given by z._inputLen. EncodeBlock encodes the block
- in place to fill it out to z.blockLen.
- For DecodeBlock, return the contents in the given ITEM by decoding
- the z.block value which has length given by decryptedLen. This
- procedure must also ensure that the block was encrypted with 8 bytes
- of padding.
- */
-typedef struct {
- int (*EncodeBlock) PROTO_LIST
- ((THIS_ENCRYPT_DECRYPT *, B_Algorithm * /* randomAlgorithm */,
- A_SURRENDER_CTX *));
- int (*DecodeBlock) PROTO_LIST
- ((THIS_ENCRYPT_DECRYPT *, ITEM *, unsigned int /* decryptedLen */));
-} AH_RSAEncryptionVTable;
-
-typedef struct AH_RSAEncryption {
- AHChooseEncryptDecrypt chooseEncryptDecrypt; /* base class */
-
- struct {
- unsigned char *block;
- unsigned int blockLen;
- } z; /* Zeroized by constructor */
-
- unsigned int _inputLen; /* Length of data accumulated by Update */
- unsigned int _maxInputLen; /* used during update to check for overflow */
- AH_RSAEncryptionVTable *vTable; /* pure virtual */
-} AH_RSAEncryption;
-
-void AH_RSAEncryptionConstructor1 PROTO_LIST
- ((AH_RSAEncryption *, struct B_AlgorithmInfoType *));
-void AH_RSAEncryptionDestructor PROTO_LIST ((AH_RSAEncryption *));
-
-int AH_RSAEncryptionGetBlockLen PROTO_LIST
- ((THIS_ENCRYPT_DECRYPT *, unsigned int *));
-int AH_RSAEncryptionEncryptInit PROTO_LIST
- ((THIS_ENCRYPT_DECRYPT *, B_Key *, B_ALGORITHM_CHOOSER,
- A_SURRENDER_CTX *));
-int AH_RSAEncryptionDecryptInit PROTO_LIST
- ((THIS_ENCRYPT_DECRYPT *, B_Key *, B_ALGORITHM_CHOOSER,
- A_SURRENDER_CTX *));
-int AH_RSAEncryptionUpdate PROTO_LIST
- ((THIS_ENCRYPT_DECRYPT *, unsigned char *, unsigned int *,
- unsigned int, const unsigned char *, unsigned int, B_Algorithm *,
- A_SURRENDER_CTX *));
-int AH_RSAEncryptionEncryptFinal PROTO_LIST
- ((THIS_ENCRYPT_DECRYPT *, unsigned char *, unsigned int *,
- unsigned int, B_Algorithm *, A_SURRENDER_CTX *));
-int AH_RSAEncryptionDecryptFinal PROTO_LIST
- ((THIS_ENCRYPT_DECRYPT *, unsigned char *, unsigned int *,
- unsigned int, B_Algorithm *, A_SURRENDER_CTX *));
-
-#endif
+++ /dev/null
-/* Copyright (C) RSA Data Security, Inc. created 1990, 1996. This is an
- unpublished work protected as such under copyright law. This work
- contains proprietary, confidential, and trade secret information of
- RSA Data Security, Inc. Use, disclosure or reproduction without the
- express written authorization of RSA Data Security, Inc. is
- prohibited.
- */
-
-/* Define this so that the type of the 'this' pointer in the
- virtual functions will be correct for this derived class.
- */
-struct AH_RSAEncryption;
-#define THIS_ENCRYPT_DECRYPT struct AH_RSAEncryption
-
-#include "port_before.h"
-#include "global.h"
-#include "bsafe2.h"
-#include "bkey.h"
-#include "balg.h"
-#include "ahrsaepr.h"
-#include "port_after.h"
-
-static int EncodeBlock1 PROTO_LIST
- ((AH_RSAEncryptionPrivate *, B_Algorithm *, A_SURRENDER_CTX *));
-static int DecodeBlock2 PROTO_LIST
- ((AH_RSAEncryptionPrivate *, ITEM *, unsigned int));
-
-static AH_RSAEncryptionVTable ENCRYPTION_V_TABLE =
- {EncodeBlock1, DecodeBlock2};
-
-extern struct B_AlgorithmInfoType AIT_RSAPrivate;
-
-AH_RSAEncryptionPrivate *AH_RSAEncrypPrivateConstructor (handler)
-AH_RSAEncryptionPrivate *handler;
-{
- if (handler == (AH_RSAEncryptionPrivate *)NULL_PTR) {
- /* This constructor is being used to do a new */
- if ((handler = (AH_RSAEncryptionPrivate *)T_malloc (sizeof (*handler)))
- == (AH_RSAEncryptionPrivate *)NULL_PTR)
- return (handler);
- }
-
- /* Construct base class */
- AH_RSAEncryptionConstructor1 (handler, &AIT_RSAPrivate);
-
- handler->vTable = &ENCRYPTION_V_TABLE;
- return (handler);
-}
-
-/* block1 starts out with the input bytes of length inputLen left-justified.
- Returns 0, BE_INPUT_LEN.
- */
-static int EncodeBlock1 (handler, randomAlgorithm, surrenderContext)
-AH_RSAEncryptionPrivate *handler;
-B_Algorithm *randomAlgorithm;
-A_SURRENDER_CTX *surrenderContext;
-{
- unsigned int padLen;
-
-UNUSED_ARG (randomAlgorithm)
-UNUSED_ARG (surrenderContext)
- if ((handler->_inputLen + 3) > handler->z.blockLen)
- /* input is too large to make a block 1 */
- return (BE_INPUT_LEN);
-
- padLen = handler->z.blockLen - (handler->_inputLen + 3);
- T_memmove
- ((POINTER)(handler->z.block + padLen + 3), (POINTER)handler->z.block,
- handler->_inputLen);
-
- handler->z.block[0] = 0;
- handler->z.block[1] = 1;
- T_memset ((POINTER)(handler->z.block + 2), 0xff, padLen);
- handler->z.block[2 + padLen] = 0;
- return (0);
-}
-
-static int DecodeBlock2 (handler, output, block2Len)
-AH_RSAEncryptionPrivate *handler;
-ITEM *output;
-unsigned int block2Len;
-{
- unsigned int i;
-
- if ((handler->z.block[0] != 0) || (handler->z.block[1] != 2))
- return (BE_INPUT_DATA);
-
- /* Should be able to find the data after the first zero byte following
- the random bytes. */
- for (i = 2; i < block2Len && handler->z.block[i] != 0; i++);
- i++;
-
- if (i > block2Len)
- /* The data is not zero terminated. */
- return (BE_INPUT_DATA);
-
- output->len = block2Len - i;
- output->data = handler->z.block + i;
- return (0);
-}
-
+++ /dev/null
-/* Copyright (C) RSA Data Security, Inc. created 1993, 1996. This is an
- unpublished work protected as such under copyright law. This work
- contains proprietary, confidential, and trade secret information of
- RSA Data Security, Inc. Use, disclosure or reproduction without the
- express written authorization of RSA Data Security, Inc. is
- prohibited.
- */
-
-#ifndef _AHRSAEPR_H_
-#define _AHRSAEPR_H_
-
-#include "ahrsaenc.h"
-
-/* structure is identical to base class, so just re-typedef. */
-typedef AH_RSAEncryption AH_RSAEncryptionPrivate;
-
-AH_RSAEncryptionPrivate *AH_RSAEncrypPrivateConstructor PROTO_LIST
- ((AH_RSAEncryptionPrivate *));
-
-#endif
+++ /dev/null
-/* Copyright (C) RSA Data Security, Inc. created 1990, 1996. This is an
- unpublished work protected as such under copyright law. This work
- contains proprietary, confidential, and trade secret information of
- RSA Data Security, Inc. Use, disclosure or reproduction without the
- express written authorization of RSA Data Security, Inc. is
- prohibited.
- */
-
-/* Define this so that the type of the 'this' pointer in the
- virtual functions will be correct for this derived class.
- */
-struct AH_RSAEncryption;
-#define THIS_ENCRYPT_DECRYPT struct AH_RSAEncryption
-
-#include "port_before.h"
-#include "global.h"
-#include "bsafe2.h"
-#include "bkey.h"
-#include "balg.h"
-#include "ahrsaepu.h"
-#include "port_after.h"
-
-static int EncodeBlock2 PROTO_LIST
- ((AH_RSAEncryptionPublic *, B_Algorithm *, A_SURRENDER_CTX *));
-static int DecodeBlock1 PROTO_LIST
- ((AH_RSAEncryptionPublic *, ITEM *, unsigned int));
-
-static AH_RSAEncryptionVTable ENCRYPTION_V_TABLE =
- {EncodeBlock2, DecodeBlock1};
-
-extern struct B_AlgorithmInfoType AIT_RSAPublic;
-
-AH_RSAEncryptionPublic *AH_RSAEncrypPublicConstructor (handler)
-AH_RSAEncryptionPublic *handler;
-{
- if (handler == (AH_RSAEncryptionPublic *)NULL_PTR) {
- /* This constructor is being used to do a new */
- if ((handler = (AH_RSAEncryptionPublic *)T_malloc (sizeof (*handler)))
- == (AH_RSAEncryptionPublic *)NULL_PTR)
- return (handler);
- }
-
- /* Construct base class */
- AH_RSAEncryptionConstructor1 (handler, &AIT_RSAPublic);
-
- handler->vTable = &ENCRYPTION_V_TABLE;
- return (handler);
-}
-
-/* block starts out with the input bytes of length inputLen left-justified.
- */
-static int EncodeBlock2 (handler, randomAlgorithm, surrenderContext)
-AH_RSAEncryptionPublic *handler;
-B_Algorithm *randomAlgorithm;
-A_SURRENDER_CTX *surrenderContext;
-{
- int status;
- unsigned char randomByte;
- unsigned int padLen, i;
-
- if ((handler->_inputLen + 3) > handler->z.blockLen)
- /* input is too large to make a block 2 */
- return (BE_INPUT_LEN);
-
- padLen = handler->z.blockLen - (handler->_inputLen + 3);
- T_memmove
- ((POINTER)(handler->z.block + padLen + 3), (POINTER)handler->z.block,
- handler->_inputLen);
-
- handler->z.block[0] = 0;
- handler->z.block[1] = 2;
-
- /* Pad out with random bytes, making sure that none of the bytes is zero.
- */
- for (i = 2; i < (padLen + 2); i++) {
- do {
- if ((status = B_AlgorithmGenerateRandomBytes
- (randomAlgorithm, &randomByte, 1, surrenderContext)) != 0)
- return (status);
- } while (randomByte == 0);
-
- handler->z.block[i] = randomByte;
- }
-
- handler->z.block[2 + padLen] = 0;
- return (0);
-}
-
-static int DecodeBlock1 (handler, output, block1Len)
-AH_RSAEncryptionPublic *handler;
-ITEM *output;
-unsigned int block1Len;
-{
- unsigned int i;
-
- /* Locate the digestInfo within the PKCS block 1.
- */
- if (handler->z.block[0] != 0 || handler->z.block[1] != 1)
- return (BE_INPUT_DATA);
-
- /* Should be able to find the data after the first zero byte following
- the 0xff. */
- for (i = 2; i < block1Len && handler->z.block[i] == 0xff; i++);
- i++;
-
- if (i > block1Len || handler->z.block[i - 1] != 0)
- /* The data is not zero terminated, or a byte other than 0xff. */
- return (BE_INPUT_DATA);
-
- output->len = block1Len - i;
- output->data = handler->z.block + i;
- return (0);
-}
-
+++ /dev/null
-/* Copyright (C) RSA Data Security, Inc. created 1993, 1996. This is an
- unpublished work protected as such under copyright law. This work
- contains proprietary, confidential, and trade secret information of
- RSA Data Security, Inc. Use, disclosure or reproduction without the
- express written authorization of RSA Data Security, Inc. is
- prohibited.
- */
-
-#ifndef _AHRSAEPU_H_
-#define _AHRSAEPU_H_
-
-#include "ahrsaenc.h"
-
-/* structure is identical to base class, so just re-typedef. */
-typedef AH_RSAEncryption AH_RSAEncryptionPublic;
-
-AH_RSAEncryptionPublic *AH_RSAEncrypPublicConstructor PROTO_LIST
- ((AH_RSAEncryptionPublic *));
-
-#endif
+++ /dev/null
-/* Copyright (C) RSA Data Security, Inc. created 1993, 1996. This is an
- unpublished work protected as such under copyright law. This work
- contains proprietary, confidential, and trade secret information of
- RSA Data Security, Inc. Use, disclosure or reproduction without the
- express written authorization of RSA Data Security, Inc. is
- prohibited.
- */
-
-#include "port_before.h"
-#include "global.h"
-#include "bsafe2.h"
-#include "bkey.h"
-#include "balg.h"
-#include "ahchdig.h"
-#include "aichdig.h"
-#include "port_after.h"
-
-B_TypeCheck *AITChooseDigestNullNewHandler PROTO_LIST
- ((B_AlgorithmInfoType *, B_Algorithm *));
-
-B_AlgorithmInfoTypeVTable AITChooseDigestNull_V_TABLE =
- {AITNullAddInfo, AITChooseDigestNullNewHandler,
- B_AlgorithmInfoTypeMakeError};
-
-/* This always uses NULL_PTR for the info.
- */
-B_TypeCheck *AITChooseDigestNullNewHandler (infoType, algorithm)
-B_AlgorithmInfoType *infoType;
-B_Algorithm *algorithm;
-{
-UNUSED_ARG (algorithm)
-
- /* Pass in NULL_PTR so that constructor will allocate.
- */
- return ((B_TypeCheck *)AHChooseDigestConstructor2
- ((AHChooseDigest *)NULL_PTR, infoType, NULL_PTR));
-}
-
+++ /dev/null
-/* Copyright (C) RSA Data Security, Inc. created 1993, 1996. This is an
- unpublished work protected as such under copyright law. This work
- contains proprietary, confidential, and trade secret information of
- RSA Data Security, Inc. Use, disclosure or reproduction without the
- express written authorization of RSA Data Security, Inc. is
- prohibited.
- */
-
-#ifndef _AICHDIG_H_
-#define _AICHDIG_H_ 1
-
-#include "ainfotyp.h"
-#include "ainull.h"
-
-extern B_AlgorithmInfoTypeVTable AITChooseDigestNull_V_TABLE;
-
-#endif
+++ /dev/null
-/* Copyright (C) RSA Data Security, Inc. created 1993, 1996. This is an
- unpublished work protected as such under copyright law. This work
- contains proprietary, confidential, and trade secret information of
- RSA Data Security, Inc. Use, disclosure or reproduction without the
- express written authorization of RSA Data Security, Inc. is
- prohibited.
- */
-
-#include "port_before.h"
-#include "global.h"
-#include "bsafe2.h"
-#include "bkey.h"
-#include "balg.h"
-#include "aichenc8.h"
-#include "port_after.h"
-
-B_AlgorithmInfoTypeVTable AITChooseEncrypt8_V_TABLE =
- {AIT_8AddInfo, AITChooseEncryptNewHandler, B_AlgorithmInfoTypeMakeError};
-
-int AIT_8AddInfo (infoType, algorithm, info)
-B_AlgorithmInfoType *infoType;
-B_Algorithm *algorithm;
-POINTER info;
-{
- POINTER newInfo;
- int status;
-
- if ((status = B_MemoryPoolAllocAndCopy
- (&algorithm->infoCache.memoryPool, &newInfo, info, 8)) != 0)
- return (status);
-
- return (B_InfoCacheAddInfo
- (&algorithm->infoCache, (POINTER)infoType, newInfo));
-}
-
+++ /dev/null
-/* Copyright (C) RSA Data Security, Inc. created 1993, 1996. This is an
- unpublished work protected as such under copyright law. This work
- contains proprietary, confidential, and trade secret information of
- RSA Data Security, Inc. Use, disclosure or reproduction without the
- express written authorization of RSA Data Security, Inc. is
- prohibited.
- */
-
-#ifndef _AICHENC8_H_
-#define _AICHENC8_H_ 1
-
-#include "aichencr.h"
-
-extern B_AlgorithmInfoTypeVTable AITChooseEncrypt8_V_TABLE;
-
-int AIT_8AddInfo PROTO_LIST
- ((THIS_ALGORITHM_INFO_TYPE *, B_Algorithm *, POINTER));
-
-#endif
+++ /dev/null
-/* Copyright (C) RSA Data Security, Inc. created 1993, 1996. This is an
- unpublished work protected as such under copyright law. This work
- contains proprietary, confidential, and trade secret information of
- RSA Data Security, Inc. Use, disclosure or reproduction without the
- express written authorization of RSA Data Security, Inc. is
- prohibited.
- */
-
-#include "port_before.h"
-#include "global.h"
-#include "bsafe2.h"
-#include "bkey.h"
-#include "balg.h"
-#include "aichencn.h"
-#include "port_after.h"
-
-B_AlgorithmInfoTypeVTable AITChooseEncryptNull_V_TABLE =
- {AITNullAddInfo, AITChooseEncryptNewHandler, B_AlgorithmInfoTypeMakeError};
-
+++ /dev/null
-/* Copyright (C) RSA Data Security, Inc. created 1993, 1996. This is an
- unpublished work protected as such under copyright law. This work
- contains proprietary, confidential, and trade secret information of
- RSA Data Security, Inc. Use, disclosure or reproduction without the
- express written authorization of RSA Data Security, Inc. is
- prohibited.
- */
-
-#ifndef _AICHENCN_H_
-#define _AICHENCN_H_ 1
-
-#include "aichencr.h"
-#include "ainull.h"
-
-extern B_AlgorithmInfoTypeVTable AITChooseEncryptNull_V_TABLE;
-
-#endif
+++ /dev/null
-/* Copyright (C) RSA Data Security, Inc. created 1993, 1996. This is an
- unpublished work protected as such under copyright law. This work
- contains proprietary, confidential, and trade secret information of
- RSA Data Security, Inc. Use, disclosure or reproduction without the
- express written authorization of RSA Data Security, Inc. is
- prohibited.
- */
-
-#include "port_before.h"
-#include "global.h"
-#include "bsafe2.h"
-#include "bkey.h"
-#include "balg.h"
-#include "ahchencr.h"
-#include "aichencr.h"
-#include "port_after.h"
-
-B_TypeCheck *AITChooseEncryptNewHandler (infoType, algorithm)
-B_AlgorithmInfoType *infoType;
-B_Algorithm *algorithm;
-{
- POINTER info;
-
- if (B_InfoCacheFindInfo (&algorithm->infoCache, &info, (POINTER)infoType)
- != 0)
- /* This really shouldn't happen since the info was just added. */
- return ((B_TypeCheck *)NULL_PTR);
-
- /* Pass in NULL_PTR so that constructor will allocate. */
- return ((B_TypeCheck *)AHChooseEncryptConstructor2
- ((AHChooseEncryptDecrypt *)NULL_PTR, infoType, info));
-}
-
+++ /dev/null
-/* Copyright (C) RSA Data Security, Inc. created 1993, 1996. This is an
- unpublished work protected as such under copyright law. This work
- contains proprietary, confidential, and trade secret information of
- RSA Data Security, Inc. Use, disclosure or reproduction without the
- express written authorization of RSA Data Security, Inc. is
- prohibited.
- */
-
-#ifndef _AICHENCR_H_
-#define _AICHENCR_H_ 1
-
-#include "ainfotyp.h"
-
-struct B_TypeCheck *AITChooseEncryptNewHandler PROTO_LIST
- ((B_AlgorithmInfoType *, B_Algorithm *));
-
-#endif
+++ /dev/null
-/* Copyright (C) RSA Data Security, Inc. created 1993, 1996. This is an
- unpublished work protected as such under copyright law. This work
- contains proprietary, confidential, and trade secret information of
- RSA Data Security, Inc. Use, disclosure or reproduction without the
- express written authorization of RSA Data Security, Inc. is
- prohibited.
- */
-
-#include "port_before.h"
-#include "global.h"
-#include "bsafe2.h"
-#include "bkey.h"
-#include "balg.h"
-#include "ahchgen.h"
-#include "aichgen.h"
-#include "port_after.h"
-
-B_TypeCheck *AITChooseGenerateNewHandler (infoType, algorithm)
-B_AlgorithmInfoType *infoType;
-B_Algorithm *algorithm;
-{
- POINTER info;
-
- if (B_InfoCacheFindInfo (&algorithm->infoCache, &info, (POINTER)infoType)
- != 0)
- /* This really shouldn't happen since the info was just added. */
- return ((B_TypeCheck *)NULL_PTR);
-
- /* Pass in NULL_PTR so that constructor will allocate. */
- return ((B_TypeCheck *)AHChooseGenerateConstructor2
- ((AHChooseGenerate *)NULL_PTR, infoType, info));
-}
-
+++ /dev/null
-/* Copyright (C) RSA Data Security, Inc. created 1993, 1996. This is an
- unpublished work protected as such under copyright law. This work
- contains proprietary, confidential, and trade secret information of
- RSA Data Security, Inc. Use, disclosure or reproduction without the
- express written authorization of RSA Data Security, Inc. is
- prohibited.
- */
-
-#ifndef _AICHGEN_H_
-#define _AICHGEN_H_ 1
-
-#include "ainfotyp.h"
-
-struct B_TypeCheck *AITChooseGenerateNewHandler PROTO_LIST
- ((B_AlgorithmInfoType *, B_Algorithm *));
-
-#endif
+++ /dev/null
-/* Copyright (C) RSA Data Security, Inc. created 1993, 1996. This is an
- unpublished work protected as such under copyright law. This work
- contains proprietary, confidential, and trade secret information of
- RSA Data Security, Inc. Use, disclosure or reproduction without the
- express written authorization of RSA Data Security, Inc. is
- prohibited.
- */
-
-#include "port_before.h"
-#include "global.h"
-#include "bsafe2.h"
-#include "bkey.h"
-#include "balg.h"
-#include "ahchrand.h"
-#include "aichrand.h"
-#include "port_after.h"
-
-B_TypeCheck *AITChooseRandomNullNewHandler PROTO_LIST
- ((B_AlgorithmInfoType *, B_Algorithm *));
-
-B_AlgorithmInfoTypeVTable AITChooseRandomNull_V_TABLE =
- {AITNullAddInfo, AITChooseRandomNullNewHandler,
- B_AlgorithmInfoTypeMakeError};
-
-/* This always uses NULL_PTR for the info.
- */
-B_TypeCheck *AITChooseRandomNullNewHandler (infoType, algorithm)
-B_AlgorithmInfoType *infoType;
-B_Algorithm *algorithm;
-{
-UNUSED_ARG (algorithm)
-
- /* Pass in NULL_PTR so that constructor will allocate.
- */
- return ((B_TypeCheck *)AHChooseRandomConstructor2
- ((AHChooseRandom *)NULL_PTR, infoType, NULL_PTR));
-}
-
+++ /dev/null
-/* Copyright (C) RSA Data Security, Inc. created 1993, 1996. This is an
- unpublished work protected as such under copyright law. This work
- contains proprietary, confidential, and trade secret information of
- RSA Data Security, Inc. Use, disclosure or reproduction without the
- express written authorization of RSA Data Security, Inc. is
- prohibited.
- */
-
-#ifndef _AICHRAND_H_
-#define _AICHRAND_H_ 1
-
-#include "ainfotyp.h"
-#include "ainull.h"
-
-extern B_AlgorithmInfoTypeVTable AITChooseRandomNull_V_TABLE;
-
-#endif
+++ /dev/null
-/* Copyright (C) RSA Data Security, Inc. created 1990, 1996. This is an
- unpublished work protected as such under copyright law. This work
- contains proprietary, confidential, and trade secret information of
- RSA Data Security, Inc. Use, disclosure or reproduction without the
- express written authorization of RSA Data Security, Inc. is
- prohibited.
- */
-
-#include "port_before.h"
-#include "global.h"
-#include "bsafe2.h"
-#include "bkey.h"
-#include "balg.h"
-#include "aichdig.h"
-#include "port_after.h"
-
-B_AlgorithmInfoType AIT_MD5 = {&AITChooseDigestNull_V_TABLE};
-
-int AI_MD5 (infoType)
-POINTER *infoType;
-{
- *infoType = (POINTER)&AIT_MD5;
-
- /* Return 0 to indicate a B_AlgorithmInfoType, not a B_KeyInfoType */
- return (0);
-}
-
+++ /dev/null
-/* Copyright (C) RSA Data Security, Inc. created 1990, 1996. This is an
- unpublished work protected as such under copyright law. This work
- contains proprietary, confidential, and trade secret information of
- RSA Data Security, Inc. Use, disclosure or reproduction without the
- express written authorization of RSA Data Security, Inc. is
- prohibited.
- */
-
-#include "port_before.h"
-#include "global.h"
-#include "bsafe2.h"
-#include "bkey.h"
-#include "balg.h"
-#include "aichrand.h"
-#include "port_after.h"
-
-B_AlgorithmInfoType AIT_MD5Random = {&AITChooseRandomNull_V_TABLE};
-
-int AI_MD5Random (infoType)
-POINTER *infoType;
-{
- *infoType = (POINTER)&AIT_MD5Random;
-
- /* Return 0 to indicate a B_AlgorithmInfoType, not a B_KeyInfoType */
- return (0);
-}
-
+++ /dev/null
-/* Copyright (C) RSA Data Security, Inc. created 1993, 1996. This is an
- unpublished work protected as such under copyright law. This work
- contains proprietary, confidential, and trade secret information of
- RSA Data Security, Inc. Use, disclosure or reproduction without the
- express written authorization of RSA Data Security, Inc. is
- prohibited.
- */
-
-#include "port_before.h"
-#include "global.h"
-#include "bsafe2.h"
-#include "bkey.h"
-#include "balg.h"
-#include "ainfotyp.h"
-#include "port_after.h"
-
-/* This is the default routine which algorithm info types point MakeInfo to
- if not redefined by a derived class.
- */
-int B_AlgorithmInfoTypeMakeError (infoType, info, algorithm)
-B_AlgorithmInfoType *infoType;
-POINTER *info;
-B_Algorithm *algorithm;
-{
-UNUSED_ARG (infoType)
-UNUSED_ARG (info)
-UNUSED_ARG (algorithm)
-
- /* Should already have been found in the cache. */
- return (BE_WRONG_ALGORITHM_INFO);
-}
-
+++ /dev/null
-/* Copyright (C) RSA Data Security, Inc. created 1993, 1996. This is an
- unpublished work protected as such under copyright law. This work
- contains proprietary, confidential, and trade secret information of
- RSA Data Security, Inc. Use, disclosure or reproduction without the
- express written authorization of RSA Data Security, Inc. is
- prohibited.
- */
-
-#ifndef _AINFOTYP_H_
-#define _AINFOTYP_H_ 1
-
-/* Use the THIS_ALGORITHM_INFO_TYPE macro to define the type of object in the
- virtual function prototype. It defaults to the most base class, but
- derived modules may define the macro to a more derived class before
- including this header file.
- */
-#ifndef THIS_ALGORITHM_INFO_TYPE
-#define THIS_ALGORITHM_INFO_TYPE struct B_AlgorithmInfoType
-#endif
-
-struct B_AlgorithmInfoType;
-
-typedef struct {
- int (*AddInfo) PROTO_LIST
- ((THIS_ALGORITHM_INFO_TYPE *, B_Algorithm *, POINTER));
- struct B_TypeCheck * (*NewHandler) PROTO_LIST
- ((THIS_ALGORITHM_INFO_TYPE *, B_Algorithm *));
- int (*MakeInfo) PROTO_LIST
- ((THIS_ALGORITHM_INFO_TYPE *, POINTER *, B_Algorithm *));
-} B_AlgorithmInfoTypeVTable;
-
-typedef struct B_AlgorithmInfoType {
- B_AlgorithmInfoTypeVTable *vTable;
-} B_AlgorithmInfoType;
-
-int B_AlgorithmInfoTypeMakeError PROTO_LIST
- ((THIS_ALGORITHM_INFO_TYPE *, POINTER *, B_Algorithm *));
-
-#endif
+++ /dev/null
-/* Copyright (C) RSA Data Security, Inc. created 1990, 1996. This is an
- unpublished work protected as such under copyright law. This work
- contains proprietary, confidential, and trade secret information of
- RSA Data Security, Inc. Use, disclosure or reproduction without the
- express written authorization of RSA Data Security, Inc. is
- prohibited.
- */
-
-#include "port_before.h"
-#include "global.h"
-#include "bsafe2.h"
-#include "bkey.h"
-#include "balg.h"
-#include "ainfotyp.h"
-#include "ainull.h"
-#include "port_after.h"
-
-int AITNullAddInfo (infoType, algorithm, info)
-B_AlgorithmInfoType *infoType;
-B_Algorithm *algorithm;
-POINTER info;
-{
-UNUSED_ARG (info)
- /* Cache null parameters. */
- return (B_InfoCacheAddInfo
- (&algorithm->infoCache, (POINTER)infoType, NULL_PTR));
-}
-
+++ /dev/null
-/* Copyright (C) RSA Data Security, Inc. created 1990, 1996. This is an
- unpublished work protected as such under copyright law. This work
- contains proprietary, confidential, and trade secret information of
- RSA Data Security, Inc. Use, disclosure or reproduction without the
- express written authorization of RSA Data Security, Inc. is
- prohibited.
- */
-
-int AITNullAddInfo PROTO_LIST
- ((THIS_ALGORITHM_INFO_TYPE *, B_Algorithm *, POINTER));
+++ /dev/null
-/* Copyright (C) RSA Data Security, Inc. created 1993, 1996. This is an
- unpublished work protected as such under copyright law. This work
- contains proprietary, confidential, and trade secret information of
- RSA Data Security, Inc. Use, disclosure or reproduction without the
- express written authorization of RSA Data Security, Inc. is
- prohibited.
- */
-
-#include "port_before.h"
-#include "global.h"
-#include "bsafe2.h"
-#include "bkey.h"
-#include "balg.h"
-#include "ainfotyp.h"
-#include "ainull.h"
-#include "ahrsaepr.h"
-#include "port_after.h"
-
-B_TypeCheck *AIT_PKCS_RSAPrivateNewHandler PROTO_LIST
- ((B_AlgorithmInfoType *, B_Algorithm *));
-
-static B_AlgorithmInfoTypeVTable V_TABLE =
- {AITNullAddInfo, AIT_PKCS_RSAPrivateNewHandler,
- B_AlgorithmInfoTypeMakeError};
-
-B_AlgorithmInfoType AIT_PKCS_RSAPrivate = {&V_TABLE};
-
-int AI_PKCS_RSAPrivate (infoType)
-POINTER *infoType;
-{
- *infoType = (POINTER)&AIT_PKCS_RSAPrivate;
-
- /* Return 0 to indicate a B_AlgorithmInfoType, not a B_KeyInfoType */
- return (0);
-}
-
-B_TypeCheck *AIT_PKCS_RSAPrivateNewHandler (infoType, algorithm)
-B_AlgorithmInfoType *infoType;
-B_Algorithm *algorithm;
-{
-UNUSED_ARG (infoType)
-UNUSED_ARG (algorithm)
- /* Pass in NULL_PTR so that constructor will allocate. */
- return ((B_TypeCheck *)AH_RSAEncrypPrivateConstructor
- ((AH_RSAEncryptionPrivate *)NULL_PTR));
-}
-
+++ /dev/null
-/* Copyright (C) RSA Data Security, Inc. created 1993, 1996. This is an
- unpublished work protected as such under copyright law. This work
- contains proprietary, confidential, and trade secret information of
- RSA Data Security, Inc. Use, disclosure or reproduction without the
- express written authorization of RSA Data Security, Inc. is
- prohibited.
- */
-
-#include "port_before.h"
-#include "global.h"
-#include "bsafe2.h"
-#include "bkey.h"
-#include "balg.h"
-#include "ainfotyp.h"
-#include "ainull.h"
-#include "ahrsaepu.h"
-#include "port_after.h"
-
-B_TypeCheck *AIT_PKCS_RSAPublicNewHandler PROTO_LIST
- ((B_AlgorithmInfoType *, B_Algorithm *));
-
-static B_AlgorithmInfoTypeVTable V_TABLE =
- {AITNullAddInfo, AIT_PKCS_RSAPublicNewHandler,
- B_AlgorithmInfoTypeMakeError};
-
-B_AlgorithmInfoType AIT_PKCS_RSAPublic = {&V_TABLE};
-
-int AI_PKCS_RSAPublic (infoType)
-POINTER *infoType;
-{
- *infoType = (POINTER)&AIT_PKCS_RSAPublic;
-
- /* Return 0 to indicate a B_AlgorithmInfoType, not a B_KeyInfoType */
- return (0);
-}
-
-B_TypeCheck *AIT_PKCS_RSAPublicNewHandler (infoType, algorithm)
-B_AlgorithmInfoType *infoType;
-B_Algorithm *algorithm;
-{
-UNUSED_ARG (infoType)
-UNUSED_ARG (algorithm)
- /* Pass in NULL_PTR so that constructor will allocate. */
- return ((B_TypeCheck *)AH_RSAEncrypPublicConstructor
- ((AH_RSAEncryptionPublic *)NULL_PTR));
-}
-
+++ /dev/null
-/* Copyright (C) RSA Data Security, Inc. created 1990, 1996. This is an
- unpublished work protected as such under copyright law. This work
- contains proprietary, confidential, and trade secret information of
- RSA Data Security, Inc. Use, disclosure or reproduction without the
- express written authorization of RSA Data Security, Inc. is
- prohibited.
- */
-
-#include "port_before.h"
-#include "global.h"
-#include "bsafe2.h"
-#include "bkey.h"
-#include "balg.h"
-#include "intitem.h"
-#include "aichgen.h"
-#include "port_after.h"
-
-int AIT_RSAKeyGenAddInfo PROTO_LIST
- ((THIS_ALGORITHM_INFO_TYPE *, B_Algorithm *, POINTER));
-
-static A_RSA_KEY_GEN_PARAMS STATIC_KEY_GEN_PARAMS;
-static ITEM *KEY_GEN_PARAMS_ITEMS[] = {&STATIC_KEY_GEN_PARAMS.publicExponent};
-
-static B_AlgorithmInfoTypeVTable V_TABLE =
- {AIT_RSAKeyGenAddInfo, AITChooseGenerateNewHandler,
- B_AlgorithmInfoTypeMakeError};
-
-B_AlgorithmInfoType AIT_RSAKeyGen = {&V_TABLE};
-
-int AI_RSAKeyGen (infoType)
-POINTER *infoType;
-{
- *infoType = (POINTER)&AIT_RSAKeyGen;
-
- /* Return 0 to indicate a B_AlgorithmInfoType, not a B_KeyInfoType */
- return (0);
-}
-
-int AIT_RSAKeyGenAddInfo (infoType, algorithm, info)
-B_AlgorithmInfoType *infoType;
-B_Algorithm *algorithm;
-POINTER info;
-{
- A_RSA_KEY_GEN_PARAMS *newInfo;
- int status;
-
- if ((status = B_MemoryPoolAlloc
- (&algorithm->infoCache.memoryPool, (POINTER *)&newInfo,
- sizeof (A_RSA_KEY_GEN_PARAMS))) != 0)
- return (status);
- if ((status = AllocAndCopyIntegerItems
- ((POINTER)newInfo, info, (POINTER)&STATIC_KEY_GEN_PARAMS,
- KEY_GEN_PARAMS_ITEMS,
- sizeof (KEY_GEN_PARAMS_ITEMS) / sizeof (KEY_GEN_PARAMS_ITEMS[0]),
- &algorithm->infoCache.memoryPool)) != 0)
- return (status);
-
- newInfo->modulusBits = ((A_RSA_KEY_GEN_PARAMS *)info)->modulusBits;
- return (B_InfoCacheAddInfo
- (&algorithm->infoCache, (POINTER)infoType, (POINTER)newInfo));
-}
-
+++ /dev/null
-/* Copyright (C) RSA Data Security, Inc. created 1990, 1996. This is an
- unpublished work protected as such under copyright law. This work
- contains proprietary, confidential, and trade secret information of
- RSA Data Security, Inc. Use, disclosure or reproduction without the
- express written authorization of RSA Data Security, Inc. is
- prohibited.
- */
-
-#include "port_before.h"
-#include "global.h"
-#include "bsafe2.h"
-#include "bkey.h"
-#include "balg.h"
-#include "aichencn.h"
-#include "port_after.h"
-
-B_AlgorithmInfoType AIT_RSAPrivate = {&AITChooseEncryptNull_V_TABLE};
-
-int AI_RSAPrivate (infoType)
-POINTER *infoType;
-{
- *infoType = (POINTER)&AIT_RSAPrivate;
-
- /* Return 0 to indicate a B_AlgorithmInfoType, not a B_KeyInfoType */
- return (0);
-}
-
+++ /dev/null
-/* Copyright (C) RSA Data Security, Inc. created 1990, 1996. This is an
- unpublished work protected as such under copyright law. This work
- contains proprietary, confidential, and trade secret information of
- RSA Data Security, Inc. Use, disclosure or reproduction without the
- express written authorization of RSA Data Security, Inc. is
- prohibited.
- */
-
-#include "port_before.h"
-#include "global.h"
-#include "bsafe2.h"
-#include "bkey.h"
-#include "balg.h"
-#include "aichencn.h"
-#include "port_after.h"
-
-B_AlgorithmInfoType AIT_RSAPublic = {&AITChooseEncryptNull_V_TABLE};
-
-int AI_RSAPublic (infoType)
-POINTER *infoType;
-{
- *infoType = (POINTER)&AIT_RSAPublic;
-
- /* Return 0 to indicate a B_AlgorithmInfoType, not a B_KeyInfoType */
- return (0);
-}
-
+++ /dev/null
-/* Copyright (C) RSA Data Security, Inc. created 1992, 1996. This is an
- unpublished work protected as such under copyright law. This work
- contains proprietary, confidential, and trade secret information of
- RSA Data Security, Inc. Use, disclosure or reproduction without the
- express written authorization of RSA Data Security, Inc. is
- prohibited.
- */
-
-#ifndef _ALGAE_H_
-#define _ALGAE_H_ 1
-
-#ifndef T_CALL
-#define T_CALL
-#endif
-
-/* Used to reduce the stack size in routines with big scratch buffers.
- If set to 1, this will make ALGAE allocate these buffers on the heap.
- */
-#ifndef USE_ALLOCED_FRAME
-#define USE_ALLOCED_FRAME 1
-#endif
-
-#include "atypes.h"
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-#define AE_CANCEL 0x0001
-#define AE_DATA 0x0002
-#define AE_EXPONENT_EVEN 0x0003
-#define AE_EXPONENT_LEN 0x0004
-#define AE_INPUT_DATA 0x0005
-#define AE_INPUT_LEN 0x0006
-#define AE_MODULUS_LEN 0x0007
-#define AE_NEED_RANDOM 0x0008
-#define AE_NOT_SUPPORTED 0x0009
-#define AE_OUTPUT_LEN 0x000a
-#define AE_NOT_INITIALIZED 0x000b
-#define AE_KEY_LEN 0x000c
-#define AE_KEY_INFO 0x000d
-#define AE_SEQUENCE 0x000e
-#define AE_PARAMS 0x000f
-
-#if USE_ALLOCED_FRAME
-/* Needed only for big number code heap allocation of scratch arrays.
- */
-#define AE_ALLOC 0x0080
-POINTER T_malloc PROTO_LIST ((unsigned int));
-void T_free PROTO_LIST ((POINTER));
-#endif
-
-/* Routines supplied by the implementor.
- */
-void T_memset PROTO_LIST ((POINTER, int, unsigned int));
-void T_memcpy PROTO_LIST ((POINTER, CPOINTER, unsigned int));
-void T_memmove PROTO_LIST ((POINTER, POINTER, unsigned int));
-int T_memcmp PROTO_LIST ((CPOINTER, CPOINTER, unsigned int));
-
-unsigned int A_IntegerBits PROTO_LIST ((const unsigned char *, unsigned int));
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif
+++ /dev/null
-/* Copyright (C) RSA Data Security, Inc. created 1993, 1996. This is an
- unpublished work protected as such under copyright law. This work
- contains proprietary, confidential, and trade secret information of
- RSA Data Security, Inc. Use, disclosure or reproduction without the
- express written authorization of RSA Data Security, Inc. is
- prohibited.
- */
-
-#include "port_before.h"
-#include "global.h"
-#include "bsafe2.h"
-#include "algae.h"
-#include "balgmeth.h"
-#include "bkey.h"
-#include "algchoic.h"
-#include "port_after.h"
-
-/* In C++:
-ResizeContext::ResizeContext ()
-{
- T_memset ((POINTER)&z, 0, sizeof (z));
-}
- */
-void ResizeContextConstructor (resizeContext)
-ResizeContext *resizeContext;
-{
- T_memset ((POINTER)&resizeContext->z, 0, sizeof (resizeContext->z));
-}
-
-/* In C++:
-ResizeContext::~ResizeContext ()
-{
- T_memset (z.context, 0, z.contextSize);
- T_free (z.context);
-}
- */
-void ResizeContextDestructor (resizeContext)
-ResizeContext *resizeContext;
-{
- T_memset (resizeContext->z.context, 0, resizeContext->z.contextSize);
- T_free (resizeContext->z.context);
-}
-
-/* If the resizeContext's context is already the requested size, do nothing.
- Otherwise, this memsets the existing context to zero, then allocates
- the context as a buffer of the requested size.
- If the allocate fails, the context size is set to
- zero so that later calls will not zeroize non-existing buffers.
- */
-int ResizeContextMakeNewContext (resizeContext, contextSize)
-ResizeContext *resizeContext;
-unsigned int contextSize;
-{
- if (resizeContext->z.contextSize == contextSize)
- return (0);
-
- /* Take care of zeroizing the previous context.
- */
- T_memset (resizeContext->z.context, 0, resizeContext->z.contextSize);
-
- if ((resizeContext->z.context = T_realloc
- (resizeContext->z.context, contextSize)) == NULL_PTR) {
- resizeContext->z.contextSize = 0;
- return (BE_ALLOC);
- }
-
- resizeContext->z.contextSize = contextSize;
- return (0);
-}
-
-int AlgaChoiceChoose (algaChoice, encryptFlag, key, chooser, surrenderContext)
-AlgaChoice *algaChoice;
-int encryptFlag;
-B_Key *key;
-B_ALGORITHM_CHOOSER chooser;
-A_SURRENDER_CTX *surrenderContext;
-{
- POINTER keyInfo;
- int status, overallStatus;
-
- /* Each alga init callback returns BE_NOT_SUPPORTED if the Query fails.
- Each also may return a more specific error like BE_MODULUS_LEN if the
- method is not supported, so return the more specific error if possible.
- */
- overallStatus = BE_METHOD_NOT_IN_CHOOSER;
-
- for (; *chooser != (B_ALGORITHM_METHOD *)NULL_PTR; chooser++) {
- if ((*chooser)->algorithmInfoType != algaChoice->_algorithmInfoType ||
- (*chooser)->encryptFlag != encryptFlag)
- /* Wrong type of algorithm, or the encryptFlag is wrong */
- continue;
-
- if ((*chooser)->keyInfoType != (struct B_KeyInfoType *)NULL_PTR) {
- if ((status = B_KeyGetInfo
- (key, &keyInfo, (*chooser)->keyInfoType)) != 0) {
- if (IS_FATAL_BSAFE_ERROR (status))
- return (status);
-
- /* Update the overall status with this more specific error. */
- overallStatus = status;
- continue;
- }
- }
- else
- keyInfo = NULL_PTR;
-
- if ((status = (*algaChoice->_InitAlga)
- (algaChoice, keyInfo, *chooser, surrenderContext)) != 0) {
- if (IS_FATAL_BSAFE_ERROR (status))
- return (status);
-
- /* Update the overall status with this more specific error. */
- overallStatus = status;
- continue;
- }
-
- /* Succeeded */
- algaChoice->_alga = (*chooser)->alga;
- return (0);
- }
-
- return (overallStatus);
-}
-
-/* Convert the ALGAE error to a BSAFE2 error.
- This does not check for zero since BSAFE should not bother to call
- this function if there is no error.
- */
-int ConvertAlgaeError (type)
-int type;
-{
- switch (type) {
- case AE_CANCEL:
- return (BE_CANCEL);
- case AE_DATA:
- return (BE_DATA);
- case AE_EXPONENT_EVEN:
- return (BE_EXPONENT_EVEN);
- case AE_EXPONENT_LEN:
- return (BE_EXPONENT_LEN);
- case AE_INPUT_DATA:
- return (BE_INPUT_DATA);
- case AE_INPUT_LEN:
- return (BE_INPUT_LEN);
- case AE_KEY_INFO:
- return (BE_KEY_INFO);
- case AE_KEY_LEN:
- return (BE_KEY_LEN);
- case AE_MODULUS_LEN:
- return (BE_MODULUS_LEN);
- case AE_NOT_INITIALIZED:
- return (BE_NOT_INITIALIZED);
- case AE_NOT_SUPPORTED:
- return (BE_NOT_SUPPORTED);
- case AE_OUTPUT_LEN:
- return (BE_OUTPUT_LEN);
- case AE_PARAMS:
- return (BE_ALGORITHM_INFO);
-
-#if USE_ALLOCED_FRAME
- case AE_ALLOC:
- return (BE_ALLOC);
-#endif
-
- default:
- return (BE_DATA);
- }
-}
-
+++ /dev/null
-/* Copyright (C) RSA Data Security, Inc. created 1993, 1996. This is an
- unpublished work protected as such under copyright law. This work
- contains proprietary, confidential, and trade secret information of
- RSA Data Security, Inc. Use, disclosure or reproduction without the
- express written authorization of RSA Data Security, Inc. is
- prohibited.
- */
-
-#ifndef _ALGCHOICE_H_
-#define _ALGCHOICE_H_ 1
-
-#define IS_FATAL_BSAFE_ERROR(status) \
- (status == BE_ALLOC || status == BE_HARDWARE || status == BE_CANCEL)
-
-/* Use the THIS_ALGA_CHOICE macro to define the type of object in the
- INIT_ALGA prototype. It defaults to the AlgaChoice, but
- derived modules may define the macro to a more derived class before
- including this header file.
- */
-struct AlgaChoice;
-#ifndef THIS_ALGA_CHOICE
-#define THIS_ALGA_CHOICE struct AlgaChoice
-#endif
-
-/* In C++:
-class ResizeContext {
-public:
- ResizeContext ();
- ~ResizeContext ();
- int makeNewContext (unsigned int contextSize);
- POINTER context () {return z.context;}
-
-private:
- struct {
- POINTER context;
- unsigned int contextSize;
- } z;
-};
-
-class AlgaChoice;
-typedef int (*INIT_ALGA)
- (THIS_ALGA_CHOICE *algaChoice, POINTER keyInfo,
- struct B_ALGORITHM_METHOD *algorithmMethod,
- A_SURRENDER_CTX *surrenderContext);
-
-class AlgaChoice {
-public:
- AlgaChoice (INIT_ALGA InitAlga) : _InitAlga (InitAlga) {}
- ~AlgaChoice () {}
- int choose
- (int encryptFlag, B_Key *key, B_ALGORITHM_CHOOSER chooser,
- A_SURRENDER_CTX *surrenderContext);
- int makeNewContext (unsigned int contextSize) {
- context.makeNewContext (contextSize); }
- POINTER alga () {return _alga;}
- POINTER algorithmInfo () {return _algorithmInfo;}
- POINTER context () {return context.context ();}
- void setAlgorithmInfoType (B_AlgorithmInfoType *algorithmInfoType) {
- _algorithmInfoType = algorithmInfoType;
- }
- void setAlgorithmInfo (POINTER algorithmInfo) {
- _algorithmInfo = algorithmInfo;
- }
-
-private:
- POINTER _alga;
- B_AlgorithmInfoType *_algorithmInfoType;
- POINTER _algorithmInfo;
- INIT_ALGA _InitAlga;
-
- ResizeContext context;
-};
- */
-struct B_AlgorithmInfoType;
-
-typedef struct ResizeContext {
- struct {
- POINTER context;
- unsigned int contextSize;
- } z; /* zeriozed by constructor */
-} ResizeContext;
-
-typedef int (*INIT_ALGA) PROTO_LIST
- ((THIS_ALGA_CHOICE *, POINTER, struct B_ALGORITHM_METHOD *,
- A_SURRENDER_CTX *));
-
-typedef struct AlgaChoice {
- POINTER _alga;
- struct B_AlgorithmInfoType *_algorithmInfoType;
- POINTER _algorithmInfo;
- INIT_ALGA _InitAlga;
-
- ResizeContext context;
-} AlgaChoice;
-
-void ResizeContextConstructor PROTO_LIST ((ResizeContext *));
-void ResizeContextDestructor PROTO_LIST ((ResizeContext *));
-int ResizeContextMakeNewContext PROTO_LIST ((ResizeContext *, unsigned int));
-
-#define ALGA_CHOICE_Constructor(algaChoice, InitAlga)\
- (ResizeContextConstructor (&(algaChoice)->context), \
- (algaChoice)->_InitAlga = (InitAlga))
-#define ALGA_CHOICE_Destructor(algaChoice)\
- (ResizeContextDestructor (&(algaChoice)->context))
-
-int AlgaChoiceChoose PROTO_LIST
- ((AlgaChoice *, int, B_Key *, B_ALGORITHM_CHOOSER, A_SURRENDER_CTX *));
-
-int ConvertAlgaeError PROTO_LIST ((int));
-
-#endif
+++ /dev/null
-/* Copyright (C) RSA Data Security, Inc. created 1990, 1996. This is an
- unpublished work protected as such under copyright law. This work
- contains proprietary, confidential, and trade secret information of
- RSA Data Security, Inc. Use, disclosure or reproduction without the
- express written authorization of RSA Data Security, Inc. is
- prohibited.
- */
-
-#include "port_before.h"
-#include "global.h"
-#include "bsafe2.h"
-#include "bkey.h"
-#include "balg.h"
-#include "ainfotyp.h"
-#include "keyobj.h"
-#include "algobj.h"
-#include "port_after.h"
-
-static char ALGORITHM_TYPE_TAG = 0;
-
-int B_CreateAlgorithmObject (algorithmObject)
-B_ALGORITHM_OBJ *algorithmObject;
-{
- AlgorithmWrap *algorithmWrap;
-
- if ((*algorithmObject = T_malloc (sizeof (*algorithmWrap))) == NULL_PTR)
- return (BE_ALLOC);
-
- algorithmWrap = (AlgorithmWrap *)*algorithmObject;
-
- /* First construct base class */
- B_AlgorithmConstructor (&algorithmWrap->algorithm);
-
- algorithmWrap->typeTag = &ALGORITHM_TYPE_TAG;
- algorithmWrap->selfCheck = algorithmWrap;
- return (0);
-}
-
-void B_DestroyAlgorithmObject (algorithmObject)
-B_ALGORITHM_OBJ *algorithmObject;
-{
- AlgorithmWrap *algorithmWrap = (AlgorithmWrap *)*algorithmObject;
-
- if (AlgorithmWrapCheck (algorithmWrap) == 0) {
- /* zeroize self check to invalidate memory. */
- algorithmWrap->selfCheck = (AlgorithmWrap *)NULL_PTR;
-
- /* Call base class descructor */
- B_AlgorithmDestructor (&algorithmWrap->algorithm);
-
- T_free ((POINTER)algorithmWrap);
- }
-
- *algorithmObject = NULL_PTR;
-}
-
-int B_SetAlgorithmInfo (algorithmObject, infoType, info)
-B_ALGORITHM_OBJ algorithmObject;
-B_INFO_TYPE infoType;
-POINTER info;
-{
- B_AlgorithmInfoType *algorithmInfoType;
- int status;
-
- if ((status = AlgorithmWrapCheck (THE_ALG_WRAP)) != 0)
- return (status);
-
- /* Get the AlgorithmInfoType from the B_INFO_TYPE, which returns
- zero for an AlgorithmInfoType, non-zero for KeyInfoType
- */
- if ((*infoType) ((POINTER *)&algorithmInfoType) != 0)
- return (BE_KEY_OPERATION_UNKNOWN);
-
- return (B_AlgorithmSetInfo
- (&THE_ALG_WRAP->algorithm, algorithmInfoType, info));
-}
-
-int B_GetAlgorithmInfo (info, algorithmObject, infoType)
-POINTER *info;
-B_ALGORITHM_OBJ algorithmObject;
-B_INFO_TYPE infoType;
-{
- B_AlgorithmInfoType *algorithmInfoType;
- int status;
-
- if ((status = AlgorithmWrapCheck (THE_ALG_WRAP)) != 0)
- return (status);
-
- /* Get the AlgorithmInfoType from the B_INFO_TYPE, which returns
- zero for an AlgorithmInfoType, non-zero for KeyInfoType
- */
- if ((*infoType) ((POINTER *)&algorithmInfoType) != 0)
- return (BE_KEY_OPERATION_UNKNOWN);
-
- return (B_AlgorithmGetInfo
- (&THE_ALG_WRAP->algorithm, info, algorithmInfoType));
-}
-
-/* Return 0 if this is a valid AlgorithmWrap object. Return BE_ALGORITHM_OBJ if
- algorithmWrap is NULL_PTR or invalid.
- */
-int AlgorithmWrapCheck (algorithmWrap)
-AlgorithmWrap *algorithmWrap;
-{
- return ((algorithmWrap != (AlgorithmWrap *)NULL_PTR &&
- algorithmWrap->selfCheck == algorithmWrap &&
- algorithmWrap->typeTag == &ALGORITHM_TYPE_TAG) ?
- 0 : BE_ALGORITHM_OBJ);
-}
-
-/* Like AlgorithmWrapCheck except returns BE_RANDOM_OBJ for error.
- Also, return OK status if randomAlgorithm is NULL_PTR.
- */
-int RandomAlgorithmCheck (randomAlgorithm)
-B_ALGORITHM_OBJ randomAlgorithm;
-{
- if (randomAlgorithm == NULL_PTR)
- return (0);
-
- return (AlgorithmWrapCheck ((AlgorithmWrap *)randomAlgorithm) ?
- BE_RANDOM_OBJ : 0);
-}
-
+++ /dev/null
-/* Copyright (C) RSA Data Security, Inc. created 1990, 1996. This is an
- unpublished work protected as such under copyright law. This work
- contains proprietary, confidential, and trade secret information of
- RSA Data Security, Inc. Use, disclosure or reproduction without the
- express written authorization of RSA Data Security, Inc. is
- prohibited.
- */
-
-#define THE_ALG_WRAP ((AlgorithmWrap *)algorithmObject)
-
-typedef struct AlgorithmWrap {
- B_Algorithm algorithm;
- char *typeTag;
- struct AlgorithmWrap *selfCheck;
-} AlgorithmWrap;
-
-int AlgorithmWrapCheck PROTO_LIST ((AlgorithmWrap *));
-int RandomAlgorithmCheck PROTO_LIST ((B_ALGORITHM_OBJ));
-
+++ /dev/null
-/* Copyright (C) RSA Data Security, Inc. created 1994, 1996. This is an
- unpublished work protected as such under copyright law. This work
- contains proprietary, confidential, and trade secret information of
- RSA Data Security, Inc. Use, disclosure or reproduction without the
- express written authorization of RSA Data Security, Inc. is
- prohibited.
- */
-
-#include "port_before.h"
-#include "global.h"
-#include "algae.h"
-#include "bsafe2.h"
-#include "balgmeth.h"
-#include "crt2.h"
-#include "amencdec.h"
-#include "port_after.h"
-
-static int RSA_CRT2Query PROTO_LIST ((unsigned int *, POINTER, POINTER));
-static int RSA_CRT2Init PROTO_LIST
- ((POINTER, POINTER, POINTER, A_SURRENDER_CTX *));
-static int RSA_CRT2Update PROTO_LIST
- ((POINTER, unsigned char *, unsigned int *, unsigned int,
- const unsigned char *, unsigned int, A_SURRENDER_CTX *));
-static int RSA_CRT2Final PROTO_LIST
- ((POINTER, unsigned char *, unsigned int *, unsigned int,
- A_SURRENDER_CTX *));
-static int RSA_CRT2GetMaxOutputLen PROTO_LIST
- ((POINTER, unsigned int *, unsigned int));
-static int RSA_CRT2GetBlockLen PROTO_LIST ((POINTER, unsigned int *));
-
-extern struct B_AlgorithmInfoType AIT_RSAPrivate;
-extern struct B_KeyInfoType KIT_RSA_CRT;
-
-static A_ENCRYPT_DECRYPT_ALGA A_RSA_CRT2_CRYPT = {
- RSA_CRT2Query, RSA_CRT2Init, RSA_CRT2Update, RSA_CRT2Final,
- RSA_CRT2GetMaxOutputLen, RSA_CRT2GetBlockLen
-};
-
-B_ALGORITHM_METHOD AM_RSA_CRT_DECRYPT =
- {&AIT_RSAPrivate, 0, &KIT_RSA_CRT, (POINTER)&A_RSA_CRT2_CRYPT};
-B_ALGORITHM_METHOD AM_RSA_CRT_ENCRYPT =
- {&AIT_RSAPrivate, 1, &KIT_RSA_CRT, (POINTER)&A_RSA_CRT2_CRYPT};
-
-static int RSA_CRT2Query (contextLen, key, params)
-unsigned int *contextLen;
-POINTER key;
-POINTER params;
-{
-UNUSED_ARG (params)
-
- if (A_IntegerBits
- (((A_RSA_CRT_KEY *)key)->modulus.data,
- ((A_RSA_CRT_KEY *)key)->modulus.len) > MAX_RSA_MODULUS_BITS)
- /* Key size is too big to handle. */
- return (AE_MODULUS_LEN);
-
- *contextLen = sizeof (A_RSA_CRT2_CTX);
- return (0);
-}
-
-static int RSA_CRT2Init (context, key, params, surrenderContext)
-POINTER context;
-POINTER key;
-POINTER params;
-A_SURRENDER_CTX *surrenderContext;
-{
-UNUSED_ARG (params)
-UNUSED_ARG (surrenderContext)
-
- return (A_RSA_CRT2Init ((A_RSA_CRT2_CTX *)context, (A_RSA_CRT_KEY *)key));
-}
-
-static int RSA_CRT2Update
- (context, output, outputLen, maxOutputLen, input, inputLen, surrenderContext)
-POINTER context;
-unsigned char *output;
-unsigned int *outputLen;
-unsigned int maxOutputLen;
-const unsigned char *input;
-unsigned int inputLen;
-A_SURRENDER_CTX *surrenderContext;
-{
- return (A_RSA_CRT2Update
- ((A_RSA_CRT2_CTX *)context, output, outputLen, maxOutputLen, input,
- inputLen, surrenderContext));
-}
-
-static int RSA_CRT2Final
- (context, output, outputLen, maxOutputLen, surrenderContext)
-POINTER context;
-unsigned char *output;
-unsigned int *outputLen;
-unsigned int maxOutputLen;
-A_SURRENDER_CTX * surrenderContext;
-{
-UNUSED_ARG (output)
-UNUSED_ARG (maxOutputLen)
-UNUSED_ARG (surrenderContext)
-
- *outputLen = 0;
- return (A_RSA_CRT2Final ((A_RSA_CRT2_CTX *)context));
-}
-
-static int RSA_CRT2GetMaxOutputLen (context, outputLen, inputLen)
-POINTER context;
-unsigned int *outputLen;
-unsigned int inputLen;
-{
- *outputLen = A_RSA_CRT2_MAX_OUTPUT_LEN ((A_RSA_CRT2_CTX *)context, inputLen);
- return (0);
-}
-
-static int RSA_CRT2GetBlockLen (context, blockLen)
-POINTER context;
-unsigned int *blockLen;
-{
- *blockLen = A_RSA_CRT2_BLOCK_LEN ((A_RSA_CRT2_CTX *)context);
- return(0);
-}
+++ /dev/null
-/* Copyright (C) RSA Data Security, Inc. created 1994, 1996. This is an
- unpublished work protected as such under copyright law. This work
- contains proprietary, confidential, and trade secret information of
- RSA Data Security, Inc. Use, disclosure or reproduction without the
- express written authorization of RSA Data Security, Inc. is
- prohibited.
- */
-
-typedef struct {
- int (*Query) PROTO_LIST ((unsigned int *, POINTER));
- int (*Init) PROTO_LIST ((POINTER, POINTER, A_SURRENDER_CTX *));
- int (*Update) PROTO_LIST
- ((POINTER, const unsigned char *, unsigned int, A_SURRENDER_CTX *));
- int (*Final) PROTO_LIST
- ((POINTER, unsigned char *, unsigned int *, unsigned int,
- A_SURRENDER_CTX *));
- int (*GetMaxOutputLen) PROTO_LIST ((POINTER, unsigned int *));
-} A_DIGEST_ALGA;
-
+++ /dev/null
-/* Copyright (C) RSA Data Security, Inc. created 1994, 1996. This is an
- unpublished work protected as such under copyright law. This work
- contains proprietary, confidential, and trade secret information of
- RSA Data Security, Inc. Use, disclosure or reproduction without the
- express written authorization of RSA Data Security, Inc. is
- prohibited.
- */
-
-typedef struct {
- int (*Query) PROTO_LIST ((unsigned int *, POINTER, POINTER));
- int (*Init) PROTO_LIST ((POINTER, POINTER, POINTER, A_SURRENDER_CTX *));
- int (*Update) PROTO_LIST
- ((POINTER, unsigned char *, unsigned int *, unsigned int,
- const unsigned char *, unsigned int, A_SURRENDER_CTX *));
- int (*Final) PROTO_LIST
- ((POINTER, unsigned char *, unsigned int *, unsigned int,
- A_SURRENDER_CTX *));
- int (*GetMaxOutputLen) PROTO_LIST ((POINTER, unsigned int *, unsigned int));
- int (*GetBlockLen) PROTO_LIST ((POINTER, unsigned int *));
-} A_ENCRYPT_DECRYPT_ALGA;
-
+++ /dev/null
-/* Copyright (C) RSA Data Security, Inc. created 1994, 1996. This is an
- unpublished work protected as such under copyright law. This work
- contains proprietary, confidential, and trade secret information of
- RSA Data Security, Inc. Use, disclosure or reproduction without the
- express written authorization of RSA Data Security, Inc. is
- prohibited.
- */
-
-struct B_KeyInfoType;
-
-typedef struct {
- int (*Query) PROTO_LIST
- ((unsigned int *, unsigned int *, unsigned int *, struct B_KeyInfoType **,
- POINTER));
- int (*Init) PROTO_LIST ((POINTER, POINTER, POINTER, A_SURRENDER_CTX *));
- int (*Generate) PROTO_LIST
- ((POINTER, POINTER *, unsigned char *, A_SURRENDER_CTX *));
-} A_GENERATE_ALGA;
-
+++ /dev/null
-/* Copyright (C) RSA Data Security, Inc. created 1990, 1996. This is an
- unpublished work protected as such under copyright law. This work
- contains proprietary, confidential, and trade secret information of
- RSA Data Security, Inc. Use, disclosure or reproduction without the
- express written authorization of RSA Data Security, Inc. is
- prohibited.
- */
-
-#include "port_before.h"
-#include "global.h"
-#include "algae.h"
-#include "bsafe2.h"
-#include "balgmeth.h"
-#include "md5.h"
-#include "amdigest.h"
-#include "port_after.h"
-
-static int MD5Query PROTO_LIST ((unsigned int *, POINTER));
-static int MD5Init PROTO_LIST ((POINTER, POINTER, A_SURRENDER_CTX*));
-static int MD5Update PROTO_LIST
- ((POINTER, const unsigned char *, unsigned int, A_SURRENDER_CTX*));
-static int MD5Final PROTO_LIST
- ((POINTER, unsigned char *, unsigned int *, unsigned int, A_SURRENDER_CTX*));
-static int MD5GetMaxOutputLen PROTO_LIST ((POINTER, unsigned int *));
-
-static A_DIGEST_ALGA A_MD5_DIGEST = {
- MD5Query, MD5Init, MD5Update, MD5Final, MD5GetMaxOutputLen
-};
-
-extern struct B_AlgorithmInfoType AIT_MD5;
-
-B_ALGORITHM_METHOD AM_MD5 =
- {&AIT_MD5, 0, (struct B_KeyInfoType *)NULL_PTR, (POINTER)&A_MD5_DIGEST};
-
-/* Returns 0.
- */
-static int MD5Query (contextLen, params)
-unsigned int *contextLen;
-POINTER params;
-{
-UNUSED_ARG (params)
-
- *contextLen = sizeof (A_MD5_CTX);
- return (0);
-}
-
-/* Returns 0.
- */
-static int MD5Init (context, params, surrenderContext)
-POINTER context;
-POINTER params;
-A_SURRENDER_CTX *surrenderContext;
-{
-UNUSED_ARG (params)
-UNUSED_ARG (surrenderContext)
-
- A_MD5Init ((A_MD5_CTX *)context);
- return (0);
-}
-
-/* Returns 0.
- */
-static int MD5Update (context, input, inputLen, surrenderContext)
-POINTER context;
-const unsigned char *input;
-unsigned int inputLen;
-A_SURRENDER_CTX *surrenderContext;
-{
-UNUSED_ARG (surrenderContext)
-
- A_MD5Update ((A_MD5_CTX *)context, input, inputLen);
- return (0);
-}
-
-/* Returns 0, AE_OUTPUT_LEN if maxDigestLen is too small.
- */
-static int MD5Final
- (context, digest, digestLen, maxDigestLen, surrenderContext)
-POINTER context;
-unsigned char *digest;
-unsigned int *digestLen;
-unsigned int maxDigestLen;
-A_SURRENDER_CTX *surrenderContext;
-{
-UNUSED_ARG (surrenderContext)
-
- if ((*digestLen = A_MD5_DIGEST_LEN) > maxDigestLen)
- return (AE_OUTPUT_LEN);
-
- A_MD5Final ((A_MD5_CTX *)context, digest);
- return (0);
-}
-
-static int MD5GetMaxOutputLen (context, outputLen)
-POINTER context;
-unsigned int *outputLen;
-{
-UNUSED_ARG (context)
-
- *outputLen = A_MD5_DIGEST_LEN;
- return(0);
-}
+++ /dev/null
-/* Copyright (C) RSA Data Security, Inc. created 1990, 1996. This is an
- unpublished work protected as such under copyright law. This work
- contains proprietary, confidential, and trade secret information of
- RSA Data Security, Inc. Use, disclosure or reproduction without the
- express written authorization of RSA Data Security, Inc. is
- prohibited.
- */
-
-#include "port_before.h"
-#include "global.h"
-#include "algae.h"
-#include "bsafe2.h"
-#include "balgmeth.h"
-#include "md5rand.h"
-#include "amrandom.h"
-#include "port_after.h"
-
-static int MD5RandomQuery PROTO_LIST ((unsigned int *, POINTER));
-static int MD5RandomInit PROTO_LIST ((POINTER, POINTER, A_SURRENDER_CTX *));
-static int MD5RandomUpdate PROTO_LIST
- ((POINTER, unsigned char *, unsigned int, A_SURRENDER_CTX *));
-static int MD5RandomGenerateBytes PROTO_LIST
- ((POINTER, unsigned char *, unsigned int, A_SURRENDER_CTX *));
-
-extern struct B_AlgorithmInfoType AIT_MD5Random;
-
-static A_RANDOM_ALGA A_MD5_RANDOM =
- {MD5RandomQuery, MD5RandomInit, MD5RandomUpdate, MD5RandomGenerateBytes};
-
-B_ALGORITHM_METHOD AM_MD5_RANDOM =
- {&AIT_MD5Random, 0, (struct B_KeyInfoType *)NULL_PTR,
- (POINTER)&A_MD5_RANDOM};
-
-static int MD5RandomQuery (contextLen, params)
-unsigned int *contextLen;
-POINTER params;
-{
-UNUSED_ARG (params)
-
- *contextLen = sizeof (A_MD5_RANDOM_CTX);
- return (0);
-}
-
-static int MD5RandomInit (context, params, surrenderContext)
-POINTER context;
-POINTER params;
-A_SURRENDER_CTX *surrenderContext;
-{
-UNUSED_ARG (params)
-UNUSED_ARG (surrenderContext)
-
- A_MD5RandomInit ((A_MD5_RANDOM_CTX *)context);
- return (0);
-}
-
-static int MD5RandomUpdate (context, input, inputLen, surrenderContext)
-POINTER context;
-unsigned char *input;
-unsigned int inputLen;
-A_SURRENDER_CTX *surrenderContext;
-{
-UNUSED_ARG (surrenderContext)
-
- A_MD5RandomUpdate ((A_MD5_RANDOM_CTX *)context, input, inputLen);
- return (0);
-}
-
-static int MD5RandomGenerateBytes
- (context, output, outputLen, surrenderContext)
-POINTER context;
-unsigned char *output;
-unsigned int outputLen;
-A_SURRENDER_CTX *surrenderContext;
-{
-UNUSED_ARG (surrenderContext)
-
- A_MD5RandomGenerateBytes ((A_MD5_RANDOM_CTX *)context, output, outputLen);
- return (0);
-}
+++ /dev/null
-/* Copyright (C) RSA Data Security, Inc. created 1994, 1996. This is an
- unpublished work protected as such under copyright law. This work
- contains proprietary, confidential, and trade secret information of
- RSA Data Security, Inc. Use, disclosure or reproduction without the
- express written authorization of RSA Data Security, Inc. is
- prohibited.
- */
-
-typedef struct {
- int (*Query) PROTO_LIST ((unsigned int *, POINTER));
- int (*Init) PROTO_LIST ((POINTER, POINTER, A_SURRENDER_CTX *));
- int (*Update) PROTO_LIST
- ((POINTER, unsigned char *, unsigned int, A_SURRENDER_CTX *));
- int (*Generate) PROTO_LIST
- ((POINTER, unsigned char *, unsigned int, A_SURRENDER_CTX *));
-} A_RANDOM_ALGA;
-
+++ /dev/null
-/* Copyright (C) RSA Data Security, Inc. created 1994, 1996. This is an
- unpublished work protected as such under copyright law. This work
- contains proprietary, confidential, and trade secret information of
- RSA Data Security, Inc. Use, disclosure or reproduction without the
- express written authorization of RSA Data Security, Inc. is
- prohibited.
- */
-
-#include "port_before.h"
-#include "global.h"
-#include "bsafe2.h"
-#include "algae.h"
-#include "rsakeygn.h"
-#include "balgmeth.h"
-#include "amgen.h"
-#include "port_after.h"
-
-#define THE_GEN_PARAMS ((A_RSA_KEY_GEN_PARAMS *)params)
-
-extern struct B_AlgorithmInfoType AIT_RSAKeyGen;
-extern struct B_KeyInfoType KIT_PKCS_RSAPrivate;
-
-static int RSAKeyGenQuery PROTO_LIST
- ((unsigned int *, unsigned int *, unsigned int *, struct B_KeyInfoType **,
- POINTER));
-static int RSAKeyGenInit PROTO_LIST
- ((POINTER, POINTER, POINTER, A_SURRENDER_CTX *));
-static int RSAKeyGen PROTO_LIST
- ((POINTER, POINTER *, unsigned char *, A_SURRENDER_CTX *));
-
-static A_GENERATE_ALGA A_RSA_KEY_GEN =
- {RSAKeyGenQuery, RSAKeyGenInit, RSAKeyGen};
-
-B_ALGORITHM_METHOD AM_RSA_KEY_GEN =
- {&AIT_RSAKeyGen, 0, (struct B_KeyInfoType *)NULL_PTR,
- (POINTER)&A_RSA_KEY_GEN};
-
-static int RSAKeyGenQuery
- (contextLen, secondContextLen, randomBlockLen, resultInfoType, params)
-unsigned int *contextLen;
-unsigned int *secondContextLen;
-unsigned int *randomBlockLen;
-struct B_KeyInfoType **resultInfoType;
-POINTER params;
-{
- if ((THE_GEN_PARAMS->modulusBits > MAX_RSA_MODULUS_BITS) ||
- (THE_GEN_PARAMS->modulusBits < MIN_RSA_MODULUS_BITS))
- /* Can't support a keypair of this size. */
- return (AE_MODULUS_LEN);
-
- *contextLen = sizeof (A_RSA_KEY_GEN_CTX);
- *secondContextLen = 0;
- *randomBlockLen =
- A_RSA_KEY_GEN_RANDOM_BLOCK_LEN (THE_GEN_PARAMS->modulusBits);
- *resultInfoType = &KIT_PKCS_RSAPrivate;
-
- return (0);
-}
-
-static int RSAKeyGenInit (context, secondContext, params, surrenderContext)
-POINTER context;
-POINTER secondContext;
-POINTER params;
-A_SURRENDER_CTX *surrenderContext;
-{
-UNUSED_ARG (secondContext)
-UNUSED_ARG (surrenderContext)
-
- return (A_RSAKeyGenInit
- ((A_RSA_KEY_GEN_CTX *)context, (A_RSA_KEY_GEN_PARAMS *)params));
-}
-
-static int RSAKeyGen (context, result, randomBlock, surrenderContext)
-POINTER context;
-POINTER *result;
-unsigned char *randomBlock;
-A_SURRENDER_CTX *surrenderContext;
-{
- return (A_RSAKeyGen
- ((A_RSA_KEY_GEN_CTX *)context, (A_PKCS_RSA_PRIVATE_KEY **)result,
- randomBlock, surrenderContext));
-}
-
+++ /dev/null
-/* Copyright (C) RSA Data Security, Inc. created 1994, 1996. This is an
- unpublished work protected as such under copyright law. This work
- contains proprietary, confidential, and trade secret information of
- RSA Data Security, Inc. Use, disclosure or reproduction without the
- express written authorization of RSA Data Security, Inc. is
- prohibited.
- */
-
-#include "port_before.h"
-#include "global.h"
-#include "algae.h"
-#include "bsafe2.h"
-#include "balgmeth.h"
-#include "rsa.h"
-#include "amencdec.h"
-#include "port_after.h"
-
-static int RSAQuery PROTO_LIST ((unsigned int *, POINTER, POINTER));
-static int RSAInit PROTO_LIST ((POINTER, POINTER, POINTER, A_SURRENDER_CTX *));
-static int RSAUpdate PROTO_LIST
- ((POINTER, unsigned char *, unsigned int *, unsigned int,
- const unsigned char *, unsigned int, A_SURRENDER_CTX *));
-static int RSAFinal PROTO_LIST
- ((POINTER, unsigned char *, unsigned int *, unsigned int,
- A_SURRENDER_CTX *));
-static int RSAGetMaxOutputLen PROTO_LIST
- ((POINTER, unsigned int *, unsigned int));
-static int RSAGetBlockLen PROTO_LIST ((POINTER, unsigned int *));
-
-extern struct B_AlgorithmInfoType AIT_RSAPublic;
-extern struct B_KeyInfoType KIT_RSAPublic;
-
-static A_ENCRYPT_DECRYPT_ALGA A_RSA_CRYPT = {
- RSAQuery, RSAInit, RSAUpdate, RSAFinal, RSAGetMaxOutputLen, RSAGetBlockLen
-};
-
-B_ALGORITHM_METHOD AM_RSA_DECRYPT =
- {&AIT_RSAPublic, 0, &KIT_RSAPublic, (POINTER)&A_RSA_CRYPT};
-B_ALGORITHM_METHOD AM_RSA_ENCRYPT =
- {&AIT_RSAPublic, 1, &KIT_RSAPublic, (POINTER)&A_RSA_CRYPT};
-
-static int RSAQuery (contextLen, key, params)
-unsigned int *contextLen;
-POINTER key;
-POINTER params;
-{
-UNUSED_ARG (params)
-
- if (A_IntegerBits
- (((A_RSA_KEY *)key)->modulus.data, ((A_RSA_KEY *)key)->modulus.len)
- > MAX_RSA_MODULUS_BITS)
- /* Key size is too big to handle. */
- return (AE_MODULUS_LEN);
-
- *contextLen = sizeof (A_RSA_CTX);
- return (0);
-}
-
-static int RSAInit (context, key, params, surrenderContext)
-POINTER context;
-POINTER key;
-POINTER params;
-A_SURRENDER_CTX *surrenderContext;
-{
-UNUSED_ARG (params)
-UNUSED_ARG (surrenderContext)
-
- return (A_RSAInit ((A_RSA_CTX *)context, (A_RSA_KEY *)key));
-}
-
-static int RSAUpdate
- (context, output, outputLen, maxOutputLen, input, inputLen, surrenderContext)
-POINTER context;
-unsigned char *output;
-unsigned int *outputLen;
-unsigned int maxOutputLen;
-const unsigned char *input;
-unsigned int inputLen;
-A_SURRENDER_CTX *surrenderContext;
-{
- return (A_RSAUpdate
- ((A_RSA_CTX *)context, output, outputLen, maxOutputLen, input,
- inputLen, surrenderContext));
-}
-
-static int RSAFinal
- (context, output, outputLen, maxOutputLen, surrenderContext)
-POINTER context;
-unsigned char *output;
-unsigned int *outputLen;
-unsigned int maxOutputLen;
-A_SURRENDER_CTX * surrenderContext;
-{
-UNUSED_ARG (output)
-UNUSED_ARG (maxOutputLen)
-UNUSED_ARG (surrenderContext)
-
- *outputLen = 0;
- return (A_RSAFinal ((A_RSA_CTX *)context));
-}
-
-static int RSAGetMaxOutputLen (context, outputLen, inputLen)
-POINTER context;
-unsigned int *outputLen;
-unsigned int inputLen;
-{
- *outputLen = A_RSA_MAX_OUTPUT_LEN ((A_RSA_CTX *)context, inputLen);
- return (0);
-}
-
-static int RSAGetBlockLen (context, blockLen)
-POINTER context;
-unsigned int *blockLen;
-{
- *blockLen = A_RSA_BLOCK_LEN ((A_RSA_CTX *)context);
- return(0);
-}
+++ /dev/null
-/* Copyright (C) RSA Data Security, Inc. created 1992, 1996. This is an
- unpublished work protected as such under copyright law. This work
- contains proprietary, confidential, and trade secret information of
- RSA Data Security, Inc. Use, disclosure or reproduction without the
- express written authorization of RSA Data Security, Inc. is
- prohibited.
- */
-
-#ifndef _ATYPES_H_
-#define _ATYPES_H_ 1
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-#ifndef _ITEM_
-#define _ITEM_ 1
-typedef struct {
- unsigned char *data;
- unsigned int len;
-} ITEM;
-#endif
-
-typedef struct {
- int (T_CALL *Surrender) PROTO_LIST ((POINTER));
- POINTER handle;
- POINTER reserved;
-} A_SURRENDER_CTX;
-
-typedef struct {
- ITEM modulus;
- ITEM publicExponent;
- ITEM privateExponent;
- ITEM prime[2]; /* prime factors */
- ITEM primeExponent[2]; /* exponents for prime factors */
- ITEM coefficient; /* CRT coefficient */
-} A_PKCS_RSA_PRIVATE_KEY;
-
-typedef struct {
- ITEM modulus;
- ITEM prime[2]; /* prime factors */
- ITEM primeExponent[2]; /* exponents for prime factors */
- ITEM coefficient; /* CRT coefficient */
-} A_RSA_CRT_KEY;
-
-typedef struct {
- ITEM modulus; /* modulus */
- ITEM exponent; /* exponent */
-} A_RSA_KEY;
-
-typedef struct {
- unsigned int modulusBits;
- ITEM publicExponent;
-} A_RSA_KEY_GEN_PARAMS;
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif
+++ /dev/null
-/* Copyright (C) RSA Data Security, Inc. created 1993, 1996. This is an
- unpublished work protected as such under copyright law. This work
- contains proprietary, confidential, and trade secret information of
- RSA Data Security, Inc. Use, disclosure or reproduction without the
- express written authorization of RSA Data Security, Inc. is
- prohibited.
- */
-
-#include "port_before.h"
-#include "global.h"
-#include "bsafe2.h"
-#include "bkey.h"
-#include "balg.h"
-#include "btypechk.h"
-#include "ainfotyp.h"
-#include "port_after.h"
-
-void B_AlgorithmConstructor (algorithm)
-B_Algorithm *algorithm;
-{
- /* Construct immediate base class. */
- B_InfoCacheConstructor (&algorithm->infoCache);
-
- T_memset ((POINTER)&algorithm->z, 0, sizeof (algorithm->z));
-}
-
-void B_AlgorithmDestructor (algorithm)
-B_Algorithm *algorithm;
-{
- if (algorithm->z.handler != (B_TypeCheck *)NULL_PTR) {
- B_TYPE_CHECK_Destructor (algorithm->z.handler);
- T_free ((POINTER)algorithm->z.handler);
- }
-
- /* Destroy base class */
- B_INFO_CACHE_Destructor (&algorithm->infoCache);
-}
-
-int B_AlgorithmCheckType (algorithm, Destructor)
-B_Algorithm *algorithm;
-B_TYPE_CHECK_DESTRUCTOR Destructor;
-{
- if (algorithm->z.handler == (B_TypeCheck *)NULL_PTR)
- return (BE_ALGORITHM_NOT_SET);
-
- if (algorithm->z.handler->_Destructor != Destructor)
- return (BE_ALG_OPERATION_UNKNOWN);
-
- return (0);
-}
-
-int B_AlgorithmCheckTypeAndInitFlag (algorithm, Destructor)
-B_Algorithm *algorithm;
-B_TYPE_CHECK_DESTRUCTOR Destructor;
-{
- int status;
-
- /* Check the type first. */
- if ((status = B_AlgorithmCheckType (algorithm, Destructor)) != 0)
- return (status);
-
- if (!algorithm->z.initFlag)
- return (BE_ALGORITHM_NOT_INITIALIZED);
-
- return (0);
-}
-
-int B_AlgorithmSetInfo (algorithm, algorithmInfoType, info)
-B_Algorithm *algorithm;
-B_AlgorithmInfoType *algorithmInfoType;
-POINTER info;
-{
- int status;
-
- if (algorithm->infoCache.z.infoCount > 0)
- return (BE_ALGORITHM_ALREADY_SET);
-
- /* This will cache the encoding. */
- if ((status = (*algorithmInfoType->vTable->AddInfo)
- (algorithmInfoType, algorithm, info)) != 0)
- return (status);
-
- /* Allocate the algorithm handler. NewHandler returns NULL_PTR for error.
- */
- if ((algorithm->z.handler = (*algorithmInfoType->vTable->NewHandler)
- (algorithmInfoType, algorithm)) == (B_TypeCheck *)NULL_PTR)
- return (BE_ALLOC);
-
- return (0);
-}
-
-int B_AlgorithmGetInfo (algorithm, info, algorithmInfoType)
-B_Algorithm *algorithm;
-POINTER *info;
-B_AlgorithmInfoType *algorithmInfoType;
-{
- int status;
-
- if (algorithm->infoCache.z.infoCount == 0)
- return (BE_ALGORITHM_NOT_SET);
-
- /* First check if the encoding is already in the encoding cache.
- */
- if (B_InfoCacheFindInfo
- (&algorithm->infoCache, info, (POINTER)algorithmInfoType) == 0)
- return (0);
-
- /* Info is not in the cache, go ahead and encode.
- */
- if ((status = (*algorithmInfoType->vTable->MakeInfo)
- (algorithmInfoType, info, algorithm)) != 0)
- return (status);
-
- return (B_InfoCacheAddInfo
- (&algorithm->infoCache, (POINTER)algorithmInfoType, *info));
-}
-
+++ /dev/null
-/* Copyright (C) RSA Data Security, Inc. created 1993, 1996. This is an
- unpublished work protected as such under copyright law. This work
- contains proprietary, confidential, and trade secret information of
- RSA Data Security, Inc. Use, disclosure or reproduction without the
- express written authorization of RSA Data Security, Inc. is
- prohibited.
- */
-
-#ifndef _BALG_H_
-#define _BALG_H_ 1
-
-#include "binfocsh.h"
-#include "btypechk.h"
-
-typedef struct {
- B_InfoCache infoCache; /* inherited */
-
- struct {
- B_TypeCheck *handler;
- int initFlag;
- /* POINTER reserved; */
- } z;
-} B_Algorithm;
-
-void B_AlgorithmConstructor PROTO_LIST ((B_Algorithm *));
-void B_AlgorithmDestructor PROTO_LIST ((B_Algorithm *));
-
-int B_AlgorithmCheckType PROTO_LIST ((B_Algorithm *, B_TYPE_CHECK_DESTRUCTOR));
-int B_AlgorithmCheckTypeAndInitFlag PROTO_LIST
- ((B_Algorithm *, B_TYPE_CHECK_DESTRUCTOR));
-
-struct B_AlgorithmInfoType;
-int B_AlgorithmSetInfo PROTO_LIST
- ((B_Algorithm *, struct B_AlgorithmInfoType *, POINTER));
-int B_AlgorithmGetInfo PROTO_LIST
- ((B_Algorithm *, POINTER *, struct B_AlgorithmInfoType *));
-
-int B_AlgorithmRandomInit PROTO_LIST
- ((B_Algorithm *, B_ALGORITHM_CHOOSER, A_SURRENDER_CTX *));
-int B_AlgorithmRandomUpdate PROTO_LIST
- ((B_Algorithm *, unsigned char *, unsigned int, A_SURRENDER_CTX *));
-int B_AlgorithmGenerateRandomBytes PROTO_LIST
- ((B_Algorithm *, unsigned char *, unsigned int, A_SURRENDER_CTX *));
-
-int B_AlgorithmDigestInit PROTO_LIST
- ((B_Algorithm *, B_Key *, B_ALGORITHM_CHOOSER, A_SURRENDER_CTX *));
-int B_AlgorithmDigestUpdate PROTO_LIST
- ((B_Algorithm *, const unsigned char *, unsigned int, A_SURRENDER_CTX *));
-int B_AlgorithmDigestFinal PROTO_LIST
- ((B_Algorithm *, unsigned char *, unsigned int *, unsigned int,
- A_SURRENDER_CTX *));
-
-int B_AlgorithmEncryptInit PROTO_LIST
- ((B_Algorithm *, B_Key *, B_ALGORITHM_CHOOSER, A_SURRENDER_CTX *));
-int B_AlgorithmDecryptInit PROTO_LIST
- ((B_Algorithm *, B_Key *, B_ALGORITHM_CHOOSER, A_SURRENDER_CTX *));
-int B_AlgorithmEncryptUpdate PROTO_LIST
- ((B_Algorithm *, unsigned char *, unsigned int *, unsigned int,
- unsigned char *, unsigned int, B_Algorithm *, A_SURRENDER_CTX *));
-int B_AlgorithmDecryptUpdate PROTO_LIST
- ((B_Algorithm *, unsigned char *, unsigned int *, unsigned int,
- const unsigned char *, unsigned int, B_Algorithm *, A_SURRENDER_CTX *));
-int B_AlgorithmEncryptFinal PROTO_LIST
- ((B_Algorithm *, unsigned char *, unsigned int *, unsigned int,
- B_Algorithm *, A_SURRENDER_CTX *));
-int B_AlgorithmDecryptFinal PROTO_LIST
- ((B_Algorithm *, unsigned char *, unsigned int *, unsigned int,
- B_Algorithm *, A_SURRENDER_CTX *));
-
-int B_AlgorithmEncodeInit PROTO_LIST ((B_Algorithm *));
-int B_AlgorithmDecodeInit PROTO_LIST ((B_Algorithm *));
-int B_AlgorithmEncodeUpdate PROTO_LIST
- ((B_Algorithm *, unsigned char *, unsigned int *, unsigned int,
- unsigned char *, unsigned int));
-int B_AlgorithmDecodeUpdate PROTO_LIST
- ((B_Algorithm *, unsigned char *, unsigned int *, unsigned int,
- unsigned char *, unsigned int));
-int B_AlgorithmEncodeFinal PROTO_LIST
- ((B_Algorithm *, unsigned char *, unsigned int *, unsigned int));
-int B_AlgorithmDecodeFinal PROTO_LIST
- ((B_Algorithm *, unsigned char *, unsigned int *, unsigned int));
-
-int B_AlgorithmSignInit PROTO_LIST
- ((B_Algorithm *, B_Key *, B_ALGORITHM_CHOOSER, A_SURRENDER_CTX *));
-int B_AlgorithmSignUpdate PROTO_LIST
- ((B_Algorithm *, unsigned char *, unsigned int, A_SURRENDER_CTX *));
-int B_AlgorithmSignFinal PROTO_LIST
- ((B_Algorithm *, unsigned char *, unsigned int *, unsigned int,
- B_Algorithm *, A_SURRENDER_CTX *));
-
-int B_AlgorithmVerifyInit PROTO_LIST
- ((B_Algorithm *, B_Key *, B_ALGORITHM_CHOOSER, A_SURRENDER_CTX *));
-int B_AlgorithmVerifyUpdate PROTO_LIST
- ((B_Algorithm *, unsigned char *, unsigned int, A_SURRENDER_CTX *));
-int B_AlgorithmVerifyFinal PROTO_LIST
- ((B_Algorithm *, unsigned char *, unsigned int, B_Algorithm *,
- A_SURRENDER_CTX *));
-
-int B_AlgorithmKeyAgreeInit PROTO_LIST
- ((B_Algorithm *, B_Key *, B_ALGORITHM_CHOOSER, A_SURRENDER_CTX *));
-int B_AlgorithmKeyAgreePhase1 PROTO_LIST
- ((B_Algorithm *, unsigned char *, unsigned int *, unsigned int,
- B_Algorithm *, A_SURRENDER_CTX *));
-int B_AlgorithmKeyAgreePhase2 PROTO_LIST
- ((B_Algorithm *, unsigned char *, unsigned int *, unsigned int,
- unsigned char *, unsigned int, A_SURRENDER_CTX *));
-
-int B_AlgorithmGenerateInit PROTO_LIST
- ((B_Algorithm *, B_ALGORITHM_CHOOSER, A_SURRENDER_CTX *));
-int B_AlgorithmGenerateKeypair PROTO_LIST
- ((B_Algorithm *, B_Key *, B_Key *, B_Algorithm *,
- A_SURRENDER_CTX *));
-int B_AlgorithmGenerateParameters PROTO_LIST
- ((B_Algorithm *, B_Algorithm *, B_Algorithm *, A_SURRENDER_CTX *));
-
-#endif
+++ /dev/null
-/* Copyright (C) RSA Data Security, Inc. created 1993, 1996. This is an
- unpublished work protected as such under copyright law. This work
- contains proprietary, confidential, and trade secret information of
- RSA Data Security, Inc. Use, disclosure or reproduction without the
- express written authorization of RSA Data Security, Inc. is
- prohibited.
- */
-
-struct B_AlgorithmInfoType;
-struct B_KeyInfoType;
-
-struct B_ALGORITHM_METHOD {
- struct B_AlgorithmInfoType *algorithmInfoType;
- int encryptFlag;
- struct B_KeyInfoType *keyInfoType;
- POINTER alga;
-};
-
+++ /dev/null
-/* Copyright (C) RSA Data Security, Inc. created 1986, 1996. This is an
- unpublished work protected as such under copyright law. This work
- contains proprietary, confidential, and trade secret information of
- RSA Data Security, Inc. Use, disclosure or reproduction without the
- express written authorization of RSA Data Security, Inc. is
- prohibited.
- */
-
-#include "port_before.h"
-#include "global.h"
-#include "bigmath.h"
-#include "port_after.h"
-
-/* BigClrbit (a, v) -- clears v-th bit of a, where v is nonnegative.
- */
-void BigClrbit (a, v)
-UINT2 *a;
-unsigned int v;
-{
- a[v/16] &= ~ (1 << (v % 16));
-}
-
-/* BigSetbit (a, v) -- sets v-th bit of a, where v is nonnegative.
- */
-void BigSetbit (a, v)
-UINT2 *a;
-unsigned int v;
-{
- a[v/16] |= (1 << (v % 16));
-}
+++ /dev/null
-/* Copyright (C) RSA Data Security, Inc. created 1986, 1996. This is an
- unpublished work protected as such under copyright law. This work
- contains proprietary, confidential, and trade secret information of
- RSA Data Security, Inc. Use, disclosure or reproduction without the
- express written authorization of RSA Data Security, Inc. is
- prohibited.
- */
-
-#include "port_before.h"
-#include "global.h"
-#include "bigmath.h"
-#include "port_after.h"
-
-/* BigModMpyx (a, b, c, d, dInv, n) -- a = (b * c) mod d !! EXPRESS.
- -- assumes a, b, c, d of length n, dInv of length n+2.
- -- assumes dInv previously computed by BigInv.
- */
-void BigModMpyx (a, b, c, d, dInv, n)
-UINT2 *a, *b, *c, *d, *dInv;
-unsigned int n;
-{
- UINT2 prod[2 * MAX_RSA_MODULUS_WORDS];
-
- BigPmpy (prod, b, c, n);
- BigModx (a, prod, d, dInv, n);
-
- T_memset ((POINTER)prod, 0, sizeof (prod));
-}
+++ /dev/null
-/* Copyright (C) RSA Data Security, Inc. created 1986, 1996. This is an
- unpublished work protected as such under copyright law. This work
- contains proprietary, confidential, and trade secret information of
- RSA Data Security, Inc. Use, disclosure or reproduction without the
- express written authorization of RSA Data Security, Inc. is
- prohibited.
- */
-
-#include "port_before.h"
-#include "global.h"
-#include "bigmath.h"
-#include "port_after.h"
-
-/* BigModSqx (a, b, d, dInv, n) -- a = (b * b) mod d !! EXPRESS.
- */
-void BigModSqx (a, b, d, dInv, n)
-UINT2 *a, *b, *d, *dInv;
-unsigned int n;
-{
- UINT2 prod[2 * MAX_RSA_MODULUS_WORDS];
-
- BigPsq (prod, b, n);
- BigModx (a, prod, d, dInv, n);
-
- T_memset ((POINTER)prod, 0, sizeof (prod));
-}
+++ /dev/null
-/* Copyright (C) RSA Data Security, Inc. created 1986, 1996. This is an
- unpublished work protected as such under copyright law. This work
- contains proprietary, confidential, and trade secret information of
- RSA Data Security, Inc. Use, disclosure or reproduction without the
- express written authorization of RSA Data Security, Inc. is
- prohibited.
- */
-
-#include "port_before.h"
-#include "global.h"
-#include "bigmath.h"
-#include "surrendr.h"
-#include "port_after.h"
-
-/* BigModExp (a, b, c, d, n): a = b**c (mod d)
- Assumes a, b, c, d of length n.
- Returns 0, AE_CANCEL.
- */
-int BigModExp (a, b, c, d, n, surrenderContext)
-UINT2 *a, *b, *c, *d;
-unsigned int n;
-A_SURRENDER_CTX *surrenderContext;
-{
- struct BigModExpFrame {
- UINT2 dInv[MAX_RSA_MODULUS_WORDS + 2], result[MAX_RSA_MODULUS_WORDS],
- tab[16][MAX_RSA_MODULUS_WORDS];
- } *frame = (struct BigModExpFrame *)NULL_PTR;
-#if !USE_ALLOCED_FRAME
- struct BigModExpFrame stackFrame;
-#endif
- int i, didAMultiply, status;
- unsigned int cLen, w, setup[64], power, mask;
-
- /* Initialize.
- */
- do {
-#if USE_ALLOCED_FRAME
- if ((frame = (struct BigModExpFrame *)T_malloc (sizeof (*frame)))
- == (struct BigModExpFrame *)NULL_PTR) {
- status = AE_ALLOC;
- break;
- }
-#else
- /* Just use the buffers allocated on the stack. */
- frame = &stackFrame;
-#endif
-
- /* precompute inverse of d to enable express mod-outs */
- BigInv (frame->dInv, d, n);
- if ((status = CheckSurrender (surrenderContext)) != 0)
- break;
-
- /* precompute small (size 2**w) table of powers of b */
- cLen = BigLen (c, n);
- if (cLen < 4)
- w = 1;
- else if (cLen < 16)
- w = 2;
- else if (cLen < 64)
- w = 3;
- else
- w = 4;
-
- /* zeroth power is one */
- BigConst (frame->tab[0], 1, n);
-
- /* first power is b */
- BigCopy (frame->tab[1], b, n);
- setup[0] = 1;
- setup[1] = 1;
- for (i = 2; i < 64; i++)
- setup[i] = 0;
-
- /* Loop over elements of exponent c in appropriate radix.
- */
- power = 0;
- didAMultiply = 0;
- mask = 1 << ((cLen) % 16);
- for (i = cLen; i >= 0; i--) {
- if (didAMultiply) {
- BigModSqx (frame->result, frame->result, d, frame->dInv, n);
- if ((status = CheckSurrender (surrenderContext)) != 0)
- break;
- }
-
- power = power << 1;
- if (setup[power] == 0) {
- BigModSqx (frame->tab[power], frame->tab[power/2], d, frame->dInv, n);
- if ((status = CheckSurrender (surrenderContext)) != 0)
- break;
- setup[power] = 1;
- }
- if (c[i/16] & mask)
- power = power + 1;
- if (mask == 1)
- mask = 0x8000;
- else
- mask = (mask >> 1) & 0x7FFF;
- if (setup[power] == 0) {
- BigModMpyx
- (frame->tab[power], frame->tab[power-1], b, d, frame->dInv, n);
- if ((status = CheckSurrender (surrenderContext)) != 0)
- break;
- setup[power] = 1;
- }
- if ((i == 0) || (power >= (unsigned int)(1 << (w-1)))) {
- if (didAMultiply) {
- BigModMpyx
- (frame->result, frame->result, frame->tab[power], d, frame->dInv,
- n);
- if ((status = CheckSurrender (surrenderContext)) != 0)
- break;
- }
- else
- BigCopy (frame->result, frame->tab[power], n);
-
- power = 0;
- didAMultiply = 1;
- }
- }
- if (status)
- break;
-
- BigCopy (a, frame->result, n);
- } while (0);
-
- if (frame != (struct BigModExpFrame *)NULL_PTR) {
- T_memset ((POINTER)frame, 0, sizeof (*frame));
-#if USE_ALLOCED_FRAME
- T_free ((POINTER)frame);
-#endif
- }
- return (status);
-}
+++ /dev/null
-/* Copyright (C) RSA Data Security, Inc. created 1986, 1996. This is an
- unpublished work protected as such under copyright law. This work
- contains proprietary, confidential, and trade secret information of
- RSA Data Security, Inc. Use, disclosure or reproduction without the
- express written authorization of RSA Data Security, Inc. is
- prohibited.
- */
-
-#include "port_before.h"
-#include "global.h"
-#include "bigmath.h"
-#include "port_after.h"
-
-/* BigPegcd
- input
- u, v bignums
- k int size of u, v regs
- restriction u, v positive
- output
- u3=GCD (u, v) (pos)
- u1=inv (u)modv (pos)
- u2=inv (v)modu (pos)
- if GCD (u, v)!=1 then u1, u2 st
- u3=u * u1mod (v) & u3=v * u2mod (u)
- (see KNUTH vol 2)
- */
-void BigPegcd (u3, u1, u2, u, v, k)
-UINT2 *u3, *u2, *u1, *u, *v;
-unsigned int k;
-{
- UINT2 v1[2 * MAX_RSA_PRIME_WORDS], v2[2 * MAX_RSA_PRIME_WORDS],
- v3[2 * MAX_RSA_PRIME_WORDS], q[2 * MAX_RSA_PRIME_WORDS],
- r[2 * MAX_RSA_PRIME_WORDS], t1[2 * MAX_RSA_PRIME_WORDS],
- t2[2 * MAX_RSA_PRIME_WORDS], t3[2 * MAX_RSA_PRIME_WORDS];
-
- BigConst (u1, 1, k);
- BigConst (u2, 0, k);
- BigCopy (u3, u, k);
- BigConst (v1, 0, k);
- BigConst (v2, 1, k);
- BigCopy (v3, v, k);
-
- /* Begin calc.
- */
- while (1) {
- if (BigSign (v3, k) == 0)
- break;
- BigPdiv (q, r, u3, v3, k, k);
- BigPmpyl (t1, v1, q, k);
- BigPmpyl (t2, v2, q, k);
- BigPmpyl (t3, v3, q, k);
- BigSub (t1, u1, t1, k);
- BigSub (t2, u2, t2, k);
- BigSub (t3, u3, t3, k);
-
- BigCopy (u1, v1, k);
- BigCopy (u2, v2, k);
- BigCopy (u3, v3, k);
- BigCopy (v1, t1, k);
- BigCopy (v2, t2, k);
- BigCopy (v3, t3, k);
- }
-
- if (BigSign (u1, k) == -1)
- /* make positive */
- BigAdd (u1, u1, v, k);
-
- if (BigSign (u2, k) == -1)
- /* make positive */
- BigAdd (u2, u2, u, k);
-
- T_memset ((POINTER)v1, 0, sizeof (v1));
- T_memset ((POINTER)v2, 0, sizeof (v2));
- T_memset ((POINTER)v3, 0, sizeof (v3));
- T_memset ((POINTER)q, 0, sizeof (q));
- T_memset ((POINTER)r, 0, sizeof (r));
- T_memset ((POINTER)t1, 0, sizeof (t1));
- T_memset ((POINTER)t2, 0, sizeof (t2));
- T_memset ((POINTER)t3, 0, sizeof (t3));
-}
+++ /dev/null
-/* Copyright (C) RSA Data Security, Inc. created 1986, 1996. This is an
- unpublished work protected as such under copyright law. This work
- contains proprietary, confidential, and trade secret information of
- RSA Data Security, Inc. Use, disclosure or reproduction without the
- express written authorization of RSA Data Security, Inc. is
- prohibited.
- */
-
-#include "port_before.h"
-#include "global.h"
-#include "bigmath.h"
-#include "port_after.h"
-
-/* Big2Exp (a, v, n) -- a = 2**v, where v is nonnegative int.
- Sets a to be 2**v.
- */
-void Big2Exp (a, v, n)
-UINT2 *a;
-unsigned v;
-unsigned int n;
-{
- register unsigned int i;
-
- for (i = 0; i < n; i++)
- a[i] = 0;
- a[v/16] = 1 << (v % 16);
-}
+++ /dev/null
-/* Copyright (C) RSA Data Security, Inc. created 1986, 1996. This is an
- unpublished work protected as such under copyright law. This work
- contains proprietary, confidential, and trade secret information of
- RSA Data Security, Inc. Use, disclosure or reproduction without the
- express written authorization of RSA Data Security, Inc. is
- prohibited.
- */
-
-#include "port_before.h"
-#include "global.h"
-#include "bigmath.h"
-#include "port_after.h"
-
-/* BigAbs (a, b, n) -- a = ABS (b).
- */
-void BigAbs (a, b, n)
-UINT2 *a, *b;
-unsigned int n;
-{
- if (BigSign (b, n) >= 0)
- BigCopy (a, b, n);
- else
- BigNeg (a, b, n);
-}
+++ /dev/null
-/* Copyright (C) RSA Data Security, Inc. created 1987, 1996. This is an
- unpublished work protected as such under copyright law. This work
- contains proprietary, confidential, and trade secret information of
- RSA Data Security, Inc. Use, disclosure or reproduction without the
- express written authorization of RSA Data Security, Inc. is
- prohibited.
- */
-
-#include "port_before.h"
-#include "global.h"
-#include "bigmath.h"
-#include "port_after.h"
-
-/* Returns carry: vector a = b * vector c.
- */
-UINT2 BigAcc (a, b, c, n)
-UINT2 *a;
-unsigned int b;
-UINT2 *c;
-unsigned int n;
-{
- UINT4 bTemp, result = (UINT4)0;
- register unsigned int i;
-
- if (!b)
- return (0);
-
- bTemp = b;
- for (i = 0; i < n; i++) {
- result += bTemp * ((UINT4) c[i]);
- result += ((UINT4) a[i]);
- a[i] = (UINT2) result;
- result >>= 16;
- }
- return ((UINT2)result);
-}
+++ /dev/null
-/* Copyright (C) RSA Data Security, Inc. created 1987, 1996. This is an
- unpublished work protected as such under copyright law. This work
- contains proprietary, confidential, and trade secret information of
- RSA Data Security, Inc. Use, disclosure or reproduction without the
- express written authorization of RSA Data Security, Inc. is
- prohibited.
- */
-
-#include "port_before.h"
-#include "global.h"
-#include "bigmath.h"
-#include "port_after.h"
-
-void BigZero (a, n)
-UINT2 *a;
-unsigned int n;
-{
- register unsigned int i;
-
- for (i = 0; i < n; i++)
- a[i] = 0;
-}
-
-void BigAdd (a, b, c, n)
-UINT2 *a, *b, *c;
-unsigned int n;
-{
- UINT4 result = (UINT4)0;
- register unsigned int i;
-
- for (i = 0; i < n; i++) {
- result += (UINT4) b[i];
- result += (UINT4) c[i];
- a[i] = (UINT2) result;
- result >>= 16;
- }
-}
-
-void BigSub (a, b, c, n)
-UINT2 *a, *b, *c;
-unsigned int n;
-{
- UINT4 result = (UINT4)1; /* carry bit for negation of c */
- register unsigned int i;
-
- for (i = 0; i < n; i++) {
- result += (UINT4) b[i];
- result += (((UINT4) ~c[i]) & 0x0000FFFFL);
- a[i] = (UINT2)result;
- result >>= 16;
- }
-}
-
-void BigNeg (a, b, n)
-UINT2 *a, *b;
-unsigned int n;
-{
- register unsigned int i;
- unsigned int carry = 1;
-
- for (i = 0; i < n-1; i++) {
- a[i] = ~b[i] + carry;
- if (a[i])
- carry = 0;
- }
-
- a[i] = ~b[i] + carry;
-}
-
-void BigInc (a, n)
-UINT2 *a;
-unsigned int n;
-{
- register unsigned int i;
- unsigned int carry = 1; /* carry to start */
-
- for (i = 0; i < n-1 && carry; i++) {
- a[i]++;
- if (a[i])
- carry = 0;
- }
-
- if (carry)
- a[i]++;
-}
-
-void BigDec (a, n)
-UINT2 *a;
-unsigned int n;
-{
- register unsigned int i;
- unsigned int borrow = 1; /* borrow to start */
-
- for (i = 0; i < n-1 && borrow; i++) {
- a[i]--;
- if (a[i] != 0xFFFF)
- borrow = 0;
- }
-
- if (borrow)
- a[i]--;
-}
-
-int BigSign (a, n)
-UINT2 *a;
-unsigned int n;
-{
- register int i;
-
- if (a[n-1] & 0x8000)
- return (-1);
- for (i = n-1; i >= 0; i--)
- if (a[i])
- return (1);
- return (0);
-}
-
-void BigCopy (a, b, n)
-UINT2 *a, *b;
-unsigned int n;
-{
- register unsigned int i;
-
- for (i = 0; i < n; i++)
- a[i] = b[i];
-}
-
-/* Assumes a is nonnegative.
- */
-unsigned int BigLenw (a, n)
-UINT2 *a;
-unsigned int n;
-{
- register int i;
-
- for (i = n-1; i >= 0; i--)
- if (a[i])
- return (i+1);
- return (0);
-}
+++ /dev/null
-/* Copyright (C) RSA Data Security, Inc. created 1986, 1996. This is an
- unpublished work protected as such under copyright law. This work
- contains proprietary, confidential, and trade secret information of
- RSA Data Security, Inc. Use, disclosure or reproduction without the
- express written authorization of RSA Data Security, Inc. is
- prohibited.
- */
-
-#include "port_before.h"
-#include "global.h"
-#include "bigmath.h"
-#include "port_after.h"
-
-/* Comparison operator.
- BigCmp (a, b, n) -- returns sign of a-b.
- */
-int BigCmp (a, b, n)
-UINT2 *a, *b;
-unsigned int n;
-{
- register int i;
- int aSign = BigSign (a, n), bSign = BigSign (b, n);
-
- if (aSign > bSign)
- return (1);
- if (aSign < bSign)
- return (-1);
-
- for (i = n-1; i >= 0 && a[i] == b[i]; i--);
-
- if (i == -1)
- return (0);
- if (a[i] > b[i])
- return (1);
- return (-1);
-}
+++ /dev/null
-/* Copyright (C) RSA Data Security, Inc. created 1986, 1996. This is an
- unpublished work protected as such under copyright law. This work
- contains proprietary, confidential, and trade secret information of
- RSA Data Security, Inc. Use, disclosure or reproduction without the
- express written authorization of RSA Data Security, Inc. is
- prohibited.
- */
-
-#include "port_before.h"
-#include "global.h"
-#include "bigmath.h"
-#include "port_after.h"
-
-/* BigConst (a, v, n) -- a = v, where v is an int. Initialize bignum a to
- value v.
- */
-void BigConst (a, v, n)
-UINT2 *a;
-unsigned int v;
-unsigned int n;
-{
- UINT2 signWord = (((UINT2)v & 0x8000) ? ~0 : 0);
- register unsigned int i;
-
- a[0] = (UINT2)v;
- for (i = 1; i < n; i++)
- a[i] = signWord;
-}
+++ /dev/null
-/* Copyright (C) RSA Data Security, Inc. created 1986, 1996. This is an
- unpublished work protected as such under copyright law. This work
- contains proprietary, confidential, and trade secret information of
- RSA Data Security, Inc. Use, disclosure or reproduction without the
- express written authorization of RSA Data Security, Inc. is
- prohibited.
- */
-
-#include "port_before.h"
-#include "global.h"
-#include "bigmath.h"
-#include "port_after.h"
-
-static unsigned int Log2 PROTO_LIST ((unsigned int));
-
-/* BigInv (a, b, n) -- compute a as an "inverse" to b, suitable for
- modding out integers which are < b**2.
- -- assumes a has n+2 words, b has n words.
- -- assumes b is a positive integer.
- */
-void BigInv (a, b, n)
-UINT2 *a, *b;
-unsigned int n;
-{
- UINT2 p[2 * (MAX_RSA_MODULUS_WORDS + 2)],
- q[2 * (MAX_RSA_MODULUS_WORDS + 3)], t1[MAX_RSA_MODULUS_WORDS + 3];
- register int i;
- unsigned int bl, u, uw, sw;
-
- /* Do initializations.
- */
- /* 2** (bl-1) <= b < 2 ** bl */
- bl = BigLen (b, n);
- u = BigU (2 * bl);
-
- /* uw and sw are in words */
- uw = u/16;
- sw = (bl - 2) / 16;
-
- /* since a = floor ((2**u)/b), 2**(u-bl) < a <= 2**(u-bl+1) */
-
- /* Initialize a to 1+2**(u-bl) -- we will converge from below.
- */
- Big2Exp (a, u - bl, n + 2);
- BigInc (a, n + 2);
-
- /* Copy b to local register.
- */
- BigZero (t1, n + 3);
- BigCopy (t1, b, n);
-
- /* Convergence is quadratic, so iterate log (len (a)) times.
- */
- for (i = 1 + Log2 (u - bl + 1); i > 0; i--) {
- /* use fast squaring routine to compute p = a**2
- 2**(2 * (u-bl)) < p <= 2**(2 * (u-bl+1)) */
- BigPsq (p, a, n + 2);
-
- /* compute q = b * floor (p/ (2**s))
- 2**(2 * (u-bl)-s+bl-1) <= q <= 2**(2 * (u-bl+1)-s+bl
- 2**(2 * u-bl-s-1) <= q <= 2**(2 * u-bl-s+2) */
- BigPmpy (q, t1, &p[sw], n + 3);
-
- /* double a
- 2**(u-bl+1) < a <= 2**(u-bl+2) */
- BigAdd (a, a, a, n + 2);
- /* a = a - floor (q/(2**(u-s)))
- 2**(u-bl) < a <= 2**(u-bl+1) + epsilon */
- BigSub (a, a, &q[uw-sw], n + 2);
- }
-
- /* now we are guaranteed that a is not too small */
- BigInc (a, n + 2);
-
- while (1) {
- BigPmpy (p, a, t1, n + 2);
- /* makes comparison to 2**u easier */
- BigDec (p, 2 * (n + 2));
-
- /* a is desired result */
- if (BigLen (p, 2 * (n + 2)) <= u)
- break;
-
- /* a was too big, reduce and try again */
- BigDec (a, n + 2);
- }
-
- T_memset ((POINTER)p, 0, sizeof (p));
- T_memset ((POINTER)q, 0, sizeof (q));
- T_memset ((POINTER)t1, 0, sizeof (t1));
-}
-
-/* Log2 (x) -- ceiling of log base 2 of x > 0. Auxiliary function.
- */
-static unsigned int Log2 (x)
-unsigned int x;
-{
- unsigned int i;
-
- x = x - 1;
- /* now Log2 is equal to len in bits of x */
- for (i = 0; x > 0; i++, x >>= 1);
-
- return (i);
-}
+++ /dev/null
-/* Copyright (C) RSA Data Security, Inc. created 1986, 1996. This is an
- unpublished work protected as such under copyright law. This work
- contains proprietary, confidential, and trade secret information of
- RSA Data Security, Inc. Use, disclosure or reproduction without the
- express written authorization of RSA Data Security, Inc. is
- prohibited.
- */
-
-#include "port_before.h"
-#include "global.h"
-#include "bigmath.h"
-#include "port_after.h"
-
-unsigned int BigLen (a, n)
-UINT2 *a;
-unsigned int n;
-{
- UINT2 signWord = ((a[n-1] & 0x8000) ? ~0 : 0);
- int i, j;
- unsigned int k;
-
- for (i = n-1; i >= 0 && a[i] == signWord; i--);
- if (i == -1)
- return (1); /* len of 0 or -1 */
-
- for (j = 16, k = 0x8000;
- j >= 0 && 0 == (k & (signWord ^ a[i]));
- j--, k >>= 1);
- return (16 * i + j);
-}
+++ /dev/null
-/* Copyright (C) RSA Data Security, Inc. created 1992, 1996. This is an
- unpublished work protected as such under copyright law. This work
- contains proprietary, confidential, and trade secret information of
- RSA Data Security, Inc. Use, disclosure or reproduction without the
- express written authorization of RSA Data Security, Inc. is
- prohibited.
- */
-
-#ifndef _BIGMATH_H_
-#define _BIGMATH_H_ 1
-
-#include "algae.h"
-#include "bigmaxes.h"
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-void Big2Exp PROTO_LIST ((UINT2 *, unsigned int, unsigned int));
-void BigAbs PROTO_LIST ((UINT2 *, UINT2 *, unsigned int));
-UINT2 BigAcc PROTO_LIST ((UINT2 *, unsigned int, UINT2 *, unsigned int));
-void BigZero PROTO_LIST ((UINT2 *, unsigned int));
-void BigAdd PROTO_LIST ((UINT2 *, UINT2 *, UINT2 *, unsigned int));
-void BigSub PROTO_LIST ((UINT2 *, UINT2 *, UINT2 *, unsigned int));
-void BigNeg PROTO_LIST ((UINT2 *, UINT2 *, unsigned int));
-void BigInc PROTO_LIST ((UINT2 *, unsigned int));
-void BigDec PROTO_LIST ((UINT2 *, unsigned int));
-int BigSign PROTO_LIST ((UINT2 *, unsigned int));
-void BigCopy PROTO_LIST ((UINT2 *, UINT2 *, unsigned int));
-unsigned int BigLenw PROTO_LIST ((UINT2 *, unsigned int));
-void BigClrbit PROTO_LIST ((UINT2 *, unsigned int));
-void BigSetbit PROTO_LIST ((UINT2 *, unsigned int));
-int BigCmp PROTO_LIST ((UINT2 *, UINT2 *, unsigned int));
-void BigConst PROTO_LIST ((UINT2 *, unsigned int, unsigned int));
-void BigInv PROTO_LIST ((UINT2 *, UINT2 *, unsigned int));
-unsigned int BigLen PROTO_LIST ((UINT2 *, unsigned int));
-void BigModMpyx PROTO_LIST
- ((UINT2 *, UINT2 *, UINT2 *, UINT2 *, UINT2 *, unsigned int));
-void BigModSqx PROTO_LIST
- ((UINT2 *, UINT2 *, UINT2 *, UINT2 *, unsigned int));
-int BigModExp PROTO_LIST
- ((UINT2 *, UINT2 *, UINT2 *, UINT2 *, unsigned int, A_SURRENDER_CTX *));
-void BigModx PROTO_LIST
- ((UINT2 *, UINT2 *, UINT2 *, UINT2 *, unsigned int));
-void BigMpy PROTO_LIST ((UINT2 *, UINT2 *, UINT2 *, unsigned int));
-void BigPdiv PROTO_LIST
- ((UINT2 *, UINT2 *, UINT2 *, UINT2 *, unsigned int , unsigned int));
-void BigPegcd PROTO_LIST
- ((UINT2 *, UINT2 *, UINT2 *, UINT2 *, UINT2 *, unsigned int));
-void BigPmpy PROTO_LIST ((UINT2 *, UINT2 *, UINT2 *, unsigned int));
-void BigPmpyh PROTO_LIST
- ((UINT2 *, UINT2 *, UINT2 *, unsigned int, unsigned int));
-void BigPmpyl PROTO_LIST ((UINT2 *, UINT2 *, UINT2 *, unsigned int));
-void BigPsq PROTO_LIST ((UINT2 *, UINT2 *, unsigned int));
-void BigQrx PROTO_LIST
- ((UINT2 *, UINT2 *, UINT2 *, UINT2 *, UINT2 *, unsigned int));
-UINT2 BigSmod PROTO_LIST ((UINT2 *, unsigned int, unsigned int));
-int BigToCanonical PROTO_LIST
- ((unsigned char *, unsigned int, UINT2 *, unsigned int));
-unsigned int BigU PROTO_LIST ((unsigned int));
-int BigUnexp PROTO_LIST
- ((UINT2 *, UINT2 *, UINT2 *, UINT2 *, UINT2 *, UINT2 *, UINT2 *,
- unsigned int, A_SURRENDER_CTX *));
-int CanonicalToBig PROTO_LIST
- ((UINT2 *, unsigned int, const unsigned char *, unsigned int));
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif
+++ /dev/null
-/* Copyright (C) RSA Data Security, Inc. created 1993, 1996. This is an
- unpublished work protected as such under copyright law. This work
- contains proprietary, confidential, and trade secret information of
- RSA Data Security, Inc. Use, disclosure or reproduction without the
- express written authorization of RSA Data Security, Inc. is
- prohibited.
- */
-
-#ifndef _BIGMAXES_H_
-#define _BIGMAXES_H_ 1
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-#define MAX_RSA_MODULUS_BITS 4096
-
-#define BITS_TO_LEN(modulusBits) (((modulusBits) + 7) / 8)
-#define RSA_PRIME_BITS(modulusBits) (((modulusBits) + 1) / 2)
-#define RSA_PRIME_LEN(modulusBits) ((RSA_PRIME_BITS (modulusBits) + 7) / 8)
-#define BITS_TO_WORDS(bits) ((bits >> 4) + 1)
-#define LEN_TO_WORDS(len) ((len >> 1) + 1)
-
-/* MAX_RSA_PRIME_BITS -- length in bits of the maximum allowed RSA prime
- MAX_RSA_MODULUS_LEN -- length in bytes of the maximum allowed RSA modulus,
- in canonical format (no sign bit)
- MAX_RSA_PRIME_LEN -- length in bytes of the maximum allowed RSA prime, in
- canonical format (no sign bit)
- */
-#define MAX_RSA_PRIME_BITS RSA_PRIME_BITS (MAX_RSA_MODULUS_BITS)
-#define MAX_RSA_PRIME_LEN RSA_PRIME_LEN (MAX_RSA_MODULUS_BITS)
-#define MAX_RSA_MODULUS_LEN BITS_TO_LEN (MAX_RSA_MODULUS_BITS)
-
-/* MAX_RSA_MODULUS_WORDS -- length in 16-bit words of the maximum allowed RSA
- modulus, in bignum format (including sign bit)
- MAX_RSA_PRIME_WORDS -- length in 16-bit words of the maximum allowed RSA
- prime, in bignum format (including sign bit)
- */
-
-#define MAX_RSA_MODULUS_WORDS BITS_TO_WORDS (MAX_RSA_MODULUS_BITS)
-#define MAX_RSA_PRIME_WORDS BITS_TO_WORDS (MAX_RSA_PRIME_BITS)
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif
+++ /dev/null
-/* Copyright (C) RSA Data Security, Inc. created 1986, 1996. This is an
- unpublished work protected as such under copyright law. This work
- contains proprietary, confidential, and trade secret information of
- RSA Data Security, Inc. Use, disclosure or reproduction without the
- express written authorization of RSA Data Security, Inc. is
- prohibited.
- */
-
-#include "port_before.h"
-#include "global.h"
-#include "bigmath.h"
-#include "port_after.h"
-
-/* BigModx (a, b, c, cInv, n) -- compute a as (b mod c).
- -- assumes a and c of length n, cInv of length n + 2, b of length 2n.
- -- assumes cInv computed with BigInv, and that b < c**2.
- */
-void BigModx (a, b, c, cInv, n)
-UINT2 *a, *b, *c, *cInv;
-unsigned int n;
-{
- UINT2 q[MAX_RSA_MODULUS_WORDS];
-
- BigQrx (q, a, b, c, cInv, n);
-
- T_memset ((POINTER)q, 0, sizeof (q));
-}
+++ /dev/null
-/* Copyright (C) RSA Data Security, Inc. created 1986, 1996. This is an
- unpublished work protected as such under copyright law. This work
- contains proprietary, confidential, and trade secret information of
- RSA Data Security, Inc. Use, disclosure or reproduction without the
- express written authorization of RSA Data Security, Inc. is
- prohibited.
- */
-
-#include "port_before.h"
-#include "global.h"
-#include "bigmath.h"
-#include "port_after.h"
-
-/* BigMpy (a, b, c, n) -- a = b * c
- -- assumes b and c have n words, a has 2*n words
- -- inputs may be positive or negative.
- */
-void BigMpy (a, b, c, n)
-UINT2 *a, *b, *c;
-unsigned int n;
-{
- UINT2 prod[2 * MAX_RSA_PRIME_WORDS], absb[MAX_RSA_PRIME_WORDS],
- absc[MAX_RSA_PRIME_WORDS];
- int bSign = BigSign (b, n), cSign = BigSign (c, n);
-
- BigAbs (absb, b, n);
- BigAbs (absc, c, n);
- BigPmpy (prod, absb, absc, n);
-
- if (bSign * cSign >= 0)
- BigCopy (a, prod, 2 * n);
- else
- BigNeg (a, prod, 2 * n);
-
- T_memset ((POINTER)prod, 0, sizeof (prod));
- T_memset ((POINTER)absb, 0, sizeof (absb));
- T_memset ((POINTER)absc, 0, sizeof (absc));
-}
+++ /dev/null
-/* Copyright (C) RSA Data Security, Inc. created 1986, 1996. This is an
- unpublished work protected as such under copyright law. This work
- contains proprietary, confidential, and trade secret information of
- RSA Data Security, Inc. Use, disclosure or reproduction without the
- express written authorization of RSA Data Security, Inc. is
- prohibited.
- */
-
-#include "port_before.h"
-#include "global.h"
-#include "bigmath.h"
-#include "port_after.h"
-
-/* BigPdiv POSITIVE DIVIDE
- uu=vv * qi+ri
- uu in reg of ll cells
- vv in reg of kk cells
- qi assumed to be ll cells
- ri assumed to be kk cells
- restriction uu>=0, vv>0
-
- input uu in reg of ll cells
- input vv in reg of kk cells
- output qi assumed to be ll cells
- output ri assumed to be kk cells
- restriction uu>=0, vv>0
- uu=vv * qi+ri
- */
-#define UJN (u[(j+n)/2] & mk[(j+n)%2])
-#define VN (v[n/2] & mk[n%2])
-#define UT (u[t/2] & mk[t%2])
-void BigPdiv (qi, ri, uu, vv, ll, kk)
-UINT2 *qi, *ri, *uu, *vv;
-unsigned int ll, kk;
-{
- UINT2 u[2 * MAX_RSA_PRIME_WORDS + 2], us[2 * MAX_RSA_PRIME_WORDS + 2],
- v[2 * MAX_RSA_PRIME_WORDS + 2], vs[2 * MAX_RSA_PRIME_WORDS + 2],
- q[2 * MAX_RSA_PRIME_WORDS + 2], r[2 * MAX_RSA_PRIME_WORDS + 2],
- t1[2 * MAX_RSA_PRIME_WORDS + 2], t2[2 * MAX_RSA_PRIME_WORDS + 2],
- t3[2 * MAX_RSA_PRIME_WORDS + 2], mk[2];
- int j, l, n, m, t, x;
- unsigned int a, b, c, d, e, vh, qq;
-
- if (ll >= kk)
- l = ll + 2;
- else
- l = kk + 2;
-
- mk[0] = 0x00FF;
- mk[1] = 0xFF00;
- b = 0x0100;
-
- BigConst (u, 0, l);
- BigConst (v, 0, l);
- BigCopy (u, uu, ll);
- BigCopy (us, u, l);
- BigCopy (v, vv, kk);
- BigCopy (vs, v, l);
-
- /* zero q */
- BigConst (q, 0, l);
-
- /* Calculate len of v=n.
- */
- for (n = (2 * l) - 1; n >= 0; n--) {
- if (VN == 0)
- continue;
- break;
- }
-
- /* Normalize.
- */
- a = VN;
- if (n % 2 == 1)
- a = a >> 8;
- d = b / (a+1);
- BigConst (t1, d, l);
- BigPmpyl (t2, t1, v, l);
- BigCopy (v, t2, l);
-
- /* vh=high order digit of normalized v */
- vh = VN;
- if (n % 2 == 1)
- vh = vh >> 8;
- BigPmpyl (t2, t1, u, l);
- BigCopy (u, t2, l);
-
- /* Calculate len of u=t.
- */
- for (t = (2 * l)-1; t >= 0; t--) {
- if (UT == 0)
- continue;
- break;
- }
-
- /* calc t = n + m */
- m = t - n;
-
- /* Divide u by v.
- */
- for (j = m + 1 + n; j > n; j--) {
- if (j % 2 == 1)
- c = u[j / 2];
- else {
- a = u[j/2];
- a = a << 8;
- e = u[(j - 1) / 2];
- e = e >> 8;
- c = a + e;
- }
- a = c >> 8;
- if (vh == a)
- qq = b - 1;
- else
- qq = c / vh;
-
- BigConst (t1, qq, l);
- BigPmpyl (t2, v, t1, l);
- Big2Exp (t3, (j - 1 - n) * 8, l);
- BigPmpyl (t1, t3, t2, l);
- BigSub (t2, u, t1, l);
-
- /* Adjust q.
- */
- for (x = 0; ; qq --, x ++) {
- if (BigSign (t2, l) != -1)
- break;
- BigPmpyl (t1, t3, v, l);
- BigAdd (t2, t2, t1, l);
- }
-
- BigCopy (u, t2, l);
- BigConst (t3, qq, l);
- Big2Exp (t2, 8, l);
- BigPmpyl (t1, q, t2, l);
- BigAdd (q, t3, t1, l);
- }
-
- /* Check result.
- */
-
- BigPmpyl (t1, vs, q, l);
- /* t2 has remainder */
- BigSub (t2, us, t1, l);
-
- BigSub (t3, vs, t2, l);
-
- /* transfer results to input registers */
- BigCopy (qi, q, ll);
- BigCopy (ri, t2, kk);
-
- T_memset ((POINTER)u, 0, sizeof (u));
- T_memset ((POINTER)us, 0, sizeof (us));
- T_memset ((POINTER)v, 0, sizeof (v));
- T_memset ((POINTER)vs, 0, sizeof (vs));
- T_memset ((POINTER)q, 0, sizeof (q));
- T_memset ((POINTER)r, 0, sizeof (r));
- T_memset ((POINTER)t1, 0, sizeof (t1));
- T_memset ((POINTER)t2, 0, sizeof (t2));
- T_memset ((POINTER)t3, 0, sizeof (t3));
-}
+++ /dev/null
-/* Copyright (C) RSA Data Security, Inc. created 1987, 1996. This is an
- unpublished work protected as such under copyright law. This work
- contains proprietary, confidential, and trade secret information of
- RSA Data Security, Inc. Use, disclosure or reproduction without the
- express written authorization of RSA Data Security, Inc. is
- prohibited.
- */
-
-#include "port_before.h"
-#include "global.h"
-#include "bigmath.h"
-#include "port_after.h"
-
-/* a = b * c.
- */
-void BigPmpy (a, b, c, n)
-UINT2 *a, *b, *c;
-unsigned int n;
-{
- register unsigned int i;
- unsigned int cLen;
-
- BigZero (a, 2*n);
- cLen = BigLenw (c, n);
- for (i = 0; i < n; i++)
- a[cLen+i] = BigAcc (&a[i], (unsigned int)b[i], c, cLen);
-}
+++ /dev/null
-/* Copyright (C) RSA Data Security, Inc. created 1987, 1996. This is an
- unpublished work protected as such under copyright law. This work
- contains proprietary, confidential, and trade secret information of
- RSA Data Security, Inc. Use, disclosure or reproduction without the
- express written authorization of RSA Data Security, Inc. is
- prohibited.
- */
-
-#include "port_before.h"
-#include "global.h"
-#include "bigmath.h"
-#include "port_after.h"
-
-/* Returns high order t bytes of result.
- */
-void BigPmpyh (a, b, c, t, n)
-UINT2 *a, *b, *c;
-unsigned int t, n;
-{
- register unsigned int i;
- unsigned int iStart, cLen, j;
-
- BigZero (a, 2*n);
- cLen = BigLenw (c, n);
- iStart = (t >= n-1) ? t - (n-1) : 0;
-
- for (i = iStart; i < n; i++) {
- j = (t >= i) ? t - i : 0;
- a[cLen+i] = BigAcc
- (&a[i+j], (unsigned int)b[i], &c[j], (cLen >= j) ? cLen-j : 0);
- }
-}
+++ /dev/null
-/* Copyright (C) RSA Data Security, Inc. created 1987, 1996. This is an
- unpublished work protected as such under copyright law. This work
- contains proprietary, confidential, and trade secret information of
- RSA Data Security, Inc. Use, disclosure or reproduction without the
- express written authorization of RSA Data Security, Inc. is
- prohibited.
- */
-
-#include "port_before.h"
-#include "global.h"
-#include "bigmath.h"
-#include "port_after.h"
-
-/* Single precision multiply, a is same len as b and c.
- Returns low order n bytes of result.
- */
-void BigPmpyl (a, b, c, n)
-UINT2 *a, *b, *c;
-unsigned int n;
-{
- register unsigned int i;
- unsigned int cLen;
-
- BigZero (a, n);
- cLen = BigLenw (c, n);
- for (i = 0; i < n; i++) {
- if (cLen < n-i)
- a[cLen+i] = BigAcc (&a[i], (unsigned int)b[i], c, cLen);
- else
- BigAcc (&a[i], (unsigned int)b[i], c, n-i);
- }
-}
+++ /dev/null
-/* Copyright (C) RSA Data Security, Inc. created 1987, 1996. This is an
- unpublished work protected as such under copyright law. This work
- contains proprietary, confidential, and trade secret information of
- RSA Data Security, Inc. Use, disclosure or reproduction without the
- express written authorization of RSA Data Security, Inc. is
- prohibited.
- */
-
-#include "port_before.h"
-#include "global.h"
-#include "bigmath.h"
-#include "port_after.h"
-
-/* Similar to BigPmpy (a, b, b, n) but faster.
- */
-void BigPsq (a, b, n)
-UINT2 *a, *b;
-unsigned int n;
-{
- UINT4 result = (UINT4)0;
- register unsigned int i;
- unsigned int bLen;
-
- BigZero (a, 2*n);
- bLen = BigLenw (b, n);
- if (!bLen)
- return;
-
- for (i = 0; i < bLen-1; i++)
- a[bLen+i] = BigAcc (&a[2*i+1], (unsigned int)b[i], &b[i+1], bLen-i-1);
- BigAdd (a, a, a, 2*n);
-
- /* add in trace b[i] * b[i] */
- for (i = 0; i < bLen; i++) {
- result += ((UINT4)b[i]) * ((UINT4)b[i]);
- result += (UINT4)a[2*i];
- a[2*i] = (UINT2)result;
- result >>= 16;
- result += (UINT4)a[2*i+1];
- a[2*i+1] = (UINT2)result;
- result >>= 16;
- }
- a[2*i] = (UINT2)result;
-}
+++ /dev/null
-/* Copyright (C) RSA Data Security, Inc. created 1990, 1996. This is an
- unpublished work protected as such under copyright law. This work
- contains proprietary, confidential, and trade secret information of
- RSA Data Security, Inc. Use, disclosure or reproduction without the
- express written authorization of RSA Data Security, Inc. is
- prohibited.
- */
-
-#include "port_before.h"
-#include "global.h"
-#include "bigmath.h"
-#include "port_after.h"
-
-
-/* BigQrx (q, r, b, c, cInv, n) -- compute quotient and remainder fast.
- -- computes q and r s.t. b = q * c + r with 0 <= r < c.
- -- assumes b and c are positive integers.
- -- assumes q, r, c have n words, cInv has n+2 words, b has 2*n words.
- -- assumes cInv previously computed with BigInv.
- */
-void BigQrx (q, r, b, c, cInv, n)
-UINT2 *q, *r, *b, *c, *cInv;
-unsigned int n;
-{
- UINT2 qc[2 * (MAX_RSA_MODULUS_WORDS + 2)], /* current product of q and c */
- qsc[2 * (MAX_RSA_MODULUS_WORDS + 2)], /* temporary q scaled by 2**(u-s) */
- t1[2 * MAX_RSA_MODULUS_WORDS + 2];
- int uwsw3;
- register unsigned int i;
- unsigned int u, uw, cl, sw;
-
- /* 2**(cl-1) <= c < 2**cl
- 2**(u-cl) <= cInv <= 2**(u-cl+1) */
- cl = BigLen (c, n);
-
- /* u is in bits, uw is in words */
- u = BigU (2 * cl);
- uw = u/16;
-
- /* sw is in words, s is is bits */
- sw = (cl - 2) / 16;
-
- uwsw3 = uw - sw - 3;
-
- if (uwsw3 < 0)
- uwsw3 = 0;
-
- /* Copy b to local register.
- */
- BigZero (t1, 2 * n + 2);
- BigCopy (t1, b, 2 * n);
-
- /* Compute qsc = cInv * floor (b/ (2**s)).
- qsc an approximation to (b/c) * (2**(u-s))
- 2**((u-cl)+ (bl-1-s)) <= qsc 2**((u-cl+1)+ (bl-s))
- 2**(u-cl+bl-s-1) <= qsc <= 2 ** (u-cl+bl-s+1)
- (Actually, we only compute a "high-order" approximation
- to qsc, by using BigPmpyh.)
- */
- BigPmpyh (qsc, cInv, &t1[sw], uwsw3, n + 2);
-
- /* Divide by 2**(u-s) to get initial estimate for quotient q
- 2**(bl-cl-1) <= q <= 2**(bl-cl+1) (unless q = 0).
- */
- for (i = 0; i < n; i++)
- q[i] = qsc[i+ (uw - sw)];
-
- /* compute qc = low-order part of q * c
- 2 ** (bl - 2) <= qc <= 2 ** (bl + 1) */
- BigPmpyl (qc, q, c, n);
-
- /* subtract qc from b to get initial estimate for remainder r */
- BigSub (r, b, qc, n);
-
- /* Adjust to be exactly right by repeated subtraction.
- */
- while (BigCmp (r, c, n) >= 0) {
- BigSub (r, r, c, n);
- BigInc (q, n);
- }
-
- T_memset ((POINTER)qc, 0, sizeof (qc));
- T_memset ((POINTER)qsc, 0, sizeof (qsc));
- T_memset ((POINTER)t1, 0, sizeof (t1));
-}
-
-
+++ /dev/null
-/* Copyright (C) RSA Data Security, Inc. created 1987, 1996. This is an
- unpublished work protected as such under copyright law. This work
- contains proprietary, confidential, and trade secret information of
- RSA Data Security, Inc. Use, disclosure or reproduction without the
- express written authorization of RSA Data Security, Inc. is
- prohibited.
- */
-
-#include "port_before.h"
-#include "global.h"
-#include "bigmath.h"
-#include "port_after.h"
-
-UINT2 BigSmod (a, v, n)
-UINT2 *a;
-unsigned int v;
-unsigned int n;
-{
- UINT4 r = (UINT4)0;
- register int i;
- unsigned int scale;
-
- scale = (unsigned int)((UINT4)65536 % (UINT4)v);
-
- for (i = n-1; i >= 0; i--) {
- r = (r*scale) + (UINT4)a[i];
- r = r % (UINT4)v;
- }
- return ((UINT2)r);
-}
+++ /dev/null
-/* Copyright (C) RSA Data Security, Inc. created 1990, 1996. This is an
- unpublished work protected as such under copyright law. This work
- contains proprietary, confidential, and trade secret information of
- RSA Data Security, Inc. Use, disclosure or reproduction without the
- express written authorization of RSA Data Security, Inc. is
- prohibited.
- */
-
-#include "port_before.h"
-#include "global.h"
-#include "algae.h"
-#include "bigmath.h"
-#include "port_after.h"
-
-
-/* BigToCanonical () copies a word vector to a byte vector while REVERSING the
- order of significance. The word vector is input LSWord first and the
- byte vector is written out MSByte first. It also removes a leading zero
- sign bit. (The byte vector must represent a nonnegative number.)
- Returns 0, AE_DATA.
- */
-int BigToCanonical (bytePointer, numBytes, wordPointer, wordCount)
-unsigned char *bytePointer;
-unsigned int numBytes;
-UINT2 *wordPointer;
-unsigned int wordCount;
-{
- unsigned int copyCount;
-
- if (BigSign (wordPointer, wordCount) < 0 ||
- (BigLen (wordPointer, wordCount) + 7) / 8 > numBytes)
- return (AE_DATA);
-
- /* start at end of byte vector */
- bytePointer += numBytes-1;
-
- /* copy as much as possible */
- copyCount = (wordCount < numBytes / 2) ? wordCount : numBytes / 2;
- wordCount -= copyCount;
- numBytes -= 2 * copyCount;
- while (copyCount--) {
- /* Copy two bytes.*/
- *bytePointer-- = (unsigned char)*wordPointer;
- *bytePointer-- = (unsigned char)(*wordPointer >> 8);
- wordPointer++;
- }
-
- if (wordCount && numBytes & 1) {
- /* The number of output bytes was odd. Copy one last byte */
- *bytePointer-- = (unsigned char)*wordPointer++;
- wordCount--;
- numBytes--;
- }
-
- /* zero fill remainder of byte vector */
- while (numBytes--)
- *bytePointer-- = 0;
-
- return (0);
-}
-
-
+++ /dev/null
-/* Copyright (C) RSA Data Security, Inc. created 1986, 1996. This is an
- unpublished work protected as such under copyright law. This work
- contains proprietary, confidential, and trade secret information of
- RSA Data Security, Inc. Use, disclosure or reproduction without the
- express written authorization of RSA Data Security, Inc. is
- prohibited.
- */
-
-#include "port_before.h"
-#include "global.h"
-#include "bigmath.h"
-#include "port_after.h"
-
-/* BigU (t) -- returns length u where floor (2**u/b) is used as scaled version
- of (1/b) when modding out modulo b, and where (positive) integers to be
- reduced are < 2**t; i.e. they are at most t bits in length.
- Result is (t+1) rounded up if necessary to next multiple of 16.
-*/
-unsigned int BigU (t)
-unsigned int t;
-{
- return (16 * (((t+1) + 15)/16));
-}
+++ /dev/null
-/* Copyright (C) RSA Data Security, Inc. created 1986, 1996. This is an
- unpublished work protected as such under copyright law. This work
- contains proprietary, confidential, and trade secret information of
- RSA Data Security, Inc. Use, disclosure or reproduction without the
- express written authorization of RSA Data Security, Inc. is
- prohibited.
- */
-
-#include "port_before.h"
-#include "global.h"
-#include "bigmath.h"
-#include "surrendr.h"
-#include "port_after.h"
-
-/* BigUnexp - decrypt ciphertext c into message m using Chinese remainder.
- Assumes m, c of length 2*pSize, pp, qq, dp, dq and cr of length pSize.
- Returns 0, AE_CANCEL.
- */
-int BigUnexp (m, c, pp, qq, dp, dq, cr, pSize, surrenderContext)
-UINT2 *m; /* output message size 2*pSize words */
-UINT2 *c; /* input `ciphertext' size 2*pSize */
-UINT2 *pp; /* first prime size pSize */
-UINT2 *qq; /* second prime; size pSize */
-UINT2 *dp; /* decryption exponent mod p size pSize */
-UINT2 *dq; /* decryption exponent mod q size pSize */
-UINT2 *cr; /* CRT coef (inverse of q mod p) cr has len pSize */
-unsigned int pSize; /* length of p in words */
-A_SURRENDER_CTX *surrenderContext;
-{
- struct BigUnexpFrame {
- UINT2 t1[2 * MAX_RSA_PRIME_WORDS], t2[2 * MAX_RSA_PRIME_WORDS],
- t3[2 * MAX_RSA_PRIME_WORDS], u1[2 * MAX_RSA_PRIME_WORDS],
- u2[2 * MAX_RSA_PRIME_WORDS], u3[2 * MAX_RSA_PRIME_WORDS];
- } *frame = (struct BigUnexpFrame *)NULL_PTR;
-#if !USE_ALLOCED_FRAME
- struct BigUnexpFrame stackFrame;
-#endif
- int status;
-
- do {
-#if USE_ALLOCED_FRAME
- if ((frame = (struct BigUnexpFrame *)T_malloc (sizeof (*frame)))
- == (struct BigUnexpFrame *)NULL_PTR) {
- status = AE_ALLOC;
- break;
- }
-#else
- /* Just use the buffers allocated on the stack. */
- frame = &stackFrame;
-#endif
-
- BigConst (frame->t1, 0, 2 * pSize);
- BigConst (frame->t2, 0, 2 * pSize);
-
- /* u2=c mod p */
- BigPdiv (frame->u1, frame->u2, c, pp, 2 * pSize, pSize);
- if ((status = CheckSurrender (surrenderContext)) != 0)
- break;
-
- /* t1=c**dp modP */
- if ((status = BigModExp
- (frame->t1, frame->u2, dp, pp, pSize, surrenderContext)) != 0)
- break;
-
- /* u3=CmodQ */
- BigPdiv (frame->u2, frame->u3, c, qq, 2 * pSize, pSize);
- if ((status = CheckSurrender (surrenderContext)) != 0)
- break;
-
- /* t2=c**DQmodQ */
- if ((status = BigModExp
- (frame->t2, frame->u3, dq, qq, pSize, surrenderContext)) != 0)
- break;
-
- /* CRT.
- */
- BigSub (frame->u1, frame->t1, frame->t2, pSize);
-
- while (-1 == BigSign (frame->u1, pSize))
- BigAdd (frame->u1, frame->u1, pp, pSize);
-
- BigMpy (frame->u2, frame->u1, cr, pSize);
- if ((status = CheckSurrender (surrenderContext)) != 0)
- break;
- BigPdiv (frame->u3, frame->u1, frame->u2, pp, 2 * pSize, pSize);
- if ((status = CheckSurrender (surrenderContext)) != 0)
- break;
- BigMpy (m, frame->u1, qq, pSize);
-
- BigAdd (m, m, frame->t2, 2 * pSize);
- } while (0);
-
- if (frame != (struct BigUnexpFrame *)NULL_PTR) {
- T_memset ((POINTER)frame, 0, sizeof (*frame));
-#if USE_ALLOCED_FRAME
- T_free ((POINTER)frame);
-#endif
- }
- return (status);
-}
+++ /dev/null
-/* Copyright (C) RSA Data Security, Inc. created 1993, 1996. This is an
- unpublished work protected as such under copyright law. This work
- contains proprietary, confidential, and trade secret information of
- RSA Data Security, Inc. Use, disclosure or reproduction without the
- express written authorization of RSA Data Security, Inc. is
- prohibited.
- */
-
-#include "port_before.h"
-#include "global.h"
-#include "bsafe2.h"
-#include "binfocsh.h"
-#include "port_after.h"
-
-void B_InfoCacheConstructor (infoCache)
-B_InfoCache *infoCache;
-{
- /* Construct immediate base class. */
- B_MemoryPoolConstructor (&infoCache->memoryPool);
-
- T_memset ((POINTER)&infoCache->z, 0, sizeof (infoCache->z));
-}
-
-/* Returns 0, BE_ALLOC.
- */
-int B_InfoCacheAddInfo (infoCache, infoType, info)
-B_InfoCache *infoCache;
-POINTER infoType;
-POINTER info;
-{
- int status;
-
- if ((status = B_MemoryPoolRealloc
- (&infoCache->memoryPool, (POINTER *)&infoCache->z.infos,
- (infoCache->z.infoCount + 1) * sizeof (infoCache->z.infos[0]))) != 0)
- return (status);
-
- infoCache->z.infos[infoCache->z.infoCount].infoType = infoType;
- infoCache->z.infos[infoCache->z.infoCount].info = info;
- infoCache->z.infoCount++;
-
- return (0);
-}
-
-/* Set info to the entry in the cache for the given infoType.
- Returns 0, or BE_NOT_SUPPORTED if infoType is not in the cache.
- */
-int B_InfoCacheFindInfo (infoCache, info, infoType)
-B_InfoCache *infoCache;
-POINTER *info;
-POINTER infoType;
-{
- unsigned int i;
-
- for (i = 0; i < infoCache->z.infoCount; ++i) {
- if (infoCache->z.infos[i].infoType == infoType) {
- /* The info has already been constructed. */
- *info = infoCache->z.infos[i].info;
- return (0);
- }
- }
-
- return (BE_NOT_SUPPORTED);
-}
-
+++ /dev/null
-/* Copyright (C) RSA Data Security, Inc. created 1993, 1996. This is an
- unpublished work protected as such under copyright law. This work
- contains proprietary, confidential, and trade secret information of
- RSA Data Security, Inc. Use, disclosure or reproduction without the
- express written authorization of RSA Data Security, Inc. is
- prohibited.
- */
-
-#ifndef _BINFOCSH_H_
-#define _BINFOCSH_H_ 1
-
-#include "bmempool.h"
-
-typedef struct B_InfoCache {
- B_MemoryPool memoryPool; /* inherited */
- struct {
- unsigned int infoCount;
- struct {
- POINTER infoType;
- POINTER info;
- } *infos;
- /* POINTER reserved; */
- } z; /* z gives the members that are zeroized by the constructor */
-} B_InfoCache;
-
-void B_InfoCacheConstructor PROTO_LIST ((B_InfoCache *));
-#define B_INFO_CACHE_Destructor(infoCache) \
- B_MemoryPoolDestructor (&(infoCache)->memoryPool)
-
-int B_InfoCacheAddInfo PROTO_LIST ((B_InfoCache *, POINTER, POINTER));
-int B_InfoCacheFindInfo PROTO_LIST ((B_InfoCache *, POINTER *, POINTER));
-
-#endif
+++ /dev/null
-/* Copyright (C) RSA Data Security, Inc. created 1993, 1996. This is an
- unpublished work protected as such under copyright law. This work
- contains proprietary, confidential, and trade secret information of
- RSA Data Security, Inc. Use, disclosure or reproduction without the
- express written authorization of RSA Data Security, Inc. is
- prohibited.
- */
-
-#include "port_before.h"
-#include "global.h"
-#include "bsafe2.h"
-#include "bkey.h"
-#include "kinfotyp.h"
-#include "kiitem.h"
-#include "port_after.h"
-
-int B_KeySetInfo (key, keyInfoType, info)
-B_Key *key;
-B_KeyInfoType *keyInfoType;
-POINTER info;
-{
- if (key == (B_Key *)NULL_PTR)
- return (BE_KEY_OBJ);
-
- if (key->infoCache.z.infoCount > 0)
- return (BE_KEY_ALREADY_SET);
-
- /* This will cache the encoding. */
- return ((*keyInfoType->AddInfo) (key, info));
-}
-
-int B_KeyGetInfo (key, info, keyInfoType)
-B_Key *key;
-POINTER *info;
-B_KeyInfoType *keyInfoType;
-{
- int status;
-
- if (key == (B_Key *)NULL_PTR)
- return (BE_KEY_OBJ);
-
- if (key->infoCache.z.infoCount == 0)
- return (BE_KEY_NOT_SET);
-
- /* First check if the encoding is already in the encoding cache.
- */
- if (B_InfoCacheFindInfo (&key->infoCache, info, (POINTER)keyInfoType) == 0)
- return (0);
-
- /* Info is not in the cache, go ahead and encode.
- */
- if ((status = (*keyInfoType->MakeInfo) (info, key)) != 0)
- return (status);
-
- return (B_InfoCacheAddInfo (&key->infoCache, (POINTER)keyInfoType, *info));
-}
-
-/* Create an ITEM out of the data and len and cache it as KITItem.
- The data is already alloced in the info cache.
- Returns 0, BE_ALLOC.
- */
-int B_KeyAddItemInfo (key, data, len)
-B_Key *key;
-unsigned char *data;
-unsigned int len;
-{
- ITEM *newInfo;
- int status;
-
- if ((status = B_MemoryPoolAlloc
- (&key->infoCache.memoryPool, (POINTER *)&newInfo, sizeof (*newInfo)))
- != 0)
- return (status);
-
- newInfo->data = data;
- newInfo->len = len;
-
- return (B_InfoCacheAddInfo
- (&key->infoCache, (POINTER)&KITItem, (POINTER)newInfo));
-}
-
-/* Return the number of bits in the canonical, positive integer.
- B_IntegerBits (0) = 0.
- */
-unsigned int B_IntegerBits (integer, integerLen)
-unsigned char *integer;
-unsigned int integerLen;
-{
- unsigned char mask, byte;
- unsigned int bytes, bits;
-
- for (bytes = 0; bytes < integerLen && integer[bytes] == 0; bytes++);
- if (bytes == integerLen)
- return (0);
-
- /* Get byte to test and increment byte count for final calculation */
- byte = integer[bytes++];
-
- /* Get number of bits in most significant byte */
- for (bits = 8, mask = 0x80; (byte & mask) == 0; bits--, mask >>= 1);
- return (8 * (integerLen - bytes) + bits);
-}
-
+++ /dev/null
-/* Copyright (C) RSA Data Security, Inc. created 1993, 1996. This is an
- unpublished work protected as such under copyright law. This work
- contains proprietary, confidential, and trade secret information of
- RSA Data Security, Inc. Use, disclosure or reproduction without the
- express written authorization of RSA Data Security, Inc. is
- prohibited.
- */
-
-#ifndef _BKEY_H_
-#define _BKEY_H_ 1
-
-#include "binfocsh.h"
-
-typedef struct {
- B_InfoCache infoCache; /* inherited */
-
- /* For now we don't need to worry about a reserved field.
- struct {
- POINTER reserved;
- } z;
- */
-} B_Key;
-
-#define B_KEY_Constructor(key) (B_InfoCacheConstructor (&(key)->infoCache))
-#define B_KEY_Destructor(key) (B_INFO_CACHE_Destructor (&(key)->infoCache))
-
-struct B_KeyInfoType;
-int B_KeySetInfo PROTO_LIST ((B_Key *, struct B_KeyInfoType *, POINTER));
-int B_KeyGetInfo PROTO_LIST ((B_Key *, POINTER *, struct B_KeyInfoType *));
-int B_KeyAddItemInfo PROTO_LIST ((B_Key *, unsigned char *, unsigned int));
-
-#endif
+++ /dev/null
-/* Copyright (C) RSA Data Security, Inc. created 1993, 1996. This is an
- unpublished work protected as such under copyright law. This work
- contains proprietary, confidential, and trade secret information of
- RSA Data Security, Inc. Use, disclosure or reproduction without the
- express written authorization of RSA Data Security, Inc. is
- prohibited.
- */
-
-#include "port_before.h"
-#include "global.h"
-#include "bsafe2.h"
-#include "bmempool.h"
-#include "port_after.h"
-
-#define ALLOCED_LIST_SLACK 10
-
-void B_MemoryPoolConstructor (memoryPool)
-B_MemoryPool *memoryPool;
-{
- T_memset ((POINTER)&memoryPool->z, 0, sizeof (memoryPool->z));
-}
-
-void B_MemoryPoolDestructor (memoryPool)
-B_MemoryPool *memoryPool;
-{
- B_MemoryPoolReset (memoryPool);
- T_free ((POINTER)memoryPool->z.allocedList);
-}
-
-/* For each item on the alloced list, call the DeleteFuncion if
- there is one, otherwise zerioze and free.
- Leave the list itself allocated with all NULL entries.
- */
-void B_MemoryPoolReset (memoryPool)
-B_MemoryPool *memoryPool;
-{
- B_ALLOCED_DATA *allocedData;
- unsigned int i;
-
- for (i = memoryPool->z.allocedCount,
- allocedData = memoryPool->z.allocedList;
- i-- > 0;
- ++allocedData) {
- /* Only process this entry if the data is not NULL_PTR.
- */
- if (allocedData->object != NULL_PTR) {
- if (allocedData->DeleteFunction != NULL)
- /* There is a destroy function, so call. */
- (*allocedData->DeleteFunction) (allocedData->object);
- else {
- T_memset (allocedData->object, 0, allocedData->size);
- T_free (allocedData->object);
- }
- allocedData->object = NULL_PTR;
- }
- }
-
- memoryPool->z.allocedCount = 0;
- /* Note that maxAllocedCount still indicates the size of the alloced list. */
-}
-
-/* On any error return, NULL_PTR is returned for the data.
- Returns 0 if successful, or BE_ALLOC if cannot alloc the memory.
- */
-int B_MemoryPoolAlloc (memoryPool, data, size)
-B_MemoryPool *memoryPool;
-POINTER *data;
-unsigned int size;
-{
- if ((*data = T_malloc (size)) == NULL_PTR)
- return (BE_ALLOC);
- return (B_MemoryPoolAdoptData (memoryPool, data, size));
-}
-
-/* Use alloc to allocate the newData of length size and T_memcpy data into it.
- On any error return, NULL_PTR is returned for the newData.
- Returns 0 if successful or BE_ALLOC if cannot alloc the memory.
- */
-int B_MemoryPoolAllocAndCopy (memoryPool, newData, data, size)
-B_MemoryPool *memoryPool;
-POINTER *newData;
-POINTER data;
-unsigned int size;
-{
- int status;
-
- if ((status = B_MemoryPoolAlloc (memoryPool, newData, size)) != 0)
- return (status);
-
- T_memcpy (*newData, data, size);
- return (0);
-}
-
-/* Put the given data on the memory pool's alloced list.
- The size of the alloced data buffer must be passed in so that it can
- be zeroized when the object is reset (Pass in a size of zero if
- the buffer does not need to be zeroized.)
- The data is passed by reference, so that if there is an error,
- the data is zeroized and freed, and the pointer to the data is set
- to NULL_PTR.
- This routine should be used with caution - it is meant be called
- immediately after an alloc.
- No check is made as to whether the data is already on the memory pool's
- alloced list (which would be a problem since it will get freed twice).
- Returns 0 if successful or BE_ALLOC if cannot expand the alloced list.
- */
-int B_MemoryPoolAdoptData (memoryPool, data, size)
-B_MemoryPool *memoryPool;
-POINTER *data;
-unsigned int size;
-{
- int status;
-
- if ((status = B_MemoryPoolAdoptHelper(memoryPool, *data, size, NULL)) != 0) {
- T_memset (*data, 0, size);
- T_free (*data);
- *data = NULL_PTR;
- return (status);
- }
-
- return (0);
-}
-
-/* Put the given object on the memory pool's alloced list.
- The size of the alloced object must be passed in so that it can
- be zeroized when the object is reset (Pass in a size of zero if
- the buffer does not need to be zeroized, especially if it
- is an object and not a data buffer.)
- The object is not passed by reference. If there is an error,
- the calling routine should clean up the object, such as zeroizing
- and freeing.
- No check is made as to whether the object is already on the memory pool's
- alloced list (which would be a problem since it will get freed twice).
- Returns 0 if successful or BE_ALLOC if cannot expand the alloced list.
- */
-int B_MemoryPoolAdoptHelper (memoryPool, object, size, DeleteFunction)
-B_MemoryPool *memoryPool;
-POINTER object;
-unsigned int size;
-B_MEMORY_POOL_DELETE_FUNCTION DeleteFunction;
-{
- POINTER newList;
- unsigned int newMaxCount;
-
- if (memoryPool->z.allocedCount + 1 > memoryPool->z.maxAllocedCount) {
- /* Make extra room on the alloced list.
- */
- newMaxCount = memoryPool->z.allocedCount + ALLOCED_LIST_SLACK;
- if ((newList = T_malloc (newMaxCount * sizeof (B_ALLOCED_DATA)))
- == NULL_PTR)
- /* alloc errorm so caller should clean up the object it passed. */
- return (BE_ALLOC);
-
- /* move in new list and free old list */
- T_memcpy
- (newList, (POINTER)memoryPool->z.allocedList,
- memoryPool->z.allocedCount * sizeof (B_ALLOCED_DATA));
- T_free ((POINTER)memoryPool->z.allocedList);
- memoryPool->z.allocedList = (B_ALLOCED_DATA *)newList;
- memoryPool->z.maxAllocedCount = newMaxCount;
- }
-
- /* Put object on alloced list and increment count.
- */
- memoryPool->z.allocedList[memoryPool->z.allocedCount].object = object;
- memoryPool->z.allocedList[memoryPool->z.allocedCount].size = size;
- memoryPool->z.allocedList[memoryPool->z.allocedCount++].DeleteFunction =
- DeleteFunction;
- return (0);
-}
-
-/* 'data' points to the pointer to realloc and also is used to
- return the realloced memory.
- If data points to NULL_PTR, behaves like B_MemoryPoolAlloc.
- Find 'data' on the allocedList and realloc it to the given size,
- replacing the entry on the alloced list with the new memory.
- If it is not on the allocedList, the adopt the reallocated memory.
- If the buffer must be moved during the realloc, the old buffer is not
- zeroized (unless T_realloc does the zeroizing).
- This assumes that the (POINTER *)data is not (POINTER *)NULL_PTR.
- This assumes there is no DesroyFunction for this entry. That is,
- you should not try to resize an object.
- On any error return, NULL_PTR is returned for the data.
- Returns 0 if successful or BE_ALLOC if cannot alloc the memory.
- */
-int B_MemoryPoolRealloc (memoryPool, data, size)
-B_MemoryPool *memoryPool;
-POINTER *data;
-unsigned int size;
-{
- B_ALLOCED_DATA *allocedData;
-
- allocedData = B_MemoryPoolFindAllocedObject (memoryPool, *data);
-
- if ((*data = T_realloc (*data, size)) == NULL_PTR) {
- if (allocedData != (B_ALLOCED_DATA *)NULL_PTR)
- /* Could not reallocate, so nullify this entry. */
- allocedData->object = NULL_PTR;
-
- return (BE_ALLOC);
- }
-
- /* Realloc was successful.
- */
- if (allocedData == (B_ALLOCED_DATA *)NULL_PTR)
- /* The data was not in the memory pool to start with, so adopt it.
- Note that this also happens when the data is initially NULL_PTR. */
- return (B_MemoryPoolAdoptData (memoryPool, data, size));
-
- /* Replace the entry on the alloced list with the new memory.
- */
- allocedData->object = *data;
- allocedData->size = size;
- return (0);
-}
-
-/* Find the object in the alloced list, call the DeleteFunction if
- there is one, zeroize it and free it, nullifying that alloced list entry.
- The object to be freed is passed by pointer and is set to NULL_PTR to
- enforce the fact that the address no longer points to valid memory.
- This assumes that the (POINTER *)data is not (POINTER *)NULL_PTR.
- If the address is not found on the alloced list, only set the address
- to NULL_PTR.
- */
-void B_MemoryPoolFree (memoryPool, object)
-B_MemoryPool *memoryPool;
-POINTER *object;
-{
- B_ALLOCED_DATA *allocedData;
-
- if ((allocedData = B_MemoryPoolFindAllocedObject (memoryPool, *object))
- != (B_ALLOCED_DATA *)NULL_PTR) {
- if (allocedData->DeleteFunction != NULL)
- /* There is a destroy function, so call. */
- (*allocedData->DeleteFunction) (allocedData->object);
- else {
- T_memset (*object, 0, allocedData->size);
- T_free (*object);
- }
-
- /* Set this entry to NULL_PTR so that reset will not process it. */
- allocedData->object = NULL_PTR;
- }
-
- *object = NULL_PTR;
-}
-
-/* Return a pointer to the alloced object entry in the memoryPool.
- Return (ALLOCED_DATA *)NULL_PTR if object is NULL_PTR or object is not
- in the memoryPool.
- */
-B_ALLOCED_DATA *B_MemoryPoolFindAllocedObject (memoryPool, object)
-B_MemoryPool *memoryPool;
-POINTER object;
-{
- B_ALLOCED_DATA *allocedData;
- unsigned int i;
-
- if (object == NULL_PTR)
- return ((B_ALLOCED_DATA *)NULL_PTR);
-
- for (i = memoryPool->z.allocedCount,
- allocedData = memoryPool->z.allocedList;
- i-- > 0;
- ++allocedData) {
- if (allocedData->object == object)
- return (allocedData);
- }
-
- /* data not found. */
- return ((B_ALLOCED_DATA *)NULL_PTR);
-}
-
+++ /dev/null
-/* Copyright (C) RSA Data Security, Inc. created 1993, 1996. This is an
- unpublished work protected as such under copyright law. This work
- contains proprietary, confidential, and trade secret information of
- RSA Data Security, Inc. Use, disclosure or reproduction without the
- express written authorization of RSA Data Security, Inc. is
- prohibited.
- */
-
-#ifndef _BMEMPOOL_H_
-#define _BMEMPOOL_H_ 1
-
-typedef void (*B_MEMORY_POOL_DELETE_FUNCTION) PROTO_LIST ((POINTER));
-
-typedef struct {
- POINTER object;
- unsigned int size;
- B_MEMORY_POOL_DELETE_FUNCTION DeleteFunction;
-} B_ALLOCED_DATA;
-
-typedef struct {
- struct {
- unsigned int allocedCount;
- unsigned int maxAllocedCount; /* Size of the actuall allocated list */
- B_ALLOCED_DATA *allocedList;
- /* POINTER reserved; */
- } z; /* z gives the members that are zeroized by the constructor */
-} B_MemoryPool;
-
-void B_MemoryPoolConstructor PROTO_LIST ((B_MemoryPool *));
-void B_MemoryPoolDestructor PROTO_LIST ((B_MemoryPool *));
-
-void B_MemoryPoolReset PROTO_LIST ((B_MemoryPool *));
-int B_MemoryPoolAlloc PROTO_LIST ((B_MemoryPool *, POINTER *, unsigned int));
-int B_MemoryPoolAllocAndCopy PROTO_LIST
- ((B_MemoryPool *, POINTER *, POINTER, unsigned int));
-int B_MemoryPoolAdoptData PROTO_LIST
- ((B_MemoryPool *, POINTER *, unsigned int));
-int B_MemoryPoolAdoptObject PROTO_LIST
- ((B_MemoryPool *, POINTER *, B_MEMORY_POOL_DELETE_FUNCTION));
-int B_MemoryPoolRealloc PROTO_LIST ((B_MemoryPool *, POINTER *, unsigned int));
-int B_MemoryPoolSafeRealloc PROTO_LIST
- ((B_MemoryPool *, POINTER *, unsigned int));
-void B_MemoryPoolFree PROTO_LIST ((B_MemoryPool *, POINTER *));
-void B_MemoryPoolResetExceptObject PROTO_LIST ((B_MemoryPool *, POINTER));
-
-/* These are "private member functions ".
- */
-B_ALLOCED_DATA *B_MemoryPoolFindAllocedObject PROTO_LIST
- ((B_MemoryPool *, POINTER));
-int B_MemoryPoolAdoptHelper PROTO_LIST
- ((B_MemoryPool *, POINTER, unsigned int, B_MEMORY_POOL_DELETE_FUNCTION));
-
-#endif
+++ /dev/null
-/* Copyright (C) RSA Data Security, Inc. created 1990, 1996. This is an
- unpublished work protected as such under copyright law. This work
- contains proprietary, confidential, and trade secret information of
- RSA Data Security, Inc. Use, disclosure or reproduction without the
- express written authorization of RSA Data Security, Inc. is
- prohibited.
- */
-
-#ifndef _BSAFE_H_
-#define _BSAFE_H_ 1
-
-#ifndef T_CALL
-#define T_CALL
-#endif
-
-#include "atypes.h"
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-#define BE_ALGORITHM_ALREADY_SET 0x0200
-#define BE_ALGORITHM_INFO 0x0201
-#define BE_ALGORITHM_NOT_INITIALIZED 0x0202
-#define BE_ALGORITHM_NOT_SET 0x0203
-#define BE_ALGORITHM_OBJ 0x0204
-#define BE_ALG_OPERATION_UNKNOWN 0x0205
-#define BE_ALLOC 0x0206
-#define BE_CANCEL 0x0207
-#define BE_DATA 0x0208
-#define BE_EXPONENT_EVEN 0x0209
-#define BE_EXPONENT_LEN 0x020a
-#define BE_HARDWARE 0x020b
-#define BE_INPUT_DATA 0x020c
-#define BE_INPUT_LEN 0x020d
-#define BE_KEY_ALREADY_SET 0x020e
-#define BE_KEY_INFO 0x020f
-#define BE_KEY_LEN 0x0210
-#define BE_KEY_NOT_SET 0x0211
-#define BE_KEY_OBJ 0x0212
-#define BE_KEY_OPERATION_UNKNOWN 0x0213
-#define BE_MEMORY_OBJ 0x0214
-#define BE_MODULUS_LEN 0x0215
-#define BE_NOT_INITIALIZED 0x0216
-#define BE_NOT_SUPPORTED 0x0217
-#define BE_OUTPUT_LEN 0x0218
-#define BE_OVER_32K 0x0219
-#define BE_RANDOM_NOT_INITIALIZED 0x021a
-#define BE_RANDOM_OBJ 0x021b
-#define BE_SIGNATURE 0x021c
-#define BE_WRONG_ALGORITHM_INFO 0x021d
-#define BE_WRONG_KEY_INFO 0x021e
-#define BE_INPUT_COUNT 0x021f
-#define BE_OUTPUT_COUNT 0x0220
-#define BE_METHOD_NOT_IN_CHOOSER 0x221
-
-typedef POINTER B_KEY_OBJ;
-typedef POINTER B_ALGORITHM_OBJ;
-
-typedef int (T_CALL *B_INFO_TYPE) PROTO_LIST ((POINTER *));
-
-typedef struct B_ALGORITHM_METHOD B_ALGORITHM_METHOD;
-typedef B_ALGORITHM_METHOD **B_ALGORITHM_CHOOSER;
-
-/* Routines supplied by the implementor.
- */
-void T_CALL T_memset PROTO_LIST ((POINTER, int, unsigned int));
-void T_CALL T_memcpy PROTO_LIST ((POINTER, CPOINTER, unsigned int));
-void T_CALL T_memmove PROTO_LIST ((POINTER, POINTER, unsigned int));
-int T_CALL T_memcmp PROTO_LIST ((CPOINTER, CPOINTER, unsigned int));
-POINTER T_CALL T_malloc PROTO_LIST ((unsigned int));
-POINTER T_CALL T_realloc PROTO_LIST ((POINTER, unsigned int));
-void T_CALL T_free PROTO_LIST ((POINTER));
-
-/* The key object.
- */
-int T_CALL B_CreateKeyObject PROTO_LIST ((B_KEY_OBJ *));
-void T_CALL B_DestroyKeyObject PROTO_LIST ((B_KEY_OBJ *));
-int T_CALL B_SetKeyInfo PROTO_LIST ((B_KEY_OBJ, B_INFO_TYPE, POINTER));
-int T_CALL B_GetKeyInfo PROTO_LIST ((POINTER *, B_KEY_OBJ, B_INFO_TYPE));
-
-/* The algorithm object.
- */
-int T_CALL B_CreateAlgorithmObject PROTO_LIST ((B_ALGORITHM_OBJ *));
-void T_CALL B_DestroyAlgorithmObject PROTO_LIST ((B_ALGORITHM_OBJ *));
-int T_CALL B_SetAlgorithmInfo PROTO_LIST
- ((B_ALGORITHM_OBJ, B_INFO_TYPE, POINTER));
-int T_CALL B_GetAlgorithmInfo PROTO_LIST
- ((POINTER *, B_ALGORITHM_OBJ, B_INFO_TYPE));
-
-unsigned int B_IntegerBits PROTO_LIST ((unsigned char *, unsigned int));
-
-/* Algorithm operations.
- */
-int T_CALL B_RandomInit PROTO_LIST
- ((B_ALGORITHM_OBJ, B_ALGORITHM_CHOOSER, A_SURRENDER_CTX *));
-int T_CALL B_RandomUpdate PROTO_LIST
- ((B_ALGORITHM_OBJ, unsigned char *, unsigned int, A_SURRENDER_CTX *));
-int T_CALL B_GenerateRandomBytes PROTO_LIST
- ((B_ALGORITHM_OBJ, unsigned char *, unsigned int, A_SURRENDER_CTX *));
-
-int T_CALL B_DigestInit PROTO_LIST
- ((B_ALGORITHM_OBJ, B_KEY_OBJ, B_ALGORITHM_CHOOSER, A_SURRENDER_CTX *));
-int T_CALL B_DigestUpdate PROTO_LIST
- ((B_ALGORITHM_OBJ, const unsigned char *, unsigned int, A_SURRENDER_CTX *));
-int T_CALL B_DigestFinal PROTO_LIST
- ((B_ALGORITHM_OBJ, unsigned char *, unsigned int *, unsigned int,
- A_SURRENDER_CTX *));
-
-int T_CALL B_EncryptInit PROTO_LIST
- ((B_ALGORITHM_OBJ, B_KEY_OBJ, B_ALGORITHM_CHOOSER, A_SURRENDER_CTX *));
-int T_CALL B_EncryptUpdate PROTO_LIST
- ((B_ALGORITHM_OBJ, unsigned char *, unsigned int *, unsigned int,
- unsigned char *, unsigned int, B_ALGORITHM_OBJ, A_SURRENDER_CTX *));
-int T_CALL B_EncryptFinal PROTO_LIST
- ((B_ALGORITHM_OBJ, unsigned char *, unsigned int *, unsigned int,
- B_ALGORITHM_OBJ, A_SURRENDER_CTX *));
-
-int T_CALL B_DecryptInit PROTO_LIST
- ((B_ALGORITHM_OBJ, B_KEY_OBJ, B_ALGORITHM_CHOOSER, A_SURRENDER_CTX *));
-int T_CALL B_DecryptUpdate PROTO_LIST
- ((B_ALGORITHM_OBJ, unsigned char *, unsigned int *, unsigned int,
- const unsigned char *, unsigned int, B_ALGORITHM_OBJ, A_SURRENDER_CTX *));
-int T_CALL B_DecryptFinal PROTO_LIST
- ((B_ALGORITHM_OBJ, unsigned char *, unsigned int *, unsigned int,
- B_ALGORITHM_OBJ, A_SURRENDER_CTX *));
-
-
-
-int T_CALL B_GenerateInit PROTO_LIST
- ((B_ALGORITHM_OBJ, B_ALGORITHM_CHOOSER, A_SURRENDER_CTX *));
-int T_CALL B_GenerateKeypair PROTO_LIST
- ((B_ALGORITHM_OBJ, B_KEY_OBJ, B_KEY_OBJ, B_ALGORITHM_OBJ,
- A_SURRENDER_CTX *));
-int T_CALL B_GenerateParameters PROTO_LIST
- ((B_ALGORITHM_OBJ, B_ALGORITHM_OBJ, B_ALGORITHM_OBJ, A_SURRENDER_CTX *));
-
-
-/* Information for password-based encryption (PBE) algorithms.
- */
-typedef struct {
- unsigned char *salt; /* salt value */
- unsigned int iterationCount; /* iteration count */
-} B_PBE_PARAMS;
-
-/* Information for MAC algorithm.
- */
-typedef struct {
- unsigned int macLen; /* length of MAC value */
-} B_MAC_PARAMS;
-
-
-/* Information for BSAFE 1.x compatible encryption algorithms.
- */
-
-
-typedef struct {
- unsigned int threshold; /* share threshold */
-} B_SECRET_SHARING_PARAMS;
-
-/* Key Info Types.
- */
-int T_CALL KI_8Byte PROTO_LIST ((POINTER *));
-int T_CALL KI_Item PROTO_LIST ((POINTER *));
-int T_CALL KI_PKCS_RSAPrivate PROTO_LIST ((POINTER *));
-int T_CALL KI_RSAPublic PROTO_LIST ((POINTER *));
-int T_CALL KI_RSA_CRT PROTO_LIST ((POINTER *));
-
-/* Algorithm Info Types.
- */
-int T_CALL AI_MD5 PROTO_LIST ((POINTER *));
-int T_CALL AI_MD5Random PROTO_LIST ((POINTER *));
-int T_CALL AI_PKCS_RSAPrivate PROTO_LIST ((POINTER *));
-int T_CALL AI_PKCS_RSAPublic PROTO_LIST ((POINTER *));
-int T_CALL AI_RSAKeyGen PROTO_LIST ((POINTER *));
-int T_CALL AI_RSAPrivate PROTO_LIST ((POINTER *));
-int T_CALL AI_RSAPublic PROTO_LIST ((POINTER *));
-
-
-/* Algorithm methods for use int the algorithm chooser.
- */
-extern B_ALGORITHM_METHOD T_CALL AM_MD5;
-extern B_ALGORITHM_METHOD T_CALL AM_MD5_RANDOM;
-extern B_ALGORITHM_METHOD T_CALL AM_RSA_CRT_DECRYPT;
-extern B_ALGORITHM_METHOD T_CALL AM_RSA_CRT_ENCRYPT;
-extern B_ALGORITHM_METHOD T_CALL AM_RSA_DECRYPT;
-extern B_ALGORITHM_METHOD T_CALL AM_RSA_ENCRYPT;
-extern B_ALGORITHM_METHOD T_CALL AM_RSA_KEY_GEN;
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif
+++ /dev/null
-/* Copyright (C) RSA Data Security, Inc. created 1993, 1996. This is an
- unpublished work protected as such under copyright law. This work
- contains proprietary, confidential, and trade secret information of
- RSA Data Security, Inc. Use, disclosure or reproduction without the
- express written authorization of RSA Data Security, Inc. is
- prohibited.
- */
-
-#ifndef _BTYPECHK_H_
-#define _BTYPECHK_H_ 1
-
-struct B_TypeCheck;
-
-typedef void (*B_TYPE_CHECK_DESTRUCTOR) PROTO_LIST ((struct B_TypeCheck *));
-
-typedef struct B_TypeCheck {
- B_TYPE_CHECK_DESTRUCTOR _Destructor;
-} B_TypeCheck;
-
-#define B_TYPE_CHECK_Constructor(typeCheck, Destructor)\
- (typeCheck)->_Destructor = (Destructor)
-#define B_TYPE_CHECK_Destructor(typeCheck)\
- (*(typeCheck)->_Destructor) (typeCheck)
-
-#endif
+++ /dev/null
-/* Copyright (C) RSA Data Security, Inc. created 1990, 1996. This is an
- unpublished work protected as such under copyright law. This work
- contains proprietary, confidential, and trade secret information of
- RSA Data Security, Inc. Use, disclosure or reproduction without the
- express written authorization of RSA Data Security, Inc. is
- prohibited.
- */
-
-#include "port_before.h"
-#include "global.h"
-#include "algae.h"
-#include "bigmath.h"
-#include "port_after.h"
-
-/* CanonicalToBig () copies a byte vector into a word vector while REVERSING
- the order of significance. The byte vector is input MSByte first while
- the word vector is written out LSWord first. It also adds a leading zero
- sign bit if necessary.
- Returns 0, AE_DATA.
- */
-int CanonicalToBig (wordPointer, wordCount, bytePointer, numBytes)
-UINT2 *wordPointer;
-unsigned int wordCount;
-const unsigned char *bytePointer;
-unsigned int numBytes;
-{
- unsigned int copyCount;
-
- if (A_IntegerBits (bytePointer, numBytes) / 16 + 1 > wordCount)
- return (AE_DATA);
-
- /* start at end of byte vector */
- bytePointer += numBytes-1;
-
- /* copy as much as possible */
- copyCount = (wordCount < numBytes / 2) ? wordCount : numBytes / 2;
- wordCount -= copyCount;
- numBytes -= 2 * copyCount;
- while (copyCount--) {
- /* Copy two bytes.*/
- *wordPointer++ = (UINT2)*bytePointer + (*(bytePointer - 1) << 8);
- bytePointer -= 2;
- }
-
- if (wordCount && numBytes & 1) {
- /* If the number of input bytes was odd. Copy one last byte.*/
- *wordPointer++ = (UINT2)*bytePointer--;
- wordCount--;
- numBytes--;
- }
-
- /* zero fill remainder of word vector */
- while (wordCount--)
- *wordPointer++ = 0;
-
- return (0);
-}
-
-
+++ /dev/null
-/* Copyright (C) RSA Data Security, Inc. created 1990, 1996. This is an
- unpublished work protected as such under copyright law. This work
- contains proprietary, confidential, and trade secret information of
- RSA Data Security, Inc. Use, disclosure or reproduction without the
- express written authorization of RSA Data Security, Inc. is
- prohibited.
- */
-
-#include "port_before.h"
-#include "global.h"
-#include "algae.h"
-#include "crt2.h"
-#include "bigmath.h"
-#include "port_after.h"
-
-/* RSA encryption/decryption with Chinese Remainder Theorem.
- */
-
-#define GENERATE_BREAK(type) { \
- status = type; \
- break; \
- }
-
-static int RSA_CRT2 PROTO_LIST
- ((A_RSA_CRT2_CTX *, unsigned char *, unsigned int *, unsigned int,
- const unsigned char *, A_SURRENDER_CTX *));
-
-int A_RSA_CRT2Init (context, key)
-A_RSA_CRT2_CTX *context;
-A_RSA_CRT_KEY *key;
-{
- if (A_IntegerBits (key->modulus.data, key->modulus.len)
- > MAX_RSA_MODULUS_BITS)
- /* Key len is too big to handle. */
- return (AE_MODULUS_LEN);
-
- /* Set the block update blockLen to be big enough to hold the modulus.
- */
- context->blockLen =
- BITS_TO_LEN (A_IntegerBits (key->modulus.data, key->modulus.len));
-
- context->inputLen = 0;
-
- /* convert first prime to bignum format */
- if (CanonicalToBig
- (context->primeP, MAX_RSA_PRIME_WORDS, key->prime[0].data,
- key->prime[0].len))
- return (AE_KEY_INFO);
-
- /* compute significant length of first prime */
- context->primeWords = BITS_TO_WORDS
- (BigLen (context->primeP, MAX_RSA_PRIME_WORDS));
-
- /* convert other private key parameters to bignum format */
- if (CanonicalToBig
- (context->primeQ, context->primeWords, key->prime[1].data,
- key->prime[1].len) ||
- CanonicalToBig
- (context->exponentP, context->primeWords,
- key->primeExponent[0].data, key->primeExponent[0].len) ||
- CanonicalToBig
- (context->exponentQ, context->primeWords,
- key->primeExponent[1].data, key->primeExponent[1].len) ||
- CanonicalToBig
- (context->coefficient, context->primeWords,
- key->coefficient.data, key->coefficient.len))
- return (AE_KEY_INFO);
-
- /* convert modulus to bignum format */
- if (CanonicalToBig
- (context->modulus, 2 * context->primeWords,
- key->modulus.data, key->modulus.len))
- return (AE_KEY_INFO);
-
- return (0);
-}
-
-int A_RSA_CRT2Update
- (context, partOut, partOutLen, maxPartOutLen, partIn, partInLen,
- surrenderContext)
-A_RSA_CRT2_CTX *context;
-unsigned char *partOut;
-unsigned int *partOutLen;
-unsigned int maxPartOutLen;
-const unsigned char *partIn;
-unsigned int partInLen;
-A_SURRENDER_CTX *surrenderContext;
-{
- int status;
- unsigned int partialLen, localPartOutLen;
-
- /* Initialize partOutLen to zero. */
- *partOutLen = 0;
-
- if (context->inputLen + partInLen < context->blockLen) {
- /* Not enough to encrypt - just accumulate.
- */
- T_memcpy
- ((POINTER)(context->input + context->inputLen), (CPOINTER)partIn,
- partInLen);
- context->inputLen += partInLen;
- return (0);
- }
-
- if (context->inputLen > 0) {
- /* Need to accumulate the rest of the block bytes into the input and
- encrypt from there (otherwise it's OK to encrypt straight from
- the partIn).
- */
- partialLen = context->blockLen - context->inputLen;
- T_memcpy
- ((POINTER)(context->input + context->inputLen), (CPOINTER)partIn,
- partialLen);
- partIn += partialLen;
- partInLen -= partialLen;
-
- if ((status = RSA_CRT2
- (context, partOut, &localPartOutLen, maxPartOutLen, context->input,
- surrenderContext)) != 0)
- return (status);
- (*partOutLen) += localPartOutLen;
- partOut += localPartOutLen;
- maxPartOutLen -= localPartOutLen;
- }
-
- /* Encrypt as many blocks of input as provided.
- */
- while (partInLen >= context->blockLen) {
- if ((status = RSA_CRT2
- (context, partOut, &localPartOutLen, maxPartOutLen, partIn,
- surrenderContext)) != 0)
- return (status);
-
- partIn += context->blockLen;
- partInLen -= context->blockLen;
- (*partOutLen) += localPartOutLen;
- partOut += localPartOutLen;
- maxPartOutLen -= localPartOutLen;
- }
-
- /* Copy remaining input bytes to the context's input buffer.
- */
- T_memcpy
- ((POINTER)context->input, partIn, partInLen);
- context->inputLen = partInLen;
- return (0);
-}
-
-int A_RSA_CRT2Final (context)
-A_RSA_CRT2_CTX *context;
-{
- if (context->inputLen != 0)
- return (AE_INPUT_LEN);
-
- /* Restart context to accumulate a new block.
- */
- context->inputLen = 0;
- return (0);
-}
-
-/* Assume input length is context->blockLen.
- */
-static int RSA_CRT2
- (context, output, outputLen, maxOutputLen, input, surrenderContext)
-A_RSA_CRT2_CTX *context;
-unsigned char *output;
-unsigned int *outputLen;
-unsigned int maxOutputLen;
-const unsigned char *input;
-A_SURRENDER_CTX *surrenderContext;
-{
- struct ModExpCRTFrame {
- UINT2 bigInBuf[2 * MAX_RSA_PRIME_WORDS],
- bigOutBuf[2 * MAX_RSA_PRIME_WORDS];
- } *frame = (struct ModExpCRTFrame *)NULL_PTR;
-#if !USE_ALLOCED_FRAME
- struct ModExpCRTFrame stackFrame;
-#endif
- int status;
-
- status = 0;
- do {
- if ((*outputLen = context->blockLen) > maxOutputLen)
- return (AE_OUTPUT_LEN);
-
-#if USE_ALLOCED_FRAME
- if ((frame = (struct ModExpCRTFrame *)T_malloc (sizeof (*frame)))
- == (struct ModExpCRTFrame *)NULL_PTR) {
- status = AE_ALLOC;
- break;
- }
-#else
- /* Just use the buffers allocated on the stack. */
- frame = &stackFrame;
-#endif
-
- /* Convert input to bignum representation.
- This won't return AE_DATA since input length was checked at Update.
- */
- CanonicalToBig
- (frame->bigInBuf, 2 * context->primeWords, input, context->blockLen);
-
- /* Check for overflow. */
- if (BigCmp
- (frame->bigInBuf, context->modulus, 2 * context->primeWords) >= 0)
- GENERATE_BREAK (AE_INPUT_DATA);
-
- /* Chinese remainder exponentiation. */
- if ((status = BigUnexp
- (frame->bigOutBuf, frame->bigInBuf, context->primeP, context->primeQ,
- context->exponentP, context->exponentQ, context->coefficient,
- context->primeWords, surrenderContext)) != 0)
- break;
-
- /* Convert output to canonical representation.
- This won't return AE_DATA since outputLen was set above.
- */
- BigToCanonical
- (output, *outputLen, frame->bigOutBuf, 2 * context->primeWords);
- } while (0);
-
- if (frame != (struct ModExpCRTFrame *)NULL_PTR) {
- T_memset ((POINTER)frame, 0, sizeof (*frame));
-#if USE_ALLOCED_FRAME
- T_free ((POINTER)frame);
-#endif
- }
- return (status);
-}
-
+++ /dev/null
-/* Copyright (C) RSA Data Security, Inc. created 1994, 1996. This is an
- unpublished work protected as such under copyright law. This work
- contains proprietary, confidential, and trade secret information of
- RSA Data Security, Inc. Use, disclosure or reproduction without the
- express written authorization of RSA Data Security, Inc. is
- prohibited.
- */
-
-#ifndef _RSA_H_
-#define _RSA_H_ 1
-
-#include "bigmaxes.h"
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/* Note, these are only valid after a call to A_RSA_CRT2Init.
- */
-#define A_RSA_CRT2_BLOCK_LEN(context) ((context)->blockLen)
-#define A_RSA_CRT2_MAX_OUTPUT_LEN(context, inputLen)\
- (inputLen) + (((inputLen) % (context)->blockLen) ?\
- (context)->blockLen - ((inputLen) % (context)->blockLen) : 0)
-
-typedef struct {
- unsigned int blockLen; /* total size of the block to be computed */
- unsigned char input[MAX_RSA_MODULUS_LEN];
- unsigned int inputLen;
- unsigned int primeWords;
- UINT2 modulus[2 * MAX_RSA_PRIME_WORDS];
- UINT2 primeP[MAX_RSA_PRIME_WORDS];
- UINT2 primeQ[MAX_RSA_PRIME_WORDS];
- UINT2 exponentP[MAX_RSA_PRIME_WORDS];
- UINT2 exponentQ[MAX_RSA_PRIME_WORDS];
- UINT2 coefficient[MAX_RSA_PRIME_WORDS];
-} A_RSA_CRT2_CTX;
-
-int A_RSA_CRT2Init PROTO_LIST ((A_RSA_CRT2_CTX *, A_RSA_CRT_KEY *));
-int A_RSA_CRT2Update PROTO_LIST
- ((A_RSA_CRT2_CTX *, unsigned char *, unsigned int *, unsigned int,
- const unsigned char *, unsigned int, A_SURRENDER_CTX *));
-int A_RSA_CRT2Final PROTO_LIST ((A_RSA_CRT2_CTX *));
-void A_RSA_CRT2GetMaxOutputLen PROTO_LIST
- ((A_RSA_CRT2_CTX *, unsigned int *, unsigned int));
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif
+++ /dev/null
-/* Copyright (C) RSA Data Security, Inc. created 1993, 1996. This is an
- unpublished work protected as such under copyright law. This work
- contains proprietary, confidential, and trade secret information of
- RSA Data Security, Inc. Use, disclosure or reproduction without the
- express written authorization of RSA Data Security, Inc. is
- prohibited.
- */
-
-#include "port_before.h"
-#include "global.h"
-#include "bsafe2.h"
-#include "bkey.h"
-#include "balg.h"
-#include "keyobj.h"
-#include "algobj.h"
-#include "port_after.h"
-
-int B_DigestInit
- (algorithmObject, keyObject, algorithmChooser, surrenderContext)
-B_ALGORITHM_OBJ algorithmObject;
-B_KEY_OBJ keyObject;
-B_ALGORITHM_CHOOSER algorithmChooser;
-A_SURRENDER_CTX *surrenderContext;
-{
- int status;
-
- if ((status = AlgorithmWrapCheck (THE_ALG_WRAP)) != 0)
- return (status);
- if ((status = KeyWrapCheck ((KeyWrap *)keyObject)) != 0)
- return (status);
-
- return (B_AlgorithmDigestInit
- (&THE_ALG_WRAP->algorithm, &((KeyWrap *)keyObject)->key,
- algorithmChooser, surrenderContext));
-}
-
-int B_DigestUpdate (algorithmObject, partIn, partInLen, surrenderContext)
-B_ALGORITHM_OBJ algorithmObject;
-const unsigned char *partIn;
-unsigned int partInLen;
-A_SURRENDER_CTX *surrenderContext;
-{
- int status;
-
- if ((status = AlgorithmWrapCheck (THE_ALG_WRAP)) != 0)
- return (status);
-
- return (B_AlgorithmDigestUpdate
- (&THE_ALG_WRAP->algorithm, partIn, partInLen, surrenderContext));
-}
-
-int B_DigestFinal
- (algorithmObject, digest, digestLen, maxDigestLen, surrenderContext)
-B_ALGORITHM_OBJ algorithmObject;
-unsigned char *digest;
-unsigned int *digestLen;
-unsigned int maxDigestLen;
-A_SURRENDER_CTX *surrenderContext;
-{
- int status;
-
- if ((status = AlgorithmWrapCheck (THE_ALG_WRAP)) != 0)
- return (status);
-
- return (B_AlgorithmDigestFinal
- (&THE_ALG_WRAP->algorithm, digest, digestLen, maxDigestLen,
- surrenderContext));
-}
-
+++ /dev/null
-/* Copyright (C) RSA Data Security, Inc. created 1992, 1996. This is an
- unpublished work protected as such under copyright law. This work
- contains proprietary, confidential, and trade secret information of
- RSA Data Security, Inc. Use, disclosure or reproduction without the
- express written authorization of RSA Data Security, Inc. is
- prohibited.
- */
-
-#include "port_before.h"
-#include "global.h"
-#include "algae.h"
-#include "digrand.h"
-#include "port_after.h"
-
-/* Calling routine must initialize the digest algorithm and set
- digestRandom->vTable.
- digestLen is the length of the output of the digest algorithm (i.e. 16).
- state must point to an unsigned char * array of 3 * digestLen.
- */
-void A_DigestRandomInit (digestRandom, digestLen, state)
-A_DigestRandom *digestRandom;
-unsigned int digestLen;
-unsigned char *state;
-{
- digestRandom->_state = state;
- digestRandom->_output = state + digestLen;
- digestRandom->_digest = digestRandom->_output + digestLen;
-
- digestRandom->_outputAvailable = 0;
- digestRandom->_digestLen = digestLen;
-
- T_memset ((POINTER)digestRandom->_state, 0, digestLen);
-}
-
-void A_DigestRandomUpdate (digestRandom, input, inputLen)
-A_DigestRandom *digestRandom;
-unsigned char *input;
-unsigned int inputLen;
-{
- unsigned int i, j, x;
-
- (*digestRandom->vTable->DigestUpdate) (digestRandom, input, inputLen);
- (*digestRandom->vTable->DigestFinal) (digestRandom, digestRandom->_digest);
-
- /* add digest to state */
- x = 0;
- for (i = 0; i < digestRandom->_digestLen; i++) {
- j = digestRandom->_digestLen-1-i;
- x += digestRandom->_state[j] + digestRandom->_digest[j];
- digestRandom->_state[j] = (unsigned char)x;
- x >>= 8;
- }
-}
-
-void A_DigestRandomGenerateBytes (digestRandom, output, outputLen)
-A_DigestRandom *digestRandom;
-unsigned char *output;
-unsigned int outputLen;
-{
- unsigned int available, i;
-
- available = digestRandom->_outputAvailable;
-
- while (outputLen > available) {
- T_memcpy
- ((POINTER)output,
- (POINTER)&digestRandom->_output[digestRandom->_digestLen-available],
- available);
- output += available;
- outputLen -= available;
-
- /* generate new output */
- (*digestRandom->vTable->DigestUpdate)
- (digestRandom, digestRandom->_state, digestRandom->_digestLen);
- (*digestRandom->vTable->DigestFinal) (digestRandom, digestRandom->_output);
- available = digestRandom->_digestLen;
-
- /* increment state */
- for (i = 0; i < digestRandom->_digestLen; i++)
- if (digestRandom->_state[digestRandom->_digestLen-1-i]++)
- break;
- }
-
- T_memcpy
- ((POINTER)output,
- (POINTER)&digestRandom->_output[digestRandom->_digestLen-available],
- outputLen);
- digestRandom->_outputAvailable = available - outputLen;
-}
-
+++ /dev/null
-/* Copyright (C) RSA Data Security, Inc. created 1992, 1996. This is an
- unpublished work protected as such under copyright law. This work
- contains proprietary, confidential, and trade secret information of
- RSA Data Security, Inc. Use, disclosure or reproduction without the
- express written authorization of RSA Data Security, Inc. is
- prohibited.
- */
-
-#ifndef _DIGRAND_H_
-#define _DIGRAND_H_ 1
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/* Use the THIS_DIGEST_RANDOM macro to define the type of object in the
- virtual function prototype. It defaults to the most base class, but
- derived modules may define the macro to a more derived class before
- including this header file.
- */
-#ifndef THIS_DIGEST_RANDOM
-#define THIS_DIGEST_RANDOM struct A_DigestRandom
-#endif
-
-struct A_DigestRandom;
-
-typedef struct {
- void (*DigestUpdate) PROTO_LIST
- ((THIS_DIGEST_RANDOM *, unsigned char *, unsigned int));
- void (*DigestFinal) PROTO_LIST ((THIS_DIGEST_RANDOM *, unsigned char *));
-} A_DigestRandomVTable;
-
-typedef struct A_DigestRandom {
- unsigned char *_state; /* input to digest */
- unsigned char *_output; /* current output of digest */
- unsigned int _outputAvailable;
- unsigned char *_digest;
- unsigned int _digestLen;
- A_DigestRandomVTable *vTable;
-} A_DigestRandom;
-
-void A_DigestRandomInit PROTO_LIST
- ((A_DigestRandom *, unsigned int, unsigned char *));
-void A_DigestRandomUpdate PROTO_LIST
- ((A_DigestRandom *, unsigned char *, unsigned int));
-void A_DigestRandomGenerateBytes PROTO_LIST
- ((A_DigestRandom *, unsigned char *, unsigned int));
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif
+++ /dev/null
-/* Copyright (C) RSA Data Security, Inc. created 1993, 1996. This is an
- unpublished work protected as such under copyright law. This work
- contains proprietary, confidential, and trade secret information of
- RSA Data Security, Inc. Use, disclosure or reproduction without the
- express written authorization of RSA Data Security, Inc. is
- prohibited.
- */
-
-#include "port_before.h"
-#include "global.h"
-#include "bsafe2.h"
-#include "bkey.h"
-#include "balg.h"
-#include "keyobj.h"
-#include "algobj.h"
-#include "port_after.h"
-
-int B_EncryptInit
- (algorithmObject, keyObject, algorithmChooser, surrenderContext)
-B_ALGORITHM_OBJ algorithmObject;
-B_KEY_OBJ keyObject;
-B_ALGORITHM_CHOOSER algorithmChooser;
-A_SURRENDER_CTX *surrenderContext;
-{
- int status;
-
- if ((status = AlgorithmWrapCheck (THE_ALG_WRAP)) != 0)
- return (status);
- if ((status = KeyWrapCheck ((KeyWrap *)keyObject)) != 0)
- return (status);
-
- return (B_AlgorithmEncryptInit
- (&THE_ALG_WRAP->algorithm, &((KeyWrap *)keyObject)->key,
- algorithmChooser, surrenderContext));
-}
-
-int B_EncryptUpdate
- (algorithmObject, partOut, partOutLen, maxPartOutLen, partIn, partInLen,
- randomAlgorithm, surrenderContext)
-B_ALGORITHM_OBJ algorithmObject;
-unsigned char *partOut;
-unsigned int *partOutLen;
-unsigned int maxPartOutLen;
-unsigned char *partIn;
-unsigned int partInLen;
-B_ALGORITHM_OBJ randomAlgorithm;
-A_SURRENDER_CTX *surrenderContext;
-{
- int status;
-
- if ((status = AlgorithmWrapCheck (THE_ALG_WRAP)) != 0)
- return (status);
- if ((status = RandomAlgorithmCheck (randomAlgorithm)) != 0)
- return (status);
-
- return (B_AlgorithmEncryptUpdate
- (&THE_ALG_WRAP->algorithm, partOut, partOutLen, maxPartOutLen,
- partIn, partInLen,
- &((AlgorithmWrap *)randomAlgorithm)->algorithm, surrenderContext));
-}
-
-int B_EncryptFinal
- (algorithmObject, partOut, partOutLen, maxPartOutLen, randomAlgorithm,
- surrenderContext)
-B_ALGORITHM_OBJ algorithmObject;
-unsigned char *partOut;
-unsigned int *partOutLen;
-unsigned int maxPartOutLen;
-B_ALGORITHM_OBJ randomAlgorithm;
-A_SURRENDER_CTX *surrenderContext;
-{
- int status;
-
- if ((status = AlgorithmWrapCheck (THE_ALG_WRAP)) != 0)
- return (status);
- if ((status = RandomAlgorithmCheck (randomAlgorithm)) != 0)
- return (status);
-
- return (B_AlgorithmEncryptFinal
- (&THE_ALG_WRAP->algorithm, partOut, partOutLen, maxPartOutLen,
- &((AlgorithmWrap *)randomAlgorithm)->algorithm, surrenderContext));
-}
-
-int B_DecryptInit
- (algorithmObject, keyObject, algorithmChooser, surrenderContext)
-B_ALGORITHM_OBJ algorithmObject;
-B_KEY_OBJ keyObject;
-B_ALGORITHM_CHOOSER algorithmChooser;
-A_SURRENDER_CTX *surrenderContext;
-{
- int status;
-
- if ((status = AlgorithmWrapCheck (THE_ALG_WRAP)) != 0)
- return (status);
- if ((status = KeyWrapCheck ((KeyWrap *)keyObject)) != 0)
- return (status);
-
- return (B_AlgorithmDecryptInit
- (&THE_ALG_WRAP->algorithm, &((KeyWrap *)keyObject)->key,
- algorithmChooser, surrenderContext));
-}
-
-int B_DecryptUpdate
- (algorithmObject, partOut, partOutLen, maxPartOutLen, partIn, partInLen,
- randomAlgorithm, surrenderContext)
-B_ALGORITHM_OBJ algorithmObject;
-unsigned char *partOut;
-unsigned int *partOutLen;
-unsigned int maxPartOutLen;
-const unsigned char *partIn;
-unsigned int partInLen;
-B_ALGORITHM_OBJ randomAlgorithm;
-A_SURRENDER_CTX *surrenderContext;
-{
- int status;
-
- if ((status = AlgorithmWrapCheck (THE_ALG_WRAP)) != 0)
- return (status);
- if ((status = RandomAlgorithmCheck (randomAlgorithm)) != 0)
- return (status);
-
- return (B_AlgorithmDecryptUpdate
- (&THE_ALG_WRAP->algorithm, partOut, partOutLen, maxPartOutLen,
- partIn, partInLen,
- &((AlgorithmWrap *)randomAlgorithm)->algorithm, surrenderContext));
-}
-
-int B_DecryptFinal
- (algorithmObject, partOut, partOutLen, maxPartOutLen, randomAlgorithm,
- surrenderContext)
-B_ALGORITHM_OBJ algorithmObject;
-unsigned char *partOut;
-unsigned int *partOutLen;
-unsigned int maxPartOutLen;
-B_ALGORITHM_OBJ randomAlgorithm;
-A_SURRENDER_CTX *surrenderContext;
-{
- int status;
-
- if ((status = AlgorithmWrapCheck (THE_ALG_WRAP)) != 0)
- return (status);
- if ((status = RandomAlgorithmCheck (randomAlgorithm)) != 0)
- return (status);
-
- return (B_AlgorithmDecryptFinal
- (&THE_ALG_WRAP->algorithm, partOut, partOutLen, maxPartOutLen,
- &((AlgorithmWrap *)randomAlgorithm)->algorithm, surrenderContext));
-}
-
+++ /dev/null
-/* Copyright (C) RSA Data Security, Inc. created 1993, 1996. This is an
- unpublished work protected as such under copyright law. This work
- contains proprietary, confidential, and trade secret information of
- RSA Data Security, Inc. Use, disclosure or reproduction without the
- express written authorization of RSA Data Security, Inc. is
- prohibited.
- */
-
-#include "port_before.h"
-#include "global.h"
-#include "bsafe2.h"
-#include "bkey.h"
-#include "balg.h"
-#include "ainfotyp.h"
-#include "keyobj.h"
-#include "algobj.h"
-#include "port_after.h"
-
-int B_GenerateInit (algorithmObject, algorithmChooser, surrenderContext)
-B_ALGORITHM_OBJ algorithmObject;
-B_ALGORITHM_CHOOSER algorithmChooser;
-A_SURRENDER_CTX *surrenderContext;
-{
- int status;
-
- if ((status = AlgorithmWrapCheck (THE_ALG_WRAP)) != 0)
- return (status);
-
- return (B_AlgorithmGenerateInit
- (&THE_ALG_WRAP->algorithm, algorithmChooser, surrenderContext));
-}
-
-int B_GenerateKeypair
- (algorithmObject, publicKey, privateKey, randomAlgorithm, surrenderContext)
-B_ALGORITHM_OBJ algorithmObject;
-B_KEY_OBJ publicKey;
-B_KEY_OBJ privateKey;
-B_ALGORITHM_OBJ randomAlgorithm;
-A_SURRENDER_CTX *surrenderContext;
-{
- int status;
-
- if ((status = AlgorithmWrapCheck (THE_ALG_WRAP)) != 0)
- return (status);
- if ((status = KeyWrapCheck ((KeyWrap *)publicKey)) != 0)
- return (status);
- if ((status = KeyWrapCheck ((KeyWrap *)privateKey)) != 0)
- return (status);
- if ((status = RandomAlgorithmCheck (randomAlgorithm)) != 0)
- return (status);
-
- return (B_AlgorithmGenerateKeypair
- (&THE_ALG_WRAP->algorithm, &((KeyWrap *)publicKey)->key,
- &((KeyWrap *)privateKey)->key,
- &((AlgorithmWrap *)randomAlgorithm)->algorithm, surrenderContext));
-}
-
-int B_GenerateParameters
- (algorithmObject, resultAlgorithmObject, randomAlgorithm, surrenderContext)
-B_ALGORITHM_OBJ algorithmObject;
-B_ALGORITHM_OBJ resultAlgorithmObject;
-B_ALGORITHM_OBJ randomAlgorithm;
-A_SURRENDER_CTX *surrenderContext;
-{
- int status;
-
- if ((status = AlgorithmWrapCheck (THE_ALG_WRAP)) != 0)
- return (status);
- if ((status = AlgorithmWrapCheck ((AlgorithmWrap *)resultAlgorithmObject))
- != 0)
- return (status);
- if ((status = RandomAlgorithmCheck (randomAlgorithm)) != 0)
- return (status);
-
- return (B_AlgorithmGenerateParameters
- (&THE_ALG_WRAP->algorithm,
- &((AlgorithmWrap *)resultAlgorithmObject)->algorithm,
- &((AlgorithmWrap *)randomAlgorithm)->algorithm, surrenderContext));
-}
-
+++ /dev/null
-/* Copyright (C) RSA Data Security, Inc. created 1990, 1996. This is an
- unpublished work protected as such under copyright law. This work
- contains proprietary, confidential, and trade secret information of
- RSA Data Security, Inc. Use, disclosure or reproduction without the
- express written authorization of RSA Data Security, Inc. is
- prohibited.
- */
-
-#ifndef _GLOBAL_H_
-#define _GLOBAL_H_ 1
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/* PROTOTYPES should be set to one if and only if the compiler supports
- function argument prototyping.
- The following makes PROTOTYPES default to 1 if it has not already been
- defined as 0 with C compiler flags.
- */
-#ifndef PROTOTYPES
-#define PROTOTYPES 1
-#endif
-
-#include <sys/types.h>
-#include <sys/param.h>
-#if (!defined(BSD)) || (BSD < 199306)
-# include <sys/bitypes.h>
-#endif
-
-/* POINTER defines a generic pointer type */
-typedef unsigned char *POINTER;
-typedef const unsigned char *CPOINTER;
-
-/* UINT2 defines a two byte word */
-typedef u_int16_t UINT2;
-
-/* UINT4 defines a four byte word */
-typedef u_int32_t UINT4;
-
-#ifndef NULL_PTR
-#define NULL_PTR ((POINTER)0)
-#endif
-
-#ifndef UNUSED_ARG
-#define UNUSED_ARG(x) x = *(&x);
-#endif
-
-/* PROTO_LIST is defined depending on how PROTOTYPES is defined above.
- If using PROTOTYPES, then PROTO_LIST returns the list, otherwise it
- returns an empty list.
- */
-#if PROTOTYPES
-#define PROTO_LIST(list) list
-#else
-#define PROTO_LIST(list) ()
-#endif
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* end _GLOBAL_H_ */
+++ /dev/null
-/* Copyright (C) RSA Data Security, Inc. created 1990, 1996. This is an
- unpublished work protected as such under copyright law. This work
- contains proprietary, confidential, and trade secret information of
- RSA Data Security, Inc. Use, disclosure or reproduction without the
- express written authorization of RSA Data Security, Inc. is
- prohibited.
- */
-
-#include "port_before.h"
-#include "global.h"
-#include "algae.h"
-#include "port_after.h"
-
-/* Return the number of bits in the canonical, positive integer.
- IntgerBits (0) = 0.
- */
-unsigned int A_IntegerBits (integer, integerLen)
-const unsigned char *integer;
-unsigned int integerLen;
-{
- unsigned char mask, byte;
- unsigned int bytes, bits;
-
- for (bytes = 0; bytes < integerLen && integer[bytes] == 0; bytes++);
- if (bytes == integerLen)
- return (0);
-
- /* Get byte to test and increment byte count for final calculation */
- byte = integer[bytes++];
-
- /* Get number of bits in most significant byte */
- for (bits = 8, mask = 0x80; (byte & mask) == 0; bits--, mask >>= 1);
- return (8 * (integerLen - bytes) + bits);
-}
+++ /dev/null
-/* Copyright (C) RSA Data Security, Inc. created 1990, 1996. This is an
- unpublished work protected as such under copyright law. This work
- contains proprietary, confidential, and trade secret information of
- RSA Data Security, Inc. Use, disclosure or reproduction without the
- express written authorization of RSA Data Security, Inc. is
- prohibited.
- */
-
-#include "port_before.h"
-#include "global.h"
-#include "bsafe2.h"
-#include "bmempool.h"
-#include "intitem.h"
-#include "port_after.h"
-
-/* Copy itemCount ITEMs from source to destination, allocating new
- memory in the memoryPool.
- Each ITEM is a canonical integer, and is stripped of leading zeros.
- Use the list of staticItems as a template. Each of the staticItems
- points to the ITEM within the staticStruct, which is a structure
- of the same format as destination and source.
- Returns 0, BE_ALLOC.
- */
-int AllocAndCopyIntegerItems
- (destination, source, staticStruct, staticItems, itemCount, memoryPool)
-POINTER destination;
-POINTER source;
-POINTER staticStruct;
-ITEM **staticItems;
-unsigned int itemCount;
-B_MemoryPool *memoryPool;
-{
- ITEM sourceItem, *destinationItem;
- int status;
- unsigned int i, offset;
-
- for (i = 0; i < itemCount; i++) {
- offset = (unsigned int)((char *)staticItems[i] - (char *)staticStruct);
- sourceItem = *(ITEM *)((char *)source + offset);
- destinationItem = (ITEM *)((char *)destination + offset);
-
- while (sourceItem.len > 0 && *sourceItem.data == 0) {
- sourceItem.len--;
- sourceItem.data++;
- }
-
- if ((status = B_MemoryPoolAllocAndCopy
- (memoryPool, (POINTER *)&destinationItem->data,
- (POINTER)sourceItem.data, destinationItem->len = sourceItem.len))
- != 0)
- return (status);
- }
-
- return (0);
-}
-
+++ /dev/null
-/* Copyright (C) RSA Data Security, Inc. created 1990, 1996. This is an
- unpublished work protected as such under copyright law. This work
- contains proprietary, confidential, and trade secret information of
- RSA Data Security, Inc. Use, disclosure or reproduction without the
- express written authorization of RSA Data Security, Inc. is
- prohibited.
- */
-
-int AllocAndCopyIntegerItems PROTO_LIST
- ((POINTER, POINTER, POINTER, ITEM **, unsigned int, B_MemoryPool *));
-
+++ /dev/null
-/* Copyright (C) RSA Data Security, Inc. created 1990, 1996. This is an
- unpublished work protected as such under copyright law. This work
- contains proprietary, confidential, and trade secret information of
- RSA Data Security, Inc. Use, disclosure or reproduction without the
- express written authorization of RSA Data Security, Inc. is
- prohibited.
- */
-
-#include "port_before.h"
-#include "global.h"
-#include "bsafe2.h"
-#include "bkey.h"
-#include "kinfotyp.h"
-#include "keyobj.h"
-#include "port_after.h"
-
-#define THE_KEY_WRAP ((KeyWrap *)keyObject)
-
-static char KEY_TYPE_TAG = 0;
-
-int B_CreateKeyObject (keyObject)
-B_KEY_OBJ *keyObject;
-{
- KeyWrap *keyWrap;
-
- if ((*keyObject = T_malloc (sizeof (*keyWrap))) == NULL_PTR)
- return (BE_ALLOC);
-
- keyWrap = (KeyWrap *)*keyObject;
-
- /* First construct base class */
- B_KEY_Constructor (&keyWrap->key);
-
- keyWrap->typeTag = &KEY_TYPE_TAG;
- keyWrap->selfCheck = keyWrap;
- return (0);
-}
-
-void B_DestroyKeyObject (keyObject)
-B_KEY_OBJ *keyObject;
-{
- KeyWrap *keyWrap = (KeyWrap *)*keyObject;
-
- /* Need to explicitly check for NULL_PTR since KeyWrapCheck does not.
- */
- if (*keyObject == NULL_PTR)
- return;
-
- if (KeyWrapCheck (keyWrap) == 0) {
- /* zeroize self check to invalidate memory. */
- keyWrap->selfCheck = (KeyWrap *)NULL_PTR;
-
- /* Call base class descructor */
- B_KEY_Destructor (&keyWrap->key);
-
- T_free ((POINTER)keyWrap);
- }
-
- *keyObject = NULL_PTR;
-}
-
-int B_SetKeyInfo (keyObject, infoType, info)
-B_KEY_OBJ keyObject;
-B_INFO_TYPE infoType;
-POINTER info;
-{
- B_KeyInfoType *keyInfoType;
- int status;
-
- if ((status = KeyWrapCheck (THE_KEY_WRAP)) != 0)
- return (status);
-
- /* Get the KeyInfoType from the B_INFO_TYPE, which returns
- zero for an AlgorithmInfoType, non-zero for KeyInfoType
- */
- if ((*infoType) ((POINTER *)&keyInfoType) == 0)
- return (BE_ALG_OPERATION_UNKNOWN);
-
- return (B_KeySetInfo (&THE_KEY_WRAP->key, keyInfoType, info));
-}
-
-int B_GetKeyInfo (info, keyObject, infoType)
-POINTER *info;
-B_KEY_OBJ keyObject;
-B_INFO_TYPE infoType;
-{
- B_KeyInfoType *keyInfoType;
- int status;
-
- if ((status = KeyWrapCheck (THE_KEY_WRAP)) != 0)
- return (status);
-
- /* Get the KeyInfoType from the B_INFO_TYPE, which returns
- zero for an AlgorithmInfoType, non-zero for KeyInfoType
- */
- if ((*infoType) ((POINTER *)&keyInfoType) == 0)
- return (BE_ALG_OPERATION_UNKNOWN);
-
- return (B_KeyGetInfo (&THE_KEY_WRAP->key, info, keyInfoType));
-}
-
-/* Return 0 if this is a valid KeyWrap object, else BE_KEY_OBJ.
- If keyWrap is NULL_PTR, return 0 and expect the lower routines
- to check for NULL.
- */
-int KeyWrapCheck (keyWrap)
-KeyWrap *keyWrap;
-{
- if (keyWrap == (KeyWrap *)NULL_PTR)
- return (0);
-
- return ((keyWrap->selfCheck == keyWrap && keyWrap->typeTag == &KEY_TYPE_TAG)
- ? 0 : BE_KEY_OBJ);
-}
-
+++ /dev/null
-/* Copyright (C) RSA Data Security, Inc. created 1990, 1996. This is an
- unpublished work protected as such under copyright law. This work
- contains proprietary, confidential, and trade secret information of
- RSA Data Security, Inc. Use, disclosure or reproduction without the
- express written authorization of RSA Data Security, Inc. is
- prohibited.
- */
-
-typedef struct KeyWrap {
- B_Key key;
- char *typeTag;
- struct KeyWrap *selfCheck;
-} KeyWrap;
-
-int KeyWrapCheck PROTO_LIST ((KeyWrap *));
-
+++ /dev/null
-/* Copyright (C) RSA Data Security, Inc. created 1990, 1996. This is an
- unpublished work protected as such under copyright law. This work
- contains proprietary, confidential, and trade secret information of
- RSA Data Security, Inc. Use, disclosure or reproduction without the
- express written authorization of RSA Data Security, Inc. is
- prohibited.
- */
-
-#include "port_before.h"
-#include "global.h"
-#include "bsafe2.h"
-#include "bkey.h"
-#include "kinfotyp.h"
-#include "kiitem.h"
-#include "ki8byte.h"
-#include "port_after.h"
-
-int KIT_8ByteAddInfo PROTO_LIST ((B_Key *, POINTER));
-int KIT_8ByteMakeInfo PROTO_LIST ((POINTER *, B_Key *));
-
-B_KeyInfoType KIT_8Byte = {KIT_8ByteAddInfo, KIT_8ByteMakeInfo};
-
-int KI_8Byte (keyInfoType)
-POINTER *keyInfoType;
-{
- *keyInfoType = (POINTER)&KIT_8Byte;
-
- /* Return 1 to indicate a KeyInfoType, not an AlgorithmInfoType */
- return (1);
-}
-
-/* info points to 8 byte key.
- Cache as a KITItem and a KIT_8Byte.
- */
-int KIT_8ByteAddInfo (key, info)
-B_Key *key;
-POINTER info;
-{
- POINTER newData;
- int status;
-
- /* Copy the 8 byte key. */
- if ((status = B_MemoryPoolAllocAndCopy
- (&key->infoCache.memoryPool, &newData, info, 8)) != 0)
- return (status);
-
- /* Cache as a KITItem as well as KIT_8Byte.
- */
- if ((status = B_KeyAddItemInfo (key, (unsigned char *)newData, 8)) != 0)
- return (status);
- return (B_InfoCacheAddInfo (&key->infoCache, (POINTER)&KIT_8Byte, newData));
-}
-
-int KIT_8ByteMakeInfo (info, key)
-POINTER *info;
-B_Key *key;
-{
- ITEM *item;
- int status;
-
- /* Try to make one from a KI_Item. Since KI_Item doesn't
- call KI_8Byte, this should not cause an endless loop.
- */
- if ((status = B_KeyGetInfo (key, (POINTER *)&item, &KITItem)) != 0)
- return (status);
- if (item->len != 8)
- return (BE_WRONG_KEY_INFO);
-
- *(unsigned char **)info = item->data;
- return (0);
-}
-
+++ /dev/null
-/* Copyright (C) RSA Data Security, Inc. created 1993, 1996. This is an
- unpublished work protected as such under copyright law. This work
- contains proprietary, confidential, and trade secret information of
- RSA Data Security, Inc. Use, disclosure or reproduction without the
- express written authorization of RSA Data Security, Inc. is
- prohibited.
- */
-
-extern B_KeyInfoType KIT_8Byte;
+++ /dev/null
-/* Copyright (C) RSA Data Security, Inc. created 1990, 1996. This is an
- unpublished work protected as such under copyright law. This work
- contains proprietary, confidential, and trade secret information of
- RSA Data Security, Inc. Use, disclosure or reproduction without the
- express written authorization of RSA Data Security, Inc. is
- prohibited.
- */
-
-#include "port_before.h"
-#include "global.h"
-#include "bsafe2.h"
-#include "bkey.h"
-#include "kinfotyp.h"
-#include "kifulprv.h"
-#include "port_after.h"
-
-typedef struct {
- ITEM modulus; /* modulus */
- ITEM publicExponent; /* exponent for the public key */
- ITEM privateExponent; /* exponent for the private key */
- ITEM prime[2]; /* prime factors */
- ITEM primeExponent[2]; /* exponents for prime factors */
- ITEM coefficient; /* CRT coefficient */
-} FULL_PRIVATE_KEY;
-
-static int KITFullPrivateKeyAddInfo PROTO_LIST ((B_Key *, POINTER));
-
-static B_KeyInfoType KITFullPrivate =
- {KITFullPrivateKeyAddInfo, B_KeyInfoTypeMakeError};
-
-/* Create a FULL_PRIVATE_KEY value and only copy inthe entries
- that are not (ITEM *)NULL_PTR.
- primes and primeExponents point to a 2 entry ITEM array.
- */
-int CacheFullPrivateKey
- (key, modulus, publicExponent, privateExponent, primes,
- primeExponents, coefficient)
-B_Key *key;
-ITEM *modulus;
-ITEM *publicExponent;
-ITEM *privateExponent;
-ITEM *primes;
-ITEM *primeExponents;
-ITEM *coefficient;
-{
- FULL_PRIVATE_KEY *fullKey;
- int status;
-
- /* Allocate memory for FULL_PRIVATE_KEY value.
- */
- if ((status = B_MemoryPoolAlloc
- (&key->infoCache.memoryPool, (POINTER *)&fullKey,
- sizeof (FULL_PRIVATE_KEY))) != 0)
- return (status);
-
- /* Pre-zeroize and only copy in values that are not NULL.
- */
- T_memset ((POINTER)fullKey, 0, sizeof (*fullKey));
- if (modulus != (ITEM *)NULL_PTR)
- fullKey->modulus = *modulus;
- if (publicExponent != (ITEM *)NULL_PTR)
- fullKey->publicExponent = *publicExponent;
- if (privateExponent != (ITEM *)NULL_PTR)
- fullKey->privateExponent = *privateExponent;
- if (primes != (ITEM *)NULL_PTR) {
- fullKey->prime[0] = primes[0];
- fullKey->prime[1] = primes[1];
- }
- if (primeExponents != (ITEM *)NULL_PTR) {
- fullKey->primeExponent[0] = primeExponents[0];
- fullKey->primeExponent[1] = primeExponents[1];
- }
- if (coefficient != (ITEM *)NULL_PTR)
- fullKey->coefficient = *coefficient;
-
- return (B_InfoCacheAddInfo
- (&key->infoCache, (POINTER)&KITFullPrivate, (POINTER)fullKey));
-}
-
-/* Select the key object's full private key and set all of the supplied
- fields which are not (ITEM *)NULL_PTR.
- primes and primeExponents point to a 2 entry ITEM array.
- If one of the fields is not (ITEM *)NULL_PTR, but the full key's
- field is null, return BE_WRONG_KEY_INFO.
- */
-int GetFullPrivateKeyInfo
- (modulus, publicExponent, privateExponent, primes, primeExponents,
- coefficient, key)
-ITEM *modulus;
-ITEM *publicExponent;
-ITEM *privateExponent;
-ITEM *primes;
-ITEM *primeExponents;
-ITEM *coefficient;
-B_Key *key;
-{
- FULL_PRIVATE_KEY *fullKey;
- int status;
-
- if ((status = B_KeyGetInfo
- (key, (POINTER *)&fullKey, &KITFullPrivate)) != 0)
- return (status);
-
- if (modulus != (ITEM *)NULL_PTR) {
- if (fullKey->modulus.data == (unsigned char *)NULL_PTR)
- return (BE_WRONG_KEY_INFO);
- *modulus = fullKey->modulus;
- }
- if (publicExponent != (ITEM *)NULL_PTR) {
- if (fullKey->publicExponent.data == (unsigned char *)NULL_PTR)
- return (BE_WRONG_KEY_INFO);
- *publicExponent = fullKey->publicExponent;
- }
- if (privateExponent != (ITEM *)NULL_PTR) {
- if (fullKey->privateExponent.data == (unsigned char *)NULL_PTR)
- return (BE_WRONG_KEY_INFO);
- *privateExponent = fullKey->privateExponent;
- }
- if (primes != (ITEM *)NULL_PTR) {
- if (fullKey->prime[0].data == (unsigned char *)NULL_PTR ||
- fullKey->prime[1].data == (unsigned char *)NULL_PTR)
- return (BE_WRONG_KEY_INFO);
- primes[0] = fullKey->prime[0];
- primes[1] = fullKey->prime[1];
- }
- if (primeExponents != (ITEM *)NULL_PTR) {
- if (fullKey->primeExponent[0].data == (unsigned char *)NULL_PTR ||
- fullKey->primeExponent[1].data == (unsigned char *)NULL_PTR)
- return (BE_WRONG_KEY_INFO);
- primeExponents[0] = fullKey->primeExponent[0];
- primeExponents[1] = fullKey->primeExponent[1];
- }
- if (coefficient != (ITEM *)NULL_PTR) {
- if (fullKey->coefficient.data == (unsigned char *)NULL_PTR)
- return (BE_WRONG_KEY_INFO);
- *coefficient = fullKey->coefficient;
- }
-
- return (0);
-}
-
-/* This is not intended to be called from B_SetKeyInfo.
- Get returns BE_WRONG_KEY_INFO.
- */
-static int KITFullPrivateKeyAddInfo (key, info)
-B_Key *key;
-POINTER info;
-{
-UNUSED_ARG (key)
-UNUSED_ARG (info)
- return (BE_ALG_OPERATION_UNKNOWN);
-}
-
+++ /dev/null
-/* Copyright (C) RSA Data Security, Inc. created 1990, 1996. This is an
- unpublished work protected as such under copyright law. This work
- contains proprietary, confidential, and trade secret information of
- RSA Data Security, Inc. Use, disclosure or reproduction without the
- express written authorization of RSA Data Security, Inc. is
- prohibited.
- */
-
-int CacheFullPrivateKey PROTO_LIST
- ((B_Key *, ITEM *, ITEM *, ITEM *, ITEM *, ITEM *, ITEM *));
-int GetFullPrivateKeyInfo PROTO_LIST
- ((ITEM *, ITEM *, ITEM *, ITEM *, ITEM *, ITEM *, B_Key *));
+++ /dev/null
-/* Copyright (C) RSA Data Security, Inc. created 1990, 1996. This is an
- unpublished work protected as such under copyright law. This work
- contains proprietary, confidential, and trade secret information of
- RSA Data Security, Inc. Use, disclosure or reproduction without the
- express written authorization of RSA Data Security, Inc. is
- prohibited.
- */
-
-#include "port_before.h"
-#include "global.h"
-#include "bsafe2.h"
-#include "bkey.h"
-#include "kinfotyp.h"
-#include "kiitem.h"
-#include "port_after.h"
-
-int KITItemAddInfo PROTO_LIST ((B_Key *, POINTER));
-
-B_KeyInfoType KITItem = {KITItemAddInfo, B_KeyInfoTypeMakeError};
-
-int KI_Item (keyInfoType)
-POINTER *keyInfoType;
-{
- *keyInfoType = (POINTER)&KITItem;
-
- /* Return 1 to indicate a KeyInfoType, not an AlgorithmInfoType */
- return (1);
-}
-
-/* info is an ITEM. The ITEM's data is copied into the object.
- */
-int KITItemAddInfo (key, info)
-B_Key *key;
-POINTER info;
-{
- unsigned char *newData;
- int status;
-
- if ((status = B_MemoryPoolAllocAndCopy
- (&key->infoCache.memoryPool, (POINTER *)&newData,
- (POINTER)((ITEM *)info)->data, ((ITEM *)info)->len)) != 0)
- return (status);
-
- return (B_KeyAddItemInfo (key, newData, ((ITEM *)info)->len));
-}
-
+++ /dev/null
-/* Copyright (C) RSA Data Security, Inc. created 1993, 1996. This is an
- unpublished work protected as such under copyright law. This work
- contains proprietary, confidential, and trade secret information of
- RSA Data Security, Inc. Use, disclosure or reproduction without the
- express written authorization of RSA Data Security, Inc. is
- prohibited.
- */
-
-extern B_KeyInfoType KITItem;
+++ /dev/null
-/* Copyright (C) RSA Data Security, Inc. created 1993, 1996. This is an
- unpublished work protected as such under copyright law. This work
- contains proprietary, confidential, and trade secret information of
- RSA Data Security, Inc. Use, disclosure or reproduction without the
- express written authorization of RSA Data Security, Inc. is
- prohibited.
- */
-
-#include "port_before.h"
-#include "global.h"
-#include "bsafe2.h"
-#include "bkey.h"
-#include "kinfotyp.h"
-#include "port_after.h"
-
-/* This is the default routine which key info types can point MakeInfo to.
- */
-int B_KeyInfoTypeMakeError (info, key)
-POINTER *info;
-B_Key *key;
-{
-UNUSED_ARG (info)
-UNUSED_ARG (key)
-
- /* Should already have been found in the cache. */
- return (BE_WRONG_KEY_INFO);
-}
-
+++ /dev/null
-/* Copyright (C) RSA Data Security, Inc. created 1993, 1996. This is an
- unpublished work protected as such under copyright law. This work
- contains proprietary, confidential, and trade secret information of
- RSA Data Security, Inc. Use, disclosure or reproduction without the
- express written authorization of RSA Data Security, Inc. is
- prohibited.
- */
-
-typedef int (*KIT_ADD_INFO) PROTO_LIST ((B_Key *, POINTER));
-typedef int (*KIT_MAKE_INFO) PROTO_LIST ((POINTER *, B_Key *));
-
-/* The definition in C++ is:
- class B_KeyInfoType {
- public:
- B_KeyInfoType (KIT_ADD_INFO AddInfo) {
- _AddInfo = AddInfo;
- _MakeInfo = KeyInfoType::makeError;}
- B_KeyInfoType (KIT_ADD_INFO AddInfo, KIT_MAKE_INFO MakeInfo) {
- _AddInfo = AddInfo;
- _MakeInfo = MakeInfo;}
-
- int addInfo (B_Key *key, POINTER info) {return (*_AddInfo) (key, info);}
- int makeInfo (POINTER *info, B_Key *key) {return (*_MakeInfo) (info, key);}
-
- static int makeError (POINTER *info, B_Key *key);
-
- private:
- KIT_ADD_INFO _AddInfo;
- KIT_MAKE_INFO _MakeInfo;
- };
-
- Note that a derived class simply calls one of the B_KeyInfoType constructors
- which set the addInfo or both the addInfo and makeInfo callbacks.
- There is no need for an extra level involving virtual functions because
- each key class only has one instance, making a V table a waste of space.
- An example of a derived class is:
-
- class KITItem : public B_KeyInfoType {
- public:
- // Set addInfo and leave makeInfo as B_KeyInfoType::makeError
- KITItem () : B_KeyInfoType (KITItem::addInfo) {};
-
- static int addInfo (B_Key *key, POINTER info);
- };
-
-
- There is one global instance which is used by B_Key::setInfo, etc.:
-
- KITItem KITItem;
- */
-
-typedef struct B_KeyInfoType {
- KIT_ADD_INFO AddInfo;
- KIT_MAKE_INFO MakeInfo;
-} B_KeyInfoType;
-
-int B_KeyInfoTypeMakeError PROTO_LIST ((POINTER *, B_Key *));
+++ /dev/null
-/* Copyright (C) RSA Data Security, Inc. created 1990, 1996. This is an
- unpublished work protected as such under copyright law. This work
- contains proprietary, confidential, and trade secret information of
- RSA Data Security, Inc. Use, disclosure or reproduction without the
- express written authorization of RSA Data Security, Inc. is
- prohibited.
- */
-
-#include "port_before.h"
-#include "global.h"
-#include "bsafe2.h"
-#include "bkey.h"
-#include "kinfotyp.h"
-#include "intitem.h"
-#include "kifulprv.h"
-#include "kipkcrpr.h"
-#include "port_after.h"
-
-B_KeyInfoType KIT_PKCS_RSAPrivate =
- {KIT_PKCS_RSAPrivateAddInfo, KIT_PKCS_RSAPrivateMakeInfo};
-
-static A_PKCS_RSA_PRIVATE_KEY STATIC_PKCS_RSA_PRIVATE_KEY;
-static ITEM *PKCS_RSA_PRIVATE_KEY_ITEMS[] = {
- &STATIC_PKCS_RSA_PRIVATE_KEY.modulus,
- &STATIC_PKCS_RSA_PRIVATE_KEY.publicExponent,
- &STATIC_PKCS_RSA_PRIVATE_KEY.privateExponent,
- &STATIC_PKCS_RSA_PRIVATE_KEY.prime[0],
- &STATIC_PKCS_RSA_PRIVATE_KEY.prime[1],
- &STATIC_PKCS_RSA_PRIVATE_KEY.primeExponent[0],
- &STATIC_PKCS_RSA_PRIVATE_KEY.primeExponent[1],
- &STATIC_PKCS_RSA_PRIVATE_KEY.coefficient
-};
-
-int KI_PKCS_RSAPrivate (keyInfoType)
-POINTER *keyInfoType;
-{
- *keyInfoType = (POINTER)&KIT_PKCS_RSAPrivate;
-
- /* Return 1 to indicate a KeyInfoType, not an AlgorithmInfoType */
- return (1);
-}
-
-int KIT_PKCS_RSAPrivateAddInfo (key, info)
-B_Key *key;
-POINTER info;
-{
- A_PKCS_RSA_PRIVATE_KEY *newValue;
- int status;
-
- /* Allocate memory for A_PKCS_RSA_PRIVATE_KEY struct and copy integers
- from supplied value.
- */
- if ((status = B_MemoryPoolAlloc
- (&key->infoCache.memoryPool, (POINTER *)&newValue,
- sizeof (A_PKCS_RSA_PRIVATE_KEY))) != 0)
- return (status);
- if ((status = AllocAndCopyIntegerItems
- ((POINTER)newValue, info, (POINTER)&STATIC_PKCS_RSA_PRIVATE_KEY,
- PKCS_RSA_PRIVATE_KEY_ITEMS, sizeof (PKCS_RSA_PRIVATE_KEY_ITEMS) /
- sizeof (PKCS_RSA_PRIVATE_KEY_ITEMS[0]), &key->infoCache.memoryPool))
- != 0)
- return (status);
-
- /* Cache the full private key info.
- */
- if ((status = CacheFullPrivateKey
- (key, &newValue->modulus, &newValue->publicExponent,
- &newValue->privateExponent, newValue->prime, newValue->primeExponent,
- &newValue->coefficient)) != 0)
- return (status);
- return (B_InfoCacheAddInfo
- (&key->infoCache, (POINTER)&KIT_PKCS_RSAPrivate, (POINTER)newValue));
-}
-
-int KIT_PKCS_RSAPrivateMakeInfo (info, key)
-POINTER *info;
-B_Key *key;
-{
- A_PKCS_RSA_PRIVATE_KEY keyValue;
- int status;
-
- /* If not already found in the cache, try to get values from
- a full private key info.
- */
- if ((status = GetFullPrivateKeyInfo
- (&keyValue.modulus, &keyValue.publicExponent,
- &keyValue.privateExponent, keyValue.prime, keyValue.primeExponent,
- &keyValue.coefficient, key)) != 0)
- return (status);
-
- /* Got all the needed fields, so allocate memory for a new
- A_PKCS_RSA_PRIVATE_KEY struct and copy the key value.
- */
- if ((status = B_MemoryPoolAlloc
- (&key->infoCache.memoryPool, info, sizeof (A_PKCS_RSA_PRIVATE_KEY)))
- != 0)
- return (status);
-
- **(A_PKCS_RSA_PRIVATE_KEY **)info = keyValue;
- return (0);
-}
-
+++ /dev/null
-/* Copyright (C) RSA Data Security, Inc. created 1993, 1996. This is an
- unpublished work protected as such under copyright law. This work
- contains proprietary, confidential, and trade secret information of
- RSA Data Security, Inc. Use, disclosure or reproduction without the
- express written authorization of RSA Data Security, Inc. is
- prohibited.
- */
-
-extern B_KeyInfoType KIT_PKCS_RSAPrivate;
-
-int KIT_PKCS_RSAPrivateAddInfo PROTO_LIST ((B_Key *, POINTER));
-int KIT_PKCS_RSAPrivateMakeInfo PROTO_LIST ((POINTER *, B_Key *));
-
+++ /dev/null
-/* Copyright (C) RSA Data Security, Inc. created 1990, 1996. This is an
- unpublished work protected as such under copyright law. This work
- contains proprietary, confidential, and trade secret information of
- RSA Data Security, Inc. Use, disclosure or reproduction without the
- express written authorization of RSA Data Security, Inc. is
- prohibited.
- */
-
-#include "port_before.h"
-#include "global.h"
-#include "bsafe2.h"
-#include "bkey.h"
-#include "kinfotyp.h"
-#include "intitem.h"
-#include "kifulprv.h"
-#include "port_after.h"
-
-#define NULL_UCHAR_PTR ((unsigned char *)NULL_PTR)
-
-int KIT_RSA_CRTAddInfo PROTO_LIST ((B_Key *, POINTER));
-int KIT_RSA_CRTMakeInfo PROTO_LIST ((POINTER *, B_Key *));
-
-B_KeyInfoType KIT_RSA_CRT = {KIT_RSA_CRTAddInfo, KIT_RSA_CRTMakeInfo};
-
-static A_RSA_CRT_KEY STATIC_RSA_CRT_KEY;
-static ITEM *RSA_CRT_KEY_ITEMS[] = {
- &STATIC_RSA_CRT_KEY.modulus, &STATIC_RSA_CRT_KEY.prime[0],
- &STATIC_RSA_CRT_KEY.prime[1],
- &STATIC_RSA_CRT_KEY.primeExponent[0],
- &STATIC_RSA_CRT_KEY.primeExponent[1],
- &STATIC_RSA_CRT_KEY.coefficient
-};
-
-/* args points to A_RSA_CRT_KEY.
- */
-int KI_RSA_CRT (keyInfoType)
-POINTER *keyInfoType;
-{
- *keyInfoType = (POINTER)&KIT_RSA_CRT;
-
- /* Return 1 to indicate a KeyInfoType, not an AlgorithmInfoType */
- return (1);
-}
-
-int KIT_RSA_CRTAddInfo (key, info)
-B_Key *key;
-POINTER info;
-{
- A_RSA_CRT_KEY *newValue;
- int status;
-
- /* Allocate memory for A_RSA_CRT_KEY struct and copy integers
- from supplied value.
- */
- if ((status = B_MemoryPoolAlloc
- (&key->infoCache.memoryPool, (POINTER *)&newValue,
- sizeof (A_RSA_CRT_KEY))) != 0)
- return (status);
- if ((status = AllocAndCopyIntegerItems
- ((POINTER)newValue, info, (POINTER)&STATIC_RSA_CRT_KEY,
- RSA_CRT_KEY_ITEMS,
- sizeof (RSA_CRT_KEY_ITEMS) / sizeof (RSA_CRT_KEY_ITEMS[0]),
- &key->infoCache.memoryPool)) != 0)
- return (status);
-
- /* Cache the full private key info, setting unused fields to NULL.
- */
- if ((status = CacheFullPrivateKey
- (key, &newValue->modulus, (ITEM *)NULL_PTR, (ITEM *)NULL_PTR,
- newValue->prime, newValue->primeExponent, &newValue->coefficient))
- != 0)
- return (status);
- return (B_InfoCacheAddInfo
- (&key->infoCache, (POINTER)&KIT_RSA_CRT, (POINTER)newValue));
-}
-
-int KIT_RSA_CRTMakeInfo (info, key)
-POINTER *info;
-B_Key *key;
-{
- A_RSA_CRT_KEY keyValue;
- int status;
-
- /* If not already found in the cache, try to get values from
- a full private key info, setting unneeded entries to NULL.
- */
- if ((status = GetFullPrivateKeyInfo
- (&keyValue.modulus, (ITEM *)NULL_PTR, (ITEM *)NULL_PTR,
- keyValue.prime, keyValue.primeExponent, &keyValue.coefficient,
- key)) != 0)
- return (status);
-
- /* Got all the needed fields, so allocate memory for a new
- A_RSA_CRT_KEY struct and copy the key value.
- */
- if ((status = B_MemoryPoolAlloc
- (&key->infoCache.memoryPool, info, sizeof (A_RSA_CRT_KEY))) != 0)
- return (status);
-
- **(A_RSA_CRT_KEY **)info = keyValue;
- return (0);
-}
-
+++ /dev/null
-/* Copyright (C) RSA Data Security, Inc. created 1990, 1996. This is an
- unpublished work protected as such under copyright law. This work
- contains proprietary, confidential, and trade secret information of
- RSA Data Security, Inc. Use, disclosure or reproduction without the
- express written authorization of RSA Data Security, Inc. is
- prohibited.
- */
-
-#include "port_before.h"
-#include "global.h"
-#include "bsafe2.h"
-#include "bkey.h"
-#include "kinfotyp.h"
-#include "intitem.h"
-#include "kifulprv.h"
-#include "kirsapub.h"
-#include "port_after.h"
-
-B_KeyInfoType KIT_RSAPublic =
- {KIT_RSAPublicAddInfo, KIT_RSAPublicMakeInfo};
-
-static A_RSA_KEY STATIC_RSA_KEY;
-static ITEM *RSA_KEY_ITEMS[] =
- {&STATIC_RSA_KEY.modulus, &STATIC_RSA_KEY.exponent};
-
-int KI_RSAPublic (keyInfoType)
-POINTER *keyInfoType;
-{
- *keyInfoType = (POINTER)&KIT_RSAPublic;
-
- /* Return 1 to indicate a KeyInfoType, not an AlgorithmInfoType */
- return (1);
-}
-
-int KIT_RSAPublicAddInfo (key, info)
-B_Key *key;
-POINTER info;
-{
- POINTER newValue;
- int status;
-
- /* Allocate memory for A_RSA_KEY struct and copy integers
- from supplied value.
- */
- if ((status = B_MemoryPoolAlloc
- (&key->infoCache.memoryPool, &newValue, sizeof (A_RSA_KEY))) != 0)
- return (status);
- if ((status = AllocAndCopyIntegerItems
- (newValue, info, (POINTER)&STATIC_RSA_KEY, RSA_KEY_ITEMS,
- sizeof (RSA_KEY_ITEMS) / sizeof (RSA_KEY_ITEMS[0]),
- &key->infoCache.memoryPool)) != 0)
- return (status);
-
- return (B_InfoCacheAddInfo
- (&key->infoCache, (POINTER)&KIT_RSAPublic, newValue));
-}
-
-int KIT_RSAPublicMakeInfo (info, key)
-POINTER *info;
-B_Key *key;
-{
- A_RSA_KEY keyValue;
- int status;
-
- /* If not already found in the cache, try to get values from
- a full private key info, setting unneeded entries to NULL.
- */
- if ((status = GetFullPrivateKeyInfo
- (&keyValue.modulus, &keyValue.exponent, (ITEM *)NULL_PTR,
- (ITEM *)NULL_PTR, (ITEM *)NULL_PTR, (ITEM *)NULL_PTR, key)) != 0)
- return (status);
-
- /* Got all the needed fields, so allocate memory for a new
- A_RSA_KEY struct and copy the key value.
- */
- if ((status = B_MemoryPoolAlloc
- (&key->infoCache.memoryPool, info, sizeof (A_RSA_KEY))) != 0)
- return (status);
-
- **(A_RSA_KEY **)info = keyValue;
- return (0);
-}
+++ /dev/null
-/* Copyright (C) RSA Data Security, Inc. created 1993, 1996. This is an
- unpublished work protected as such under copyright law. This work
- contains proprietary, confidential, and trade secret information of
- RSA Data Security, Inc. Use, disclosure or reproduction without the
- express written authorization of RSA Data Security, Inc. is
- prohibited.
- */
-
-extern B_KeyInfoType KIT_RSAPublic;
-
-int KIT_RSAPublicAddInfo PROTO_LIST ((B_Key *, POINTER));
-int KIT_RSAPublicMakeInfo PROTO_LIST ((POINTER *, B_Key *));
-
+++ /dev/null
-/* Copyright (C) RSA Data Security, Inc. created 1990, 1996. This is an
- unpublished work protected as such under copyright law. This work
- contains proprietary, confidential, and trade secret information of
- RSA Data Security, Inc. Use, disclosure or reproduction without the
- express written authorization of RSA Data Security, Inc. is
- prohibited.
- */
-
-#include "port_before.h"
-#include "global.h"
-#include "algae.h"
-#include "md5.h"
-#include "port_after.h"
-
-/* Constants for MD5Transform routine.
- */
-#define S11 7
-#define S12 12
-#define S13 17
-#define S14 22
-#define S21 5
-#define S22 9
-#define S23 14
-#define S24 20
-#define S31 4
-#define S32 11
-#define S33 16
-#define S34 23
-#define S41 6
-#define S42 10
-#define S43 15
-#define S44 21
-
-static void MD5Transform PROTO_LIST ((UINT4 [4], const unsigned char [64]));
-static void Encode PROTO_LIST ((unsigned char *, UINT4 *, unsigned int));
-static void Decode PROTO_LIST ((UINT4 *, const unsigned char *, unsigned int));
-
-/* F, G, H and I are basic MD5 functions.
- */
-#define F(x, y, z) (((x) & (y)) | ((~x) & (z)))
-#define G(x, y, z) (((x) & (z)) | ((y) & (~z)))
-#define H(x, y, z) ((x) ^ (y) ^ (z))
-#define I(x, y, z) ((y) ^ ((x) | (~z)))
-
-/* ROTATE_LEFT rotates x left n bits.
- */
-#define ROTATE_LEFT(x, n) (((x) << (n)) | ((x) >> (32-(n))))
-
-/* FF, GG, HH, and II transformations for rounds 1, 2, 3, and 4.
- Rotation is separate from addition to prevent recomputation.
- */
-#define FF(a, b, c, d, x, s, ac) { \
- (a) += F ((b), (c), (d)) + (x) + (UINT4)(ac); \
- (a) = ROTATE_LEFT ((a), (s)); \
- (a) += (b); \
- }
-#define GG(a, b, c, d, x, s, ac) { \
- (a) += G ((b), (c), (d)) + (x) + (UINT4)(ac); \
- (a) = ROTATE_LEFT ((a), (s)); \
- (a) += (b); \
- }
-#define HH(a, b, c, d, x, s, ac) { \
- (a) += H ((b), (c), (d)) + (x) + (UINT4)(ac); \
- (a) = ROTATE_LEFT ((a), (s)); \
- (a) += (b); \
- }
-#define II(a, b, c, d, x, s, ac) { \
- (a) += I ((b), (c), (d)) + (x) + (UINT4)(ac); \
- (a) = ROTATE_LEFT ((a), (s)); \
- (a) += (b); \
- }
-
-/* MD5 initialization. Begins an MD5 operation, writing a new context.
- */
-void A_MD5Init (context)
-A_MD5_CTX *context;
-{
- context->count[0] = context->count[1] = 0;
-
- /* Load magic initialization constants.
- */
- context->state[0] = 0x67452301;
- context->state[1] = 0xefcdab89;
- context->state[2] = 0x98badcfe;
- context->state[3] = 0x10325476;
-}
-
-/* MD5 block update operation. Continues an MD5 message-digest
- operation, processing another message block, and updating the
- context.
- */
-void A_MD5Update (context, input, inputLen)
-A_MD5_CTX *context;
-const unsigned char *input; /* input block */
-unsigned int inputLen; /* length of input block */
-{
- unsigned int i, index, partLen;
-
- /* Compute number of bytes mod 64 */
- index = (unsigned int)((context->count[0] >> 3) & 0x3F);
-
- /* Update number of bits */
- if ((context->count[0] += ((UINT4)inputLen << 3)) < ((UINT4)inputLen << 3))
- context->count[1]++;
- context->count[1] += ((UINT4)inputLen >> 29);
-
- partLen = 64 - index;
-
- /* Transform as many times as possible.
- */
- if (inputLen >= partLen) {
- T_memcpy ((POINTER)&context->buffer[index], (CPOINTER)input, partLen);
- MD5Transform (context->state, context->buffer);
-
- for (i = partLen; i + 63 < inputLen; i += 64)
- MD5Transform (context->state, &input[i]);
-
- index = 0;
- }
- else
- i = 0;
-
- /* Buffer remaining input */
- T_memcpy ((POINTER)&context->buffer[index], (CPOINTER)&input[i], inputLen-i);
-}
-
-/* MD5 finalization. Ends an MD5 message-digest operation, writing the
- the message digest and zeroizing the context.
- Assume digest buffer is at least A_MD5_DIGEST_LEN.
- */
-void A_MD5Final (context, digest)
-A_MD5_CTX *context;
-unsigned char *digest;
-{
- unsigned char bits[8], pad[64];
- unsigned int index, padLen;
-
- /* Save number of bits */
- Encode (bits, context->count, 8);
-
- /* Pad out to 56 mod 64.
- */
- index = (unsigned int)((context->count[0] >> 3) & 0x3f);
- padLen = (index < 56) ? (56 - index) : (120 - index);
- T_memset ((POINTER)pad, 0, padLen);
- pad[0] = 0x80;
- A_MD5Update (context, pad, padLen);
-
- /* Append length (before padding) */
- A_MD5Update (context, bits, 8);
-
- /* Store state in digest */
- Encode (digest, context->state, 16);
-
- /* Restart the context. */
- A_MD5Init (context);
-}
-
-/* MD5 basic transformation. Transforms state based on block.
- */
-static void MD5Transform (state, block)
-UINT4 state[4];
-const unsigned char block[64];
-{
- UINT4 a = state[0], b = state[1], c = state[2], d = state[3], x[16];
-
- Decode (x, block, 64);
-
- /* Round 1 */
- FF (a, b, c, d, x[ 0], S11, 0xd76aa478); /* 1 */
- FF (d, a, b, c, x[ 1], S12, 0xe8c7b756); /* 2 */
- FF (c, d, a, b, x[ 2], S13, 0x242070db); /* 3 */
- FF (b, c, d, a, x[ 3], S14, 0xc1bdceee); /* 4 */
- FF (a, b, c, d, x[ 4], S11, 0xf57c0faf); /* 5 */
- FF (d, a, b, c, x[ 5], S12, 0x4787c62a); /* 6 */
- FF (c, d, a, b, x[ 6], S13, 0xa8304613); /* 7 */
- FF (b, c, d, a, x[ 7], S14, 0xfd469501); /* 8 */
- FF (a, b, c, d, x[ 8], S11, 0x698098d8); /* 9 */
- FF (d, a, b, c, x[ 9], S12, 0x8b44f7af); /* 10 */
- FF (c, d, a, b, x[10], S13, 0xffff5bb1); /* 11 */
- FF (b, c, d, a, x[11], S14, 0x895cd7be); /* 12 */
- FF (a, b, c, d, x[12], S11, 0x6b901122); /* 13 */
- FF (d, a, b, c, x[13], S12, 0xfd987193); /* 14 */
- FF (c, d, a, b, x[14], S13, 0xa679438e); /* 15 */
- FF (b, c, d, a, x[15], S14, 0x49b40821); /* 16 */
-
- /* Round 2 */
- GG (a, b, c, d, x[ 1], S21, 0xf61e2562); /* 17 */
- GG (d, a, b, c, x[ 6], S22, 0xc040b340); /* 18 */
- GG (c, d, a, b, x[11], S23, 0x265e5a51); /* 19 */
- GG (b, c, d, a, x[ 0], S24, 0xe9b6c7aa); /* 20 */
- GG (a, b, c, d, x[ 5], S21, 0xd62f105d); /* 21 */
- GG (d, a, b, c, x[10], S22, 0x2441453); /* 22 */
- GG (c, d, a, b, x[15], S23, 0xd8a1e681); /* 23 */
- GG (b, c, d, a, x[ 4], S24, 0xe7d3fbc8); /* 24 */
- GG (a, b, c, d, x[ 9], S21, 0x21e1cde6); /* 25 */
- GG (d, a, b, c, x[14], S22, 0xc33707d6); /* 26 */
- GG (c, d, a, b, x[ 3], S23, 0xf4d50d87); /* 27 */
- GG (b, c, d, a, x[ 8], S24, 0x455a14ed); /* 28 */
- GG (a, b, c, d, x[13], S21, 0xa9e3e905); /* 29 */
- GG (d, a, b, c, x[ 2], S22, 0xfcefa3f8); /* 30 */
- GG (c, d, a, b, x[ 7], S23, 0x676f02d9); /* 31 */
- GG (b, c, d, a, x[12], S24, 0x8d2a4c8a); /* 32 */
-
- /* Round 3 */
- HH (a, b, c, d, x[ 5], S31, 0xfffa3942); /* 33 */
- HH (d, a, b, c, x[ 8], S32, 0x8771f681); /* 34 */
- HH (c, d, a, b, x[11], S33, 0x6d9d6122); /* 35 */
- HH (b, c, d, a, x[14], S34, 0xfde5380c); /* 36 */
- HH (a, b, c, d, x[ 1], S31, 0xa4beea44); /* 37 */
- HH (d, a, b, c, x[ 4], S32, 0x4bdecfa9); /* 38 */
- HH (c, d, a, b, x[ 7], S33, 0xf6bb4b60); /* 39 */
- HH (b, c, d, a, x[10], S34, 0xbebfbc70); /* 40 */
- HH (a, b, c, d, x[13], S31, 0x289b7ec6); /* 41 */
- HH (d, a, b, c, x[ 0], S32, 0xeaa127fa); /* 42 */
- HH (c, d, a, b, x[ 3], S33, 0xd4ef3085); /* 43 */
- HH (b, c, d, a, x[ 6], S34, 0x4881d05); /* 44 */
- HH (a, b, c, d, x[ 9], S31, 0xd9d4d039); /* 45 */
- HH (d, a, b, c, x[12], S32, 0xe6db99e5); /* 46 */
- HH (c, d, a, b, x[15], S33, 0x1fa27cf8); /* 47 */
- HH (b, c, d, a, x[ 2], S34, 0xc4ac5665); /* 48 */
-
- /* Round 4 */
- II (a, b, c, d, x[ 0], S41, 0xf4292244); /* 49 */
- II (d, a, b, c, x[ 7], S42, 0x432aff97); /* 50 */
- II (c, d, a, b, x[14], S43, 0xab9423a7); /* 51 */
- II (b, c, d, a, x[ 5], S44, 0xfc93a039); /* 52 */
- II (a, b, c, d, x[12], S41, 0x655b59c3); /* 53 */
- II (d, a, b, c, x[ 3], S42, 0x8f0ccc92); /* 54 */
- II (c, d, a, b, x[10], S43, 0xffeff47d); /* 55 */
- II (b, c, d, a, x[ 1], S44, 0x85845dd1); /* 56 */
- II (a, b, c, d, x[ 8], S41, 0x6fa87e4f); /* 57 */
- II (d, a, b, c, x[15], S42, 0xfe2ce6e0); /* 58 */
- II (c, d, a, b, x[ 6], S43, 0xa3014314); /* 59 */
- II (b, c, d, a, x[13], S44, 0x4e0811a1); /* 60 */
- II (a, b, c, d, x[ 4], S41, 0xf7537e82); /* 61 */
- II (d, a, b, c, x[11], S42, 0xbd3af235); /* 62 */
- II (c, d, a, b, x[ 2], S43, 0x2ad7d2bb); /* 63 */
- II (b, c, d, a, x[ 9], S44, 0xeb86d391); /* 64 */
-
- state[0] += a;
- state[1] += b;
- state[2] += c;
- state[3] += d;
-
- /* Zeroize sensitive information.
- */
- T_memset ((POINTER)x, 0, sizeof (x));
-}
-
-/* Encodes input (UINT4) into output (unsigned char). Assumes len is
- a multiple of 4.
- */
-static void Encode (output, input, len)
-unsigned char *output;
-UINT4 *input;
-unsigned int len;
-{
- unsigned int i, j;
-
- for (i = 0, j = 0; j < len; i++, j += 4) {
- output[j] = (unsigned char)(input[i] & 0xff);
- output[j+1] = (unsigned char)((input[i] >> 8) & 0xff);
- output[j+2] = (unsigned char)((input[i] >> 16) & 0xff);
- output[j+3] = (unsigned char)((input[i] >> 24) & 0xff);
- }
-}
-
-/* Decodes input (unsigned char) into output (UINT4). Assumes len is
- a multiple of 4.
- */
-static void Decode (output, input, len)
-UINT4 *output;
-const unsigned char *input;
-unsigned int len;
-{
- unsigned int i, j;
-
- for (i = 0, j = 0; j < len; i++, j += 4)
- output[i] = ((UINT4)input[j]) | (((UINT4)input[j+1]) << 8) |
- (((UINT4)input[j+2]) << 16) | (((UINT4)input[j+3]) << 24);
-}
-
+++ /dev/null
-/* Copyright (C) RSA Data Security, Inc. created 1994, 1996. This is an
- unpublished work protected as such under copyright law. This work
- contains proprietary, confidential, and trade secret information of
- RSA Data Security, Inc. Use, disclosure or reproduction without the
- express written authorization of RSA Data Security, Inc. is
- prohibited.
- */
-
-#ifndef _MD5_H_
-#define _MD5_H_ 1
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-#define A_MD5_DIGEST_LEN 16
-
-typedef struct {
- UINT4 state[4]; /* state (ABCD) */
- UINT4 count[2]; /* number of bits, modulo 2^64 (lsb first) */
- unsigned char buffer[64]; /* input buffer */
-} A_MD5_CTX;
-
-void A_MD5Init PROTO_LIST ((A_MD5_CTX *));
-void A_MD5Update PROTO_LIST ((A_MD5_CTX *, const unsigned char *, unsigned int));
-void A_MD5Final PROTO_LIST ((A_MD5_CTX *, unsigned char *));
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif
+++ /dev/null
-/* Copyright (C) RSA Data Security, Inc. created 1994, 1996. This is an
- unpublished work protected as such under copyright law. This work
- contains proprietary, confidential, and trade secret information of
- RSA Data Security, Inc. Use, disclosure or reproduction without the
- express written authorization of RSA Data Security, Inc. is
- prohibited.
- */
-
-/* Define this so that the type of the 'this' pointer in the
- virtual functions will be correct for this derived class.
- */
-struct A_MD5_RANDOM_CTX;
-#define THIS_DIGEST_RANDOM struct A_MD5_RANDOM_CTX
-
-#include "port_before.h"
-#include "global.h"
-#include "algae.h"
-#include "md5rand.h"
-#include "port_after.h"
-
-static void A_MD5RandomDigestUpdate PROTO_LIST
- ((A_MD5_RANDOM_CTX *, unsigned char *, unsigned int));
-static void A_MD5RandomDigestFinal PROTO_LIST
- ((A_MD5_RANDOM_CTX *, unsigned char *));
-
-static A_DigestRandomVTable V_TABLE =
- {A_MD5RandomDigestUpdate, A_MD5RandomDigestFinal};
-
-void A_MD5RandomInit (context)
-A_MD5_RANDOM_CTX *context;
-{
- /* Initialize "base class" */
- A_DigestRandomInit
- (&context->digestRandom, A_MD5_DIGEST_LEN, context->state);
-
- /* Initialize digest algorithm and set vTable.
- */
- A_MD5Init (&context->md5Context);
- context->digestRandom.vTable = &V_TABLE;
-}
-
-void A_MD5RandomUpdate (context, input, inputLen)
-A_MD5_RANDOM_CTX *context;
-unsigned char *input;
-unsigned int inputLen;
-{
- A_DigestRandomUpdate (&context->digestRandom, input, inputLen);
-}
-
-void A_MD5RandomGenerateBytes (context, output, outputLen)
-A_MD5_RANDOM_CTX *context;
-unsigned char *output;
-unsigned int outputLen;
-{
- A_DigestRandomGenerateBytes (&context->digestRandom, output, outputLen);
-}
-
-static void A_MD5RandomDigestUpdate (context, input, inputLen)
-A_MD5_RANDOM_CTX *context;
-unsigned char *input;
-unsigned int inputLen;
-{
- A_MD5Update (&context->md5Context, input, inputLen);
-}
-
-static void A_MD5RandomDigestFinal (context, digest)
-A_MD5_RANDOM_CTX *context;
-unsigned char *digest;
-{
- A_MD5Final (&context->md5Context, digest);
-}
+++ /dev/null
-/* Copyright (C) RSA Data Security, Inc. created 1994, 1996. This is an
- unpublished work protected as such under copyright law. This work
- contains proprietary, confidential, and trade secret information of
- RSA Data Security, Inc. Use, disclosure or reproduction without the
- express written authorization of RSA Data Security, Inc. is
- prohibited.
- */
-
-#ifndef _MD5RAND_H_
-#define _MD5RAND_H_ 1
-
-#include "digrand.h"
-#include "md5.h"
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-typedef struct A_MD5_RANDOM_CTX {
- A_DigestRandom digestRandom; /* "base class" */
-
- unsigned char state[3 * A_MD5_DIGEST_LEN];
- A_MD5_CTX md5Context;
-} A_MD5_RANDOM_CTX;
-
-void A_MD5RandomInit PROTO_LIST ((A_MD5_RANDOM_CTX *));
-void A_MD5RandomUpdate PROTO_LIST
- ((A_MD5_RANDOM_CTX *, unsigned char *, unsigned int));
-void A_MD5RandomGenerateBytes PROTO_LIST
- ((A_MD5_RANDOM_CTX *, unsigned char *, unsigned int));
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif
+++ /dev/null
-/* Copyright (C) RSA Data Security, Inc. created 1990, 1996. This is an
- unpublished work protected as such under copyright law. This work
- contains proprietary, confidential, and trade secret information of
- RSA Data Security, Inc. Use, disclosure or reproduction without the
- express written authorization of RSA Data Security, Inc. is
- prohibited.
- */
-
-#include "port_before.h"
-#include "global.h"
-#include "algae.h"
-#include "bigmath.h"
-#include "prime.h"
-#include "port_after.h"
-
-static unsigned char SMALL_PRIME[]= {3, 5, 7, 11, 13, 17, 19, 23, 29, 31};
-
-/* Prime finding routine.
- Returns 0, AE_CANCEL, AE_NEED_RANDOM.
- */
-int PrimeFind
- (prime, primeSizeBits, primeWords, ee, modulusWords, randomBlock,
- surrenderContext)
-UINT2 *prime;
-unsigned int primeSizeBits;
-unsigned int primeWords;
-UINT2 *ee;
-unsigned int modulusWords;
-unsigned char *randomBlock;
-A_SURRENDER_CTX *surrenderContext;
-{
- UINT2 t1[MAX_RSA_MODULUS_WORDS], u1[MAX_RSA_MODULUS_WORDS],
- u2[MAX_RSA_MODULUS_WORDS], u3[MAX_RSA_MODULUS_WORDS],
- u4[MAX_RSA_MODULUS_WORDS];
- char sieve[1000];
- int status = 0;
- unsigned int i, r, s, testResult;
-
- do {
- /* Create a starting point for the prime from the random block */
- for (i = 0; i < primeWords; i++) {
- prime[i] = (UINT2)((UINT2)randomBlock[0] << 8) + randomBlock[1];
- randomBlock += 2;
- }
-
- /* set high order two bits */
- BigSetbit (prime, primeSizeBits-2);
- BigSetbit (prime, primeSizeBits-1);
- for (i = primeSizeBits; i < (unsigned int)(16 * primeWords); i++)
- BigClrbit (prime, i);
-
- /* force p to be even */
- BigClrbit (prime, 0);
-
- /* clear sieve and mark even positions */
- for (i = 0; i < 1000; i += 2) {
- sieve[i] = 1;
- sieve[i+1] = 0;
- }
-
- /* sieve by all odd numbers (don't bother with primality checking) */
- for (s = 3; s < 9000; s += 2) {
- /* increase likelihood that s is prime */
- for (i = 0; i < 5; i++)
- if (s > SMALL_PRIME[i] && !(s % SMALL_PRIME[i]))
- continue;
-
- /* sieve based on s */
- r = BigSmod (prime, s, primeWords);
-
- /* returns prime modulo s */
- if (r == 0)
- r = s;
-
- for (i = s - r; i < 1000; i += s)
- sieve[i] = 1;
- }
-
- /* t1 = 1 */
- BigConst (t1, 1, modulusWords);
-
- /* now check for primality of values with unmarked sieve */
- testResult = 0;
- for (i = 0; i < 1000; i++, BigInc (prime, primeWords)) {
- if (sieve[i])
- continue;
-
- /* copy prime into big variable */
- BigZero (u4, modulusWords);
- BigCopy (u4, prime, primeWords);
-
- /* set u4 = p - 1 */
- BigDec (u4, modulusWords);
- BigPegcd (u1, u2, u3, ee, u4, modulusWords);
-
- /* Now u1 = gcd (E, t1).
- Test (E, t1)==1 */
- if (BigCmp (t1, u1, modulusWords))
- continue;
-
- /* check for pseudo primality */
- if ((status = PseudoPrime
- (&testResult, prime, primeWords, surrenderContext)) != 0)
- break;
- if (testResult)
- /* testResult is set and will cause a break out of while (1) loop */
- break;
- }
- if (status)
- break;
-
- if (!testResult)
- /* Couldn't find a prime with the supplied random block, so ask
- caller to generate another random block and try again. */
- status = AE_NEED_RANDOM;
- } while (0);
-
- T_memset ((POINTER)u1, 0, sizeof (u1));
- T_memset ((POINTER)u2, 0, sizeof (u2));
- T_memset ((POINTER)u3, 0, sizeof (u3));
- T_memset ((POINTER)u4, 0, sizeof (u4));
- return (status);
-}
-
-/* Pseudo-primality test.
- If pseudo prime, *testResult = 1, else *testResult = 0.
- Returns 0, AE_CANCEL.
- */
-int PseudoPrime (testResult, prime, primeWords, surrenderContext)
-unsigned int *testResult;
-UINT2 *prime;
-unsigned int primeWords;
-A_SURRENDER_CTX *surrenderContext;
-{
- UINT2 base[MAX_RSA_MODULUS_WORDS], remainder[MAX_RSA_MODULUS_WORDS];
- int status;
- unsigned int i;
-
- /* Default testResult to false. */
- *testResult = 0;
-
- /* Prepare for setting base vector to the small prime. */
- T_memset ((POINTER)base, 0, sizeof (base));
-
- for (i = 0; i < 4; i++) {
- /* check to see if target is multiple of SMALL_PRIME */
- if (BigSmod (prime, (unsigned int)SMALL_PRIME[i], primeWords) == 0)
- /* fail... */
- return (0);
-
- /* Fermat test. Compute remainder = base ^ prime mod prime
- and compare the base to the remainder.
- */
- base[0] = (UINT2)SMALL_PRIME[i];
- if ((status = BigModExp
- (remainder, base, prime, prime, primeWords, surrenderContext)) != 0)
- return (status);
- if (BigCmp (remainder, base, primeWords) != 0)
- /* fail... */
- return (0);
- }
-
- *testResult = 1;
- return (0);
-}
-
+++ /dev/null
-/* Copyright (C) RSA Data Security, Inc. created 1990, 1996. This is an
- unpublished work protected as such under copyright law. This work
- contains proprietary, confidential, and trade secret information of
- RSA Data Security, Inc. Use, disclosure or reproduction without the
- express written authorization of RSA Data Security, Inc. is
- prohibited.
- */
-
-#ifndef _PRIME_H_
-#define _PRIME_H_ 1
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-int PrimeFind PROTO_LIST
- ((UINT2 *, unsigned int, unsigned int, UINT2 *, unsigned int,
- unsigned char *, A_SURRENDER_CTX *));
-int PseudoPrime PROTO_LIST
- ((unsigned int *, UINT2 *, unsigned int, A_SURRENDER_CTX *));
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif
+++ /dev/null
-/* Copyright (C) RSA Data Security, Inc. created 1990, 1996. This is an
- unpublished work protected as such under copyright law. This work
- contains proprietary, confidential, and trade secret information of
- RSA Data Security, Inc. Use, disclosure or reproduction without the
- express written authorization of RSA Data Security, Inc. is
- prohibited.
- */
-
-#include "port_before.h"
-#include "global.h"
-#include "bsafe2.h"
-#include "bkey.h"
-#include "balg.h"
-#include "ainfotyp.h"
-#include "algobj.h"
-#include "port_after.h"
-
-int B_RandomInit
- (algorithmObject, algorithmChooser, surrenderContext)
-B_ALGORITHM_OBJ algorithmObject;
-B_ALGORITHM_CHOOSER algorithmChooser;
-A_SURRENDER_CTX *surrenderContext;
-{
- if (AlgorithmWrapCheck (THE_ALG_WRAP) != 0)
- /* Assume error is B_ALGORITHM_OBJ */
- return (BE_RANDOM_OBJ);
-
- return (B_AlgorithmRandomInit
- (&THE_ALG_WRAP->algorithm, algorithmChooser, surrenderContext));
-}
-
-int B_RandomUpdate (algorithmObject, input, inputLen, surrenderContext)
-B_ALGORITHM_OBJ algorithmObject;
-unsigned char *input;
-unsigned int inputLen;
-A_SURRENDER_CTX *surrenderContext;
-{
- if (AlgorithmWrapCheck (THE_ALG_WRAP) != 0)
- /* Assume error is B_ALGORITHM_OBJ */
- return (BE_RANDOM_OBJ);
-
- return (B_AlgorithmRandomUpdate
- (&THE_ALG_WRAP->algorithm, input, inputLen, surrenderContext));
-}
-
-int B_GenerateRandomBytes
- (algorithmObject, output, outputLen, surrenderContext)
-B_ALGORITHM_OBJ algorithmObject;
-unsigned char *output;
-unsigned int outputLen;
-A_SURRENDER_CTX *surrenderContext;
-{
- if (AlgorithmWrapCheck (THE_ALG_WRAP) != 0)
- /* Assume error is B_ALGORITHM_OBJ */
- return (BE_RANDOM_OBJ);
-
- return (B_AlgorithmGenerateRandomBytes
- (&THE_ALG_WRAP->algorithm, output, outputLen, surrenderContext));
-}
-
+++ /dev/null
-/* Copyright (C) RSA Data Security, Inc. created 1990, 1996. This is an
- unpublished work protected as such under copyright law. This work
- contains proprietary, confidential, and trade secret information of
- RSA Data Security, Inc. Use, disclosure or reproduction without the
- express written authorization of RSA Data Security, Inc. is
- prohibited.
- */
-
-#include "port_before.h"
-#include "global.h"
-#include "algae.h"
-#include "rsa.h"
-#include "bigmath.h"
-#include "port_after.h"
-
-/* RSA encryption/decryption with full exponent.
- */
-
-#define GENERATE_BREAK(type) { \
- status = type; \
- break; \
- }
-
-static int RSA PROTO_LIST
- ((A_RSA_CTX *, unsigned char *, unsigned int *, unsigned int,
- const unsigned char *, A_SURRENDER_CTX *));
-
-/* Returns 0, AE_MODULUS_LEN, AE_KEY_INFO.
- */
-int A_RSAInit (context, key)
-A_RSA_CTX *context;
-A_RSA_KEY *key;
-{
- if (A_IntegerBits (key->modulus.data, key->modulus.len)
- > MAX_RSA_MODULUS_BITS)
- /* Key size is too big to handle. */
- return (AE_MODULUS_LEN);
-
- /* Set the block update blockLen to be big enough to hold the modulus. */
- context->blockLen =
- (A_IntegerBits (key->modulus.data, key->modulus.len) + 7) / 8;
-
- context->inputLen = 0;
-
- /* convert modulus to bignum representation */
- if (CanonicalToBig
- (context->modulus, MAX_RSA_MODULUS_WORDS, key->modulus.data,
- key->modulus.len))
- return (AE_KEY_INFO);
-
- /* compute significant length of modulus */
- context->modulusWords = BigLen
- (context->modulus, MAX_RSA_MODULUS_WORDS) / 16 + 1;
-
- /* convert exponent to bignum representation */
- if (CanonicalToBig
- (context->exponent, context->modulusWords,
- key->exponent.data, key->exponent.len))
- return (AE_KEY_INFO);
-
- return (0);
-}
-
-int A_RSAUpdate
- (context, partOut, partOutLen, maxPartOutLen, partIn, partInLen,
- surrenderContext)
-A_RSA_CTX *context;
-unsigned char *partOut;
-unsigned int *partOutLen;
-unsigned int maxPartOutLen;
-const unsigned char *partIn;
-unsigned int partInLen;
-A_SURRENDER_CTX *surrenderContext;
-{
- int status;
- unsigned int partialLen, localPartOutLen;
-
- /* Initialize partOutLen to zero. */
- *partOutLen = 0;
-
- if (context->inputLen + partInLen < context->blockLen) {
- /* Not enough to encrypt - just accumulate.
- */
- T_memcpy
- ((POINTER)(context->input + context->inputLen), (CPOINTER)partIn,
- partInLen);
- context->inputLen += partInLen;
- return (0);
- }
-
- if (context->inputLen > 0) {
- /* Need to accumulate the rest of the block bytes into the input and
- encrypt from there (otherwise it's OK to encrypt straight from
- the partIn).
- */
- partialLen = context->blockLen - context->inputLen;
- T_memcpy
- ((POINTER)(context->input + context->inputLen), (CPOINTER)partIn,
- partialLen);
- partIn += partialLen;
- partInLen -= partialLen;
-
- if ((status = RSA
- (context, partOut, &localPartOutLen, maxPartOutLen, context->input,
- surrenderContext)) != 0)
- return (status);
- (*partOutLen) += localPartOutLen;
- partOut += localPartOutLen;
- maxPartOutLen -= localPartOutLen;
- }
-
- /* Encrypt as many blocks of input as provided.
- */
- while (partInLen >= context->blockLen) {
- if ((status = RSA
- (context, partOut, &localPartOutLen, maxPartOutLen, partIn,
- surrenderContext)) != 0)
- return (status);
-
- partIn += context->blockLen;
- partInLen -= context->blockLen;
- (*partOutLen) += localPartOutLen;
- partOut += localPartOutLen;
- maxPartOutLen -= localPartOutLen;
- }
-
- /* Copy remaining input bytes to the context's input buffer.
- */
- T_memcpy
- ((POINTER)context->input, partIn, context->inputLen = partInLen);
- return (0);
-}
-
-int A_RSAFinal (context)
-A_RSA_CTX *context;
-{
- if (context->inputLen != 0)
- return (AE_INPUT_LEN);
-
- /* Restart context to accumulate a new block. */
- context->inputLen = 0;
- return (0);
-}
-
-/* Assume input length is context->blockLen.
- */
-static int RSA
- (context, output, outputLen, maxOutputLen, input, surrenderContext)
-A_RSA_CTX *context;
-unsigned char *output;
-unsigned int *outputLen;
-unsigned int maxOutputLen;
-const unsigned char *input;
-A_SURRENDER_CTX *surrenderContext;
-{
- struct ModExpFrame {
- UINT2 bigInBuf[MAX_RSA_MODULUS_WORDS], bigOutBuf[MAX_RSA_MODULUS_WORDS];
- } *frame = (struct ModExpFrame *)NULL_PTR;
-#if !USE_ALLOCED_FRAME
- struct ModExpFrame stackFrame;
-#endif
- int status;
-
- status = 0;
- do {
- if ((*outputLen = context->blockLen) > maxOutputLen)
- return (AE_OUTPUT_LEN);
-
-#if USE_ALLOCED_FRAME
- if ((frame = (struct ModExpFrame *)T_malloc (sizeof (*frame)))
- == (struct ModExpFrame *)NULL_PTR) {
- status = AE_ALLOC;
- break;
- }
-#else
- /* Just use the buffers allocated on the stack. */
- frame = &stackFrame;
-#endif
-
- /* Convert input to bignum representation.
- This won't return AE_DATA since input length was checked at Update.
- */
- CanonicalToBig
- (frame->bigInBuf, context->modulusWords, input, context->blockLen);
-
- /* Check for overflow. */
- if (BigCmp (frame->bigInBuf, context->modulus, context->modulusWords) >= 0)
- GENERATE_BREAK (AE_INPUT_DATA);
-
- /* Exponentiate. */
- if ((status = BigModExp
- (frame->bigOutBuf, frame->bigInBuf, context->exponent,
- context->modulus, context->modulusWords, surrenderContext)) != 0)
- break;
-
- /* Convert output to canonical representation.
- This won't return AE_DATA since outputLen was set above.
- */
- BigToCanonical
- (output, *outputLen, frame->bigOutBuf, context->modulusWords);
- } while (0);
-
- if (frame != (struct ModExpFrame *)NULL_PTR) {
- T_memset ((POINTER)frame, 0, sizeof (*frame));
-#if USE_ALLOCED_FRAME
- T_free ((POINTER)frame);
-#endif
- }
-
- return (status);
-}
+++ /dev/null
-/* Copyright (C) RSA Data Security, Inc. created 1994, 1996. This is an
- unpublished work protected as such under copyright law. This work
- contains proprietary, confidential, and trade secret information of
- RSA Data Security, Inc. Use, disclosure or reproduction without the
- express written authorization of RSA Data Security, Inc. is
- prohibited.
- */
-
-#ifndef _RSA_H_
-#define _RSA_H_ 1
-
-#include "bigmaxes.h"
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/* Note, these are only valid after a call to A_RSAInit.
- */
-#define A_RSA_BLOCK_LEN(context) ((context)->blockLen)
-#define A_RSA_MAX_OUTPUT_LEN(context, inputLen)\
- (inputLen) + (((inputLen) % (context)->blockLen) ?\
- (context)->blockLen - ((inputLen) % (context)->blockLen) : 0)
-
-typedef struct {
- unsigned int blockLen; /* total size for the block to be computed */
- unsigned char input[MAX_RSA_MODULUS_LEN];
- unsigned int inputLen;
- unsigned int modulusWords;
- UINT2 modulus[MAX_RSA_MODULUS_WORDS];
- UINT2 exponent[MAX_RSA_MODULUS_WORDS];
-} A_RSA_CTX;
-
-int A_RSAInit PROTO_LIST ((A_RSA_CTX *, A_RSA_KEY *));
-int A_RSAUpdate PROTO_LIST
- ((A_RSA_CTX *, unsigned char *, unsigned int *, unsigned int,
- const unsigned char *, unsigned int, A_SURRENDER_CTX *));
-int A_RSAFinal PROTO_LIST ((A_RSA_CTX *));
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif
+++ /dev/null
-/* Copyright (C) RSA Data Security, Inc. created 1990, 1996. This is an
- unpublished work protected as such under copyright law. This work
- contains proprietary, confidential, and trade secret information of
- RSA Data Security, Inc. Use, disclosure or reproduction without the
- express written authorization of RSA Data Security, Inc. is
- prohibited.
- */
-
-#include "port_before.h"
-#include "global.h"
-#include "algae.h"
-#include "bigmath.h"
-#include "surrendr.h"
-#include "prime.h"
-#include "rsakeygn.h"
-#include "port_after.h"
-
-#define GENERATE_BREAK(type) { \
- status = type; \
- break; \
- }
-
-static int RSAParameters PROTO_LIST
- ((UINT2 *, UINT2 *, UINT2 *, UINT2 *, UINT2 *, UINT2 *, UINT2 *, UINT2 *,
- unsigned int, unsigned int, A_SURRENDER_CTX *));
-static void SetRSAKeyGenResult PROTO_LIST
- ((A_PKCS_RSA_PRIVATE_KEY *, A_RSA_KEY_GEN_CTX *, UINT2 *, UINT2 *));
-
-int A_RSAKeyGenInit (context, params)
-A_RSA_KEY_GEN_CTX *context;
-A_RSA_KEY_GEN_PARAMS *params;
-{
- context->modulusBits = params->modulusBits;
-
- /* Prezeroize big public exponent vector. */
- T_memset
- ((POINTER)context->bigPublicExponent, 0,
- sizeof (context->bigPublicExponent));
-
- /* Copy public exponent into big vector */
- if (CanonicalToBig
- (context->bigPublicExponent, MAX_RSA_MODULUS_WORDS,
- params->publicExponent.data, params->publicExponent.len) != 0)
- /* could not copy exponent into MAX_RSA_MODULUS_WORDS */
- return (AE_EXPONENT_LEN);
-
- /* Check that public exponent is in bounds and odd.
- */
- if (BigLen (context->bigPublicExponent, MAX_RSA_MODULUS_WORDS) >=
- context->modulusBits)
- return (AE_EXPONENT_LEN);
- if (!(context->bigPublicExponent[0] & 1))
- return (AE_EXPONENT_EVEN);
-
- return (0);
-}
-
-/* This generates an RSA keypair of size modulusBits with the fixed
- publicExponent, pointing result to the resulting integers. The
- resulting integer data is in the context, so that the values must be
- copied before the context is zeroized.
- All integers are unsigned canonical bytes arrays with the most significant
- byte first.
- The randomBlock is of length randomBlockLen returned by RSAKeyGenQuery.
- This assumes that the modulusBits size was checked by RSAKeyGenQuery.
- */
-int A_RSAKeyGen (context, result, randomBlock, surrenderContext)
-A_RSA_KEY_GEN_CTX *context;
-A_PKCS_RSA_PRIVATE_KEY **result;
-unsigned char *randomBlock;
-A_SURRENDER_CTX *surrenderContext;
-{
- UINT2 *bigPrimeP, *bigPrimeQ;
- int status;
- unsigned int modulusWords, primeSizeBits, primeWords;
-
- /* Prezeroize all big word vectors. */
- T_memset ((POINTER)context->bigModulus, 0, sizeof (context->bigModulus));
- T_memset
- ((POINTER)context->bigPrivateExponent, 0,
- sizeof (context->bigPrivateExponent));
- T_memset ((POINTER)context->bigPrime1, 0, sizeof (context->bigPrime1));
- T_memset ((POINTER)context->bigPrime2, 0, sizeof (context->bigPrime2));
- T_memset ((POINTER)context->bigExponentP, 0, sizeof (context->bigExponentP));
- T_memset ((POINTER)context->bigExponentQ, 0, sizeof (context->bigExponentQ));
- T_memset
- ((POINTER)context->bigCoefficient, 0, sizeof (context->bigCoefficient));
-
- /* prime size is half modulus size */
- modulusWords = BITS_TO_WORDS (context->modulusBits);
- primeSizeBits = RSA_PRIME_BITS (context->modulusBits);
- primeWords = BITS_TO_WORDS (RSA_PRIME_BITS (context->modulusBits));
-
- /* Fish for bigPrime1 and bigPrime2 that are compatible with supplied
- publicExponent.
- The randomBlock holds random bytes for two primes.
- */
- if ((status = PrimeFind
- (context->bigPrime1, primeSizeBits, primeWords,
- context->bigPublicExponent, modulusWords, randomBlock,
- surrenderContext)) != 0)
- return (status);
- if ((status = PrimeFind
- (context->bigPrime2, context->modulusBits - primeSizeBits,
- primeWords, context->bigPublicExponent, modulusWords,
- randomBlock + (2 * primeWords), surrenderContext)) != 0)
- return (status);
-
- /* Set bigPrimeP to the larger of bigPrime1 and bigPrime2 and set
- bigPrimeQ to the smaller.
- */
- if (BigCmp (context->bigPrime1, context->bigPrime2, primeWords) == 1) {
- bigPrimeP = context->bigPrime1;
- bigPrimeQ = context->bigPrime2;
- }
- else {
- bigPrimeP = context->bigPrime2;
- bigPrimeQ = context->bigPrime1;
- }
-
- /* Calculate the rest of the key components */
- if ((status = RSAParameters
- (context->bigModulus, context->bigCoefficient,
- context->bigExponentP, context->bigExponentQ,
- context->bigPrivateExponent, context->bigPublicExponent,
- bigPrimeP, bigPrimeQ, primeWords, modulusWords, surrenderContext)) != 0)
- return (status);
-
- /* Copy key components into canonical buffers which are at the
- end of the context. */
- *result = &context->result;
- SetRSAKeyGenResult (*result, context, bigPrimeP, bigPrimeQ);
-
- return (0);
-}
-
-/* Assumes ee, pp, qq are given, calculates other parameters.
- Returns 0, AE_CANCEL.
- */
-static int RSAParameters
- (nn, cr, dp, dq, dd, ee, pp, qq, primeWords, modulusWords, surrenderContext)
-UINT2 *nn, *cr, *dp, *dq, *dd, *ee, *pp, *qq;
-unsigned int primeWords, modulusWords;
-A_SURRENDER_CTX *surrenderContext;
-{
- UINT2 t1[2 * MAX_RSA_PRIME_WORDS], t2[MAX_RSA_PRIME_WORDS],
- t3[MAX_RSA_MODULUS_WORDS], u1[MAX_RSA_MODULUS_WORDS],
- u3[MAX_RSA_MODULUS_WORDS], pm1[MAX_RSA_PRIME_WORDS],
- qm1[MAX_RSA_PRIME_WORDS];
- int status;
-
- do {
- /* N=P*Q */
- BigMpy (t1, pp, qq, primeWords);
- if ((status = CheckSurrender (surrenderContext)) != 0)
- break;
- BigCopy (nn, t1, modulusWords);
-
- /* qm1=q-1 & pm1=p-1 */
- BigConst (t1, 1, primeWords);
- BigSub (qm1, qq, t1, primeWords);
- BigSub (pm1, pp, t1, primeWords);
-
- /* t3=1 */
- BigConst (t3, 1, modulusWords);
-
- /*t1=phi (N) */
- BigMpy (t1, pm1, qm1, primeWords);
- if ((status = CheckSurrender (surrenderContext)) != 0)
- break;
-
- /* compute decryption exponent */
- BigPegcd (u1, dd, u3, ee, t1, modulusWords);
- if ((status = CheckSurrender (surrenderContext)) != 0)
- break;
-
- /* calc DP=inv (E)[mod (P-1)] & DQ=inv (e)[mod (Q-1)] */
- BigPdiv (t1, dp, dd, pm1, modulusWords, primeWords);
- if ((status = CheckSurrender (surrenderContext)) != 0)
- break;
- BigPdiv (t1, dq, dd, qm1, modulusWords, primeWords);
- if ((status = CheckSurrender (surrenderContext)) != 0)
- break;
-
- /* calc CR = (inv (Q)[modP]) */
- BigPegcd (t1, t2, cr, pp, qq, primeWords);
- } while (0);
-
- T_memset ((POINTER)t1, 0, sizeof (t1));
- T_memset ((POINTER)t2, 0, sizeof (t2));
- T_memset ((POINTER)t3, 0, sizeof (t3));
- T_memset ((POINTER)u1, 0, sizeof (u1));
- T_memset ((POINTER)u3, 0, sizeof (u3));
- T_memset ((POINTER)pm1, 0, sizeof (pm1));
- T_memset ((POINTER)qm1, 0, sizeof (qm1));
- return (status);
-}
-
-static void SetRSAKeyGenResult (result, context, bigPrimeP, bigPrimeQ)
-A_PKCS_RSA_PRIVATE_KEY *result;
-A_RSA_KEY_GEN_CTX *context;
-UINT2 *bigPrimeP;
-UINT2 *bigPrimeQ;
-{
- unsigned int primeLen, modulusLen;
-
- modulusLen = result->modulus.len = result->publicExponent.len =
- result->privateExponent.len = BITS_TO_LEN (context->modulusBits);
- primeLen = result->prime[0].len = result->prime[1].len =
- result->primeExponent[0].len = result->primeExponent[1].len =
- result->coefficient.len = RSA_PRIME_LEN (context->modulusBits);
-
- result->modulus.data = context->resultBuffer;
- result->publicExponent.data = result->modulus.data + modulusLen;
- result->privateExponent.data = result->publicExponent.data + modulusLen;
- result->prime[0].data = result->privateExponent.data + modulusLen;
- result->prime[1].data = result->prime[0].data + primeLen;
- result->primeExponent[0].data = result->prime[1].data + primeLen;
- result->primeExponent[1].data = result->primeExponent[0].data + primeLen;
- result->coefficient.data = result->primeExponent[1].data + primeLen;
-
- BigToCanonical
- (result->modulus.data, modulusLen, context->bigModulus,
- MAX_RSA_MODULUS_WORDS);
- BigToCanonical
- (result->publicExponent.data, modulusLen,
- context->bigPublicExponent, MAX_RSA_MODULUS_WORDS);
- BigToCanonical
- (result->privateExponent.data, modulusLen,
- context->bigPrivateExponent, MAX_RSA_MODULUS_WORDS);
- BigToCanonical
- (result->prime[0].data, primeLen, bigPrimeP, MAX_RSA_PRIME_WORDS);
- BigToCanonical
- (result->prime[1].data, primeLen, bigPrimeQ, MAX_RSA_PRIME_WORDS);
- BigToCanonical
- (result->primeExponent[0].data, primeLen, context->bigExponentP,
- MAX_RSA_PRIME_WORDS);
- BigToCanonical
- (result->primeExponent[1].data, primeLen, context->bigExponentQ,
- MAX_RSA_PRIME_WORDS);
- BigToCanonical
- (result->coefficient.data, primeLen, context->bigCoefficient,
- MAX_RSA_PRIME_WORDS);
-}
+++ /dev/null
-/* Copyright (C) RSA Data Security, Inc. created 1994, 1996. This is an
- unpublished work protected as such under copyright law. This work
- contains proprietary, confidential, and trade secret information of
- RSA Data Security, Inc. Use, disclosure or reproduction without the
- express written authorization of RSA Data Security, Inc. is
- prohibited.
- */
-
-#ifndef _RSAKEYGN_H_
-#define _RSAKEYGN_H_ 1
-
-#include "bigmaxes.h"
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-#define MIN_RSA_MODULUS_BITS 256
-
-/* Need randomBlock to hold bytes for two UINT2 prime number arrays each,
- of length primeWords = BITS_TO_WORDS (RSA_PRIME_BITS (modulusBits)). */
-#define A_RSA_KEY_GEN_RANDOM_BLOCK_LEN(modulusBits) \
- (4 * BITS_TO_WORDS (RSA_PRIME_BITS (modulusBits)))
-
-/* Note that the scratch area for the output integers is allocated
- in the context after the RSA_KEY_GEN_CTX.
- */
-typedef struct {
- unsigned int modulusBits;
- UINT2 bigModulus[MAX_RSA_MODULUS_WORDS];
- UINT2 bigPublicExponent[MAX_RSA_MODULUS_WORDS];
- UINT2 bigPrivateExponent[MAX_RSA_MODULUS_WORDS];
- UINT2 bigPrime1[MAX_RSA_PRIME_WORDS];
- UINT2 bigPrime2[MAX_RSA_PRIME_WORDS];
- UINT2 bigExponentP[MAX_RSA_PRIME_WORDS];
- UINT2 bigExponentQ[MAX_RSA_PRIME_WORDS];
- UINT2 bigCoefficient[MAX_RSA_PRIME_WORDS];
- A_PKCS_RSA_PRIVATE_KEY result;
- unsigned char resultBuffer
- [3 * BITS_TO_LEN (MAX_RSA_MODULUS_BITS) +
- 5 * RSA_PRIME_LEN (MAX_RSA_MODULUS_BITS)];
-} A_RSA_KEY_GEN_CTX;
-
-int A_RSAKeyGenInit PROTO_LIST ((A_RSA_KEY_GEN_CTX *, A_RSA_KEY_GEN_PARAMS *));
-int A_RSAKeyGen PROTO_LIST
- ((A_RSA_KEY_GEN_CTX *, A_PKCS_RSA_PRIVATE_KEY **, unsigned char *,
- A_SURRENDER_CTX *));
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif
-
+++ /dev/null
-/* Copyright (C) RSA Data Security, Inc. created 1990, 1996. This is an
- unpublished work protected as such under copyright law. This work
- contains proprietary, confidential, and trade secret information of
- RSA Data Security, Inc. Use, disclosure or reproduction without the
- express written authorization of RSA Data Security, Inc. is
- prohibited.
- */
-
-#include "port_before.h"
-#include "global.h"
-#include "algae.h"
-#include "secrcbc.h"
-#include "port_after.h"
-
-static void SecretCBCDecryptBlock PROTO_LIST
- ((POINTER, unsigned char *, SECRET_CRYPT, unsigned char *,
- unsigned char *));
-
-/* On first call, it is assumed that *remainderLen is zero.
- This assumes remainder buffer is at least 16 bytes is size.
- Returns AE_OUTPUT_LEN, 0.
- */
-int SecretCBCDecryptUpdate
- (context, xorBlock, remainder, remainderLen, SecretDecrypt, output,
- outputLen, maxOutputLen, input, inputLen)
-POINTER context;
-unsigned char *xorBlock;
-unsigned char *remainder;
-unsigned int *remainderLen;
-SECRET_CRYPT SecretDecrypt;
-unsigned char *output;
-unsigned int *outputLen;
-unsigned int maxOutputLen;
-unsigned char *input;
-unsigned int inputLen;
-{
- unsigned int partialLen;
-
- if (*remainderLen + inputLen <= 16) {
- /* Not enough to decrypt, just accumulate into remainder.
- */
- *outputLen = 0;
- T_memcpy ((POINTER)remainder + *remainderLen, (POINTER)input, inputLen);
- *remainderLen += inputLen;
- return (0);
- }
-
- /* Fill up the rest of the remainder with bytes from input.
- */
- T_memcpy
- ((POINTER)remainder + *remainderLen, (POINTER)input,
- partialLen = 16 - *remainderLen);
- input += partialLen;
- inputLen -= partialLen;
-
- /* remainder is full and inputLen is at least 1. Compute outputLen
- as the size needed to keep remainder as full as possible.
- */
- if ((*outputLen = 8 * ((inputLen + 7) / 8)) > maxOutputLen)
- return (AE_OUTPUT_LEN);
-
- SecretCBCDecryptBlock
- (context, xorBlock, SecretDecrypt, output, remainder);
- output += 8;
-
- if (inputLen <= 8) {
- /* Shift remaining input bytes into remainder */
- T_memmove ((POINTER)remainder, (POINTER)(remainder + 8), 8);
- T_memcpy ((POINTER)(remainder + 8), (POINTER)input, inputLen);
- *remainderLen = 8 + inputLen;
- return (0);
- }
-
- /* Decrypt the rest of the remainder.
- */
- SecretCBCDecryptBlock
- (context, xorBlock, SecretDecrypt, output, remainder + 8);
- output += 8;
-
- /* Now decrypt the bulk of the input.
- */
- while (inputLen > 16) {
- SecretCBCDecryptBlock (context, xorBlock, SecretDecrypt, output, input);
- output += 8;
- input += 8;
- inputLen -= 8;
- }
-
- /* inputLen is now <= 16, so copy input to remainder.
- */
- T_memcpy ((POINTER)remainder, (POINTER)input, inputLen);
- *remainderLen = inputLen;
- return (0);
-}
-
-/* The caller must restart the context (setting remainderLen to zero).
- Returns AE_INPUT_LEN, AE_OUTPUT_LEN, 0.
- */
-int SecretCBCDecryptFinal
- (context, xorBlock, remainder, remainderLen, SecretDecrypt, output,
- outputLen, maxOutputLen)
-POINTER context;
-unsigned char *xorBlock;
-unsigned char *remainder;
-unsigned int remainderLen;
-SECRET_CRYPT SecretDecrypt;
-unsigned char *output;
-unsigned int *outputLen;
-unsigned int maxOutputLen;
-{
- if ((*outputLen = remainderLen) == 0)
- /* There was never any data. */
- return (0);
-
- if (remainderLen != 8 && remainderLen != 16)
- return (AE_INPUT_LEN);
-
- if (*outputLen > maxOutputLen)
- return (AE_OUTPUT_LEN);
-
- SecretCBCDecryptBlock
- (context, xorBlock, SecretDecrypt, output, remainder);
- output += 8;
- if (remainderLen == 16)
- SecretCBCDecryptBlock
- (context, xorBlock, SecretDecrypt, output, remainder + 8);
- return (0);
-}
-
-static void SecretCBCDecryptBlock (context, xorBlock, SecretDecrypt, out, in)
-POINTER context;
-unsigned char *xorBlock;
-SECRET_CRYPT SecretDecrypt;
-unsigned char *out;
-unsigned char *in;
-{
- unsigned char tempBuffer[8];
- unsigned int i;
-
- /* Save input to be copied to the xor block. */
- T_memcpy ((POINTER)tempBuffer, (POINTER)in, 8);
- (*SecretDecrypt) (context, out, in);
- for (i = 0; i < 8; i++)
- out[i] ^= xorBlock[i];
- T_memcpy ((POINTER)xorBlock, (POINTER)tempBuffer, 8);
-
- T_memset ((POINTER)tempBuffer, 0, sizeof (tempBuffer));
-}
+++ /dev/null
-/* Copyright (C) RSA Data Security, Inc. created 1990, 1996. This is an
- unpublished work protected as such under copyright law. This work
- contains proprietary, confidential, and trade secret information of
- RSA Data Security, Inc. Use, disclosure or reproduction without the
- express written authorization of RSA Data Security, Inc. is
- prohibited.
- */
-
-#include "port_before.h"
-#include "global.h"
-#include "algae.h"
-#include "secrcbc.h"
-#include "port_after.h"
-
-/* On first call, it is assumed that *remainderLen is zero.
- Returns AE_OUTPUT_LEN, 0.
- */
-int SecretCBCEncryptUpdate
- (context, xorBlock, remainder, remainderLen, SecretEncrypt, output,
- outputLen, maxOutputLen, input, inputLen)
-POINTER context;
-unsigned char *xorBlock;
-unsigned char *remainder;
-unsigned int *remainderLen;
-SECRET_CRYPT SecretEncrypt;
-unsigned char *output;
-unsigned int *outputLen;
-unsigned int maxOutputLen;
-unsigned char *input;
-unsigned int inputLen;
-{
- unsigned int partialLen, totalLen, i;
-
- totalLen = *remainderLen + inputLen;
-
- /* Output length will be all available 8-byte blocks.
- */
- if ((*outputLen = 8 * (totalLen / 8)) > maxOutputLen)
- return (AE_OUTPUT_LEN);
-
- if (totalLen < 8) {
- /* Not enough to encrypt, just accumulate into remainder.
- */
- T_memcpy
- ((POINTER)remainder + *remainderLen, (POINTER)input, inputLen);
- *remainderLen = totalLen;
-
- return (0);
- }
-
- /* Accumulate enough bytes from input into remainder to encrypt the
- remainder.
- */
- T_memcpy
- ((POINTER)remainder + *remainderLen, (POINTER)input,
- partialLen = 8 - *remainderLen);
-
- for (i = 0; i < 8; i++)
- output[i] = remainder[i] ^ xorBlock[i];
- /* Encrypt in place */
- (*SecretEncrypt) (context, output, output);
-
- T_memcpy ((POINTER)xorBlock, (POINTER)output, 8);
- input += partialLen;
- inputLen -= partialLen;
- output += 8;
-
- /* Now encrypt the bulk of the input.
- */
- while (inputLen >= 8) {
- for (i = 0; i < 8; i++)
- output[i] = *(input++) ^ xorBlock[i];
- /* Encrypt in place */
- (*SecretEncrypt) (context, output, output);
- T_memcpy ((POINTER)xorBlock, (POINTER)output, 8);
- output += 8;
- inputLen -= 8;
- }
-
- /* inputLen is now < 8, so copy input to remainder.
- */
- T_memcpy ((POINTER)remainder, (POINTER)input, inputLen);
- *remainderLen = inputLen;
-
- return (0);
-}
-
-/* This just ensures that *remainderLen is zero.
- The caller must restart the context (setting remainderLen to zero).
- Returns AE_INPUT_LEN, 0.
- */
-int SecretCBCEncryptFinal (remainderLen)
-unsigned int remainderLen;
-{
- if (remainderLen != 0)
- return (AE_INPUT_LEN);
-
- return (0);
-}
+++ /dev/null
-/* Copyright (C) RSA Data Security, Inc. created 1990, 1996. This is an
- unpublished work protected as such under copyright law. This work
- contains proprietary, confidential, and trade secret information of
- RSA Data Security, Inc. Use, disclosure or reproduction without the
- express written authorization of RSA Data Security, Inc. is
- prohibited.
- */
-
-#ifndef _SECRCBC_H_
-#define _SECRCBC_H_ 1
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-typedef void (*SECRET_CRYPT) PROTO_LIST
- ((POINTER, unsigned char *, unsigned char *));
-
-int SecretCBCEncryptUpdate PROTO_LIST
- ((POINTER, unsigned char *, unsigned char *, unsigned int *, SECRET_CRYPT,
- unsigned char *, unsigned int *, unsigned int, unsigned char *,
- unsigned int));
-int SecretCBCEncryptFinal PROTO_LIST ((unsigned int));
-int SecretCBCDecryptUpdate PROTO_LIST
- ((POINTER, unsigned char *, unsigned char *, unsigned int *, SECRET_CRYPT,
- unsigned char *, unsigned int *, unsigned int, unsigned char *,
- unsigned int));
-int SecretCBCDecryptFinal PROTO_LIST
- ((POINTER, unsigned char *, unsigned char *, unsigned int, SECRET_CRYPT,
- unsigned char *, unsigned int *, unsigned int));
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif
+++ /dev/null
-/* Copyright (C) RSA Data Security, Inc. created 1992, 1996. This is an
- unpublished work protected as such under copyright law. This work
- contains proprietary, confidential, and trade secret information of
- RSA Data Security, Inc. Use, disclosure or reproduction without the
- express written authorization of RSA Data Security, Inc. is
- prohibited.
- */
-
-#include "port_before.h"
-#include "global.h"
-#include "algae.h"
-#include "surrendr.h"
-#include "port_after.h"
-
-/* Returns 0, AE_CANCEL.
- */
-int CheckSurrender (surrenderContext)
-A_SURRENDER_CTX *surrenderContext;
-{
- if (surrenderContext == (A_SURRENDER_CTX *)NULL_PTR)
- return (0);
-
- if ((*surrenderContext->Surrender) (surrenderContext->handle))
- return (AE_CANCEL);
- return (0);
-}
+++ /dev/null
-/* Copyright (C) RSA Data Security, Inc. created 1992, 1996. This is an
- unpublished work protected as such under copyright law. This work
- contains proprietary, confidential, and trade secret information of
- RSA Data Security, Inc. Use, disclosure or reproduction without the
- express written authorization of RSA Data Security, Inc. is
- prohibited.
- */
-
-#ifndef _SURRENDR_H_
-#define _SURRENDR_H_ 1
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-int CheckSurrender PROTO_LIST ((A_SURRENDER_CTX *));
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif
-OBJS= bsafe_link.@O@ cylink_link.@O@ dst_api.@O@ eay_dss_link.@O@ \
- hmac_link.@O@ md5_dgst.@O@ prandom.@O@ rsaref_link.@O@ support.@O@
+OBJS= dst_api.@O@ hmac_link.@O@ md5_dgst.@O@ support.@O@
-SRCS= bsafe_link.c cylink_link.c dst_api.c eay_dss_link.c \
- hmac_link.c md5_dgst.c prandom.c rsaref_link.c support.c
+SRCS= dst_api.c hmac_link.c md5_dgst.c support.c
TARGETS= ${OBJS}
+++ /dev/null
-#if defined(BSAFE) || defined(DNSSAFE)
-static const char rcsid[] = "$Header: /u0/home/explorer/proj/ISC/git-conversion/cvsroot/bind9/lib/bind/dst/Attic/bsafe_link.c,v 1.1 2001/03/29 06:31:31 marka Exp $";
-
-/*
- * Portions Copyright (c) 1995-1998 by Trusted Information Systems, Inc.
- *
- * Permission to use, copy modify, and distribute this software for any
- * purpose with or without fee is hereby granted, provided that the above
- * copyright notice and this permission notice appear in all copies.
- *
- * THE SOFTWARE IS PROVIDED "AS IS" AND TRUSTED INFORMATION SYSTEMS
- * DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL
- * TRUSTED INFORMATION SYSTEMS BE LIABLE FOR ANY SPECIAL, DIRECT,
- * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING
- * FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT,
- * NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION
- * WITH THE USE OR PERFORMANCE OF THE SOFTWARE.
- */
-/*
- * This file contains two components
- * 1. Interface to the BSAFE library to allow compilation of Bind
- * with TIS/DNSSEC when BSAFE is not available
- * all calls to BSAFE are contained inside this file.
- * 2. The glue to connvert RSA KEYS to and from external formats
- */
-#include "port_before.h"
-
-#include <stdio.h>
-#include <unistd.h>
-#include <stdlib.h>
-#include <string.h>
-#include <memory.h>
-#include <sys/param.h>
-#include <sys/time.h>
-#include <netinet/in.h>
-#include <arpa/nameser.h>
-#include "dst_internal.h"
-
-# ifdef __STDC__
-# define PROTOTYPES 1
-# else
-# define PROTOTYPES 0
-# endif
-
-# ifdef BSAFE
-# include <aglobal.h>
-# include <bsafe.h>
-# else
-# include <global.h>
-# include <bsafe2.h>
-# include <bigmaxes.h>
-# endif
-
-#include "port_after.h"
-
-typedef struct bsafekey {
- char *rk_signer;
- B_KEY_OBJ rk_Private_Key;
- B_KEY_OBJ rk_Public_Key;
-} RSA_Key;
-
-#ifndef MAX_RSA_MODULUS_BITS
-#define MAX_RSA_MODULUS_BITS 4096
-#define MAX_RSA_MODULUS_LEN (MAX_RSA_MODULUS_BITS/8)
-#define MAX_RSA_PRIME_LEN (MAX_RSA_MODULUS_LEN/2)
-#endif
-
-#define NULL_SURRENDER (A_SURRENDER_CTX *)NULL_PTR
-#define NULL_RANDOM (B_ALGORITHM_OBJ)NULL_PTR
-
-B_ALGORITHM_METHOD *CHOOSER[] =
-{
- &AM_MD5,
- &AM_MD5_RANDOM,
- &AM_RSA_KEY_GEN,
- &AM_RSA_ENCRYPT,
- &AM_RSA_DECRYPT,
- &AM_RSA_CRT_ENCRYPT,
- &AM_RSA_CRT_DECRYPT,
- (B_ALGORITHM_METHOD *) NULL_PTR
-};
-
-static u_char pkcs1[] =
-{
- 0x30, 0x20, 0x30, 0x0c, 0x06, 0x08, 0x2a, 0x86,
- 0x48, 0x86, 0xf7, 0x0d, 0x02, 0x05, 0x05, 0x00,
- 0x04, 0x10
-};
-
-static int dst_bsafe_md5digest(const int mode, B_ALGORITHM_OBJ *digest_obj,
- const u_char *data, const int len,
- u_char *digest, const int digest_len);
-
-static int dst_bsafe_key_size(RSA_Key *r_key);
-
-static int dst_bsafe_sign(const int mode, DST_KEY *dkey, void **context,
- const u_char *data, const int len,
- u_char *signature, const int sig_len);
-static int dst_bsafe_verify(const int mode, DST_KEY *dkey, void **context,
- const u_char *data, const int len,
- const u_char *signature, const int sig_len);
-static int dst_bsafe_to_dns_key(const DST_KEY *in_key, u_char *out_str,
- const int out_len);
-static int dst_bsafe_from_dns_key(DST_KEY *s_key, const u_char *key,
- const int len);
-static int dst_bsafe_key_to_file_format(const DST_KEY *key, char *buff,
- const int buff_len);
-static int dst_bsafe_key_from_file_format(DST_KEY *d_key,
- const char *buff,
- const int buff_len);
-static int dst_bsafe_generate_keypair(DST_KEY *key, int exp);
-static int dst_bsafe_compare_keys(const DST_KEY *key1, const DST_KEY *key2);
-static void *dst_bsafe_free_key_structure(void *key);
-
-/*
- * dst_bsafe_init() Function to answer set up function pointers for
- * BSAFE/DNSSAFE related functions
- */
-int
-dst_bsafe_init(void)
-{
- if (dst_t_func[KEY_RSA] != NULL)
- return (1);
- dst_t_func[KEY_RSA] = malloc(sizeof(struct dst_func));
- if (dst_t_func[KEY_RSA] == NULL)
- return (0);
- memset(dst_t_func[KEY_RSA], 0, sizeof(struct dst_func));
- dst_t_func[KEY_RSA]->sign = dst_bsafe_sign;
- dst_t_func[KEY_RSA]->verify = dst_bsafe_verify;
- dst_t_func[KEY_RSA]->compare = dst_bsafe_compare_keys;
- dst_t_func[KEY_RSA]->generate = dst_bsafe_generate_keypair;
- dst_t_func[KEY_RSA]->destroy = dst_bsafe_free_key_structure;
- dst_t_func[KEY_RSA]->from_dns_key = dst_bsafe_from_dns_key;
- dst_t_func[KEY_RSA]->to_dns_key = dst_bsafe_to_dns_key;
- dst_t_func[KEY_RSA]->from_file_fmt = dst_bsafe_key_from_file_format;
- dst_t_func[KEY_RSA]->to_file_fmt = dst_bsafe_key_to_file_format;
- return (1);
-}
-
-/*
- * dst_bsafe_sign
- * Call BSAFE signing functions to sign a block of data.
- * There are three steps to signing, INIT (initialize structures),
- * UPDATE (hash (more) data), FINAL (generate a signature). This
- * routine performs one or more of these steps.
- * Parameters
- * mode SIG_MODE_INIT, SIG_MODE_UPDATE and/or SIG_MODE_FINAL.
- * dkey structure holds context for a sign done in multiple calls.
- * context the context to use for this computation
- * data data to be signed.
- * len length in bytes of data.
- * priv_key key to use for signing.
- * signature location to store signature.
- * sig_len size in bytes of signature field.
- * returns
- * N Success on SIG_MODE_FINAL = returns signature length in bytes
- * 0 Success on SIG_MODE_INIT and UPDATE
- * <0 Failure
- */
-
-static int
-dst_bsafe_sign(const int mode, DST_KEY *dkey, void **context,
- const u_char *data, const int len,
- u_char *signature, const int sig_len)
-{
- u_int sign_len = 0;
- int status = 0;
- B_ALGORITHM_OBJ *md5_ctx = NULL;
- int w_bytes = 0;
- u_int u_bytes = 0;
- u_char work_area[NS_MD5RSA_MAX_SIZE];
-
- if (mode & SIG_MODE_INIT) {
- md5_ctx = (B_ALGORITHM_OBJ *) malloc(sizeof(B_ALGORITHM_OBJ));
- if ((status = B_CreateAlgorithmObject(md5_ctx)))
- return (-1);
- if ((status = B_SetAlgorithmInfo(*md5_ctx, AI_MD5, NULL)))
- return (-1);
- }
- else if (context)
- md5_ctx = (B_ALGORITHM_OBJ *) *context;
- if (md5_ctx == NULL)
- return (-1);
-
- w_bytes = dst_bsafe_md5digest(mode, md5_ctx,
- data, len,work_area, sizeof(work_area));
- if (w_bytes < 0 || (mode & SIG_MODE_FINAL)) {
- B_DestroyAlgorithmObject(md5_ctx);
- SAFE_FREE(md5_ctx);
- if (w_bytes < 0)
- return (w_bytes);
- }
-
- if (mode & SIG_MODE_FINAL) {
- RSA_Key *key;
- int ret = 0;
- B_ALGORITHM_OBJ rsaEncryptor = (B_ALGORITHM_OBJ) NULL_PTR;
-
- if (dkey == NULL || dkey->dk_KEY_struct == NULL)
- return (-1);
- key = (RSA_Key *) dkey->dk_KEY_struct;
- if (key == NULL || key->rk_Private_Key == NULL)
- return (-1);
-
- if ((status = B_CreateAlgorithmObject(&rsaEncryptor)))
- return (SIGN_FINAL_FAILURE);
- if ((status = B_SetAlgorithmInfo(rsaEncryptor,
- AI_PKCS_RSAPrivate,
- NULL_PTR)))
-
- ret = SIGN_FINAL_FAILURE;
- if (ret == 0 &&
- (status = B_EncryptInit(rsaEncryptor,
- key->rk_Private_Key,
- CHOOSER, NULL_SURRENDER)))
- ret = SIGN_FINAL_FAILURE;
- if (ret == 0 &&
- (status = B_EncryptUpdate(rsaEncryptor, signature,
- &u_bytes, sig_len, pkcs1,
- sizeof(pkcs1), NULL_PTR,
- NULL_SURRENDER)))
- ret = SIGN_FINAL_FAILURE;
- if (ret == 0 &&
- (status = B_EncryptUpdate(rsaEncryptor, signature,
- &u_bytes, sig_len, work_area,
- w_bytes, NULL_PTR,
- NULL_SURRENDER)))
- ret = SIGN_FINAL_FAILURE;
-
- if (ret == 0 &&
- (status = B_EncryptFinal(rsaEncryptor, signature + u_bytes,
- &sign_len, sig_len - u_bytes,
- NULL_PTR, NULL_SURRENDER)))
- ret = SIGN_FINAL_FAILURE;
- B_DestroyAlgorithmObject(&rsaEncryptor);
- if (ret != 0)
- return (ret);
-
- }
- else {
- if (context == NULL)
- return (-1);
- *context = (void *) md5_ctx;
- }
- return (sign_len);
-}
-
-
-/*
- * Dst_bsafe_verify
- * Calls BSAFE verification routines. There are three steps to
- * verification, INIT (initialize structures), UPDATE (hash (more) data),
- * FINAL (generate a signature). This routine performs one or more of
- * these steps.
- * Parameters
- * mode SIG_MODE_INIT, SIG_MODE_UPDATE and/or SIG_MODE_FINAL.
- * dkey structure holds context for a verify done in multiple calls.
- * context the context to use for this computation
- * data data signed.
- * len length in bytes of data.
- * pub_key key to use for verify.
- * signature signature.
- * sig_len length in bytes of signature.
- * returns
- * 0 Success
- * <0 Failure
- */
-
-static int
-dst_bsafe_verify(const int mode, DST_KEY *dkey, void **context,
- const u_char *data, const int len,
- const u_char *signature, const int sig_len)
-{
- B_ALGORITHM_OBJ *md5_ctx = NULL;
- u_char digest[DST_HASH_SIZE];
- u_char work_area[DST_HASH_SIZE + sizeof(pkcs1)];
- int status = 0, w_bytes = 0;
- u_int u_bytes = 0;
-
- if (mode & SIG_MODE_INIT) {
- md5_ctx = (B_ALGORITHM_OBJ *) malloc(sizeof(B_ALGORITHM_OBJ));
- if ((status = B_CreateAlgorithmObject(md5_ctx)))
- return (-1);
- if ((status = B_SetAlgorithmInfo(*md5_ctx, AI_MD5, NULL)))
- return (-1);
- }
- else if (context)
- md5_ctx = (B_ALGORITHM_OBJ *) *context;
- if (md5_ctx == NULL)
- return (-1);
-
- w_bytes = dst_bsafe_md5digest(mode, md5_ctx, data, len,
- digest, sizeof(digest));
-
- if (w_bytes < 0 || (mode & SIG_MODE_FINAL)) {
- B_DestroyAlgorithmObject(md5_ctx);
- SAFE_FREE(md5_ctx);
- if (w_bytes < 0)
- return (-1);
- }
-
- if (mode & SIG_MODE_FINAL) {
- RSA_Key *key;
- int ret = 0;
- B_ALGORITHM_OBJ rsaEncryptor = (B_ALGORITHM_OBJ) NULL_PTR;
-
- if (dkey == NULL || dkey->dk_KEY_struct == NULL)
- return (-1);
- key = (RSA_Key *) dkey->dk_KEY_struct;
- if (key->rk_Public_Key == NULL)
- return (-2);
- if (rsaEncryptor == NULL_PTR) {
- if ((status = B_CreateAlgorithmObject(&rsaEncryptor)))
- ret = SIGN_FINAL_FAILURE;
- if (ret == 0 &&
- (status = B_SetAlgorithmInfo(rsaEncryptor,
- AI_PKCS_RSAPublic,
- NULL_PTR)))
- ret = VERIFY_FINAL_FAILURE;
- }
- if (ret == 0 &&
- (status = B_DecryptInit(rsaEncryptor, key->rk_Public_Key,
- CHOOSER, NULL_SURRENDER)))
- ret = VERIFY_FINAL_FAILURE;
-
- if (ret == 0 &&
- (status = B_DecryptUpdate(rsaEncryptor, work_area,
- &u_bytes, 0,
- (const u_char *) signature,
- sig_len,
- NULL_PTR, NULL_SURRENDER)))
- ret = VERIFY_FINAL_FAILURE;
-
- if (ret == 0 &&
- (status = B_DecryptFinal(rsaEncryptor, work_area + u_bytes,
- &u_bytes,
- sizeof(work_area) - u_bytes,
- NULL_PTR, NULL_SURRENDER)))
- ret = VERIFY_FINAL_FAILURE;
- B_DestroyAlgorithmObject(&rsaEncryptor);
- /* skip PKCS#1 header in output from Decrypt function */
- if (ret)
- return (ret);
- ret = memcmp(digest, &work_area[sizeof(pkcs1)], w_bytes);
- if (ret == 0)
- return(0);
- else
- return(VERIFY_FINAL_FAILURE);
- }
- else {
- if (context == NULL)
- return (-1);
- *context = (void *) md5_ctx;
- }
- return (0);
-}
-
-
-/*
- * dst_bsafe_to_dns_key
- * Converts key from RSA to DNS distribution format
- * This function gets in a pointer to the public key and a work area
- * to write the key into.
- * Parameters
- * public KEY structure
- * out_str buffer to write encoded key into
- * out_len size of out_str
- * Return
- * N >= 0 length of encoded key
- * n < 0 error
- */
-
-static int
-dst_bsafe_to_dns_key(const DST_KEY *in_key, u_char *out_str,
- const int out_len)
-{
- B_KEY_OBJ public;
- A_RSA_KEY *pub = NULL;
- u_char *op = out_str;
- int n = 0;
-
- if (in_key == NULL || in_key->dk_KEY_struct == NULL ||
- out_len <= 0 || out_str == NULL)
- return (-1);
- public = (B_KEY_OBJ)((RSA_Key *) in_key->dk_KEY_struct)->rk_Public_Key;
-
- n = B_GetKeyInfo((POINTER *) &pub, public, KI_RSAPublic);
- if (n != 0)
- return (-1);
-
- if (pub->exponent.len < 256) { /* key exponent is <= 2040 bits */
- if ((unsigned int)out_len < pub->exponent.len + 1)
- return (-1);
- *op++ = (u_int8_t) pub->exponent.len;
- } else { /* key exponent is > 2040 bits */
- u_int16_t e = (u_int16_t) pub->exponent.len;
- if ((unsigned int)out_len < pub->exponent.len + 3)
- return (-1);
- *op++ = 0; /* 3 byte length field */
- dst_s_put_int16(op, e);
- op += sizeof(e);
- n = 2;
- }
- n++;
- memcpy(op, pub->exponent.data, pub->exponent.len);
- op += pub->exponent.len;
- n += pub->exponent.len;
-
- if ((unsigned int)(out_len - n) >= pub->modulus.len) {
- /*copy exponent */
- memcpy(op, pub->modulus.data, pub->modulus.len);
- n += pub->modulus.len;
- }
- else
- n = -1;
- return (n);
-}
-
-
-/*
- * dst_bsafe_from_dns_key
- * Converts from a DNS KEY RR format to an RSA KEY.
- * Parameters
- * len Length in bytes of DNS key
- * key DNS key
- * name Key name
- * s_key DST structure that will point to the RSA key this routine
- * will build.
- * Return
- * 0 The input key, s_key or name was null.
- * 1 Success
- */
-static int
-dst_bsafe_from_dns_key(DST_KEY *s_key, const u_char *key, const int len)
-{
- int bytes;
- const u_char *key_ptr;
- RSA_Key *r_key;
- A_RSA_KEY *public;
-
- if (s_key == NULL || len < 0 || key == NULL)
- return (0);
-
- r_key = (RSA_Key *) s_key->dk_KEY_struct;
- if (r_key != NULL) /* do not reuse */
- s_key->dk_func->destroy(r_key);
-
- if (len == 0)
- return (1);
-
- if ((r_key = (RSA_Key *) malloc(sizeof(RSA_Key))) == NULL) {
- EREPORT(("dst_bsafe_from_dns_key(): Memory allocation error 1"));
- return (0);
- }
- memset(r_key, 0, sizeof(RSA_Key));
- s_key->dk_KEY_struct = (void *) r_key;
- r_key->rk_signer = strdup(s_key->dk_key_name);
-
- if (B_CreateKeyObject(&r_key->rk_Public_Key) != 0) {
- EREPORT(("dst_bsafe_from_dns_key(): Memory allocation error 3"));
- s_key->dk_func->destroy(r_key);
- return (0);
- }
- key_ptr = key;
- bytes = (int) *key_ptr++; /* length of exponent in bytes */
- if (bytes == 0) { /* special case for long exponents */
- bytes = (int) dst_s_get_int16(key_ptr);
- key_ptr += sizeof(u_int16_t);
- }
- if (bytes > MAX_RSA_MODULUS_LEN) {
- dst_bsafe_free_key_structure(r_key);
- return (-1);
- }
- if ((public = (A_RSA_KEY *) malloc(sizeof(A_RSA_KEY))) == NULL)
- return (0);
- memset(public, 0, sizeof(*public));
- public->exponent.len = bytes;
- if ((public->exponent.data = (u_char *) malloc(bytes)) == NULL)
- return (0);
- memcpy(public->exponent.data, key_ptr, bytes);
-
- key_ptr += bytes; /* beginning of modulus */
- bytes = len - bytes - 1; /* length of modulus */
-
- if (bytes > MAX_RSA_MODULUS_LEN) {
- dst_bsafe_free_key_structure(r_key);
- return (-1);
- }
- public->modulus.len = bytes;
- if ((public->modulus.data = (u_char *) malloc(bytes)) == NULL)
- return (0);
- memcpy(public->modulus.data, key_ptr, bytes);
-
- B_SetKeyInfo(r_key->rk_Public_Key, KI_RSAPublic, (POINTER) public);
-
- s_key->dk_id = (u_int16_t)
- dst_s_get_int16(&public->modulus.data[public->modulus.len - 3]);
- s_key->dk_key_size = dst_bsafe_key_size(r_key);
- SAFE_FREE(public->modulus.data);
- SAFE_FREE(public->exponent.data);
- SAFE_FREE(public);
- return (1);
-}
-
-
-/*
- * dst_bsafe_key_to_file_format
- * Encodes an RSA Key into the portable file format.
- * Parameters
- * rkey RSA KEY structure
- * buff output buffer
- * buff_len size of output buffer
- * Return
- * 0 Failure - null input rkey
- * -1 Failure - not enough space in output area
- * N Success - Length of data returned in buff
- */
-
-static int
-dst_bsafe_key_to_file_format(const DST_KEY *key, char *buff,
- const int buff_len)
-{
- char *bp;
- int len, b_len;
- B_KEY_OBJ rkey;
- A_PKCS_RSA_PRIVATE_KEY *private = NULL;
-
- if (key == NULL || key->dk_KEY_struct == NULL) /* no output */
- return (0);
- if (buff == NULL || buff_len <= (int) strlen(key_file_fmt_str))
- return (-1); /* no OR not enough space in output area */
-
- rkey = (B_KEY_OBJ)((RSA_Key *) key->dk_KEY_struct)->rk_Private_Key;
-
- B_GetKeyInfo((POINTER *) &private, rkey, KI_PKCS_RSAPrivate);
-
- memset(buff, 0, buff_len); /* just in case */
- /* write file header */
- sprintf(buff, key_file_fmt_str, KEY_FILE_FORMAT, KEY_RSA, "RSA");
-
- bp = strchr(buff, '\0');
- b_len = buff_len - (bp - buff);
- if ((len = dst_s_conv_bignum_u8_to_b64(bp, b_len, "Modulus: ",
- private->modulus.data,
- private->modulus.len)) <= 0)
- return (-1);
-
- bp += len;
- b_len -= len;
- if ((len = dst_s_conv_bignum_u8_to_b64(bp, b_len, "PublicExponent: ",
- private->publicExponent.data,
- private->publicExponent.len)) <= 0)
- return (-2);
-
- bp += len;
- b_len -= len;
- if ((len = dst_s_conv_bignum_u8_to_b64(bp, b_len, "PrivateExponent: ",
- private->privateExponent.data,
- private->privateExponent.len)) <= 0)
- return (-3);
- bp += len;
- b_len -= len;
-
- if ((len = dst_s_conv_bignum_u8_to_b64(bp, b_len, "Prime1: ",
- private->prime[0].data,
- private->prime[0].len)) < 0)
- return (-4);
- bp += len;
- b_len -= len;
-
- if ((len = dst_s_conv_bignum_u8_to_b64(bp, b_len, "Prime2: ",
- private->prime[1].data,
- private->prime[1].len)) < 0)
- return (-5);
- bp += len;
- b_len -= len;
-
- if ((len = dst_s_conv_bignum_u8_to_b64(bp, b_len, "Exponent1: ",
- private->primeExponent[0].data,
- private->primeExponent[0].len)) < 0)
- return (-6);
- bp += len;
- b_len -= len;
-
- if ((len = dst_s_conv_bignum_u8_to_b64(bp, b_len, "Exponent2: ",
- private->primeExponent[1].data,
- private->primeExponent[1].len)) < 0)
- return (-7);
- bp += len;
- b_len -= len;
-
- if ((len = dst_s_conv_bignum_u8_to_b64(bp, b_len, "Coefficient: ",
- private->coefficient.data,
- private->coefficient.len)) < 0)
- return (-8);
- bp += len;
- b_len -= len;
- return (buff_len - b_len);
-}
-
-
-/*
- * dst_bsafe_key_from_file_format
- * Converts contents of a private key file into a private RSA key.
- * Parameters
- * RSA_Key structure to put key into
- * buff buffer containing the encoded key
- * buff_len the length of the buffer
- * Return
- * n >= 0 Foot print of the key converted
- * n < 0 Error in conversion
- */
-
-static int
-dst_bsafe_key_from_file_format(DST_KEY *d_key, const char *buff,
- const int buff_len)
-{
- int status;
- char s[RAW_KEY_SIZE];
- int len, s_len = sizeof(s);
- int tag = -1;
- const char *p = buff;
- RSA_Key *b_key;
- A_RSA_KEY *public;
- A_PKCS_RSA_PRIVATE_KEY *private;
-
- if (d_key == NULL || buff == NULL || buff_len <= 0)
- return (-1);
-
- b_key = (RSA_Key *) malloc(sizeof(RSA_Key));
- public = (A_RSA_KEY *) malloc(sizeof(A_RSA_KEY));
- private = (A_PKCS_RSA_PRIVATE_KEY *)
- malloc(sizeof(A_PKCS_RSA_PRIVATE_KEY));
- if (b_key == NULL || private == NULL || public == NULL) {
- SAFE_FREE(b_key);
- SAFE_FREE(public);
- SAFE_FREE(private);
- return (-2);
- }
- memset(b_key, 0, sizeof(*b_key));
- memset(public, 0, sizeof(A_RSA_KEY));
- memset(private, 0, sizeof(A_PKCS_RSA_PRIVATE_KEY));
- d_key->dk_KEY_struct = (void *) b_key;
- if (!dst_s_verify_str(&p, "Modulus: "))
- return (-3);
- memset(s, 0, s_len);
- if ((len = dst_s_conv_bignum_b64_to_u8(&p, (u_char *)s, s_len)) == 0)
- return (-4);
-
- private->modulus.len = len;
- if ((private->modulus.data = malloc(len)) == NULL)
- return (-5);
- memcpy(private->modulus.data, s + s_len - len, len);
-
- while (*(++p) && p < (const char *) &buff[buff_len]) {
- if (dst_s_verify_str(&p, "PublicExponent: ")) {
- if (!(len = dst_s_conv_bignum_b64_to_u8(&p, (u_char *)s, s_len)))
- return (-5);
- private->publicExponent.len = len;
- if ((private->publicExponent.data = malloc(len))
- == NULL)
- return (-6);
- memcpy(private->publicExponent.data,
- s + s_len - len, len);
- } else if (dst_s_verify_str(&p, "PrivateExponent: ")) {
- if (!(len = dst_s_conv_bignum_b64_to_u8(&p, (u_char *)s, s_len)))
- return (-6);
- private->privateExponent.len = len;
- if ((private->privateExponent.data = malloc(len))
- == NULL)
- return (-7);
- memcpy(private->privateExponent.data, s + s_len - len,
- len);
- } else if (dst_s_verify_str(&p, "Prime1: ")) {
- if (!(len = dst_s_conv_bignum_b64_to_u8(&p, (u_char *)s,
- MAX_RSA_PRIME_LEN)))
- return (-7);
- private->prime[0].len = len;
- if ((private->prime[0].data = malloc(len)) == NULL)
- return (-8);
- memcpy(private->prime[0].data,
- s + MAX_RSA_PRIME_LEN - len, len);
- } else if (dst_s_verify_str(&p, "Prime2: ")) {
- if (!(len = dst_s_conv_bignum_b64_to_u8(&p, (u_char *)s,
- MAX_RSA_PRIME_LEN)))
- return (-8);
- private->prime[1].len = len;
- if ((private->prime[1].data = malloc(len)) == NULL)
- return (-9);
- memcpy(private->prime[1].data,
- s + MAX_RSA_PRIME_LEN - len, len);
- } else if (dst_s_verify_str(&p, "Exponent1: ")) {
- if (!(len = dst_s_conv_bignum_b64_to_u8(&p, (u_char *)s,
- MAX_RSA_PRIME_LEN)))
- return (-9);
- private->primeExponent[0].len = len;
- if ((private->primeExponent[0].data = malloc(len))
- == NULL)
- return (-10);
- memcpy(private->primeExponent[0].data,
- s + MAX_RSA_PRIME_LEN - len, len);
- } else if (dst_s_verify_str(&p, "Exponent2: ")) {
- if (!(len = dst_s_conv_bignum_b64_to_u8(&p, (u_char *)s,
- MAX_RSA_PRIME_LEN)))
- return (-10);
- private->primeExponent[1].len = len;
- if ((private->primeExponent[1].data = malloc(len))
- == NULL)
- return (-11);
- memcpy(private->primeExponent[1].data,
- s + MAX_RSA_PRIME_LEN - len, len);
- } else if (dst_s_verify_str(&p, "Coefficient: ")) {
- if (!(len = dst_s_conv_bignum_b64_to_u8(&p, (u_char *)s,
- MAX_RSA_PRIME_LEN)))
- return (-11);
- private->coefficient.len = len;
- if ((private->coefficient.data = malloc(len)) == NULL)
- return (-12);
- memcpy(private->coefficient.data,
- s + MAX_RSA_PRIME_LEN - len, len);
- } else {
- EREPORT(("Decode_RSAKey(): Bad keyword %s\n", p));
- return (-12);
- }
- } /* while p */
-
- public->modulus.len = private->modulus.len;
- if ((public->modulus.data = (u_char *) malloc(public->modulus.len)) ==
- NULL)
- return (-13);
- memcpy(public->modulus.data, private->modulus.data,
- private->modulus.len);
-
- public->exponent.len = private->publicExponent.len;
- if ((public->exponent.data = (u_char *) malloc(public->exponent.len))
- == NULL)
- return (-14);
- memcpy(public->exponent.data, private->publicExponent.data,
- private->publicExponent.len);
-
- status = B_CreateKeyObject(&(b_key->rk_Public_Key));
- if (status)
- return (-1);
- status = B_SetKeyInfo(b_key->rk_Public_Key, KI_RSAPublic,
- (POINTER) public);
- if (status)
- return (-1);
-
- status = B_CreateKeyObject(&b_key->rk_Private_Key);
- if (status)
- return (-1);
- status = B_SetKeyInfo(b_key->rk_Private_Key, KI_PKCS_RSAPrivate,
- (POINTER) private);
- if (status)
- return (-1);
-
- tag = (int)(u_int16_t)
- dst_s_get_int16(&public->modulus.data[public->modulus.len - 3]);
- d_key->dk_key_size = dst_bsafe_key_size(b_key);
-
- SAFE_FREE(private->modulus.data);
- SAFE_FREE(private->publicExponent.data);
- SAFE_FREE(private->privateExponent.data);
- SAFE_FREE(private->prime[0].data);
- SAFE_FREE(private->prime[1].data);
- SAFE_FREE(private->primeExponent[0].data);
- SAFE_FREE(private->primeExponent[1].data);
- SAFE_FREE(private->coefficient.data);
- SAFE_FREE(private); /* is this the right thing to do ??? XXXX */
- SAFE_FREE(public->modulus.data);
- SAFE_FREE(public->exponent.data);
- SAFE_FREE(public);
- return (tag);
-}
-
-
-/*
- * dst_bsafe_free_key_structure
- * Frees all dynamicly allocated structures in RSA_Key.
- */
-
-static void *
-dst_bsafe_free_key_structure(void *key)
-{
- RSA_Key *r_key = (RSA_Key *) key;
- if (r_key != NULL) {
- if (r_key->rk_Private_Key)
- B_DestroyKeyObject(&r_key->rk_Private_Key);
- if (r_key->rk_Public_Key)
- B_DestroyKeyObject(&r_key->rk_Public_Key);
- SAFE_FREE2(r_key->rk_signer, strlen(r_key->rk_signer));
- SAFE_FREE(r_key);
- }
- return (NULL);
-}
-
-
-/*
- * dst_bsafe_generate_keypair
- * Generates unique keys that are hard to predict.
- * Parameters
- * key generic Key structure
- * exp the public exponent
- * Return
- * 0 Failure
- * 1 Success
- */
-
-static int
-dst_bsafe_generate_keypair(DST_KEY *key, int exp)
-{
- int i, status;
- B_KEY_OBJ private;
- B_KEY_OBJ public;
- B_ALGORITHM_OBJ keypairGenerator;
- B_ALGORITHM_OBJ randomAlgorithm;
- A_RSA_KEY_GEN_PARAMS keygenParams;
- char exponent[4];
- int exponent_len;
- RSA_Key *rsa;
- POINTER randomSeed = NULL_PTR;
- int randomSeedLen;
- A_RSA_KEY *pk_access = NULL;
-
- if (key == NULL || key->dk_alg != KEY_RSA)
- return (0);
-
- if ((rsa = (RSA_Key *) malloc(sizeof(RSA_Key))) == NULL) {
- EREPORT(("dst_bsafe_generate_keypair: Memory allocation error 3"));
- return (0);
- }
- memset(rsa, 0, sizeof(*rsa));
-
- if ((status = B_CreateAlgorithmObject(&keypairGenerator)) != 0)
- return (0);
-
- keygenParams.modulusBits = key->dk_key_size;
-
- /* exp = 0 or 1 are special (mean 3 or F4) */
- if (exp == 0)
- exp = 3;
- else if (exp == 1)
- exp = 65537;
-
- /* Now encode the exponent and its length */
- if (exp < 256) {
- exponent_len = 1;
- exponent[0] = exp;
- } else if (exp < (1 << 16)) {
- exponent_len = 2;
- exponent[0] = exp >> 8;
- exponent[1] = exp;
- } else if (exp < (1 << 24)) {
- exponent_len = 3;
- exponent[0] = exp >> 16;
- exponent[1] = exp >> 8;
- exponent[2] = exp;
- } else {
- exponent_len = 4;
- exponent[0] = exp >> 24;
- exponent[1] = exp >> 16;
- exponent[2] = exp >> 8;
- exponent[3] = exp;
- }
-
- if ((keygenParams.publicExponent.data = (u_char *) malloc(exponent_len))
- == NULL)
- return (0);
- memcpy(keygenParams.publicExponent.data, exponent, exponent_len);
- keygenParams.publicExponent.len = exponent_len;
- if ((status = B_SetAlgorithmInfo
- (keypairGenerator, AI_RSAKeyGen, (POINTER) &keygenParams)) != 0)
- return (0);
-
- if ((status = B_GenerateInit(keypairGenerator, CHOOSER,
- NULL_SURRENDER)) != 0)
- return (0);
-
- if ((status = B_CreateKeyObject(&public)) != 0)
- return (0);
-
- if ((status = B_CreateKeyObject(&private)) != 0)
- return (0);
-
- if ((status = B_CreateAlgorithmObject(&randomAlgorithm)) != 0)
- return (0);
-
- if ((status = B_SetAlgorithmInfo(randomAlgorithm, AI_MD5Random,
- NULL_PTR))
- != 0)
- return (0);
-
- if ((status = B_RandomInit(randomAlgorithm, CHOOSER,
- NULL_SURRENDER)) != 0)
- return (0);
-
- randomSeedLen = 256;
- if ((randomSeed = malloc(randomSeedLen)) == NULL)
- return (0);
- if ((status = (randomSeed == NULL_PTR)) != 0)
- return (0);
-
- /* gets random seed from /dev/random if present, generates random
- * values if it is not present.
- * first fill the buffer with semi random data
- * then fill as much as possible with good random data
- */
- i = dst_random(DST_RAND_SEMI, randomSeedLen, randomSeed);
- i += dst_random(DST_RAND_KEY, randomSeedLen, randomSeed);
-
- if (i <= randomSeedLen) {
- SAFE_FREE(rsa);
- return(0);
- }
- if ((status = B_RandomUpdate(randomAlgorithm, randomSeed,
- randomSeedLen, NULL_SURRENDER)) != 0) {
- SAFE_FREE(rsa);
- return (0);
- }
- SAFE_FREE2(randomSeed, randomSeedLen);
- if ((status = B_GenerateKeypair(keypairGenerator, public, private,
- randomAlgorithm, NULL_SURRENDER))
- != 0) {
- SAFE_FREE(rsa);
- return (0);
- }
- rsa->rk_signer = strdup(key->dk_key_name);
- rsa->rk_Private_Key = private;
- rsa->rk_Public_Key = public;
- key->dk_KEY_struct = (void *) rsa;
-
- /* fill in the footprint on generate key */
- B_GetKeyInfo((POINTER *) &pk_access, public, KI_RSAPublic);
- key->dk_id = (u_int16_t)
- dst_s_get_int16(&pk_access->modulus.data[pk_access->modulus.len - 3]);
- return (1);
-}
-
-
-/**************************************************************************
- * dst_bsafe_compare_keys
- * Compare two keys for equality.
- * Return
- * 0 The keys are equal
- * NON-ZERO The keys are not equal
- */
-
-static int
-dst_s_bsafe_itemcmp(ITEM i1, ITEM i2)
-{
- if (i1.len != i2.len || memcmp (i1.data, i2.data, i1.len))
- return (1);
- else
- return (0);
-}
-
-static int
-dst_bsafe_compare_keys(const DST_KEY *key1, const DST_KEY *key2)
-{
- int status, s1 = 0, s2 = 0;
- RSA_Key *rkey1 = (RSA_Key *) key1->dk_KEY_struct;
- RSA_Key *rkey2 = (RSA_Key *) key2->dk_KEY_struct;
- A_RSA_KEY *public1 = NULL, *public2 = NULL;
- A_PKCS_RSA_PRIVATE_KEY *p1 = NULL, *p2 = NULL;
-
- if (rkey1 == NULL && rkey2 == NULL)
- return(0);
- else if (rkey1 == NULL)
- return (1);
- else if (rkey2 == NULL)
- return (2);
-
- if (rkey1->rk_Public_Key)
- B_GetKeyInfo((POINTER *) &public1, rkey1->rk_Public_Key,
- KI_RSAPublic);
- if (rkey2->rk_Public_Key)
- B_GetKeyInfo((POINTER *) &public2, rkey2->rk_Public_Key,
- KI_RSAPublic);
- if (public1 == NULL && public2 == NULL)
- return (0);
- else if (public1 == NULL || public2 == NULL)
- return (1);
-
- status = dst_s_bsafe_itemcmp(public1->modulus, public2->modulus) ||
- dst_s_bsafe_itemcmp(public1->exponent, public2->exponent);
-
- if (status)
- return (status);
-
- if (rkey1->rk_Private_Key == NULL || rkey2->rk_Private_Key == NULL)
- /* if neither or only one is private key consider identical */
- return (status);
- if (rkey1->rk_Private_Key)
- s1 = B_GetKeyInfo((POINTER *) &p1, rkey1->rk_Private_Key,
- KI_PKCS_RSAPrivate);
- if (rkey2->rk_Private_Key)
- s2 = B_GetKeyInfo((POINTER *) &p2, rkey2->rk_Private_Key,
- KI_PKCS_RSAPrivate);
- if (p1 == NULL || p2 == NULL)
- return (0);
-
- status = dst_s_bsafe_itemcmp(p1->modulus, p2->modulus) ||
- dst_s_bsafe_itemcmp (p1->publicExponent,
- p2->publicExponent) ||
- dst_s_bsafe_itemcmp (p1->privateExponent,
- p2->privateExponent) ||
- dst_s_bsafe_itemcmp (p1->prime[0], p2->prime[0]) ||
- dst_s_bsafe_itemcmp (p1->prime[1], p2->prime[1]) ||
- dst_s_bsafe_itemcmp (p1->primeExponent[0],
- p2->primeExponent[0])||
- dst_s_bsafe_itemcmp (p1->primeExponent[1],
- p2->primeExponent[1])||
- dst_s_bsafe_itemcmp (p1->coefficient, p2->coefficient);
- return (status);
-}
-
-
-/*
- * dst_bsafe_key_size()
- * Function to calculate how the size of the key in bits
- */
-static int
-dst_bsafe_key_size(RSA_Key *r_key)
-{
- int size;
- A_PKCS_RSA_PRIVATE_KEY *private = NULL;
-
- if (r_key == NULL)
- return (-1);
- if (r_key->rk_Private_Key)
- B_GetKeyInfo((POINTER *) &private, r_key->rk_Private_Key,
- KI_PKCS_RSAPrivate);
- else if (r_key->rk_Public_Key)
- B_GetKeyInfo((POINTER *) &private, r_key->rk_Public_Key,
- KI_RSAPublic);
- size = dst_s_calculate_bits(private->modulus.data,
- private->modulus.len * 8);
- return (size);
-}
-
-/*
- * dst_bsafe_md5digest(): function to digest data using MD5 digest function
- * if needed
- */
-static int
-dst_bsafe_md5digest(const int mode, B_ALGORITHM_OBJ *digest_obj,
- const u_char *data, const int len,
- u_char *digest, const int digest_len)
-{
- int status = 0;
- u_int work_size = 0;
-
- if (digest_obj == NULL || *digest_obj == NULL) {
- printf("NO digest obj\n");
- exit(-33);
- }
-
- if ((mode & SIG_MODE_INIT) &&
- (status = B_DigestInit(*digest_obj, (B_KEY_OBJ) NULL,
- CHOOSER, NULL_SURRENDER)))
- return (SIGN_INIT_FAILURE);
-
- if ((mode & SIG_MODE_UPDATE) && data && (len > 0) &&
- (status = B_DigestUpdate(*digest_obj, data, len, NULL_SURRENDER)))
- return (SIGN_UPDATE_FAILURE);
-
- if (mode & SIG_MODE_FINAL) {
- if (digest == NULL ||
- (status = B_DigestFinal(*digest_obj, digest, &work_size,
- digest_len, NULL_SURRENDER)))
- return (SIGN_FINAL_FAILURE);
- return (work_size);
- }
- return (0);
-}
-
-/*
- * just use the standard memory functions for bsafe
- */
-void
-T_free(POINTER block)
-{
- free(block);
-}
-
-POINTER
-T_malloc(unsigned int len)
-{
- return (malloc(len));
-}
-
-int
-T_memcmp(CPOINTER firstBlock, CPOINTER secondBlock, unsigned int len)
-{
- return (memcmp(firstBlock, secondBlock, len));
-}
-
-void
-T_memcpy(POINTER output, CPOINTER input, unsigned int len)
-{
- memcpy(output, input, len);
-}
-
-void
-T_memmove(POINTER output, POINTER input, unsigned int len)
-{
- memmove(output, input, len);
-}
-
-void
-T_memset(POINTER output, int value, unsigned int len)
-{
- memset(output, value, len);
-}
-
-POINTER
-T_realloc(POINTER block, unsigned int len)
-{
- return (realloc(block, len));
-}
-
-#else /* BSAFE NOT available */
-int
-dst_bsafe_init()
-{
- return (0);
-}
-#endif /* BSAFE */
+++ /dev/null
-#ifdef CYLINK_DSS
-static const char rcsid[] = "$Header: /u0/home/explorer/proj/ISC/git-conversion/cvsroot/bind9/lib/bind/dst/Attic/cylink_link.c,v 1.1 2001/03/29 06:31:31 marka Exp $";
-
-/*
- * Portions Copyright (c) 1995-1998 by Trusted Information Systems, Inc.
- *
- * Permission to use, copy modify, and distribute this software for any
- * purpose with or without fee is hereby granted, provided that the above
- * copyright notice and this permission notice appear in all copies.
- *
- * THE SOFTWARE IS PROVIDED "AS IS" AND TRUSTED INFORMATION SYSTEMS
- * DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL
- * TRUSTED INFORMATION SYSTEMS BE LIABLE FOR ANY SPECIAL, DIRECT,
- * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING
- * FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT,
- * NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION
- * WITH THE USE OR PERFORMANCE OF THE SOFTWARE.
- */
-/*
- * This file contains two components
- * 1. Interface to the CYLINK library to allow compilation of Bind
- * with TIS/DNSSEC when CYLINK is not available
- * all calls to CYLINK are contained inside this file.
- * 2. The glue to connvert DSA KEYS to and from external formats
- */
-#include "port_before.h"
-
-#include <stdio.h>
-#include <unistd.h>
-#include <stdlib.h>
-#include <string.h>
-#include <memory.h>
-#include <sys/param.h>
-#include <sys/time.h>
-#include <netinet/in.h>
-
-#include "dst_internal.h"
-#include <toolkit.h>
-
-#include "port_after.h"
-
-typedef struct cylinkkey {
- char *dk_signer;
- uchar *dk_p;
- uchar *dk_q;
- uchar *dk_g;
- uchar *dk_x;
- uchar *dk_y;
- ushort dk_p_bytes;
-} DSA_Key;
-
-#define NULL_PRIV_KEY(k)(k == NULL || k->dk_p == NULL || k->dk_q == NULL || \
- k->dk_g == NULL || k->dk_x == NULL)
-#define NULL_PUB_KEY(k)(k == NULL || k->dk_p == NULL || k->dk_q == NULL || \
- k->dk_g == NULL || k->dk_y == NULL)
-
-static int dst_cylink_sign(const int mode, DST_KEY *dkey, void **context,
- const u_char *data, const int len,
- u_char *signature, const int sig_len);
-
-static int dst_cylink_verify(const int mode, DST_KEY *dkey, void **context,
- const u_char *data, const int len,
- const u_char *signature, const int sig_len);
-
-static int dst_cylink_to_dns_key(const DST_KEY *in_key, u_char *out_str,
- const int out_len);
-static int dst_cylink_from_dns_key(DST_KEY *s_key, const u_char *key,
- const int len);
-static int dst_cylink_key_to_file_format(const DST_KEY *key, char *buff,
- const int buff_len);
-static int dst_cylink_key_from_file_format(DST_KEY *d_key,
- const char *buff,
- const int buff_len);
-static void *dst_cylink_free_key_structure(void *key);
-
-static int dst_cylink_generate_keypair(DST_KEY *key, int exp);
-static int dst_cylink_compare_keys(const DST_KEY *key1, const DST_KEY *key2);
-
-static void *memcpyend(void *dest, const void *src, size_t n, size_t size);
-
-/*
- * dst_cylink_init() Function to answer set up function pointers for
- * CYLINK related functions
- */
-int
-dst_cylink_init()
-{
- if (dst_t_func[KEY_DSA] != NULL)
- return (1);
- dst_t_func[KEY_DSA] = malloc(sizeof(struct dst_func));
- if (dst_t_func[KEY_DSA] == NULL)
- return (0);
- memset(dst_t_func[KEY_DSA], 0, sizeof(struct dst_func));
- dst_t_func[KEY_DSA]->sign = dst_cylink_sign;
- dst_t_func[KEY_DSA]->verify = dst_cylink_verify;
- dst_t_func[KEY_DSA]->compare = dst_cylink_compare_keys;
- dst_t_func[KEY_DSA]->generate = dst_cylink_generate_keypair;
- dst_t_func[KEY_DSA]->destroy = dst_cylink_free_key_structure;
- dst_t_func[KEY_DSA]->from_dns_key = dst_cylink_from_dns_key;
- dst_t_func[KEY_DSA]->to_dns_key = dst_cylink_to_dns_key;
- dst_t_func[KEY_DSA]->from_file_fmt = dst_cylink_key_from_file_format;
- dst_t_func[KEY_DSA]->to_file_fmt = dst_cylink_key_to_file_format;
- SetDataOrder(1);
- return (1);
-}
-
-/*
- * dst_cylink_sign
- * Call CYLINK signing functions to sign a block of data.
- * There are three steps to signing, INIT (initialize structures),
- * UPDATE (hash (more) data), FINAL (generate a signature). This
- * routine performs one or more of these steps.
- * Parameters
- * mode SIG_MODE_INIT, SIG_MODE_UPDATE and/or SIG_MODE_FINAL.
- * algobj structure holds context for a sign done in multiple calls.
- * context the context to use for this computation
- * data data to be signed.
- * len length in bytes of data.
- * priv_key key to use for signing.
- * signature location to store signature.
- * sig_len size in bytes of signature field.
- * returns
- * N Success on SIG_MODE_FINAL = returns signature length in bytes
- * N is 41 for DNS
- * 0 Success on SIG_MODE_INIT and UPDATE
- * <0 Failure
- */
-
-static int
-dst_cylink_sign(const int mode, DST_KEY *dkey, void **context,
- const u_char *data, const int len,
- u_char *signature, const int sig_len)
-{
- int sign_len = 0;
- int status;
- SHA_context *ctx = NULL;
-
- if (mode & SIG_MODE_INIT)
- ctx = (SHA_context *) malloc(sizeof(SHA_context));
- else if (context)
- ctx = (SHA_context *) *context;
- if (ctx == NULL)
- return (-1);
-
- if (mode & SIG_MODE_INIT)
- SHAInit(ctx);
-
- if ((mode & SIG_MODE_UPDATE) && (data && len > 0)) {
- status = SHAUpdate(ctx, data, len);
- if (status != SUCCESS)
- return (SIGN_UPDATE_FAILURE);
- }
- if (mode & SIG_MODE_FINAL) {
- DSA_Key *key;
- uchar digest[SHA_LENGTH];
- uchar rand[SHA_LENGTH];
- uchar r[SHA_LENGTH], s[SHA_LENGTH];
-
- if (signature == NULL || sig_len < 2 * SHA_LENGTH)
- return (SIGN_FINAL_FAILURE);
- if ((status = SHAFinal(ctx, digest)) != SUCCESS)
- return (SIGN_FINAL_FAILURE);
- SAFE_FREE(ctx);
- if (dkey == NULL || dkey->dk_KEY_struct == NULL)
- return (-1);
- key = (DSA_Key *) dkey->dk_KEY_struct;
- if (NULL_PRIV_KEY(key))
- return (-2);
- dst_random(DST_RAND_STD, sizeof(rand), rand);
- status = GenDSSSignature(key->dk_p_bytes, key->dk_p,
- key->dk_q, key->dk_g, key->dk_x,
- rand, r, s, digest);
- if (status != SUCCESS)
- return (SIGN_FINAL_FAILURE);
- *signature = (dkey->dk_key_size - 512)/64;
- sign_len = 1;
- memcpy(signature + sign_len, r, SHA_LENGTH);
- sign_len += SHA_LENGTH;
- memcpy(signature + sign_len, s, SHA_LENGTH);
- sign_len += SHA_LENGTH;
- }
- else {
- if (context == NULL)
- return (-1);
- *context = (void *) ctx;
- }
- return (sign_len);
-}
-
-
-/*
- * Dst_cylink_verify
- * Calls CYLINK verification routines. There are three steps to
- * verification, INIT (initialize structures), UPDATE (hash (more) data),
- * FINAL (generate a signature). This routine performs one or more of
- * these steps.
- * Parameters
- * mode SIG_MODE_INIT, SIG_MODE_UPDATE and/or SIG_MODE_FINAL.
- * dkey structure holds context for a verify done in multiple calls.
- * context algorithm specific context for the current context processing
- * data data signed.
- * len length in bytes of data.
- * pub_key key to use for verify.
- * signature signature.
- * sig_len length in bytes of signature.
- * returns
- * 0 Success
- * <0 Failure
- */
-
-static int
-dst_cylink_verify(const int mode, DST_KEY *dkey, void **context,
- const u_char *data, const int len,
- const u_char *signature, const int sig_len)
-{
- int status;
- SHA_context *ctx = NULL;
-
- if (mode & SIG_MODE_INIT)
- ctx = (SHA_context *) malloc(sizeof(SHA_context));
- else if (context)
- ctx = (SHA_context *) *context;
- if (ctx == NULL)
- return (-1);
-
- if (mode & SIG_MODE_INIT)
- SHAInit(ctx);
-
- if ((mode & SIG_MODE_UPDATE) && (data && len > 0)) {
- status = SHAUpdate(ctx, data, len);
- if (status != SUCCESS)
- return (VERIFY_UPDATE_FAILURE);
- }
- if (mode & SIG_MODE_FINAL) {
- DSA_Key *key;
- uchar digest[SHA_LENGTH];
- uchar r[SHA_LENGTH], s[SHA_LENGTH];
-
- if (dkey == NULL || dkey->dk_KEY_struct == NULL)
- return (-1);
- key = (DSA_Key *) dkey->dk_KEY_struct;
- if (NULL_PUB_KEY(key))
- return (-2);
- if (signature == NULL || sig_len != (2 * SHA_LENGTH +1))
- return (SIGN_FINAL_FAILURE);
- status = SHAFinal(ctx, digest);
- SAFE_FREE(ctx);
- if (status != SUCCESS)
- return (SIGN_FINAL_FAILURE);
- if (((int)*signature) != ((key->dk_p_bytes -64)/8))
- return(VERIFY_FINAL_FAILURE);
-
- memcpy(r, signature +1, SHA_LENGTH);
- memcpy(s, signature + SHA_LENGTH +1, SHA_LENGTH);
- status = VerDSSSignature(key->dk_p_bytes, key->dk_p,
- key->dk_q, key->dk_g, key->dk_y,
- r, s, digest);
- if (status != SUCCESS)
- return (VERIFY_FINAL_FAILURE);
- }
- else {
- if (context == NULL)
- return (-1);
- *context = (void *) ctx;
- }
- return (0);
-}
-
-
-/*
- * dst_cylink_to_dns_key
- * Converts key from DSA to DNS distribution format
- * This function gets in a pointer to the public key and a work area
- * to write the key into.
- * Parameters
- * public KEY structure
- * out_str buffer to write encoded key into
- * out_len size of out_str
- * Return
- * N >= 0 length of encoded key
- * n < 0 error
- */
-
-static int
-dst_cylink_to_dns_key(const DST_KEY *in_key, u_char *out_str,
- const int out_len)
-{
- u_char *op = out_str;
- int t;
- DSA_Key *key;
-
- if (in_key == NULL || in_key->dk_KEY_struct == NULL ||
- out_len <= 0 || out_str == NULL)
- return (-1);
- key = (DSA_Key *) in_key->dk_KEY_struct;
-
- t = (key->dk_p_bytes - 64) / 8;
-
- *op++ = t;
- memcpy(op, key->dk_q, SHA_LENGTH);
- op += SHA_LENGTH;
- memcpy(op, key->dk_p, key->dk_p_bytes);
- op += key->dk_p_bytes;
- memcpy(op, key->dk_g, key->dk_p_bytes);
- op += key->dk_p_bytes;
- memcpy(op, key->dk_y, key->dk_p_bytes);
- op += key->dk_p_bytes;
-
- return (op - out_str);
-}
-
-
-/*
- * dst_cylink_from_dns_key
- * Converts from a DNS KEY RR format to an RSA KEY.
- * Parameters
- * len Length in bytes of DNS key
- * key DNS key
- * name Key name
- * s_key DST structure that will point to the RSA key this routine
- * will build.
- * Return
- * 0 The input key, s_key or name was null.
- * 1 Success
- */
-static int
-dst_cylink_from_dns_key(DST_KEY *s_key, const u_char *key, const int len)
-{
- int t;
- const u_char *key_ptr = key;
- DSA_Key *d_key;
-
- if (s_key == NULL || len < 0 || key == NULL)
- return (0);
-
- if (len == 0) /* process null key */
- return (1);
-
- if (key_ptr == NULL)
- return (0);
- t = (int) *key_ptr++; /* length of exponent in bytes */
-
- if ((3 * (t * 8 + 64) + SHA_LENGTH + 1) != len)
- return (0);
-
- if ((d_key = (DSA_Key *) malloc(sizeof(DSA_Key))) == NULL) {
- EREPORT(("dst_cylink_from_dns_key(): Memory allocation error 1"));
- return (0);
- }
- memset(d_key, 0, sizeof(DSA_Key));
- s_key->dk_KEY_struct = (void *) d_key;
- d_key->dk_signer = strdup(s_key->dk_key_name);
- d_key->dk_p_bytes = 64 + 8 * t;
-
- if ((d_key->dk_q = (uchar *) malloc(SHA_LENGTH)) == NULL)
- return (0);
- memcpy(d_key->dk_q, key_ptr, SHA_LENGTH);
- key_ptr += SHA_LENGTH;
-
- if ((d_key->dk_p = (uchar *) malloc(d_key->dk_p_bytes)) == NULL)
- return (0);
- memcpy(d_key->dk_p, key_ptr, d_key->dk_p_bytes);
- key_ptr += d_key->dk_p_bytes;
-
- if ((d_key->dk_g = (uchar *) malloc(d_key->dk_p_bytes)) == NULL)
- return (0);
- memcpy(d_key->dk_g, key_ptr, d_key->dk_p_bytes);
- key_ptr += d_key->dk_p_bytes;
-
- if ((d_key->dk_y = (uchar *) malloc(d_key->dk_p_bytes)) == NULL)
- return (0);
- memcpy(d_key->dk_y, key_ptr, d_key->dk_p_bytes);
- key_ptr += d_key->dk_p_bytes;
-
- s_key->dk_id = dst_s_id_calc(key, len);
- s_key->dk_key_size = d_key->dk_p_bytes * 8;
- return (1);
-}
-
-
-/**************************************************************************
- * dst_cylink_key_to_file_format
- * Encodes an DSA Key into the portable file format.
- * Parameters
- * key DSA KEY structure
- * buff output buffer
- * buff_len size of output buffer
- * Return
- * 0 Failure - null input rkey
- * -1 Failure - not enough space in output area
- * N Success - Length of data returned in buff
- */
-
-static int
-dst_cylink_key_to_file_format(const DST_KEY *key, char *buff,
- const int buff_len)
-{
- char *bp;
- int len, b_len;
- DSA_Key *dkey;
- u_char num[256]; /* More than long enough for DSA keys */
-
- if (key == NULL || key->dk_KEY_struct == NULL) /* no output */
- return (0);
- if (buff == NULL || buff_len <= (int) strlen(key_file_fmt_str))
- return (-1); /* no OR not enough space in output area */
-
- dkey = (DSA_Key *) key->dk_KEY_struct;
-
- memset(buff, 0, buff_len); /* just in case */
- /* write file header */
- sprintf(buff, key_file_fmt_str, KEY_FILE_FORMAT, KEY_DSA, "DSA");
-
- bp = (char *) strchr(buff, '\0');
- b_len = buff_len - (bp - buff);
- memcpy(num, dkey->dk_p, dkey->dk_p_bytes);
- if ((len = dst_s_conv_bignum_u8_to_b64(bp, b_len, "Prime(p): ",
- num, dkey->dk_p_bytes)) <= 0)
- return (-1);
-
- bp = (char *) strchr(buff, '\0');
- b_len = buff_len - (bp - buff);
- memcpy(num, dkey->dk_q, dkey->dk_p_bytes);
- if ((len = dst_s_conv_bignum_u8_to_b64(bp, b_len, "Subprime(q): ",
- num, SHA_LENGTH)) <= 0)
- return (-2);
-
- bp = (char *) strchr(buff, '\0');
- b_len = buff_len - (bp - buff);
- memcpy(num, dkey->dk_g, dkey->dk_p_bytes);
- if ((len = dst_s_conv_bignum_u8_to_b64(bp, b_len, "Base(g): ",
- num, dkey->dk_p_bytes)) <= 0)
- return (-3);
-
- bp = (char *) strchr(buff, '\0');
- b_len = buff_len - (bp - buff);
- memcpy(num, dkey->dk_x, dkey->dk_p_bytes);
- if ((len = dst_s_conv_bignum_u8_to_b64(bp, b_len, "Private_value(x): ",
- num, SHA_LENGTH)) <= 0)
- return (-4);
-
- bp = (char *) strchr(buff, '\0');
- b_len = buff_len - (bp - buff);
- memcpy(num, dkey->dk_y, dkey->dk_p_bytes);
- if ((len = dst_s_conv_bignum_u8_to_b64(bp, b_len, "Public_value(y): ",
- num, dkey->dk_p_bytes)) <= 0)
- return (-4);
-
- bp += len;
- b_len -= len;
- return (buff_len - b_len);
-}
-
-
-/**************************************************************************
- * dst_cylink_key_from_file_format
- * Converts contents of a private key file into a private DSA key.
- * Parameters
- * DSA_Key structure to put key into
- * buff buffer containing the encoded key
- * buff_len the length of the buffer
- * Return
- * n >= 0 Foot print of the key converted
- * n < 0 Error in conversion
- */
-
-static int
-dst_cylink_key_from_file_format(DST_KEY *d_key, const char *buff,
- const int buff_len)
-{
- u_char s[DSS_LENGTH_MAX];
- u_char dns[1024];
- int len, s_len = sizeof(s);
- int foot = -1, dnslen;
- const char *p = buff;
- DSA_Key *dsa_key;
-
- if (d_key == NULL || buff == NULL || buff_len <= 0)
- return (-1);
-
- dsa_key = (DSA_Key *) malloc(sizeof(DSA_Key));
- if (dsa_key == NULL) {
- return (-2);
- }
- memset(dsa_key, 0, sizeof(*dsa_key));
- d_key->dk_KEY_struct = (void *) dsa_key;
-
- if (!dst_s_verify_str(&p, "Prime(p): "))
- return (-3);
- memset(s, 0, s_len);
- if ((len = dst_s_conv_bignum_b64_to_u8(&p, s, s_len)) == 0)
- return (-4);
- dsa_key->dk_p_bytes = len;
- if ((dsa_key->dk_p = malloc(len)) == NULL)
- return (-5);
- memcpy(dsa_key->dk_p, s + s_len - len, len);
-
- while (*++p && p < (const char *) &buff[buff_len]) {
- if (dst_s_verify_str(&p, "Subprime(q): ")) {
- if (!(len = dst_s_conv_bignum_b64_to_u8(&p, s, s_len)))
- return (-6);
- if ((dsa_key->dk_q = malloc(SHA_LENGTH)) == NULL)
- return (-7);
- memcpyend(dsa_key->dk_q, s + s_len - len, len,
- SHA_LENGTH);
- } else if (dst_s_verify_str(&p, "Base(g): ")) {
- if (!(len = dst_s_conv_bignum_b64_to_u8(&p, s, s_len)))
- return (-8);
- if ((dsa_key->dk_g = malloc(dsa_key->dk_p_bytes))
- == NULL)
- return (-9);
- memcpyend(dsa_key->dk_g, s + s_len - len, len,
- dsa_key->dk_p_bytes);
- } else if (dst_s_verify_str(&p, "Private_value(x): ")) {
- if (!(len = dst_s_conv_bignum_b64_to_u8(&p, s, s_len)))
- return (-10);
- if ((dsa_key->dk_x = malloc(SHA_LENGTH)) == NULL)
- return (-11);
- memcpyend(dsa_key->dk_x, s + s_len - len, len,
- SHA_LENGTH);
- } else if (dst_s_verify_str(&p, "Public_value(y): ")) {
- if (!(len = dst_s_conv_bignum_b64_to_u8(&p, s, s_len)))
- return (-10);
- if ((dsa_key->dk_y = malloc(dsa_key->dk_p_bytes))
- == NULL)
- return (-11);
- memcpyend(dsa_key->dk_y, s + s_len - len, len,
- dsa_key->dk_p_bytes);
- } else {
- EREPORT(("Decode_DSAKey(): Bad keyword %s\n", p));
- return (-12);
- }
- } /* while p */
-
- d_key->dk_key_size = dsa_key->dk_p_bytes * 8;
- dnslen = d_key->dk_func->to_dns_key(d_key, dns, sizeof(dns));
- foot = dst_s_id_calc(dns, dnslen);
-
- return (foot);
-}
-
-
-/**************************************************************************
- * dst_cylink_free_key_structure
- * Frees all dynamicly allocated structures in DSA_Key.
- */
-
-static void *
-dst_cylink_free_key_structure(void *key)
-{
- DSA_Key *d_key = (DSA_Key *) key;
- if (d_key != NULL) {
- SAFE_FREE(d_key->dk_signer);
- SAFE_FREE(d_key->dk_p);
- SAFE_FREE(d_key->dk_q);
- SAFE_FREE(d_key->dk_g);
- SAFE_FREE(d_key->dk_x);
- SAFE_FREE(d_key->dk_y);
- SAFE_FREE(d_key);
- }
- return (NULL);
-}
-
-
-/**************************************************************************
- * dst_cylink_generate_keypair
- * Generates unique keys that are hard to predict.
- * Parameters
- * key generic Key structure
- * exp the public exponent
- * Return
- * 0 Failure
- * 1 Success
- */
-
-static int
-dst_cylink_generate_keypair(DST_KEY *key, int nothing)
-{
- int status, dnslen, n;
- DSA_Key *dsa;
- u_char rand[SHA_LENGTH];
- u_char dns[1024];
-
- UNUSED(nothing);
-
- if (key == NULL || key->dk_alg != KEY_DSA)
- return (0);
-
- if ((dsa = (DSA_Key *) malloc(sizeof(DSA_Key))) == NULL) {
- EREPORT(("dst_cylink_generate_keypair: Memory allocation error 3"));
- return (0);
- }
- memset(dsa, 0, sizeof(*dsa));
-
- dsa->dk_p_bytes = key->dk_key_size / 8;
- dsa->dk_p = (uchar *) malloc(dsa->dk_p_bytes);
- dsa->dk_q = (uchar *) malloc(SHA_LENGTH);
- dsa->dk_g = (uchar *) malloc(dsa->dk_p_bytes);
- dsa->dk_x = (uchar *) malloc(SHA_LENGTH);
- dsa->dk_y = (uchar *) malloc(dsa->dk_p_bytes);
- if (!dsa->dk_p || !dsa->dk_q || !dsa->dk_g || !dsa->dk_x || !dsa->dk_y) {
- EREPORT(("dst_cylink_generate_keypair: Memory allocation error 4"));
- return (0);
- }
- n = dst_random(DST_RAND_KEY, sizeof(rand), rand);
- if (n != sizeof(rand))
- return (0);
- status = GenDSSParameters(dsa->dk_p_bytes, dsa->dk_p, dsa->dk_q,
- dsa->dk_g, rand, NULL);
- if (status != SUCCESS)
- return (0);
-
- status = GenDSSKey(dsa->dk_p_bytes, dsa->dk_p, dsa->dk_q, dsa->dk_g,
- dsa->dk_x, dsa->dk_y, rand);
- if (status != SUCCESS)
- return (0);
- memset(rand, 0, sizeof(rand));
- key->dk_KEY_struct = (void *) dsa;
- dnslen = key->dk_func->to_dns_key(key, dns, sizeof(dns));
- key->dk_id = dst_s_id_calc(dns, dnslen);
- return (1);
-}
-
-
-/*
- * dst_cylink_compare_keys
- * Compare two keys for equality.
- * Return
- * 0 The keys are equal
- * NON-ZERO The keys are not equal
- */
-
-static int
-dst_cylink_compare_keys(const DST_KEY *key1, const DST_KEY *key2)
-{
- int status;
- DSA_Key *dkey1 = (DSA_Key *) key1->dk_KEY_struct;
- DSA_Key *dkey2 = (DSA_Key *) key2->dk_KEY_struct;
-
- if (dkey1 == NULL && dkey2 == NULL)
- return (0);
- else if (dkey1 == NULL)
- return (2);
- else if (dkey2 == NULL)
- return(1);
-
- if (dkey1->dk_p_bytes != dkey2->dk_p_bytes)
- return (201);
- status = memcmp(dkey1->dk_p, dkey2->dk_p, dkey1->dk_p_bytes) ||
- memcmp(dkey1->dk_q, dkey2->dk_q, SHA_LENGTH) ||
- memcmp(dkey1->dk_g, dkey2->dk_g, dkey1->dk_p_bytes) ||
- memcmp(dkey1->dk_y, dkey2->dk_y, dkey1->dk_p_bytes);
- if (status)
- return (status);
- if (dkey1->dk_x || dkey2->dk_x) {
- if (dkey1->dk_x == NULL || dkey2->dk_x == NULL)
- return (202);
- return (memcmp(dkey1->dk_x, dkey2->dk_x, dkey1->dk_p_bytes));
- } else
- return (0);
-}
-
-static void *
-memcpyend(void *dest, const void *src, size_t n, size_t size) {
- if (n < size)
- memset(dest, 0, size - n);
- memcpy((char *)dest + size - n, src, n);
- return dest;
-}
-
-#else
-int
-dst_cylink_init()
-{
- return (0);
-}
-#endif /* CYLINK */
#ifndef LINT
-static const char rcsid[] = "$Header: /u0/home/explorer/proj/ISC/git-conversion/cvsroot/bind9/lib/bind/dst/Attic/dst_api.c,v 1.2 2001/04/02 09:42:20 marka Exp $";
+static const char rcsid[] = "$Header: /u0/home/explorer/proj/ISC/git-conversion/cvsroot/bind9/lib/bind/dst/Attic/dst_api.c,v 1.3 2001/04/03 00:28:10 bwelling Exp $";
#endif
/*
}
memset(dst_t_func, 0, sizeof(dst_t_func));
/* first one is selected */
- dst_bsafe_init();
- dst_rsaref_init();
dst_hmac_md5_init();
- dst_eay_dss_init();
- dst_cylink_init();
}
/*
return -1;
}
}
-
-/*
- * dst_random
- * function that multiplexes number of random number generators
- * Parameters
- * mode: select the random number generator
- * wanted is how many bytes of random data are requested
- * outran is a buffer of size at least wanted for the output data
- *
- * Returns
- * number of bytes written to outran
- */
-int
-dst_random(const int mode, int wanted, u_char *outran)
-{
- u_int32_t *buff = NULL, *bp = NULL;
- int i;
- if (wanted <= 0 || outran == NULL)
- return (0);
-
- switch (mode) {
- case DST_RAND_SEMI:
- bp = buff = (u_int32_t *) malloc(wanted+sizeof(u_int32_t));
- for (i = 0; i < wanted; i+= sizeof(u_int32_t), bp++) {
- *bp = dst_s_quick_random(i);
- }
- memcpy(outran, buff, wanted);
- SAFE_FREE(buff);
- return (wanted);
- case DST_RAND_STD:
- return (dst_s_semi_random(outran, wanted));
- case DST_RAND_KEY:
- return (dst_s_random(outran, wanted));
- case DST_RAND_DSS:
- default:
- /* need error case here XXX OG */
- return (0);
- }
-}
-
FILE *dst_s_fopen (const char *filename, const char *mode, int perm);
-/* from file prandom.c */
-int dst_s_random( u_int8_t *output, int size);
-int dst_s_semi_random( u_int8_t *output, int size);
-u_int32_t dst_s_quick_random( int inc);
-void dst_s_quick_random_set( u_int32_t val, u_int32_t cnt);
-
/*
* read and write network byte order into u_int?_t
* all of these should be retired
+++ /dev/null
-#ifdef EAY_DSS
-static const char rcsid[] = "$Header: /u0/home/explorer/proj/ISC/git-conversion/cvsroot/bind9/lib/bind/dst/Attic/eay_dss_link.c,v 1.1 2001/03/29 06:31:31 marka Exp $";
-
-/*
- * Portions Copyright (c) 1995-1998 by Trusted Information Systems, Inc.
- *
- * Permission to use, copy modify, and distribute this software for any
- * purpose with or without fee is hereby granted, provided that the above
- * copyright notice and this permission notice appear in all copies.
- *
- * THE SOFTWARE IS PROVIDED "AS IS" AND TRUSTED INFORMATION SYSTEMS
- * DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL
- * TRUSTED INFORMATION SYSTEMS BE LIABLE FOR ANY SPECIAL, DIRECT,
- * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING
- * FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT,
- * NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION
- * WITH THE USE OR PERFORMANCE OF THE SOFTWARE.
- */
-/*
- * This file contains two components
- * 1. Interface to the EAY libcrypto library to allow compilation of Bind
- * with TIS/DNSSEC when EAY libcrypto is not available
- * all calls to libcrypto are contained inside this file.
- * 2. The glue to connvert DSA KEYS to and from external formats
- */
-#include "port_before.h"
-
-#include <stdio.h>
-#include <unistd.h>
-#include <stdlib.h>
-#include <string.h>
-#include <memory.h>
-#include <sys/param.h>
-#include <sys/time.h>
-#include <netinet/in.h>
-
-#include "dst_internal.h"
-
-#include "crypto.h"
-#include "bn.h"
-#include "dsa.h"
-#include "sha.h"
-
-#include "port_after.h"
-
-
-static int dst_eay_dss_sign(const int mode, DST_KEY *dkey, void **context,
- const u_char *data, const int len,
- u_char *signature, const int sig_len);
-
-static int dst_eay_dss_verify(const int mode, DST_KEY *dkey, void **context,
- const u_char *data, const int len,
- const u_char *signature, const int sig_len);
-
-static int dst_eay_dss_to_dns_key(const DST_KEY *in_key, u_char *out_str,
- const int out_len);
-static int dst_eay_dss_from_dns_key(DST_KEY *s_key, const u_char *key,
- const int len);
-static int dst_eay_dss_key_to_file_format(const DST_KEY *key, u_char *buff,
- const int buff_len);
-static int dst_eay_dss_key_from_file_format(DST_KEY *d_key,
- const u_char *buff,
- const int buff_len);
-static void *dst_eay_dss_free_key_structure(void *key);
-
-static int dst_eay_dss_generate_keypair(DST_KEY *key, int exp);
-static int dst_eay_dss_compare_keys(const DST_KEY *key1, const DST_KEY *key2);
-
-/*
- * dst_eay_dss_init() Function to answer set up function pointers for
- * EAY DSS related functions
- */
-int
-dst_eay_dss_init(void)
-{
- if (dst_t_func[KEY_DSA] != NULL)
- return (1);
- dst_t_func[KEY_DSA] = malloc(sizeof(struct dst_func));
- if (dst_t_func[KEY_DSA] == NULL)
- return (0);
- memset(dst_t_func[KEY_DSA], 0, sizeof(struct dst_func));
- dst_t_func[KEY_DSA]->sign = dst_eay_dss_sign;
- dst_t_func[KEY_DSA]->verify = dst_eay_dss_verify;
- dst_t_func[KEY_DSA]->compare = dst_eay_dss_compare_keys;
- dst_t_func[KEY_DSA]->generate = dst_eay_dss_generate_keypair;
- dst_t_func[KEY_DSA]->destroy = dst_eay_dss_free_key_structure;
- dst_t_func[KEY_DSA]->from_dns_key = dst_eay_dss_from_dns_key;
- dst_t_func[KEY_DSA]->to_dns_key = dst_eay_dss_to_dns_key;
- dst_t_func[KEY_DSA]->from_file_fmt = dst_eay_dss_key_from_file_format;
- dst_t_func[KEY_DSA]->to_file_fmt = dst_eay_dss_key_to_file_format;
- return (1);
-}
-
-/*
- * dst_eay_dss_sign
- * Call EAY DSS signing functions to sign a block of data.
- * There are three steps to signing, INIT (initialize structures),
- * UPDATE (hash (more) data), FINAL (generate a signature). This
- * routine performs one or more of these steps.
- * Parameters
- * mode SIG_MODE_INIT, SIG_MODE_UPDATE and/or SIG_MODE_FINAL.
- * algobj structure holds context for a sign done in multiple calls.
- * context the context to use for this computation
- * data data to be signed.
- * len length in bytes of data.
- * priv_key key to use for signing.
- * signature location to store signature.
- * sig_len size in bytes of signature field.
- * returns
- * N Success on SIG_MODE_FINAL = returns signature length in bytes
- * N is 41 for DNS
- * 0 Success on SIG_MODE_INIT and UPDATE
- * <0 Failure
- */
-
-static int
-dst_eay_dss_sign(const int mode, DST_KEY *dkey, void **context,
- const u_char *data, const int len,
- u_char *signature, const int sig_len)
-{
- int sign_len = 0;
- int status;
- SHA_CTX *ctx = NULL;
-
- if (mode & SIG_MODE_INIT)
- ctx = (SHA_CTX *) malloc(sizeof(SHA_CTX));
- else if (context)
- ctx = (SHA_CTX *) *context;
- if (ctx == NULL)
- return (-1);
-
- if (mode & SIG_MODE_INIT)
- SHA1_Init(ctx);
-
- if ((mode & SIG_MODE_UPDATE) && (data && len > 0)) {
- SHA1_Update(ctx, (u_char *) data, len);
- }
- if (mode & SIG_MODE_FINAL) {
- DSA *key;
- u_char digest[SHA_DIGEST_LENGTH];
- u_char rand[SHA_DIGEST_LENGTH];
- u_char r[SHA_DIGEST_LENGTH], s[SHA_DIGEST_LENGTH];
-
- if (dkey == NULL || dkey->dk_KEY_struct == NULL)
- return (-1);
- key = dkey->dk_KEY_struct;
- if (key == NULL)
- return(-2);
- SHA1_Final(digest, ctx);
- status = DSA_sign(0, digest, SHA_DIGEST_LENGTH,
- signature, &sign_len, key);
- if (status != 0)
- return (SIGN_FINAL_FAILURE);
-
- *signature = (dkey->dk_key_size - 512)/64;
- sign_len = 1;
- memcpy(signature + sign_len, r, SHA_DIGEST_LENGTH);
- sign_len += SHA_DIGEST_LENGTH;
- memcpy(signature + sign_len, s, SHA_DIGEST_LENGTH);
- sign_len += SHA_DIGEST_LENGTH;
- }
- else {
- if (context == NULL)
- return (-1);
- *context = (void *) ctx;
- }
- return (sign_len);
-}
-
-
-/*
- * dst_eay_dss_verify
- * Calls EAY DSS verification routines. There are three steps to
- * verification, INIT (initialize structures), UPDATE (hash (more) data),
- * FINAL (generate a signature). This routine performs one or more of
- * these steps.
- * Parameters
- * mode SIG_MODE_INIT, SIG_MODE_UPDATE and/or SIG_MODE_FINAL.
- * dkey structure holds context for a verify done in multiple calls.
- * context algorithm specific context for the current context processing
- * data data signed.
- * len length in bytes of data.
- * pub_key key to use for verify.
- * signature signature.
- * sig_len length in bytes of signature.
- * returns
- * 0 Success
- * <0 Failure
- */
-
-static int
-dst_eay_dss_verify(const int mode, DST_KEY *dkey, void **context,
- const u_char *data, const int len,
- const u_char *signature, const int sig_len)
-{
- int status;
- SHA_CTX *ctx = NULL;
-
- if (mode & SIG_MODE_INIT)
- ctx = (SHA_CTX *) malloc(sizeof(SHA_CTX));
- else if (context)
- ctx = (SHA_CTX *) *context;
- if (ctx == NULL)
- return (-1);
-
- if (mode & SIG_MODE_INIT)
- SHA1_Init(ctx);
-
- if ((mode & SIG_MODE_UPDATE) && (data && len > 0)) {
- SHA1_Update(ctx, (u_char *) data, len);
- }
- if (mode & SIG_MODE_FINAL) {
- DSA *key;
- u_char digest[SHA_DIGEST_LENGTH];
- u_char r[SHA_DIGEST_LENGTH], s[SHA_DIGEST_LENGTH];
-
- if (dkey == NULL || dkey->dk_KEY_struct == NULL)
- return (-1);
- key = (DSA *) dkey->dk_KEY_struct;
- if (key = NULL)
- return (-2);
- if (signature == NULL || sig_len != (2 * SHA_DIGEST_LENGTH +1))
- return (SIGN_FINAL_FAILURE);
- SHA1_Final(digest, ctx);
- SAFE_FREE(ctx);
- if (status != 0)
- return (SIGN_FINAL_FAILURE);
- if (((int)*signature) != ((BN_num_bytes(key->p) -64)/8))
- return(VERIFY_FINAL_FAILURE);
-
- memcpy(r, signature +1, SHA_DIGEST_LENGTH);
- memcpy(s, signature + SHA_DIGEST_LENGTH +1, SHA_DIGEST_LENGTH);
- status = DSA_verify(0, digest, SHA_DIGEST_LENGTH,
- (u_char *)signature, sig_len, key);
- if (status != 0)
- return (VERIFY_FINAL_FAILURE);
- }
- else {
- if (context == NULL)
- return (-1);
- *context = (void *) ctx;
- }
- return (0);
-}
-
-
-/*
- * dst_eay_dss_to_dns_key
- * Converts key from DSA to DNS distribution format
- * This function gets in a pointer to the public key and a work area
- * to write the key into.
- * Parameters
- * public KEY structure
- * out_str buffer to write encoded key into
- * out_len size of out_str
- * Return
- * N >= 0 length of encoded key
- * n < 0 error
- */
-
-static int
-dst_eay_dss_to_dns_key(const DST_KEY *in_key, u_char *out_str,
- const int out_len)
-{
- u_char *op = out_str;
- int t;
- DSA *key;
-
- if (in_key == NULL || in_key->dk_KEY_struct == NULL ||
- out_len <= 0 || out_str == NULL)
- return (-1);
- key = (DSA *) in_key->dk_KEY_struct;
-
- t = (BN_num_bytes(key->p) - 64) / 8;
-
- *op++ = t;
- BN_bn2bin(key->q, op);
- op += BN_num_bytes(key->q);
- BN_bn2bin(key->p, op);
- op += BN_num_bytes(key->p);
- BN_bn2bin(key->g, op);
- op += BN_num_bytes(key->g);
- BN_bn2bin(key->pub_key, op);
- op += BN_num_bytes(key->pub_key);
-
- return (op - out_str);
-}
-
-
-/*
- * dst_eay_dss_from_dns_key
- * Converts from a DNS KEY RR format to an RSA KEY.
- * Parameters
- * len Length in bytes of DNS key
- * key DNS key
- * name Key name
- * s_key DST structure that will point to the RSA key this routine
- * will build.
- * Return
- * 0 The input key, s_key or name was null.
- * 1 Success
- */
-static int
-dst_eay_dss_from_dns_key(DST_KEY *s_key, const u_char *key, const int len)
-{
- int t;
- u_char *key_ptr = (u_char *)key;
- DSA *d_key;
- int p_bytes;
-
- if (s_key == NULL || len < 0 || key == NULL)
- return (0);
-
- if (len == 0) /* process null key */
- return (1);
-
- if (key_ptr == NULL)
- return (0);
- t = (int) *key_ptr++; /* length of exponent in bytes */
- p_bytes = 64 + 8 * t;
-
- if ((3 * (t * 8 + 64) + SHA_DIGEST_LENGTH + 1) != len)
- return (0);
-
- if ((d_key = (DSA *) malloc(sizeof(DSA))) == NULL) {
- EREPORT(("dst_eay_dss_from_dns_key(): Memory allocation error 1"));
- return (0);
- }
- memset(d_key, 0, sizeof(DSA));
- s_key->dk_KEY_struct = (void *) d_key;
-
- d_key->q = BN_bin2bn(key_ptr, SHA_DIGEST_LENGTH, NULL);
- key_ptr += SHA_DIGEST_LENGTH;
-
- d_key->p = BN_bin2bn(key_ptr, p_bytes, NULL);
- key_ptr += p_bytes;
-
- d_key->g = BN_bin2bn(key_ptr, p_bytes, NULL);
- key_ptr += p_bytes;
-
- d_key->pub_key = BN_bin2bn(key_ptr, p_bytes, NULL);
- key_ptr += p_bytes;
-
- s_key->dk_id = dst_s_id_calc(key, len);
- s_key->dk_key_size = p_bytes * 8;
- return (1);
-}
-
-
-/**************************************************************************
- * dst_eay_dss_key_to_file_format
- * Encodes an DSA Key into the portable file format.
- * Parameters
- * key DSA KEY structure
- * buff output buffer
- * buff_len size of output buffer
- * Return
- * 0 Failure - null input rkey
- * -1 Failure - not enough space in output area
- * N Success - Length of data returned in buff
- */
-
-static int
-dst_eay_dss_key_to_file_format(const DST_KEY *key, u_char *buff,
- const int buff_len)
-{
- u_char *bp;
- int len, b_len;
- DSA *dkey;
- char num[256]; /* More than long enough for DSA keys */
-
- if (key == NULL || key->dk_KEY_struct == NULL) /* no output */
- return (0);
- if (buff == NULL || buff_len <= (int) strlen(key_file_fmt_str))
- return (-1); /* no OR not enough space in output area */
-
- dkey = (DSA *) key->dk_KEY_struct;
-
- memset(buff, 0, buff_len); /* just in case */
- /* write file header */
- sprintf(buff, key_file_fmt_str, KEY_FILE_FORMAT, KEY_DSA, "DSA");
-
- bp = (char *) strchr(buff, '\0');
- b_len = buff_len - (bp - buff);
- memcpy(num, dkey->p, BN_num_bytes(dkey->p));
- if ((len = dst_s_conv_bignum_u8_to_b64(bp, b_len, "Prime(p): ", num,
- BN_num_bytes(dkey->p))) <= 0)
- return (-1);
-
- bp = (char *) strchr(buff, '\0');
- b_len = buff_len - (bp - buff);
- memcpy(num, dkey->q, BN_num_bytes(dkey->q));
- if ((len = dst_s_conv_bignum_u8_to_b64(bp, b_len, "Subprime(q): ", num,
- BN_num_bytes(dkey->q))) <= 0)
- return (-2);
-
- bp = (char *) strchr(buff, '\0');
- b_len = buff_len - (bp - buff);
- memcpy(num, dkey->g, BN_num_bytes(dkey->g));
- if ((len = dst_s_conv_bignum_u8_to_b64(bp, b_len, "Base(g): ", num,
- BN_num_bytes(dkey->g))) <= 0)
- return (-3);
-
- bp = (char *) strchr(buff, '\0');
- b_len = buff_len - (bp - buff);
- memcpy(num, dkey->priv_key, BN_num_bytes(dkey->priv_key));
- if ((len = dst_s_conv_bignum_u8_to_b64(bp, b_len, "Private_value(x): ",
- num,
- BN_num_bytes(dkey->priv_key)))
- <= 0)
- return (-4);
-
- bp = (char *) strchr(buff, '\0');
- b_len = buff_len - (bp - buff);
- memcpy(num, dkey->pub_key, BN_num_bytes(dkey->pub_key));
- if ((len = dst_s_conv_bignum_u8_to_b64(bp, b_len, "Public_value(y): ",
- num,
- BN_num_bytes(dkey->pub_key)))
- <= 0)
- return (-5);
-
- bp += len;
- b_len -= len;
- return (buff_len - b_len);
-}
-
-
-/**************************************************************************
- * dst_eay_dss_key_from_file_format
- * Converts contents of a private key file into a private DSA key.
- * Parameters
- * d_key structure to put key into
- * buff buffer containing the encoded key
- * buff_len the length of the buffer
- * Return
- * n >= 0 Foot print of the key converted
- * n < 0 Error in conversion
- */
-
-static int
-dst_eay_dss_key_from_file_format(DST_KEY *d_key, const u_char *buff,
- const int buff_len)
-{
- char s[128];
- char dns[1024];
- int len, s_len = sizeof(s);
- int foot = -1, dnslen;
- const char *p = buff;
- DSA *dsa_key;
-
- if (d_key == NULL || buff == NULL || buff_len <= 0)
- return (-1);
-
- dsa_key = (DSA *) malloc(sizeof(DSA));
- if (dsa_key == NULL) {
- return (-2);
- }
- memset(dsa_key, 0, sizeof(*dsa_key));
- d_key->dk_KEY_struct = (void *) dsa_key;
-
- if (!dst_s_verify_str(&p, "Prime(p): "))
- return (-3);
- memset(s, 0, s_len);
- if ((len = dst_s_conv_bignum_b64_to_u8(&p, s, s_len)) == 0)
- return (-4);
- dsa_key->p = BN_bin2bn (s, len, NULL);
- if (dsa_key->p == NULL)
- return(-5);
-
- while (*++p && p < (const char *) &buff[buff_len]) {
- if (dst_s_verify_str(&p, "Subprime(q): ")) {
- if (!(len = dst_s_conv_bignum_b64_to_u8(&p, s, s_len)))
- return (-6);
- dsa_key->q = BN_bin2bn (s, len, NULL);
- if (dsa_key->q == NULL)
- return (-7);
- } else if (dst_s_verify_str(&p, "Base(g): ")) {
- if (!(len = dst_s_conv_bignum_b64_to_u8(&p, s, s_len)))
- return (-8);
- dsa_key->g = BN_bin2bn (s, len, NULL);
- if (dsa_key->g == NULL)
- return (-9);
- } else if (dst_s_verify_str(&p, "Private_value(x): ")) {
- if (!(len = dst_s_conv_bignum_b64_to_u8(&p, s, s_len)))
- return (-10);
- dsa_key->priv_key = BN_bin2bn (s, len, NULL);
- if (dsa_key->priv_key == NULL)
- return (-11);
- } else if (dst_s_verify_str(&p, "Public_value(y): ")) {
- if (!(len = dst_s_conv_bignum_b64_to_u8(&p, s, s_len)))
- return (-12);
- dsa_key->pub_key = BN_bin2bn (s, len, NULL);
- if (dsa_key->pub_key == NULL)
- return (-13);
- } else {
- EREPORT(("Decode_DSAKey(): Bad keyword %s\n", p));
- return (-14);
- }
- } /* while p */
-
- d_key->dk_key_size = BN_num_bytes(dsa_key->p);
- dnslen = d_key->dk_func->to_dns_key(d_key, dns, sizeof(dns));
- foot = dst_s_id_calc(dns, dnslen);
-
- return (foot);
-}
-
-
-/**************************************************************************
- * dst_eay_dss_free_key_structure
- * Frees all dynamicly allocated structures in DSA.
- */
-
-static void *
-dst_eay_dss_free_key_structure(void *key)
-{
- DSA *d_key = (DSA *) key;
- if (d_key != NULL) {
- BN_free(d_key->p);
- BN_free(d_key->q);
- BN_free(d_key->g);
- if (d_key->pub_key)
- BN_free(d_key->pub_key);
- if (d_key->priv_key)
- BN_free(d_key->priv_key);
- SAFE_FREE(d_key);
- }
- return (NULL);
-}
-
-
-/**************************************************************************
- * dst_eay_dss_generate_keypair
- * Generates unique keys that are hard to predict.
- * Parameters
- * key generic Key structure
- * exp the public exponent
- * Return
- * 0 Failure
- * 1 Success
- */
-
-static int
-dst_eay_dss_generate_keypair(DST_KEY *key, int nothing)
-{
- int status, dnslen, n;
- DSA *dsa;
- u_char rand[SHA_DIGEST_LENGTH];
- char dns[1024];
-
- if (key == NULL || key->dk_alg != KEY_DSA)
- return (0);
-
- if ((dsa = (DSA *) malloc(sizeof(DSA))) == NULL) {
- EREPORT(("dst_eay_dss_generate_keypair: Memory allocation error 3"));
- return (0);
- }
- memset(dsa, 0, sizeof(*dsa));
-
- n = dst_random(DST_RAND_KEY, sizeof(rand), rand);
- if (n != sizeof(rand))
- return (0);
- dsa = DSA_generate_parameters(key->dk_key_size, rand, 20, NULL, NULL,
- NULL, NULL);
-
- if (!dsa) {
- EREPORT(("dst_eay_dss_generate_keypair: Generate Parameters failed"));
- return (0);
- }
- if (DSA_generate_key(dsa) == 0) {
- EREPORT(("dst_eay_dss_generate_keypair: Generate Key failed"));
- return(0);
- }
- key->dk_KEY_struct = (void *) dsa;
- dnslen = key->dk_func->to_dns_key(key, dns, sizeof(dns));
- key->dk_id = dst_s_id_calc(dns, dnslen);
- return (1);
-}
-
-
-/*
- * dst_eay_dss_compare_keys
- * Compare two keys for equality.
- * Return
- * 0 The keys are equal
- * NON-ZERO The keys are not equal
- */
-
-static int
-dst_eay_dss_compare_keys(const DST_KEY *key1, const DST_KEY *key2)
-{
- int status;
- DSA *dkey1 = (DSA *) key1->dk_KEY_struct;
- DSA *dkey2 = (DSA *) key2->dk_KEY_struct;
-
- if (dkey1 == NULL && dkey2 == NULL)
- return (0);
- else if (dkey1 == NULL)
- return (2);
- else if (dkey2 == NULL)
- return(1);
-
- status = BN_cmp(dkey1->p, dkey2->p) ||
- BN_cmp(dkey1->q, dkey2->q) ||
- BN_cmp(dkey1->g, dkey2->g) ||
- BN_cmp(dkey1->pub_key, dkey2->pub_key);
-
- if (status)
- return (status);
-
- if (dkey1->priv_key || dkey2->priv_key) {
- if (dkey1->priv_key == NULL || dkey2->priv_key == NULL)
- return (202);
- return (BN_cmp(dkey1->priv_key, dkey2->priv_key));
- } else
- return (0);
-}
-#else
-#include "port_before.h"
-
-#include <stdio.h>
-#include <unistd.h>
-#include <stdlib.h>
-#include <string.h>
-#include <memory.h>
-#include <sys/param.h>
-#include <sys/time.h>
-#include <netinet/in.h>
-
-#include "dst_internal.h"
-#include "port_after.h"
-int
-dst_eay_dss_init(void)
-{
- return (0);
-}
-#endif /* EAY_DSS */
#ifdef HMAC_MD5
#ifndef LINT
-static const char rcsid[] = "$Header: /u0/home/explorer/proj/ISC/git-conversion/cvsroot/bind9/lib/bind/dst/Attic/hmac_link.c,v 1.1 2001/03/29 06:31:31 marka Exp $";
+static const char rcsid[] = "$Header: /u0/home/explorer/proj/ISC/git-conversion/cvsroot/bind9/lib/bind/dst/Attic/hmac_link.c,v 1.2 2001/04/03 00:28:14 bwelling Exp $";
#endif
/*
* Portions Copyright (c) 1995-1998 by Trusted Information Systems, Inc.
static int
dst_hmac_md5_generate_key(DST_KEY *key, const int nothing)
{
- u_char *buff;
- int i, n, size;
-
- i = nothing;
-
- if (key == NULL || key->dk_alg != KEY_HMAC_MD5)
- return (0);
- size = (key->dk_key_size + 7) / 8; /* convert to bytes */
- if (size <= 0)
- return(0);
-
- i = size > 64 ? 64 : size;
- buff = malloc(i+8);
-
- n = dst_random(DST_RAND_SEMI, i, buff);
- n += dst_random(DST_RAND_KEY, i, buff);
- if (n <= i) { /* failed getting anything */
- SAFE_FREE2(buff, i);
- return (-1);
- }
- n = dst_buffer_to_hmac_md5(key, buff, i);
- SAFE_FREE2(buff, i);
- if (n <= 0)
- return (n);
- return (1);
+ (void)key;
+ (void)nothing;
+ return (-1);
}
/*
+++ /dev/null
-#ifndef LINT
-static const char rcsid[] = "$Header: /u0/home/explorer/proj/ISC/git-conversion/cvsroot/bind9/lib/bind/dst/Attic/prandom.c,v 1.1 2001/03/29 06:31:33 marka Exp $";
-#endif
-/*
- * Portions Copyright (c) 1995-1998 by Trusted Information Systems, Inc.
- *
- * Permission to use, copy modify, and distribute this software for any
- * purpose with or without fee is hereby granted, provided that the above
- * copyright notice and this permission notice appear in all copies.
- *
- * THE SOFTWARE IS PROVIDED "AS IS" AND TRUSTED INFORMATION SYSTEMS
- * DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL
- * TRUSTED INFORMATION SYSTEMS BE LIABLE FOR ANY SPECIAL, DIRECT,
- * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING
- * FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT,
- * NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION
- * WITH THE USE OR PERFORMANCE OF THE SOFTWARE.
- */
-
-#include "port_before.h"
-
-#include <assert.h>
-#include <stdio.h>
-#include <sys/types.h>
-#include <stdlib.h>
-#include <string.h>
-#include <unistd.h>
-#include <fcntl.h>
-#include <time.h>
-#include <dirent.h>
-#include <sys/param.h>
-#include <sys/stat.h>
-#include <sys/time.h>
-
-#include "dst_internal.h"
-#include "prand_conf.h"
-
-#include "port_after.h"
-
-#ifndef DST_NUM_HASHES
-#define DST_NUM_HASHES 4
-#endif
-#ifndef DST_NUMBER_OF_COUNTERS
-#define DST_NUMBER_OF_COUNTERS 5 /* 32 * 5 == 160 == SHA(1) > MD5 */
-#endif
-
-/*
- * the constant below is a prime number to make fixed data structues like
- * stat and time wrap over blocks. This adds certain uncertanty to what is
- * in each digested block.
- * The prime number 2879 has the special property that when
- * divided by 2,4 and 6 the result is also a prime numbers
- */
-
-#ifndef DST_RANDOM_BLOCK_SIZE
-#define DST_RANDOM_BLOCK_SIZE 2879
-#endif
-
-/*
- * This constant dictatates how many bits we shift to the right before using a
- */
-#ifndef DST_SHIFT
-#define DST_SHIFT 9
-#endif
-
-/*
- * An initalizer that is as bad as any other with half the bits set
- */
-#ifndef DST_RANDOM_PATTERN
-#define DST_RANDOM_PATTERN 0x8765CA93
-#endif
-/*
- * things must have changed in the last 3600 seconds to be used
- */
-#define MAX_OLD 3600
-
-
-/*
- * these two data structure are used to process input data into digests,
- *
- * The first structure is containts a pointer to a DST HMAC key
- * the variables accompanying are used for
- * step : select every step byte from input data for the hash
- * block: number of data elements going into each hash
- * digested: number of data elements digested so far
- * curr: offset into the next input data for the first byte.
- */
-typedef struct hash {
- DST_KEY *key;
- void *ctx;
- int digested, block, step, curr;
-} prand_hash;
-
-/*
- * This data structure controlls number of hashes and keeps track of
- * overall progress in generating correct number of bytes of output.
- * output : array to store the output data in
- * needed : how many bytes of output are needed
- * filled : number of bytes in output so far.
- * bytes : total number of bytes processed by this structure
- * file_digest : the HMAC key used to digest files.
- */
-typedef struct work {
- int needed, filled, bytes;
- u_char *output;
- prand_hash *hash[DST_NUM_HASHES];
- DST_KEY *file_digest;
-} dst_work;
-
-
-/*
- * forward function declarations
- */
-static int get_dev_random(u_char *output, int size);
-static int do_time(dst_work *work);
-static int do_ls(dst_work *work);
-static int unix_cmd(dst_work *work);
-static int digest_file(dst_work *work);
-
-static void force_hash(dst_work *work, prand_hash *hash);
-static int do_hash(dst_work *work, prand_hash *hash, const u_char *input,
- int size);
-static int my_digest(dst_work *tmp, const u_char *input, int size);
-static prand_hash *get_hmac_key(int step, int block);
-
-static int own_random(dst_work *work);
-
-
-/*
- * variables used in the quick random number generator
- */
-static u_int32_t ran_val = DST_RANDOM_PATTERN;
-static u_int32_t ran_cnt = (DST_RANDOM_PATTERN >> 10);
-
-/*
- * setting the quick_random generator to particular values or if both
- * input parameters are 0 then set it to initial vlaues
- */
-
-void
-dst_s_quick_random_set(u_int32_t val, u_int32_t cnt)
-{
- ran_val = (val == 0) ? DST_RANDOM_PATTERN : val;
- ran_cnt = (cnt == 0) ? (DST_RANDOM_PATTERN >> 10) : cnt;
-}
-
-/*
- * this is a quick and random number generator that seems to generate quite
- * good distribution of data
- */
-u_int32_t
-dst_s_quick_random(int inc)
-{
- ran_val = ((ran_val >> 13) ^ (ran_val << 19)) ^
- ((ran_val >> 7) ^ (ran_val << 25));
- if (inc > 0) /* only increasing values accepted */
- ran_cnt += inc;
- ran_val += ran_cnt++;
- return (ran_val);
-}
-
-/*
- * get_dev_random: Function to read /dev/random reliably
- * this function returns how many bytes where read from the device.
- * port_after.h should set the control variable HAVE_DEV_RANDOM
- */
-static int
-get_dev_random(u_char *output, int size)
-{
-#ifdef HAVE_DEV_RANDOM
- struct stat st;
- int n = 0, fd = -1, s;
-
- s = stat("/dev/random", &st);
- if (s == 0 && S_ISCHR(st.st_mode)) {
- if ((fd = open("/dev/random", O_RDONLY | O_NONBLOCK)) != -1) {
- if ((n = read(fd, output, size)) < 0)
- n = 0;
- close(fd);
- }
- return (n);
- }
-#endif
- return (0);
-}
-
-/*
- * Portable way of getting the time values if gettimeofday is missing
- * then compile with -DMISSING_GETTIMEOFDAY time() is POSIX compliant but
- * gettimeofday() is not.
- * Time of day is predictable, we are looking for the randomness that comes
- * the last few bits in the microseconds in the timer are hard to predict when
- * this is invoked at the end of other operations
- */
-struct timeval *mtime;
-static int
-do_time(dst_work *work)
-{
- int cnt = 0;
- static u_char tmp[sizeof(struct timeval) + sizeof(struct timezone)];
- struct timezone *zone;
-
- zone = (struct timezone *) tmp;
- mtime = (struct timeval *)(tmp + sizeof(struct timezone));
- gettimeofday(mtime, zone);
- cnt = sizeof(tmp);
- my_digest(work, tmp, sizeof(tmp));
-
- return (cnt);
-}
-
-/*
- * this function simulates the ls command, but it uses stat which gives more
- * information and is harder to guess
- * Each call to this function will visit the next directory on the list of
- * directories, in a circular manner.
- * return value is the number of bytes added to the temp buffer
- *
- * do_ls() does not visit subdirectories
- * if attacker has access to machine it can guess most of the values seen
- * thus it is important to only visit directories that are freqently updated
- * Attacker that has access to the network can see network traffic
- * when NFS mounted directories are accessed and know exactly the data used
- * but may not know exactly in what order data is used.
- * Returns the number of bytes that where returned in stat structures
- */
-static int
-do_ls(dst_work *work)
-{
- struct dir_info {
- uid_t uid;
- gid_t gid;
- off_t size;
- time_t atime, mtime, ctime;
- };
- static struct dir_info dir_info;
- struct stat buf;
- struct dirent *entry;
- static int i = 0;
- static unsigned long d_round = 0;
- struct timeval tv;
- int n = 0, dir_len, tb_i = 0, out = 0;
-
- char file_name[1024];
- u_char tmp_buff[1024];
- DIR *dir = NULL;
-
- if (dirs[i] == NULL) /* if at the end of the list start over */
- i = 0;
- if (stat(dirs[i++], &buf)) /* directory does not exist */
- return (0);
-
- gettimeofday(&tv, NULL);
- if (d_round == 0)
- d_round = tv.tv_sec - MAX_OLD;
- else if (i==1) /* if starting a new round cut what we accept */
- d_round += (tv.tv_sec - d_round)/2;
-
- if (buf.st_atime < (time_t)d_round)
- return (0);
-
- EREPORT(("do_ls i %d filled %4d in_temp %4d\n",
- i-1, work->filled, work->in_temp));
- memcpy(tmp_buff, &buf, sizeof(buf));
- tb_i += sizeof(buf);
-
-
- if ((dir = opendir(dirs[i-1])) == NULL)/* open it for read */
- return (0);
- strcpy(file_name, dirs[i-1]);
- dir_len = strlen(file_name);
- file_name[dir_len++] = '/';
- while ((entry = readdir(dir))) {
- int len = strlen(entry->d_name);
- out += len;
- if (my_digest(work, (u_char *)entry->d_name, len))
- break;
-
- memcpy(&file_name[dir_len], entry->d_name, len);
- file_name[dir_len + len] = 0x0;
- /* for all entries in dir get the stats */
- if (stat(file_name, &buf) == 0) {
- n++; /* count successfull stat calls */
- /* copy non static fields */
- dir_info.uid += buf.st_uid;
- dir_info.gid += buf.st_gid;
- dir_info.size += buf.st_size;
- dir_info.atime += buf.st_atime;
- dir_info.mtime += buf.st_mtime;
- dir_info.ctime += buf.st_ctime;
- out += sizeof(dir_info);
- if(my_digest(work, (u_char *)&dir_info,
- sizeof(dir_info)))
- break;
- }
- }
- closedir(dir); /* done */
- out += do_time(work); /* add a time stamp */
- return (out);
-}
-
-
-/*
- * unix_cmd()
- * this function executes the a command from the cmds[] list of unix commands
- * configured in the prand_conf.h file
- * return value is the number of bytes added to the randomness temp buffer
- *
- * it returns the number of bytes that where read in
- * if more data is needed at the end time is added to the data.
- * This function maintains a state to selects the next command to run
- * returns the number of bytes read in from the command
- */
-static int
-unix_cmd(dst_work *work)
-{
- static int cmd_index = 0;
- int cnt = 0, n;
- FILE *pipe;
- u_char buffer[4096];
-
- if (cmds[cmd_index] == NULL)
- cmd_index = 0;
- EREPORT(("unix_cmd() i %d filled %4d in_temp %4d\n",
- cmd_index, work->filled, work->in_temp));
- pipe = popen(cmds[cmd_index++], "r"); /* execute the command */
-
- while ((n = fread(buffer, sizeof(char), sizeof(buffer), pipe)) > 0) {
- cnt += n; /* process the output */
- if (my_digest(work, buffer, n))
- break;
- /* this adds some randomness to the output */
- cnt += do_time(work);
- }
- while ((n = fread(buffer, sizeof(char), sizeof(buffer), pipe)) > 0)
- (void)NULL; /* drain the pipe */
- pclose(pipe);
- return (cnt); /* read how many bytes where read in */
-}
-
-/*
- * digest_file() This function will read a file and run hash over it
- * input is a file name
- */
-static int
-digest_file(dst_work *work)
-{
- static int f_cnt = 0;
- static unsigned long f_round = 0;
- FILE *fp;
- void *ctx;
- const char *name;
- int no, i;
- struct stat st;
- struct timeval tv;
- u_char buf[1024];
-
- if (f_round == 0 || files[f_cnt] == NULL || work->file_digest == NULL)
- if (gettimeofday(&tv, NULL)) /* only do this if needed */
- return (0);
- if (f_round == 0) /* first time called set to one hour ago */
- f_round = (tv.tv_sec - MAX_OLD);
- name = files[f_cnt++];
- if (files[f_cnt] == NULL) { /* end of list of files */
- if(f_cnt <= 1) /* list is too short */
- return (0);
- f_cnt = 0; /* start again on list */
- f_round += (tv.tv_sec - f_round)/2; /* set new cutoff */
- work->file_digest = dst_free_key(work->file_digest);
- }
- if (work->file_digest == NULL) {
- work->file_digest = dst_buffer_to_key("", KEY_HMAC_MD5, 0, 0,
- (u_char *)&tv, sizeof(tv));
- if (work->file_digest == NULL)
- return (0);
- }
- if (access(name, R_OK) || stat(name, &st))
- return (0); /* no such file or not allowed to read it */
- if (strncmp(name, "/proc/", 6) && st.st_mtime < (time_t)f_round)
- return(0); /* file has not changed recently enough */
- if (dst_sign_data(SIG_MODE_INIT, work->file_digest, &ctx,
- NULL, 0, NULL, 0)) {
- work->file_digest = dst_free_key(work->file_digest);
- return (0);
- }
- if ((fp = fopen(name, "r")) == NULL)
- return (0);
- for (no = 0; (i = fread(buf, sizeof(*buf), sizeof(buf), fp)) > 0;
- no += i)
- dst_sign_data(SIG_MODE_UPDATE, work->file_digest, &ctx,
- buf, i, NULL, 0);
-
- fclose(fp);
- if (no >= 64) {
- i = dst_sign_data(SIG_MODE_FINAL, work->file_digest, &ctx,
- NULL, 0, &work->output[work->filled],
- DST_HASH_SIZE);
- if (i > 0)
- work->filled += i;
- }
- else if (i > 0)
- my_digest(work, buf, i);
- my_digest(work, (const u_char *)name, strlen(name));
- return (no + strlen(name));
-}
-
-/*
- * function to perform the FINAL and INIT operation on a hash if allowed
- */
-static void
-force_hash(dst_work *work, prand_hash *hash)
-{
- int i = 0;
-
- /*
- * if more than half a block then add data to output
- * otherwise adde the digest to the next hash
- */
- if ((hash->digested * 2) > hash->block) {
- i = dst_sign_data(SIG_MODE_FINAL, hash->key, &hash->ctx,
- NULL, 0, &work->output[work->filled],
- DST_HASH_SIZE);
-
- hash->digested = 0;
- dst_sign_data(SIG_MODE_INIT, hash->key, &hash->ctx,
- NULL, 0, NULL, 0);
- if (i > 0)
- work->filled += i;
- }
- return;
-}
-
-/*
- * This function takes the input data does the selection of data specified
- * by the hash control block.
- * The step varialbe in the work sturcture determines which 1/step bytes
- * are used,
- *
- */
-static int
-do_hash(dst_work *work, prand_hash *hash, const u_char *input, int size)
-{
- const u_char *tmp = input;
- u_char *save = NULL, *tp;
- int i, cnt = size, n, needed, avail, dig, tmp_size = 0;
-
- if (cnt <= 0 || input == NULL)
- return (0);
-
- if (hash->step > 1) { /* if using subset of input data */
- tmp_size = size / hash->step + 2;
- tmp = tp = save = malloc(tmp_size);
- for (cnt = 0, i = hash->curr; i < size; i += hash->step, cnt++)
- *(tp++) = input[i];
- /* calcutate the starting point in the next input set */
- hash->curr = (hash->step - (i - size)) % hash->step;
- }
- /* digest the data in block sizes */
- for (n = 0; n < cnt; n += needed) {
- avail = (cnt - n);
- needed = hash->block - hash->digested;
- dig = (avail < needed) ? avail : needed;
- dst_sign_data(SIG_MODE_UPDATE, hash->key, &hash->ctx,
- &tmp[n], dig, NULL, 0);
- hash->digested += dig;
- if (hash->digested >= hash->block)
- force_hash(work, hash);
- if (work->needed < work->filled) {
- if (tmp_size > 0)
- SAFE_FREE2(save, tmp_size);
- return (1);
- }
- }
- if (tmp_size > 0)
- SAFE_FREE2(save, tmp_size);
- return (0);
-}
-
-/*
- * Copy data from INPUT for length SIZE into the work-block TMP.
- * If we fill the work-block, digest it; then,
- * if work-block needs more data, keep filling with the rest of the input.
- */
-static int
-my_digest(dst_work *work, const u_char *input, int size)
-{
-
- int i, full = 0;
- static unsigned counter;
-
- counter += size;
- /* first do each one of the hashes */
- for (i = 0; i < DST_NUM_HASHES && full == 0; i++)
- full = do_hash(work, work->hash[i], input, size) +
- do_hash(work, work->hash[i], (u_char *) &counter,
- sizeof(counter));
-/*
- * if enough data has be generated do final operation on all hashes
- * that have enough date for that
- */
- for (i = 0; full && (i < DST_NUM_HASHES); i++)
- force_hash(work, work->hash[i]);
-
- return (full);
-}
-
-/*
- * this function gets some semi random data and sets that as an HMAC key
- * If we get a valid key this function returns that key initalized
- * otherwise it returns NULL;
- */
-static prand_hash *
-get_hmac_key(int step, int block)
-{
-
- u_char *buff;
- int temp = 0, n = 0, size = 70;
- DST_KEY *new_key = NULL;
- prand_hash *new = NULL;
-
- /* use key that is larger than digest algorithms (64) for key size */
- buff = malloc(size);
- if (buff == NULL)
- return (NULL);
- /* do not memset the allocated memory to get random bytes there */
- /* time of day is somewhat random expecialy in the last bytes */
- gettimeofday((struct timeval *) &buff[n], NULL);
- n += sizeof(struct timeval);
-
-/* get some semi random stuff in here stir it with micro seconds */
- if (n < size) {
- temp = dst_s_quick_random((int) buff[n - 1]);
- memcpy(&buff[n], &temp, sizeof(temp));
- n += sizeof(temp);
- }
-/* get the pid of this process and its parent */
- if (n < size) {
- temp = (int) getpid();
- memcpy(&buff[n], &temp, sizeof(temp));
- n += sizeof(temp);
- }
- if (n < size) {
- temp = (int) getppid();
- memcpy(&buff[n], &temp, sizeof(temp));
- n += sizeof(temp);
- }
-/* get the user ID */
- if (n < size) {
- temp = (int) getuid();
- memcpy(&buff[n], &temp, sizeof(temp));
- n += sizeof(temp);
- }
-#ifndef GET_HOST_ID_MISSING
- if (n < size) {
- temp = (int) gethostid();
- memcpy(&buff[n], &temp, sizeof(temp));
- n += sizeof(temp);
- }
-#endif
-/* get some more random data */
- if (n < size) {
- temp = dst_s_quick_random((int) buff[n - 1]);
- memcpy(&buff[n], &temp, sizeof(temp));
- n += sizeof(temp);
- }
-/* covert this into a HMAC key */
- new_key = dst_buffer_to_key("", KEY_HMAC_MD5, 0, 0, buff, size);
- SAFE_FREE(buff);
-
-/* get the control structure */
- if ((new = malloc(sizeof(prand_hash))) == NULL)
- return (NULL);
- new->digested = new->curr = 0;
- new->step = step;
- new->block = block;
- new->key = new_key;
- if (dst_sign_data(SIG_MODE_INIT, new_key, &new->ctx, NULL, 0, NULL, 0))
- return (NULL);
-
- return (new);
-}
-
-/*
- * own_random()
- * This function goes out and from various sources tries to generate enough
- * semi random data that a hash function can generate a random data.
- * This function will iterate between the two main random source sources,
- * information from programs and directores in random order.
- * This function return the number of bytes added to the random output buffer.
- */
-static int
-own_random(dst_work *work)
-{
- int dir = 0, b;
- int bytes, n, cmd = 0, dig = 0;
- int start =0;
-/*
- * now get the initial seed to put into the quick random function from
- * the address of the work structure
- */
- bytes = (int) getpid();
-/*
- * proceed while needed
- */
- while (work->filled < work->needed) {
- EREPORT(("own_random r %08x b %6d t %6d f %6d\n",
- ran_val, bytes, work->in_temp, work->filled));
-/* pick a random number in the range of 0..7 based on that random number
- * perform some operations that yield random data
- */
- start = work->filled;
- n = (dst_s_quick_random(bytes) >> DST_SHIFT) & 0x07;
- switch (n) {
- case 0:
- case 3:
- if (sizeof(cmds) > 2 *sizeof(*cmds)) {
- b = unix_cmd(work);
- cmd += b;
- }
- break;
-
- case 1:
- case 7:
- if (sizeof(dirs) > 2 *sizeof(*dirs)) {
- b = do_ls(work);
- dir += b;
- }
- break;
-
- case 4:
- case 5:
- /* retry getting data from /dev/random */
- b = get_dev_random(&work->output[work->filled],
- work->needed - work->filled);
- if (b > 0)
- work->filled += b;
- break;
-
- case 6:
- if (sizeof(files) > 2 * sizeof(*files)) {
- b = digest_file(work);
- dig += b;
- }
- break;
-
- case 2:
- default: /* to make sure we make some progress */
- work->output[work->filled++] = 0xff &
- dst_s_quick_random(bytes);
- b = 1;
- break;
- }
- if (b > 0)
- bytes += b;
- }
- return (work->filled);
-}
-
-
-/*
- * dst_s_random() This function will return the requested number of bytes
- * of randomness to the caller it will use the best available sources of
- * randomness.
- * The current order is to use /dev/random, precalculated randomness, and
- * finaly use some system calls and programs to generate semi random data that
- * is then digested to generate randomness.
- * This function is thread safe as each thread uses its own context, but
- * concurrent treads will affect each other as they update shared state
- * information.
- * It is strongly recommended that this function be called requesting a size
- * that is not a multiple of the output of the hash function used.
- *
- * If /dev/random is not available this function is not suitable to generate
- * large ammounts of data, rather it is suitable to seed a pseudo-random
- * generator
- * Returns the number of bytes put in the output buffer
- */
-int
-dst_s_random(u_char *output, int size)
-{
- int n = 0, s, i;
- static u_char old_unused[DST_HASH_SIZE * DST_NUM_HASHES];
- static int unused = 0;
-
- if (size <= 0 || output == NULL)
- return (0);
-
- if (size >= 2048)
- return (-1);
- /*
- * Read from /dev/random
- */
- n = get_dev_random(output, size);
- /*
- * If old data is available and needed use it
- */
- if (n < size && unused > 0) {
- int need = size - n;
- if (unused <= need) {
- memcpy(output, old_unused, unused);
- n += unused;
- unused = 0;
- } else {
- memcpy(output, old_unused, need);
- n += need;
- unused -= need;
- memcpy(old_unused, &old_unused[need], unused);
- }
- }
- /*
- * If we need more use the simulated randomness here.
- */
- if (n < size) {
- dst_work *my_work = (dst_work *) malloc(sizeof(dst_work));
- if (my_work == NULL)
- return (n);
- my_work->needed = size - n;
- my_work->filled = 0;
- my_work->output = (u_char *) malloc(my_work->needed +
- DST_HASH_SIZE *
- DST_NUM_HASHES);
- my_work->file_digest = NULL;
- if (my_work->output == NULL)
- return (n);
- memset(my_work->output, 0x0, my_work->needed);
-/* allocate upto 4 different HMAC hash functions out of order */
-#if DST_NUM_HASHES >= 3
- my_work->hash[2] = get_hmac_key(3, DST_RANDOM_BLOCK_SIZE / 2);
-#endif
-#if DST_NUM_HASHES >= 2
- my_work->hash[1] = get_hmac_key(7, DST_RANDOM_BLOCK_SIZE / 6);
-#endif
-#if DST_NUM_HASHES >= 4
- my_work->hash[3] = get_hmac_key(5, DST_RANDOM_BLOCK_SIZE / 4);
-#endif
- my_work->hash[0] = get_hmac_key(1, DST_RANDOM_BLOCK_SIZE);
- if (my_work->hash[0] == NULL) /* if failure bail out */
- return (n);
- s = own_random(my_work);
-/* if more generated than needed store it for future use */
- if (s >= my_work->needed) {
- EREPORT(("dst_s_random(): More than needed %d >= %d\n",
- s, my_work->needed));
- memcpy(&output[n], my_work->output, my_work->needed);
- n += my_work->needed;
- /* saving unused data for next time */
- unused = s - my_work->needed;
- memcpy(old_unused, &my_work->output[my_work->needed],
- unused);
- } else {
- /* XXXX This should not happen */
- EREPORT(("Not enough %d >= %d\n", s, my_work->needed));
- memcpy(&output[n], my_work->output, s);
- n += my_work->needed;
- }
-
-/* delete the allocated work area */
- for (i = 0; i < DST_NUM_HASHES; i++) {
- dst_free_key(my_work->hash[i]->key);
- SAFE_FREE(my_work->hash[i]);
- }
- SAFE_FREE(my_work->output);
- SAFE_FREE(my_work);
- }
- return (n);
-}
-
-/*
- * A random number generator that is fast and strong
- * this random number generator is based on HASHing data,
- * the input to the digest function is a collection of <NUMBER_OF_COUNTERS>
- * counters that is incremented between digest operations
- * each increment operation amortizes to 2 bits changed in that value
- * for 5 counters thus the input will amortize to have 10 bits changed
- * The counters are initaly set using the strong random function above
- * the HMAC key is selected by the same methold as the HMAC keys for the
- * strong random function.
- * Each set of counters is used for 2^25 operations
- *
- * returns the number of bytes written to the output buffer
- * or negative number in case of error
- */
-int
-dst_s_semi_random(u_char *output, int size)
-{
- static u_int32_t counter[DST_NUMBER_OF_COUNTERS];
- static u_char semi_old[DST_HASH_SIZE];
- static int semi_loc = 0, cnt = 0, hb_size = 0;
- static DST_KEY *my_key = NULL;
- prand_hash *hash;
- int out = 0, i, n;
-
- if (output == NULL || size <= 0)
- return (-2);
-
-/* check if we need a new key */
- if (my_key == NULL || cnt > (1 << 25)) { /* get HMAC KEY */
- if (my_key)
- my_key->dk_func->destroy(my_key);
- if ((hash = get_hmac_key(1, DST_RANDOM_BLOCK_SIZE)) == NULL)
- return (0);
- my_key = hash->key;
-/* check if the key works stir the new key using some old random data */
- hb_size = dst_sign_data(SIG_MODE_ALL, my_key, NULL,
- (u_char *) counter, sizeof(counter),
- semi_old, sizeof(semi_old));
- if (hb_size <= 0) {
- EREPORT(("dst_s_semi_random() Sign of alg %d failed %d\n",
- my_key->dk_alg, hb_size));
- return (-1);
- }
-/* new set the counters to random values */
- dst_s_random((u_char *) counter, sizeof(counter));
- cnt = 0;
- }
-/* if old data around use it first */
- if (semi_loc < hb_size) {
- if (size <= hb_size - semi_loc) { /* need less */
- memcpy(output, &semi_old[semi_loc], size);
- semi_loc += size;
- return (size); /* DONE */
- } else {
- out = hb_size - semi_loc;
- memcpy(output, &semi_old[semi_loc], out);
- semi_loc += out;
- }
- }
-/* generate more randome stuff */
- while (out < size) {
- /*
- * modify at least one bit by incrementing at least one counter
- * based on the last bit of the last counter updated update
- * the next one.
- * minimaly this operation will modify at least 1 bit,
- * amortized 2 bits
- */
- for (n = 0; n < DST_NUMBER_OF_COUNTERS; n++)
- i = (int) counter[n]++;
-
- i = dst_sign_data(SIG_MODE_ALL, my_key, NULL,
- (u_char *) counter, hb_size,
- semi_old, sizeof(semi_old));
-#ifdef REPORT_ERRORS
- if (i != hb_size)
- EREPORT(("HMAC SIGNATURE FAILURE %d\n", i));
-#endif
- cnt++;
- if (size - out < i) /* Not all data is needed */
- semi_loc = i = size - out;
- memcpy(&output[out], semi_old, i);
- out += i;
- }
- return (out);
-}
+++ /dev/null
-#ifdef RSAREF
-static const char rcsid[] = "$Header: /u0/home/explorer/proj/ISC/git-conversion/cvsroot/bind9/lib/bind/dst/Attic/rsaref_link.c,v 1.1 2001/03/29 06:31:33 marka Exp $";
-
-/*
- * Portions Copyright (c) 1995-1998 by Trusted Information Systems, Inc.
- *
- * Permission to use, copy modify, and distribute this software for any
- * purpose with or without fee is hereby granted, provided that the above
- * copyright notice and this permission notice appear in all copies.
- *
- * THE SOFTWARE IS PROVIDED "AS IS" AND TRUSTED INFORMATION SYSTEMS
- * DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL
- * TRUSTED INFORMATION SYSTEMS BE LIABLE FOR ANY SPECIAL, DIRECT,
- * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING
- * FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT,
- * NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION
- * WITH THE USE OR PERFORMANCE OF THE SOFTWARE.
- */
-
-/*
- * This file contains two components
- * 1. Interface to the rsaref library to allow compilation when RSAREF is
- * not available all calls to RSAREF are contained inside this file.
- * 2. The glue to connvert RSA{REF} KEYS to and from external formats
- */
-#include "port_before.h"
-
-#include <stdio.h>
-#include <unistd.h>
-#include <stdlib.h>
-#include <string.h>
-#include <memory.h>
-#include <sys/param.h>
-#include <sys/time.h>
-#include <netinet/in.h>
-
-#include "dst_internal.h"
-
-# ifdef __STDC__
-# define PROTOTYPES 1
-# else
-# define PROTOTYPES 0
-# endif
-
-# include <global.h>
-# include <rsaref.h>
-
-#include "port_after.h"
-
-
-typedef struct rsakey {
- char *rk_signer;
- R_RSA_PRIVATE_KEY *rk_Private_Key;
- R_RSA_PUBLIC_KEY *rk_Public_Key;
-} RSA_Key;
-
-
-static int dst_rsaref_sign(const int mode, DST_KEY *key, void **context,
- const u_char *data, const int len,
- u_char *signature, const int sig_len);
-static int dst_rsaref_verify(const int mode, DST_KEY *key, void **context,
- const u_char *data, const int len,
- const u_char *signature, const int sig_len);
-
-static int dst_rsaref_to_dns_key(const DST_KEY *public, u_char *out_str,
- const int out_len);
-static int dst_rsaref_from_dns_key(DST_KEY *s_key, const u_char *key,
- const int len);
-
-static int dst_rsaref_key_to_file_format(const DST_KEY *dkey,
- u_char *buff,
- const int buff_len);
-static int dst_rsaref_key_from_file_format(DST_KEY *dkey,
- const u_char *buff,
- const int buff_len);
-
-static int dst_rsaref_compare_keys(const DST_KEY *rkey1,
- const DST_KEY *rkey2);
-static void *dst_rsaref_free_key_structure(void *d_key);
-
-static int dst_rsaref_generate_keypair(DST_KEY *key, const int exp);
-
-static void dst_rsaref_init_random_struct(R_RANDOM_STRUCT * randomstruct);
-
-/*
- * dst_rsaref_init() Function to answer set up function pointers for RSAREF
- * related functions
- */
-int
-dst_rsaref_init()
-{
- if (dst_t_func[KEY_RSA] != NULL)
- return (1);
- dst_t_func[KEY_RSA] = malloc(sizeof(struct dst_func));
- if (dst_t_func[KEY_RSA] == NULL)
- return (0);
- memset(dst_t_func[KEY_RSA], 0, sizeof(struct dst_func));
- dst_t_func[KEY_RSA]->sign = dst_rsaref_sign;
- dst_t_func[KEY_RSA]->verify = dst_rsaref_verify;
- dst_t_func[KEY_RSA]->compare = dst_rsaref_compare_keys;
- dst_t_func[KEY_RSA]->generate = dst_rsaref_generate_keypair;
- dst_t_func[KEY_RSA]->destroy = dst_rsaref_free_key_structure;
- dst_t_func[KEY_RSA]->to_dns_key = dst_rsaref_to_dns_key;
- dst_t_func[KEY_RSA]->from_dns_key = dst_rsaref_from_dns_key;
- dst_t_func[KEY_RSA]->to_file_fmt = dst_rsaref_key_to_file_format;
- dst_t_func[KEY_RSA]->from_file_fmt = dst_rsaref_key_from_file_format;
- return (1);
-}
-
-/*
- * dst_rsa_sign
- * Call RSAREF signing functions to sign a block of data.
- * There are three steps to signing, INIT (initialize structures),
- * UPDATE (hash (more) data), FINAL (generate a signature). This
- * routine performs one or more of these steps.
- * Parameters
- * mode SIG_MODE_INIT, SIG_MODE_UPDATE and/or SIG_MODE_FINAL.
- * key pointer to a RSA key structure that points to public key
- * and context to use.
- * data data to be signed.
- * len length in bytes of data.
- * signature location to store signature.
- * sig_len size of the signature storage area
- * returns
- * N Success on SIG_MODE_FINAL = returns signature length in bytes
- * 0 Success on SIG_MODE_INIT and UPDATE
- * <0 Failure
- */
-
-
-static int
-dst_rsaref_sign(const int mode, DST_KEY *dkey, void **context,
- const u_char *data, const int len,
- u_char *signature, const int sig_len)
-{
- int sign_len = 0;
- R_SIGNATURE_CTX *ctx = NULL;
-
- if (mode & SIG_MODE_INIT)
- ctx = malloc(sizeof(*ctx));
- else if (context)
- ctx = (R_SIGNATURE_CTX *) *context;
- if (ctx == NULL)
- return (-1);
-
- if ((mode & SIG_MODE_INIT) && R_SignInit(ctx, DA_MD5))
- return (SIGN_INIT_FAILURE);
-
- /* equivalent of SIG_MODE_UPDATE */
- if ((mode & SIG_MODE_UPDATE) && (data && len > 0) &&
- R_SignUpdate(ctx, (u_char *) data, len))
- return (SIGN_UPDATE_FAILURE);
-
- if (mode & SIG_MODE_FINAL) {
- RSA_Key *key = (RSA_Key *) dkey->dk_KEY_struct;
- if (signature == NULL ||
- sig_len < (int)(key->rk_Public_Key->bits + 7) / 8)
- return (SIGN_FINAL_FAILURE);
- if(key == NULL || key->rk_Private_Key == NULL)
- return (-1);
- if (R_SignFinal(ctx, signature, &sign_len,
- key->rk_Private_Key))
- return (SIGN_FINAL_FAILURE);
- SAFE_FREE(ctx);
- }
- else {
- if (context == NULL)
- return (-1);
- *context = (void *) ctx;
- }
- return (sign_len);
-}
-
-
-/*
- * dst_rsaref_verify()
- * Calls RSAREF verification routines. There are three steps to
- * verification, INIT (initialize structures), UPDATE (hash (more) data),
- * FINAL (generate a signature). This routine performs one or more of
- * these steps.
- * Parameters
- * mode SIG_MODE_INIT, SIG_MODE_UPDATE and/or SIG_MODE_FINAL.
- * key pointer to a RSA key structure that points to public key
- * and context to use.
- * data data signed.
- * len length in bytes of data.
- * signature signature.
- * sig_len length in bytes of signature.
- * returns
- * 0 Success
- * <0 Failure
- */
-
-static int
-dst_rsaref_verify(const int mode, DST_KEY *dkey, void **context,
- const u_char *data, const int len,
- const u_char *signature, const int sig_len)
-{
- R_SIGNATURE_CTX *ctx = NULL;
-
- if (mode & SIG_MODE_INIT)
- ctx = malloc(sizeof(*ctx));
- else if (context)
- ctx = (R_SIGNATURE_CTX *) *context;
- if (ctx == NULL)
- return (-1);
-
- if ((mode & SIG_MODE_INIT) && R_VerifyInit(ctx, DA_MD5))
- return (VERIFY_INIT_FAILURE);
-
- if ((mode & SIG_MODE_UPDATE) && (data && len > 0) &&
- R_VerifyUpdate(ctx, (u_char *) data, len))
- return (VERIFY_UPDATE_FAILURE);
-
- if ((mode & SIG_MODE_FINAL)) {
- RSA_Key *key = (RSA_Key *) dkey->dk_KEY_struct;
-
- if (key == NULL || key->rk_Public_Key == NULL)
- return (-1);
- if (signature == NULL || sig_len <= 0)
- return (VERIFY_FINAL_FAILURE);
- if (R_VerifyFinal(ctx, (u_char *) signature, sig_len,
- key->rk_Public_Key))
- return (VERIFY_FINAL_FAILURE);
- }
- else {
- if (context == NULL)
- return (-1);
- *context = (void *) ctx;
- }
-
- return (0);
-}
-
-
-/*
- * dst_rsaref_to_dns_key
- * Converts key in RSAREF to DNS distribution format
- * This function gets in a pointer to the public key and a work area
- * to write the key into.
- * Parameters
- * public KEY structure
- * out_str buffer to write encoded key into
- * out_len size of out_str
- * Return
- * N >= 0 length of encoded key
- * n < 0 error
- */
-
-static int
-dst_rsaref_to_dns_key(const DST_KEY *in_key, u_char *out_str,
- const int out_len)
-{
- int n, loc;
- R_RSA_PUBLIC_KEY *public;
- u_char *op = (u_char *) out_str;
-
- if (in_key == NULL || in_key->dk_KEY_struct == NULL ||
- out_len <= 0 || out_str == NULL)
- return (-1);
- public = (R_RSA_PUBLIC_KEY *)
- ((RSA_Key *) in_key->dk_KEY_struct)->rk_Public_Key;
- if (public == NULL)
- return (-1);
-
- memset(op, 0, out_len);
-
- /* find first non zero */
- for (n = 0; public->exponent[n] == 0x0; n++) ;
-
- n = (MAX_RSA_MODULUS_LEN - n); /* find lenght of exponent */
- *op++ = (u_int8_t) n;
-
- if (n > (out_len - (op-out_str)))
- return (-1);
- memcpy(op, &public->exponent[MAX_RSA_MODULUS_LEN - n], n);
- op += n;
- n++; /* include the lenght field in this count */
-
- /* find first non zero */
- for (loc = 0; public->modulus[loc] == 0x0; loc++) ;
-
- /*copy exponent */
- if ((MAX_RSA_MODULUS_LEN - loc) > (out_len - (op-out_str)))
- return (-1);
- memcpy(op, &public->modulus[loc], MAX_RSA_MODULUS_LEN - loc);
- n += (MAX_RSA_MODULUS_LEN - loc);
- return (n);
-}
-
-
-/*
- * dst_rsaref_from_dns_key
- * Converts from a DNS KEY RR format to an RSA KEY.
- * Parameters
- * len Length in bytes of DNS key
- * key DNS key
- * name Key name
- * s_key DST structure that will point to the RSA key this routine
- * will build.
- * Return
- * -1 The input key has fields that are larger than this package supports
- * 0 The input key, s_key or name was null.
- * 1 Success
- */
-static int
-dst_rsaref_from_dns_key(DST_KEY *s_key, const u_char *key, const int len)
-{
- int bytes;
- u_char *key_ptr;
- RSA_Key *r_key;
-
- if (key == NULL || s_key == NULL || len < 0)
- return (0);
-
- if (s_key->dk_KEY_struct) { /* do not reuse */
- dst_rsaref_free_key_structure(s_key->dk_KEY_struct);
- s_key->dk_KEY_struct = NULL;
- }
- if (len == 0) /* null key no conversion needed */
- return (1);
-
- if ((r_key = (RSA_Key *) malloc(sizeof(RSA_Key))) == NULL) {
- EREPORT(("dst_rsaref_from_dns_key(): Memory allocation error 1\n"));
- return (0);
- }
- memset(r_key, 0, sizeof(RSA_Key));
- s_key->dk_KEY_struct = (void *) r_key;
- r_key->rk_signer = strdup(s_key->dk_key_name);
- r_key->rk_Public_Key = (R_RSA_PUBLIC_KEY *)
- malloc(sizeof(R_RSA_PUBLIC_KEY));
- if (r_key->rk_Public_Key == NULL) {
- EREPORT(("dst_rsaref_from_dns_key(): Memory allocation error 3\n"));
- return (0);
- }
- memset(r_key->rk_Public_Key, 0, sizeof(R_RSA_PUBLIC_KEY));
- key_ptr = (u_char *) key;
- bytes = (int) *key_ptr++; /* length of exponent in bytes */
- if (bytes == 0) { /* special case for long exponents */
- bytes = (int) dst_s_get_int16(key_ptr);
- key_ptr += sizeof(u_int16_t);
- }
- if (bytes > MAX_RSA_MODULUS_LEN) {
- dst_rsaref_free_key_structure(r_key);
- return (-1);
- }
- memcpy(&r_key->rk_Public_Key->exponent[MAX_RSA_MODULUS_LEN - bytes],
- key_ptr, bytes);
-
- key_ptr += bytes; /* beginning of modulus */
- bytes = len - bytes - 1; /* length of modulus */
- if (bytes > MAX_RSA_MODULUS_LEN) {
- dst_rsaref_free_key_structure(r_key);
- return (-1);
- }
- memcpy(&r_key->rk_Public_Key->modulus[MAX_RSA_MODULUS_LEN - bytes],
- key_ptr, bytes);
- r_key->rk_Public_Key->bits = bytes * 8;
- s_key->dk_id = (u_int16_t) dst_s_get_int16((u_char *)
- &r_key->rk_Public_Key->modulus[MAX_RSA_MODULUS_LEN - 3]);
- s_key->dk_key_size = r_key->rk_Public_Key->bits;
-
- return (1);
-}
-
-
-/*
- * dst_rsaref_key_to_file_format
- * Encodes an RSA Key into the portable file format.
- * Parameters
- * rkey RSA KEY structure
- * buff output buffer
- * buff_len size of output buffer
- * Return
- * 0 Failure - null input rkey
- * -1 Failure - not enough space in output area
- * N Success - Length of data returned in buff
- */
-
-static int
-dst_rsaref_key_to_file_format(const DST_KEY *in_key, u_char *buff,
- const int buff_len)
-{
- u_char *bp;
- int len, b_len;
- R_RSA_PRIVATE_KEY *rkey;
-
- if (in_key == NULL || in_key->dk_KEY_struct == NULL)
- return (-1);
- rkey = (R_RSA_PRIVATE_KEY *)
- ((RSA_Key *) in_key->dk_KEY_struct)->rk_Private_Key;
- if (rkey == NULL) /* no output */
- return (0);
- if (buff == NULL || buff_len <= (int) strlen(key_file_fmt_str))
- return (-1); /* no OR not enough space in output area */
-
- memset(buff, 0, buff_len); /* just in case */
- /* write file header */
- sprintf(buff, key_file_fmt_str, KEY_FILE_FORMAT, KEY_RSA, "RSA");
-
- bp = (char *) strchr(buff, '\0');
- b_len = buff_len - (bp - buff);
- if ((len = dst_s_conv_bignum_u8_to_b64(bp, b_len, "Modulus: ",
- rkey->modulus,
- MAX_RSA_MODULUS_LEN)) <= 0)
- return (-1);
-
- bp += len;
- b_len -= len;
- if ((len = dst_s_conv_bignum_u8_to_b64(bp, b_len, "PublicExponent: ",
- rkey->publicExponent,
- MAX_RSA_MODULUS_LEN)) <= 0)
- return (-2);
- bp += len;
- b_len -= len;
- if ((len = dst_s_conv_bignum_u8_to_b64(bp, b_len, "PrivateExponent: ",
- rkey->exponent,
- MAX_RSA_MODULUS_LEN)) <= 0)
- return (-3);
- bp += len;
- b_len -= len;
- if ((len = dst_s_conv_bignum_u8_to_b64(bp, b_len, "Prime1: ",
- rkey->prime[0],
- MAX_RSA_PRIME_LEN)) < 0)
- return (-4);
- bp += len;
- b_len -= len;
- if ((len = dst_s_conv_bignum_u8_to_b64(bp, b_len, "Prime2: ",
- rkey->prime[1],
- MAX_RSA_PRIME_LEN)) < 0)
- return (-5);
- bp += len;
- b_len -= len;
- if ((len = dst_s_conv_bignum_u8_to_b64(bp, b_len, "Exponent1: ",
- rkey->primeExponent[0],
- MAX_RSA_PRIME_LEN)) < 0)
- return (-6);
- bp += len;
- b_len -= len;
- if ((len = dst_s_conv_bignum_u8_to_b64(bp, b_len, "Exponent2: ",
- rkey->primeExponent[1],
- MAX_RSA_PRIME_LEN)) < 0)
- return (-7);
- bp += len;
- b_len -= len;
- if ((len = dst_s_conv_bignum_u8_to_b64(bp, b_len, "Coefficient: ",
- rkey->coefficient,
- MAX_RSA_PRIME_LEN)) < 0)
- return (-8);
- bp += len;
- b_len -= len;
- return (buff_len - b_len);
-}
-
-
-/*
- * dst_rsaref_key_from_file_format
- * Converts contents of a private key file into a private RSA key.
- * Parameters
- * r_key structure to put key into
- * buff buffer containing the encoded key
- * buff_len the length of the buffer
- * Return
- * n >= 0 Foot print of the key converted
- * n < 0 Error in conversion
- */
-
-static int
-dst_rsaref_key_from_file_format(DST_KEY *d_key, const u_char *buff,
- const int buff_len)
-{
- const char *p = (char *) buff;
- R_RSA_PRIVATE_KEY key;
- int foot = -1;
- RSA_Key *r_key;
-
- if (d_key == NULL || buff == NULL || buff_len < 0)
- return (-1);
-
- memset(&key, 0, sizeof(key));
-
- if (!dst_s_verify_str(&p, "Modulus: "))
- return (-3);
-
- if (!dst_s_conv_bignum_b64_to_u8(&p, key.modulus, MAX_RSA_MODULUS_LEN))
- return (-4);
-
- key.bits = dst_s_calculate_bits(key.modulus, MAX_RSA_MODULUS_BITS);
-
- while (*++p && p < (char *) &buff[buff_len]) {
- if (dst_s_verify_str(&p, "PublicExponent: ")) {
- if (!dst_s_conv_bignum_b64_to_u8(&p,
- key.publicExponent,
- MAX_RSA_MODULUS_LEN))
- return (-5);
- } else if (dst_s_verify_str(&p, "PrivateExponent: ")) {
- if (!dst_s_conv_bignum_b64_to_u8(&p, key.exponent,
- MAX_RSA_MODULUS_LEN))
- return (-6);
- } else if (dst_s_verify_str(&p, "Prime1: ")) {
- if (!dst_s_conv_bignum_b64_to_u8(&p, key.prime[0],
- MAX_RSA_PRIME_LEN))
- return (-7);
- } else if (dst_s_verify_str(&p, "Prime2: ")) {
- if (!dst_s_conv_bignum_b64_to_u8(&p, key.prime[1],
- MAX_RSA_PRIME_LEN))
- return (-8);
- } else if (dst_s_verify_str(&p, "Exponent1: ")) {
- if (!dst_s_conv_bignum_b64_to_u8(&p,
- key.primeExponent[0],
- MAX_RSA_PRIME_LEN))
- return (-9);
- } else if (dst_s_verify_str(&p, "Exponent2: ")) {
- if (!dst_s_conv_bignum_b64_to_u8(&p,
- key.primeExponent[1],
- MAX_RSA_PRIME_LEN))
- return (-10);
- } else if (dst_s_verify_str(&p, "Coefficient: ")) {
- if (!dst_s_conv_bignum_b64_to_u8(&p, key.coefficient,
- MAX_RSA_PRIME_LEN))
- return (-11);
- } else {
- EREPORT(("dst_rsaref_key_from_file_format: Bad keyword %s\n", p));
- return (-12);
- }
- } /* while p */
-
- r_key = (RSA_Key *) malloc(sizeof(RSA_Key));
- if (r_key == NULL) {
- return (-2);
- }
- memset(r_key, 0, sizeof(*r_key));
-
- r_key->rk_Private_Key =
- (R_RSA_PRIVATE_KEY *) malloc(sizeof(R_RSA_PRIVATE_KEY));
- if (r_key->rk_Private_Key == NULL) {
- EREPORT(("dst_rsaref_key_from_file_format: Memory allocation error\n"));
- return (-13);
- }
- r_key->rk_Public_Key = (R_RSA_PUBLIC_KEY *) r_key->rk_Private_Key;
- memcpy(r_key->rk_Private_Key, &key, sizeof(R_RSA_PRIVATE_KEY));
-
- r_key->rk_signer = strdup(d_key->dk_key_name);
- d_key->dk_KEY_struct = (void *) r_key;
- d_key->dk_key_size = r_key->rk_Private_Key->bits;
- d_key->dk_id = (u_int16_t) dst_s_get_int16((u_char *)
- &r_key->rk_Public_Key->modulus[MAX_RSA_MODULUS_LEN - 3]);
- foot = (int) d_key->dk_id;
- return (foot);
-}
-
-
-
-/*
- * dst_rsaref_compare_keys
- * Compare two keys for equality.
- * Return
- * 0 The keys are equal
- * NON-ZERO The keys are not equal
- */
-
-static int
-dst_rsaref_compare_keys(const DST_KEY *dkey1, const DST_KEY *dkey2)
-{
- RSA_Key *rkey1 = (RSA_Key *) dkey1->dk_KEY_struct;
- RSA_Key *rkey2 = (RSA_Key *) dkey2->dk_KEY_struct;
-
- if (rkey1 == NULL && rkey2 == NULL)
- return (0); /* same */
- else if (rkey1 == NULL)
- return (1);
- else if (rkey2 == NULL)
- return (2);
- return (memcmp(rkey1->rk_Public_Key, rkey2->rk_Public_Key,
- sizeof(R_RSA_PUBLIC_KEY)));
-}
-
-/*
- * dst_rsaref_generate_keypair
- * Generates unique keys that are hard to predict.
- * Parameters
- * key generic Key structure
- * exp the public exponent
- * Return
- * 0 Failure
- * 1 Success
- */
-
-static int
-dst_rsaref_generate_keypair(DST_KEY *key, const int exp)
-{
- R_RSA_PUBLIC_KEY *public;
- R_RSA_PRIVATE_KEY *private;
- R_RSA_PROTO_KEY proto;
- R_RANDOM_STRUCT randomStruct;
- RSA_Key *rsa;
- int status;
-
- if (key == NULL || key->dk_alg != KEY_RSA)
- return (0);
- if (key->dk_key_size < MIN_RSA_MODULUS_BITS ||
- key->dk_key_size > MAX_RSA_MODULUS_BITS) {
- EREPORT(("dst_rsaref_generate_keypair: Invalid key size\n"));
- return (0); /* these are the limits on key size in RSAREF */
- }
- /* allocate space */
- if ((public = (R_RSA_PUBLIC_KEY *) malloc(sizeof(R_RSA_PUBLIC_KEY)))
- == NULL) {
- EREPORT(("dst_rsaref_generate_keypair: Memory allocation error 1\n"));
- return (0);
- }
- if ((private = (R_RSA_PRIVATE_KEY *) malloc(sizeof(R_RSA_PRIVATE_KEY)))
- == NULL) {
- EREPORT(("dst_rsaref_generate_keypair: Memory allocation error 2\n"));
- return (0);
- }
- if ((rsa = (RSA_Key *) malloc(sizeof(RSA_Key))) == NULL) {
- EREPORT(("dst_rsaref_generate_keypair: Memory allocation error 3\n"));
- return (0);
- }
- memset(public, 0, sizeof(*public));
- memset(private, 0, sizeof(*private));
-
- proto.bits = key->dk_key_size;
- proto.useFermat4 = exp ? 0x1 : 0x0; /* 1 for f4=65537, 0 for f0=3 */
- EREPORT(("\ndst_rsaref_generate_keypair: Generating KEY for %s Please wait\n",
- key->dk_key_name));
-
- /* set up random seed */
- dst_rsaref_init_random_struct(&randomStruct);
-
- /* generate keys */
- status = R_GeneratePEMKeys(public, private, &proto, &randomStruct);
- if (status) {
- EREPORT(("dst_rsaref_generate_keypair: No Key Pair generated %d\n",
- status));
- SAFE_FREE(public);
- SAFE_FREE(private);
- SAFE_FREE(rsa);
- return (0);
- }
- memset(rsa, 0, sizeof(*rsa));
- rsa->rk_signer = key->dk_key_name;
- rsa->rk_Private_Key = private;
- rsa->rk_Public_Key = public;
- key->dk_KEY_struct = (void *) rsa;
-
- key->dk_id = (u_int16_t) dst_s_get_int16((u_char *)
- &rsa->rk_Public_Key->modulus[MAX_RSA_MODULUS_LEN - 3]);
- return (1);
-}
-
-
-/*
- * dst_rsaref_free_key_structure
- * Frees all dynamicly allocated structures in r_key
- */
-
-static void *
-dst_rsaref_free_key_structure(void *v_key)
-{
- RSA_Key *r_key = (RSA_Key *) v_key;
-
- if (r_key != NULL) {
- if ((void *) r_key->rk_Private_Key == (void *) r_key->rk_Public_Key)
- r_key->rk_Public_Key = NULL;
- SAFE_FREE(r_key->rk_Private_Key);
- SAFE_FREE(r_key->rk_Public_Key);
- SAFE_FREE(r_key->rk_signer);
- SAFE_FREE(r_key);
- }
- return (NULL);
-}
-
-
-/*
- * dst_rsaref_init_random_struct
- * A random seed value is used in key generation.
- * This routine gets a bunch of system values to randomize the
- * randomstruct. A number of system calls are used to get somewhat
- * unpredicable values, then a special function dst_s_prandom() is called
- * that will do some magic depending on the system used.
- * If this function is executed on reasonably busy machine then the values
- * that prandom uses are hard to
- * 1. Predict
- * 2. Regenerate
- * 3. Hard to spy on as nothing is stored to disk and data is consumed
- * as fast as it is generated.
- */
-
-static void
-dst_rsaref_init_random_struct(R_RANDOM_STRUCT * randomstruct)
-{
- unsigned bytesNeeded;
- struct timeval tv;
- u_char *array;
- int n;
-
- R_RandomInit(randomstruct);
-
- /* The runtime of the script is unpredictable within some range
- * thus I'm getting the time of day again as this is an hard to guess
- * value and the number of characters of the output from the script is
- * hard to guess.
- * This must be the FIRST CALL
- */
- gettimeofday(&tv, 0);
- R_RandomUpdate(randomstruct, (u_char *) &tv,
- sizeof(struct timeval));
-
- /*
- * first find out how many bytes I need
- */
- R_GetRandomBytesNeeded(&bytesNeeded, randomstruct);
-
- /*
- * get a storage area for it addjust the area for the possible
- * side effects of digest functions writing out in blocks
- */
- array = (u_char *) malloc(bytesNeeded);
-
- /* extract the random data from /dev/random if present, generate
- * it if not present
- * first fill the buffer with semi random data
- * then fill as much as possible with good random data
- */
- n = dst_random(DST_RAND_SEMI, bytesNeeded, array);
- n += dst_random(DST_RAND_KEY, bytesNeeded, array);
- if (n <= bytesNeeded) {
- SAFE_FREE(array);
- return(0);
- }
-
- /* supply the random data (even if it is larger than requested) */
- R_RandomUpdate(randomstruct, array, bytesNeeded);
-
- SAFE_FREE(array);
-
- R_GetRandomBytesNeeded(&bytesNeeded, randomstruct);
- if (bytesNeeded) {
- EREPORT(("InitRandomStruct() didn't initialize enough randomness\n"));
- exit(33);
- }
-}
-
-
-#else
-#include "port_before.h"
-
-#include <stdio.h>
-#include <unistd.h>
-#include <stdlib.h>
-#include <string.h>
-#include <memory.h>
-#include <sys/param.h>
-#include <sys/time.h>
-#include <netinet/in.h>
-
-#include "dst_internal.h"
-#include "port_after.h"
-int /* rsaref is not available */
-dst_rsaref_init()
-{
- return (0);
-}
-#endif /* RSAREF */
int dst_sig_size(DST_KEY *key);
-int dst_random(const int mode, int wanted, u_char *outran);
-
-
/* support for dns key tags/ids */
u_int16_t dst_s_dns_key_id(const u_char *dns_key_rdata, const int rdata_len);
u_int16_t dst_s_id_calc(const u_char *key_data, const int key_len);
+++ /dev/null
-/* $Id: prand_conf.c,v 1.1 2001/03/29 06:30:30 marka Exp $
- *
- * Portions Copyright (c) 1995-1998 by TIS Labs at Network Assoociates Inc.
- * Portions Copyright (c) 1998-1998 by TIS Labs @ Network Associates Inc.
- *
- * Permission to use, copy modify, and distribute this software for any
- * purpose with or without fee is hereby granted, provided that the above
- * copyright notice and this permission notice appear in all copies.
- *
- * THE SOFTWARE IS PROVIDED "AS IS" AND NETWORK ASSOCIATES
- * DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL
- * TRUSTED INFORMATION SYSTEMS BE LIABLE FOR ANY SPECIAL, DIRECT,
- * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING
- * FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT,
- * NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION
- * WITH THE USE OR PERFORMANCE OF THE SOFTWARE.
- *
- * program to find where system commands reside
- * and what directores are avialable for inspection
- * this information is stored in the file prand_conf.h in current directory
- *
- * function my_find get variable number of arguments
- * the first argument is the name of the command
- * all remaining arguments are list of directories to search for the command in
- * this function returns the path to the command
- */
-
-#include <sys/stat.h>
-#include <unistd.h>
-#include <time.h>
-#include <stdio.h>
-#include <string.h>
-#include <errno.h>
-
-#define LINE_MAX 256
-
-static int
-my_find(const char *cmd, const char **dir)
-{
- unsigned int curr = 0, c_len, i;
- char cmd_line[LINE_MAX];
-
- memset(cmd_line, 0, sizeof(cmd_line));
- c_len = strlen(cmd);
- for (i = 0; dir[i]; i++) {
- curr = strlen(dir[i]);
- if (curr + c_len < sizeof(cmd_line)-3) {
- sprintf(cmd_line, "%s%s",dir[i], cmd);
- if (access(cmd_line, X_OK) == 0)
- return (i);
- memset(cmd_line, 0, c_len + curr + 2);
- }
- }
- return (0);
-}
-
-/*
- * function to simulate the ` ` operator in perl return the number
- * of bytes read from the pipe
- */
-static int
-pipe_run(char *cmd_line)
-{
- FILE *pd;
- char scratch[LINE_MAX];
- int ex, no_bytes = 0, no = 1;
-
- pd = popen(cmd_line, "r");
- for (; (pd != NULL) && (no > 0); no_bytes += no)
- no = fread(scratch, sizeof(char), sizeof(scratch), pd);
- ex = pclose(pd);
- return (no_bytes);
-}
-
-/*
- * function that executes a command with certain flags and checks that the
- * output is at least certain length
- * First parameter the command
- * Second parameter is ther flags
- * third parameter is the number of bytes required
- * output is 1 if the command works 0 if not
- * This function writes to the include file if
- */
-static int
-ex(FILE *fd, const char *path, const char *cmd, const char *arg,
- int lower_bound)
-{
- char line[LINE_MAX];
-
- if (strlen(path) + strlen(cmd) + strlen(arg) < sizeof(line)-7) {
- memset(line, 0, sizeof(line));
- sprintf(line, "%s%s %s 2>&1", path, cmd, arg);
- if (pipe_run(line) > lower_bound) {
- fprintf(fd,"\t\"%s\",\n", line);
- return (1);
- }
- }
- return (0);
-}
-
-int
-main()
-{
- extern int errno;
- FILE *fd;
- int res, vm, i;
- int ps, arp, net, dig, cmd;
-/*
- * set up list of directories where each command may be found in
- */
- const char *arp_path[] = {"/usr/sbin", "/sbin", "/usr/etc/", "/etc/",
- "/usr/bin/", NULL};
- const char *ps_path[] = {"/usr/bin", "/bin/", NULL};
- const char *net_path[] = {"/usr/ucb/", "/usr/bin/", "/usr/etc/",
- "/usr/sbin/", "/bin/", NULL};
- const char *dig_path[] = {"/usr/bin/", "/usr/local/bin/", NULL};
- const char **df_path = ps_path;
- const char *uptime_path[] = {"/usr/ucb/", "/usr/bin/", "/usr/bsd/", NULL};
- const char *iostat_path[] = { "/usr/bin/", "/bin/", "/usr/sbin/", NULL};
- const char *vmstat_path[] = {"/usr/ucb/", "/usr/bin/", "/usr/sbin/", NULL};
- const char *vm_stat_path[] = {"/usr/ucb/", "/usr/bin/", NULL};
- const char **w_path = uptime_path;
-
-/* find which directories exist */
- const char *dirs[] = {"/tmp", "/usr/tmp", "/var/tmp", ".", "/",
- "/var/spool", "/usr/spool",
- "/usr/adm", "/var/adm", "/dev",
- "/usr/mail", "/var/spool/mail", "/var/mail",
- "/home", "/usr/home", NULL};
-
- const char *files[] = {"/proc/stat", "/proc/rtc", "/proc/meminfo",
- "/proc/interrupts", "/proc/self/status",
- "/proc/self/maps", "/proc/curproc/status",
- "/proc/curproc/map",
- "/var/log/messages", "/var/log/wtmp",
- "/var/log/lastlog", "/var/adm/messages",
- "/var/adm/wtmp", "/var/adm/lastlog", NULL};
-
- struct stat st;
- time_t tim;
-/* main program: */
-
- if ((fd = fopen("prand_conf.h", "w")) == NULL) {
- perror("Failed creating file prand_conf.h");
- exit(errno);
- }
-
- fprintf(fd, "#ifndef _PRAND_CMD_H_\n#define _PRAND_CMD_H_\n\n");
-
- fprintf(fd, "static const char *cmds[] = {\n");
-
- if ((ps = my_find("ps", ps_path)) >= 0)
- res = ex(fd, ps_path[ps], "ps","-axlw", 460) ||
- ex(fd, ps_path[ps], "ps", "-ef", 300) ||
- ex(fd, ps_path[ps], "ps", "-ale", 300);
-
- if ((arp = my_find("arp", arp_path)) >= 0)
- res = ex(fd, arp_path[arp], "arp", "-n -a", 40);
-
- if ((net = my_find("netstat", net_path)) >= 0)
- res = ex(fd, net_path[net], "netstat", "-an", 1000);
- if ((cmd = my_find("df", df_path)) >= 0)
- res = ex(fd, df_path[cmd], "df", "", 40);
-
- if ((dig = my_find("dig", dig_path)) >= 0)
- res = ex(fd, dig_path[dig], "dig", "com. soa +ti=1 +retry=0",
- 100);
- if ((cmd = my_find("uptime", uptime_path)) >= 0)
- res = ex(fd, uptime_path[cmd], "uptime", "", 40);
- if ((cmd = my_find("printenv", uptime_path)) >= 0)
- res = ex(fd, uptime_path[cmd], "printenv", "", 400);
- if (net >= 0)
- res = ex(fd, net_path[net], "netstat", "-s", 1000);
-
- if (dig >= 0)
- res = ex(fd, net_path[net], "dig", ". soa +ti=1 +retry=0",100);
- if ((cmd = my_find("iostat", iostat_path)) >= 0)
- res = ex(fd, iostat_path[cmd], "iostat", "", 100);
-
- vm = 0;
- if ((cmd = my_find("vmstat", vmstat_path)))
- vm = ex(fd, vmstat_path[cmd], "vmstat", "", 200);
- if (vm ==0 && ((cmd = my_find("vm_stat", vm_stat_path)) >= 0))
- vm = ex(fd, vm_stat_path[cmd], "vm_stat", "", 200);
- if ((cmd = my_find("w", w_path)))
- res = ex(fd, w_path[cmd], "w", "", 100);
- fprintf(fd,"\tNULL\n};\n\n");
-
- fprintf(fd, "static const char *dirs[] = {\n");
-
- for (i=0; dirs[i]; i++) {
- if (lstat(dirs[i], &st) == 0)
- if (S_ISDIR(st.st_mode))
- fprintf(fd,"\t\"%s\",\n", dirs[i]);
- }
- fprintf(fd,"\tNULL\n};\n\n");
-
-
- fprintf(fd, "static const char *files[] = {\n");
- tim = time(NULL);
- for (i=0; files[i]; i++) {
- if (lstat(files[i],&st) == 0)
- if (S_ISREG(st.st_mode) &&
- (tim - st.st_mtime) < 84600)
- fprintf(fd,"\t\"%s\",\n", files[i]);
- }
- fprintf (fd, "\tNULL\n};\n");
-
- if ((stat("/dev/random", &st) == 0))
- if (S_ISCHR(st.st_mode))
- fprintf(fd, "\n#ifndef HAVE_DEV_RANDOM\n%s%s",
- "# define HAVE_DEV_RANDOM 1\n",
- "#endif /* HAVE_DEV_RANDOM */\n\n");
-
- fprintf(fd, "\n#endif /* _PRAND_CMD_H_ */\n");
- fclose(fd);
- exit (0);
-}
projects / thirdparty / bind9.git / commitdiff
